Administration

F-35 Joint Strike Fighter: DOD Needs to Update Modernization Schedule and Improve Data on Software Development

GAO - OIG -

What GAO Found The Department of Defense (DOD) delayed the completion of key testing until problems with the F-35 aircraft simulator are resolved, which GAO also reported last year, and will again delay its full-rate production decision. In August 2020, the program office determined the aircraft simulator—to be used to replicate complex test scenarios that could not be accomplished in real-world environment testing—did not fully represent F-35 capabilities and could not be used for further testing until fixed. Since then, program officials have been developing a new plan to ensure the simulator works as intended. Until they finalize the plan and fix the simulator, the next production milestone date—which would formally authorize DOD's transition from development to full production—remains undetermined (see figure). F-35 Operational Test Schedule and Key Events through 2021, as of November 2020 DOD is now in its third year of its modernization effort, known as Block 4, to upgrade the hardware and software of the aircraft. While DOD added another year to the schedule, GAO found the remaining development time frame is not achievable. The program routinely underestimated the amount of work needed to develop Block 4 capabilities, which has resulted in delays, and has not reflected historical performance into its remaining work schedule. Unless the F-35 program accounts for historical performance in the schedule estimates, the Block 4 schedule will continue to exceed estimated time frames and stakeholders will lack reliable information on when capabilities will be delivered. GAO found the F-35 program office collects data on many Block 4 software development metrics, a key practice from GAO's Agile Assessment Guide, but has not met two other key practices for monitoring software development progress. Specifically, the F-35 program office has not implemented tools to enable automated data collection on software development performance, a key practice. The program's primary reliance on the contractor's monthly reports, often based on older data, has hindered program officials' timely decision-making. The program office has also not set software quality performance targets, inconsistent with another key practice. Without these targets, the program office is less able to assess whether the contractor has met acceptable quality performance levels. Why GAO Did This Study The F-35 Lightning II Joint Strike Fighter program remains DOD's most expensive weapon system program. DOD is 3 years into a development effort that is loosely based on Agile software development processes to modernize the F-35 aircraft's capabilities. With this approach, DOD intends to incrementally develop, test, and deliver small groups of new capabilities every 6 months. Congress included provisions in two statutes for GAO to review the F-35 program. This report addresses the F-35 operational testing status, DOD's Block 4 modernization development schedule, and how the F-35 program office implements key practices for evaluating Agile software development progress. To assess cost and schedule concerns identified in prior years, GAO selected three key practices that focus on evaluating Agile software development progress. GAO reviewed DOD and contractor documentation and interviewed DOD officials and contractor representatives.

Financial Services Industry: Using Data to Promote Greater Diversity and Inclusion

GAO - OIG -

What GAO Found GAO's prior work has shown that the financial services industry has made little or no progress in increasing diversity at the senior management level. The figure below shows the latest available data on diversity at senior levels. Race/Ethnicity and Gender Representation of Executive/Senior-Level Management in the Financial Services Industry, 2018 One common theme of GAO's recent reports on diversity in the financial services industry is the importance of using data to assess diversity and inclusion efforts. In 2017, GAO reported that financial services firms said it is important for firms to collect and analyze data to assess workforce diversity. Notably, all the financial services firms with which GAO spoke agreed on the importance of analyzing employee data. Some firm representatives noted that with such data, they can analyze the gender and racial/ethnic diversity of new hires, employees leaving the organization, and newly promoted staff and managers. In 2019 and 2020, GAO reported that the Federal Home Loan Banks (FHLBanks) and Fannie Mae and Freddie Mac (the enterprises) track diversity composition data on their workforce, recruitment, and hiring. The FHLBanks and the enterprises use these data to compare their performance against benchmarks, such as prior-year metrics and peer institutions, and set goals for future performance. They also incorporate diversity targets into their incentive compensation goals or performance competencies for management. The Federal Housing Finance Agency (FHFA) uses data to oversee the workforce diversity and inclusion efforts of the FHLBanks and the enterprises. As GAO reported in 2019 and 2020, FHFA collects and reviews quarterly and annual workforce diversity data from the FHLBanks and enterprises. For example, FHFA assesses each FHLBank's performance in workforce diversity using the quarterly data. In 2017, FHFA also began reviewing diversity and inclusion efforts as part of its annual examinations of the FHLBanks and the enterprises. Why GAO Did This Study The financial services industry provides services that help families build wealth and is essential to the economic growth of the country. For instance, the FHLBanks, Fannie Mae, and Freddie Mac play important roles in supporting the U.S. housing market. The FHLBanks include 11 federally chartered banks that provide liquidity for member institutions, such as commercial and community banks, to use in support of housing finance and community lending. Fannie Mae and Freddie Mac purchase single-family and multifamily mortgage loans that lenders already made to borrowers. Congressional members and others have highlighted the need for the financial services industry to create opportunities for all Americans, including supporting a diverse workforce. This statement discusses (1) how financial service firms use data to assess workforce diversity efforts; (2) how the FHLBanks and the enterprises use data to assess their diversity efforts; and (3) how FHFA oversees diversity efforts at the FHLBanks and the enterprises. This statement is primarily based on three GAO reports (GAO-18-64, GAO-19-589, and GAO-20-637) on diversity efforts in the financial services industry and at FHLBanks and the enterprises. For the reports, GAO reviewed relevant literature and data, and interviewed representatives of financial services firms and industry and diversity advocacy organizations. GAO also reviewed documents and interviewed officials from the FHLBanks, enterprises, and FHFA. For more information, contact Daniel Garcia-Diaz at (202) 512-8678 or GarciaDiazD@gao.gov.

Electricity Grid Cybersecurity: DOE Needs to Ensure Its Plans Fully Address Risks to Distribution Systems

GAO - OIG -

What GAO Found The U.S. grid's distribution systems—which carry electricity from transmission systems to consumers and are regulated primarily by states—are increasingly at risk from cyberattacks. Distribution systems are growing more vulnerable, in part because their industrial control systems increasingly allow remote access and connect to business networks. As a result, threat actors can use multiple techniques to access those systems and potentially disrupt operations. (See fig.) However, the scale of potential impacts from such attacks is not well understood. Examples of Techniques for Gaining Initial Access to Industrial Control Systems Distribution utilities included in GAO's review are generally not subject to mandatory federal cybersecurity standards, but they, and selected states, had taken actions intended to improve distribution systems' cybersecurity. These actions included incorporating cybersecurity into routine oversight processes and hiring dedicated cybersecurity personnel. Federal agencies have supported these actions by, for example, providing cybersecurity training and guidance. As the lead federal agency for the energy sector, the Department of Energy (DOE) has developed plans to implement the national cybersecurity strategy for the grid, but these plans do not fully address risks to the grid's distribution systems. For example, DOE's plans do not address distribution systems' vulnerabilities related to supply chains. According to officials, DOE has not fully addressed such risks in its plans because it has prioritized addressing risks to the grid's generation and transmission systems. Without doing so, however, DOE's plans will likely be of limited use in prioritizing federal support to states and industry to improve grid distribution systems' cybersecurity. Why GAO Did This Study Protecting the reliability of the U.S. electricity grid, which delivers electricity essential for modern life, is a long-standing national interest. The grid comprises three functions: generation, transmission, and distribution. In August 2019, GAO reported that the generation and transmission systems—which are federally regulated for reliability—are increasingly vulnerable to cyberattacks. GAO was asked to review grid distribution systems' cybersecurity. This report (1) describes the extent to which grid distribution systems are at risk from cyberattacks and the scale of potential impacts from such attacks, (2) describes selected state and industry actions to improve distribution systems' cybersecurity and federal efforts to support those actions, and (3) examines the extent to which DOE has addressed risks to distribution systems in its plans for implementing the national cybersecurity strategy. To do so, GAO reviewed relevant federal and industry reports on grid cybersecurity risks and analyzed relevant DOE documents. GAO also interviewed a nongeneralizable sample of federal, state, and industry officials with a role in grid distribution systems' cybersecurity.

Fourth Circuit Upholds Jury Conviction in Foreign-Agent Prosecution

Justice -

The U.S. Court of Appeals for the Fourth Circuit today upheld an Eastern District of Virginia jury verdict convicting a man of acting and conspiring to act as an agent of the Turkish government within the United States without disclosing that relationship to the U.S. government. The Fourth Circuit also vacated an order granting a new trial and remanded the case for further proceedings before the district court.

Pages

Subscribe to IntelDesk aggregator - Administration