HSI's C3 Child Exploitation Investigations Unit conducted Operation Renewed Hope II, from Feb. 26 through March 8, resulting in the location and positive identification of 19 previously unknown child sexual abuse victims, which includes 8 victims rescued from active abuse.

What GAO Found The increasing frequency of disasters overall and the additional responsibilities for responding to other events have stretched the Federal Emergency Management Agency's (FEMA) workforce in unprecedented ways. GAO's work has identified various challenges FEMA has faced in its efforts to respond to these additional events. The scale and scope of federal efforts and funding required to address the COVID-19 pandemic tested FEMA's and other federal agencies' capacity to mount an equitable and effective nationwide response. FEMA's role included lost wages assistance; COVID-19 funeral assistance; public assistance to state, tribal, and territorial governments; mission assignments to other federal agencies; and mobile vaccination units. For example, GAO reported in April 2022 that FEMA had received and was processing more than 444,000 applications for COVID-19 funeral assistance since April 2021—when it began accepting applications—compared to the approximately 6,000 cases of funeral assistance the agency had processed over the decade prior to the pandemic. FEMA reported that as of December 2023 it has obligated $123 billion in response to the pandemic and projected that it will obligate a total of $144 billion by the end of fiscal year 2024. In addition to the 59 major disaster declarations for COVID-19, as of July 2022, FEMA had about 500 non-COVID-19 active major disaster declarations in various states of response and recovery. At the same time, FEMA recently reported a projected deficit of nearly $6.4 billion in the fund by September 2024 GAO has also identified several gaps in FEMA's internal controls meant to prevent improper or potentially fraudulent payments in funeral assistance. In April 2022, GAO recommended that FEMA implement additional control activities to ensure that consistent and accurate data are available to prevent and detect improper payments and potential fraud. FEMA has fully addressed this recommendation implementing additional controls but as of April 2023 has only partially addressed the recommendation on data consistency and accuracy. Until FEMA fully addresses this recommendation, they will continue limited ability oversee and prevent and detect fraud. GAO's past work has identified longstanding challenges facing the FEMA workforce, which have been exacerbated given FEMA's additional responsibilities. Specifically, in May 2023, GAO reported that FEMA had a disaster workforce strength of approximately 11,400 employees at the beginning of fiscal year 2022, a gap of 35 percent between the actual number of staff and the staffing target of 17,670. FEMA officials stated that they faced additional responsibilities due to COVID-19, while also managing the traditional seasonal peaks of disaster activity during the year. This created burnout for many employees and increased employee attrition. GAO recommended that FEMA document plans to monitor and evaluate the agency's hiring efforts to address staffing gaps, among other recommendations. As of January 2024, FEMA has taken some steps to address these recommendations, including developing yearly hiring targets to ensure they are on pace to meet overall hiring goals. To fully address the recommendation, FEMA should finalize its staffing plans. Why GAO Did This Study FEMA leads the nation's efforts to prepare for, respond to, and recover from disasters. In recent years, the increasing frequency and costs of disasters, the COVID-19 pandemic, and other responsibilities have placed additional pressures on FEMA. This statement discusses GAO's prior work and recommendations related to FEMA's (1) roles and responsibilities outside of natural disasters and (2) workforce challenges. This statement is based on products GAO issued from May 2020 through May 2023, along with selected updates to address GAO recommendations, and updates from FEMA. For those products, GAO reviewed and analyzed federal laws, agency guidance, and other agency documents. GAO also analyzed data on FEMA's workforce, and disaster assistance, among others. GAO interviewed knowledgeable officials from FEMA; other selected federal agencies; and state, local, and territorial officials impacted by disasters.

Para la versión de esta página en español, ver a GAO-24-107052. What GAO Found Hispanic-Serving Institutions (HSI)—colleges with an undergraduate student enrollment that is at least 25 percent Hispanic—have extensive facility needs, according to GAO's generalizable survey of HSIs. Based on GAO's survey, an estimated 43 percent of HSIs' building space (i.e., square footage) needs repairs or replacement, on average. Deferred maintenance backlogs, damage from natural disasters or severe weather, and facility modernization efforts drive HSIs' facility needs. For example, HSIs have an average deferred maintenance backlog of almost $100 million, based on GAO's survey. Further, an estimated 77 percent of HSIs have at least one deferred maintenance project that addresses a health or safety issue. In addition, an estimated 65 percent of HSIs have experienced at least one natural disaster or severe weather event in the past 5 years that has resulted in the need to repair or replace some facilities. HSIs also reported unmet digital infrastructure needs related to internet access and connectivity, cybersecurity, and hybrid learning efforts, according to GAO's survey. For example, GAO estimates that at roughly a third of HSIs, more than 10 percent of students cannot reliably connect to the internet off-campus either because they cannot afford an internet connection or they lack an appropriate device. Most HSIs (an estimated 74 percent) have also experienced a cyberattack within the previous 5 years. HSIs made recent investments in hybrid learning as a result of the COVID-19 pandemic and related federal funding. However, GAO estimates 90 percent of HSIs that offer hybrid courses face some challenge continuing to deliver them, based on survey results. Examples of Facility and Digital Infrastructure at Hispanic-Serving Institutions HSIs relied on multiple sources to fund their capital project needs over the last 5 years. These sources frequently included state capital grants or appropriations for public HSIs and tuition and fees for private HSIs, according to GAO's survey. GAO estimates 43 percent of HSIs were satisfied with their overall access to funding. However, HSIs reported common challenges securing funding for capital projects. For example, an estimated 74 percent of public HSIs consider insufficient state funding to be a challenge towards addressing capital project needs, based on GAO's survey. Additionally, about three quarters of private HSIs face challenges due to declining tuition and fees revenue. The Department of Education has three grant programs for eligible HSIs. Although HSIs can use this funding to support capital projects, instead, they generally use these grant funds for other needs, such as student services, according to Education officials. Why GAO Did This Study HSIs play a prominent role in the nation's higher education system. For example, 574 HSIs enrolled over 2 million Hispanic students in the 2021–2022 school year, representing 60 percent of all Hispanic students in college. Like most colleges, HSIs must continue to invest in their facilities and digital infrastructure to serve their students safely and effectively. A 2021 House report includes a provision for GAO to examine the infrastructure needs—both physical and digital—at HSIs. This report describes HSIs' (1) facility needs, (2) digital infrastructure needs, and (3) funding sources for capital projects. To conduct this work, GAO surveyed a representative sample of HSIs in the U.S. (including Puerto Rico) and received generalizable responses from 169 colleges. Survey estimates have a margin of error no greater than plus or minus 8 percentage points at the 95 percent level of confidence. GAO also analyzed the most recent HSI data on college student and institutional characteristics (2021–2022), finances (2020–2021), HSI grant programs (2017–2022), and COVID relief funds (2021). GAO also visited 10 HSIs—selected to capture different sizes, sectors (public or private nonprofit), and geographic regions—and interviewed Education officials and HSI organizations. In addition, GAO reviewed relevant federal laws, regulations, and guidance. For more information, contact Melissa Emrey-Arras at (617) 788-0534 or emreyarrasm@gao.gov.

Why This Matters Malicious use of deepfakes could erode trust in elections, spread disinformation, undermine national security, and empower harassers. Key Takeaways Current deepfake detection technologies have limited effectiveness in real-world scenarios. Watermarking and other authentication technologies may slow the spread of disinformation but present challenges. Identifying deepfakes is not by itself sufficient to prevent abuses. It may not stop the spread of disinformation, even after the media is identified as a deepfake. The Technology What is it? Deepfakes are videos, audio, or images that have been manipulated using artificial intelligence (AI), often to create, replace, or alter faces or synthesize speech. They can seem authentic to the human eye and ear. They have been maliciously used, for example, to try to influence elections and to create non-consensual pornography. To combat such abuses, technologies can be used to detect deepfakes or enable authentication of genuine media. Detection technologies aim to identify fake media without needing to compare it to the original, unaltered media. These technologies typically use a form of AI known as machine learning. The models are trained on data from known real and fake media. Methods include looking for (1) facial or vocal inconsistencies, (2) evidence of the deepfake generation process, or (3) color abnormalities. Authentication technologies are designed to be embeddedduring the creation of a piece of media. These technologies aim to either prove authenticity or prove that a specific original piece of media has been altered. They include: Digital watermarks can be embedded in a piece of media, which can help detect subsequent deepfakes. One form of watermarking adds pixel or audio patterns that are detectable by a computer but are imperceptible to humans.The patterns disappear in any areas that are modified, enabling the owner to prove that the media is an altered version of the original. Another form of watermarking adds features that cause any deepfake made using the media to look or sound unrealistic. Metadata—which describe the characteristics of data in a piece of media—can be embedded in a way that is cryptographically secure. Missing or incomplete metadata may indicate that a piece of media has been altered. Blockchain. Uploading media and metadata to a public blockchain creates a relatively secure version that cannot be altered without the change being obvious to other users. Anyone could then compare a file and its metadata to the blockchain version to prove or disprove authenticity. Figure 1. Examples of Deepfake Detection and Authentication How mature is it? Detection technologies. According to recent studies, existing detection methods and models may not accurately identify deepfakes in real-world scenarios. For example, accuracy may be reduced if lighting conditions, facial expressions, or video or audio quality are different from the data used to train the detection model, or if the deepfake was created using a different method than that used in the training data. Further, future advances in deepfake generation are expected to eliminate hallmarks of current deepfakes, such as abnormal eye blinking. Authentication technologies. These technologies are not new, but their use in combating deepfakes is an emerging area. Several companies offer authentication services, including using digital watermarks, metadata, and blockchain technologies. Some claim to let website visitors authenticate media found on the internet, provided the original is in the company’s database. Prominent social media companies are also beginning to label AI-generated content. Opportunities Combined defenses. Using multiple detection and authentication methods may help to identify deepfakes. Updated training datasets. Including diverse and recent media in training data could help detection models keep up with the latest deepfake generation techniques. Competitions. Deepfake detection competitions could encourage the development of more accurate detection tools and models. One 2019 competition included over 2,000 participants and generated over 35,000 models. Challenges Disinformation and public trust. Disinformation can spread from the moment a deepfake is viewed, even if it is identified as fraudulent. Further, trust in real media may be undermined by false claims that real media is a deepfake or if people do not trust a detection model’s results. Adaptation to detection. Techniques and models used to identify deepfakes tend to lead developers to create more sophisticated deepfake generation techniques. Policy Context and Questions Are current laws and regulations adequate to address evolving concerns about the malicious use of deepfakes? How do they address data security, privacy concerns, and First Amendment considerations, such as a deepfake creator’s freedom of speech and expression? What entities (e.g., government, nonprofit, private company) should make decisions about identifying and blocking deepfakes, or about when and how to sanction those who produce or disseminate them? How can organizations across society coordinate on the development and improvement of deepfake detection and authentication technologies? What standards could be used or developed to evaluate these technologies? Selected GAO Work Science & Tech Spotlight: Deepfakes, GAO-20-379SP Technology Assessment: Blockchain, GAO-22-104625 Selected References Gourav Gupta, Kiran Raja, Manish Gupta, Tony Jan, Scott Thompson Whiteside, and Mukesh Prasad, “A Comprehensive Review of DeepFake Detection Using Advanced Machine Learning and Fusion Methods,”Electronics, vol. 13, no. 95 (2024) https://doi.org/10.3390/electronics13010095. National Security Agency, Federal Bureau of Investigation, and Cybersecurity and Infrastructure Security Agency,Contextualizing Deepfake Threats to Organizations, Sept. 2023. For more information, contact Brian Bothwell at (202) 512-6888 or bothwellb@gao.gov.

What GAO Found Financial institution representatives that GAO interviewed identified actions the Financial Crimes Enforcement Network (FinCEN) could take to enhance the institutions' ability to identify and report suspicious activity. These include more updates on priority threats and tips to improve suspicious activity reports (SAR), which institutions file if they identify potential criminal activity. FinCEN may cover some of these actions as it implements the Anti-Money Laundering Act of 2020, the aims of which include improving information sharing and technology. GAO identified 31 sections in the Anti-Money Laundering Act of 2020 for which FinCEN is responsible for implementing. For example, FinCEN is to establish standards for financial institutions to test new anti-money laundering-related technology. As of November 2023, GAO found that FinCEN collectively had described its progress in implementing 19 sections through multiple publications and in varying detail. More complete disclosure of FinCEN's progress implementing the act would provide greater transparency and accountability. FinCEN surveys law enforcement agencies about their use of and satisfaction with FinCEN's products and services, such as its database of SARs. However, the surveys may not provide reliable information. FinCEN's 2018–2022 surveys had low response rates (ranging from 2 to 10 percent), raising the risk of biased results that do not represent the views of all agencies. FinCEN also did not analyze and adjust, as needed, results for nonresponse bias. As a result, the surveys may not provide FinCEN with a complete and reliable picture of law enforcement's satisfaction with its products and services. Federal agencies, including the Departments of Justice and Homeland Security, individually track outcomes of their illicit finance investigations (e.g., convictions and forfeitures). Some Justice data track these outcomes across multiple federal agencies (see figure). However, comprehensive, government-wide data do not exist because data collection is fragmented across multiple agencies and data may be incomplete. Developing a consistent methodology to comprehensively track outcomes would better inform federal agencies and Congress about the results and effectiveness of U.S. efforts to combat illicit finance. Outcomes of Defendants Charged under Money Laundering-Related Statutes, Fiscal Years 2018–2022 Why GAO Did This Study Criminal organizations launder illicit proceeds to facilitate and conceal crime. The Bank Secrecy Act, as amended, requires financial institutions to file SARs (which help law enforcement investigate crime) under certain conditions. FinCEN administers the act and maintains these reports in a database. GAO was asked to review U.S. efforts to combat illicit finance. This report examines (1) financial institution suggestions to enhance SAR processes, (2) FinCEN communication of its progress implementing the Anti-Money Laundering Act, (3) FinCEN surveys on law enforcement satisfaction with its products and services, and (4) data collection on efforts to combat illicit finance. GAO reviewed laws, guidance, and investigation data and interviewed FinCEN and federal law enforcement agencies. GAO also interviewed a nongeneralizable selection of 46 representatives of financial institutions and industry associations (such as banks, casinos, money services businesses, and broker-dealers).

U.S. Immigration and Customs Enforcement’s (ICE) Enforcement and Removal Operations (ERO) Chicago arrested 28 noncitizens with sex offense convictions during a nationwide law enforcement effort that netted 275 noncitizen sex offenders. The operation ran from Feb. 5 to Feb. 16.

U.S. Immigration and Customs Enforcement’s (ICE) Enforcement and Removal Operations (ERO) Philadelphia removed Leonard Mnela, a citizen of Albania with a final order of removal, to Albania on March 2. Mnela is a foreign fugitive wanted by law enforcement authorities in Italy for criminal conspiracy, kidnapping, attempted extortion, firearms violation, drug trafficking, drug importing and drug selling. He’s also wanted by law enforcement authorities in Albania for murder.

The court also sentenced Dominic Lawrence Carsi, 34, Naples, to a term of supervised release for life and ordered him to register as a sex offender. Carsi pleaded guilty Oct. 31, 2023.

Juan Carlos Perlaza Caicedo aka Olindo Perlaza Caicedo aka Gafas, 45, of Colombia pleaded guilty to producing and transporting several tons of cocaine from Colombia to Central America beginning in at least 2002.

ERO New York City Fugitive Operations officers apprehended 32 unlawfully present noncitizens convicted of sex offenses during a nationwide law enforcement effort from Feb. 5 to Feb. 16.

What GAO Found Seven law enforcement agencies within the Departments of Justice (DOJ) and Homeland Security (DHS), such as the Federal Bureau of Investigation and U.S. Secret Service, reported using facial recognition technology to support criminal investigations. Three of the seven agencies reported owning facial recognition technology. All seven reported using systems owned by other entities, such as state and local entities and nongovernment service providers. In September 2023, GAO found that three of the seven agencies had policies or guidance specific to facial recognition technology that were intended to help protect civil rights and civil liberties. The other four agencies—three in DOJ and one in DHS—did not have such policies or guidance. We also found that DOJ had taken steps to issue a department-wide policy but had faced delays. After our September 2023 report, DHS finalized a department-wide policy, which includes topics such as limiting the use of the technology; protecting privacy, civil rights, and civil liberties; and testing and evaluation of the technology. DOJ also said it has developed an interim policy on facial recognition technology with topics such as the protection of civil rights and civil liberties, and training requirements. However, GAO did not have an opportunity to review and confirm that information. The seven agencies reported using four nongovernment facial recognition services in total from October 2019 through March 2022 to support criminal investigations. All seven agencies had initially used these services without first requiring staff to take training on topics such as how facial recognition technology works, what photos are appropriate to use, and how to interpret results. GAO found that, cumulatively, agencies with available data reported conducting about 60,000 searches using facial recognition services when they did not have training requirements in place. Two of the seven agencies ultimately implemented training requirements as of April 2023. Of the remaining five agencies, two continued to use facial recognition services and three halted their use of the services as of April 2023. Facial Recognition Services Use and Training for Selected Agencies, April 2023 Note: The figure shows when agencies used the four services covered by our review (services used from October 2019 through March 2022), and when, if at all, agencies implemented training requirements for facial recognition services. The figure provides use and training information as of April 2023. See figure 2 of the statement for more detail. Why GAO Did This Study Law enforcement agencies may use facial recognition technology to help solve crimes. For example, the technology can allow users to quickly search through billions of photos to help identify an unknown suspect in a crime scene photo. Civil rights and civil liberties advocates have cautioned that an overreliance on the technology in criminal investigations could lead to the arrest and prosecution of innocent people, or that its use at certain events (e.g., protests) could have a chilling effect on individuals' exercise of their First Amendment rights. GAO was asked to testify before the United States Commission on Civil Rights on the use of facial recognition technology by DHS and DOJ. This statement discusses GAO's prior work examining the extent to which seven selected law enforcement agencies have (1) owned and used facial recognition technology, (2) developed policies to help protect civil rights and civil liberties related to its use, (3) required staff to take training prior to use, and (4) taken steps to address selected privacy requirements. This statement is based on reports published from 2021 through 2023 related to federal law enforcement agencies' use of facial recognition technology. To conduct that prior work, GAO administered a survey questionnaire to 42 federal agencies that employ law enforcement officers regarding their use of the technology, including the seven agencies that are the focus of this statement. GAO also reviewed relevant documents and interviewed agency officials. GAO selected the seven agencies because they previously reported owning or using facial recognition technology systems.

What GAO Found Operational technology (OT) systems and devices are used to control, among other things, distribution processes (e.g., oil and natural gas pipelines) and production systems (e.g., electric power generation). Figure 1 shows the key components of an OT system using a pipeline system as an illustrative example. Figure 1: Key Components of a Pipeline Operational Technology (OT) System Although 12 of the 13 selected nonfederal entities cited examples of positive experiences with the Cybersecurity and Infrastructure Security Agency's (CISA) OT products and services, CISA and seven of the nonfederal entities identified two types of associated challenges. Specifically: Seven selected nonfederal entities identified negative experiences using CISA's products and services as a challenge. For example, one nonfederal entity told GAO that vulnerabilities reported through CISA's process often take more than a year between the initial report of a vulnerability and public disclosure (see figure 2). CISA officials and one nonfederal entity identified the insufficient CISA staff with requisite OT skills as a challenge. For example, CISA officials stated that its four federal employees and five contractor staff on the threat hunting and incident response service are not enough staff to respond to significant attacks impacting OT systems in multiple locations at the same time. To address these types of challenges, best practices highlight the importance of (1) measuring customer service and (2) performing effective workforce planning. However, CISA has not fully addressed these practices. Until CISA does so, the agency will not be optimally positioned to deliver products and services needed to address OT risks. Figure 2: Cybersecurity and Infrastructure Security Agency (CISA) Operational Technology (OT) Cybersecurity Products and Services Six of the seven selected agencies cited examples of where their collaboration with CISA yielded positive outcomes to addressing cyber OT risks. However, four agencies also identified two challenges in coordinating with CISA: (1) CISA ineffectively sharing information with critical infrastructure owners and operators, and (2) CISA and the Pipeline and Hazardous Materials Safety Administration lacking a process to share cyber threat information with owners and operators. To address these types of challenges, it is important to adopt leading collaboration practices. However, CISA did not fully address any of five selected leading collaboration practices when coordinating with seven selected agencies (see table). Extent to Which the Cybersecurity and Infrastructure Security Agency (CISA) Addressed Selected Leading Collaboration Practices with Seven Selected Agencies to Mitigate Cyber Operational Technology Risks to Critical Infrastructure Collaboration practices CESER DC3 FRA NSA PHMSA TSA USCG Define common outcomes ◑ ◑ ◑ ◑ ◑ ◑ ◑ Ensure accountability ○ ○ ◑ ○ ◑ ◑ ◑ Bridge organizational cultures ◑ ◑ ◑ ◑ ◑ ◑ ◑ Clarify roles and responsibilities ◑ ◑ ◑ ◑ ◑ ◑ ◑ Develop and update written guidance and agreements ○ ◑ ○ ○ ○ ○ ◑ Source: GAO analysis of agency information. | GAO 24 106576 Legend: ●=Generally addressed. ◑=Partially addressed. ○=Not addressed. Note: CESER (Cybersecurity, Energy Security, and Emergency Response), DC3 (Department of Defense Cyber Crime Center), FRA (Federal Railroad Administration), NSA (National Security Agency), PHMSA (Pipeline and Hazardous Materials Safety Administration), TSA (Transportation Security Administration), and USCG (U.S. Coast Guard). The practices were not fully addressed, in part, because of the lack of (1) guidance from CISA to the sector risk management agencies on how to update their plans for coordinating on critical infrastructure issues and (2) a CISA policy for developing agreements with sector risk management agencies with respect to collaboration. Until CISA takes action to address these weaknesses, it and the selected agencies will not be well-positioned to coordinate on mitigating cyber OT risks. Why GAO Did This Study Much of the nation's critical infrastructure relies on OT—systems that interact with the physical environment—to provide essential services. However, malicious cyber actors pose a significant threat to these systems. Federal law designates CISA as the lead agency in helping critical infrastructure owners and operators address cyber risks to OT. The National Defense Authorization Act of Fiscal Year 2022 includes a provision for GAO to report on CISA's support for industrial control systems. Federal guidance now addresses these systems under the broader category of OT. Accordingly, this report examines, among other things: (1) challenges in delivering CISA's OT products and services, and (2) challenges to collaborating between CISA and the seven selected agencies. GAO reviewed documentation describing CISA's 13 OT cybersecurity products and services. GAO also asked officials from CISA and 13 selected nonfederal entities to identify any challenges with the OT products and services. The selected entities included (1) councils representing one sector and three subsectors where OT was prevalent and the intelligence community highlighted their infrastructures as being at risk from cyber threat actors, (2) OT vendors who joined a CISA OT collaboration group, and (3) cybersecurity researchers that contributed to the development of CISA's OT advisories. GAO then compared CISA's efforts to address those challenges against leading practices regarding measuring customer service and workforce planning. In addition, GAO reviewed documentation describing CISA’s efforts to collaborate with seven selected agencies to mitigate cyber OT risks. The seven selected agencies are: (1) Department of Defense’s (DOD) Defense Cyber Crime Center (DC3); (2) DOD’s National Security Agency (NSA); (3) Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER); (4) Department of Homeland Security’s (DHS) Transportation Security Administration (TSA); (5) DHS’s U.S. Coast Guard (USCG); (6) Department of Transportation’s (DOT) Federal Railroad Administration (FRA); and (7) DOT’s Pipeline and Hazardous Materials Safety Administration (PHMSA). GAO focused on these agencies or departmental components because each was (1) within agencies designated as the lead for helping to protect the selected sector and three subsectors and (2) responsible for helping critical infrastructure owners and operators to mitigate cyber OT risks. GAO also asked officials from seven selected agencies to identify any challenges in collaborating with CISA to mitigate cyber OT risks. GAO then compared documentation from the seven agencies and CISA against five selected leading collaboration practices.

What GAO Found When a contract involves unusually hazardous or nuclear risk, which insurers may decline to cover, the government may indemnify defense contractors. This indemnification financially protects contractors from liability arising from a catastrophic incident. Contractors report that it also incentivizes them to complete work that would otherwise be financially untenable, as an incident could exceed the limit of a contractor's commercial insurance policy. Financial Protection Provided by Commercial Insurance and Government Indemnification Type of financial protection Coverage provided Commercial insurance Coverage provided for claims involving covered contractor products, subject to the limit of the insurance policy Government indemnification Coverage provided for claims, losses, or damages that arise out of or result from a risk that the contract defines as unusually hazardous or nuclear, and is not compensated for by insurance or other meansa Source: GAO analysis of aviation insurance industry and defense contractor information. I GAO-24-106403aIndemnification coverage is limited in some circumstances. For example, contractors will not be indemnified against government claims against the contractor or for losses or damages affecting the contractor's property, if the claim, loss, or damage is caused by willful misconduct or lack of good faith on the part of certain contractor officials. Indemnification requests are infrequent and generally approved. The Department of Defense (DOD) components that GAO reviewed reported receiving only about 350 indemnification requests over the past 15 years. Components' processes for evaluating indemnification requests varied. GAO found that contracting officials at some components were unaware of or did not use a specialized insurance review team within the Defense Contract Management Agency (DCMA) to assist in their evaluations. Components that did use this team found the reviews helpful. Lack of knowledge and use of this expertise means components may be missing an opportunity to facilitate the review process . Defense contractors generally obtain coverage for their work from multiple multi-national insurers. Insurers develop a comprehensive risk profile on contractors to determine what coverage they will provide. According to industry representatives, world events and market volatility in recent years shrunk the insurance market and reduced coverage available to contractors. Insurer representatives that GAO interviewed stated that as a result, government indemnification is an increasingly important factor they consider when providing coverage to defense contractors. DOD experienced challenges negotiating indemnification requests related to weapons carried on Virginia class submarines. Those challenges were resolved, but officials could not estimate the impact of these negotiations due to pre-existing program delays. Additionally, while contractors have expressed concern about not defining unusually hazardous risk in regulation, DOD officials noted the importance of maintaining the flexibility to consider indemnification requests based on each component's unique mission profile. Why GAO Did This Study Recently, DOD has experienced challenges indemnifying—or providing financial protection to—contractors working on certain weapon systems. A congressional report expressed concern that DOD's application of indemnification laws and an increase in programs with unusually hazardous risks could affect DOD's ability to field advanced weapon systems. The report included a provision for GAO to report on DOD's indemnification of contractors against unusually hazardous risk. GAO's report examines (1) how DOD has indemnified risk related to contracts over the past 15 years and how it makes those decisions, (2) how defense contractors obtain insurance and the risk factors that influence insurance coverage decisions, and (3) what indemnification challenges, if any, DOD and contractors have experienced and may experience in the future. GAO analyzed available indemnification data from six selected DOD components—including the military departments, Missile Defense Agency, and Defense Logistics Agency—from 2008 through 2022; reviewed government-wide and DOD indemnification policies and regulations; and interviewed officials at DOD, five selected defense contractors, and four selected insurers.

If convicted, Reginald Dugger, 42, of Orlando, faces a maximum penalty of 30 years in federal prison for the drug offense and up to 15 years in federal prison for the firearm offense.

A superseding indictment was partially unsealed in the Southern District of California March 5 charging alleged drug trafficker Benjamin Madrigal-Birrueta, 22, with murdering two people to prevent them from testifying in drug trafficking cases in federal court in San Diego. Homeland Security Investigations (HSI), the Drug Enforcement Administration, the FBI and the Bureau of Alcohol, Tobacco, Firearms and Explosives are investigating this case with local law enforcement agencies.

On Feb. 29, a federal grand jury in the District of Puerto Rico indicted Kiara Ramos Melendez, 29, with one count of coercion and enticement of a minor and one count of receipt of child exploitation material.

What GAO Found The Coast Guard has taken action to address sexual assault and harassment but has not developed a plan to assess its efforts. In a 2020 internal investigation called “Operation Fouled Anchor,” the Coast Guard examined 102 separate allegations of sexual assault from 1990 to 2006 at the Coast Guard Academy and concluded that the academy often mishandled these cases. More recently, service members reported a total of 263 sexual harassment allegations between September 2020 through April 2023, according to Coast Guard data. After media reporting on Operation Fouled Anchor in June 2023, the Commandant directed a 90-day review of policy processes, practices, and service culture relevant to countering sexual assault and harassment in the Coast Guard. The resulting report identified areas for organizational improvement to ensure a culture of accountability and transparency. In November 2023, the Commandant directed the Coast Guard to implement 33 initial actions by certain dates to address the findings of the review and help ensure service members have an experience free from sexual assault and harassment (see figure). The actions span six categories, including training, the academy, and information and data. According to Coast Guard officials, they have completed five actions as of February 2024. Number of Coast Guard Planned Actions Each Month to Respond to Sexual Assault and Harassment and Selected Examples The Commandant-directed actions include administering a Coast Guard-wide survey and analyzing survey results. However, the service has not developed an evaluation plan to assess the results of its 33 initial actions. According to Coast Guard officials, they have had discussions about assessing the results of the actions but have not developed plans or mechanisms to do so because measuring culture change is difficult. However, these officials identified certain resources, such as employee surveys and Department of Defense officials, that could prove useful in this effort. Developing an evaluation plan and mechanisms for assessing the effectiveness of actions taken to improve its culture of accountability and transparency would better ensure that Coast Guard has the information it needs to evaluate whether the actions are helping service members have an experience free from sexual assault and harassment. Further, taking these steps would help ensure the service is improving its culture, which could assist in the recruitment and retention of its workforce. Why GAO Did This Study The Coast Guard is a maritime military service within the Department of Homeland Security that employs more than 55,000 personnel. Sexual assault and harassment have a negative effect on the victims, negatively affect retention, and disrupt mission readiness. This statement discusses the Coast Guard's recent efforts to address sexual assault and harassment. GAO analyzed Coast Guard documents, interviewed agency officials, and reviewed prior GAO reports on Department of Defense and Coast Guard efforts to prevent sexual assault and harassment. We also compared Coast Guard efforts to the Commandant instruction on internal controls as well as federal internal control standards.

What GAO Found In response to the economic downturn caused by the COVID-19 pandemic, the Small Business Administration (SBA) quickly set up the Paycheck Protection Program (PPP), COVID-19 Economic Injury Disaster Loan (COVID-19 EIDL) program, and other relief programs. SBA also administers a Disaster Loan Program that helps small businesses and others recover after natural disasters. Since February 2020, GAO has made recommendations to improve SBA programs, including 23 key recommendations. SBA fully addressed 10 of the key recommendations, including the following: PPP oversight. Because SBA initially had limited safeguards, GAO recommended in June 2020 that it implement plans to respond to PPP risks, help ensure program integrity, and address potential fraud. In response, SBA developed a loan review process in December 2020. As of the end of fiscal year 2023, GAO estimated that SBA's use of additional safeguards in PPP and other COVID programs had resulted in more than $12 billion in savings. Assessment of fraud risks. SBA did not conduct a formal fraud risk assessment before implementing PPP or COVID-19 EIDL. In March 2021, GAO recommended that SBA conduct a formal assessment and develop a strategy to manage fraud risks for each program. SBA completed these steps in August 2023. SBA has not yet fully addressed 13 of these recommendations, including the following: Enhancing data analytics. In May 2023, GAO recommended that SBA identify data that could help verify applicant information and detect potential fraud. GAO also recommended that SBA develop cross-program data analytics that would better identify applicants who tried to defraud multiple programs. According to SBA, to begin addressing these recommendations, it has procured third-party services to help validate customer identity and has begun a comprehensive review of its data analytics. Addressing access barriers. GAO found in December 2021 that SBA's Disaster Loan Program and five other federal programs did not have key information for examining barriers to access and disparate recovery outcomes among various socioeconomic and demographic groups. GAO recommended SBA work with two other agencies to implement an interagency plan to address these equity issues. SBA officials said the agencies are in the process of developing such a plan. In addition, SBA's independent financial statement auditor has issued four consecutive disclaimers of opinion on SBA's consolidated financial statements since fiscal year 2020. SBA was unable to support a significant number of transactions and account balances related to PPP and COVID-19 EIDL. The auditor identified six material weaknesses in internal controls over financial accounting, including in controls for PPP and COVID-19 EIDL. GAO supports the auditor's recommendations to address these weaknesses and encourages SBA to develop and implement a corrective action plan to address them. Why GAO Did This Study Since spring 2020, SBA has administered four pandemic relief programs, including PPP and COVID-19 EIDL. PPP provides potentially forgivable loans to small businesses. COVID-19 EIDL provides low-interest loans of up to $2 million for operating and other expenses, as well as advances (grants). Concerns about SBA's implementation of PPP and COVID-19 EIDL led GAO to include emergency loans for small businesses on its High-Risk List in March 2021. SBA made or guaranteed more than $1 trillion in loans and grants and assisted more than 10 million small businesses through its relief programs. In addition, SBA has continued to make loans under its Disaster Loan Program. Among other things, this testimony focuses on the status of selected recommendations GAO has made to SBA on its pandemic relief and disaster loan programs, and on issues related to SBA's financial accounting. This testimony is based largely on the reports GAO issued since February 2020 containing the 23 key recommendations. For those reports, GAO reviewed SBA documentation, analyzed program data, and interviewed officials from SBA and other federal agencies. GAO also reviewed the opinions of SBA's independent financial statement auditor. For more information, contact Courtney LaFountain at (202) 512-8678 or lafountainc@gao.gov.

What GAO Found Risky business strategies and weak liquidity and risk management contributed to the failures of Silicon Valley Bank (SVB) and Signature Bank in March 2023. In both banks, rapid growth was an indicator of risk. From 2019 to 2021, the total assets of SVB and Signature Bank grew by 198 percent and 134 percent, respectively. This far exceeded growth for a group of 19 peer banks (33 percent, at the median). In addition, both banks had high percentages of uninsured deposits, which can be an unstable source of funding because customers with uninsured deposits may be more likely to withdraw their funds during times of stress. SVB also was affected by rising interest rates and Signature Bank had exposure to the digital assets industry. In the 5 years prior to 2023, the Board of Governors of the Federal Reserve System (Federal Reserve) and Federal Deposit Insurance Corporation (FDIC) identified concerns with SVB and Signature Bank. But both banks were slow to mitigate the problems the regulators identified and regulators did not escalate supervisory actions in time to prevent the failures. Federal Reserve and FDIC policies require staff to include specific information when communicating supervisory concerns to banks. GAO found that Federal Reserve and FDIC supervisory staff generally adhered to these requirements in communicating concerns to SVB and Signature Bank. Both regulators established internal procedures for when to escalate concerns to informal or formal enforcement actions. However, the Federal Reserve's procedures often were not clear or specific. The procedures often did not include measurable criteria for examiners to use when recommending informal or formal enforcement actions. This lack of specificity could have contributed to delays in taking more forceful action against SVB. Adopting clearer and more specific procedures could promote more timely enforcement action to address deteriorating conditions at banks in the future. In August 2023, FDIC updated its procedures for escalating supervisory concerns to require FDIC examiners to consider escalating supervisory concerns that are repeated or uncorrected at the end of an examination cycle. However, although the new guidance would have required examiners to consider escalation of Signature Bank concerns as early as 2019, it does not require escalation. As a result, it is unclear whether examiners would have escalated concerns to senior management on a timely basis. FDIC officials told us they intend to further update the procedures to expect examiners to require, instead of consider, escalation in these situations. Provisions in the Federal Deposit Insurance Act also help regulators determine when to escalate supervisory concerns. Section 38, also known as prompt corrective action, requires regulators to take increasingly severe actions as a bank's capital deteriorates. However, since the 1990s, GAO and others have reported that the effectiveness of the prompt corrective action framework is limited because it relies on capital measures, which can lag other indicators of bank health. The framework repeatedly has demonstrated weaknesses for addressing deteriorating financial conditions in banks and has not achieved a principal goal of preventing widespread losses to the Deposit Insurance Fund. Noncapital triggers (which could be based on factors such as interest rate risk, asset concentration, and poor management) can signal declining conditions before capital triggers do. Adopting noncapital triggers, such as by amending the Federal Deposit Insurance Act to incorporate such triggers, would encourage earlier action to address deteriorating conditions and also limit losses to the Deposit Insurance Fund by requiring early and forceful regulatory actions tied to unsafe banking practices before they impaired capital. Why GAO Did This Study The March 2023 failure of SVB and Signature Bank may cost the Deposit Insurance Fund an estimated $22.5 billion. The failures raised questions about the supervisory practices of the Federal Reserve and FDIC. GAO was asked to examine the regulators' communication and escalation of supervisory concerns in the years before the failures. This report examines the regulators' communication of supervisory concerns to the two banks, procedures for escalating such concerns, and whether adopting noncapital triggers could help regulators take more timely supervisory actions. GAO reviewed Federal Reserve and FDIC internal policies and procedures related to supervisory communication and escalation; analyzed supervisory documentation for SVB and Signature Bank; and spoke with staff from the Federal Reserve, Federal Reserve Bank of San Francisco, and FDIC.

What GAO Found Orders for new commercial aircraft have rebounded since they declined in 2020. However, the two main manufacturers of commercial aircraft—Boeing and Airbus—have faced challenges in increasing production of their most popular models—the Boeing 737 and Airbus A320—to meet demand. Steps Boeing and FAA are taking to ensure safety after a January 2024 in-flight failure of a section of the fuselage have also affected Boeing's production levels early in 2024. Additionally, of the 15 companies GAO interviewed that supply components to Boeing and Airbus, nine said that they have likewise had difficulty filling orders with the rebound in demand following the COVID-19 pandemic. Estimated Number of Boeing 737 and Airbus A320 Aircraft Produced, 2013–2023 Manufacturers attributed these production challenges to workforce and material shortages and are working to mitigate them. Fifteen of the 17 manufacturers GAO spoke to said they or their suppliers have had difficulty hiring enough skilled workers to enable them to satisfy the demand for their products. Six manufacturers said that difficulty hiring sufficient workers may be related to difficult or hazardous working conditions that some of these jobs entail, such as the use of toxic chemicals. Some manufacturers reported offering financial incentives and working with local schools to build interest in aviation careers to address their workforce needs. Further, fifteen manufacturers said that they or their suppliers have had difficulty procuring materials needed to complete their orders. Material shortages included a broad range of items, such as engines and semiconductors as well as raw materials like aluminum. To address these material shortages, manufacturers said they have increased monitoring of suppliers and established additional sources for some supplies. Airlines reported making changes to scheduled flights and developing ways to safely extend the life of some parts, among other actions, due to the difficulty obtaining new aircraft or the parts needed to maintain their current fleet. Seven of the eight airlines GAO spoke with reported delays of new aircraft they had expected to receive in 2023, and all eight airlines said they have had trouble obtaining a broad range of parts needed to maintain their fleets. Parts in short supply included small hardware like nuts and bolts as well as specialized items like cockpit windows and engine components. Why GAO Did This Study Aviation manufacturing is a major economic driver in the United States, with the largest trade balance (exports minus imports) among all U.S. manufacturing sectors. A global network of manufacturers and suppliers provides the aircraft and components that airlines in the United States rely on to support their operations. Aircraft manufacturers and their suppliers have faced headwinds in recent years, including steep declines in orders for new aircraft and supply chain disruptions brought on by the COVID-19 pandemic in 2020. As airlines respond to the rebound in demand for air travel that began in 2021, aviation manufacturers' ability to provide new aircraft and parts is key to airlines' efforts to maintain and grow their operations. GAO was asked to examine challenges facing the aviation manufacturing supply chain. This report describes (1) what is known about demand for and production of new aircraft and parts since 2020, (2) factors affecting manufacturers' production of new aircraft and parts and actions to mitigate these factors, and (3) how airlines have been affected by the availability of new aircraft and parts to support their operations. GAO analyzed data on new aircraft orders and deliveries from Boeing and Airbus along with data on aircraft production from Aviation Week Network for 2013 through 2023. GAO interviewed a non-generalizable sample of 38 stakeholders—including manufacturers and airlines—who were selected to achieve a range of perspectives. For more information, contact Heather Krause at (202) 512-2834 or krauseh@gao.gov.