This is the Spanish language highlights associated with GAO-24-106162. Lo que encontró la GAO Las Instituciones de Servicio a Hispanos (HSI, por sus siglas en inglés), es decir, universidades con una matrícula de estudiantes universitarios de al menos el 25 por ciento de hispanos, tienen grandes necesidades de instalaciones, según la encuesta generalizable de la GAO sobre las HSI. Según la encuesta de la GAO, se estima que, en promedio, el 43 por ciento del espacio edificable de las HSI (es decir, los pies cuadrados) necesita reparaciones o reemplazo. Los atrasos en mantenimiento diferido, los daños ocasionados por desastres naturales o climáticos severos y los esfuerzos de modernización de las instalaciones impulsan las necesidades de instalaciones de las HSI. Por ejemplo, las HSI tienen un retraso en promedio en mantenimiento diferido de casi $100 millones, según la encuesta de la GAO. Además, se estima que el 77 por ciento de las HSI tienen al menos un proyecto de mantenimiento diferido que aborda una cuestión de salud o seguridad. Más aun, se estima que el 65 por ciento de las HSI han experimentado al menos un desastre natural o un evento climatológico severo en los últimos 5 años que ha dado como resultado la necesidad de reparar o reemplazar algunas instalaciones. Las HSI también informaron sobre necesidades de infraestructura digital insatisfechas relacionadas con el acceso y conectividad a Internet, la ciberseguridad, y los esfuerzos de aprendizaje híbrido, según la encuesta de la GAO. Por ejemplo, la GAO estima que, en aproximadamente un tercio de las HSI, más del 10 por ciento de los estudiantes no pueden conectarse de manera confiable a Internet fuera del campus, ya sea porque no pueden costear una conexión a Internet o porque ellos no tienen un dispositivo adecuado. La mayoría de las HSI (aproximadamente el 74 por ciento) también ha experimentado un ciberataque en los últimos 5 años. Las HSI realizaron inversiones recientes en aprendizaje híbrido como resultado de la pandemia de la COVID-19 y la financiación federal relacionada. Sin embargo, la GAO estima que el 90 por ciento de las HSI que ofrecen cursos híbridos enfrentan algún desafío para continuar impartiéndolos, según los resultados de la encuesta. Ejemplos de instalaciones e infraestructura digital en las HSI Las HSI dependieron de múltiples fuentes para financiar sus necesidades de proyectos de capital durante los últimos 5 años. Estas fuentes frecuentemente incluían subvenciones o consignaciones de capital estatal para las HSI públicas y matrículas y cuotas para las HSI privadas, según la encuesta de la GAO. La GAO estima que el 43 por ciento de las HSI estaban satisfechas con su acceso general a financiación. Sin embargo, las HSI informaron que enfrentaban desafíos comunes para conseguir financiación para proyectos de capital. Por ejemplo, según la encuesta de la GAO, se estima que el 74 por ciento de las HSI públicas consideran que la financiación estatal insuficiente es un desafío para abordar las necesidades de proyectos de capital. Además, alrededor de tres cuartas partes de las HSI privadas enfrentan desafíos debido a la diminución de los ingresos por matrículas y cuotas. El Departamento de Educación cuenta con tres programas de subvenciones para HSI eligibles. Aunque las HSI pueden utilizar estos fondos para apoyar proyectos de capital, en cambio, generalmente utilizan estos fondos de subvención para otras necesidades, como servicios estudiantiles, según los funcionarios del Departamento de Educación. Por qué llevó a cabo este estudio la GAO Las HSI desempeñan un papel destacado en el sistema de educación superior del país. Por ejemplo, 574 de las HSI inscribieron más de 2 millones de estudiantes hispanos en el año escolar de 2021 a 2022, lo que representa el 60 por ciento de todos los estudiantes hispanos que cursan estudios universitarios. Como la mayoría de las universidades, las HSI deben seguir invirtiendo en sus instalaciones e infraestructura digital para poder atender a sus estudiantes con seguridad y eficacia. Un informe de 2021 de la Cámara de Representantes incluye una disposición para que la GAO examine las necesidades de infraestructura, tanto física como digital, en las HSI. Este informe describe (1) las necesidades de instalaciones, (2) las necesidades de infraestructura digital y (3) las fuentes de financiación para los proyectos de capital de las HSI. Para realizar este trabajo, la GAO encuestó una muestra representativa de las HSI en los EE. UU. (incluido Puerto Rico) y recibió respuestas generalizables de 169 universidades. Las estimaciones de la encuesta tienen un margen de error no mayor que más o menos 8 puntos porcentuales con un nivel de confianza del 95 por ciento. La GAO también analizó los datos más recientes de las HSI sobre características institucionales y de los estudiantes universitarios (2021 a 2022), finanzas (2020 a 2021), programas de subvenciones para las HSI (2017 a 2022) y fondos de ayuda de COVID-19 (2021). La GAO también visitó 10 HSI que fueron seleccionadas para representar diferentes tamaños, sectores (público o privado sin fines de lucro) y regiones geográficas, y entrevistó a funcionarios del Departamento de Educación y organizaciones de las HSI. Además, la GAO revisó las leyes, los reglamentos, y los directrices federales relevantes. Para más información, contactar a Melissa Emrey-Arras al (617) 788-0534 o emreyarrasm@gao.gov.

What GAO Found The increasing frequency of disasters overall and the additional responsibilities for responding to other events have stretched the Federal Emergency Management Agency's (FEMA) workforce in unprecedented ways. GAO's work has identified various challenges FEMA has faced in its efforts to respond to these additional events. The scale and scope of federal efforts and funding required to address the COVID-19 pandemic tested FEMA's and other federal agencies' capacity to mount an equitable and effective nationwide response. FEMA's role included lost wages assistance; COVID-19 funeral assistance; public assistance to state, tribal, and territorial governments; mission assignments to other federal agencies; and mobile vaccination units. For example, GAO reported in April 2022 that FEMA had received and was processing more than 444,000 applications for COVID-19 funeral assistance since April 2021—when it began accepting applications—compared to the approximately 6,000 cases of funeral assistance the agency had processed over the decade prior to the pandemic. FEMA reported that as of December 2023 it has obligated $123 billion in response to the pandemic and projected that it will obligate a total of $144 billion by the end of fiscal year 2024. In addition to the 59 major disaster declarations for COVID-19, as of July 2022, FEMA had about 500 non-COVID-19 active major disaster declarations in various states of response and recovery. At the same time, FEMA recently reported a projected deficit of nearly $6.4 billion in the fund by September 2024 GAO has also identified several gaps in FEMA's internal controls meant to prevent improper or potentially fraudulent payments in funeral assistance. In April 2022, GAO recommended that FEMA implement additional control activities to ensure that consistent and accurate data are available to prevent and detect improper payments and potential fraud. FEMA has fully addressed this recommendation implementing additional controls but as of April 2023 has only partially addressed the recommendation on data consistency and accuracy. Until FEMA fully addresses this recommendation, they will continue limited ability oversee and prevent and detect fraud. GAO's past work has identified longstanding challenges facing the FEMA workforce, which have been exacerbated given FEMA's additional responsibilities. Specifically, in May 2023, GAO reported that FEMA had a disaster workforce strength of approximately 11,400 employees at the beginning of fiscal year 2022, a gap of 35 percent between the actual number of staff and the staffing target of 17,670. FEMA officials stated that they faced additional responsibilities due to COVID-19, while also managing the traditional seasonal peaks of disaster activity during the year. This created burnout for many employees and increased employee attrition. GAO recommended that FEMA document plans to monitor and evaluate the agency's hiring efforts to address staffing gaps, among other recommendations. As of January 2024, FEMA has taken some steps to address these recommendations, including developing yearly hiring targets to ensure they are on pace to meet overall hiring goals. To fully address the recommendation, FEMA should finalize its staffing plans. Why GAO Did This Study FEMA leads the nation's efforts to prepare for, respond to, and recover from disasters. In recent years, the increasing frequency and costs of disasters, the COVID-19 pandemic, and other responsibilities have placed additional pressures on FEMA. This statement discusses GAO's prior work and recommendations related to FEMA's (1) roles and responsibilities outside of natural disasters and (2) workforce challenges. This statement is based on products GAO issued from May 2020 through May 2023, along with selected updates to address GAO recommendations, and updates from FEMA. For those products, GAO reviewed and analyzed federal laws, agency guidance, and other agency documents. GAO also analyzed data on FEMA's workforce, and disaster assistance, among others. GAO interviewed knowledgeable officials from FEMA; other selected federal agencies; and state, local, and territorial officials impacted by disasters.

Para la versión de esta página en español, ver a GAO-24-107052. What GAO Found Hispanic-Serving Institutions (HSI)—colleges with an undergraduate student enrollment that is at least 25 percent Hispanic—have extensive facility needs, according to GAO's generalizable survey of HSIs. Based on GAO's survey, an estimated 43 percent of HSIs' building space (i.e., square footage) needs repairs or replacement, on average. Deferred maintenance backlogs, damage from natural disasters or severe weather, and facility modernization efforts drive HSIs' facility needs. For example, HSIs have an average deferred maintenance backlog of almost $100 million, based on GAO's survey. Further, an estimated 77 percent of HSIs have at least one deferred maintenance project that addresses a health or safety issue. In addition, an estimated 65 percent of HSIs have experienced at least one natural disaster or severe weather event in the past 5 years that has resulted in the need to repair or replace some facilities. HSIs also reported unmet digital infrastructure needs related to internet access and connectivity, cybersecurity, and hybrid learning efforts, according to GAO's survey. For example, GAO estimates that at roughly a third of HSIs, more than 10 percent of students cannot reliably connect to the internet off-campus either because they cannot afford an internet connection or they lack an appropriate device. Most HSIs (an estimated 74 percent) have also experienced a cyberattack within the previous 5 years. HSIs made recent investments in hybrid learning as a result of the COVID-19 pandemic and related federal funding. However, GAO estimates 90 percent of HSIs that offer hybrid courses face some challenge continuing to deliver them, based on survey results. Examples of Facility and Digital Infrastructure at Hispanic-Serving Institutions HSIs relied on multiple sources to fund their capital project needs over the last 5 years. These sources frequently included state capital grants or appropriations for public HSIs and tuition and fees for private HSIs, according to GAO's survey. GAO estimates 43 percent of HSIs were satisfied with their overall access to funding. However, HSIs reported common challenges securing funding for capital projects. For example, an estimated 74 percent of public HSIs consider insufficient state funding to be a challenge towards addressing capital project needs, based on GAO's survey. Additionally, about three quarters of private HSIs face challenges due to declining tuition and fees revenue. The Department of Education has three grant programs for eligible HSIs. Although HSIs can use this funding to support capital projects, instead, they generally use these grant funds for other needs, such as student services, according to Education officials. Why GAO Did This Study HSIs play a prominent role in the nation's higher education system. For example, 574 HSIs enrolled over 2 million Hispanic students in the 2021–2022 school year, representing 60 percent of all Hispanic students in college. Like most colleges, HSIs must continue to invest in their facilities and digital infrastructure to serve their students safely and effectively. A 2021 House report includes a provision for GAO to examine the infrastructure needs—both physical and digital—at HSIs. This report describes HSIs' (1) facility needs, (2) digital infrastructure needs, and (3) funding sources for capital projects. To conduct this work, GAO surveyed a representative sample of HSIs in the U.S. (including Puerto Rico) and received generalizable responses from 169 colleges. Survey estimates have a margin of error no greater than plus or minus 8 percentage points at the 95 percent level of confidence. GAO also analyzed the most recent HSI data on college student and institutional characteristics (2021–2022), finances (2020–2021), HSI grant programs (2017–2022), and COVID relief funds (2021). GAO also visited 10 HSIs—selected to capture different sizes, sectors (public or private nonprofit), and geographic regions—and interviewed Education officials and HSI organizations. In addition, GAO reviewed relevant federal laws, regulations, and guidance. For more information, contact Melissa Emrey-Arras at (617) 788-0534 or emreyarrasm@gao.gov.

Why This Matters Malicious use of deepfakes could erode trust in elections, spread disinformation, undermine national security, and empower harassers. Key Takeaways Current deepfake detection technologies have limited effectiveness in real-world scenarios. Watermarking and other authentication technologies may slow the spread of disinformation but present challenges. Identifying deepfakes is not by itself sufficient to prevent abuses. It may not stop the spread of disinformation, even after the media is identified as a deepfake. The Technology What is it? Deepfakes are videos, audio, or images that have been manipulated using artificial intelligence (AI), often to create, replace, or alter faces or synthesize speech. They can seem authentic to the human eye and ear. They have been maliciously used, for example, to try to influence elections and to create non-consensual pornography. To combat such abuses, technologies can be used to detect deepfakes or enable authentication of genuine media. Detection technologies aim to identify fake media without needing to compare it to the original, unaltered media. These technologies typically use a form of AI known as machine learning. The models are trained on data from known real and fake media. Methods include looking for (1) facial or vocal inconsistencies, (2) evidence of the deepfake generation process, or (3) color abnormalities. Authentication technologies are designed to be embeddedduring the creation of a piece of media. These technologies aim to either prove authenticity or prove that a specific original piece of media has been altered. They include: Digital watermarks can be embedded in a piece of media, which can help detect subsequent deepfakes. One form of watermarking adds pixel or audio patterns that are detectable by a computer but are imperceptible to humans.The patterns disappear in any areas that are modified, enabling the owner to prove that the media is an altered version of the original. Another form of watermarking adds features that cause any deepfake made using the media to look or sound unrealistic. Metadata—which describe the characteristics of data in a piece of media—can be embedded in a way that is cryptographically secure. Missing or incomplete metadata may indicate that a piece of media has been altered. Blockchain. Uploading media and metadata to a public blockchain creates a relatively secure version that cannot be altered without the change being obvious to other users. Anyone could then compare a file and its metadata to the blockchain version to prove or disprove authenticity. Figure 1. Examples of Deepfake Detection and Authentication How mature is it? Detection technologies. According to recent studies, existing detection methods and models may not accurately identify deepfakes in real-world scenarios. For example, accuracy may be reduced if lighting conditions, facial expressions, or video or audio quality are different from the data used to train the detection model, or if the deepfake was created using a different method than that used in the training data. Further, future advances in deepfake generation are expected to eliminate hallmarks of current deepfakes, such as abnormal eye blinking. Authentication technologies. These technologies are not new, but their use in combating deepfakes is an emerging area. Several companies offer authentication services, including using digital watermarks, metadata, and blockchain technologies. Some claim to let website visitors authenticate media found on the internet, provided the original is in the company’s database. Prominent social media companies are also beginning to label AI-generated content. Opportunities Combined defenses. Using multiple detection and authentication methods may help to identify deepfakes. Updated training datasets. Including diverse and recent media in training data could help detection models keep up with the latest deepfake generation techniques. Competitions. Deepfake detection competitions could encourage the development of more accurate detection tools and models. One 2019 competition included over 2,000 participants and generated over 35,000 models. Challenges Disinformation and public trust. Disinformation can spread from the moment a deepfake is viewed, even if it is identified as fraudulent. Further, trust in real media may be undermined by false claims that real media is a deepfake or if people do not trust a detection model’s results. Adaptation to detection. Techniques and models used to identify deepfakes tend to lead developers to create more sophisticated deepfake generation techniques. Policy Context and Questions Are current laws and regulations adequate to address evolving concerns about the malicious use of deepfakes? How do they address data security, privacy concerns, and First Amendment considerations, such as a deepfake creator’s freedom of speech and expression? What entities (e.g., government, nonprofit, private company) should make decisions about identifying and blocking deepfakes, or about when and how to sanction those who produce or disseminate them? How can organizations across society coordinate on the development and improvement of deepfake detection and authentication technologies? What standards could be used or developed to evaluate these technologies? Selected GAO Work Science & Tech Spotlight: Deepfakes, GAO-20-379SP Technology Assessment: Blockchain, GAO-22-104625 Selected References Gourav Gupta, Kiran Raja, Manish Gupta, Tony Jan, Scott Thompson Whiteside, and Mukesh Prasad, “A Comprehensive Review of DeepFake Detection Using Advanced Machine Learning and Fusion Methods,”Electronics, vol. 13, no. 95 (2024) https://doi.org/10.3390/electronics13010095. National Security Agency, Federal Bureau of Investigation, and Cybersecurity and Infrastructure Security Agency,Contextualizing Deepfake Threats to Organizations, Sept. 2023. For more information, contact Brian Bothwell at (202) 512-6888 or bothwellb@gao.gov.

What GAO Found Financial institution representatives that GAO interviewed identified actions the Financial Crimes Enforcement Network (FinCEN) could take to enhance the institutions' ability to identify and report suspicious activity. These include more updates on priority threats and tips to improve suspicious activity reports (SAR), which institutions file if they identify potential criminal activity. FinCEN may cover some of these actions as it implements the Anti-Money Laundering Act of 2020, the aims of which include improving information sharing and technology. GAO identified 31 sections in the Anti-Money Laundering Act of 2020 for which FinCEN is responsible for implementing. For example, FinCEN is to establish standards for financial institutions to test new anti-money laundering-related technology. As of November 2023, GAO found that FinCEN collectively had described its progress in implementing 19 sections through multiple publications and in varying detail. More complete disclosure of FinCEN's progress implementing the act would provide greater transparency and accountability. FinCEN surveys law enforcement agencies about their use of and satisfaction with FinCEN's products and services, such as its database of SARs. However, the surveys may not provide reliable information. FinCEN's 2018–2022 surveys had low response rates (ranging from 2 to 10 percent), raising the risk of biased results that do not represent the views of all agencies. FinCEN also did not analyze and adjust, as needed, results for nonresponse bias. As a result, the surveys may not provide FinCEN with a complete and reliable picture of law enforcement's satisfaction with its products and services. Federal agencies, including the Departments of Justice and Homeland Security, individually track outcomes of their illicit finance investigations (e.g., convictions and forfeitures). Some Justice data track these outcomes across multiple federal agencies (see figure). However, comprehensive, government-wide data do not exist because data collection is fragmented across multiple agencies and data may be incomplete. Developing a consistent methodology to comprehensively track outcomes would better inform federal agencies and Congress about the results and effectiveness of U.S. efforts to combat illicit finance. Outcomes of Defendants Charged under Money Laundering-Related Statutes, Fiscal Years 2018–2022 Why GAO Did This Study Criminal organizations launder illicit proceeds to facilitate and conceal crime. The Bank Secrecy Act, as amended, requires financial institutions to file SARs (which help law enforcement investigate crime) under certain conditions. FinCEN administers the act and maintains these reports in a database. GAO was asked to review U.S. efforts to combat illicit finance. This report examines (1) financial institution suggestions to enhance SAR processes, (2) FinCEN communication of its progress implementing the Anti-Money Laundering Act, (3) FinCEN surveys on law enforcement satisfaction with its products and services, and (4) data collection on efforts to combat illicit finance. GAO reviewed laws, guidance, and investigation data and interviewed FinCEN and federal law enforcement agencies. GAO also interviewed a nongeneralizable selection of 46 representatives of financial institutions and industry associations (such as banks, casinos, money services businesses, and broker-dealers).

What GAO Found Seven law enforcement agencies within the Departments of Justice (DOJ) and Homeland Security (DHS), such as the Federal Bureau of Investigation and U.S. Secret Service, reported using facial recognition technology to support criminal investigations. Three of the seven agencies reported owning facial recognition technology. All seven reported using systems owned by other entities, such as state and local entities and nongovernment service providers. In September 2023, GAO found that three of the seven agencies had policies or guidance specific to facial recognition technology that were intended to help protect civil rights and civil liberties. The other four agencies—three in DOJ and one in DHS—did not have such policies or guidance. We also found that DOJ had taken steps to issue a department-wide policy but had faced delays. After our September 2023 report, DHS finalized a department-wide policy, which includes topics such as limiting the use of the technology; protecting privacy, civil rights, and civil liberties; and testing and evaluation of the technology. DOJ also said it has developed an interim policy on facial recognition technology with topics such as the protection of civil rights and civil liberties, and training requirements. However, GAO did not have an opportunity to review and confirm that information. The seven agencies reported using four nongovernment facial recognition services in total from October 2019 through March 2022 to support criminal investigations. All seven agencies had initially used these services without first requiring staff to take training on topics such as how facial recognition technology works, what photos are appropriate to use, and how to interpret results. GAO found that, cumulatively, agencies with available data reported conducting about 60,000 searches using facial recognition services when they did not have training requirements in place. Two of the seven agencies ultimately implemented training requirements as of April 2023. Of the remaining five agencies, two continued to use facial recognition services and three halted their use of the services as of April 2023. Facial Recognition Services Use and Training for Selected Agencies, April 2023 Note: The figure shows when agencies used the four services covered by our review (services used from October 2019 through March 2022), and when, if at all, agencies implemented training requirements for facial recognition services. The figure provides use and training information as of April 2023. See figure 2 of the statement for more detail. Why GAO Did This Study Law enforcement agencies may use facial recognition technology to help solve crimes. For example, the technology can allow users to quickly search through billions of photos to help identify an unknown suspect in a crime scene photo. Civil rights and civil liberties advocates have cautioned that an overreliance on the technology in criminal investigations could lead to the arrest and prosecution of innocent people, or that its use at certain events (e.g., protests) could have a chilling effect on individuals' exercise of their First Amendment rights. GAO was asked to testify before the United States Commission on Civil Rights on the use of facial recognition technology by DHS and DOJ. This statement discusses GAO's prior work examining the extent to which seven selected law enforcement agencies have (1) owned and used facial recognition technology, (2) developed policies to help protect civil rights and civil liberties related to its use, (3) required staff to take training prior to use, and (4) taken steps to address selected privacy requirements. This statement is based on reports published from 2021 through 2023 related to federal law enforcement agencies' use of facial recognition technology. To conduct that prior work, GAO administered a survey questionnaire to 42 federal agencies that employ law enforcement officers regarding their use of the technology, including the seven agencies that are the focus of this statement. GAO also reviewed relevant documents and interviewed agency officials. GAO selected the seven agencies because they previously reported owning or using facial recognition technology systems.

What GAO Found Operational technology (OT) systems and devices are used to control, among other things, distribution processes (e.g., oil and natural gas pipelines) and production systems (e.g., electric power generation). Figure 1 shows the key components of an OT system using a pipeline system as an illustrative example. Figure 1: Key Components of a Pipeline Operational Technology (OT) System Although 12 of the 13 selected nonfederal entities cited examples of positive experiences with the Cybersecurity and Infrastructure Security Agency's (CISA) OT products and services, CISA and seven of the nonfederal entities identified two types of associated challenges. Specifically: Seven selected nonfederal entities identified negative experiences using CISA's products and services as a challenge. For example, one nonfederal entity told GAO that vulnerabilities reported through CISA's process often take more than a year between the initial report of a vulnerability and public disclosure (see figure 2). CISA officials and one nonfederal entity identified the insufficient CISA staff with requisite OT skills as a challenge. For example, CISA officials stated that its four federal employees and five contractor staff on the threat hunting and incident response service are not enough staff to respond to significant attacks impacting OT systems in multiple locations at the same time. To address these types of challenges, best practices highlight the importance of (1) measuring customer service and (2) performing effective workforce planning. However, CISA has not fully addressed these practices. Until CISA does so, the agency will not be optimally positioned to deliver products and services needed to address OT risks. Figure 2: Cybersecurity and Infrastructure Security Agency (CISA) Operational Technology (OT) Cybersecurity Products and Services Six of the seven selected agencies cited examples of where their collaboration with CISA yielded positive outcomes to addressing cyber OT risks. However, four agencies also identified two challenges in coordinating with CISA: (1) CISA ineffectively sharing information with critical infrastructure owners and operators, and (2) CISA and the Pipeline and Hazardous Materials Safety Administration lacking a process to share cyber threat information with owners and operators. To address these types of challenges, it is important to adopt leading collaboration practices. However, CISA did not fully address any of five selected leading collaboration practices when coordinating with seven selected agencies (see table). Extent to Which the Cybersecurity and Infrastructure Security Agency (CISA) Addressed Selected Leading Collaboration Practices with Seven Selected Agencies to Mitigate Cyber Operational Technology Risks to Critical Infrastructure Collaboration practices CESER DC3 FRA NSA PHMSA TSA USCG Define common outcomes ◑ ◑ ◑ ◑ ◑ ◑ ◑ Ensure accountability ○ ○ ◑ ○ ◑ ◑ ◑ Bridge organizational cultures ◑ ◑ ◑ ◑ ◑ ◑ ◑ Clarify roles and responsibilities ◑ ◑ ◑ ◑ ◑ ◑ ◑ Develop and update written guidance and agreements ○ ◑ ○ ○ ○ ○ ◑ Source: GAO analysis of agency information. | GAO 24 106576 Legend: ●=Generally addressed. ◑=Partially addressed. ○=Not addressed. Note: CESER (Cybersecurity, Energy Security, and Emergency Response), DC3 (Department of Defense Cyber Crime Center), FRA (Federal Railroad Administration), NSA (National Security Agency), PHMSA (Pipeline and Hazardous Materials Safety Administration), TSA (Transportation Security Administration), and USCG (U.S. Coast Guard). The practices were not fully addressed, in part, because of the lack of (1) guidance from CISA to the sector risk management agencies on how to update their plans for coordinating on critical infrastructure issues and (2) a CISA policy for developing agreements with sector risk management agencies with respect to collaboration. Until CISA takes action to address these weaknesses, it and the selected agencies will not be well-positioned to coordinate on mitigating cyber OT risks. Why GAO Did This Study Much of the nation's critical infrastructure relies on OT—systems that interact with the physical environment—to provide essential services. However, malicious cyber actors pose a significant threat to these systems. Federal law designates CISA as the lead agency in helping critical infrastructure owners and operators address cyber risks to OT. The National Defense Authorization Act of Fiscal Year 2022 includes a provision for GAO to report on CISA's support for industrial control systems. Federal guidance now addresses these systems under the broader category of OT. Accordingly, this report examines, among other things: (1) challenges in delivering CISA's OT products and services, and (2) challenges to collaborating between CISA and the seven selected agencies. GAO reviewed documentation describing CISA's 13 OT cybersecurity products and services. GAO also asked officials from CISA and 13 selected nonfederal entities to identify any challenges with the OT products and services. The selected entities included (1) councils representing one sector and three subsectors where OT was prevalent and the intelligence community highlighted their infrastructures as being at risk from cyber threat actors, (2) OT vendors who joined a CISA OT collaboration group, and (3) cybersecurity researchers that contributed to the development of CISA's OT advisories. GAO then compared CISA's efforts to address those challenges against leading practices regarding measuring customer service and workforce planning. In addition, GAO reviewed documentation describing CISA’s efforts to collaborate with seven selected agencies to mitigate cyber OT risks. The seven selected agencies are: (1) Department of Defense’s (DOD) Defense Cyber Crime Center (DC3); (2) DOD’s National Security Agency (NSA); (3) Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER); (4) Department of Homeland Security’s (DHS) Transportation Security Administration (TSA); (5) DHS’s U.S. Coast Guard (USCG); (6) Department of Transportation’s (DOT) Federal Railroad Administration (FRA); and (7) DOT’s Pipeline and Hazardous Materials Safety Administration (PHMSA). GAO focused on these agencies or departmental components because each was (1) within agencies designated as the lead for helping to protect the selected sector and three subsectors and (2) responsible for helping critical infrastructure owners and operators to mitigate cyber OT risks. GAO also asked officials from seven selected agencies to identify any challenges in collaborating with CISA to mitigate cyber OT risks. GAO then compared documentation from the seven agencies and CISA against five selected leading collaboration practices.

What GAO Found When a contract involves unusually hazardous or nuclear risk, which insurers may decline to cover, the government may indemnify defense contractors. This indemnification financially protects contractors from liability arising from a catastrophic incident. Contractors report that it also incentivizes them to complete work that would otherwise be financially untenable, as an incident could exceed the limit of a contractor's commercial insurance policy. Financial Protection Provided by Commercial Insurance and Government Indemnification Type of financial protection Coverage provided Commercial insurance Coverage provided for claims involving covered contractor products, subject to the limit of the insurance policy Government indemnification Coverage provided for claims, losses, or damages that arise out of or result from a risk that the contract defines as unusually hazardous or nuclear, and is not compensated for by insurance or other meansa Source: GAO analysis of aviation insurance industry and defense contractor information. I GAO-24-106403aIndemnification coverage is limited in some circumstances. For example, contractors will not be indemnified against government claims against the contractor or for losses or damages affecting the contractor's property, if the claim, loss, or damage is caused by willful misconduct or lack of good faith on the part of certain contractor officials. Indemnification requests are infrequent and generally approved. The Department of Defense (DOD) components that GAO reviewed reported receiving only about 350 indemnification requests over the past 15 years. Components' processes for evaluating indemnification requests varied. GAO found that contracting officials at some components were unaware of or did not use a specialized insurance review team within the Defense Contract Management Agency (DCMA) to assist in their evaluations. Components that did use this team found the reviews helpful. Lack of knowledge and use of this expertise means components may be missing an opportunity to facilitate the review process . Defense contractors generally obtain coverage for their work from multiple multi-national insurers. Insurers develop a comprehensive risk profile on contractors to determine what coverage they will provide. According to industry representatives, world events and market volatility in recent years shrunk the insurance market and reduced coverage available to contractors. Insurer representatives that GAO interviewed stated that as a result, government indemnification is an increasingly important factor they consider when providing coverage to defense contractors. DOD experienced challenges negotiating indemnification requests related to weapons carried on Virginia class submarines. Those challenges were resolved, but officials could not estimate the impact of these negotiations due to pre-existing program delays. Additionally, while contractors have expressed concern about not defining unusually hazardous risk in regulation, DOD officials noted the importance of maintaining the flexibility to consider indemnification requests based on each component's unique mission profile. Why GAO Did This Study Recently, DOD has experienced challenges indemnifying—or providing financial protection to—contractors working on certain weapon systems. A congressional report expressed concern that DOD's application of indemnification laws and an increase in programs with unusually hazardous risks could affect DOD's ability to field advanced weapon systems. The report included a provision for GAO to report on DOD's indemnification of contractors against unusually hazardous risk. GAO's report examines (1) how DOD has indemnified risk related to contracts over the past 15 years and how it makes those decisions, (2) how defense contractors obtain insurance and the risk factors that influence insurance coverage decisions, and (3) what indemnification challenges, if any, DOD and contractors have experienced and may experience in the future. GAO analyzed available indemnification data from six selected DOD components—including the military departments, Missile Defense Agency, and Defense Logistics Agency—from 2008 through 2022; reviewed government-wide and DOD indemnification policies and regulations; and interviewed officials at DOD, five selected defense contractors, and four selected insurers.

What GAO Found The Coast Guard has taken action to address sexual assault and harassment but has not developed a plan to assess its efforts. In a 2020 internal investigation called “Operation Fouled Anchor,” the Coast Guard examined 102 separate allegations of sexual assault from 1990 to 2006 at the Coast Guard Academy and concluded that the academy often mishandled these cases. More recently, service members reported a total of 263 sexual harassment allegations between September 2020 through April 2023, according to Coast Guard data. After media reporting on Operation Fouled Anchor in June 2023, the Commandant directed a 90-day review of policy processes, practices, and service culture relevant to countering sexual assault and harassment in the Coast Guard. The resulting report identified areas for organizational improvement to ensure a culture of accountability and transparency. In November 2023, the Commandant directed the Coast Guard to implement 33 initial actions by certain dates to address the findings of the review and help ensure service members have an experience free from sexual assault and harassment (see figure). The actions span six categories, including training, the academy, and information and data. According to Coast Guard officials, they have completed five actions as of February 2024. Number of Coast Guard Planned Actions Each Month to Respond to Sexual Assault and Harassment and Selected Examples The Commandant-directed actions include administering a Coast Guard-wide survey and analyzing survey results. However, the service has not developed an evaluation plan to assess the results of its 33 initial actions. According to Coast Guard officials, they have had discussions about assessing the results of the actions but have not developed plans or mechanisms to do so because measuring culture change is difficult. However, these officials identified certain resources, such as employee surveys and Department of Defense officials, that could prove useful in this effort. Developing an evaluation plan and mechanisms for assessing the effectiveness of actions taken to improve its culture of accountability and transparency would better ensure that Coast Guard has the information it needs to evaluate whether the actions are helping service members have an experience free from sexual assault and harassment. Further, taking these steps would help ensure the service is improving its culture, which could assist in the recruitment and retention of its workforce. Why GAO Did This Study The Coast Guard is a maritime military service within the Department of Homeland Security that employs more than 55,000 personnel. Sexual assault and harassment have a negative effect on the victims, negatively affect retention, and disrupt mission readiness. This statement discusses the Coast Guard's recent efforts to address sexual assault and harassment. GAO analyzed Coast Guard documents, interviewed agency officials, and reviewed prior GAO reports on Department of Defense and Coast Guard efforts to prevent sexual assault and harassment. We also compared Coast Guard efforts to the Commandant instruction on internal controls as well as federal internal control standards.

What GAO Found In response to the economic downturn caused by the COVID-19 pandemic, the Small Business Administration (SBA) quickly set up the Paycheck Protection Program (PPP), COVID-19 Economic Injury Disaster Loan (COVID-19 EIDL) program, and other relief programs. SBA also administers a Disaster Loan Program that helps small businesses and others recover after natural disasters. Since February 2020, GAO has made recommendations to improve SBA programs, including 23 key recommendations. SBA fully addressed 10 of the key recommendations, including the following: PPP oversight. Because SBA initially had limited safeguards, GAO recommended in June 2020 that it implement plans to respond to PPP risks, help ensure program integrity, and address potential fraud. In response, SBA developed a loan review process in December 2020. As of the end of fiscal year 2023, GAO estimated that SBA's use of additional safeguards in PPP and other COVID programs had resulted in more than $12 billion in savings. Assessment of fraud risks. SBA did not conduct a formal fraud risk assessment before implementing PPP or COVID-19 EIDL. In March 2021, GAO recommended that SBA conduct a formal assessment and develop a strategy to manage fraud risks for each program. SBA completed these steps in August 2023. SBA has not yet fully addressed 13 of these recommendations, including the following: Enhancing data analytics. In May 2023, GAO recommended that SBA identify data that could help verify applicant information and detect potential fraud. GAO also recommended that SBA develop cross-program data analytics that would better identify applicants who tried to defraud multiple programs. According to SBA, to begin addressing these recommendations, it has procured third-party services to help validate customer identity and has begun a comprehensive review of its data analytics. Addressing access barriers. GAO found in December 2021 that SBA's Disaster Loan Program and five other federal programs did not have key information for examining barriers to access and disparate recovery outcomes among various socioeconomic and demographic groups. GAO recommended SBA work with two other agencies to implement an interagency plan to address these equity issues. SBA officials said the agencies are in the process of developing such a plan. In addition, SBA's independent financial statement auditor has issued four consecutive disclaimers of opinion on SBA's consolidated financial statements since fiscal year 2020. SBA was unable to support a significant number of transactions and account balances related to PPP and COVID-19 EIDL. The auditor identified six material weaknesses in internal controls over financial accounting, including in controls for PPP and COVID-19 EIDL. GAO supports the auditor's recommendations to address these weaknesses and encourages SBA to develop and implement a corrective action plan to address them. Why GAO Did This Study Since spring 2020, SBA has administered four pandemic relief programs, including PPP and COVID-19 EIDL. PPP provides potentially forgivable loans to small businesses. COVID-19 EIDL provides low-interest loans of up to $2 million for operating and other expenses, as well as advances (grants). Concerns about SBA's implementation of PPP and COVID-19 EIDL led GAO to include emergency loans for small businesses on its High-Risk List in March 2021. SBA made or guaranteed more than $1 trillion in loans and grants and assisted more than 10 million small businesses through its relief programs. In addition, SBA has continued to make loans under its Disaster Loan Program. Among other things, this testimony focuses on the status of selected recommendations GAO has made to SBA on its pandemic relief and disaster loan programs, and on issues related to SBA's financial accounting. This testimony is based largely on the reports GAO issued since February 2020 containing the 23 key recommendations. For those reports, GAO reviewed SBA documentation, analyzed program data, and interviewed officials from SBA and other federal agencies. GAO also reviewed the opinions of SBA's independent financial statement auditor. For more information, contact Courtney LaFountain at (202) 512-8678 or lafountainc@gao.gov.

What GAO Found Risky business strategies and weak liquidity and risk management contributed to the failures of Silicon Valley Bank (SVB) and Signature Bank in March 2023. In both banks, rapid growth was an indicator of risk. From 2019 to 2021, the total assets of SVB and Signature Bank grew by 198 percent and 134 percent, respectively. This far exceeded growth for a group of 19 peer banks (33 percent, at the median). In addition, both banks had high percentages of uninsured deposits, which can be an unstable source of funding because customers with uninsured deposits may be more likely to withdraw their funds during times of stress. SVB also was affected by rising interest rates and Signature Bank had exposure to the digital assets industry. In the 5 years prior to 2023, the Board of Governors of the Federal Reserve System (Federal Reserve) and Federal Deposit Insurance Corporation (FDIC) identified concerns with SVB and Signature Bank. But both banks were slow to mitigate the problems the regulators identified and regulators did not escalate supervisory actions in time to prevent the failures. Federal Reserve and FDIC policies require staff to include specific information when communicating supervisory concerns to banks. GAO found that Federal Reserve and FDIC supervisory staff generally adhered to these requirements in communicating concerns to SVB and Signature Bank. Both regulators established internal procedures for when to escalate concerns to informal or formal enforcement actions. However, the Federal Reserve's procedures often were not clear or specific. The procedures often did not include measurable criteria for examiners to use when recommending informal or formal enforcement actions. This lack of specificity could have contributed to delays in taking more forceful action against SVB. Adopting clearer and more specific procedures could promote more timely enforcement action to address deteriorating conditions at banks in the future. In August 2023, FDIC updated its procedures for escalating supervisory concerns to require FDIC examiners to consider escalating supervisory concerns that are repeated or uncorrected at the end of an examination cycle. However, although the new guidance would have required examiners to consider escalation of Signature Bank concerns as early as 2019, it does not require escalation. As a result, it is unclear whether examiners would have escalated concerns to senior management on a timely basis. FDIC officials told us they intend to further update the procedures to expect examiners to require, instead of consider, escalation in these situations. Provisions in the Federal Deposit Insurance Act also help regulators determine when to escalate supervisory concerns. Section 38, also known as prompt corrective action, requires regulators to take increasingly severe actions as a bank's capital deteriorates. However, since the 1990s, GAO and others have reported that the effectiveness of the prompt corrective action framework is limited because it relies on capital measures, which can lag other indicators of bank health. The framework repeatedly has demonstrated weaknesses for addressing deteriorating financial conditions in banks and has not achieved a principal goal of preventing widespread losses to the Deposit Insurance Fund. Noncapital triggers (which could be based on factors such as interest rate risk, asset concentration, and poor management) can signal declining conditions before capital triggers do. Adopting noncapital triggers, such as by amending the Federal Deposit Insurance Act to incorporate such triggers, would encourage earlier action to address deteriorating conditions and also limit losses to the Deposit Insurance Fund by requiring early and forceful regulatory actions tied to unsafe banking practices before they impaired capital. Why GAO Did This Study The March 2023 failure of SVB and Signature Bank may cost the Deposit Insurance Fund an estimated $22.5 billion. The failures raised questions about the supervisory practices of the Federal Reserve and FDIC. GAO was asked to examine the regulators' communication and escalation of supervisory concerns in the years before the failures. This report examines the regulators' communication of supervisory concerns to the two banks, procedures for escalating such concerns, and whether adopting noncapital triggers could help regulators take more timely supervisory actions. GAO reviewed Federal Reserve and FDIC internal policies and procedures related to supervisory communication and escalation; analyzed supervisory documentation for SVB and Signature Bank; and spoke with staff from the Federal Reserve, Federal Reserve Bank of San Francisco, and FDIC.

What GAO Found Orders for new commercial aircraft have rebounded since they declined in 2020. However, the two main manufacturers of commercial aircraft—Boeing and Airbus—have faced challenges in increasing production of their most popular models—the Boeing 737 and Airbus A320—to meet demand. Steps Boeing and FAA are taking to ensure safety after a January 2024 in-flight failure of a section of the fuselage have also affected Boeing's production levels early in 2024. Additionally, of the 15 companies GAO interviewed that supply components to Boeing and Airbus, nine said that they have likewise had difficulty filling orders with the rebound in demand following the COVID-19 pandemic. Estimated Number of Boeing 737 and Airbus A320 Aircraft Produced, 2013–2023 Manufacturers attributed these production challenges to workforce and material shortages and are working to mitigate them. Fifteen of the 17 manufacturers GAO spoke to said they or their suppliers have had difficulty hiring enough skilled workers to enable them to satisfy the demand for their products. Six manufacturers said that difficulty hiring sufficient workers may be related to difficult or hazardous working conditions that some of these jobs entail, such as the use of toxic chemicals. Some manufacturers reported offering financial incentives and working with local schools to build interest in aviation careers to address their workforce needs. Further, fifteen manufacturers said that they or their suppliers have had difficulty procuring materials needed to complete their orders. Material shortages included a broad range of items, such as engines and semiconductors as well as raw materials like aluminum. To address these material shortages, manufacturers said they have increased monitoring of suppliers and established additional sources for some supplies. Airlines reported making changes to scheduled flights and developing ways to safely extend the life of some parts, among other actions, due to the difficulty obtaining new aircraft or the parts needed to maintain their current fleet. Seven of the eight airlines GAO spoke with reported delays of new aircraft they had expected to receive in 2023, and all eight airlines said they have had trouble obtaining a broad range of parts needed to maintain their fleets. Parts in short supply included small hardware like nuts and bolts as well as specialized items like cockpit windows and engine components. Why GAO Did This Study Aviation manufacturing is a major economic driver in the United States, with the largest trade balance (exports minus imports) among all U.S. manufacturing sectors. A global network of manufacturers and suppliers provides the aircraft and components that airlines in the United States rely on to support their operations. Aircraft manufacturers and their suppliers have faced headwinds in recent years, including steep declines in orders for new aircraft and supply chain disruptions brought on by the COVID-19 pandemic in 2020. As airlines respond to the rebound in demand for air travel that began in 2021, aviation manufacturers' ability to provide new aircraft and parts is key to airlines' efforts to maintain and grow their operations. GAO was asked to examine challenges facing the aviation manufacturing supply chain. This report describes (1) what is known about demand for and production of new aircraft and parts since 2020, (2) factors affecting manufacturers' production of new aircraft and parts and actions to mitigate these factors, and (3) how airlines have been affected by the availability of new aircraft and parts to support their operations. GAO analyzed data on new aircraft orders and deliveries from Boeing and Airbus along with data on aircraft production from Aviation Week Network for 2013 through 2023. GAO interviewed a non-generalizable sample of 38 stakeholders—including manufacturers and airlines—who were selected to achieve a range of perspectives. For more information, contact Heather Krause at (202) 512-2834 or krauseh@gao.gov.

What GAO Found The Federal Wage System (FWS) and General Schedule (GS) pay system cover about 192,455 federal blue-collar wage grade and 1.5 million federal white-collar GS employees as of 2023, respectively. Each pay system has its own separate laws, regulations, and policies that govern how it is to be administered. FWS employees receive an annual pay adjustment based on pay comparisons between FWS and private sector jobs in defined wage areas that require similar skills and responsibilities. Congressional actions have capped the FWS pay adjustments so they do not exceed the average GS pay adjustment since fiscal year 1979. This is due to budgetary concerns, according to Office of Personnel Management (OPM) officials. Since fiscal year 2004, congressional actions have required FWS employees to receive at least the same wage schedule adjustment in percentage terms that GS employees receive where they work. According to OPM and Department of Defense (DOD) officials, linking FWS pay adjustments to GS pay adjustments has resulted in FWS pay rates that are below or above prevailing (market) levels. Average Wage Schedule Rates Compared to Prevailing Wage Rates for Nonsupervisory Employees in Appropriated Fund (AF) Wage Areas for Fiscal Year 2023 Note: Employees in AF wage areas are generally funded from the Treasury. In some cases, data showed that the average wage rates were both above and below prevailing (or market) rates where there are multiple wage schedules associated with a single AF wage area. The process for administering the FWS includes: (1) establishing and combining wage areas, (2) conducting wage surveys, and (3) setting wage schedules. OPM defines wage areas based on geographic concentrations of FWS employees and private employment. Designated by OPM, DOD conducts annual surveys to collect data from private sector establishments within the wage areas and sets hourly pay rates for the wage schedules. Why GAO Did This Study The Prevailing Rate Systems Act of 1972 established the FWS for federal blue-collar employees who work in trade, craft, and labor. The act's underlying principles are to set pay rates for federal blue-collar workers in line with local prevailing (or market) rates and provide equal pay for substantially equal work. However, subsequent actions by Congress have limited the maximum pay adjustments granted to certain FWS employees, tying them to the average GS pay adjustment. The Joint Explanatory Statement for the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 includes a provision for GAO to review the administration of the FWS. This report describes (1) characteristics of the FWS and GS pay systems and how they compare, and (2) the process for administering the FWS. GAO reviewed legislation; OPM regulations, memorandums, guidance, and documentation; DOD guidance, data, and documentation; and Federal Prevailing Rate Advisory Committee reports. GAO also interviewed OPM and DOD officials and Federal Prevailing Rate Advisory Committee members (comprised of agency and labor management representatives) who provide input to OPM on defining wage areas. DOD and OPM provided technical comments on a draft of this report, which GAO incorporated as appropriate. For more information, contact Yvonne D. Jones at (202) 512-6806 or jonesy@gao.gov.

What GAO Found In all five selected states, child care officials reported using supplemental funding to make investments and program changes to address preexisting challenges facing families and child care providers. Preexisting challenges included the affordability and availability of child care for families, and financial viability and staffing for child care providers. These state officials reported making one-time investments, such as updating technology systems and creating targeted grants that could have long-term positive impacts (see figure). They also changed their Child Care and Development Fund (CCDF) programs to enhance families' access to child care and improve providers' financial viability. For families, they expanded eligibility for subsidies and lowered family co-pays. For providers, they focused on payment rates, compensation, workforce development, and quality improvement. States planned to use various strategies to sustain program changes that were made using supplemental funding, such as establishing a new state trust fund or increasing state child care budgets. State officials said that their ability to secure ongoing funding would affect their ability to maintain certain program changes. Example of New York State (NYS) Child Care Grant Opportunity Notice The Department of Health and Human Services' Office of Child Care supported states' efforts to address challenges for families and providers with supplemental funding by encouraging specific uses for funds and offering technical assistance. After COVID-19 relief laws were enacted, the agency published guidance that encouraged states to make CCDF program changes. These included increasing provider payment rates based on new cost modelling and increasing family income eligibility limits. The Office of Child Care also provided technical assistance to help states explore options to enhance their CCDF programs and continues to support states' efforts to determine which of their recent program changes can be sustained beyond the expiration of the supplemental funding. For example, it has helped states develop strategic plans, facilitated opportunities for states to learn from their peers, and referred states to its technical assistance partners for specialized assistance. Why GAO Did This Study The COVID-19 pandemic caused significant disruptions to the country's child care sector, exacerbating preexisting challenges for families and providers. In response, in fiscal years 2020–2021 Congress appropriated more than $52 billion in supplemental funding to CCDF, which supports states' efforts to assist low-income working families with obtaining child care. The remaining funds must be expended by September 30, 2024. House Appropriations Committee Report No. 117-96 includes a provision for GAO to study the state use of COVID-19 relief funding for long-term strategies to improve and support the child care sector. This report examines (1) how selected states used supplemental funding to implement long-term strategies that help address preexisting challenges for families and providers, and (2) how OCC supported states' efforts to address challenges for families and providers using pandemic-related funds. GAO interviewed CCDF administrators from five states (Michigan, Nevada, New Mexico, New York, and Tennessee) about their experiences implementing long-term program changes with COVID-19 funds and the support they received from the Office of Child Care. GAO selected states to represent diversity in child care funding amounts and geographic region. The information from the states is not generalizable, but provides perspectives. GAO also interviewed agency officials and organizations knowledgeable of child care issues; and reviewed related reports, literature, federal laws and regulations, and Office of Child Care guidance. For more information, contact Kathy A. Larin at (202) 512-7215 or larink@gao.gov.

What GAO Found The General Services Administration (GSA) may be legally responsible for the cleanup of environmental contaminants on federal properties it manages before it disposes of those properties via sale or other means. GSA annually reports its environmental liabilities across three categories: asbestos, non-asbestos (e.g., lead paint), and hazardous releases (e.g., petroleum). GSA uses a formula to estimate the costs to address asbestos and non-asbestos contamination, which together account for 95 percent of its annually reported liabilities. GSA bases its liability estimates for hazardous releases on site-specific information gathered by GSA's regional environmental managers. GSA's estimated environmental liabilities were largely stable between fiscal years 2018 and 2022, ranging from $1.8 to $2.0 billion. GSA manages asbestos and non-asbestos contamination in place—as these materials pose little health risk when not damaged or disturbed—and GSA officials said they take immediate action on hazardous releases. To manage asbestos in place, GSA policy requires buildings that could contain asbestos materials be inspected every 5 years. However, according to GSA data, approximately two-thirds of buildings (638 of 955) were out of compliance with this inspection policy. Buildings out of compliance include hundreds in which GSA has not conducted an inspection in more than a decade or does not know when the most recent inspection occurred. Buildings Out of Compliance with General Services Administration's 5-Year Asbestos Inspection Policy, as of September 2023 GSA officials provided several reasons these buildings are out of compliance with GSA's asbestos inspection policy, including funding and staffing challenges, incomplete records, and limitations with the database used to track asbestos inspections. GSA officials said they are developing a comprehensive plan for completing required inspections and considering changes to the asbestos policy to follow a more risk-based approach. These officials said they have not yet identified specifics of this plan, including timelines for completing required inspections or for modifying the policy. As a result, GSA does not have key data needed to monitor asbestos and protect health and safety. Why GAO Did This Study GSA's cleanup of environmental liabilities on federal properties represents a fiscal exposure for the federal government. The federal government's growing environmental liabilities and federal real property management are on GAO's High-Risk list, partly due to these challenges. GAO was asked to review how GSA estimates and manages its environmental liabilities. This report examines, among other objectives: (1) how GSA estimates environmental liabilities and (2) how GSA manages environmental contaminants and the extent to which GSA follows its asbestos management policy. GAO reviewed GSA's asbestos management policy, annual financial reports, cost estimation formulas, budget and expenditure information, real property data, and conducted three site visits. GAO also interviewed GSA officials, contractors, and subject matter experts.

What GAO Found The Department of Education is designing and testing a new model to estimate future costs of the William D. Ford Federal Direct Loan (Direct Loan) program, which provides financial assistance to students and their parents for postsecondary education. Education aims to begin using the model with the President's fiscal year 2028 budget. Education officials said the new model is being designed to better reflect the complexity of both borrower behavior and the Direct Loan program. Decisions about data, analytical design, technology, and staffing will influence the model's long-term operation and the quality of future cost estimates. Education is required to develop cost estimates for the President's budget in accordance with the Federal Credit Reform Act of 1990 (FCRA). FCRA reflects Education's borrowing from the Department of the Treasury to finance lending. GAO compared FCRA with three federal and private sector alternative approaches that could be used to develop cost estimates. These approaches were the Congressional Budget Office fair value (federal), Financial Accounting Standards Board (FASB) Current Expected Credit Losses (private sector), and FASB fair value (private sector). These four approaches do not affect the eventual budgetary costs over time but do result in different initial cost estimates. Estimated initial costs under the non-FCRA approaches will generally be higher than what is initially estimated under FCRA due to a variety of factors, such as the addition of market risk and other risks. Regardless of the approach used, how well an agency is able to predict future cash flows is fundamental to calculating reliable cost estimates. Illustration of Overall Budgetary Cost Estimates for a Group of Direct Loans Converging over Time as Costs are Updated Note: The graphic assumes that actual cash flows will equal estimated cash flows over time. Education publishes information about the Direct Loan program's performance and risks that is generally consistent with guidance, but there are areas where the department could enhance its reporting by expanding the sensitivity analysis to cover a wider range of economic circumstances. Such information is particularly important given the size and complexity of the Direct Loan program. Why GAO Did This Study Over the last 3 decades, the Direct Loan program has grown in size and complexity, with over $1.3 trillion in outstanding loans as of September 2023. This program provides financial assistance to help students and their parents pay for postsecondary education. GAO was asked to review issues related to Education's Direct Loan program cost estimates. This report examines (1) the status of Education's planned model for estimating Direct Loan costs; (2) how certain federal and private sector estimation approaches would affect Direct Loan budgetary costs over time; and (3) the extent to which Education provides key information about the performance and risks of the Direct Loan program. GAO reviewed documentation on Education's current student loan model and plans for its new model. GAO analyzed the potential budgetary impact over time of four approaches for estimating the cost of a selected group of loans. GAO identified relevant reports, reviewed reporting guidance for federal loan programs, and interviewed officials from Education, other agency officials, and stakeholders with relevant expertise.

Why This Matters In 2022, the warehousing, manufacturing, and construction industries experienced over 700,000 nonfatal injuries and over 2,000 fatal accidents. Meanwhile, consumer demand on these industries grows, creating pressure for increased productivity. To enhance and monitor worker safety and productivity, companies have begun deploying wearable technologies, from ergonomic sensors to exoskeletons. Key Takeaways Recent innovations in sensor and networking technologies have increased the feasibility of and interest in the use of wearables in the workplace. Companies have already deployed some wearables, but there are limited published data on the efficacy of these technologies to increase safety in the workplace. Concerns about data privacy, cost, and ease of use may hinder widespread workplace adoption of wearables. The Technology What is it? Wearable technologies, or wearables, are devices worn on the body and can vary in size, shape, and function. Some employers have an increasing interest in using wearables to improve worker safety and productivity. Industrial uses fall into four general categories: (1) supporting devices physically assist workers with tasks like lifting (e.g., exoskeletons and powered gloves); (2) monitoring devices alert workers to specific changes in vital signs or the workplace environment (e.g., smart helmets); (3) training devices provide feedback on movements (e.g., ergonomic sensors) or help improve worker performance (e.g., augmented reality (AR) glasses); and (4) tracking devices observe the location of employees on a worksite (e.g., GPS trackers). See figure 1 for examples. Figure 1. Illustration of some wearable technologies of interest to modern industrial workplaces. How does it work? The way wearables work depends on the type of technology. Supporting devices like exoskeletons or powered gloves provide physicalsupport to the user’s shoulders, hands, or back during repetitive overhead work, gripping, or lifting. Most monitoring, training, and tracking technologies take advantage of innovations in networking by connecting many types of sensors to collect, exchange, and analyze data—sometimes referred to as the industrial internet of things (IIOT). Smart helmets, for example,incorporate physiological and environmental sensors and GPS trackers into protective headgear. These sensors can alert employees and workplace medical teams to accidents, such as falls, and to potential hazards, like heat and humidity. Similarly, ergonomic sensors, worn on the hip, back, or arm, can alert a user when they perform potentially unsafe movements (e.g., lifting with improper form). Through real-time alerts and movement data analytics, these sensors may help train workers and reduce injuries. How mature is it? Advancements in sensors, data analytics, and networking technologies have increased the feasibility of wearables, although their maturity varies. Several companies use exoskeletons or ergonomic sensors to some extent. Other wearables, such as smart helmets, have had pilot studies but still need further testing. Battery life and accuracy of underlying location tracking technologies pose challenges for scale-up. Recent studies have drawn limited conclusions in assessing the net effect of wearables on employee health and productivity. For example, one peer reviewed study showed that ergonomic sensors may reduce time in risky postures, but the study had limitations including a small sample size and short duration. A different review of wearables points out that the pressure of being constantly monitored can lead to increased stress in some workers and, consequently, increased probability of injury. Opportunities Improve employee safety. Wearables could reduce the risk of injuries from strenuous work or worker-equipment collisions and may improve response time to emergencies. Increase employee productivity. Some companies have used AR glasses to aid repair technicians or to reduce error rates when item picking to fill orders. Challenges Privacy. Monitoring devices can store data on employee physiology and movements, which may create privacy concerns. For example, employees surveyed as a part of a wearable pilot test cited concerns about being tracked.; Data Security. Data stored on wearables may be vulnerable to hackers because updating software can be difficult and many devices lack strong encryptions. Cost. Companies can face high up-front costs to acquire and deploy wearables. Ease of use. Employees may find some technologies cumbersome, complex, or uncomfortable to use. For example, one study cited employee concerns about the additional weight of the wearable. Policy Context and Questions The National Institute for Occupational Safety and Health (NIOSH) conducts and coordinates research on wearables. Officials from the Occupational Safety and Health Administration (OSHA) told us that the agency oversees workplace safety but does not have any specific standards related to wearables. What types of additional studies would determine whether wearables achieve benefits such as improving employee safety? What is the federal role, if any, in overseeing these technologies and their use in the workplace? What safeguards or standards, if any, could help ensure that the development and adoption of wearables achieves positive outcomes and responds to employee concerns? Selected GAO Work Workplace Safety and Health: Actions Needed to Improve Reporting of Summary Injury and Illness Data, GAO-21-122. Internet of Things: Status and implications of an increasingly connected world, GAO-17-75. Selected References "Wearable Technologies" NIOSH Science Blog, https://blogs.cdc.gov/niosh-science-blog/category/wearable-technologies/. Accessed January 29, 2024. Ekaterina Svertoka, et al., “Wearables for Industrial Work Safety: A Survey,” Sensors,vol. 21 (2021) doi:10.3390/s21113844. For more information, contact Karen L. Howard, PhD at (202) 512-6888 or howardk@gao.gov.

What GAO Found Since 2019, the Department of Defense (DOD) has increased the Assistant Secretary of Defense for Special Operations and Low-Intensity Conflict's (ASD-SO/LIC) oversight responsibilities for U.S. Special Operations Command (SOCOM). DOD has also increased resources for the Secretariat for Special Operations, which assists the ASD-SO/LIC in conducting oversight. However, as of September 2023, the Secretariat's staffing levels remained below the 80–94 full-time equivalent levels the Secretariat identified as required to oversee SOCOM. Comparison of Secretariat Staffing Levels with Required Levels, as of September 2023 Note: Per the 2022 staffing assessment, the expanded requirement includes a 20-percent adjustment for unanticipated workload and staff availability (e.g., leave and training) for some functions. In November 2023, the Secretariat finalized a staffing plan required by statute, including milestones to reach 69 full-time equivalents by early 2024. However, the finalized plan does not fully incorporate some key principles for strategic workforce planning, such as aligning with long-term goals, identifying critical skill gaps, and developing strategies to address them. Developing a staffing plan that incorporates these principles would help ensure that the Secretariat hires the personnel required to meet its future needs for overseeing SOCOM. Section 922 of the National Defense Authorization Act for Fiscal Year 2017 strengthened the ASD-SO/LIC's service secretary-like role for overseeing SOCOM's activities. The Secretariat developed 57 benchmarks for implementing section 922 and reported completing 49 of them as of January 2023. However, according to officials, the respective work process policies for the Secretariat and SOCOM are not always documented for two reasons. First DOD's Office of the Director of Administration and Management has concerns about ASD-SO/LIC's authority to issue guidance. However, the ASD-SO/LIC has broad statutory and regulatory authority under its charter to establish DOD-wide policy. Second, the Secretariat does not have a systematic approach for identifying and documenting its oversight policies. Implementing a systematic approach for documenting policies would help ensure consistent oversight. The Secretariat has at times had limited input into how its hiring, office space, and IT needs are met because of confusion about ASD-SO/LIC's administrative role, given ASD-SO/LIC's unique position within DOD. Until the ASD-SOLIC and the Under Secretary of Defense for Policy clarify that administrative role, the Secretariat will continue to have limited input into its administrative services—affecting its ability to effectively oversee SOCOM. Why GAO Did This Study Congress established the ASD-SO/LIC in 1986 to oversee SOCOM's special operations activities. Section 922 of the National Defense Authorization Act for Fiscal Year 2017 strengthened the ASD-SO/LIC's service secretary-like role in overseeing SOCOM's activities, such as budgeting and programming. Senate Report 117-130 includes a provision for GAO to review DOD's implementation of section 922. GAO examined the extent to which the Secretariat for Special Operations has (1) hired the staff needed to oversee SOCOM, (2) reported on its implementation of section 922 reforms and documented its oversight policies, and (3) faced challenges related to obtaining administrative support services. GAO analyzed fiscal years 2019–2023 Secretariat staffing levels. GAO also compared the Secretariat's staffing plan with strategic workforce planning principles, and ASD-SO/LIC's policies and practices with leading principles for interagency collaboration.

What GAO Found The Department of Defense (DOD) submitted 55 percent of its agency comments and almost 70 percent of its sensitivity reviews to GAO after the deadline. DOD conducted two security reviews, and both were submitted late. In comparing the results of GAO's analysis of DOD's performance during this period of review with those in the first semiannual report on this topic, DOD was less timely in providing both agency comments and sensitivity/security reviews. GAO provides audited agencies with an opportunity to review and comment on draft reports before GAO issues the final report. Additionally, for any reports that may contain controlled unclassified or classified information, GAO requests that the department complete a review for such information and communicate the results of the review in writing. DOD provided GAO comments on 76 reports from May 16, 2023, to November 11, 2023. While GAO generally provides DOD with 30 days for agency comment, DOD took 35 days, on average. Of the 76 reports, DOD submitted comments for 42 after the 30-day deadline and took an additional 16 days, on average, to submit agency comments on those reports. For one report, DOD took 98 days to provide its comments. DOD completed 28 reviews—26 sensitivity and 2 security reviews—during the same period. Sensitivity reviews are conducted to identify sensitive information, such as controlled unclassified information. Reviews for classified information, such as information designated as Secret or Top Secret, are generally referred to as security reviews. On average, DOD completed sensitivity reviews in 40 days and security reviews in 77 days—exceeding the 30-day deadline. Of the 34 reports for which GAO granted an extension to the deadline for submitting comments or reviews, DOD did not meet the extension for ten. DOD also submitted comments late for eight additional reports without requesting extensions. Why GAO Did This Study Delays in DOD submitting agency comments or the sensitivity/security reviews result in GAO issuing products later than mandated or requested by Congress. In some cases, delays may result in GAO taking the unusual step of issuing reports without DOD comments in order to provide Congress with requested information. The James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 included a provision for GAO to report every 6 months over a 2-year period on the extent to which DOD submitted agency comments and sensitivity or security reviews in a timely manner and in accordance with GAO protocols. This report is the second in a series of four reports on this topic. For more information, contact Alissa Czyz at (202) 512-3058 or czyzA@gao.gov.

What GAO Found The Department of Health and Human Services (HHS) has long invested in biomedical research. Within HHS, among others, the Advanced Research Projects Agency for Health (ARPA-H), the National Institutes of Health (NIH), the Biomedical Advanced Research and Development Authority (BARDA), and the Food and Drug Administration (FDA) fund or conduct biomedical research. Each of these four HHS agencies' research activities have the potential for duplication when funding research in common areas. GAO found the four selected HHS agencies use multiple practices intended to help avoid unnecessary research duplication. These include reviewing project and funding information provided by applicants, consulting with experts and other agencies, and using databases to identify potentially overlapping research (see figure). When evaluating instances of research duplication, agency staff also distinguish between necessary and unnecessary duplication. GAO previously reported that some research duplication is necessary to confirm results or otherwise advance a project or field, whereas unnecessary duplication is research not needed to replicate or complement prior results. Example of HHS Agencies' Practices to Avoid Unnecessary Research Duplication In 2022, Congress directed the ARPA-H Director to, among other things, coordinate with other federal departments and agencies to ensure that ARPA-H's research is free of unnecessary duplication and established the ARPA-H Interagency Advisory Committee of eight federal agencies to coordinate efforts, among other functions. Such coordination can be a means for ARPA-H and committee member agencies to share information on their research activities and help ARPA-H avoid unnecessary duplication. ARPA-H officials told GAO that the committee will serve as a forum to identify and address potential research duplication between ARPA-H and these agencies. However, the Committee's draft charter does not mention how the members would collaborate to help ARPA-H identify and avoid funding research duplication. Leading practices for interagency collaboration include identifying shared goals and having documented agreements regarding the collaboration. By finalizing the charter to include members' agreement on collaboration methods to avoid ARPA-H funding unnecessary duplication, ARPA-H will be better positioned to improve the future return on the nation's investment in transformational health research. Why GAO Did This Study HHS's mission is to enhance the health and well-being of all Americans by, among other things, fostering sound, sustained advances in the sciences. HHS's longstanding agencies—NIH, BARDA, FDA—as well as its newest agency, ARPA-H, fund biomedical research. The Consolidated Appropriations Act, 2023, includes a provision for GAO to issue a series of reports on potential duplication in HHS's biomedical research and development portfolio. To manage the scope and reporting timeline, this first report focuses on ARPA-H, BARDA, FDA, and NIH as specified in the Act. It (1) describes practices used by the selected HHS agencies to identify and avoid unnecessary research duplication and (2) examines ARPA-H's collaboration and efforts to establish an interagency advisory committee as a potential means to prevent unnecessary research duplication. To conduct this work, GAO reviewed agency information, and legislation, among other documents. GAO also interviewed agency officials and a non-generalizable selection of non-federal experts in biomedical research.