Chemical and Biological Defense: Designated Entity Needed to Identify, Align, and Manage DOD's Infrastructure
Highlights
What GAO Found
A key component of the 26 Department of Defense (DOD) organizations that constitute the Chemical and Biological Defense Program (CBDP) Enterprise is the chemical and biological defense research and development and test and evaluation infrastructure. After nearly 7 years, the CBDP Enterprise has not fully achieved its goal to identify required infrastructure capabilities. The Joint Chemical, Biological, Radiological, and Nuclear Defense Program Analysis and Integration Office (PAIO), CBDP's analytical arm, recommended in 2008 that the CBDP Enterprise identify required infrastructure capabilities, such as laboratories to research chemical and biological agents, to ensure alignment of the infrastructure to its mission. CBDP Enterprise officials recognize the importance, validity, and necessity of addressing the 2008 recommendation. The CBDP Enterprise has made limited progress in achieving this infrastructure goal because CBDP Enterprise officials told GAO that they were focused on higher priorities and had no CBDP Enterprise-wide impetus to address the infrastructure recommendations. The Office of the Assistant Secretary of Defense for Nuclear, Chemical, and Biological Defense Programs previously identified the need for an entity that has the responsibility and authority needed to ensure achievement of this goal, but DOD has not designated such an entity. By identifying and designating an entity with the responsibility and authority to lead infrastructure transformation, the CBDP Enterprise would be better positioned to achieve this goal.
The CBDP Enterprise has taken some actions at its laboratories to identify duplication in its chemical and biological defense infrastructure. DOD directives outline goals, such as to avoid duplication by using existing DOD and other federal agencies' facilities. As part of an ongoing study to identify required infrastructure, in July 2015 PAIO plans to inventory and analyze CBDP Enterprise infrastructure for potential duplication. However, study officials stated that they do not plan to identify, request, or consider information about infrastructure capabilities from existing studies of other federal agencies, such as the Department of Homeland Security, because their office does not have the authority or resources to require such information. By considering existing information, which would not necessarily require new authority, PAIO will have more information about existing infrastructure inventory across the federal government, such as its capability and potential availability for use.
The CBDP Enterprise used threat data and plans to use threat data and the results from risk assessments piloted in 2014 to support its future portfolio planning process to prioritize research and development investment. However, the CBDP Enterprise has not updated its guidance and planning process to fully institutionalize the use of risk assessments. Federal standards for internal control state that agencies should have written procedures to better ensure leadership directives are implemented. According to CBDP Enterprise officials, while updating the guidance would be beneficial, they had not committed to updating such guidance or established a time frame for doing so. By updating its guidance to fully institutionalize the use of risk assessments, the CBDP Enterprise would be better positioned to prioritize future research and development investments.
Why GAO Did This Study
The United States faces current and emerging chemical and biological threats, and defenses against these threats enable DOD to protect the force, preclude strategic gains by adversaries, and reduce risk to U.S. interests.
GAO was asked to review DOD efforts to manage its chemical and biological defense infrastructure capabilities. This report examines the extent to which the CBDP Enterprise has: (1) achieved its goal to identify required infrastructure capabilities to address current and emerging chemical and biological threats; (2) identified, addressed, and managed potential fragmentation, overlap, and duplication in its chemical and biological defense infrastructure; and (3) used and plans to use threat data and the results of risk assessments to support its investment planning for chemical and biological defense. GAO analyzed CBDP infrastructure policies, plans, and studies from organizations across the CBDP Enterprise from fiscal years 2008 through 2014.
Recommendations
GAO recommends, among other things, that DOD (1) designate an entity to lead the effort to identify required infrastructure; (2) identify, request, and consider any information from chemical and biological infrastructure studies of other federal agencies to avoid potential duplication; and (3) update the CBDP Enterprise's guidance and planning process to fully institutionalize the use of risk assessments. DOD concurred with all five of GAO's recommendations and discussed actions it plans to take.
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Department of Defense | To improve the identification, alignment, and management of DOD's chemical and biological defense infrastructure and to help ensure that the CBDP Enterprise's infrastructure is properly aligned to address current and emerging chemical and biological threats, the Secretary of Defense should direct the appropriate DOD officials to identify and designate an entity within the CBDP Enterprise with the responsibility and authority to lead the effort to ensure achievement of the infrastructure goals (e.g., the four 2008 PAIO recommendations, including the recommendation that the CBDP Enterprise identify its required infrastructure capabilities, and the goal established in the 2012 CBDP Business Plan). |
DOD concurred with this recommendation. On 6/8/16, DOD reported that the Department concurs that an entity needs to lead the effort to ensure achievement of the infrastructure goals; further, DOD believes that these responsibilities and authorities are currently in place under existing laws and regulations. The 2012 Chemical and Biological Defense Program (CBDP) Strategic Plan identified one of the four strategic goals of the CBDP to maintain infrastructure to meet and adapt current and future needs for personnel, equipment, and facilities within funding constraints. To achieve this goal, the Office of the Assistant Secretary of Defense for Nuclear, Chemical, and Biological Defense Programs and the U.S. Army, as the Executive Agent for Chemical and Biological Defense, share responsibility to ensure achievement of CBDPs strategic infrastructure goals in close collaboration and coordination with the infrastructure managers (the individual installation commanders and directors of the facilities). The Department is in the process of revising DOD Directive 5160.05E and will ensure that the directive appropriately captures the roles and responsibilities related to CBDP infrastructure capabilities. In addition, on March 23, 2016, the Under Secretary of Defense for Acquisition, Technology, and Logistics named the Deputy Assistant Secretary of Defense for Chemical and Biological Defense as the Infrastructure Manager to provide overall coordination, integration, and oversight functions for the Chemical and Biological Defense Program infrastructure. With this action, DOD met both the intent and letter of the recommendation, and it is considered closed implemented.
|
Department of Defense | To improve the identification, alignment, and management of DOD's chemical and biological defense infrastructure and to help ensure that the CBDP Enterprise's infrastructure is properly aligned to address current and emerging chemical and biological threats, the Secretary of Defense should direct the appropriate DOD officials to establish timelines and milestones for achieving identified chemical and biological infrastructure goals, including implementation of the 2008 PAIO recommendation that the CBDP Enterprise identify its required infrastructure capabilities. |
DOD concurred with this recommendation. Subsequent to the issuance of GAO-15-257, the Conference Report that accompanied the National Defense Authorization Act for Fiscal Year 2016 (House Report 114-270, September 29, 2015) required DOD to identify an infrastructure manager for DOD?s Chemical and Biological Defense Program (CBDP), consistent with GAO-15-257. In our subsequent July 2017 report entitled Chemical and Biological Defense: DOD Has Identified an Infrastructure Manager and Is Developing the Position's Roles and Responsibilities (GAO-17-522R), we reported that officials with DOD's CBDP Enterprise said DOD also has developed and is implementing a three-phased process led by a working-level integrated product team--scheduled to take place over a 3-year period, ending in calendar year 2018--to identify and define the roles and responsibilities for the CBDP Infrastructure Manager. Specifically, phase one, which clarified the Infrastructure Manager's roles and responsibilities regarding the management of physical infrastructure, was completed in October 2016. It resulted in an updated draft of DOD Directive 5160.05E, Roles and Responsibilities Associated with the Chemical and Biological Defense Program (CBDP) and draft infrastructure management guidance entitled, Chemical and Biological Defense Program Infrastructure Management Functions and Responsibilities. Phase two, which is scheduled for completion by the end of calendar year 2017, is focused on implementing decisions made in phase one; clarifying the Infrastructure Manager's roles and responsibilities regarding physical and intellectual infrastructure in relationship with other federal agencies' respective roles and responsibilities; and developing an infrastructure strategic investment plan. Finally, phase three, which should be completed by the end of calendar year 2018, is to clarify the Infrastructure Manager's roles and responsibilities regarding CBDP intellectual infrastructure, specifically its availability to the CBDP. Based upon the evidence provided in GAO-17-522R, we believe that these planned phases serve as established timelines and milestones for achieving identified chemical and biological infrastructure goals. With this action, DOD met both the intent and letter of the recommendation, and it is considered closed implemented.
|
Department of Defense | To improve the identification, alignment, and management of DOD's chemical and biological defense infrastructure and to fully institutionalize the use of risk assessments to support future investment decisions, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to update the roles and responsibilities guidance in DOD Directive 5160.05E to identify which organizations are responsible for conducting and participating in CBDP Enterprise risk assessments. |
DOD concurred with our recommendation and has identified roles and responsibilities of Army offices and their officials participating in the Chemical and Biological Defense Program's risk assessments. On February 13, 2019, the Deputy Assistant Secretary of Defense for Chemical and Biological Defense chartered the CBDP Enterprise Risk Management Program, including a Risk Management Council and a Senior Management Council to oversee and manage the new Enterprise Risk Management Program. The Risk Management Council is responsible for the data associated with risk identification, integration, and prioritization, and recommend mitigation strategies. The Risk Management Council meets quarterly. While DOD Directive 5160.05E, Roles and Responsibilities Associated with the Chemical and Biological Defense Program, issued in September 2017 before the program was established, does not include the Enterprise Rick Management Program's roles and responsibilities, CBDP officials said that this information will be included in the directive's next scheduled update in December 2020. With this action, DOD met both the intent and letter of the recommendation, and it is considered closed implemented.
|
Department of Defense | To improve the identification, alignment, and management of DOD's chemical and biological defense infrastructure and to fully institutionalize the use of risk assessments to support future investment decisions, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to update the CBDP Enterprise's portfolio planning process, to include when risk assessments will be conducted. |
DOD concurred with our recommendation and has identified when risk assessments will be conducted. On February 13, 2019, the Deputy Assistant Secretary of Defense for Chemical and Biological Defense chartered the Enterprise Risk Management Program. The charter states that the Risk Management Council will meet at least quarterly to review identified risks and validate the risk environment. In addition, the program now is participating in the Army's annual Strategic Portfolio Analysis Review process, conducted between February and March each year, which institutionalizes when CBDP risk assessments are conducted. In March 2019, CBDP participated in its first Strategic Portfolio Analysis Review. In August 2019, CBDP officials stated that the new draft instruction, implementing DOD Directive 5160.05E, will take the place of their strategic plan and 2012 business plan documents and will be issued around the first quarter of 2020. With this action, DOD met both the intent and letter of the recommendation, and it is considered closed implemented.
|
Department of Defense | To improve the identification, alignment, and management of DOD's chemical and biological defense infrastructure and to enhance PAIO's ongoing analysis of potential infrastructure duplication in the CBDP Enterprise and gain potential efficiencies, the Secretary of Defense should direct the Under Secretary of Defense for Acquisition, Technology and Logistics to identify, request, and consider any information from existing infrastructure studies from other federal agencies with chemical and biological research and development and test and evaluation infrastructure. |
DOD concurred with our recommendation and has taken action to implement it. As of July 2017, CBDP had identified and requested studies from the Department of Energy and Department of Homeland Security on infrastructure to support their review of potential infrastructure duplication or efficiencies within their program. According to CBDP officials, they did not receive any reports, but have since used reports on infrastructure management processes of complex technical infrastructure that could provide information about potential duplication or efficiencies that could be gained by the CBDP Enterprise. We believe DOD's actions meet the intent of our recommendation.
|