Defense Infrastructure: Management Actions Needed to Ensure Effectiveness of DOD's Risk Management Approach for the Defense Industrial Base
GAO-07-1077
Published: Aug 31, 2007. Publicly Released: Aug 31, 2007.
Skip to Highlights
Highlights
The U.S. military relies on the defense industrial base (DIB) to meet requirements to fulfill the National Military Strategy. The potential destruction, incapacitation, or exploitation of critical DIB assets by attack, crime, technological failure, natural disaster, or man-made catastrophe could jeopardize the success of U.S. military operations. GAO was asked to review the Department of Defense's (DOD) Defense Critical Infrastructure Program and has already reported that DOD has not developed a comprehensive management plan for its implementation. This, the second GAO report, has (1) determined the status of DOD's efforts to develop and implement a risk management approach to ensure the availability of DIB assets, and (2) identified challenges DOD faces in its approach to risk management. GAO analyzed plans, guidance, and other documents on identifying, prioritizing, and assessing critical domestic and foreign DIB assets and held discussions with DOD and contractor officials.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of Defense | To manage the complete development of the risk management approach to better ensure its effectiveness the Secretary of Defense should direct the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs (ASD)(HD&ASA) to develop a management framework that includes targets and time frames and undertakes the following steps to obtain comprehensive data from all the combatant commands and services based on mission-essential task information, and incorporate these data with those set forth in the Defense Contract Management Agency (DCMA) guidance, to develop a comprehensive list of the critical DIB assets. |
Closed – Implemented
DOD Instruction 3020.45 was issued on April 21, 2008, which formalized the process and procedures for developing a comprehensive list of critical defense industrial base assets. The instruction states that combatant commands and defense agencies will identify critical assets based on mission essential task information.
|
| Department of Defense | To manage the complete development of the risk management approach to better ensure its effectiveness the Secretary of Defense should direct the ASD(HD&ASA) to develop a management framework that includes targets and time frames and undertakes the following steps to improve the reliability of its asset prioritization model by obtaining the appropriate external technical review; developing a detailed plan for improving response rate and data quality from DIB contractors in conducting its next capabilities survey, to ensure that DCMA obtains contractor-specific data needed for establishing priorities; and identifying and developing procedures for obtaining comprehensive threat information from the appropriate intelligence agencies, including DHS, the Federal Bureau of Investigation, and others to use as model inputs to prioritize DIB assets and conduct vulnerability assessments. |
Closed – Implemented
DOD Instruction 3020.45 was issued on April 21, 2008, which states that DOD, where appropriate, will use existing DOD and non-DOD processes to ensure effective and efficient program execution. DCMA had previously stated it was open to further technical review of the asset prioritization model and commented that it will work with the Assistant Secretary of Defense to identify credible and capable subject matter experts to support this effort. DOD issued a strategy document in March 2008 which provides a plan to reach out to stakeholders to promote contractor response rates and data quality. DOD Instruction 3020.45 also states that DOD will coordinate with appropriate intelligence agencies, such as the Department of Homeland Security and the Federal Bureau of Investigation, to obtain threat and hazard information on critical assets.
|
| Department of Defense | To manage the complete development of the risk management approach to better ensure its effectiveness the Secretary of Defense should direct the ASD(HD&ASA) to develop a management framework that includes targets and time frames and undertakes the following steps to schedule and conduct vulnerability assessments on the critical DIB assets based on their respective rankings as validated in the asset prioritization model, to ensure that the most critical DIB assets are assessed in a timely manner and DOD maximizes its use of limited resources. |
Closed – Implemented
DOD Instruction 3020.45 was issued on April 21, 2008, which states that the Chairman of the Joint Chief of Staff, as lead and in coordination with DOD components will submit a vulnerability assessment prioritized list, along with a timeline, to the Assistant Secretary of Defense.
|
| Department of Defense | To manage the complete development of the risk management approach to better ensure its effectiveness the Secretary of Defense should direct the ASD(HD&ASA) to develop a management framework that includes targets and time frames and undertakes the following steps to prepare a plan to collaborate with the Department of State and other agencies, as appropriate, to develop options to identify and address potential challenges in assessing vulnerabilities of critical foreign contractors. |
Closed – Implemented
DOD issued its Strategy for Defense Critical Infrastructure in March 2008. To address potential challenges in addressing vulnerabilities of critical foreign contractors, the strategy document provides that DOD will coordinate with the Department of State and other Federal entities to ensure that relevant policy documents address DOD perspectives on protecting critical assets.
|
Full Report
Office of Public Affairs
Topics
Critical infrastructure protectionDefense industryDefense procurementDepartment of Defense contractorsMilitary procurementRisk assessmentRisk managementStrategic planningProgram implementationHomeland security