Investigative Operations: Use of Covert Testing to Identify Security Vulnerabilities and Fraud, Waste, and Abuse

GAO's Forensic Audits and Special Investigations team (FSI), which was created in 2005 as an interdisciplinary team consisting of investigators, auditors, and analysts, conducts covert tests at the request of the Congress to identify vulnerabilities and internal control weaknesses at executive branch agencies. These vulnerabilities and internal control weaknesses include those that could compromise homeland security, affect public safety, or have a financial impact on taxpayer's dollars. FSI conducts covert tests as "red team" operations, meaning that FSI does not notify agencies in advance about the testing. Recently, concerns have arisen as to whether top management at the U.S. Transportation Security Administration (TSA) were negatively impacting the results of red team operations by leaking information to security screeners at the nation's airports in advance of covert testing operations. Consequently, GAO was asked to (1) briefly explain FSI's processes and procedures concerning covert testing and (2) provide examples of covert activities performed