DOD Needs to Address Gaps in Homeland Defense and Civil Support Guidance
GAO-13-128: Published: Oct 24, 2012. Publicly Released: Oct 25, 2012.
What GAO Found
The Department of Defense (DOD) protects the U.S. homeland through two distinct but interrelated missions: (1) homeland defense, which defends against threats such as terrorism, weapons of mass destruction, and cyber incidents; and (2) civil support, which involves supporting other federal agencies in responding to major domestic disasters, emergencies, and special events. DOD has issued and updated several key pieces of doctrine, policy, and strategy for homeland defense and civil support, but it has not updated its primary Strategy for Homeland Defense and Civil Support since it was initially issued in 2005 and does not have a process--similar to that for its joint publications and directives-- to do so. The Joint Staff determined in August 2010 that joint publications on homeland defense needed a complete revision. The joint publication on civil support is also being revised. U.S. Northern Command, the combatant command responsible for homeland defense, is revising these publications to reflect changes in national and department priorities and to incorporate lessons learned from exercises and events such as Hurricane Katrina. Still, such key national and department-level strategies and significant events are not reflected in DOD's strategy, in part because the Office of the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs does not have a process for periodically assessing the currency of its homeland defense and civil support strategy and ensuring that needed updates are completed in a timely manner. Reliance on an outdated strategy could hinder DOD's ability to effectively plan for and respond to major disasters and emergencies.
DOD issued some guidance on the dual-status commander construct--through which, during a civil support incident or special event, a single military officer has authority over both National Guard and active-duty military personnel, serving as a link between state and federal forces. Nevertheless, gaps in guidance remain because DOD has not yet developed comprehensive policies and procedures regarding the use and availability of dual-status commanders, including specific criteria and conditions for when and how a state governor and the Secretary of Defense would mutually appoint a commander. As a result, DOD's ability to adequately prepare for and effectively use dual-status commanders for a range of civil support events, including those affecting multiple states, may be hindered.
While a 2010 DOD Directive, a 2007 joint publication, and an agreement with the Department of Homeland Security (DHS) provide some details on how DOD should respond to requests for civil support in the event of a domestic cyber incident, they do not address some aspects of how DOD will provide support during a response. First, DOD has not clarified its roles and responsibilities, and chartering directives for DOD's Offices of the Assistant Secretaries for Global Strategic Affairs and for Homeland Defense and Americas' Security Affairs outline conflicting and overlapping roles and responsibilities. Second, DOD has not ensured that its civil support guidance is aligned with national plans and preparations for domestic cyber incidents. Consequently, it is unclear whether DOD will be adequately prepared to support DHS during a cyber incident. This report makes several recommendations to address gaps in DOD's guidance for homeland defense and civil support, including for DOD to assess and, when needed, update its primary strategy; develop implementation guidance on the dual status commander construct; and align guidance on preparing for and responding to domestic cyber incidents with national-level guidance to include roles and responsibilities.
Why GAO Did This Study
Defending U.S. territory and citizens is the highest priority of DOD, and providing defense support of civil authorities is one of the department's primary missions. DOD is the federal agency with lead responsibility for homeland defense, whereas for civil support missions DOD provides assistance to the lead civilian federal agency, such as DHS, when requested by the agency or directed by the President for major disasters, emergencies, and special events. This report examines the extent to which DOD has issued current guidance, including doctrine, policy, and strategy, for its homeland defense and civil support missions. To do this, GAO analyzed DOD homeland defense and civil support guidance and plans and met with select DOD and National Guard officials.
What GAO Recommends
This report makes several recommendations to address gaps in DOD's guidance for homeland defense and civil support, including for DOD to assess and, when needed, update its primary strategy; develop implementation guidance on the dualstatus commander construct; and align guidance on preparing for and responding to domestic cyber incidents with national-level guidance to include roles and responsibilities.
For more information, contact Brian Lepore at (202) 512-4523 or firstname.lastname@example.org.
Recommendations for Executive Action
Comments: The Department of Defense (DOD) issued an updated strategy for homeland defense and civil support in February 2013. DOD officials said that they are continuing to explore the merits of developing a process to rountinely assess the currency of this strategy in the future. We will follow-up in 2014 to discern what progress the department has made in this area. In May 2014 DOD reported no change in the status of this recommendation.
Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Policy, acting through the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs, to develop a process to periodically assess the currency of its Strategy for Homeland Defense and Civil Support and to ensure that updates, when needed, are completed in a timely manner.
Agency Affected: Department of Defense
Comments: The Department of Defense (DOD) has developed a draft instruction for dual-status commanders that includes additional guidance on muli-state incidents. In addition, U.S. Northern Command is updating its civil support concept plan, and command officials said that this update will address dual-status commanders and multi-state events. In May 2014 DOD stated that the dual status commander instruction was in development, being reviewed, and that DOD anticipated issuing the instruction in November 2014. As of February 2015, the instruction had not been issued.
Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Policy, acting through the Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs and in collaboration with other appropriate stakeholders such as U.S. Northern Command, U.S. Pacific Command, and the National Guard Bureau, to develop implementation guidance on the dual-status commander construct that, at a minimum, includes: (1) more specific criteria for determining when and how to use dual-status commanders, especially for civil support incidents affecting multiple states and territories and (2) a process for determining the appropriate mix of National Guard and active duty federal officers to meet DOD's anticipated needs.
Agency Affected: Department of Defense
Status: Closed - Implemented
Comments: Department of Defense (DOD) and Department of Homeland Security (DHS) officials said that they are collaborating to update and align agency guidance. Consequently, the September 2010 National Cyber Incident Response Plan remains an interim document. On March 5, 2013, DOJ/FBI, DHS, and DOD agreed to shared national roles and responsibilities for US Federal Cyber Security. These roles and responsibilities, as illustrated by the attached document were agreed to by DHS Secretary Janet Napolitano, Deputy Secretary of Defense Ashton Carter, FBI Director Robert Mueller, and NSA Director and USCYBERCOM Commander, General Keith Alexander. This document has since been fully socialized. DoD is continuing to work with the military services to determine the appropriate mixture of active and reserve components, to include the National Guard, to meet anticipated DoD cyber needs. The Department will issue new or updated policy guidance as necessary.
Recommendation: The Secretary of Defense should direct the Under Secretary of Defense for Policy to work with U.S. Strategic Command and its subordinate Cyber Command, DHS, and other relevant stakeholders to update guidance on preparing for and responding to domestic cyber incidents to align with national-level guidance. Such guidance should, at a minimum, include a description of DOD's roles and responsibilities.
Agency Affected: Department of Defense