Defense Intelligence and Security: DOD Needs to Establish Oversight Expectations and to Develop Tools That Enhance Accountability

What GAO Found

The Office of the Under Secretary of Defense for Intelligence and Security (the office) gained new responsibilities from 2017 through 2020—including in the areas of artificial intelligence, law enforcement, personnel vetting, and identity intelligence—and made structural changes within its organization. For example, in 2018, it assumed new responsibilities to oversee and to manage defense law enforcement authorities, training, and standards, in part to consolidate all authorities and capabilities for security-related missions into the office. It has also made internal organizational changes in its directorates, in part to better align its dual intelligence and security missions under its Directors for Defense Intelligence. The office's workforce is composed of largely non-permanent personnel to fulfill its responsibilities. According to GAO's analysis, as of July 2020, 78 percent of the office's workforce across the four directorates were non-permanent personnel—consisting of contractors, joint duty assignees, military/reservists, and liaison officers or detailees (see fig.).

The Office of the Under Secretary of Defense for Intelligence and Security's Workforce Composition by Employee Type across the Four Intelligence Directorates, July 2020

The office uses a variety of mechanisms to conduct oversight of the Defense Intelligence Enterprise and the Defense Security Enterprise (enterprises)—including policy development, inspections, and governance bodies. For example, it chairs the Defense Security Enterprise Executive Committee, which is the senior-level governance body for security policy coordination.

However, the office has experienced challenges in its enterprise oversight, including governance bodies not operating as intended and unclear roles and responsibilities. For example, GAO found that one mission area governance body had not met for several years and that the office had not established clear objectives for such bodies. In another area, Department of Defense (DOD) policy for open source intelligence designates an agency as the lead component and defines the term, but DOD does not outline the extent of the lead component's authority. These challenges exist in part because the office has not established clear expectations for oversight, including refining business rules for governance bodies and clarifying key terms critical to oversight. This has resulted in a lack of clarity around authorities and decision-making.

The office is not well-postured to assess the effectiveness of the intelligence and security enterprises in part because it has not developed tools to enhance accountability, such as goals, desired outcomes, and performance metrics. Without taking further actions, the office cannot fully assess the extent to which the enterprises are meeting the objectives of the 2018 National Defense Strategy and the 2020 Defense Intelligence Strategy.

Why GAO Did This Study

DOD's Defense Intelligence Enterprise and Defense Security Enterprise play a vital role in supporting DOD's operations and priorities. The Under Secretary of Defense for Intelligence and Security and its corresponding office oversee these enterprises. The roles and responsibilities of the office have grown in recent years, particularly in the area of security.

Committee reports accompanying the National Defense Authorization Act for Fiscal Year 2020 and Intelligence Authorization Act for Fiscal Years 2018, 2019, and 2020 included provisions for GAO to assess the office. GAO's report (1) describes how the office's responsibilities and organization have evolved, and the composition of its workforce, and (2) evaluates how the office conducts oversight and the extent to which it is able to assess the effectiveness of the enterprises.

GAO collected and analyzed workforce data; interviewed DOD officials; reviewed policies and other related documentation; and conducted four case studies of specific mission areas to assess oversight by the office.