Government Accountability Office

The Government Accountability Office was asked to review federal efforts to improve the resiliency of wireless networks following natural disasters and other physical incidents. This report examines: (1) trends in mobile wireless outages reported to Federal Communications Commission since 2009 and (2) actions federal agencies and industry have taken since 2013 (after Hurricane Sandy) to improve wireless network resiliency, among other objectives.

This report examines (1) trends in the gender, racial, and ethnic composition of the technology sector workforce; and (2) oversight of technology companies' compliance with equal employment and affirmative action requirements. The estimated percentage of minority technology workers increased from 2005 to 2015, but GAO found that no growth occurred for female and Black workers, whereas Asian and Hispanic workers made statistically significant increases (see figure).

This report examines the extent to which Rural Utilities Service's (RUS) procedures and activities are consistent with leading practices and how, if at all, its management practices could be improved. The Government Accountability Office synthesized, from federal guidance and relevant literature, a set of 10 leading practices that would be appropriate for the management of broadband loan and grant programs. GAO validated its set of practices with states that have programs similar to the RUS programs. GAO then reviewed RUS documentation and interviewed RUS officials and six program recipients, selected for having geographically dispersed projects currently under construction. Based on this information, GAO determined whether RUS's procedures and activities were consistent, partially consistent, or not consistent with each leading practice.

GAO recommends that RUS develop program performance goals and measures, conduct program risk assessments, evaluate completed grant projects, establish a timeline for implementing a centralized internal data system, and update written policies and procedures for RUS staff. USDA agreed with the recommendations.

Cyber-based intrusions and attacks on federal systems are evolving and becoming more sophisticated. The Government Accountability Office first designated information security as a government-wide high-risk area in 1997. This was expanded to include the protection of cyber critical infrastructure in 2003 and protecting the privacy of personally identifiable information in 2015. The Department of Homeland Security plays a key role in strengthening the cybersecurity posture of the federal government. Among other things, DHS has initiatives for (1) detecting and preventing malicious cyber intrusions into agencies' networks and (2) deploying technology to assist agencies to continuously diagnose and mitigate cyber threats and vulnerabilities.

This statement provides an overview of GAO's work related to DHS's efforts to improve the cybersecurity posture of the federal government. In preparing this statement, GAO relied on previously published work, as well as information provided by DHS on its actions in response to GAO's previous recommendations. In a January 2016 report, GAO made nine recommendations related to expanding NCPS's capability to detect cyber intrusions; notifying customers of potential incidents; providing analytic services; and sharing cyber-related information, among other things. DHS concurred with the recommendations and is taking actions to implement them.

Technology advancements have increased the overall accuracy of automated face recognition over the past few decades. This technology has helped law enforcement agencies identify criminals in their investigations. However, privacy advocates and members of the Congress remain concerned regarding the accuracy of the technology and the protection of privacy and individual civil liberties when technologies are used to identify people based on their biological and behavioral characteristics. This statement describes the extent to which the FBI ensures adherence to laws and policies related to privacy regarding its use of face recognition technology, and ensure its face recognition capabilities are sufficiently accurate. In May 2016, DOJ and the FBI partially agreed with two recommendations and disagreed with another on privacy. FBI agreed with one and disagreed with two recommendations on accuracy. GAO continues to believe that the recommendations are valid.

This statement (1) provides an overview of Government Accountability Office's work related to cybersecurity of the federal government and the nation's critical infrastructure and (2) identifies areas of consistency between GAO recommendations and those recently made by the Cybersecurity Commission and CSIS. In preparing this statement, GAO relied on previously published work and its review of the two recent reports issued by the Commission and CSIS. Over the past several years, GAO has made about 2,500 recommendations to federal agencies to enhance their information security programs and controls. As of February 2017, about 1,000 recommendations had not been implemented.

While previous administrations and agencies have acted to improve the protections over federal and critical infrastructure information and information systems, the federal government needs to take the following actions to strengthen U.S. cybersecurity:

• Effectively implement risk-based entity-wide information security programs consistently over time.
• Improve its cyber incident detection, response, and mitigation capabilities. The Department of Homeland Security needs to expand the capabilities and support wider adoption of its government-wide intrusion detection and prevention system. In addition, the federal government needs to improve cyber incident response practices, update guidance on reporting data breaches, and develop consistent responses to breaches of PII.
• Expand its cyber workforce planning and training efforts.
• Expand efforts to strengthen cybersecurity of the nation's critical infrastructures.
• Better oversee protection of personally identifiable information.

The Government Accountability Office was asked to review the possible effects of the auction on LPTV and translator stations and their viewers.

This report examines: (1) LPTV and translator stations and how FCC’s incentive auction might affect their viewers, (2) selected stakeholders’ views on actions FCC has proposed to mitigate the possible effects of the auction on such stations, and (3) selected stakeholders’ views on the expected outcomes of preserving a vacant television channel for unlicensed use.

GAO reviewed relevant FCC proceedings and comments associated with those proceedings; surveyed a non-generalizable sample of 330 LPTV and translator station representatives with available e-mail addresses; and interviewed officials from FCC and industry stakeholders selected to represent various types of organizations, such as broadcast industry associations and technology companies.

Broadband use has in recent years been associated with reduced use of FirstClass Mail. Continued declines as a result of broadband, however, are uncertain.

Broadband access to various Internet services, especially online bill paying, is associated with reduced use of transaction mail, a subset of First-Class Mail. GAO analysis of the U.S. Postal Service’s (USPS) Household Diary Survey (HDS) data from 2007-2014 found that households using broadband to access Internet services tended to send less transaction mail than other households, controlling for age, income, and education. However, GAO found that in recent years broadband use may not have had a statistically significant effect on correspondence mail, a subset of First-Class Mail that includes letters and greeting cards. GAO found that rural households tend to visit post offices more regardless of broadband use.

The Department of Commerce’s National Telecommunications and Information Administration (NTIA) proposes to transition its oversight of key Internet technical functions (the IANA functions) and the Internet domain name system to a global multistakeholder community. We addressed whether U.S. Government property will be transferred or otherwise disposed of in connection with the transition in violation of the Property Clause of the U.S. Constitution (Article IV).

We find it is unlikely that either the domain name system or the authoritative root zone file (the “address book” for the top-level domain) is U.S. Government property under Article IV. We also find the Government may have certain data rights, and has limited intellectual and tangible property, all of which constitute Article IV property, but that property will be retained and not disposed of in connection with the transition. Finally, the Government has a contractual right to continued performance by the entities carrying out the IANA functions and related services. That right, which also constitutes U.S. Government property, would be disposed of if NTIA terminates the agreements rather than allowing them to expire, but NTIA has the requisite authority to dispose of this Government property interest.

Competing television stations are entering into agreements to share or outsource services, and some policymakers are concerned about the effects of these agreements on competition and programming. The Government Accountability Office was asked to review issues related to broadcaster agreements.

This report examines (1) the uses and prevalence of broadcaster agreements; (2) stakeholders' views on the effects of broadcaster agreements; and (3) the extent, if at all, that Federal Communications Commission has regulated these agreements.

GAO recommends that the FCC should determine whether it needs to collect additional data to understand the prevalence and context of broadcast agreements and whether broadcaster agreements affect its media policy goals of competition, localism, and diversity.