New London Embassy: Design Passed the Full Mockup Blast, So Why the “Augmentation Option” For $2 Million?

Posted: 2:58 am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

Back in July last year, we wrote about the New London Embassy (NLE) project. Our trusted source told us that the project “went into construction before its glass facade design was tested to confirm it will meet blast standards.” Our source further explained that  the testing was needed only because the New London Embassy does not use known, familiar, window systems. The curtain wall apparently has no frames to ‘bite’ the glass and retain it under blast. That is a new technique for OBO we’re told, so the bureau reportedly had no basis to analyze the design (see New Embassy Construction Hearing: Witnesses Not Invited, and What About the Blast-Proof Glass?).

On December 8, the House Oversight Committee held a hearing on the New London Embassy Project. Below is an excerpt from State/OIG Steve Linick’s prepared statement (PDF):

In July 2015, OIG published the findings of its performance audit of the London NEC construction project.1 During this audit, OIG reviewed the Department’s evaluation and approval of the project design, including the design of the outer façade of the Chancery building,2 which comprises two layers. The outermost layer consists of a scrim stretched over a network of thin aluminum components. The scrim wraps the building to the east, west, and south, acting as a screen. Underneath the scrim, a glass curtain wall with an aluminum frame forms the inner layer of the building’s envelope.

OIG’s first objective was to determine whether the Department resolved security issues with the curtain wall design before allowing construction to begin. The Department’s physical security standards require all new office buildings such as the Chancery at the London NEC to provide blast protection to keep people and property safe from an attack. Moreover, by law and Department policy, the Department must certify to Congress that the project design will meet security standards prior to initiating construction.

OIG found that the Department’s Bureau of Diplomatic Security (DS) and Bureau of Overseas Building Operations (OBO) did not obtain blast-testing results for the Chancery’s curtain wall design before the Department certified the project and authorized initiation of construction. As discussed in more detail below, initiating construction prior to security certification and blast testing increased the financial risk to the Department and taxpayers, and was contrary to the Department’s policy.

A second objective for OIG was to determine whether the Department adhered to Federal Acquisition Regulation (FAR) requirements in negotiating a price for the NEC. OIG found that the contracting officer responsible for the NEC construction contract awarded the construction portion of the contract without requiring the contractor to provide an explanation of approximately $42 million in cost differences between the initial proposal and the final proposal. Because the contracting officer did not obtain sufficient information when negotiating the final price for the construction portion of the contract as required by the FAR, OBO was unable to assess fully the contents of the construction proposal that the contracting officer ultimately accepted and used as the basis for the firm-fixed-price award.

A practice that does not comply with 12 FAM 361.1

Since at least 2003, the Department has followed the practice of issuing limited notices to proceed, as set forth in the 2003 draft agreement, thereby authorizing construction contractors to begin limited tasks (not including foundation work) prior to certification. This practice, however, does not comply with 12 FAM 361.1, which states that “no contract should be awarded or construction undertaken until the proponent of a project has been notified by the Department that the appropriate certification action has been completed.” Notwithstanding the prohibition in 12 FAM 361.1, DS approved OBO’s request for early site work and construction of the piling foundation of the London NEC in November 2012, more than a year before certification and blast testing.

Concerns with the security of the curtain wall

The London NEC’s outer façade design was new and was never previously evaluated or tested by DS. The glass curtain wall design used in the NEC needed to meet a variety of security criteria, including forced-entry/ballistic resistant (FE/BR) and blast-protection requirements. As early as November 2012, DS notified OBO of its concerns with the curtain-wall design. DS informed OBO that there were substantial omissions and deficiencies of essential information related to FE/BR testing, curtain-wall sound mitigation, and blast-design methodology. This meant that DS would not accept computer modeling of the curtain wall to certify whether it would meet blast requirements and thus would require field validation as a condition to certify the project. CSE also expressed concerns with the security of the curtain wall and notified DS that its concerns would “need to be resolved by either a follow-on design or a written agreement” from OBO.

An “alternate curtain wall system” – just in case

Based on that written assurance and prior to any blast testing, the Under Secretary of State for Management certified to Congress on December 16, 2013, that the London NEC would be constructed in a secure manner and would provide adequate and appropriate security for sensitive activities and personnel. During this timeframe, OBO tasked the design firm for the NEC to develop solutions in the event the curtain wall failed the blast test. Specifically, OBO worked with the contractor to develop an “alternate curtain wall system” that was acceptable to DS for certification without blast testing.

An “augmentation option”— for an additional cost of $2 million

DS oversaw two series of component-level blast tests in February and April 2014. According to DS, the tests were necessary to determine the viability of employing structural silicone for the curtain wall. However, because the test results were mixed and inconclusive, OBO and DS agreed that the full mockup blast test would be the only valid test of the design. The full mockup blast test occurred on May 28, 2014, and according to DS, the design passed. Nevertheless, DS and OBO reached an agreement incorporating what became known as an “augmentation option”— for an additional cost of $2 million. Employing this option, although not necessary to meet standards, was intended to provide an added measure of security.

As noted in our audit, OIG recognizes that the Department’s decision to initiate construction of the London NEC prior to completing the required blast testing was driven by a schedule to complete construction by 2017. However, by initiating construction without first completing blast testing, the Department committed itself to the construction of a building that could have required significant redesign, potentially placing millions of dollars at risk.

 

The House Oversight Committee hearing page is here with the rest of the video clips and the prepared statements of the witnesses from OIG, OBO, and Diplomatic Security.

#

Related posts:

 

Advertisements

@StateDept’s Problematic Information Security Program and Colin Powell’s Wired Diplomatic Corps

Posted: 2:10 am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

.

Via the AP:

Clinton approved significant increases in the State Department’ information technology budgets while she was secretary, but senior State Department officials say she did not spend much time on the department’s cyber vulnerabilities. Her emails show she was aware of State’s technological shortcomings, but was focused more on diplomacy.
[…]
Emails released by the State Department from her private server show Clinton and her top aides viewed the department’s information technology systems as substandard and worked to avoid them.

Screen Shot 2015-10-20

click here to view pdf file

The report does not include specific details on the “significant increases” in the IT budget. Where did it go? Why did the Clinton senior staff suffer through the State Department’s antiquated technology without any fixes?

In contrast, here is Colin Powell’s Wired Diplomatic Corps:

Another disturbing aspect of State Department life prior to 2001 was the poor condition of its information technology (IT). Independent commissions warned the organization’s computer networks were “perilously close to the point of system failure” and “the weakest in the U.S. government.” Inadequate funding, concerns over IT security, and simple bureaucratic inertia were all contributing factors. Powell came to an institution in which his employees relied on an antiquated cable messaging system, slow, outdated computers and as many as three separate networks to do their daily work. At several posts diplomats did not enjoy full access to the Internet or the department’s classified network. Such realities were troubling for a new secretary of state, who had served on American Online’s board of directors and considered Internet access an indispensable resource in his own daily life. Powell believed effective twenty-first diplomacy necessitated a modern communications system at State and made its establishment a top priority.

As with embassy construction and security, Powell successfully garnered the financial resources to make substantial quantitative and qualitative improvements in the organization’s information technology. For instance, a secure unclassified computer network with full Internet access was extended to 43,500 desktops during his tenure, making the State Department a fully wired bureaucracy for the first time in its history. This goal was reached in May 2003, under budget and ahead of schedule. Shortly thereafter a modernized classified network was installed at 224 embassies and consulates — every post that the Bureau of Diplomatic Security deemed eligible for such technology. In addition, a Global IT Modernization (GIT-M) program was launched to ensure that all computer hardware is kept state-of-the-art through an aggressive, four-year replacement cycle. Other changes equipped the institution with cutting-edge mainframes, updated secure telephones, and wireless emergency communication systems. Most recently, the State Department began under Powell’s leadership to replace its decades old cable and e-mail systems with one modern, secure, and fully integrated messaging and retrieval system.

These impressive technological changes were complemented by the creation of a new 10-person office for e-Diplomacy in 2002. The unit was established to support State’s information revolution by finding ways to increase organizational efficiency through information technology, making the newly installed systems user-friendly, and continuing to identify new ways to send, store and access information. Furthermore, IT security was enhanced considerably. One department report indicated that by August 2004, 90.4 percent of State’s operational systems had been fully authorized and certified, earning the department OMB’s highest rating for IT improvement under the President’s Management Agenda (PMA). In part, achievements of this type were facilitated through Powell’s hiring of 530 new IT specialists (while controlling for attrition). Through an aggressive recruitment and retention program based on incentives and bonuses, the department’s vacancy rate for such positions, which was “over 30 percent five years ago, [was] essentially eliminated.” As with congressional relations and embassy construction and security, State’s information technology was enhanced significantly under Powell’s leadership.

Read in full here via American Diplomacy — The Other Side of Powell’s Record by Christopher Jones.

So, among the more recent secretaries of state, one stayed home more than most. Secretary Powell knew the IT systems were substandard and he went about making the fixes a priority; he did not hand it off to “H” to lobby Congress or simply talked about the State Department’s “woeful state of civilian technology.” 

Below is a clip from OIG Steve Linick’s Management Alert for recurring information system weaknesses spanning FY2011-FY2013.  The actual FISMA reports do not seem to be publicly available at this time:

Screen Shot 2015-10-20

The FISMA audit dated October 2014 says:

[T]he Chief Information Security Officer stated that the Bureau of Information Resource Management, Office of Information Assurance (IRM/IA), received a budget of $14 million in FY 2014, an increase from $7 million in FY 2013.6 A majority of the budget was used for contractor support to improve FISMA compliance efforts.

We identified control deficiencies in all [Redacted] (b) (5)  of the information security program areas used to evaluate the Department’s information security program. Although we recognize that the Department has made progress in the areas of risk management, configuration management, and POA&M since FY 2013, we concluded that the Department is not in compliance with FISMA, OMB, and NIST requirements. Collectively, the control deficiencies we identified during this audit represent a significant deficiency to enterprise-wide security, as defined by OMB Memorandum M-14-04.

We have been unable to find the FISMA reports during all of Rice, Clinton and Kerry tenures. We’ll keep looking.

#

 

Why didn’t the State Dept have a permanent IG from 2008-2013? Late, but a senator wants to know.

Posted: 12:13  am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

Senate Judiciary Committee chairman Chuck Grassley has been keeping the records folks awake in Foggy Bottom. Last week, he directed his attention on the missing permanent IG at the State Department from 2008-2013. Over two years late but this gotta be good.

The previously Senate-confirmed OIG for the State Department was Howard J. Krongard who announced his resignation on December 7, 2007 and left post on January 15, 2008.  President Obama nominated the current IG Steve Linick in June 2013. The U.S. Senate confirmed his nomination on September 17, 2013 and Mr. Linick officially started work at the State Department on September 30, 2013.  (By the way, on October 1, the federal government went on shutdown and Mr. Linick’s office was one of the very few offices at the State Department whose employees were put on furlough).  The vacancy at the IG’s office lasted more than five years before President Obama’s nominee finally took office.  (See Senate Confirms Steve Linick; State Dept Finally Gets an Inspector General After 2,066 DaysAfter 1,989 Day-Vacancy — President Obama Nominates Steve Linick as State Dept Inspector General).

In any case, Senator Grassley now wants to know why the IG vacancy at the State Department lasted, by official count, 2,071 straight days. Late but okay, we’d like to know, too.  The senator wrote a letter to Michael E. Horowitz, the Chair of Council of the Inspectors General on Integrity and Efficiency (CIGIE) and to Secretary Kerry. Excerpt below:

Congress needs a better understanding of how and why the State Department lacked a permanent IG who could serve as an independent watchdog for 2,071 straight days. Accordingly, please respond to the following by September 11, 2015:

CIGIE Chair Horowitz: Assuming that CIGIE prepared a list of recommended candidates to fill the IG vacancy at the State Department created upon the departure of former IG Howard Krongard in 2008:

a. Who were the candidates?
b. When were they recommended?
c. Who sent the slate of recommendations from CIGIE to the White House?
d. Who received the slate of recommendations at the White House from CIGIE?

e. What was the response, if any, from the White House regarding the slate of candidates?
f. Who, if anyone, at CIGIE received the White House’s response?
g. When and how was any such response from the White House received?

h. Please provide all records from any CIGIE official at the time relating to communications with the White House about the IG vacancy or potential candidates to fill the vacancy.
i. Did CIGIE provide candidate names to the State Department? If so, please provide the Committee with all records from any CIGIE official at the time relating to communications with the State Department about the IG vacancy or potential candidates to fill the vacancy.

Secretary Kerry: Please provide the Committee with all State Department records related to the IG vacancy or potential candidates to fill the vacancy, including communications between and among former Secretary Clinton, her senior staff, or any State Department personnel, any CIGIE official, or any White House official.

In the letter’s footnotes, Senator Grassley cites the testimony of POGO’s Danielle Brian on “Watchdogs needed: Top Government Investigator Positions Unfilled for Years, June 3, 2015.”  POGO has previously questioned the independence of the State Department’s acting IG. POGO also published a letter from “very concerned employees” (pdf) dated January 12, 2008 sounding the alarm on the appointment of an acting IG. Senator Grassley is listed as one of the addresses of that letter.

Senator Grassley’s IG vacancy letter cites two cases:

1) The “appearance of undue influence and favoritism” in departmental investigations of three allegations related to Diplomatic Security investigations (see Review of Selected Internal Investigations Conducted by the Bureau of Diplomatic Security | January 2015 (pdf).

[ As an aside — the original OIG draft/report on DS investigations dates back to 2012 and was made part of the Higbie v. Kerry, a title VII employment discrimination case in Texas. That case was subsequently dismissed by the district court and affirmed by the Court of Appeals (pdf) in March 2015.  But in 2013, the government sought to exclude the “improperly obtained documents” that Higbie obtained via a subpoena from a retired OIG employee, Aurelia Fedenisn. The government asserted that the documents, including the draft report, were improperly retained by Fedenisn after her employment ended in 2012.  We’re reminded of this case in relation to the IG vacancy because the Washington Examiner recently reported that the then acting IG had sought to keep early drafts of a controversial OIG report under wraps in the Higbie case in federal court in 2013. Note that the contents of that draft report have already circulated and were reported on by the press in June 2013].

2) Allegations related to “protected disclosures” at  the U.S. Consulate General in Naples Italy, a case currently in the court system  (see Howard v. Kerry: Court Denies Motion to Dismiss One Retaliation Claim.

Senator Grassley’s letter is available to read here: 2015-08-27 Grassley | CEG to CIGIE and State Dept (IG Vacancy)

#

 

Clinton Email Challenge Now a Sharknado, and Secretary Kerry Is Right to be “Concerned”

Posted: 2:13  pm PDT
[twitter-follow screen_name=’Diplopundit’ ]

 

This happened Thursday night. We drafted this post early morning but waited for a piece of information we wanted to see. So yup, overtaken by events.  In any case, you may now read the inspector generals memos referenced to in the NYT report here. See NYT: Criminal Inquiry Sought Over Clinton Emails? Read the Inspector Generals Memos.  We’re also waiting for the OIG to issue a clarification on the DOJ referral the NYT reported.

The memos went possibly from two IG offices — State Department Steve Linick and Intelligence Community Inspector General I. Charles McCullough, III — to the Under Secretary for Management Patrick Kennedy. The IGs memos are also cc’ed to one of the State Department’s deputy secretaries. It looks like, the memos or contents/snippets of it were shared with DOJ, as a DOJ official appears to be the NYT’s source for this story (see tweets below).

Here are the tweets from July 24:

.

 

The report from the NYT includes the following:

— 1.  The memos were provided to The New York Times by a senior government official.

— 2.  The inspectors general also criticized the State Department for its handling of sensitive information, particularly its reliance on retired senior Foreign Service officers to decide if information should be classified, and for not consulting with the intelligence agencies about its determinations.

— 3.  The revelations about how Mrs. Clinton handled her email have been an embarrassment for the State Department, which has been repeatedly criticized over its handling of documents related to Mrs. Clinton and her advisers.

— 4.  Some State Department officials said they believe many senior officials did not initially take the House committee seriously, which slowed document production and created an appearance of stonewalling.

— 5.  State Department officials also said that Mr. Kerry is concerned about the toll the criticism has had on the department and has urged his deputies to comply with the requests quickly.

Today:

.

.

[protected-iframe id=”e89eac4f85ec0b5debb3122421f29c6e-31973045-31356973″ info=”//giphy.com/embed/zrwZ0GvnryRfa?html5=true” width=”480″ height=”325″ frameborder=”0″] .

On this whole email debacle at the State Department, it must be said that this might not have happened if not enabled by senior bureaucrats in the agency. We do not believe for a moment that senior officials were not aware about the email practices of then Secretary Clinton or the record retention requirement. But hey, if the practice was done for four years over the protests and dissent of officials at “M”, “A”, the Legal Adviser or the CIO, we’d like to see that email trail.

By the way, this NYT report follows a July 20 Politico report about a contentious hearing where U.S. District Court Judge Richard Leon demanded explanations for why some of the Associated Press’ FOIA requests received no reply for four years or more before the wire service filed suit in March.

“The State Department’s not going to have the luxury of saying, because we’re focusing on Hillary’s emails, we’re doing so at the cost and expense of four-year-old requests. So, that’s not going to be an excuse,” the judge said. “In my judgment, a four-year-old request gets a priority over a recent request.”

On Mr. Kerry’s concern about the toll the criticism has had on the department … the secretary is right to be concerned. Senior officials did not take Congress seriously?  Even if senior bureaucrats do not agree or approve of the conduct of the Select Committee, even if they think this is a sideshow seeking to derail a presidential campaign, the required document production is still part of their jobs. In my view, the most serious consequence on the appearance of stonewalling is it also gives the appearance that bureaucrats are picking sides in this political shitstorm.

This can potentially undermine the expectation of the State Department as an impartial and non-political entity. The perception, right or wrong, that this impartiality is compromised, will not serve it or its employees well in the long run.

You might like to read a couple previous posts on FOIA personnel, costs and the “persistent neglect of fundamental leadership responsibilities” that made this the Clinton email debacle a challenge of Sharknado proportion for the agency. (see Snapshot: State Dept FY2014 FOIA Personnel and Costs and State Dept FOIA Requests: Agency Ranks Second in Highest Backlog and Here’s Why).

#

State/OIG Report on US Embassy Estonia Gets a “D” For Um … Dazzle?

Posted: 2:09 am  EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

The Office of the Inspector General inspected the U.S. Embassy in Tallinn, Estonia from October 3–22, 2014.  It released its inspection report  on June 18, 2015.

Inspection of Embassy Tallinn, Estonia
Posted On: June 18, 2015 Report Date: June 2015
Report Number: ISP-I-15-23A
Report: application/pdf icon isp-i-15-23a.pdf

Quick look at post fro the IG report:

Missionwide staffing is 42 U.S. direct-hire employees, including 27 Department U.S. direct-hire employees. The FY 2014 missionwide budget was $8.9 million. Other agencies represented at the mission include elements of the U.S. Departments of Defense, Justice, and Homeland Security. A small number of U.S. military personnel on rotation to Estonia fall under chief of mission authority. The mission has no consulates. The mission’s FY 2015 request for foreign assistance funds totaled $3.6 million for Estonian military stabilization operations and security sector reform ($2.4 million for foreign military funding and $1.2 million for international military education and training). Embassy Tallinn’s missionwide budget for FY 2014 was approximately $8.9 million. Department staffing was 27 U.S. direct-hire employees and 85 locally employed (LE) staff members.

Excerpt from key findings:

  • The Ambassador and the deputy chief of mission provide appropriate oversight to the country team, and U.S. Department of State sections, in accordance with Section 207(a) of the Foreign Service Act of 1980. However, stronger leadership from the Ambassador and his greater adherence to Department of State rules and regulations are necessary.
  • The political/economic section is staffed adequately to carry out its policy advocacy and reporting responsibilities but needs to adjust local staff portfolios and the language requirements of its U.S. officers to maximize resources.
  • The public affairs section is central to mission efforts to carry out Integrated Country Strategy objectives, using traditional public diplomacy tools, media engagement, social media, and regional outreach to amplify policy messages.
  • The embassy’s consular warden system has not been reviewed, activated, or tested since at least 2011. Worldwide tensions increase the need for an effective warden system with the flexibility to meet multiple contingencies, including the potential interruption of electronic messaging capability.
  • The aging chancery does not meet—and cannot be retrofitted to meet—even the most basic security standards, and numerous infrastructure deficiencies need to be addressed if the embassy is to remain at its present location.
  • The telecommunications and power cabling infrastructure throughout the chancery is disorganized and largely undocumented, which limits the ability of information management staff to carry out their duties.
  • The embassy needs a comprehensive training plan for locally employed staff that reflects priority training needs.
  • Internal management controls need to be strengthened, with particular attention to separation of duties, documenting processes and standard operating procedures, clarifying backup duties, and reassessing organization structure.

Here is what Section 207(a) of the Foreign Service Act of 1980 says:

excerpt from Foreign Service Act of 1980

 

Quite impressive, yo!

The ambassador is popular with the Estonian public, helped sold Javelin missiles worth $50–$60 million, met so infrequently with senior Estonian Government officials but succeeded, nonetheless, to get Estonia to accept one Gitmo detainee. This report reminds us of those evaluation reports where the drafter attempts walking on water. Excerpts:

  • The Ambassador’s interpersonal skills have enabled him to participate effectively in public affairs and other programing in several parts of the country and have garnered him personal popularity with the Estonian public.
  • His support for the military includes advocacy for U.S. military sales. His efforts have helped secure a sale to the Estonian Government of U.S. Javelin missiles worth $50–$60 million.
  • The Ambassador, however, has not established strong relationships at the Government of Estonia’s ministerial level. In his 2 years as Chief of Mission, he has met infrequently with the Prime Minister or other ministers in the cabinet (less than 12 times during his 24 months in the embassy, in addition to initial courtesy calls or accompanying visitors and at public events). … Despite the infrequency of his meetings with senior Estonian Government officials, the Ambassador successfully led the effort to obtain the government’s acceptance of a Guantanamo detainee—an impressive achievement given the small size of the country and the government’s reluctance.

On getting the Estonians to “yes,” how did he do it? The IG report did not say, which would have been really helpful given how many Gitmo detainees we still need to place elsewhere.

On leadership, the IG report says:

The most significant findings concern the need for stronger leadership from the Ambassador and his greater adherence to ethics principles, Equal Employment Opportunity (EEO) guidelines, and security policies.

Buried in the report is this:

[T]he embassy staff rated the Ambassador below average in leadership categories, including vision, engagement, fairness, and ethics. Segments of the mission community, including some U.S. direct-hire and LE female employees told the OIG team that they feel undervalued. .. Some American and LE staff members gave examples of preferential treatment that the Ambassador afforded to specific employees and interns. It is imperative that the Ambassador reverse these perceptions; he indicated that he is willing to work hard to do so, and he began the process by apologizing to his staff before the inspection team’s departure.

On the EEO program, the report says, “The EEO program at Embassy Tallinn requires attention by embassy leadership.” Oy! What happened?

Non-review of visa issuances/refusals:

The DCM has not met requirements in 9 FAM 41.113 and 9 FAM 41.121 to review nonimmigrant visa issuances and refusals. The most recent regional consular officer report for Tallinn, dated January 2014, states that “[t]he DCM did not meet adjudication review standards…since the last regional officer report visit [in May 2013].” A Bureau of Consular Affairs preinspection report found that standards had also not been met between May 1 and July 30, 2014. The DCM’s review of visa adjudications at single officer embassies is especially important, as no other person provides required oversight and quality control.

Things that happen just before the OIG starts work, or leave post:

  • The Ambassador’s efforts to establish an overall strategic vision, in accordance with 3 Foreign Affairs Manual (FAM) 1214, have not been successful. Few of Embassy Tallinn’s senior leaders can articulate the Ambassador’s overall strategic vision or identify the top priorities contained therein, despite an off-site planning session held just days before the start of the inspection. The Ambassador held the previous planning off site almost 2 years earlier—too long ago to enable employees to have a lasting awareness of his goals and direction. A clear shared vision—key to coordinated team work and productivity—is missing. Greater communication is needed. No structured effort exists to inform the mission employees, including LE staff members, of the outcome of the planning session, which has left a large part of the embassy team uninformed.
  • At the start of the inspection no program was in place for mentoring the mission’s two first- and second-tour (FAST) employees, and some mid-level officers stated that they would welcome mentoring on career development issues. The DCM structured a FAST program and scheduled initial mentoring sessions prior to the inspection team’s departure.

Counsel from EUR/Office of the Legal Adviser?

Elsewhere on the report, it says that “the OIG team identified instances in which the Ambassador did not appear to adhere to established Department rules and regulations. Each instance was small, but collectively they suggest his disregard for adherence to the rules.” It recommends that EUR, in coordination with the Office of the Legal Adviser, should counsel the Embassy Tallinn Ambassador concerning ways to avoid breaches of Department of State rules and regulations.


What the hey?  

[T] he Ambassador has been involved only marginally in efforts that would identify potential opportunities in Estonia for U.S. businesses, as outlined in 18 FAM 015. He agreed to increase efforts in that area, as well as not to pursue Estonian export interests that would not directly result in U.S. jobs.

The IG inspectors cited Section 207(a) of the Foreign Service Act of 1980 on its key findings but forgot Section 207 (c) of the Act?


Oh darn, we almost forgot —  whatabout curtailments?  

Read more about that in U.S. Embassy of Curtailments.


Recusals, anyone?

Embassy Tallinn’s chief of mission is Jeffrey Levine. Prior to his appointment  as ambassador to Estonia, he was the State Department’s director of Recruitment, Examination and Employment from 2010-2012 (HR/REE).

The OIG team who inspected the mission was headed by Marianne Myles who was previously Ambassador to Cape Verde (2008-2010). Prior to her appointment to Cape Verde, she, too was the director of the State Department’s Office of Recruitment, Examination and Employment (HR/REE). She was also Director of Policy Coordination for the Foreign Service’s Director General (DG/HR).

A side note here, HR/REE had three directors spanning at least  six years who went directly from HR to an ambassadorship. (Luis Arreaga, the HR/REE director from 2008-2010 was appointed Ambassador to Iceland from 2010-2013).  This is an extremely small club to belong to.

So we asked Mr. Linick’s office about its recusal policy. Wasn’t IG Linick concerned about potential conflict of interest in this instance? We also asked if there has ever been an instance when OIG inspectors who are/were FS members recused themselves when there is potential or appearance of conflict of interest?

Over the weekend, we received the OIG’s response to our inquiry.  Repeated below in its entirety:

OIG strictly follows the  independence standards established by the Council of the Inspectors General on Integrity and Efficiency (CIGIE).    In order to ensure each inspector is free, both in fact and appearance, from personal, external, and organizational impairments to independence, OIG has a rigorous conflict review within the Office of Inspections (ISP).

Pursuant to this policy, prior to an inspection, every member of the inspection team must review a staffing chart with every employee of the inspected entity, and report, in writing, all prior professional and personal relationships with any such individual.  ISP management  and the Office of General Counsel carefully review this information to ensure that all ISP teams’ members are independent and free from real or apparent conflicts of interest.  This process happens  early in the inspection process as ISP assigns staff to individual teams.   If any such conflicts are identified, ISP takes action to mitigate the conflict, which could include removing a team member from a team.  OIG  provides training to all inspectors on CIGIE independence standards and how to avoid conflicts of interest.

Regarding the Tallin inspection, OIG followed its standard procedure in reviewing input from Ambassador Myles regarding any relationships with employees in Embassy Tallinn and concluded her participation in the inspection was appropriate under CIGIE standards and OIG policy.

So there you go.

We must note that for years, the names of the OIG inspection team members were redacted from these publicly released OIG reports. We have railed about those redactions for various reasons. In 2013, when Steve Linick assumed charge of the OIG — the first Senate-confirmed IG since the 2007 resignation of Howard J. Krongard —  one of his first actions was to release the names of the inspectors with the publicly available reports. We have not forgotten that.

#

OIG Steve Linick Seeks Legislative Support For Kill Switch on State Dept “Investigating Itself”

Posted: 1:41 am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

The Senate Foreign Relations Subcommittee on State Department management, operations and development held a hearing on April 21 with OIG Steve Linick  on the efficiency and effectiveness of State Department operations.

The video is also available here. Or you can watch here via the SFRC.

Only two senators stayed for the duration of the entire hearing, Senator Timothy M. Kaine of Virginia [D]  and Senator David Perdue of Georgia [R] . It’s quite a change from watching other congressional hearings.  No one was angry or hysterical. No one was tearing up.  The senators seem genuinely interested in hearing what Inspector General Linick had to say. They ask informed, thoughtful questions and follow-up questions. Both have also been hosted overseas during a CODEL or two and have complimentary things to say about the men and women of our diplomatic service.

Senator Ron Johnson of Wisconsin [R] did sit down but just long enough to ask and rail about Benghazi.  Senator Chris S. Murphy of Connecticut D] also came in to question the IG about BBG operations. It sounds like he has a lot of concerns about BBG and is working on efforts to shore up the long floundering red headed step child of global engagement.

IG Linick brought up two main challenges during the hearing, one on the OIG’s IT vulnerability and the other, its interest on getting first dibs when it comes to allegations of criminal or serious administrative misconduct by Department employees. Not “M”, not Diplomatic Security, but for the OIG to get right of first refusal on criminal allegations in the State Department.

Inspector Linick also asked for a flexible hiring authority so the OIG is able to hire retired FS employees and former SIGAR employees. These individuals have the experience OIG needs but they face restrictions under the current hiring authority. We hope he gets it.

We strongly support these asks by the OIG.  The first, because it makes sense. The second, because it’s long overdue.  It will remove the “it depends” mantra over in the Big House.  For the OIG to have real oversight, it should have the right to decide whether to conduct the investigations themselves or not.  That decision should not be left to State Department management. The OIG has already requested that the Department revise its current directives on this, but it doesn’t look like anything happened yet.  We would like to see Congress include this in the State Department congressional authorization.

IG Linick’s prepared testimony is here (pdf). Below is an excerpt:

OIG Network Vulnerabilities

Vulnerabilities in the Department’s unclassified network directly affect OIG’s IT infrastructure, which is part of the same network. We noted in our November 2013 Management Alert on information security that there are thousands of administrators who have access to the Department’s computer network. That access runs freely throughout OIG’s IT infrastructure and increases risk to OIG operations. For example, a large number of Department administrators have the ability to read, modify, or delete any information on OIG’s network including sensitive investigative information and email traffic, without OIG’s knowledge.17 OIG has no evidence that administrators have compromised OIG’s network. At the same time, had OIG’s network been compromised, we likely would not know. The fact that the contents of our unclassified network may be easily accessed and potentially compromised places our independence at unnecessary risk and does not reflect best practices within the IG community. OIG seeks to transition to an independently managed information system, which will require the Department’s cooperation and support from Congress.

A footnote on his prepared statement says that DS and the Bureau of Information Resource Management (State/IRM) recently agreed to notify and receive confirmation from OIG prior to accessing OIG systems in “most circumstances. ” 

Right of First Refusal To Investigate Allegations of Criminal or Other Serious Misconduct

Unlike other OIGs, my office is not always afforded the opportunity to investigate allegations of criminal or serious administrative misconduct by Department employees. Department components, including DS, are not required to notify OIG of such allegations that come to their attention. For example, current Department rules provide that certain allegations against chiefs of mission shall be referred for investigation to OIG or DS. However, that guidance further states that “[in] exceptional circumstances, the Under Secretary for Management may designate an individual or individuals to conduct the investigation.”19 Thus, DS or the Under Secretary may initiate an investigation without notifying us or giving us the opportunity to evaluate the matter independently and become involved, if appropriate. Accordingly, OIG cannot undertake effective, independent assessments and investigations of these matters as envisioned by the IG Act.

The directives establishing this arrangement appear to be unique to the Department. By contrast, the Departments of Defense, Justice, Homeland Security, the Treasury (and the IRS), and Agriculture, all of which had within them significant law enforcement entities prior to the establishment of their respective offices of Inspector General (OIG), defer to their OIGs for the investigation of criminal or serious administrative misconduct by their employees or with respect to their programs. Notice must be provided by all agency components to their respective OIGs of, at a minimum, allegations of misconduct by senior employees. In some agencies, notice must be provided of such allegations with respect to all employees. The respective OIGs have the right to decide whether to conduct investigations themselves or refer matters back to the relevant agency component for investigation or other action. However, in some cases, when requested by OIG to do so, the relevant agency component to which the OIG referred back the matter must report to the OIGs on the progress or the outcome of investigations.

Particularly where senior officials are involved, the failure to refer allegations of misconduct to an independent entity like OIG necessarily creates a perception of unfairness, as management is seen to be, as the U.S. Government Accountability Office (GAO) notes, “investigating itself.”*

This risks undermining confidence in the integrity of the Department. Moreover, this arrangement prevents OIG from carrying out its clear statutory duty, set forth in the IG Act, “to provide policy direction for and to conduct, supervise, and coordinate … investigations relating to the programs and operations” of the Department.

Accordingly, we are seeking legislative support—similar to that provided to other OIGs—for early notification to OIG of allegations of certain types of misconduct. In addition, OIG is seeking legislative clarification of its right to investigate such allegations.23 Current Department directives are a barrier to achieving accountable and transparent government operations.

Here is another footnote:

GAO, Inspectors General: Activities of the Department of State Office of Inspector General at 25-26. (GAO- 07-138, March 2007) ([B]ecause DS reports to the State Department’s Undersecretary [sic] for Management, DS investigations of department employees, especially when management officials are the subjects of the allegations, can result in management investigating itself.”); see also OIG’s Review of Selected Internal Investigations Conducted by the Bureau of Diplomatic Security (ESP-15-01, October 2014) (Department policies and procedures appear to have significant implications and created an appearance of undue influence and favoritism, which undermines public confidence in the integrity of the Department and its leaders).

#

State/OIG to Review Use of Special Government Employees (SGE), Conflicts of Interest Safeguards

Posted: 2:20 am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

Back in 2013, we blogged about the State Department Special Government Employees:  Who Are the State Dept’s 100 “Special Government Employees”? Dunno But Is Non-Disclosure For Public Good? and this: State Dept refused to name its SGEs because of reasons #1, #2, #3, #4 and … oh right, the Privacy Act of 1974:

At that time, there was a message from Mission Command:

“Good morning, Mr. Hunt (or whoever is available). Your mission, should you choose to accept it, involves the retrieval of all Special Government Employee (SGE) names. There are more than a hundred names but no one knows how many more.  They are padlocked in the Privacy Act of 1974 vault, guarded by a monstrous fire-breathing creature from Asia Minor. PA1974 vault location is currently in Foggy Bottom.  As always, should you or any member of your team be caught or killed, everybody with a badge will disavow all knowledge of your actions. This message will self-destruct in five seconds.  If not, well, find a match and burn.”

Teh-heh!

In January 2014, without Mr. Hunt, the State Department finally released its SGE list as reported by ProPublica here . ProPublica  concluded then that “the list suggests that the status is mostly used for its intended purpose: to allow outside experts to consult or work for the government on a temporary basis.” Which makes one wonder why it wasn’t readily released in the first place.

The recent Clinton email debacle, revived interest on Secretary Clinton’s use of the SGE program that allowed some political allies to work for the government while pursuing private-sector careers. In March, Sen. Charles E. Grassley (R-Iowa), who heads the Judiciary Committee was on it.

Via WaPo:

“The public’s business ought to be public with few exceptions,” Grassley said in a statement Saturday. “When employees are allowed to serve the government and the private sector at the same time and use private email, the employees have access to everything and the public, nothing.”

Senator Grassley’s request to the State Department, apparently not yet answered, is available here.

Last week, Senator Grassley received confirmation that the State Department Office of Inspector General will review the department’s use of the Special Government Employee program. Below is part of Senator Grassley’s statement:

“This program is meant to be used in a limited way to give the government special expertise it can’t get otherwise,” Grassley said.  “Is the program working the way it’s intended at the State Department or has it been turned on its head and used in ways completely unrelated to its purpose?   An independent analysis will help to answer the question.  An inspector general review is necessary. Available information suggests that in at least one case, the State Department gave the special status for employee convenience, not public benefit.”

In response to Grassley’s request, State Department Inspector General Steve Linick confirmed his office “intends to examine the Department’s SGE program to determine if it conforms to applicable legal and policy requirements, including whether or not the program, as implemented, includes safeguards against conflicts of interest.”

Grassley is concerned about potential conflicts of interest arising from a top State Department employee, Huma Abedin, who worked for both the government as a Special Government Employee and an outside firm, Teneo, at the same time.

More about Ms Abedin’s consulting work here.  Senator Grassley’s request to IG Linick is available here.  IG Linick’s response to Senator Grassley is available here.

You get the feeling that State/OIG is the most wanted office in WashDC these days?

#

Email Episode 1472: No Dust Left on Chappaqua Server?

Posted: 11:28 pm PDT
[twitter-follow screen_name=’Diplopundit’ ]

.

.

.
The New York Times also posted the letter from the former secretary of state’s lawyer David E. Kendall to House Chairman Trey Gowdy.  Excerpt below:

There is no basis to support the proposed third-party review of the server that hosted the hdr22@clintonemail.com account. During the fall of 2014, Secretary Clinton’s legal representatives reviewed her hdr22@clintonemail.com account for the time period from January 21, 2009 through February 1, 2013. After the review was completed to identify and provide to the Department of State all of the Secretary’s work-related and potentially work-related emails, the Secretary chose not to keep her non-record personal e-mails and asked that her account (which was no longer in active use) be set to retain only the most recent 60 days of e-mail. To avoid prolonging a discussion that would be academic, I have confirmed with the Secretary’s IT support that no e-mails from hdr22@clintonemail.com for the time period January 21, 2009 through February 1, 2013 reside on the server or on any back-up systems associated with the server.

Page 8 of this 9-page document includes a letter from the State Department’s Under Secretary for Management Patrick Kennedy:

We understand that Secretary Clinton would like to continue to retain copies of the documents to assist her in responding to congressional and related inquiries regarding the documents and her tenure as head of the Department. The Department has consulted with the National Archives and Records Administration (NARA) and believes that permitting Secretary Clinton continued access to the documents is in the public interest as it will help promote informed discussion.

Accordingly, Secretary Clinton may retain copies of the documents provided that: access is limited to Secretary Clinton and those directly assisting her in responding to such inquiries; steps are taken to safeguard the documents against loss or unauthorized access; the documents are not released without written authorization by the Department; and there is agreement to return the documents to the Department upon request. Additionally, following counsel, we ask that, to the extent the documents are stored electronically, they continue to be preserved in their electronic format. In the event that State Department reviewers determine that any document or documents is/are classified, additional steps will be required to safeguard and protect the information.

The  entire Kendall-Gowdy letter is available to read here.

Because it’s Friday, there is also this item from Gawker and ProPublica adding a stranger twist to this  email saga.

 

 

In related news, remember when Michael Schmidt broke the NYT story about  Secretary Clinton’s exclusive use of a personal email account during her entire tenure as Secretary of State? That was on March 2.  On March 25,  Secretary Kerry finally asked the Office of Inspector General to review email and record retention at his agency.  The letter Secretary Kerry sent to IG Steve Linick is available to read here (pdf).

.

I don’t know about you but … it’s that kind of week.

Greys-Anatomy perfectedflaw

Image: Tumblr, perfectedflaw via Mashable

#

Rabbit Hole News: State Dept’s Private Email Usage Policy, Plus Attn: State/OIG – Firecracker Coming Your Way

Posted: 01:47 EST
Updated: 11:19 EST
Updated 15:14 EST
[twitter-follow screen_name=’Diplopundit’ ]

 

Shortly after the NYT broke the story about the former secretary of state’s exclusive used of a personal email account to conduct government business, we sent an inquiry to the State Department’s Office of Inspector General. We don’t know if they could comment about it but we wanted to ask anyway.  We’ve looked at the regs but the FAM is silent on the use of private email, or at least we thought it was. It almost seem as if the rule makers presumed that all employees will be using official email, thus, the rules only spell out the requirement for the preservation of records.

If Secretary Clinton was using a private email account and if her close advisers were also using private email accounts, we wanted to know how is this reconciled with the ability of individuals to FOIA government documents. We were also interested how this would keep other senior or even regular employees from using Yahoo or Gmail to conduct official business.

State/OIG’s response was, “we are not in a position to comment at this time.”

Actually, we asked the wrong questions.

In 2012, we blogged about the OIG inspection report of the U.S. Embassy in Kenya. (See State/OIG Releases Ambassador Scott Gration’s Embassy Report Card – And Look, No Redactions!). We mentioned in passing the ambassador’s use of commercial email for official government business. In light of these news reports that Secretary Clinton exclusively used nongovernment email during her four year tenure as secretary of state, the old 2012 report is getting some legs again.

 

.
Below is an excerpt from that 2012 report specifically addressing the ambassador’s use of commercial email for daily communication of official government business. The ambassador was also slammed for using “a government-owned laptop that is not physically or electronically connected to the Department’s OpenNet network.”  

Mission Leadership Challenge 

Very soon after the Ambassador’s arrival in May 2011, he broadcast his lack of confidence in the information management staff. Because the information management office could not change the Department’s policy for handling Sensitive But Unclassified material, he assumed charge of the mission’s information management operations. He ordered a commercial Internet connection installed in his embassy office bathroom so he could work there on a laptop not connected to the Department email system. He drafted and distributed a mission policy authorizing himself and other mission personnel to use commercial email for daily communication of official government business. During the inspection, the Ambassador continued to use commercial email for official government business. The Department email system provides automatic security, record-keeping, and backup functions as required. The Ambassador’s requirements for use of commercial email in the office and his flouting of direct instructions to adhere to Department policy have placed the information management staff in a conundrum: balancing the desire to be responsive to their mission leader and the need to adhere to Department regulations and government information security standards. The Ambassador compounded the problem on several occasions by publicly berating members of the staff, attacking them personally, loudly questioning their competence, and threatening career-ending disciplinary actions. These actions have sapped the resources and morale of a busy and understaffed information management staff as it supports the largest embassy in sub-Saharan Africa.

Authorized Automated Information Systems 

The Ambassador uses a government-owned laptop that is not physically or electronically connected to the Department’s OpenNet network. Authorized Department OpenNet email systems are available on the Ambassador’s office desktop. According to 12 FAM 544.3 and 11 State 73417 (from the Assistant Secretary for Diplomatic Security to the Ambassador), it is the Department’s general policy that normal day-to-day operations be conducted on an authorized information system, which has the proper level of security controls. The use of unauthorized information systems increases the risk for data loss, phishing, and spoofing of email accounts, as well as inadequate protections for personally identifiable information. The use of unauthorized information systems can also result in the loss of official public records as these systems do not have approved record preservation or backup functions. Conducting official business on non-Department automated information systems must be limited to only maintaining communications during emergencies.

Recommendation 57: Embassy Nairobi should cease using commercial email to process Department information and use authorized Department automated information systems for conducting official business. (Action: Embassy Nairobi)

Source:  Inspection of Embassy Nairobi, Kenya | Report Number ISP-I-12-38A, August 2012 | pdf

 

We should point out that the 2012 report was issued prior to the tenure of IG Steve Linick and Secretary Clinton tenure at the State Department ended in February 2013.  But with 2016 just around the corner, this email debacle will not die a quiet death.

The unclassified cable  STATE 065111 on securing email accounts sent to all overseas posts on June 28, 2011 only says “avoid conducting official Department business from your personal email accounts.”

See the magic word there? It did not say you can’t, only that you shouldn’t.

So for the second day in a row, the subject of the Clinton emails was featured in the Daily Press Briefing. The State Department’s deputy spox, Marie Harf was impressive when she said that “There was no prohibition” on the use of personal email.  She emphasized that “There was not then and there is not now a prohibition on using a personal email for official business, and at the time she was in office, there was no time requirement for when those needed to be preserved as records.”

Entertainment value? High.

In any case, the question that we probably should have asked the OIG is this — if an ambassador was “hammered” for his use of nongovernment, private email, can we presume that ordinary bureaucrats would get a similar treatment? And if this is so  — don’t we then have a set of rules that applied to everyone but the head of the agency?   We originally cited 5 FAM 440 (pdf) as the rules governing  Electronic Records, Facsimile Records, and Electronic Mail Records in the State Department.  But wait —  the 2012 OIG report on Kenya cited 12 FAM 544.3 Electronic Transmission Via the Internet (pdf), a section of the FAM that has been in the rules books since 2005. It says in part:

It is the Department’s general policy that normal day-to-day operations be conducted on an authorized AIS [automated information system], which has the proper level of security control to provide nonrepudiation, authentication and encryption, to ensure confidentiality, integrity, and availability of the resident information. The Department’s authorized telework solution(s) are designed in a manner that meet these requirements and are not considered end points outside of the Department’s management control.
[…]
c. Employees should be aware that transmissions from the Department’s OpenNet to and from non-U.S. Government Internet addresses, and other .gov or .mil addresses, unless specifically directed through an approved secure means, traverse the Internet unencrypted. Therefore, employees must be cognizant of the sensitivity of the information and mandated security controls, and evaluate the possible security risks and then decide whether a more secure means of transmission is warranted (i.e., secure fax, mail or network, etc.)

d. In the absence of a Department-provided secure method, employees with a valid business need may transmit SBU information over the Internet unencrypted after carefully considering that:

(1) SBU information within the category in 12 FAM 541b(7)(a) and (b) must never be sent unencrypted via the Internet;

(2) Unencrypted information transmitted via the Internet is susceptible to access by unauthorized personnel;

(3) Email transmissions via the Internet generally consist of multipoint communications that are routed to their destination through the path of least resistance, which may include multiple foreign and U.S. controlled Internet service providers (ISP);

(4) Once resident on an ISP server, the SBU information remains until it is overwritten;

(5) Unencrypted email transmissions are subject to a risk of compromise of information confidentiality or integrity;

(6) SBU information resident on personally owned computers connected to the Internet is generally more susceptible to cyber attacks and/or compromise than information on government owned computers connected to the Internet;

(7) The Internet is globally accessed (i.e., there are no physical or traditional territorial boundaries). Transmissions through foreign ISPs or servers can magnify these risks; and

(8) Current technology can target specific email addresses or suffixes and content of unencrypted messages.

 

General policies, of course, can have exceptions and if that’s what happened here, wouldn’t it be nice to know who were granted exceptions to use private email accounts besides the secretary of state and why? And did the Legal Advisor or somebody else signed off on those exceptions? Was the clintonemail.com server an authorized AIS [automated information system] of the State Department, and if so, who authorized it?

We cannot predict where this email controversy is going to end, but some Internet sleuth is digging up Dubai, Denmark, Luxembourg in what seems to be an already convoluted matter.  If you read the link below there is an interesting question whether the Clinton e-mail server was hosted for some period of time by an outside hosting firm.  If the hosting firm was based overseas at an external location in Texas or elsewhere,  wouldn’t this be an added headache for cybersecurity and something the OIG’s new Office of Evaluations and Special Projects (ESP) might be interested in?

.

.

While the Inspector General of the State Department might not be in a position to comment about this issue publicly at this time, or might not want to wade into the rabbit hole with this political firecracker, it may not have much of a choice.  Even our apolitical neighbors were dismayed by this.  The perception that the rules may have been applied selectively, based on rank undermines the Service.  That in itself is an excellent excuse to review the entire practice and determine to what extent exceptions were made.  The Republican National Committee has reportedly already asked the Office of Inspector General to look into whether Clinton’s practices led her or the department to violate the Federal Records Act.

It’s only a matter of time before there is a formal congressional request. Heads up State/OIG, this firecracker is heading your way.

* * *

Related post:
So wait — Hillary Clinton never got a state.gov email? What does the FAM say?

Related items:

State Department June 28, 2011 Unclassified Cable 065111 on Securing Email Accounts via (foxnews)

NARA Bulletin 2014-06 | September 15, 2014 – Guidance on Managing Email

NARA Bulletin 2013-03 | September 9, 2013 – Guidance for agency employees on the management of Federal records, including email accounts, and the protection of Federal records from unauthorized removal

NARA Bulletin 2011-03 | December 22, 2010 – Guidance Concerning the use of E-mail Archiving Applications to Store E-mail

OMB | Managing Government Records Directive requires that Federal agencies manage all their email electronically by December 31, 2016.

 

 

 

State/OIG Challenges: Access and OIG Network Vulnerabilities

Posted: 01:42 EST
Updated: 3/3/2015 @1051 PST
[twitter-follow screen_name=’Diplopundit’ ]

Update: In response to our inquiry, State/OIG informed us that the 128 debarment and suspension referrals it made to the State Department “were accepted by the Department and action was taken.” However, we were also informed that the OIG actually “made more referrals, but no action has been taken by the Department to date.”*

As to the issue of OIG’s IT independence and integrity, “a memorandums of understanding have been executed in which the Department has agreed to obtain prior approval from OIG before accessing its network. In addition, we are engaging a third party to explore options to enhance the independence of our network system.”**

 

* * *

Last week, the State Department Inspector General Steve Linick appeared before the Committee on Homeland Security and Government Affairs on the Senate panel’s hearing on improving the efficiency, effectiveness and independence of inspector generals.  State/OIG has oversight of an agency with more than 72,000 employees (includes locally employed staff) in over 280 overseas missions and domestic entities, the BBG and the U.S. Section of the International Boundary and Water Commission. These agencies’ total annual appropriated funding includes approximately $15 billion, nearly $7 billion in consular fees and other earned income, and full or partial oversight of an additional $17 billion in Department-managed foreign assistance.

Some highlights:

  • Although the Department has made improvements on overseas security, challenges remain. Through our inspection and audit work, OIG continues to find security deficiencies that put our people at risk. Those deficiencies include failing to observe set-back and perimeter requirements and to identify and neutralize weapons of opportunity. Our teams also uncover posts that use warehouse space and other sub-standard facilities for offices, another security deficiency. Our audit of the Local Guard Program found that firms providing security services for embassy compounds were not fully vetting local guards they hired abroad, placing at risk our posts and their personnel. In other audits, we found that the Bureau of Diplomatic Security (responsible for setting standards) and the Bureau of Overseas Buildings Operations (responsible for constructing facilities to meet those standards) often do not coordinate adequately to timely address important security needs.
  • We found that follow-through on long-term security program improvements involving physical security, training, and intelligence-sharing lacked sustained oversight by Department principals. Over time, the implementation of recommended improvements slows. The lack of follow-through explains, in part, why a number of Benghazi ARB recommendations mirror previous ARB recommendations.
  • The Department’s obligations in FY 2014 equaled approximately $9 billion in contractual services and $1.5 billion in grants, totaling approximately $10.5 billion. However, the Department faces challenges managing its contracts, grants, and cooperative agreements. These challenges have come to light repeatedly in OIG audits, inspections, and investigations over the years. […]In FY 2014, more than 50 percent of post or bureau inspections contained formal recommendations to strengthen controls and improve administration of grants.
  • OIG’s assessments of the Department’s cybersecurity programs have found recurring weaknesses and noncompliance with the Federal Information Security Management Act (FISMA) with respect to its unclassified systems.[…] Our work in the information security area is ongoing. Since my arrival, OIG has arranged for penetration testing of the Department’s unclassified networks in order to better assess their vulnerability to attack.

What’s happening in FY2015? The following were specifically identified in IG Linick’s testimony (pdf):

  • Planned FY 2015 security audits include an audit of the approval and certification process used to determine employment suitability for locally employed staff and contracted employees, an audit of emergency action plans for U.S. Missions in the Sahel region of Africa, and an audit of the Vital Presence Validation Process (VP2) implementation. VP2 is the Department’s formal process for assessing the costs and benefits of maintaining its presence in dangerous locations around the world. Note: The VP2 is a result of the tragedy in Benghazi.
  • The DS/International Programs Directorate of the Bureau of Diplomatic Security is up for inspection. Note: This is  one of the main bureaus in aftermath of the Benghazi attack that came under congressional scrutiny. Charlene Lamb has now been succeeded by Christian J. Schurman who was named Deputy Assistant Secretary of State and Assistant Director for International Programs on September 15, 2014. DAS Schurman is a Diplomatic Security (DS) Special Agent with 27 years of service who was recently promoted to the rank of Minister Counselor in April 2014.
  • In FY 2015, OIG plans on issuing, among others, audits involving non-lethal aid and humanitarian assistance in response to the Syrian crisis, the Iraq Medical Services Contract, and the Bureau of International Narcotics and Law Enforcement’s Embassy Air Wing Contract in Iraq.
  • ESP is conducting a joint review with the Department of Justice’s OIG of the handling of the use of lethal force during a counternarcotics operation in Honduras in 2012.

 

IG Linick also highlighted new OIG initiatives to enhance the effectiveness and efficiency of OIG’s independent oversight of the Department’s programs and operations including:

  • the issuance of issue Management Alerts and Management Assistance Reports
  • the creation of the Office of Evaluations and Special Projects (ESP), and using ESP to improve OIG’s capabilities to meet statutory requirements of the Whistleblower Protection Enhancement Act of 2012
  • new oversight of overseas contingency operations specifically for Operation Inherent Resolve (OIR)—the U.S.-led overseas contingency operation directed against the Islamic State of Iraq and the Levant (ISIL),
  • data and technology enhancements
  • suspension and debarment:  between 2011 and 2014, OIG referred 128 cases to the Department for action *
  • new offices in Charleston, South Carolina, where one of the Department’s Global Financial Services Center resides, and in Frankfurt, Germany, the site of one of the Department’s Regional Procurement Support Office.
  • co-locating an OIG attorney-investigator as a full-time Special Assistant U.S. Attorneys (SAUSAs) in the U.S. Attorney Office for the Eastern District of Virginia in order to prosecute more quickly and effectively cases involving fraud against the Department of State

 

This hearing followed a well -publicized accessibility issues the Peace Corps and EPA OIG had with their own agencies. In his prepared testimony, IG Linick stated that “unfettered and complete access to information is the linchpin that ensures independence and objectivity for the entire OIG community.

He was careful to note “the importance of forging productive relationships with Department leadership and decision-makers” and cited the Department notice issued by Secretary Kerry at the start of his tenure over a year ago “outlining OIG authorities and obligations under the IG Act and advising staff of our need for prompt access to all records and employees.”  He then shared with Congress the OIG’s two main challenges:

  • Access: Generally, most of our work is conducted with the Department’s full cooperation and with timely production of material. However, there have been occasions when the Department has imposed burdensome administrative conditions on our ability to access documents and employees. At other times, Department officials have initially denied access on the mistaken assumption that OIG was not entitled to confidential agency documents. In these instances, OIG ultimately was able to secure compliance but only after delays and sometimes with appeals to senior leadership. These impediments have at times adversely affected the timeliness of our oversight work, resulting in increased costs for taxpayers.Delays in responding to document requests also occur because the requested information has not been maintained at all or in a manner to allow timely retrieval. Such disorganization of information may negatively impact not only OIG audits, inspections, evaluations, and investigations but also the integrity of Department programs and operations. For example, an OIG Management Alert identified missing or incomplete files for contracts and grants with a combined value of $6 billion.
  • OIG Network Vulnerabilities:  Vulnerabilities in the Department’s unclassified network also affect OIG’s IT infrastructure, which is part of the same network. We noted in our November 2013 information security Management Alert that there are literally thousands of administrators who have access to Department databases. That access runs freely to OIG’s IT infrastructure and creates risk to OIG operations. Indeed, a large number of Department administrators have the ability to read, modify, or delete any information on OIG’s network including sensitive investigative information and email traffic, without OIG’s knowledge. OIG has no evidence that administrators have actually compromised OIG’s network. However, the fact that the contents of our unclassified network may easily be accessed and potentially compromised unnecessarily places our independence at risk. We have begun assessing the best course of action to address these vulnerabilities. **

* * *