Homeland Security: Process for Reporting Lessons Learned from Seaport Exercises Needs Further Attention

GAO-05-170 January 14, 2005
Highlights Page (PDF)   Full Report (PDF, 35 pages)   Accessible Text   Recommendations (HTML)

Summary

Seaports are a critical vulnerability in the nation's defense against terrorism. They are potential entry points for bombs or other devices smuggled into cargo ships and ports' often-sprawling nature presents many potential targets for attack. To assess the response procedures that would be implemented in an attack or security incident, officials conduct port-specific exercises. Many federal, state, and local agencies may potentially be involved. The Coast Guard has primary responsibility for coordinating these exercises and analyzing the results. GAO examined (1) the emerging framework for coordinating entities involved in security responses, (2) legal and operational issues emerging from exercises conducted to date, and (3) Coast Guard management of reports analyzing exercises. GAO reviewed reports on 82 exercises from fiscal year 2004 and observed 4 exercises as they were being conducted.

The framework under which federal agencies would manage a port-terrorism incident is still evolving. The primary guidance for response, the National Response Plan, is in the final stages of approval, and the National Incident Management System, the structure for multiagency coordination, is still being put in place. As a result, it is too early to determine how well the complete framework will function in an actual incident. GAO's review of fiscal year 2004 terrorism-related reports and exercises identified relatively few legal issues, and none of these issues produced recommendations for statutory changes. Most issues have instead been operational in nature and have surfaced in nearly every exercise. They are of four main types: difficulties in sharing or accessing information, inadequate coordination of resources, difficulties in coordinating effectively in a command and control environment, and lack of knowledge about who has jurisdictional or decision-making authority. Reports on the exercises often do not meet the Coast Guard's standards for timeliness or completeness. Sixty-one percent of the reports were not submitted within 60 days of completing the exercise--the Coast Guard standard. The Coast Guard has implemented a new system for tracking the reports, but after a year of use, timeliness remains a concern. The Coast Guard has requirements for what the reports should contain, but 18 percent of the reports did not meet the requirement to assess each objective of the exercise. The Coast Guard has cited several planned actions that may allow for improving completeness. These actions are still in development, and it is too early to determine how much they will help.



Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Implemented" or "Not implemented" based on our follow up work.

Director:
Team:
Phone:
Stephen L. Caldwell
Government Accountability Office: Homeland Security and Justice
(415) 904-2200


Recommendations for Executive Action


Recommendation: To help ensure that reports on terrorism-related exercises are submitted in a timely manner that complies with all Coast Guard requirements, the Commandant of the Coast Guard should review the Coast Guard's actions for ensuring timeliness and determine if further actions are needed.

Agency Affected: Department of Homeland Security: United States Coast Guard

Status: Implemented

Comments: In January 2005, we reported that the Coast Guard had conducted port-based terrorism exercises to assess coordination and response procedures that would be implemented in the event of a terrorist attack. After these exercises are conducted, Coast Guard policy requires an "after action" report describing the exercise results and highlighting the lessons learned. However, we found that the Coast Guard was not meeting existing requirements for after action reports, which include submitting these reports within 60 days and assessing how well each objective had been met. Subsequently, to address the issue of timeliness, the Coast Guard reduced the timeframe allowed for submitting an after-action report. All reports are now required to be reviewed, validated, and entered into the applicable database within 21 days from the end of an exercise or operation-reduced from the previous 60 days. In addition, a recent GAO analysis of 26 After Action Reports for calendar year 2006 showed an improvement in the quality of the After Action Reports; each listed specific exercise objectives and lessons learned from the exercise. As a result of this improvement in meeting requirements for after action reports, the Coast Guard is better able to identify and correct barriers to a successful response to a terrorist threat.