January 29, 2022

News

News Network

Critical Infrastructure Protection: Treasury Needs to Improve Tracking of Financial Sector Cybersecurity Risk Mitigation Efforts

9 min read
<div>The federal government has long identified the financial services sector as a critical component of the nation's infrastructure. The sector includes commercial banks, securities brokers and dealers, and providers of the key financial systems and services that support these functions. Altogether, the sector holds about $108 trillion in assets and faces a variety of cybersecurity-related risks. Key risks include (1) an increase in access to financial data through information technology service providers and supply chain partners; (2) a growth in sophistication of malware—software meant to do harm—and (3) an increase in interconnectivity via networks, the cloud, and mobile applications. Cyberattacks that exploit risks can occur against either public or private components of the sector. For example, in February 2016, hackers were able to install malware on the Bangladesh Central Bank's system through a service provider, which then directed the Federal Reserve Bank of New York to transfer money to accounts in other Asian countries. This attack resulted in the theft of approximately $81 million. Several industry groups and firms are taking steps to enhance the security and resilience of the U.S. financial services sector through a broad range of cyber risk mitigation efforts. These efforts include coordinating within the sector through groups such as the Financial Services Sector Coordinating Council and the Financial Systemic Analysis and Resilience Center, conducting industrywide incident response exercises, sharing threat and vulnerability information, developing and providing guidance in conducting risk assessments, and offering cybersecurity-related training. The Departments of Homeland Security and the Treasury and federal financial regulators are also taking multiple steps to support cybersecurity and resilience through risk mitigation efforts. Among other things, federal agencies provide cybersecurity expertise and conduct simulation exercises related to cyber incident response and recovery. Treasury, as the designated lead agency for the financial sector, plays a key role in supporting many of the efforts to enhance the sector's cybersecurity and resiliency. For example, Treasury's Assistant Secretary for Financial Institutions serves as the chair of the committee of government agencies with sector responsibilities, and Treasury coordinates federal agency efforts to improve the sector's cybersecurity and related communications. However, Treasury does not track efforts or prioritize them according to goals established by the sector for enhancing cybersecurity and resiliency. Treasury also has not fully implemented GAO's previous recommendation to establish metrics related to the value and results of the sector's risk mitigation efforts. Further, the 2016 sector-specific plan, which is intended to direct sector activities, does not identify ways to measure sector progress and is out of date. Among other things, the sector-specific plan lacks information on sector-related requirements laid out in the 2019 National Cyber Strategy Implementation Plan . Unless more widespread and detailed tracking and prioritization of efforts occurs according to the goals laid out in the sector-specific plan, the sector could be insufficiently prepared to deal with cyber-related risks, such as those caused by increased access to data by third parties. For decades, the federal government has taken steps to protect the nation's critical infrastructures. The financial services sector's reliance on information technology makes it a leading target for cyber-based attacks. Recent high-profile breaches at commercial entities have heightened concerns that data are not being adequately protected. Under the Comptroller General's authority, GAO initiated this review to (1) describe the key cyber-related risks facing the financial sector; (2) describe steps the financial services industry is taking to share information on and address risks to its sector; and (3) assess steps federal agencies are taking to enhance the security and resilience of the sector. GAO analyzed relevant reports and information to determine risks and mitigation efforts and compared agency efforts against federal policies and guidance. GAO also interviewed officials at 16 private sector entities, two self-regulatory organizations, and eight federal agencies, including the Department of the Treasury. GAO is making recommendations to Treasury to track and prioritize the sector's cyber risk mitigation efforts, and to update the sector's plan with metrics for measuring progress and information on how sector efforts will meet sector goals and requirements, including those contained within the National Cyber Strategy Implementation Plan. Treasury generally agreed with the recommendations. For more information, contact Nick Marinos at (202) 512-9342 or marinosn@gao.gov or Michael Clements at (202) 512-7763 or ClementsM@gao.gov.</div>

What GAO Found

The federal government has long identified the financial services sector as a critical component of the nation’s infrastructure. The sector includes commercial banks, securities brokers and dealers, and providers of the key financial systems and services that support these functions. Altogether, the sector holds about $108 trillion in assets and faces a variety of cybersecurity-related risks. Key risks include (1) an increase in access to financial data through information technology service providers and supply chain partners; (2) a growth in sophistication of malware—software meant to do harm—and (3) an increase in interconnectivity via networks, the cloud, and mobile applications. Cyberattacks that exploit risks can occur against either public or private components of the sector. For example, in February 2016, hackers were able to install malware on the Bangladesh Central Bank’s system through a service provider, which then directed the Federal Reserve Bank of New York to transfer money to accounts in other Asian countries. This attack resulted in the theft of approximately $81 million.

Several industry groups and firms are taking steps to enhance the security and resilience of the U.S. financial services sector through a broad range of cyber risk mitigation efforts. These efforts include coordinating within the sector through groups such as the Financial Services Sector Coordinating Council and the Financial Systemic Analysis and Resilience Center, conducting industrywide incident response exercises, sharing threat and vulnerability information, developing and providing guidance in conducting risk assessments, and offering cybersecurity-related training.

The Departments of Homeland Security and the Treasury and federal financial regulators are also taking multiple steps to support cybersecurity and resilience through risk mitigation efforts. Among other things, federal agencies provide cybersecurity expertise and conduct simulation exercises related to cyber incident response and recovery. Treasury, as the designated lead agency for the financial sector, plays a key role in supporting many of the efforts to enhance the sector’s cybersecurity and resiliency. For example, Treasury’s Assistant Secretary for Financial Institutions serves as the chair of the committee of government agencies with sector responsibilities, and Treasury coordinates federal agency efforts to improve the sector’s cybersecurity and related communications.

However, Treasury does not track efforts or prioritize them according to goals established by the sector for enhancing cybersecurity and resiliency. Treasury also has not fully implemented GAO’s previous recommendation to establish metrics related to the value and results of the sector’s risk mitigation efforts. Further, the 2016 sector-specific plan, which is intended to direct sector activities, does not identify ways to measure sector progress and is out of date. Among other things, the sector-specific plan lacks information on sector-related requirements laid out in the 2019 National Cyber Strategy Implementation Plan . Unless more widespread and detailed tracking and prioritization of efforts occurs according to the goals laid out in the sector-specific plan, the sector could be insufficiently prepared to deal with cyber-related risks, such as those caused by increased access to data by third parties.

Why GAO Did This Study

For decades, the federal government has taken steps to protect the nation’s critical infrastructures. The financial services sector’s reliance on information technology makes it a leading target for cyber-based attacks. Recent high-profile breaches at commercial entities have heightened concerns that data are not being adequately protected.

Under the Comptroller General’s authority, GAO initiated this review to (1) describe the key cyber-related risks facing the financial sector; (2) describe steps the financial services industry is taking to share information on and address risks to its sector; and (3) assess steps federal agencies are taking to enhance the security and resilience of the sector. GAO analyzed relevant reports and information to determine risks and mitigation efforts and compared agency efforts against federal policies and guidance. GAO also interviewed officials at 16 private sector entities, two self-regulatory organizations, and eight federal agencies, including the Department of the Treasury.

What GAO Recommends

GAO is making recommendations to Treasury to track and prioritize the sector’s cyber risk mitigation efforts, and to update the sector’s plan with metrics for measuring progress and information on how sector efforts will meet sector goals and requirements, including those contained within the National Cyber Strategy Implementation Plan. Treasury generally agreed with the recommendations.

For more information, contact Nick Marinos at (202) 512-9342 or marinosn@gao.gov or Michael Clements at (202) 512-7763 or ClementsM@gao.gov.

News Network

  • Inaugural U.S.-Taiwan Economic Prosperity Partnership Dialogue
    In Crime Control and Security News
    Office of the [Read More…]
  • Former Army Contractor Receives 151-Month Sentence for Fraud Scheme Targeting Thousands of U.S. Servicemembers and Veterans
    In Crime News
    A Nevada man was sentenced Thursday to 151 months in prison after pleading guilty in connection with his role in a transnational fraud and money laundering conspiracy that targeted over 3,300 members of the U.S. military community resulting in $1.5 million in losses.
    [Read More…]
  • VA Health Care: VA Should Expedite the Implementation of Recommendations Needed to Improve Post-Traumatic Stress Disorder Services
    In U.S GAO News
    Post-traumatic stress disorder (PTSD), which is caused by an extremely stressful event, can develop after military combat and exposure to the threat of death or serious injury. Mental health experts estimate that the intensity of warfare in Iraq and Afghanistan could cause more than 15 percent of servicemembers returning from these conflicts to develop PTSD. Symptoms of PTSD can be debilitating and include insomnia; intense anxiety; and difficulty coping with work, social, and family relationships. Left untreated, PTSD can lead to substance abuse, severe depression, and suicide. Symptoms may appear within months of the traumatic event or be delayed for years. While there is no cure for PTSD, experts believe early identification and treatment of PTSD symptoms may lessen their severity and improve the overall quality of life for individuals with this disorder. The Department of Veterans Affairs (VA) is a world leader in PTSD treatment and offers PTSD services to eligible veterans. To inform new veterans about the health care services it offers, VA has increased outreach efforts to servicemembers returning from the Iraq and Afghanistan conflicts. Outreach efforts, coupled with expanded access to VA health care for these new veterans, are likely to result in greater numbers of veterans with PTSD seeking VA services. Congress highlighted the importance of VA PTSD services more than 20 years ago when it required the establishment of the Special Committee on Post-Traumatic Stress Disorder (Special Committee) within VA, primarily to aid Vietnam-era veterans diagnosed with PTSD. A key charge of the Special Committee is to make recommendations for improving VA's PTSD services. The Special Committee issued its first report on ways to improve VA's PTSD services in 1985 and its latest report, which includes 37 recommendations for VA, in 2004. The Special Committee reports also include evaluations of whether VA has met or not met the recommendations made by the Special Committee in prior reports. The Department of Veterans Affairs (VA) is a world leader in PTSD treatment and offers PTSD services to eligible veterans. To inform new veterans about the health care services it offers, VA has increased outreach efforts to servicemembers returning from the Iraq and Afghanistan conflicts. Outreach efforts, coupled with expanded access to VA health care for these new veterans, are likely to result in greater numbers of veterans with PTSD seeking VA services. Congress asked us to determine whether VA has addressed the Special Committee's recommendations to improve VA's PTSD services. We focused our review on 24 recommendations related to clinical care and education made by VA's Special Committee on PTSD in its 2004 report to determine (1) the extent to which VA has met each recommendation related to clinical care and education and (2) VA's time frame for implementing each of these recommendations.GAO determined that VA has not fully met any of 24 Special Committee recommendations in our review related to clinical care and education. Specifically, we determined that VA has not met 10 recommendations and has partially met 14 of these 24 recommendations. For example, the Special Committee recommended that VA develop, disseminate, and implement a best practice treatment guideline for PTSD. The Special Committee designated the recommendation as met because VA had developed and disseminated the guideline. However, because we found that VA does not have documentation to show that the treatment part of the guideline is being implemented at its medical facilities and community-based clinics, we designated the recommendation as partially met. We also determined that VA does not plan to fully implement 23 of 24 recommendations until fiscal year 2007 or later. Ten of these are long-standing recommendations that were first made in the Special Committee report issued in 1985. VA's delay in fully implementing the recommendations raises questions about VA's capacity to identify and treat veterans returning from military combat who may be at risk for developing PTSD, while maintaining PTSD services for veterans currently receiving them. This is particularly important because we reported in September 2004 that officials at six of seven VA medical facilities stated that they may not be able to meet an increase in demand for PTSD services. In addition, the Special Committee reported in its 2004 report that VA does not have sufficient capacity to meet the needs of new combat veterans while still providing for veterans of past wars. If servicemembers returning from military combat do not have access to PTSD services, many mental health experts believe that the chance may be missed, through early identification and treatment of PTSD, to lessen the severity of the symptoms and improve the overall quality of life for these combat veterans with PTSD. Moreover, VA has identified geographic areas of the country where large numbers of servicemembers are returning from the current conflicts in Iraq and Afghanistan. VA could consider focusing first on ensuring service availability at facilities in areas that are likely to experience the most demand for PTSD services.
    [Read More…]
  • Secretary Antony J. Blinken with Kuwait Television
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Owner of Louisiana Construction and Building Inspection Businesses and His Two Siblings Plead Guilty to Tax Fraud
    In Crime News
    A Louisiana man who owns construction and building inspection businesses, along with his brother and sister, who were employed by the construction businesses, pleaded guilty today to conspiracy to defraud the IRS.
    [Read More…]
  • Veterans Affairs: Ongoing Financial Management System Modernization Program Would Benefit from Improved Cost and Schedule Estimating
    In U.S GAO News
    What GAO Found The Department of Veterans Affairs (VA) Financial Management Business Transformation (FMBT) program has begun implementing the Integrated Financial and Acquisition Management System (iFAMS), with the first deployment of certain capabilities at the National Cemetery Administration (NCA) on November 9, 2020. FMBT program officials identified various challenges, such as FMBT program funding shortfalls, which represent the difference between VA's original requirement and the President's budget request, and coordination with other major initiatives. VA has taken various steps to address its challenges. For example, because of the COVID-19 pandemic, VA postponed the initial NCA deployment 4 months and converted planning, training, and testing activities to virtual events. In addition, the FMBT program and Veterans Health Administration (VHA) worked together to address the FMBT program funding shortfall by postponing iFAMS implementation at VHA for at least 2 years to coordinate with the implementation of a new logistics system. Following information technology (IT) management best practices on major transformation efforts, such as the FMBT program, can help build a foundation for ensuring responsibility, accountability, and transparency. VA has generally met such practices for program governance, Agile project management, and testing and defect management. However, it has not fully met certain best practices for developing and managing cost and schedule estimates. As a result, its estimates were not reliable. Specifically, VA's estimates substantially met one, and partially or minimally met three of the four characteristics associated with reliable cost and schedule estimates, respectively. For example, VA minimally met the “credible” characteristic associated with reliable cost estimates, in part, because it did not compare its cost estimate to an independently developed estimate. GAO Assessment of VA Cost and Schedule Estimates against Best Practice Characteristics Cost estimate characteristic Assessment of cost estimate Schedule estimate characteristic Assessment of schedule estimate Comprehensive Partially met Comprehensive Partially met Well-documented Substantially met Well-constructed Partially met Accurate Partially met Credible Partially met Credible Minimally met Controlled Substantially met Legend: substantially met = VA provided evidence that satisfies a large portion of the criterion; partially met = VA provided evidence that satisfies about one-half of the criterion; minimally met = VA provided evidence that satisfies a small portion of the criterion Source: GAO assessment of the Department of Veterans Affairs Financial Management Business Transformation program documentation. | GAO-21-227 Reliable cost and schedule estimates provide a road map for project execution and are critical elements to delivering large-scale IT systems. Without reliable estimates, VA management may not have the information necessary for informed decision-making. Further, following cost and schedule best practices helps minimize the risk of cost overruns and schedule delays and would better position the FMBT program for effective and successful implementation on future deployments. Why GAO Did This Study VA's core financial system is approximately 30 years old and is not integrated with other relevant IT systems, resulting in inefficient operations and complex work-arounds. The FMBT program is VA's current effort and third attempt to replace its aging financial and acquisition systems with one integrated system. The first two attempts were unsuccessful after years of development and hundreds of millions of dollars in cost. GAO was asked to review the progress of the FMBT program. This report (1) describes the status of the FMBT program, including steps VA has taken to address challenges it has identified, and (2) examines the extent to which VA has followed certain IT management best practices. GAO summarized FMBT program risks and challenges that VA identified, reviewed FMBT program documentation and compared it with relevant guidance and best practices, and interviewed cognizant VA officials.
    [Read More…]
  • Deputy Attorney General Convenes Inaugural Meeting of the COVID-19 Fraud Enforcement Task Force
    In Crime News
    Yesterday, Deputy Attorney General Lisa Monaco convened the first meeting of the COVID-19 Fraud Enforcement Task Force. Launched earlier this month, the Task Force is marshalling the resources of the Department of Justice in partnership with agencies across the federal government to enhance enforcement efforts against COVID-19 related fraud.
    [Read More…]
  • Tonga Travel Advisory
    In Travel
    Reconsider travel [Read More…]
  • Unmanned Aircraft Systems: Improved Planning and Acquisition Strategies Can Help Address Operational Challenges
    In U.S GAO News
    The current generation of unmanned aircraft systems (UAS) has been in development for defense applications since the 1980's. As of February 2006, the Department of Defense (DOD) had more than 3,000 unmanned aircraft, about 2,000 of which are supporting ongoing operations in Iraq. DOD's 2006 Quadrennial Defense Review validates the importance of unmanned systems and establishes plans to significantly expand investment in unmanned systems and their use in military operations over the next several years. The Congress has been particularly interested in DOD's approach to determining UAS needs and managing the growing number of UAS programs. This testimony addresses GAO's prior work and preliminary observations on (1) the operational successes and challenges U.S. forces are experiencing with UAS in combat operations, and the extent to which DOD has taken steps to address challenges; (2) DOD's progress in establishing a strategic plan and oversight framework to guide joint and service-specific UAS development efforts and related investment decisions; and (3) our assessment of the Global Hawk and Predator programs' business cases and acquisition strategies and the lessons learned that can be applied to the Joint Unmanned Combat Air Systems program.DOD has experienced a high level of mission successes with UAS, but continues to face challenges in fully maximizing the use of these assets. In operations in Iraq and Afghanistan, U.S. forces have used UAS for intelligence, surveillance, reconnaissance, and offensive strike missions in support of joint and service-specific operations. As the numbers of UAS operating in the same airspace as manned aircraft grows, DOD continues to face operational challenges related to interoperability, availability of communications bandwidth, and airspace integration. While DOD and the services have taken some positive initial steps to address these challenges, such as issuing guidance and developing initiatives to improve interoperability, limited progress has been made and the effectiveness of these efforts cannot be adequately assessed until they are fully implemented. While DOD continues to request funds to support service plans for acquiring UAS, it still lacks a viable strategic plan to guide UAS development and investment decisions. Since GAO last reported, DOD established new oversight bodies and updated its UAS Roadmap, but it is too early to tell how the new entities will interrelate and whether they will be able to influence service plans. Also, the updated roadmap identifies broad goals, desired capabilities, and service acquisition plans, but lacks critical elements, such as a clear link among goals, capabilities, and plans, opportunities for joint endeavors, and funding priorities and needs. Until DOD develops a strategic plan, it will not be well positioned to validate requirements, evaluate and integrate services plans, and establish program and funding priorities, nor will Congress have all the information it needs to evaluate funding requests. Such a plan would also help DOD anticipate and minimize the types of challenges that are being experienced today. While there have been successes on the battlefield, UAS development programs have shared many of the same problems as other major weapon systems that begin an acquisition program too early, with many uncertainties about requirements, funding, and immature technology, design, and production. Unmanned systems have also experienced similar outcomes--changing requirements, cost growth, delays in delivery, performance shortfalls, and reliability and support problems. Future acquisition programscan learn from past efforts to craft better and less risky acquisition plans. Key steps conducive to success include preparing a comprehensive business case, adopting a knowledge-based and incremental acquisition strategy, and sustaining disciplined leadership and direction. Frequent changes to the Joint Unmanned Combat Air Systems technology demonstration program and recent budget actions raise some questions about the Department's priorities and future directions for UAS. Concerns have also been raised about possible duplication of systems as the services look to expand individual fleets. Ongoing Army and Air Force efforts to coordinate the Warrior and Predator programs are encouraging and could be a model for limiting duplication and fostering jointness and interoperability.
    [Read More…]
  • Navy Readiness: Actions Needed to Evaluate and Improve Surface Warfare Officer Career Path
    In U.S GAO News
    What GAO Found U.S. Navy Surface Warfare Officers (SWOs) separate from the SWO community earlier and at higher rates compared with officers in similar U.S. Navy communities, and female SWOs separate at higher rates than male SWOs. Retention Rates for U.S. Navy Officers and Surface Warfare Officers by Gender Note: GAO compared the U.S. Navy Surface Warfare Officer community separation rates with those of the other unrestricted line officer communities in the U.S. Navy: Naval Aviation, Submarine, and Explosive Ordinance Disposal and Special Warfare. GAO found that after 10 years of service, around the first major career milestone: 33 percent of SWOs remain in their community, compared with 45 percent of officers from similar U.S. Navy officer communities, and 12 percent of female SWOs remain in their community, compared with 39 percent of male SWOs. By using existing information to develop a plan to improve SWO retention, the Navy will be better positioned to retain a diverse and combat-ready community. The career path for U.S. Navy SWOs differs from those in similar positions in selected foreign navies and other U.S. Navy and U.S. maritime communities. Career Path for U.S. Navy Surface Warfare Officers Compared with Others The U.S. Navy made incremental career path changes for SWOs following the 2017 collisions, but has not regularly evaluated or fundamentally changed its SWO career path for over a century. GAO found that by a factor of four to one, SWOs believe specialized career paths would better prepare them for their duties than the current generalist career path. Without periodic evaluations of current approaches, including alternative career paths, and the use of those evaluations, the U.S. Navy may miss an opportunity to develop and retain proficient SWOs. Why GAO Did This Study SWOs are U.S. Navy officers whose primary duties focus on the safe operation of surface ships at sea. In 2017, the Navy had two collisions at sea that resulted in the death of 17 sailors and hundreds of millions of dollars in damage to Navy ships. Following the collisions, the Navy identified deficiencies in the SWO career path and staffing policies, and took action to improve these areas. The John S. McCain National Defense Authorization Act for Fiscal Year 2019 contained a provision that GAO assess issues related to the U.S. Navy SWO career path. Among other things, this report (1) assesses trends in separation rates of SWOs with those of similar U.S. Navy officer communities, and trends in SWO separation rates by gender; (2) describes how the career path of U.S. Navy SWOs compares to those of selected foreign navies and other U.S. Navy and U.S. maritime communities; and (3) assesses the extent to which the U.S. Navy has used or evaluated alternative career paths. GAO analyzed U.S. Navy officer personnel data; selected foreign navies and U.S. maritime officer communities for comparison; and surveyed a generalizable sample of Navy SWOs.
    [Read More…]
  • Secretary Antony J. Blinken on Release of the 2020 International Religious Freedom Report
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • United States to Host Global Fund’s Seventh Replenishment Conference
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Federal Rulemaking: Selected EPA and HHS Regulatory Analyses Met Several Best Practices, but CMS Should Take Steps to Strengthen Its Analyses
    In U.S GAO News
    GAO reviewed 11 Executive Order (EO) 13771 rules—five significant Environmental Protection Agency (EPA) rules and six economically significant Department of Health and Human Services (HHS) rules. Seven of the 11 rules modified (i.e. repealed, amended, or delayed) existing rules (see table). GAO found that analyses for most of the seven rules monetized the same types of benefits and costs as analyses for the rules they modified, an indicator of consistency in the regulatory analyses. For example, one EPA rule modified an earlier rule that had established requirements for chemical risk management programs. EPA monetized anticipated changes to industry compliance costs for both rules. Where agencies monetized similar types of benefits and costs for both reviewed rules and modified rules, the value of some estimates differed, in part, because agencies had updated analytical assumptions, such as the number of entities subject to requirements or relevant wage data. Topics and Characteristics of 11 Environmental Protection Agency (EPA) and Department of Health and Human Services (HHS) Rules Selected for Review Agency Topics Modified existing rule(s) Monetized costs exceeded benefits EPA Risk management programs ● ○   Railroad ties as non-waste fuels ● ○   Chemical data reporting ● ●   Mercury reporting ○ ●   Effluent from dental offices ○ ● HHS, FDA Food labeling ● ○   Agricultural water requirements ● ● HHS, CMS End-stage renal disease treatment ● ●   Home health quality reporting ● ●   Patient discharge planning ○ ●   Diabetes prevention and appropriate use of imaging services ○ ● Legend: ● = Yes; ○ = No Source: GAO analysis of EPA, Food and Drug Administration (FDA), and Centers for Medicare & Medicaid Services (CMS) data. | GAO-21-151 Regulatory analyses for eight of the 11 rules GAO reviewed projected that monetized costs would exceed monetized benefits, though each identified other factors that may have led decision makers to determine that the total benefits justified the total costs, such as important, non-quantified effects. These eight analyses met about half of the selected best practices for economic analysis. However, some analyses developed by HHS's Centers for Medicare & Medicaid Services (CMS) did not fully meet best practices associated with analyzing regulatory alternatives, assessing important effects, and providing transparency. It is particularly important that agencies develop quality analyses for economically significant rules, such as those finalized by CMS. By meeting these best practices, CMS could help the public and other parts of government provide effective feedback and mitigate potential conflict with entities affected by rules. It could also help CMS assess whether a rule's benefits justify the costs. EO 13771 generally requires executive agencies to identify two rules for repeal for each new rule issued. Since EO 13771 went into effect in 2017, executive agencies have taken regulatory actions expected to generate over $50 billion in savings to society. Quality regulatory analysis provides agency decision makers and the public with a thorough assessment of the benefits and costs of different regulatory options. GAO was asked to review regulatory analyses for rules finalized under EO 13771. For selected agencies, this report examines (1) how the calculated economic effects of selected rules differed, if at all, from those of rules they modified; and (2) the extent to which agencies met best practices in analyzing the economic effects of selected rules for which monetized costs exceed monetized benefits. GAO reviewed analyses for 11 rules—and the rules they modified— finalized by EPA and HHS, the two agencies that finalized the most economically significant EO 13771 rules through fiscal year 2019. GAO compared analyses to selected best practices in GAO's Assessment Methodology for Economic Analysis . GAO recommends that CMS take steps to ensure its future regulatory analyses are consistent with best practices for analyzing alternatives, assessing important effects, and providing transparency. EPA said it appreciated GAO's findings. HHS generally agreed with the report, and CMS agreed with the recommendation directed to it. For more information, contact Yvonne D. Jones at (202) 512-6806 or jonesy@gao.gov.
    [Read More…]
  • Secretary Antony J. Blinken Remarks at a Roundtable with Civil Society
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Judge Rya Zobel to Receive 2020 Devitt Award
    In U.S Courts
    Senior U.S. District Judge Rya Zobel, who grew up in Nazi Germany and later became the first woman to serve as director of the Federal Judicial Center, is the recipient of the 2020 Edward J. Devitt Distinguished Service to Justice Award.
    [Read More…]
  • United States Seizes 27 Additional Domain Names Used by Iran’s Islamic Revolutionary Guard Corps to Further a Global, Covert Influence Campaign
    In Crime News
    The United States has seized 27 domain names that Iran’s Islamic Revolutionary Guard Corps (IRGC) unlawfully used to further a global covert influence campaign.
    [Read More…]
  • Delaware
    In Travel
    There are currently no [Read More…]
  • Joint Statement by the U.S. Department of State and U.S. Department of Homeland Security on the Expansion of Access to the Central American Minors Program
    In Crime Control and Security News
    Office of the [Read More…]
  • Secretary Blinken’s Participation in the Mekong-U.S. Partnership Ministers’ Meeting
    In Crime Control and Security News
    Office of the [Read More…]
  • Local woman guilty of disaster fraud
    In Justice News
    A 46-year-old Houston [Read More…]

Crime

Network News © 2005 Area.Control.Network™ All rights reserved.