January 25, 2022

News

News Network

Responding to Modern Cyber Threats with Diplomacy and Deterrence

26 min read

Dr. Christopher Ashley Ford, Assistant SecretaryBureau of International Security and Nonproliferation

Washington, DC

Center for Strategic and International Studies

As Prepared

Good afternoon, everyone, and thank you for inviting me to participate in this event.  You have no reason to know it, but I actually got my start in the think tank world at the Center for Strategic and International Studies (CSIS) — as an Africanist, of all things, working as a summer intern for Helen Kitchen in your African Studies department, way back in 1990.  It was, in fact, my first introduction to what a think tank is, and what a think tank does, so thank you for that formative experience. 

None of us imagined at that point that something called cyberspace would be such an important part of the 21st Century international security environment, of course, but here we are. 

But that’s why I should really start today by offering special thanks to you, Jim , for your indispensable service as Rapporteur for several successive cyber-focused U.N. Groups of Governmental Experts (GGEs) where some extremely important work was done in articulating norms of responsible behavior for cyberspace.  There aren’t many people around who can claim to have had so formative an impact upon an entire field of diplomacy as Jim has had in the cyber arena, so on behalf of the Department, I congratulate and thank him for all his contributions. 

For my own part, I’d like to say a few words today about what we’re currently doing in the U.S. Government in the field of cyberspace security diplomacy.  At a time when lurid, real-time headlines and the swirl of an oncoming U.S. presidential election understandably offer innumerable opportunities for distraction, I think it’s vital not to lose sight of the fact that important ongoing policy initiatives continue to advance — and that there is actually a great deal of really valuable continuity and evolutionary progress in U.S. cyber diplomacy. 

Why we should need to pay attention to such things, of course, is pretty obvious.  In this ever more Internet-connected age, it is no surprise that cyber threats continue to increase.  The more indispensable such connectivity is for commerce, communications, and innumerable aspects of daily life, the more that malicious actors see opportunities to steal (or hold hostage) the information lifeblood of our contemporary economy, or otherwise to profit malevolently from these modern dependencies.  But the problem goes beyond the “ordinary” criminality of fraud and theft, and even the “traditional” cyber espionage undertaken by states.   

The emergence of a new era of great power competition has raised the stakes in the cyber arena.  Adding to the problems we already faced from cyber criminality, we now also must address a new layer of geopolitical threat from the revisionist powers of the People’s Republic of China (PRC) and Russia — states that use cyber tools to steal technology to build up their military capabilities, to prepare for devastating attacks upon our critical infrastructure in the event of crisis or conflict, to carry out disruptive cyber attacks aimed at destabilizing our allies and partners, and to influence and manipulate our electoral processes.  This shift in the threat is a challenge of enormous magnitude, and one to which the non-authoritarian world is still only in the early stages of mounting effective responses. 

This expert audience at CSIS needs no primer on the threefold threat we face from cyber-facilitated technology-transferpotential disruptive or destructive cyber attacks against critical infrastructure, and cyber-facilitated political manipulation.  What I’d like to outline this afternoon is what we are doing — at least in my own piece of the State Department — in responding to these threats.  

Before I address the various steps we’re taking, however, let me say a quick word about what I am pleased to say we are not doing. 

“Arms Control” in Cyberspace  

What we are not doing is reflexively chasing solutions that cannot address the problems that we face in cyberspace.  Effective risk reduction in cyberspace is challenged by several important characteristics of the cyber domain.   

  • First, malicious cyber activity can be carried out across a spectrum that spans activities both above and below the legal threshold of a use of force.   
  • Second, impending cyber attacks offer few external observables, giving little strategic or tactical warning and complicating the ability to attribute responsibility for an incident and to verify compliance with accepted norms of behavior.   
  • And third, the technologies involved in cyber operations, and their ubiquity and often dual-use nature, not to mention their possession by both state and non-state actors, make cyberspace tools difficult to define or control, while raising the possibility that efforts to achieve such control would have severe repercussions for innovation and economic development. 

All of this makes effective “arms control,” at least as traditionally conceived, difficult or impossible in protean, rapidly evolving, high-technology domains such as cyberspace.  As I have also pointed out with respect to the high-technology domain of outer space, if one aims to limit or ban “weapons” in cyberspace in the way that traditional arms control tries to address other dangerous tools, it is all but impossible to come up with a good definition.   

There seems to be no way to avoid being either damagingly over-inclusive in ways that would also prohibit technologies essential to peaceful civilian and scientific uses, dangerously under-inclusive in ways that would miss entire categories of potential weaponry,” or in fact both Moreover, even if you could define the problem, no one’s ever been able to offer an intelligible scheme for verifying a prohibition.  So like outer space, cyberspace: is a domain in which technologies are evolving so quickly, private and governmental actors are  intertwined, and definitions of what can be a ‘weapon’ are so vague, that it is hard to see how traditional, rule-based and legally binding ‘prohibitory’ approaches to arms control could work.” 

Accordingly, the United States has long rejected efforts to impose traditional arms control measures on offensive cyber capabilities.  Such a stance is especially important given the degree to which Russian and PRC campaigns to promote “arms control” in cyberspace have focused less on actual measures to reduce the risk of conflict involving technical cyber operations than they have focused on efforts merely to co-opt arms control rhetoric in support of campaigns by those authoritarian regimes to legitimize oppressive controls over the political content of Internet communications.   

As so often in diplomacy, therefore, not doing dumb things is half the battle.  Accordingly, we continue to resist the temptation to engage in quixotic “arms control” efforts in cyberspace, especially when such proposals originate from dictatorial regimes that are themselves engaged in some of the world’s most egregious cyber behavior.   

Frameworks for Responsibility and Restraint 

So that’s what we’re not doing.  What about what we are doing?  

Well, one critical plank of the U.S. agenda is to promote clear understandings of what constitutes responsible State behavior in cyberspace — which Jim knows full well, thanks (as I noted) to his outstanding contributions in this area.   

As I have explained elsewhere, U.S. diplomats – for more than a decade, in fact, and across three U.S. presidential administrations – have been working with counterparts around the world to articulate and to promote such voluntary, non-binding norms.  

One of these key principles is the idea that international humanitarian law, international human rights law, and indeed also the United Nations Charter itself, apply to State behavior in cyberspace in the event of armed conflict.  Led by the United States, a broad coalition of diplomats carried the day on this at the 2013 cyber GGE, which articulated by consensus that “nternational law, and in particular the Charter of the United Nations, is applicable and is essential to maintaining peace and stability and promoting an open, secure, peaceful and accessible  environment.”  This conclusion was reiterated by a subsequent GGE in 2015, and both reports have been endorsed by U.N. Member States.  Russia has recently started to try to walk back its commitment to this principle — and we must all join in condemning and resisting this — but the achievement of the United States and its GGE partners in making these points clear was a huge step forward for cyber diplomacy. 

Beyond articulating the applicability of international law, moreover, United Nations cyber GGEs have also spelled out voluntary, non-binding norms of responsible State behavior that apply short of armed conflict.  The consensus 2015 GGE report, for instance, recommended among other things that States should not “conduct or knowingly support activity … that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public.”  The U.N. General Assembly has by consensus called on all states to be guided by these norms.   

These principles are voluntary, non-binding norms rather than legally binding requirements.  Nevertheless, they are a major step forward in creating expectations of responsible behavior in the cyber domain to help guide State actions and encourage restraint and prudence in cyber operations.    

Cyber Deterrence  

And that brings me to some of our more recent innovations.  For such understandings of what constitutes responsible behavior are also critical to understanding what behavior is irresponsible — and that, in turn, opens up possibilities for efforts to make such irresponsibility increasingly unattractive to its would-be perpetrators.  This is the burgeoning arena of cyberspace deterrence. 

Explicit strategies of deterrence are only relatively recent additions to U.S. cyberspace policy.  For a while, the United States seemed almost to hope that the mere example of its good-faith engagement with malicious cyber actors such as Russia and the PRC might be enough to persuade them to rein in their bad behavior.  In 2013, for instance, the Obama Administration established a new communications channel for addressing cyberspace problems that connects the U.S. State Department to the Ministry of Defense in Moscow.   

Such direct, domain-specific channels can indeed provide a valuable means with which parties can communicate about emergent issues in ways that could help them manage crises and prevent inadvertent escalation.  While an important step forward, however, that new link did not represent a fully adequate answer, because U.S. policy at the time seemingly ignored the element of deterrence.  The approach then seemed to rest on the idea that communication alone could address growing cyberspace threats, as if the Kremlin’s malicious cyber activities were simply miscalculations or mistakes that would be stopped if we simply pointed them out.  That “pure communication” approach collapsed in response to Moscow’s efforts to influence the 2016 U.S. elections because the Russian activity in question, of course, wasn’t a misunderstanding or error that might be corrected after having attention drawn to it, but instead a deliberate policy choice.   

But we have learned the lessons of that history, and we have come more explicitly to incorporate elements of deterrence into cyberspace security diplomacy as well.  The lessons of the last few years have made clear that having a framework of responsible state behavior is not enough in itself: there must also be consequences for the violation of such norms.   

This approach builds upon the 2018 U.S. National Cyber Strategy, which made clear that:

“s the United States continues to promote consensus on what constitutes responsible state behavior in cyberspace, we must also work to ensure that there are consequences for irresponsible behavior that harms the United States and our partners…. The United States will launch an international Cyber Deterrence Initiative to build … a coalition and develop tailored strategies to ensure adversaries understand the consequences of their own malicious cyber behavior.  The United States will work with like-minded states to coordinate and support each other’s responses to significant malicious cyber incidents, including through intelligence sharing, buttressing of attribution claims, public statements of support for responsive actions taken, and joint imposition of consequences against malign actors.” 

This work involves the whole U.S. interagency.  Pursuant to the 2018 Department of Defense Cyber Strategy, for instance, the armed forces “defend forward to disrupt or halt malicious cyber activity at its source … to stop threats before they reach their targets.”  The Justice Department uses its own authorities against malicious cyber actors, including just this very afternoon, when Justice indicted six Russian military intelligence officers for involvement in “some of the world’s most destructive malware to date,” including in attacks which caused blackouts in Ukraine, as well as unleashing the incredibly destructive “NotPetya” virus. 

For our part, we at the State Department have also played a leading role in this — in particular, through building the aforementioned Cyber Deterrence Initiative, or CDI.  On the one hand, we have continued the work I’ve already described to promote acceptance of and adherence to the U.S.-developed framework of responsible state behavior in cyberspace.  On the other, we have worked within the U.S. government and with international partners to build a shared capacity to swiftly impose consequences when our adversaries transgress this framework.  Working with interagency colleagues, we have developed policies, processes, and response options that allow us to act quickly.  We have also worked closely with likeminded countries to build a flexible model for organizing cooperative responses to significant cyber incidents. 

“Attribution diplomacy,” as I call it, is a critical part this work.  It used to be assumed in some quarters that cyber attribution was more or less impossible, but thankfully that’s not true.  It’s not easy, of course, but it’s hardly impossible, and we’re getting better not just at doing attribution ourselves but at mobilizing partners to condemn malicious cyber activity as well.  This is a critical component of our cyberspace security diplomacy. 

In September 2019, for instance, 28 states joined in a “Joint Statement on Advancing Responsible State Behavior in Cyberspace,” which included a commitment to “work together on a voluntary basis to hold states accountable when they act contrary to this framework.”  In February 2020, 20 individual states – and the European Union as a whole – also joined in condemning the disruptive cyber attack against the country of Georgia that was mounted in October 2019 by the Russian GRU military intelligence service.   

In April 2020, moreover, the United States and several other likeminded countries issued concerted statements in response to an alert issued by the Czech Republic about its detection of impending cyber attacks targeting its health sector, warning that such actions would result in consequences.  This was the first time  that likeminded states have ever come together to warn against a specific future cyber attack, and we believe our warning had an effect; despite preparatory work by the would-be perpetrators, no major cyber attack ultimately occurred in that case. 

Reinforced by the increasing imposition of not just United States but now also European Union sanctions in egregious cyber casesthis cyberspace security diplomacy is helping to increase the costs and risks faced by the perpetrators of malicious cyber activity.  There’s a long way to go, of course, but we’ve been making really important strides.    

Organizing the State Department for Success  

As a final note, I should also recount that the State Department is finally organizing itself for success in this arena, too.  As far as I can tell, it is all but universally agreed that the Department badly needs a bureau the full-time job of which is to address cyberspace security and emerging technology (ET) issues.  Such points have been made, for instance, by the National Security Commission on Artificial Intelligence, the Cyberspace Solarium Commission, and by world-class think tanks such as you good folks at CSIS 

Well, we at the Department agree with that, and this is why Secretary Pompeo notified Congress in 2019 of our intention to create a new Bureau for Cyberspace Security and Emerging Technologies (CSET).   

Our move to create CSET is based on the idea that in addition to the need to ensure that the Department is fully staffed and prepared for the ongoing challenges of cyberspace security diplomacy, we also need full-time specialist expertise to address the security challenges presented by rapid developments in ET areas such as artificial intelligence and machine learning, quantum information science, nanotechnology, biological sciences, hypersonic systems, outer space, additive manufacturing, and directed energy.   

The 2017 National Security Strategy, after all, acknowledges that maintaining a competitive advantage in ET is critical to national security interests and economic growth.  Our strategic competitors certainly think so, and they are working as fast as they can to seize advantage in these areas.  We must not allow ourselves to be left behind. 

Hitherto, no one bureau at State has been responsible for ensuring that the Department develops and implements coordinated diplomatic responses to the national security-related aspects of cyberspace and of current and future ET.  So we’re going to fix that.  Reporting to the Under Secretary for Arms Control and International Security, CSET will finally allow the State Department to be properly organized to handle these various security challenges.   

Nevertheless, actually getting this done has been hard — and needlesslyeven embarrassingly, so.  Secretary Pompeo notified Congress of our intent to create the new bureau in the summer of 2019.  Thanks to the refusal of merely two Members of Congress who have kept “holds” upon our creation of this new bureau, however, CSET still does not exist, nearly a year and half later.  Our adversaries are surely delighted by this, of course, for their activities against the United States have faced no “hold,” and indeed they are accelerating.  

So I hope this roadblock will be quickly overcome, for the State Department badly needs to posture itself against the security challenges this country faces in cyberspace and in connection with emerging technologies.  We badly need to reorganize and resource our cyber diplomats, but other countries – both partners and adversaries – have moved forward to establish analogous institutionswhile we have been held back by those two Members of Congress.   

Within the Department, we’ve long done good work on these issues, and have coordinated smoothly across multiple bureaus, but we can do better.  With CSET, I trust we soon will. 

Conclusion 

So, all in all the breadth and the severity of the cybersecurity threats we face are great, and they are growing.  Nevertheless, the U.S. Government is now mounting increasingly effective responses — not least, here at State.   

This is a challenging arena, and it will require much hard work and attention in the years ahead.  But we are now on the right path, and we are making progress. 

Thank you. 

News Network

  • High Ranking MS-13 Gang Member Facing Federal Firearms Charges After Nightclub Shooting
    In Crime News
    A criminal complaint was unsealed Nov. 6 charging the local leader of an MS-13 Gang clique with being a convicted felon in possession of a firearm, announced Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division and U.S. Attorney Don Cochran for the Middle District of Tennessee.
    [Read More…]
  • Department of Justice’s COPS Office Invests More Than $536.7 Million in Grants to Improve Public Safety, Reduce Crime and Advance Community Policing
    In Crime News
    The Department of Justice’s Office of Community Oriented Policing Services (COPS Office) awarded more than $536.7 million in Fiscal Year 2020 to increase law enforcement hiring and to improve school safety, combat opioids and methamphetamine, advance community policing efforts, provide training to the law enforcement field, and protect the health of our nation’s officers and deputies.
    [Read More…]
  • The United States Supports the Voices of the Venezuelan People
    In Crime Control and Security News
    Michael R. Pompeo, [Read More…]
  • Bermuda Travel Advisory
    In Travel
    Reconsider travel to [Read More…]
  • The United States and the Holy See: Promoting Religious Freedom and Defending Human Dignity
    In Crime Control and Security News
    Office of the [Read More…]
  • Puerto Rico Electricity: FEMA and HUD Have Not Approved Long-Term Projects and Need to Implement Recommendations to Address Uncertainties and Enhance Resilience
    In U.S GAO News
    As of October 2020, 3 years since the hurricanes destroyed much of Puerto Rico's electricity grid, neither the Federal Emergency Management Agency (FEMA) nor the Department of Housing and Urban Development (HUD) had approved long-term grid recovery projects in Puerto Rico. In 2019, GAO made four recommendations to FEMA and HUD to address identified challenges in rebuilding the electricity grid in Puerto Rico. As of October 2020, FEMA had fully implemented one recommendation and partially implemented two others, while HUD had not implemented its recommendation. Specifically, FEMA established an interagency agreement with the Department of Energy (DOE) to clarify how the agencies would consult on recovery efforts. FEMA had taken actions to partially implement recommendations on improving coordination among federal and local agencies and providing information on industry standards. However, further steps are needed, including finalizing guidance on FEMA's process for approving funding for projects. Regarding HUD, it has not addressed GAO's recommendation to establish time frames and requirements for available funding. Damaged Power Lines in Puerto Rico in November 2017 after Hurricane Maria Until HUD and FEMA implement GAO's recommendations, uncertainty will linger about how and when federal funding for long-term grid recovery will proceed. In particular, it is uncertain how available funding sources will support measures to enhance grid resilience to hurricanes, such as smart grid technology. FEMA officials told GAO that additional funding sources could be used for resilience measures but that this would not be determined until specific projects are submitted to FEMA for approval. Moreover, although FEMA finalized a $10 billion cost estimate for grid repairs in September 2020, several steps remain before FEMA approves funding for projects—a process officials said they were drafting. HUD funding could supplement FEMA funding but, as discussed above, HUD has yet to establish conditions for using these funds and has not established time frames and a plan for issuing this information. According to HUD officials, they plan to publish requirements in the first quarter of fiscal year 2021, but this depends on other factors, such as input from other federal agencies. Further delays in publishing the conditions could contribute to delays in Puerto Rico's ability to initiate grid recovery projects. In 2017, Hurricanes Irma and Maria damaged Puerto Rico's electricity grid, causing the longest blackout in U.S. history. It took roughly 11 months after the hurricanes for power to be restored to all of the customers with structures deemed safe for power restoration. Since electricity service has been restored, local entities have undertaken the longer-term task of more fully repairing and rebuilding the grid. GAO reported in 2019 on challenges hindering progress in rebuilding the grid and recommended that FEMA and HUD take actions to address these challenges. This report examines the status of efforts to support long-term grid recovery in Puerto Rico, including actions taken by FEMA and HUD to implement GAO's 2019 recommendations. For this report, GAO assessed agency actions; reviewed relevant reports, regulations, policies, and documents; and interviewed federal and local officials. GAO previously made three recommendations to FEMA and one to HUD to provide needed information and improve coordination to support grid recovery. Both agencies disagreed with GAO's characterization of their progress made addressing these prior recommendations. GAO continues to believe additional actions are needed to fully implement these recommendations. For more information, contact Frank Rusco at (202) 512-3841 or ruscof@gao.gov.
    [Read More…]
  • Assistant Secretary of State for Political-Military Affairs R. Clarke Cooper Travels to the United Arab Emirates, Saudi Arabia, Bahrain, and Israel
    In Crime Control and Security News
    Office of the [Read More…]
  • Drug Misuse: Agencies Have Not Fully Identified How Grants That Can Support Drug Prevention Education Programs Contribute to National Goals
    In U.S GAO News
    The Department of Education (Education), the Department of Health and Human Services (HHS), and the Office of National Drug Control Policy (ONDCP) manage six key federal grant programs that can support drug prevention activities in schools. The flexibility of these grants supports a variety of drug prevention education programs. The agencies generally monitor grantees' compliance with grant requirements through periodic reporting. The aim of the National Drug Control Strategy (Strategy) is to reduce drug misuse, but HHS, and ONDCP have not fully defined how several key grant programs support the Strategy. ONDCP's guidance directs agencies to report, for each grant program, performance measures that relate to the Strategy's goals. However, some performance measures for several programs did not relate to drug prevention, did not link directly to the Strategy's prevention goals, or were not reported at all. For example: A $372 million set-aside for HHS's Substance Abuse Prevention and Treatment Block Grant program must be used on drug prevention, but HHS did not link the program's performance measures to the Strategy's prevention education goal.   ONDCP did not report on any performance measures in the Strategy or document how its $100 million Drug-Free Communities Support program contributes to achieving specific goals in the Strategy. GAO also found that the approximately $10 million grants to states component of Education's School Climate Transformation Grant program could more fully provide performance information related to the Strategy's prevention education goal. Fully understanding these programs' contributions to the goals of the National Drug Control Strategy could help Congress and the public better understand and assess how the nation's significant investments in drug prevention education programs help address the drug crisis. Most people who develop a substance use disorder begin using substances as adolescents. To reach adolescents, drug prevention programs are frequently provided in schools. Education, HHS, and ONDCP manage most federal programs that support school-based drug prevention activities. This report (1) describes how Education, HHS, and ONDCP support drug prevention activities in schools, and monitor those efforts and (2) examines the extent to which these agencies identify how their prevention activities support the National Drug Control Strategy. GAO reviewed agency documentation, the 2019 and 2020 National Drug Control Strategy documents which ONDCP identified as being most relevant to our review including the fiscal year 2019 drug control budget, ONDCP guidance, relevant federal laws, and GAO's prior work on attributes of successful performance measures that can help achieve agency goals. GAO also interviewed federal and state officials. GAO is making four recommendations, including that Education, HHS, and ONDCP clarify how grants that can include drug prevention education programs support related goals of the National Drug Control Strategy. HHS and ONCP agreed with the recommendation and Education partially concurred, saying it would explore collecting and reporting related performance data. For more information, contact Jacqueline M. Nowicki at (617) 788-0580 or nowickij@gao.gov.
    [Read More…]
  • J&F Investimentos S.A. Pleads Guilty and Agrees to Pay Over $256 Million to Resolve Criminal Foreign Bribery Case
    In Crime News
    J&F Investimentos S.A. (J&F), a Brazil-based investment company that owns and controls companies involved in multiple industries, including the meat and agriculture industry, has agreed to pay a criminal monetary penalty of $256,497,026 to resolve the department’s investigation into violations of the Foreign Corrupt Practices Act (FCPA).  The resolution arises out of J&F’s scheme to pay millions of dollars in bribes to government officials in Brazil in exchange for obtaining financing and other benefits for J&F and J&F-owned entities.
    [Read More…]
  • Secretary Antony J. Blinken and Dominican Republic Foreign Minister Roberto Alvarez Before Their Meeting
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • The Justice Department Unveils Proposed Section 230 Legislation
    In Crime News
    Today, on behalf of the [Read More…]
  • International Religious Freedom Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Indonesia National Day
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Leaders of the Lorenzana Drug Trafficking Organization Extradited on International Narcotics Trafficking Charges
    In Crime News
    Guatemalan nationals Haroldo Geremias Lorenzana-Cordon, aka Chuci and Chuchy, and Marta Julia Lorenzana-Cordon, aka Julie, Yulie, Julia, and Morena were extradited from Guatemala to the United States on December 10 to face international drug trafficking charges.
    [Read More…]
  • Tax Administration: Better Coordination Could Improve IRS’s Use of Third-Party Information Reporting to Help Reduce the Tax Gap
    In U.S GAO News
    Information returns are forms filed by third parties, such as employers and financial institutions that provide information about taxable transactions. These forms are submitted to the Internal Revenue Service (IRS), the Social Security Administration, and taxpayers. Fifty unique types of information returns provide information on individual taxpayers and have a variety of purposes, such as reporting on wages earned or amounts paid that qualify for a tax credit or deduction. IRS identifies mismatches between information returns and tax returns for potential additional review, including enforcement actions. According to IRS research, taxpayers are more likely to misreport income when little or no third-party information reporting exists than when substantial reporting exists. Overview of Internal Revenue Service's (IRS) Process for Matching Information Returns IRS's ability to process and use information returns is limited by its outdated legacy information technology (IT) systems. In 2017, IRS developed a plan to modernize its information return processing systems; however, IRS paused its efforts due to, according to IRS, resource constraints. IRS has an opportunity to capitalize on prior planning efforts by re-evaluating and updating these efforts and integrating them into its broader IT modernization efforts. IRS does not have a coordinated approach with cross-agency leadership that strategically considers how information reporting could be improved to promote compliance with the tax code. While information returns affect many groups across IRS and support multiple compliance programs, no one office has broad responsibility for coordinating these efforts. A formalized collaborative mechanism, such as a steering committee, could help provide leadership and ensure that IRS acts to address issues among the intake, processing, and compliance groups. For example, IRS has not undertaken a broad review of individual information returns to determine if thresholds, deadlines, or other characteristics of the returns continue to meet the needs of the agency. For tax year 2018, IRS received and processed more than 3.5 billion information returns that it used to facilitate compliance checks on more than 150 million individual income tax returns. By matching information reported by taxpayers against information reported by third parties, IRS identifies potential fraud and noncompliance. GAO was asked to review IRS's use of information returns. This report provides an overview of information returns and assesses the extent to which IRS has a coordinated approach to identifying and responding to risks related to the use of information returns in the tax system, among other objectives. GAO reviewed IRS documents and data on information returns filing, processing, and use, and interviewed cognizant officials. GAO compared IRS's efforts in this area to federal internal control standards, and IRS's strategic plan. GAO is making nine recommendations to IRS, including that IRS revise its modernization plans for its information returns processing systems and incorporate it into broader IT modernization efforts and develop a collaborative mechanism to improve coordination among IRS groups that use information returns. IRS neither agreed, nor disagreed with the recommendations; however, IRS outlined actions it plans to take to address the recommendations. Social Security Administration had no comments. For more information, contact James R. McTigue at (202) 512-9110 or McTigueJj@gao.gov.
    [Read More…]
  • Designation of Al-Qa’ida Supporters
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]
  • Defense Health Care: DOD Needs to Fully Assess Its Non-clinical Suicide Prevention Efforts and Address Any Impediments to Effectiveness
    In U.S GAO News
    What GAO Found The Department of Defense (DOD) has a variety of suicide prevention efforts that are implemented by the military services (Army, Navy, Air Force, and Marine Corps). These include clinical prevention efforts that are generally focused on individual patient treatment and interventions, as well as non-clinical efforts that are intended to reduce the risk of suicide in the military population. This includes, for example, training servicemembers to recognize warning signs for suicide and encouraging the safe storage of items such as firearms and medications. Officials with DOD's Defense Suicide Prevention Office (DSPO) told GAO that most ongoing non-clinical efforts are evidence based. Officials added that a suicide prevention effort is considered to be evidence based if it has been assessed for effectiveness in addressing the risk of suicide in the military population, which has unique risk factors such as a higher likelihood of experiencing or seeing trauma. These officials stated that newer efforts are generally considered to be “evidence informed,” which means that they have demonstrated effectiveness in the civilian population, but are still being assessed in the military population. DSPO officials further explained that assessments of individual prevention efforts can be challenging because suicide is a complex outcome resulting from many interacting factors. In 2020, DSPO published a framework for assessing the collective effect of the department's suicide prevention efforts by measuring outcomes linked to specific prevention strategies, such as creating protective environments. However, this framework does not provide DOD with information on the effectiveness of individual non-clinical prevention efforts. Having a process to assess individual efforts would help DOD and the military services ensure that their non-clinical prevention efforts effectively reduce the risk of suicide and suicide-related behaviors. GAO also identified impediments that hamper the effectiveness of DOD's suicide prevention efforts, including those related to the reporting of suicide data. Definitions. The military services use different definitions for key suicide-related terms, such as suicide attempt, which may result in inconsistent classification and reporting of data. These data are used to develop the department's annual suicide event report. DOD officials stated that this could negatively affect the reliability and validity of the reported data, which may impede the department's understanding of the effectiveness of its suicide prevention efforts and limit its ability to identify and address any shortcomings. Annual suicide reports. DOD publishes two yearly suicide reports through two different offices that are based on some of the same data and provide some of the same information, resulting in the inefficient use of staff. While these reports serve different purposes, improved collaboration between the two offices could help minimize duplication of effort and improve efficiency, potentially freeing resources for other suicide prevention activities. Why GAO Did This Study Suicide is a public health problem facing all populations, including the military. From 2014 to 2019, the rate of suicide increased from 20.4 to 25.9 per 100,000 active component servicemembers. Over the past decade, DOD has taken steps to address the growing rate of suicide in the military through efforts aimed at prevention. The National Defense Authorization Act for Fiscal Year 2020 included a provision for GAO to review DOD's suicide prevention programs. This report examines DOD's suicide prevention efforts, including, among other objectives, (1) the extent to which non-clinical efforts are assessed for being evidence based and effective and (2) any impediments that hamper the effectiveness of these efforts. GAO examined suicide prevention policies, reports, and assessments and interviewed officials from DOD, the military services, and the Reserve components. GAO also interviewed officials at four installations and a National Guard site selected for variety in military service, location, and size.
    [Read More…]
  • Navistar Defense Agrees to Pay $50 Million to Resolve False Claims Act Allegations Involving Submission of Fraudulent Sales Histories
    In Crime News
    Navistar Defense LLC (Navistar), an Illinois based manufacturer of military vehicles and subsidiary of Navistar International LLC, has agreed to pay $50 million to resolve allegations that it fraudulently induced the U.S. Marine Corps to enter into a contract modification at inflated prices for a suspension system for armored vehicles known as Mine-Resistant Ambush Protected vehicles.
    [Read More…]
  • Justice Department Settles with Microsoft to Resolve Immigration-Related Discrimination Claims
    In Crime News
    The Department of Justice today announced it has reached a settlement agreement with Microsoft Corporation resolving allegations that the company discriminated against non-U.S. citizens based on their citizenship status during the early stages of Microsoft’s hiring process by asking them for unnecessary, specific immigration documents to prove they could work for the company without needing its sponsorship for work visas.
    [Read More…]
  • Departure of Qatar Airways Charter Flight from Kabul
    In Crime Control and Security News
    Antony J. Blinken, [Read More…]

Crime

Network News © 2005 Area.Control.Network™ All rights reserved.