Federal Reports

THE DEPARTMENT HAS DETERMINED THAT THIS REPORT CONTAINS SENSITIVE SECURITY INFORMATION (SSI) that is controlled under 49 CFR parts 15 and 1520 to protect Sensitive Security Information exempt from public disclosure. For U.S. Government agencies, public disclosure is governed by 5 U.S.C. 552 and 49 CFR parts 15 and 1520. A redacted version of the report will be posted here on our website when it is available. What We Looked AtThe Federal Aviation Administration (FAA) operates up to 172 Terminal Radar Approach Control (TRACON) facilities, which provide air traffic control services to pilots in the airspace immediately surrounding major airports. Currently, air traffic controllers use the Standard Terminal Automation Replacement System (STARS) to provide critical air traffic services at the 11 largest TRACONs, which handle about 33 percent of all TRACON traffic in the United States. Effective security controls and contingency plans at these 11 facilities are critical to maintaining the safety and security of the National Airspace System. Accordingly, we initiated this audit to (1) assess FAA’s identification and mitigation of security risks in STARS and (2) determine whether FAA’s contingency planning limits the effects caused by the loss of STARS operations at large TRACON facilities during emergencies. What We FoundFAA is identifying STARS’ security risks but is not mitigating vulnerabilities in a timely manner. In March 2019, for example, FAA found vulnerabilities in 53 of 73 STARS security controls but did not meet its own schedule for remediating them. DOT policy requires timely remediation of vulnerabilities to reduce the risk that an attacker could gain unauthorized access to mission-critical systems. In addition, the Agency’s STARS incident response policy does not comply with Federal requirements, and we found security control weaknesses that could make it harder for the Agency to ensure the confidentiality, integrity, and availability of STARS. Finally, FAA’s contingency plans for three large TRACONS are not sufficient to maintain continuity of air traffic operations during unplanned outages, as Agency policy requires. Our RecommendationsWe made 11 recommendations and consider recommendations 1–9 and 11 resolved but open pending completion of FAA’s planned actions. In accordance with DOT Order 8000.1C, we have asked the Agency to provide additional information on its planned actions for recommendation 10 within 30 days of the date of this report. 

The VA Office of Inspector General (OIG) conducted a healthcare inspection at the VA Southern Nevada Healthcare System in North Las Vegas in response to a referral from the U.S. Office of Special Counsel, which contained allegations that facility leaders responded inadequately after a patient attacked and later threatened a social worker. The OIG determined that facility managers failed to timely respond after the social worker reported an assault during a home visit and did not address the social worker’s health needs after the assault. The social worker’s supervisor failed to immediately report the incident to community and VA police. The facility’s policies lacked specific guidance regarding employee emotional and mental health injuries. Further, the OIG substantiated that the social worker was not informed by a supervisor of a homicidal threat, occurring subsequent to the assault, until two weeks after facility leaders became aware of the threat. Deficient communication between the supervisor and the Deputy Chief of VA Police resulted in a delay in notification to the social worker as well as a failure to coordinate with the community police who had jurisdictional oversight. Additional issues included a delay in disruptive behavior flag placement, deficiencies in VA police Disruptive Behavior Committee participation, and vacancies and staff turnover in the facility Housing and Urban Development Veterans Affairs Supporting Housing (HUD VASH) program. The OIG made six recommendations related to staff and supervisor awareness and reporting compliance with patient disruptive behavior incidents occurring outside of VA grounds, traumatic injury needs of staff experiencing a work-related emotional or mental health injury, timely notification of threats to targeted staff, placement of patient record flags, VA police participation in the Disruptive Behavior Committee process, and a review of HUD-VASH staffing and training needs.

Five members of Congress asked the VA Office of Inspector General (OIG) to review the Veterans Health Administration’s (VHA) canine research approval process in response to public concerns about alleged animal welfare and oversight violations. In fiscal years (FY) 2018 and 2019, Congress mandated that the VA Secretary directly approve the use of appropriated funds for canine research. The OIG found VHA conducted eight studies without the former or current Secretary’s direct approval, resulting in the unauthorized use of $393,606 in appropriated funds.VA continued research using canines after the passage of the funding restrictions, in part, because VHA executives perceived that then VA Secretary David Shulkin had approved the continuation of the studies before his March 28, 2018, departure. Former Secretary Shulkin denied approving each study for continuation after funding restrictions were enacted. The OIG did not confirm Dr. Shulkin had directly approved continuation in a March 28, 2018, meeting on his last day as Secretary. VHA also did not have a formal procedure to obtain and document the Secretary’s approval. Unclear communication, inadequate recordkeeping, and failure to ensure approval decisions were accurately recorded and verified all contributed to VHA’s noncompliance. Providing unsupported and potentially inaccurate information on this topic could undermine public trust in VA and unnecessarily detract attention from its important statutory mission—supporting a wide range of authorized research on veterans’ health issues. The OIG recommended the under secretary for health establish a process to obtain the Secretary’s approval for canine research as required by federal law, ensure approval is documented, and prevent appropriated funds from being spent without approval. The OIG also recommended the under secretary report to Congress on FY 2018 and 2019 funds spent on canine research without the Secretary’s approval.