Slipping Through the Cracks
Federal, state, and local law enforcement agencies will soon have their pick of surplus U.S. military gear, including grenade launchers and high-caliber weapons, after U.S. President Donald Trump rolled back an Obama-era action curtailing the transfer of military equipment to police.
The U.S. Department of Defense (DoD) Law Enforcement Support Office (LESO) program was reined in by then President Obama in 2015 after a spate of killings by police sparked public outrage.
Law enforcement agencies could still acquire medical supplies, training devices, protective gear, and some lethal weapons through the reduced LESO program, but the full range of excess military equipment was unavailable.
The program has been fully reinstated. Concerns about the program’s ability to properly disseminate the military equipment were raised even before Trump expanded the policy. While investigating the LESO program, a congressional watchdog agency stumbled upon an “ineligible entity” that had categorized itself as a federal agency and successfully gained access to military equipment. The U.S. Government Accountability Office (GAO) notified DoD and learned that the case was already being investigated.
But at one point the entity had been approved to use the LESO program. So in late 2016, GAO decided to figure out how this happened by creating its own fraudulent federal agency and applying to the LESO program. The investigation ended up going much further than researchers initially expected.
“We noticed that one of the participants in the program had a somewhat unusual name, and we weren’t aware of a federal agency having that particular name,” explains Zina Merritt, director of GAO’s Defense Capabilities and Management Team. “We kept looking at the processes through which DoD provided this equipment to federal agencies, and we decided that it would be appropriate to task the internal controls through using our investigative capabilities to see how vulnerable the program potentially was.”
The Defense Logistics Agency (DLA) manages the LESO program, which has provided more than $6 billion in excess DoD property to more than 8,600 agencies since 1991. While GAO was investigating the program, before Trump expanded access to equipment, about 4 to 7 percent of the property was sensitive and could not be released to the public. GAO has studied the LESO program before, and upon the most recent review found that most policy enhancements had occurred at the state and local level; few had been made in regard to federal agencies.
GAO researchers submitted a fake application that included a fictitious agency name, number of employees, point of contact, and physical location. They were surprised when, in early 2017, the nonexistent agency was approved to participate in the LESO program.
“We thought they would have noticed that our Web address was not a .gov address,” Merritt says. “We thought they would probably call us and verify some of the information, and they did not—correspondence was mostly by email. They asked us for the statute that created our particular organization, and we sent them a bogus statute, but they didn’t catch that. We left them a lot of bread crumbs but we didn’t get caught, and we thought we would get caught along the way—we were hoping that we would get caught.”
The investigators were given access to the program’s online portal to request property and selected more than 100 items, including night vision goggles, simulated rifles, and pipe bomb trainers—items that could be made lethal if modified with commercially available items.
When researchers went to pick up the items from a disposition site, they were able to pass security checks and enter the warehouse—two of the three sites did not check the investigator’s identification. They also were given more items than they were approved to receive.
When Merritt and her team disclosed their investigation, she says DLA officials were surprised by the results.
“Not only could we gain access to the program, but, we identified other weaknesses at the disposition sites, such as people not checking IDs or people not counting the items we were provided,” she says. “You have to keep in mind that we could have gotten other items such as actual rifles, Humvees, and things like that—we just opted not to get those things. But once approved, you can get lethal items as well.”
Merritt notes that in the midst of the GAO investigation, however, DLA officials had already begun to strengthen the LESO application process.
“They were creating memorandums of understanding with the federal agencies applying; that’s something they didn’t have prior,” Merritt tells Security Management. “However, they just had not gone a step further to actually have federal coordinators for the federal participating agencies. That’s a step they did after we completed the review.”
Following the GAO report’s release in July, Merritt testified before a U.S. House of Representatives subcommittee about the findings and further recommendations, including revising procedures for approving applications, conducting a fraud risk assessment to mitigate risk, and ensuring that officials verify the identification of people picking up items as well as the number of items retrieved. Merritt has seen other improvements to the program already, including in-person visits to LESO-involved agencies and making sure applicants are eligible to take part in the program.
“I think now, at least with the process of applications, they are ensuring they’re legitimate agencies—that’s where the principal breakdown was,” Merritt explains. “The first step was at least having better oversight and processes to prevent entities that were not eligible to participate to gain access in the first place.”
The flow of military equipment isn’t just a problem in the United States. DoD runs another program that provides military equipment to Iraqi security forces, including the Kurdistan Regional Government forces, to fight ISIS.
Since 2015, about $2 billion in equipment, such as weapons and vehicles, was funded through the Iraq Train and Equip Fund (ITEF), sent overseas, and transferred to the governments. However, another GAO report found that the transfer of equipment has not been properly documented due to data reporting and interoperability issues.
The report, DoD Needs to Improve Visibility and Accountability Over Equipment Provided to Iraq’s Security Forces, looks at how DoD tracks the status of the equipment from acquisition through transfer to foreign governments.
Jessica Farb, director of internal affairs and trade at GAO, tells Security Management that personnel were not properly using the Security Cooperation Information Portal (SCIP), a Web-based tool that tracks the equipment flow.
“What we found was that by not using the SCIP, which is not just for Iraq but all cooperation matériel that we provide to partnered nations, DoD broadly could not have complete visibility and be able to account for everything that was going on because the system had missing information,” Farb says.
Of the 566 requisitions marked complete that GAO studied, fewer than half had the arrival date of the equipment at the point of departure in the United States recorded, and none had information on when the equipment was shipped from the United States, when it arrived in Kuwait or Iraq, or when it was transferred to the foreign governments.
Additionally, the report found missing documentation from equipment transfers to Iraq and Kurdistan governments—more than half of the forms were missing the date of transfer and case identifier information. Officials said they issued verbal orders requiring case identifier information to be included on the forms, but GAO noted that the program’s standard operating procedures do not include that requirement.
“By not capturing the transfer dates of ITEF-funded equipment..., DoD components’ visibility over the amount of ITEF-funded equipment transferred to the government of Iraq is limited,” the report explains. The missing transit information means that DoD cannot ensure that the equipment has reached its intended destination.
GAO didn’t issue any recommendations because it could not pin down why SCIP was not being used to document the transfer of equipment. The system itself may not be importing data correctly from other DoD data systems, but there is also a lack of clear procedures for reporting the data, the report notes.
“Essentially, that’s why we made a recommendation about DoD looking at the root causes, because it wasn’t easy for them or for us to identify what the single cause was,” Farb explains. “Was it people not entering information, or was it interoperability issues? We didn’t really come to the conclusion that one is the biggest or the single most important issue.”
Greg Schneider, CPP, president of security consultation company Battle Tested Solutions, LLC, says both reports demonstrate the lack of control measures in such military equipment supply chains. Transferring American-made weapons to foreign governments has been a quagmire for many decades, he says, because of how easily they can fall into the wrong hands.
“Sometimes weapons that are funded for one cause can get retasked and repurposed, or sometimes go missing, because sometimes no one wants to leave any traces if they want to get arms into the hands of other people,” Schneider notes. “In Iraq and Kurdistan, there are so many different parties at play, and you have other parties on the outside that are watching with great interest the whole process of the United States delivering weapons to the Kurds because maybe they don’t like the Kurds.”
Meanwhile, Farb says GAO will continue to help DoD figure out why transfer dates for ITEF-funded equipment aren’t being recorded. Current ITEF funding ends next fall, and Farb notes that the new administration has set up a program that would both equip and train Iraq and Syria to oppose adversaries.
As for the LESO program, Merritt says GAO does not take a position on the recent change in policy, but reaffirms that as long as the program continues, the agency will be paying close attention to DOD’s efforts to rectify the lapses in security.
“The way we view it is one item of this type getting into the wrong hands is one item too many,” she says. “We just can’t emphasize that enough.”
ASIS International's Supply Chain Risk Management Standard helps organizations address operational risks in their supply chains, including risks to tangible and intangible assets, developed by a global, cross-disciplinary technical team and in partnership with the Supply Chain Security Council.