The report comes despite initiatives that called for the government to improve information sharing, including the Homeland Security Act of 2002 and the Intelligence Reform and Terrorism Prevention Act of 2004. The 2002 law required the development of policies for sharing classified and sensitive but unclassified homeland security information. The 2004 measure called for the development of an Information Sharing Environment for terrorism information, the GAO said.
Without government-wide policies and processes on sharing information, the federal government lacks a comprehensive roadmap to improve the exchange of critical information needed to protect the country, the GAO said.
The Office of the Director of National Intelligence (ODNI) is responsible for creating a government-wide information sharing environment, according to the report.
The GAO found that the 26 agencies it reviewed had 56 different sensitive-but-unclassified designations -- one agency alone had 16 of them -- to protect information deemed critical to their missions. Examples include sensitive law or drug enforcement information or controlled nuclear information. However, there are no government-wide policies or procedures to determine how such critical information should be classified or to ensure that all agencies uses the same designations, the GAO said.
'Without such policies, each agency determines what designations and associated policies to apply to the sensitive information it develops or shares,' the GAO said.
In addition, more than half the agencies reported that they face challenges in trying to share information, the GAO said. For example, the Department of Homeland Security said that sensitive-but-unclassified information disseminated to state and local partners had occasionally been posted publicly online or otherwise compromised.
Finally, the GAO said most agencies do not set limits on who can designate information as sensitive but unclassified, perform periodic reviews or determine how well their practices are working, the GAO said.
'The lack of such recommended internal controls increases the risk that the designations will be misapplied,' the GAO said. 'This could result in either unnecessarily restricting materials that could be shared or inadvertently releasing materials that should be restricted.'
To provide for information-sharing policies and procedures, the GAO recommended that the Director of National Intelligence assess progress and address barriers to achieving those goals and propose changes to make them more attainable. The GAO also recommended that the director of the Office of Management and Budget (OMB), in his oversight role in terms of managing federal information, work with agencies on policies and procedures to make them more accountable.
The GAO said it requested comments on its report from the OMB director and the National Intelligence director.
The OMB was silent on whether it disagreed or agreed with the GAO's findings, but said that 'once the program manager and others completed their work to establish government-wide policies, procedures or protocols to guide the sharing of information as it relates to terrorism and homeland security, they would work with the program manager and all agencies to determine what additional steps are necessary, if any.'
The National Intelligence director's office, however, declined to comment on the report, saying a review of intelligence activities is beyond the GAO's purview.
'We are disappointed by the lack of an ODNI response to our report on the critical issue of information-sharing efforts in the federal government,' the GAO said. 'We have placed information sharing for homeland security on GAO's high-risk list, in part because federal agencies have not done an adequate job of sharing critical information in the past and because success in this area will involve the combined efforts of multiple agencies and key stakeholders.'