WPC'W 2BJ Z Courier3|xBold2x6X@`7X@HP LaserJet 4, Room 752m 752HPLAS4.PRS 4x  @\8vwX@2 6$F v3|CourierCourier BoldCourier ItalicHPLAS4.PRS 4x  @\9EX@a8DocumentgDocument Style StyleXX` `  ` 2=pRkk-a4DocumentgDocument Style Style . a6DocumentgDocument Style Style GX  a5DocumentgDocument Style Style }X(# a2DocumentgDocument Style Style<o   ?  A.  2votY a7DocumentgDocument Style StyleyXX` ` (#` BibliogrphyBibliography:X (# a1Right ParRight-Aligned Paragraph Numbers:`S@ I.  X(# a2Right ParRight-Aligned Paragraph Numbers C @` A. ` ` (#` 2  o  a3DocumentgDocument Style Style B b  ?  1.  a3Right ParRight-Aligned Paragraph Numbers L! ` ` @P 1. ` `  (# a4Right ParRight-Aligned Paragraph Numbers Uj` `  @ a. ` (# a5Right ParRight-Aligned Paragraph Numbers _o` `  @h(1)  hh#(#h 2   Y 2 a6Right ParRight-Aligned Paragraph Numbersh` `  hh#@$(a) hh#((# a7Right ParRight-Aligned Paragraph NumberspfJ` `  hh#(@*i) (h-(# a8Right ParRight-Aligned Paragraph NumbersyW"3!` `  hh#(-@p/a) -pp2(#p a1DocumentgDocument Style StyleXqq   l ^) I. ׃  2i+0 [[Doc InitInitialize Document Style  0*0*  I. A. 1. a.(1)(a) i) a) I. 1. A. a.(1)(a) i) a)DocumentgTech InitInitialize Technical Style. k I. A. 1. a.(1)(a) i) a) 1 .1 .1 .1 .1 .1 .1 .1 Technicala5TechnicalTechnical Document Style)WD (1) . a6TechnicalTechnical Document Style)D (a) . 2XIa2TechnicalTechnical Document Style<6  ?  A.   a3TechnicalTechnical Document Style9Wg  2  1.   a4TechnicalTechnical Document Style8bv{ 2  a.   a1TechnicalTechnical Document StyleF!<  ?  I.   2ea7TechnicalTechnical Document Style(@D i) . a8TechnicalTechnical Document Style(D a) . PleadingHeader for numbered pleading paperP@n   $] X X` hp x (#%'0*,.8135@8:authorized staffing within the effected Bureau, the Compliance & Information Bureau"$0*%%F#"  x(CIB), will decrease by about onethird, from 384 to 254 positions as a result of the  xrestructuring of field operations. The plan will be transmitted to the House and Senate  xAppropriations Committees for their approval. Upon approval the FCC will begin  x[required negotiations with the Union representing the Commission's employees regarding the implementation and impact of the plan.  xMThe Office of Inspector General has dedicated itself to assisting the Commission as it  x/continues to improve its efficiency and effectiveness. The Inspector General reports  xdirectly to the Chairman. The OIG is located in Room 752 in the FCC headquarters  xMbuilding at 1919 M Street, N.W., Washington, D.C. 20554. The Office of Inspector  xGeneral (OIG) is staffed by the Inspector General and four staff members: three auditors  xand a staff assistant who serves as the hotline technician. H. Walker Feaster was  \ - x[appointed Acting Inspector General on November 14, 1994, and continues to serve in an  x=acting capacity as of the date of this report. On May 25, 1995 the Commission issued a  x=vacancy announcement for the Inspector General position. The vacancy announcement closed on June 23, 1995. Scheduling of interviews is currently underway.  xyOn May 6, 1995, Robert G. Andary, who served as the Counsel to the Inspector General  x=and Director of Investigations for this office, accepted the position of Inspector General  x{of the Federal Labor Relations Authority (FLRA). To date the OIG has not made a  x.selection to replace Mr. Andary. Pending this personnel action, Paul Brachfeld has been  xNdesignated as the Acting Director of Investigations while continuing in his ongoing capacity as the Director of Audits.  x=This report includes the major accomplishments and general activities of the OIG during  xthe period May 1, 1995, through September 30, 1995, in accordance with Section 5 of the Inspector General Act of 1978, as amended 5 U.S.C. App. 3,  5. "X0*%%@"  \-  y,K AUDITS  y`,K   \-  hK OVERVIEW   x\One audit report was issued by the Inspector General during this reporting period. In  x0other audit activity, OIG auditors dedicated a significant amount of hours towards  xperforming survey work and subsequent audit fieldwork as relates to Fiscal Year (FY)  x1994 Spectrum Auction implementation costs. In performing this complex audit, specific  xemphasis was placed on (1) examining the system implemented by the Commission to  xaccumulate and report auction related accounting information; (2) validating the timeliness  x{and accuracy of the information that was reported; and (3) identifying areas where  ximprovements could be made. The audit staff projects that the final audit report will be  \-issued in the latter part of November, 1995.  xDuring this reporting cycle, OIG auditors facilitated a meeting and subsequent working  x\relationship between the Commission and the Financial Crimes Enforcement Network  x(FINCEN), Department of the Treasury. OIG representatives serving on a multi xOffice/Bureau task force had become aware of the requirements placed on the FCC to  xperform investigative analysis pertaining to the spectrum auction program. Specifically  xresponsibilities resided within the Commission to determine the validity of entities  xclaiming to meet the definition of a small business or minority owned enterprise. Such  xmprospective bidders could obtain favorable bidding and buildout terms from the  xCommission. The task force was exploring the mechanisms Commission staff could use  xin performing these investigations and the likely costs associated with accessing private  xdata networks. OIG staff, who were aware of the unique capabilities of FINCEN and  xFINCEN's charter to assist Federal agencies in law enforcement related matters, contacted  xofficials at FINCEN to lay the groundwork for a constructive and economical relationship  xbetween the FCC and FINCEN. Through the arrangement that was arrived at, FCC staff  xin the Wireless Telecommunications Bureau and Compliance & Information Bureau will  xbe able to utilize FINCEN resources in order to access information to be used in investigating potential irregularities pertaining to spectrum auction bidders.  \7"- xOIG auditors also continued to assist management in its conversion to an offtheshelf,  x=widely used financial system, the Federal Financial System, which went online October 1, 1995."+$0*%% #"Ԍ  hK SIGNIFICANT AUDIT ACTIVITY   \-  41.XxREPORT ON THE SPECIAL REVIEW: INTERNET PENETRATION ANALYSIS(# xThe report was issued May 17, 1995.  xLAs part of the ongoing OIG effort to ensure protection of the Commissions information  xresources, this office performed an Internet penetration analysis. The objective of this  xzanalysis was to attempt to penetrate the internal Federal Communications Commission  xN(FCC) network from an external source through the internet, identify any potential  xweaknesses in the system security infrastructure, and document the controls in place to prevent a successful penetration.  xDuring the review, auditors used readily available software tools to attempt the  x=exploitation of known weaknesses in internet connections. Among the tools used in this  xoffsite review was the Systems Administrator Tool for Analyzing Networks (SATAN).  xSATAN was developed as a security tool which systems administrators could use to  xidentify particular vulnerabilities in their networks. However, once released into the  xpublic domain on April 7, 1995, SATAN became another tool which could be employed by hackers to attack systems.  xIn general, the review identified that the Commission had established effective controls  xover access to the internal FCC network from external sources. These controls included  xthe use of a firewall to manage data traffic, control over the use of potentially risky software utility products, and patches to commonly exploited software weaknesses.  xThe auditors identified four areas where improvements in controls were recommended.  \}- xThese recommendations were documented in the Internet Penetration Report (OIG Report  x.Number 953). Due to the sensitive information contained in this report which could be  xused in a manner inconsistent with the normal operations of the Commission, distribution of this report was restricted to persons on a need to know basis.  \Y"- xDeployment of Computer Security Softwareĩ While performing the Internet Penetration  xReview, the auditors identified other areas of concern pertaining to internal network  xsecurity. In order to assess the degree of risk, the auditors obtained a powerful software"M$0*%%""  xprogram specifically developed to assess the security configuration of file servers using  xNovell's Netware operating system. On June 19, 1995, this program was loaded onto a  xselected server containing sensitive FCC data. The application was designed to analyze six necessary elements of an effectively secured Novell file server as follow:  \-x` ` User account restrictions  \-x` ` Passwords  \-x` ` Access control  \-x` ` Systems monitoring  \-x` ` Data integrity  \ -x` ` Data confidentiality  xTest results reflected  ^KJ weaknesses in the FCC's network security configuration. For  x>example, network users were not required to use passwords of substantial length nor  x-required to change their passwords on a reasonable periodic basis. In fact 2% of users did  xnot have passwords and simply used a Guest login, while 33% of users had easily guessed  \-passwords.  xThe information provided by this report was used by the Commission's Computer Security  x{Officer to support the implementation of a more robust security configuration. On  x{September 20, 1995, the Commission implemented the new security configuration.  xFollowing implementation, testing was again conducted using the software product  xobtained by the OIG. Test results indicated an increase in the overall Novell security posture.  \d- xyCredit Card Programĩ In performing audit survey work related to a planned audit of FCC  x credit cards use, OIG auditors identified that the U.S. Postal Service had developed a  xsoftware referred to as ISIS (Inspection Service IMPAC Scanner). This software, which  x|is free to other government agencies, could be employed to more efficiently and  x-effectively, analyze credit card transactions. Specifically, the software can track individual  xLcredit card transactions by merchant name, merchant city, date of transaction and dollar  \@- xvalue or range of dollar values. Upon identifying this software and its capabilities, a  xdetermination was made to issue a memorandum to the Managing Director, notifying him  xjof the existence of this tool and at the same time terminating further audit activity by this  xoffice. That Managing Director has initiated activity towards obtaining and subsequently employing the ISIS software.  y"$,K ""$0*%%"w"  yf,KINVESTIGATIONS   \-   \-  hK OVERVIEW   xInvestigative matters pursued by this office are generally initiated as a result of complaints  xNalleging fraud, waste, abuse, corruption or mismanagement by FCC employees, or  xaffecting the programs or operations of the Commission. Upon receipt of a complaint  xwhich alleges an administrative or criminal violation, the OIG usually conducts a  \ - xpreliminary inquiry to determine if an investigation is warranted. Investigations may  xinvolve possible violations of regulations regarding employee responsibilities and conduct,  xFederal criminal law, and other regulations and statutes pertaining to the activities of  x\Commission employees. Investigative findings may lead to criminal prosecution, civil prosecution, or administrative action.  \-  xOn August 1, 1995, the FCC OIG instituted a formal hotline. All FCC staff were notified  xof the establishment of the hotline and a Public Notice was issued by the Commission.  x.The hotline number, 2024180473, is serviced by the Special Assistant to the Inspector General.  \< INVESTIGATIVE ACTIVITY   xDuring this reporting period, OIG investigative activity focused on two major  xinvestigations, one of which remains in an open status at this date pending a determination  x-on the part of the Justice Department. A brief synopsis of these investigations is presented below.  \U-  \O-Potential Violation of 18 U.S.C.  207 (a) (2) Status: Open  x.On November 4, 1994, the OIG was made aware of a possible violation of the twoyear  xpostemployment restriction of 18 U.S.C.  207 (a) (2) by a former high level FCC  xemployee. This matter was initially developed and forwarded on December 5, 1994, to  x]the Public Integrity Section, Criminal Division, Department of Justice. During this"+$0*%%(#"  x reporting period, OIG investigative staff conducted detailed interviews with FCC and  xformer FCC officials in order to obtain information pertinent to this investigative matter. The investigation remains in an open status as of the close of this reporting period.  \-  \-Potential Procurement Irregularities Pertaining to Spectrum Auctions Status: Closed  xIn response to allegations received by the OIG, an investigation of procurement actions  x1involving the FCC's Spectrum Auction Program was undertaken by this office.  xOSpecifically, the confidential allegation involved (1) the undertaking of improper  xcontracting procedures by FCC employees and, (2) an attempt by an FCC contractor to  xdirect additional contractual activity to the firm he was employed with. Results of our  x\investigation found no basis to support the aforementioned allegations. However, in a  xmemorandum to the Chief, Wireless Telecommunications Bureau (WTB) dated July 10,  x1995, the Inspector General noted that during the investigation, OIG staff identified that  xan employee within WTB had provided an FCC contractor with access to her login and  x>password to the FCC computer system on the date of his arrival to the FCC. Senior  x/officials within WTB acted expeditiously to address this internal control weakness by  \- xmeeting with the Computer Security Officer and educating the staff as to proper password control measures. The investigation has been formally closed.  \-  \|-Other Investigative Issues  \p-  ],xOIG staff provided assistance and liaison to investigators from the Federal Deposit  xand Insurance Corporation (FDIC) during this reporting period. FDIC investigators  xrequested assistance in obtaining Mass Media Bureau documents and conducting  xinterviews pertinent to filings made at this Commission by individuals who were under investigation by the FDIC.  \L-  ,xOIG staff investigated an allegation that FCC employees received payoffs which  x=resulted in their failure to properly investigate complaints directed against a radio station. OIG staff determined that the allegation lacked basis and the investigation was closed.  \4!-,xOIG staff investigated allegations that an FCC employee was deliberately leaking  xinformation on pending FCC actions to an individual external to the Commission. In  xreviewing the allegation, this office determined that sufficient evidentiary matter did not exist to support further action on the part of this office. ""$0*%%""Ԍ  \-  ,xOIG staff provided assistance and documentation to the Superior Court of the  xDistrict of Columbia, to be used in the prosecution of an individual who had previously  xfiled a complaint with the OIG regarding the Mass Media Bureau's handling of an application for the transfer of a radio station.  \-" 0*%%"  y,K MANAGEMENT AND ADMINISTRATION   \`-   \Z-  xH. Walker Feaster III was appointed Acting Inspector General on November 14, 1994,  xand continued to serve in that capacity during the reporting period. Mr. Feaster has  xkserved the Commission since 1974 in various positions within the Office of Managing  xDirector and within the former Private Radio Bureau. Since 1990, he served as the Associate Managing Director for Program Analysis.  xIn April 1995, the Counsel to the Inspector General and Director of Investigations, Robert  x|Andary, accepted a position as Inspector General of the Federal Labor Relations Authority, effective May 8, 1995. Mr. Andary had served the OIG since May 1992.  xOn August 11, 1995, the Acting Inspector General submitted the FY 1997 Budget  xResource Request for the OIG. Office of Management and Budget (OMB) Circular A11,  xSection 15.11 provides that "each agency designated to establish an Office of Inspector  xzGeneral in the Inspector General Act Amendments of 1988 will submit information on  x=budget authority and FTE levels for PY through BY for its Office of Inspector General."  xIn the OIG request to the Chairman, the office requested two additional positions over the  xzcurrent FTE level. The OIG presently has the same number of FTEs as existed in FY  xz1992 prior to the establishment of a new Bureau to address new mission requirements  x(most notably in the spectrum auction program), significant internal FCC automation  xinitiatives, National Performance Review and the Government Performance Review Act  xactivities and requirements. On August 29, 1995, the OIG was informed by the  xManaging Director that "the Chairman will be submitting a level staffing request for the entire Commission including the IG."  \-  \- x On June 30, 1995, OIG staff presented a briefing to Compliance & Information Bureau  x(CIB) staff from around the country. The briefing was taped and will be provided to FCC  xMstaff throughout the country. The briefing focused on why the FCC has an OIG, the  xmission the OIG performs, and how the OIG can provide the FCC staff with unique audit  xand investigative tools and resources. During a free flowing question and answer period,  xkOIG staff responded to questions and concerns, some which are unique to personnel  xserving in field locations. In the coming months, the OIG intends to offer similar sessions to other Bureaus and Offices within the FCC. "$ 0*%%U#"Ԍ xzDuring this reporting period, OIG auditors continued to work with management in the  ximplementation of the new financial accounting system and have participated in ongoing  xtraining exercises. An OIG auditor attended a detailed onsite working session at the FCC's provider agency, the Bureau of Reclamation.  f<" 0*%%"  x SPECIFIC REPORTING REQUIREMENTS OF SECTION 5(a) OF THE INSPECTOR GENERAL ACT  hoK Yx   \-   !xThe following summarizes the Office of Inspector General response to the twelve  xspecific reporting requirements set forth in Section 5(a) of the Inspector General Act of 1978, as amended.  Zv - x1. A description of significant problems, abuses, and deficiencies relating to the  x{administration of programs and operations of such establishment disclosed by such  Zj -activities during the reporting period.   xNo such problems, abuses, or deficiencies were disclosed during the reporting period. x  ZL- x2. A description of the recommendations for corrective action made by the Office during  xthe reporting period with respect to significant problems, abuses, or deficiencies identified  Z@-pursuant to paragraph (1). xNo recommendations were made. See the response to paragraph (1).  Z(- x3. An identification of each significant recommendation described in previous semiannual reports on which corrective action has not been completed.  \-  \- xNo significant recommendations remain outstanding.  Z-  x\4. A summary of matters referred to prosecutive authorities and the prosecutions and  Z-convictions which have resulted.   AxAn investigation which was opened during the previous reporting period and  xreferred to the U.S. Department of Justice pursuant to section 4(d) of the Inspector  x\General Act remains in an open status. The investigation involves a potential violation of postemployment restriction of 18 U.S.C.  207 (a) (2).  \"-  5.xA summary of each report made to the head of the establishment under section  Z#-(6)(b)(2) during the reporting period."# 0*%%""Ԍ  ԙxNo report was made to the Chairman of the FCC under section (6)(b)(2) during the reporting period.  Z- x6. A listing, subdivided according to subject matter, of each audit report issued by the  xOffice during the reporting period, and for each audit report, where applicable, the total  xdollar value of questioned costs (including a separate category for the dollar value of  xunsupported costs) and the dollar value of recommendations that funds be put to better use.  \-   xEach audit report issued during the reporting period is listed according to subject matter and described in part III, above.  Z -7. A summary of each particularly significant report.   xEach audit report issued during the reporting period is summarized in part III, above.  Z-  x=8. Statistical tables showing the total number of audit reports with questioned costs and  Z-the total dollar value of questioned costs.  \-  \- x The required statistical table can be found at Attachment A to this report.  Z|- x9. Statistical tables showing the total number of audit reports with recommendations that  Zv-funds be put to better use and the dollar value of such recommendations.  \j- x The required statistical table can be found at Attachment B to this report.  Z^- x10. A summary of each audit report issued before the commencement of the reporting  xperiod for which no management decision has been made by the end of the reporting  xperiod (including the date and title of each such report), an explanation of the reasons  xsuch management decision has not been made, and a statement concerning the desired  ZF-timetable for achieving a management decision on each such report. xNo management decisions fall within this category.  Z4!-  x11. A description and explanation of the reasons for any significant revised management  Z(#-decision made during the reporting period. ""$ 0*%%""Ԍ \- x No management decisions fall within this category.  Z- x-12. Information concerning any significant management decision with which the Inspector  Z-General is in disagreement. xNo management decisions fall within this category.