Building Security
Interagency Security Committee Has Had Limited Success in Fulfilling Its Responsibilities Gao ID: GAO-02-1004 September 17, 2002GAO reviewed efforts by the Interagency Security Committee (ISC) to protect critical federal infrastructure since the committee was created in 1995. ISC is chaired by the General Services Administration (GSA) and comprises 14 department-level agencies and other executive agencies and officials. ISC's primary responsibilities are to (1) establish policies for security in and protection of federal facilities; (2) develop and evaluate security standards for federal facilities, develop a strategy for ensuring compliance with such standards, and oversee the implementation of appropriate security measures in federal facilities; and (3) take the steps necessary to enhance the quality and effectiveness of security and protection of federal facilities. ISC has carried out some of its responsibilities, but it has made little progress on others. During the past 7 years, ISC has developed and issued security design criteria and minimum standards for building access procedures; disseminated information to member agencies, for their consideration and implementation, on entry security technology for buildings needing the highest security levels; and through its meetings and 13 working groups, provided a forum for federal agencies to discuss security issues and share information and ideas. ISC has made little or no progress in developing and establishing policies for security in and protection of federal facilities, developing a strategy for ensuring compliance with security standards, overseeing the implementation of appropriate security in federal facilities, and developing a centralized security database of all federal facilities. Several factors have limited ISC's progress, including (1) the lack of consistent and aggressive leadership by GSA, (2) inadequate staff support and funding for ISC, and (3) ISC's difficulty in making decisions. The creation of a Department of Homeland Security (DHS) would have significant implications for ISC and its responsibilities.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-02-1004, Building Security: Interagency Security Committee Has Had Limited Success in Fulfilling Its Responsibilities
This is the accessible text file for GAO report number GAO-02-1004
entitled 'Building Security: Interagency Security Committee Has Had
Limited Success in Fulfilling Its Responsibilities' which was released
on September 24, 2002.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products‘ accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
Report to Congressional Requesters:
September 2002:
Building Security:
Interagency Security Committee Has Had Limited Success in Fulfilling
Its Responsibilities:
Building Security:
GAO-02-1004:
Contents:
Letter:
Results in Brief:
Background:
ISC Has Made Limited Progress Implementing Its Responsibilities:
Implications of the Creation of DHS on ISC:
Conclusions:
Recommendations for Executive Action:
Matter for Congressional Consideration:
Scope and Methodology:
Agency Comments:
Appendix I: Executive Order 12977 of October 19, 1995:
Appendix II: Federal Executive Branch Entities with Some
Level of Independent Authority to Acquire Real Property:
Appendix III: Definition of Security Levels I through V, from
DOJ‘s Vulnerability Assessment of Federal
Facilities:
Appendix IV: ISC Participant-Identified Strengths and
Weaknesses:
Appendix V: Comments from the Social Security Administration29:
Appendix VI: Major Contributors:
Tables:
Table 1: ISC Products and Working Groups, in Relation to Its
Responsibilities:
Table 2: ISC Strengths Identified by Participating Agencies or by ISC
Agency Representatives:
Table 3: ISC Weaknesses Identified by Participating Agencies or by ISC
Agency Representatives:
Abbreviations:
AOUSC: Administrative Office of the United States Courts
CIA: Central Intelligence Agency
DHS: Department of Homeland Security
DOC: Department of Commerce
DOD: Department of Defense
DOE: Department of Energy
DOJ: Department of Justice
DOL: Department of Labor
DOS: Department of State
DOT: Department of Transportation
Education: Department of Education
EPA: Environmental Protection Agency
FPS: Federal Protective Service
GSA: General Services Administration
HHS: Department of Health and Human Services
HUD: Department of Housing and Urban Development
Interior: Department of the Interior
ISC: Interagency Security Committee
OHS: Office of Homeland Security
OMB: Office of Management and Budget
PBS: Public Buildings Service
SSA: Social Security Administration
Treasury: Department of the Treasury
USDA: Department of Agriculture
USMS: U.S. Marshals Service
USPS: U.S. Postal Service
VA: Department of Veterans Affairs:
Letter:
September 17, 2002:
The Honorable Joseph I. Lieberman, Chairman
Committee on Governmental Affairs
United States Senate:
The Honorable Robert F. Bennett
United States Senate:
In the wake of the events of September 11, 2001, you requested
information regarding critical infrastructure protection within the
federal government. In response to your October 4, 2001, letter and
discussions with your offices, we are preparing two products on federal
facility infrastructure protection. For this first report, we reviewed
the activities performed by the Interagency Security Committee (ISC)
since it was created by Executive Order 12977 in October 1995 (see app.
I). The ISC is chaired by the General Services Administration (GSA) and
comprises 14 department-level agencies and other executive agencies and
officials. It has three primary security responsibilities for
nonmilitary activities: (a) establish policies for security in and
protection of federal facilities; (b) develop and evaluate security
standards for federal facilities, develop a strategy for ensuring
compliance with such standards, and oversee the implementation of
appropriate security measures in federal facilities; and (c) take such
actions as may be necessary to enhance the quality and effectiveness of
security and protection of federal facilities. With the various recent
proposals to create a Department of Homeland Security (DHS), we have
expanded our work to include the implications of the proposed
department on ISC.[Footnote 1] The second report will discuss the
responsibilities of federal agencies to protect federal buildings they
control and/or occupy.
The objectives of this first review were (1) to determine the extent to
which the ISC had fulfilled the responsibilities established for it by
the executive order and (2) to identify the potential implications of
the proposed DHS on ISC and its responsibilities. To meet our review
objectives, we reviewed ISC documents, relevant executive orders, and
proposed DHS legislation; and we interviewed past and present GSA
officials, 17 of 21 ISC participants, and Office of Management and
Budget (OMB) representatives. We requested comments on a draft of this
report from the OMB Director, the Administrator of GSA, the Office of
Homeland Security‘s (OHS) General Counsel, and from ISC agencies
participating in the review. We received comments from 17 agencies. The
Departments of Commerce (DOC), and the Interior (Interior); the
Environmental Protection Agency (EPA); and OHS did not provide comments
on the report.
Results in Brief:
ISC has carried out some elements of its responsibilities, but it has
made little progress on several other assigned responsibilities. Over
its 7-year existence, ISC has developed and issued security design
criteria and minimum standards for building access procedures;
disseminated information to member agencies, for their consideration
and implementation, on entry security technology for buildings needing
the highest security levels; and, through its meetings and 13 working
groups, provided a forum for federal agencies to discuss security-
related issues and share information and ideas. On the other hand, ISC
has made little or no progress in other elements of its
responsibilities, such as developing and establishing policies for
security in and protection of federal facilities, developing a strategy
for ensuring compliance with security standards, overseeing the
implementation of appropriate security in federal facilities, and
developing a centralized security database of all federal facilities.
Representatives from agencies that participate on ISC had several
positive comments about the committee, such as that it provides a
vehicle for coordination and cooperation among federal agencies and a
forum for agencies to discuss security topics of common interest.
However, agency representatives also raised significant concerns about
ISC‘s overall effectiveness, the way it is operated, and the lack of
progress in certain areas. Agency representatives identified several
factors that they believe have contributed to ISC‘s limited progress.
These factors include (1) the lack of consistent and aggressive
leadership by GSA, (2) inadequate staff support and funding for ISC,
and (3) ISC‘s difficulty in making decisions. GSA, which chairs ISC,
has acknowledged these factors, promised full support, and initiated
efforts to address them, such as establishing a charter and voting
process and initiating the process to provide a full-time staff person
to support ISC.
If DHS is created, it would have significant implications for ISC and
its responsibilities.[Footnote 2] While the need for ISC, or an
organization like ISC, would likely continue with the creation of a
DHS, leadership responsibility for ISC could shift from GSA to DHS, and
ISC‘s responsibilities, role, membership, and operation could change.
Under DHS proposals, responsibility for federal building security would
be transferred from GSA and possibly other federal agencies to DHS, and
DHS‘s responsibilities could vary depending on the legislation enacted
to create DHS. GSA‘s and other federal entities‘ responsibilities for
other facilities management functions would not be affected. The
transfer of security responsibilities would separate security from
other facility management functions, such as the siting, design, and
construction of federal buildings, which play an important role in the
provision of appropriate and effective security. DHS would need to work
through ISC or some other vehicle to see that security is appropriately
integrated with other facility management functions. DHS and ISC could
also have a role in overseeing security protection for executive branch
officials for whom no single government agency or official is
responsible.
We are making recommendations to the Administrator of GSA, as chair of
the ISC, and to the Director of OMB, because of his responsibility
under Executive Order 13267 for establishing a transition planning
office for DHS. Our recommendations are aimed at addressing the
concerns that agency officials identified in the management of ISC, as
well as ensuring that coordination exists between building security and
other facility management functions, contingent upon a new DHS assuming
responsibility for federal building security. Also, ISC‘s future
depends largely on how Congress defines DHS‘s role for federal facility
security. The pending bills to create DHS would establish different
roles for DHS. Therefore, we are including as a matter for
congressional consideration that Congress clarify the scope of DHS‘s
authority and responsibilities for federal facility security in any
legislation enacted to create a DHS. Then, ISC‘s role in federal
facility security can be determined based on the legislation enacted to
create DHS. GSA and OMB concurred with our recommendations.
Background:
The federal government owns or leases more than 3.2 billion square feet
of space in 12 categories, such as office, housing, and storage space.
Office space is the largest of the 12 categories, representing about 23
percent of the total, or about 758 million square feet. The three
largest holders of owned and leased office space are GSA, with about
292 million square feet; defense agencies, with about 191 million
square feet; and the U.S. Postal Service (USPS), with about 190 million
square feet.[Footnote 3] In addition to these three agencies, over 30
other executive branch organizations have some level of authority to
purchase, own, or lease office space or buildings. (See app. II for a
listing of these organizations.) In general, agencies are responsible
for the security of the buildings they own or acquire. GSA assigns
space to many federal agencies in GSA-owned
or -leased space; for example, postal facilities are sometimes located
in GSA space. GSA sometimes delegates the security responsibility for
assigned space to the agency occupying that space.
Federal agencies provide security with their own police force or
security personnel; by contracting with the private sector for
security; or by using another agency to provide security, which in turn
may provide security with federal employees or contract guards. Within
GSA, the Federal Protective Service (FPS), which is currently a
component of the Public Buildings Service (PBS), is responsible for
primary security for GSA-owned or -leased properties. FPS may delegate
this responsibility to agencies assigned space in a GSA building. The
bills currently being considered by Congress to create DHS would
transfer FPS and its functions from GSA to DHS. It is unclear whether
FPS‘s responsibilities would remain the same under DHS or would be
expanded to include more than just GSA-owned or -leased properties,
although H.R. 5005, as passed by the House of Representatives, would
specifically give DHS the responsibility to protect buildings and
grounds and property that are owned, occupied, or secured by the
federal government, including any agency, instrumentality, or wholly
owned or mixed-ownership government corporation. In addition, the U. S.
Secret Service provides security for the White House complex and
certain other executive branch buildings. The Marshal of the Supreme
Court and the Supreme Court Police provide security for the Supreme
Court; however, the Department of Justice‘s (DOJ) U. S. Marshals
Service (USMS) and GSA provide security for other federal courts, which
may be located in federal office buildings that house several federal
agencies. The U.S. Capitol Police are responsible for the security of
the Capitol complex, including the Capitol and House and Senate office
buildings; but GSA is responsible for the security of office space it
provides to Members in their home states or districts.
According to an FPS official, FPS had a staff on board of approximately
1,135, consisting of approximately 574 uniformed officers, 108 physical
security specialists, and 453 administrative and other personnel. FPS‘s
fiscal year 2002 budget is $362.1 million, of which about $207 million
is spent on contract guard services. Additionally, GSA is slated to
spend over $300 million more from its reimbursable program for contract
guard services, according to the official.[Footnote 4] This total of
over $500 million for contract guard services will fund approximately
7,300 contract guards according to the FPS official.
The day after the April 19, 1995, bombing of the Alfred P. Murrah
federal building, the president directed DOJ to assess the
vulnerability of federal office buildings in the United States,
particularly to acts of terrorism and other forms of violence. On June
28, 1995, DOJ issued a report entitled Vulnerability Assessment of
Federal Facilities. In this report, DOJ included security levels
designated I through V for office buildings (see app. III for the
definitions of these security levels), minimum security standards for
office buildings, and, as one of its recommendations, the creation of
ISC to provide a permanent body to address continuing governmentwide
security concerns.
Prior to 1995 there were no governmentwide standards for security at
federal buildings. On October 19, 1995, Executive Order 12977
established ISC to develop, among other things, such standards for
buildings and facilities occupied by federal employees for nonmilitary
activities. The committee was to be made up of the Administrator, GSA;
representatives from the 14 department-level agencies; EPA; the Central
Intelligence Agency (CIA); OMB; the Director, USMS; the Assistant
Commissioner, FPS, GSA; the Assistant to the President for National
Security Affairs; the Director, Security Policy Board.[Footnote 5] The
executive order specified that the GSA Administrator or his designee
was to chair the committee. The President reserved the right to appoint
other federal employees to the committee. FPS was designated to provide
administrative services, funds, facilities, staff, and other support
services for ISC to the extent permitted by law and subject to the
availability of appropriations. Also subject to these provisions, other
executive departments and agencies were charged with helping to support
ISC.
ISC was established to enhance the quality and effectiveness of
security in and protection of buildings and facilities in the United
States that are occupied by federal employees for nonmilitary
activities, and to provide a permanent body to address continuing
governmentwide security for federal facilities. ISC‘s responsibilities
are to:
* establish policies for security in and protection of federal
facilities;
* develop and evaluate security standards for federal facilities,
develop a strategy for ensuring compliance with such standards, and
oversee the implementation of appropriate security measures in federal
facilities; and:
* take such actions as may be necessary to enhance the quality and
effectiveness of security and protection of federal facilities,
including but not limited to:
* encouraging agencies with security responsibilities to share
security-related intelligence in a timely and cooperative manner;
* assessing technology and information systems as a means of providing
cost-effective improvements to security in federal facilities;
* developing long-term construction standards for those locations with
threat levels or missions that require blast-resistant structures or
other specialized security requirements;
* evaluating standards for the location of, and special security
related to, day care centers in federal facilities; and:
* assisting the GSA Administrator in developing and maintaining a
centralized security database of all federal facilities.
The order also directs the GSA Administrator, through FPS, to be
responsible for monitoring federal agencies‘ compliance with ISC‘s
policies and recommendations.
ISC Has Made Limited Progress Implementing Its Responsibilities:
ISC has carried out some elements of its responsibilities, but it has
made little progress on several other responsibilities given to it by
the executive order. ISC has issued two formal products. The first, ISC
Security Design Criteria for New Federal Office Buildings and Major
Modernization Projects (ISC Security Design Criteria), was issued in
May 2001. This document contains physical security-design and
construction criteria and standards for federal buildings. The second
product, issued in July 2001, is Minimum Standards for Federal Building
Access Procedures. In 1997 ISC disseminated information on entry
security technology for buildings with high security designations to
member agencies for their consideration and implementation, if
applicable; and it developed a draft report on preparedness for
nuclear, biological, and chemical events. ISC also has been a forum for
federal agencies to discuss security-related issues and share
information and ideas. However, for a number of reasons, it has not
accomplished several elements of its responsibilities. ISC has no
governmentwide data on the extent to which it has enhanced the quality
and effectiveness of federal facility security since its inception,
although this was one of its major objectives. Consequently, several
ISC participants believe it has not been very effective or has not
lived up to its potential.
ISC records show that ISC established 13 working groups between
December 1995 and April 2002, but 11 of 13 working groups were inactive
in July 2002. At its initial meeting in December 1995, 9 working groups
were established within ISC. Eight of these working groups addressed
the various responsibilities identified in Executive Order 12977; the
ninth group was to focus on funding issues.[Footnote 6] In 1996, an
existing working group was split into 2 groups; the new working group
was called ’information systems and centralized database,“ and it
became the tenth working group. A new working group, the eleventh, was
also formed to focus on protective forces at federal facilities.
Further, as the result of congressional testimony we delivered on
security breaches,[Footnote 7] the twelfth working group was
established in 2000 to develop guidelines to improve building access
procedures.[Footnote 8] Finally, in April 2002, ISC established its
thirteenth working group to focus on the security of leased space.
Table 1 shows the areas of responsibility, the working groups
established, and products drafted or issued in each area. As the table
indicates, two products were issued by ISC and two draft products, one
addressing entry security technology and the other preparedness for
nuclear, biological, and chemical events, were not officially issued by
ISC. However, ISC disseminated the product on entry security to
participating agencies for implementation, if appropriate. GSA‘s ISC
records do not indicate what happened to the other product.
Table 1: ISC Products and Working Groups, in Relation to Its
Responsibilities:
Responsibility: Establish policies for security in and protection of
federal facilities.; Name of working group, status, and products
drafted or Issued: No information in ISC records.
Responsibility: Develop and evaluate security standards for federal
facilities, develop a strategy for ensuring compliance with such
standards, and oversee the implementation of appropriate security
measures in federal facilities.; Name of working group, status, and
products drafted or Issued: Five working groups established: (1)
Security Standards for Federal Facilities, established in 1995. No
records of products issued; working group inactive in July 2002. (2)
Oversee Implementation of Security Measures, established in 1995; no
record of products issued by ISC; working group inactive in July 2002.
(3) Protective Forces at Federal Facilities, established 1996; no
record of products issued by ISC; working group inactive in July 2002.
(4) Working group formed in June 2000 to address improving building
access procedures. Issued Minimum Standards for Federal Building Access
Procedures in 2001; working group inactive in July 2002. (5) Working
group formed April 2002 to address security of leased space; working
group active.
Responsibility: Take such actions as may be necessary to enhance the
quality and effectiveness of security and protection of federal
facilities, including but not limited to:; Name of working group,
status, and products drafted or Issued: [Empty].
Responsibility: encouraging agencies with security responsibilities to
share security-related intelligence in a timely and cooperative manner;
Name of working group, status, and products drafted or Issued: Working
group established 1995: Responsibility of Sharing Security Related
Intelligence; no record of products issued by ISC; working group
inactive in July 2002.
Responsibility: assessing technology and information systems as a means
of providing cost-effective improvements to security in federal
facilities; Name of working group, status, and products drafted or
Issued: Working group established 1995: Technology and Information
Systems for Security Improvements and Centralized Data Base; made
recommendations on entry security technology and on preparedness for
nuclear, biological, and chemical events in 1997; working group
inactive in July 2002.
Responsibility: developing long-term construction standards for those
locations with threat levels or missions that require blast-resistant
structures or other specialized security requirements; Name of working
group, status, and products drafted or Issued: Three working groups
established in 1995: (1) Long-Term Construction Standards, issued ISC
Security Design Criteria for New Federal Office Buildings and Major
Modernization Projects in May 2001; working group still active. (2)
Court Security Issues: no record of products issued by ISC; working
group inactive in July 2002. (3) Specialty/ Unique Facilities: no
record of products issued by ISC; working group inactive in July 2002.
Responsibility: evaluating standards for the location of, and special
security related to, day care centers in federal facilities; Name of
working group, status, and products drafted or Issued: Working group
established 1995: People Issues (child care, agency collocation); no
record of products issued by ISC; working group inactive in July 2002.
Responsibility: assisting the Administrator in developing and
maintaining a centralized security database of all federal facilities;
Name of working group, status, and products drafted or Issued: Working
group established 1996: Information Systems and Centralized Data Base
(separated from Technology and Information Systems for Security
Improvements); no record of products issued by ISC; working group
inactive in July 2002.
Responsibility: funding.; Name of working group, status, and products
drafted or Issued: Working group established 1995: Funding Issues; no
record of products issued by ISC; working group inactive in July 2002.
Note: We have assigned the working groups to responsibilities based on
descriptions given about the working group in ISC records and the name
of the working group or its product. ISC records do not identify which
working group was formed to meet which responsibility.
Source: ISC documents and minutes of meetings and discussions with
agency personnel involved with ISC.
[End of table]
ISC members and participating agencies have identified various
strengths and weaknesses with the way in which ISC is structured and
has operated. As examples of ISC‘s strengths, several representatives
from agencies that attend ISC meetings identified the coordination,
communication, and sharing of information among agencies on security
issues; the ability to bring together diverse security and related
expertise to address problems; and the ability to interface with the
private sector.
The reported weaknesses could help explain why ISC has made limited
progress toward meeting some of the responsibilities given to it by the
executive order. Agency representatives identified several weaknesses,
including a lack of consistent and aggressive leadership by GSA and
inadequate staff support and funding, that they said have limited ISC‘s
effectiveness. GSA‘s lack of aggressive leadership and support were
illustrated by the following:
* No charter or operating procedures been issued. The ISC perceived the
need for a charter and operating procedures, and ISC meeting minutes in
1997 indicated that a charter was ready for the GSA Administrator‘s
signature and that GSA would draft standard operating procedures to
implement the charter. Nevertheless, we found no record of an approved
charter or any operating procedures. Several ISC participants expressed
concerns about ISC‘s decisionmaking. These concerns included their
perception of ISC‘s difficulty in making decisions, the lack of agreed-
upon policies and procedures on voting and decisionmaking, and the
limited amount of influence given to smaller agencies as compared with
the larger ones.
* Although ISC has met 14 times since its inception in 1995, no
meetings were held for an approximately 18 month period, from November
1998 to June 2000.[Footnote 9]
* GSA assigned one FPS staff member to support ISC for the past several
years, and this individual supported ISC only on a part-time basis, in
addition to his other duties. According to this individual, ISC had no
independent funding. According to a former GSA official involved with
ISC, the lack of sufficient staff support and budget have adversely
affected ISC‘s success.
* Some ISC representatives point to the long time it took GSA to issue
security design criteria as an example of GSA‘s lack of leadership and
support. Although the design criteria were unanimously approved by ISC
(including GSA) in 1998, they were not officially released until May
2001. The former GSA official who delayed issuance of the security
design criteria said that although he did not know whether he had the
authority to delay issuance, he did so because he believed that the
criteria were too prescriptive and would adversely affect GSA‘s ability
to obtain properties. According to this official, GSA also did not
establish clear lines of authority within GSA concerning ISC, and did
not try hard enough to make ISC work.
* In 1997, ISC agreed to seek full membership for the USPS and the
Social Security Administration (SSA). The ISC Chairman agreed to
initiate the process of formally accepting these two as new members.
Although representatives from the USPS and SSA served on working
groups, they could not vote on ISC issues because the executive order
creating ISC did not specify these agencies as members. Although a GSA
official told us that this issue was discussed with OMB, he said that
GSA did not follow through on having the executive order changed to add
new members because GSA perceived it as a long, drawn-out process.
* Although ISC issued annual reports for 1996 and 1997 discussing such
matters as security enhancements at federal buildings and the status of
various ISC working groups, it has not issued annual reports for the
years after 1997--limiting information about ISC efforts. Furthermore,
we found no evidence that ISC has established performance goals or
measures that would enable it to determine the extent to which one of
its major objectives--enhancing the quality and effectiveness of
federal facility security--has been achieved.
* We found no records, and, when asked, GSA was unable to provide any
documents indicating that either GSA or ISC monitored federal agency
compliance with ISC‘s policies and recommendations, even though both
had been charged with this responsibility.
More recently, under GSA‘s leadership, ISC has recognized that its
success had been constrained by a number of factors; it has been
working to revitalize the committee to meet its responsibilities in
light of the September 11, 2001, terrorist attacks. At a December 2001
conference and in a December 2001 follow-up letter, a GSA official
stated that GSA is committed to reinvigorating ISC. On April 26 and
June 27, 2002, ISC had the first two business meetings in its
revitalization effort. At these meetings, ISC identified the need to
address general ISC issues, such as a charter, voting protocol, and a
new membership process. It also discussed ISC operating procedures and
agreed to meet quarterly unless an emergency meeting were needed. GSA
announced that it was seeking a full-time staff person to plan and
coordinate ISC‘s efforts.
On the programmatic side, in December 2001, GSA, ISC and the American
Institute of Architects participated in a conference entitled Better
Security-Better Design. At its April and June 2002 business meetings,
ISC established a working group to develop security standards for
leased space, and GSA and the State Department agreed to share their
alert systems with the other agencies; ISC representatives also
discussed a number of topics, such as creating one document that would
provide security criteria for new buildings, existing buildings, child
care centers, and leased space, and reducing duplication of effort
between ISC and other groups in the government looking at security
issues.
Implications of the Creation of DHS on ISC:
The creation of a DHS would have significant implications for ISC and
its responsibilities. While the need for ISC, or an organization like
ISC, would likely continue with the creation of a DHS, leadership
responsibility for ISC could shift from GSA to DHS, and ISC‘s
responsibilities, role, membership and operation could change.
Concerning ISC‘s continued existence, the need for an organization like
ISC would likely continue for several reasons. The proposed legislation
by the President and both houses of Congress calls for DHS‘s mission to
include security for and protection of the nation‘s critical
infrastructure. Over 30 federal agencies have authority to own or
acquire real property for which they have security-related
responsibilities. Various agencies, such as the Departments of the
Treasury (Treasury) and Veterans Affairs (VA), have independent police
forces. It would be difficult for DHS to develop and implement policies
and standards for the security of federal facilities without the
participation and assistance of the federal organizations that own and
occupy the facilities, given their large number, their variety, and
their dispersion.
The President‘s DHS proposal as well as the DHS bills being considered
in Congress would move FPS from GSA to DHS. With respect to the ISC‘s
leadership, such a move would likely mean that the ISC chairmanship
would shift from GSA to DHS if FPS were moved, since GSA would no
longer have the security role of FPS. Should this occur, DHS could
decide to seek a change in ISC‘s role, or the law creating DHS could
necessitate changes in ISC‘s role. The President‘s proposal and S. 2452
did not specifically address whether DHS‘s security responsibilities
for facilities would include more than just buildings that are GSA-
owned or -occupied. However, H.R. 5005, as passed by the House of
Representatives, provides that the DHS Secretary ’shall protect the
buildings, grounds and property that are owned, occupied, or secured by
the Federal Government (including any agency, instrumentality, or
wholly owned or mixed-ownership corporation thereof) and the persons on
the property.“[Footnote 10] This could include facilities controlled by
the Department of Defense (DOD), Congress, and the Judiciary. Thus, if
such a provision were included in the legislation that is enacted, DHS
would have significantly greater authority and responsibility than GSA
currently has for federal property security, and the nature of the
relationship between the ISC Chair and ISC member agencies would
change. This is because the GSA Administrator currently does not have
direct authority or responsibility for security for federal property
that GSA does not own or acquire by lease; under H.R. 5005, the DHS
secretary would have direct authority and responsibility for security
governmentwide. Moreover, the DHS Secretary, in consultation with the
GSA Administrator, could issue and enforce policies and standards
governmentwide; the GSA Administrator needs the auspices of ISC to do
this for buildings not under GSA‘s control.
It appears that ISC‘s role after DHS is established would depend
largely on the role that DHS‘s authorizing legislation assigns to DHS
for federal facility security, which differs in pending legislation, as
well as how DHS would decide to use the ISC or groups similar to ISC.
For example, if DHS were given direct overall responsibility for the
full range of federal security functions, it would appear that ISC or a
similar group would play more of an advisory/information-sharing role.
On the other hand, if DHS were directly responsible for security only
for GSA-owned and -leased space, then the ISC or a similar group might
continue to make decisions for other owned or leased space. In
addition, the specific nature of the responsibilities given to DHS
would affect the ISC. For example, DHS‘s responsibilities for federal
facility security could include one or more of the following:
policymaking, standard setting, decisionmaking, training, planning,
information/intelligence sharing, providing day-to-day security
protection, and oversight. The challenge of having DHS be directly
responsible for all of these functions for all federal facilities would
have to be considered. For those functions given to DHS, it would have
to decide which functions it would perform, which ones it might
delegate to the organization previously responsible, and which ones
would be appropriate for an organization like the ISC. The specific
language of the final legislation creating DHS and how it addresses
this issue would obviously affect ISC‘s future role.
Another possible responsibility ISC could have under a newly
established DHS would be to assist DHS in carrying out the initiatives
contained in the July 2002 Office of Homeland Security‘s National
Strategy for Homeland Security as they relate to critical
infrastructure. For example, ISC could assist in performing and
maintaining a complete and accurate assessment of the nation‘s critical
federal facilities and related infrastructure and in developing a
national infrastructure protection plan for federal facilities.
According to the strategy, this would include establishing standards
and benchmarks for infrastructure protection and providing a means for
measuring performance as related to federal facilities. In addition,
the ISC could have a role in assisting DHS to carry out its
intelligence-related responsibilities, including the sharing of threat
and risk information, as they relate to federal facilities.
Still another responsibility that could be considered for ISC is the
security protection that is provided to executive branch officials. In
July 2000, we reported that responsibility for this was divided among
many agencies, and no single agency or official was responsible for
handling issues related to the routine protection of these
officials.[Footnote 11] We said that from fiscal years 1997 through
1999, agencies reported that personnel from 27 different agencies
protected officials holding 42 executive branch positions in 31
executive branch agencies. The problems we found included lack of
specific statutory authority to provide protection, lack of
standardized threat assessments and training, and lack of a federal
organization responsible for overseeing this function on a
governmentwide basis. We recommended that the OMB Director, in
consultation with the President, designate an official or group to
assess issues related to security protection for executive branch
officials. In early 2002, an OMB representative told us that OMB had
not yet acted on our recommendation and that the Office of Homeland
Security (OHS) might be the appropriate organization to handle this
issue. Thus, this could also be an appropriate responsibility for DHS
and ISC.
After ISC‘s future role and responsibilities are determined, such
issues as membership, operating procedures, and funding and support
needs would have to be assessed. These could entail looking at the
factors and issues that we and the agency representatives had
identified as contributing to limited progress by ISC as it has existed
prior to DHS, to see whether the actions initiated by GSA addressed
them sufficiently or needed to be modified or enhanced. These include
ISC‘s charter, operating procedures, decisionmaking process,
membership, meeting schedule, funding and support, and performance
goals and measures. For example, if DHS becomes responsible for all the
facilities provided in H.R. 5005, it may be appropriate to add other
organizations besides the USPS and SSA to ISC, including government
corporations. For another example, GSA has said that it was seeking a
full-time staff member to support ISC. DHS would have to determine
whether one person would be sufficient to meet DHS‘s objectives and
schedule for ISC.
Another important responsibility that would have to be considered is
integration between security and the facility management functions.
Under DHS proposals, DHS would be responsible for property security,
but GSA and other agencies with authority to own or acquire space would
retain their responsibilities for such functions as choosing facility
locations and building design and operation. In addition, agencies will
still have to ensure that each property adequately and effectively
supports the mission of the occupying agency or other government entity
and that any security systems, procedures, or devices implemented at a
facility do not materially hamper the ability of the entity to carry
out its mission effectively.
We and a GSA official have both testified that security is a key
facilities management function: security needs to be integrated into
decisions about location, design and operation of federal
facilities.[Footnote 12] Further, in testifying on a proposal to make
FPS a separate service within GSA, GSA stated that such an action would
divorce security from other federal facility functions. According to
GSA, separating FPS from PBS would create an organizational barrier
between protection experts and the PBS asset managers, planners, and
other staff who set PBS budgets and policies for GSA‘s building
inventory. GSA said that FPS‘s budget, personnel actions, and
operational focus have been centralized to yield results that are
better than if FPS were separate. Additional concerns were raised about
security and the facilities management function in a November 1999
Symposium on Security and the Design of Public Buildings, which was
jointly sponsored by GSA and the Department of State (DOS) in
cooperation with the American Institute of Architects. Presenters
concluded that public building design processes must find innovative
ways to improve security and protect American values without creating a
fortress image. Thus, if DHS becomes responsible for the security of
federal facilities, DHS would likely not only need a mechanism like ISC
to work with GSA and other federal entities on security-related
matters; it would also need a way to ensure that building security and
other facility management functions are integrated. An organization
like ISC that comprises the affected entities could serve to promote
such integration.
Finally, in commenting on a draft of this report, DOS‘s Senior Advisor
in DOS‘s Office of Diplomatic Security raised another issue he believed
would be relevant for DHS‘s creation. This issue related to the
existing delegations of authority from GSA to various agencies that
enable them to provide their own facility protection. He believes that
these delegations are important elements of the government‘s efforts to
protect its facilities that ISC and DHS need to consider.
Conclusions:
Although ISC has carried out some of its responsibilities, it has made
little progress on others, and several participants believe that its
progress has been limited. Agency officials and ISC participants
identified factors and issues in areas such as membership, leadership,
charter, operating procedures, decisionmaking processes, meeting
frequency, and staffing and funding support that they believe have
limited ISC‘s progress. We also noted that ISC lacks performance goals
and measures. GSA has acknowledged the lack of consistent and
aggressive leadership by GSA, inadequate staff support and funding for
the ISC, and ISC‘s difficulty in making decisions and has initiated
efforts to address them. However, it is too early to tell whether these
efforts will be sufficient.
With the potential creation of a DHS, the need for ISC, or an
organization like ISC, would likely continue. The creation of DHS would
have significant implications for ISC and its responsibilities. ISC‘s
leadership, responsibilities, role, membership, and operation could
change. To deal with these possible changes, the factors and issues
that affected ISC‘s progress prior to the creation of DHS should be
considered, including the extent to which GSA has addressed these
issues. DHS‘s creation and assignment of responsibility for federal
facility security would also necessitate the need to consider how best
to integrate facility security and the other facility management
functions. Further, DHS‘s creation would raise the issue whether DHS
and ISC should be given responsibility for security protection for
executive branch officials. Finally, how Congress ultimately decides
upon DHS‘s role for federal facility security in any legislation to
create DHS would have significant implications for ISC, DHS, and other
federal agencies.
Recommendations for Executive Action:
In the short term, we recommend that the Administrator of GSA work with
ISC to ensure that actions are effectively implemented to correct the
problems identified with ISC in this report. Furthermore, given that
OMB is a current member of ISC and has been given responsibility for
heading the government‘s efforts to help establish DHS,[Footnote 13] we
recommend that the Director of OMB work with DHS, GSA, and other
appropriate entities to ensure that the issues our review has
identified are addressed by the appropriate agency or agencies that
will have the responsibility of overseeing the protection of federal
facilities and executive branch officials.
Matter for Congressional Consideration:
As Congress continues its deliberations on proposed legislation
creating DHS, it may want to clarify DHS‘s jurisdiction with respect to
the federal organizations under its purview and the specific security-
related functions for which it is responsible. Federal organizations
under DHS‘s jurisdiction could range from, exclusively, the federal
buildings now under GSA‘s control to all facilities owned, occupied, or
secured by the federal government. Limiting DHS‘s jurisdiction to
exclusively GSA-controlled properties would leave out many nonmilitary
facilities, while extending it to all property owned or occupied by the
federal government would be an enormous undertaking. The functions for
which DHS could assume responsibility could include policy and standard
setting, training, information and intelligence sharing, planning and
oversight, and the actual provision of security services. In deciding
which security-related functions DHS should be responsible for
providing, two factors for Congress to consider are the need for
integrating the security function with the day-to-day management of the
facility and the challenge that would be associated with providing day-
to-day security for all federally owned, occupied, or secured
facilities.
Scope and Methodology:
To achieve our objective of determining whether ISC had fulfilled the
duties and responsibilities established by the executive order, we
reviewed Executive Order 12977, the minutes of ISC meetings, and
available products developed by ISC. We also interviewed 17 of 21
members and participating nonmembers of ISC; FPS officials; and both
current and former GSA officials. Further, we attended the December
2001 and the April and June 2002 ISC meetings. We did not interview the
Central Intelligence Agency‘s officials, because the agency declined to
participate in our assignment. Also, we did not interview the Assistant
to the President for National Security Affairs because, being new to
the position, this person had limited knowledge of ISC and its past
efforts. Further, our report does not reflect any comments from OMB
about ISC‘s current or past operations, because an OMB official said
that OMB had not attended meetings in the past several years and did
not have time-relevant information to provide us on these matters. We
did not interview the Director of the Security Policy Board because it
has been abolished. Further, responses from several agencies were
limited by the fact that ISC representatives were new or had not
attended meetings in several years. Our review of ISC accomplishments
was constrained by the lack of detailed ISC records after 1997 and by
the turnover of agency personnel who participated in ISC activities.
Thus, our reporting of accomplishments was based on available ISC
records and the recollections of those persons whom we interviewed who
had varying lengths of experience with ISC.
To determine the implications of the creation of DHS on ISC, we
reviewed the President‘s proposal to create DHS, proposed legislation
that would create DHS, the OHS‘s July 2002 National Strategy, Executive
Order 13267, and our July 2001 report on security protection for
executive branch officials. We also discussed this issue with
representatives from OMB, GSA, and OHS.
We conducted our review of ISC between December 2001 and July 2002 in
accordance with generally accepted government auditing standards. We
received written responses from 3 agencies; oral or E-mail comments
from 14 agencies; and 4 agencies did not respond. The comments are
discussed in the following section.
Agency Comments:
We requested comments on a draft of this report from the OMB Director,
the Administrator of GSA, OHS‘s General Counsel, and ISC agencies
participating in our review. We received written responses on our draft
report from the Departments of Health and Human Services (HHS) and
Housing and Urban Development (HUD), and from SSA. HHS had no comments.
HUD and SSA generally agreed with the report‘s conclusions and
recommendations. We received oral or E-mail responses on our draft
report from GSA; the Administrative Office of the United States Courts
(AOUSC); DOD; DOJ; DOS; Treasury; VA; the Departments of Education
(Education), Energy (DOE), Labor (DOL), Transportation (DOT), and
Agriculture (USDA); OMB; and USPS. GSA, DOE, DOL, USDA, USPS, and VA
concurred with the information in our report. AOUSC, Education, DOD,
DOJ, DOT, and Treasury had no comments. OMB agreed with our
recommendation and suggested technical changes that we have made. DOS
raised several issues, which we discuss below. The DOC, Interior, EPA,
and OHS did not provide comments on the report.
GSA‘s Commissioner of the Public Buildings Service said that he
concurred with our recommendation and our view that a full resolution
of the ISC issues we identified depended on the mission and authorities
given to DHS. He also said that GSA would seek ISC member comments on
our report at its next meeting and would consult with OMB officials and
the DHS transition planning office to address the future role of the
ISC within the context of DHS.
SSA‘s Commissioner raised two issues that SSA believes the ISC needs to
consider. These are the role of the federal facilities building
security committees and the need to integrate the term ’force
protection“ into the ISC charter and operating procedures. While these
issues may be reasonable for ISC to consider, we did not address them
in our review and are not in a position to discuss them definitively.
(See app. V.):
DOS‘s Senior Advisor in the Office of Diplomatic Security raised a
question about our discussion that the ISC assume some role in security
protection of executive branch officials, considering the ISC‘s
responsibility for facility security. Our discussion on this issue
related to both DHS and ISC. If DHS is created, a role in the
protection of executive branch officials may be appropriate. He also
suggested that we provide the basis for this discussion in this report.
The basis is discussed in our report and relates to work we have
previously reported on in a separate review. He also expressed concern
about the lack of reference in our report to GSA‘s delegation of
authority to various agencies, to enable them to provide their own
facility protection. Although our report pointed out these delegations,
we have modified it to reflect his concern. He also recommended a
technical change, which we have made.
DOS‘s Director of the Office of Domestic Operations said that offices
responsible for safety and security often have opposing views and that,
in his opinion, any mechanism established to integrate security into
federal facilities should include safety offices. We did not address
this issue in our review and are therefore not in a position to comment
on it. He also pointed out the there are other entities currently
working on federal facility security issues, such as the Physical
Security Working Group and the Protective Forces Working Group, which
should be included under the DHS or ISC umbrella or should have a
specific separate mandate. While we did not address the roles of these
two groups, this appears to be a reasonable issue for DHS or ISC to
address.
As agreed with your office, unless you publicly announce the contents
of this report, we plan no further distribution until 7 days from the
report date. At that time, we will send copies of this letter to the
Ranking Minority Member of the Senate Committee on Governmental
Affairs, other appropriate congressional committees, the Director of
OMB, the Administrator of GSA, OHS, and other interested organizations.
We will also make copies available to others upon request. In addition,
the report will be available at no charge on the GAO Web site at http:/
/www.gao.gov.
Please contact Ron King or me at (202) 512-2834. Major contributors to
this report are acknowledged in appendix VI.
Bernard L. Ungar
Director, Physical Infrastructure Issues:
Signed by Bernard L. Ungar:
[End of section]
Appendix I: Executive Order 12977 of October 19, 1995:
The President:
Interagency Security Committee:
By the authority vested in me as President by the Constitution and the
laws of the United States of America, and in order to enhance the
quality and effectiveness of security in and protection of buildings
and
facilities in the United States occupied by Federal employees for
nonmilitary
activities (…‘Federal facilities‘‘), and to provide a permanent body to
address continuing government-wide security for Federal facilities, it
is hereby ordered as follows:
Section 1. Establishment. There is hereby established within the
executive branch the Interagency Security Committee (…‘Committee‘‘).
The Committee shall consist of: (a) the Administrator of General
Services (…‘Administrator‘‘);
(b) representatives from the following agencies, appointed by the
agency
heads:
(1) Department of State;
(2) Department of the Treasury;
(3) Department of Defense;
(4) Department of Justice;
(5) Department of the Interior;
(6) Department of Agriculture;
(7) Department of Commerce;
(8) Department of Labor;
(9) Department of Health and Human Services;
(10) Department of Housing and Urban Development;
(11) Department of Transportation;
(12) Department of Energy;
(13) Department of Education;
(14) Department of Veterans Affairs;
(15) Environmental Protection Agency;
(16) Central Intelligence Agency; and
(17) Office of Management and Budget;
(c) the following individuals or their designees:
(1) the Director, United States Marshals Service;
(2) the Assistant Commissioner of the Federal Protective Service of the
Public Buildings Service, General Services Administration (…‘Assistant
Commissioner‘‘);
(3) the Assistant to the President for National Security Affairs; and
(4) the Director, Security Policy Board; and
(d) such other Federal employees as the President shall appoint.
Sec. 2. Chair. The Committee shall be chaired by the Administrator, or
the designee of the Administrator.
Sec. 3. Working Groups. The Committee is authorized to establish
interagency working groups to perform such tasks as may be directed by
the Committee.
Sec. 4. Consultation. The Committee may consult with other parties,
including the Administrative Office of the United States Courts, to
perform its responsibilities under this order, and, at the discretion
of the Committee, such other parties may participate in the working
groups.
Sec. 5. Duties and Responsibilities. (a) The Committee shall:
(1) establish policies for security in and protection of Federal
facilities;
(2) develop and evaluate security standards for Federal facilities,
developa strategy for ensuring compliance with such standards, and
oversee theimplementation of appropriate security measures in Federal
facilities; and
(3) take such actions as may be necessary to enhance the quality and
effectiveness of security and protection of Federal facilities,
including butnot limited to:
(A) encouraging agencies with security responsibilities to share
security-related intelligence in a timely and cooperative manner;
(B) assessing technology and information systems as a means of
providing cost-effective improvements to security in Federal
facilities;
(C) developing long-term construction standards for those locations
with threat levels or missions that require blast resistant structures
or
other specialized security requirements;
(D) evaluating standards for the location of, and special security
related to, day care centers in Federal facilities; and
(E) assisting the Administrator in developing and maintaining a
centralized security database of all Federal facilities.
Sec. 6. Agency Support and Cooperation. (a) Administrative Support. To
the extent permitted by law and subject to the availability of
appropriations, the Administrator, acting by and through the Assistant
Commissioner, shall provide the Committee such administrative services,
funds, facilities, staff and other support services as may be necessary
for the performance of its functions under this order.
(b) Cooperation. Each executive agency and department shall cooperate
and comply with the policies and recommendations of the Committee
issued pursuant to this order, except where the Director of Central
Intelligence determines that compliance would jeopardize intelligence
sources and methods. To the extent permitted by law and subject to the
availability of appropriations, executive agencies and departments
shall provide such support as may be necessary to enable the Committee
to perform its duties and responsibilities under this order.
(c) Compliance. The Administrator, acting by and through the Assistant
Commissioner, shall be responsible for monitoring Federal agency
compliance with the policies and recommendations of the Committee.
Sec. 7. Judicial Review. This order is intended only to improve the
internal management of the Federal Government, and is not intended, and
should not be construed, to create any right or benefit, substantive or
procedural, enforceable at law by a party against the United States,
its agencies, its officers, or its employees.
Ï–:
THE WHITE HOUSE,
October 19, 1995.
[FR Doc. 95-26497
Filed 10-20-95; 2:55 pm]
Billing code 3195-01-P:
[End of section]
Appendix II: Federal Executive Branch Entities with Some Level of
Independent Authority to Acquire Real Property:
This information is from Facilities Location: Agencies Should Pay More
Attention to Cost and Rural Development Act, GAO-01-805, July 31, 2001.
Agency for International Development
American Battle Monuments Commission
Appalachian Regional Commission
Bonneville Power Administration
Broadcasting Board of Governors
Central Intelligence Agency
Department of Agriculture
Department of Commerce
Department of Defense
Department of Education
Department of Energy
Department of Health and Human Services
Department of Housing and Urban Development
Department of the Interior
Department of Justice
Department of Labor
Department of State
Department of Transportation
Department of the Treasury
Department of Veterans Affairs
Environmental Protection Agency
Federal Emergency Management Agency
General Services Administration
National Aeronautics and Space Administration
National Archives and Record Administration
National Science Foundation
National Transportation Safety Board
Panama Canal Commission
Pennsylvania Avenue Development Corporation
Securities and Exchange Commission
Smithsonian Institution
Tennessee Valley Authority
U.S. Parole Commission
U.S. Postal Service
U.S. Sentencing Commission
U.S. Trade Representative:
[End of section]
Appendix III: Definition of Security Levels I through V, from DOJ‘s
Vulnerability Assessment of Federal Facilities:
Level I:
A level I facility has 10 or fewer federal employees. In addition, the
facility likely has 2,500 or less square feet of office space and a low
volume of public contact or contact with only a small segment of the
population. A typical level I facility is a small storefront-type
operation, such as a military recruiting office.
Level II:
A level II facility has between 11 and 150 federal employees. In
addition, the facility likely has from 2,500 to 80,000 square feet; a
moderate volume of public contact; and federal activities that are
routine in nature, similar to commercial activities. A typical level II
building is the Social Security Administration Office in El Dorado,
Colorado.
Level III:
A level III facility has between 151 and 450 federal employees. In
addition, the facility likely has from 80,000 to 150,000 square feet
and a moderate to high volume of public contact. Tenant agencies may
include law enforcement agencies, courts and related agencies and
functions, and government records and archives. A typical level III
building is the Pension building, a multitenant, historical building
between 4th and 5th Streets on F Street, N.W., Washington, D.C.
Level IV:
A level IV facility has over 450 federal employees. In addition, the
facility likely has more that 150,000 square feet; a high volume of
public contact; and tenant agencies that may include high-risk law
enforcement and intelligence agencies, courts, judicial offices, and
highly sensitive government records. A typical level IV building is the
Department of Justice Building on Constitution Avenue in Washington,
D.C.
Level V:
A level V facility is a building such as the Pentagon or CIA
Headquarters that contains mission functions critical to national
security. A level V facility will be similar to a level IV facility in
terms of number of employees and square footage.
[End of section]
Appendix IV: ISC Participant-Identified Strengths and Weaknesses:
Table 2 shows the strengths identified by the participating agencies or
by their representatives to ISC. Table 3 shows the weaknesses
identified by the agencies or by their ISC representatives.
Table 2: ISC Strengths Identified by Participating Agencies or by ISC
Agency Representatives:
ISC participants‘ comments: Coordination and cooperation among federal
departments, when utilized appropriately.
ISC participants‘ comments: Provides a forum for discussing issues,
networking, and assistance in making agency security determinations.
ISC participants‘ comments: Provided a forum for exchanging ideas and
practices.
ISC participants‘ comments: Continued support of the Administration and
coordination efforts with the new Office of Homeland Security.
ISC participants‘ comments: A forum for interagency coordination of
security requirements.
ISC participants‘ comments: The broad composition of membership allows
meaningful communication among high levels of federal agencies on
topics of shared and mutual concern. ISC‘s activities should result in
effective coordination of policy and operational protocol for security
in and protection of federal facilities.
ISC participants‘ comments: Ability to bring a very wide and diverse
range of professional expertise together to address security issues
that affect the federal government. Ability as a group to interface
with and positively affect state and local agencies.
ISC participants‘ comments: Brings agencies together to work on
consensus on security issues.
ISC participants‘ comments: The group is widely diverse and there is
expertise in almost all security arenas. Also, participants are up-to-
date on the newest technology. They also interface with the private
sector, so there is coordination on security issues. This is
particularly important in the area of leased buildings.
ISC participants‘ comments: Something like ISC is needed as a forum to
bring up and discuss problems, make recommendations, gather
information, and so forth. ISC can reach a lot of people quickly.
ISC participants‘ comments: ISC has brought governmentwide security
community together and provides a forum where security ’best practices“
can be exchanged, security innovations are presented, and policies are
developed. These efforts promote a consistent and uniform approach to
how the federal government ensures a secure environment for its
employees.
ISC participants‘ comments: There is potential for this committee to
provide a permanent body to address continuing governmentwide security
for federal facilities.; * Lessons learned are exchanged by committee
members on security experiences within their government agencies.; *
Potential exists to improve communications and intelligence-sharing
with other federal agencies.; * Committee brings high-level government
professionals together to focus on the security needs of all federal
agencies.; * This committee attempts to address and meet the
requirements of the Executive Order 12977.
ISC participants‘ comments: Served as a forum for discussing and
resolving security issues common to all federal agencies.
ISC participants‘ comments: Brings all federal agencies together.
ISC participants‘ comments: Executive Order 12977 provides ISC with the
authority and responsibility to develop and issue uniform security
policies for implementation by federal agencies.
ISC participants‘ comments: ISC has representation from throughout the
Executive Branch and offers a venue for GSA to offer new security
guidelines and recommendations for interagency review and comment. It
also initially provided a means for information dissemination
immediately following the Oklahoma City bombing of the federal
building--a role since taken over by the Federal Bureau of
Investigation, to share threat data information.
ISC participants‘ comments: ISC‘s strength lies in that it provides an
opportunity to harness federal ideas and find reasonable solutions to
problems. This has been especially important since Oklahoma City.
Note: Each block represents comments from an ISC participant. However,
not all ISC participating agencies are represented in the tables,
because one agency did not respond to our questions, one agency said it
had no time-relevant data with which to answer our questions, one
agency had a new ISC representative who did not comment on strengths
and weaknesses, one agency had no positive comments, and two agencies
did not comment on the weaknesses.
Source: Oral and written comments received from agencies and their ISC
representatives.ISC Weaknesses Identified by Participating Agencies or
by ISC Agency Representatives:
Note: Each block represents comments from an ISC participant. However,
not all ISC participating agencies are represented in the tables,
because one agency did not respond to our questions, one agency said it
had no time-relevant data with which to answer our questions, one
agency had a new ISC representative who did not comment on strengths
and weaknesses, one agency had no positive comments, and two agencies
did not comment on the weaknesses.
Source: Oral and written comments received from agencies and their ISC
representatives.
[End of table]
[End of section]
Appendix V: Comments from the Social Security Administration:
SOCIAL SECURITY:
The Commissioner:
August 29, 2002:
Mr. Bernard L. Ungar:
Director, Physical Infrastructure Issues U.S. General Accounting Office
Washington, D.C. 20548:
Dear Mr. Ungar:
Thank you for the opportunity to review and comment on the draft
report, ’Building Security: Interagency Security Committee Has Had
Limited Success in Fulfilling Its Responsibilities“ (GAO-02-1004). Our
comments on the report are enclosed. If you have any questions, please
have your staff contact Trudy Williams at (410) 965-0380.
Sincerely,
Jo Anne B. Barnhart:
Signed by Jo Anne B. Barnhart:
Enclosure:
SOCIAL SECURITY ADMINISTRATIONBALTIMORE MD 21235-0001:
COMMENTS OF THE SOCIAL SECURITY ADMINISTRATION (SSA) ON THE GENERAL
ACCOUNTING OFFICE (GAO) DRAFT REPORT, ’BUILDING SECURITY: INTERAGENCY
SECURITY COMMITTEE HAS HAD LIMITED SUCCESS IN FULFILLING ITS
RESPONSIBILITIES“ (GAO-02-1004):
Recommendation 1:
GAO recommends that the Administrator of the General Services
Administration (GSA) work with the Interagency Security Committee (ISC)
to ensure that actions are effectively implemented to correct the
problems identified with ISC in the report. Furthermore, given that
Office of Management and Budget (OMB) is a current member of ISC and
has been given responsibility for heading the Government‘s efforts to
help establish the Department of Homeland Security (DHS), OMB appears
to be the appropriate agency to work with DHS, GSA, and other
appropriate entities to address the issues GAO‘s review has identified.
As part of its transition efforts to help establish the proposed DHS,
GAO recommends that the Director of OMB work with the Administrator of
GSA and other relevant Federal officials: to determine the appropriate
leadership, responsibilities, and the role for ISC, or its successor;
to take the steps necessary to see that ISC, or its successor, has an
appropriate charter, operating procedures, membership, and decision-
making process, meeting schedule, staffing and funding support, and
performance goals and measures; and to provide for the integration of
security with other facility management functions. GAO also recommends
that the Director of OMB, consistent with relevant legislation,
determine whether DHS and ISC, or its successor, are the appropriate
entities to oversee the security protection of executive branch
officials and, if so, see that this responsibility is clearly assigned
and effectively implemented.
Comment:
We agree with GAO‘s recommendations. The ISC should support the
initiatives on the starting points of contact with foreign nationals,
with the goal of protecting the nation‘s borders by assisting the DHS
in addressing physical security and critical infrastructure
requirements to prevent the entry of terrorists. This must be done
while not obstructing the legal, efficient and reliable flow of
persons, goods and services on which the economy depends.
Other Comments:
We want to highlight the comment on page 11, the second bullet,
sentences 1 and 2, that states, ’In 1997, ISC agreed to seek full
membership for the U.S. Postal Service and the Social Security
Administration (SSA)-two large federal organizations. The ISC Chairman
agreed to initiate the process of formally accepting these two as new
members.“ To date, we are still pursuing full membership in the ISC.
There is no reference in this report concerning the role the Federal
Facilities Building Security Committees should play in the process as
stated in the Department of Justice Vulnerability Assessment of Federal
Facilities, June 28, 1995: Page 4-3, (4.2.2).
This report has not addressed the need to integrate the term ’Force
Protection“ into the ISC charter and operating procedures. The DHS and
the ISC must network, coordinate and train. Furthermore, they must
understand the Department of Defense initiatives and the roles of
Emergency and First Responder Teams and local authorities in supporting
the Homeland Security objectives, Congressional Bills and the
Presidential agendas.
[End of section]
Appendix VI: Major Contributors:
Major contributors to this report include Ron King, Tom Keightley, Lisa
Wright-Solomon, John Vocino, Shirley Bates, and Michael Yacura.
[End of section]
FOOTNOTES
[1] The President‘s proposal to Congress, June 18, 2002, to create a
Department of Homeland Security; H.R. 5005, 107th Cong. (2002); S.
2452, 107th Cong. (2002).
[2] All current bills on the proposed creation of DHS would move the
Federal Protective Service from GSA to DHS. In addition to providing
security for GSA-owned and -occupied facilities, the Service also
provides the secretariat for ISC.
[3] The data on owned and leased space are taken from the GSA reports
Summary Report of Real Property Owned, June 2001, and Summary Report on
Real Property Leased, June 2001. We issued a report, U.S. General
Accounting Office, Federal Real Property: Better Governmentwide Data
Needed for Strategic Decisionmaking, GAO-02-342 (Washington, D.C.: Apr.
16 2002), concerning the accuracy of the data in GSA‘s report, Summary
Report of Real Property Owned. However, although we reported that some
of the data are outdated or incomplete, the GSA reports are the only
sources available that provide estimates of governmentwide ownership
and leasing.
[4] The reimbursable program provides security funding through payments
made by agencies assigned space in GSA-owned or -leased buildings.
[5] Appendix I contains a list of all ISC members. The Security Policy
Board no longer exists.
[6] Although funding was not listed specifically as a responsibility,
the executive order did not limit ISC to just those responsibilities
identified in the executive order.
[7] U.S. General Accounting Office, Security: Breaches at Federal
Agencies and Airports, GAO/T-OSI-00-10 (Washington, D.C.: May 25,
2000).
[8] There may have been other working groups formed. However, ISC‘s
records do not show evidence of any.
[9] Thirteen of these were regular ISC meetings. The other meeting was
a conference among ISC, GSA, and the members of the American Institute
of Architects in December 2001. There are no minutes of the June 2000
meeting, but a June meeting (no year stated) is mentioned in the
December 2000 ISC minutes. We included a June 2000 meeting in our
count.
[10] Section 2(a) of Section 906
[11] U.S. General Accounting Office, Security Protection:
Standardization Issues Regarding Protection of Executive Branch
Officials, GAO/GGD/OSI-00-139 (Washington, D.C.: July 11, 2000).
[12] U.S. General Accounting Office, Homeland Security: Proposal for
Cabinet Agency Has Merit, but Implementation Will be Pivotal to
Success, GAO-02-886T (Washington, D.C.: June 25, 2002). Statement of F.
Joseph Moravec, Commissioner of the Public Buildings Service, U.S.
General Services Administration before the Subcommittee on Technology
and Procurement Policy, Committee on Government Reform, U.S. House of
Representatives (November 1, 2001).
[13] Executive Order 13267 assigns OMB the responsibility of
establishing a Transition Planning Office for the Department of
Homeland Security.
GAO‘s Mission:
The General Accounting Office, the investigative arm of Congress,
exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO‘s commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO‘s Web site ( www.gao.gov ) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as ’Today‘s Reports,“ on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select ’Subscribe to daily E-mail alert for newly
released products“ under the GAO Reports heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. General Accounting Office
441 G Street NW,
Room LM Washington,
D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Public Affairs:
Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.
General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.
20548:
