Addressing Weaknesses with Facility Security Committees Would Enhance Protection of Federal Facilities
GAO-10-901, Aug 5, 2010
To accomplish its mission of protecting about 9,000 federal facilities, the Federal Protective Service (FPS) currently has a budget of about $1 billion, about 1,225 full-time employees, and about 15,000 contract security guards. However, protecting federal facilities and their occupants from a potential terrorist attack or other acts of violence remains a daunting challenge for the Department of Homeland Security's (DHS) Federal Protective Service. GAO has issued numerous reports on FPS's efforts to protect the General Services Administration's (GSA) facilities. This report (1) recaps the major challenges we reported that FPS faces in protecting federal facilities and discusses FPS's efforts to address them and (2) identifies an additional challenge that FPS faces related to the facility security committees (FSC), which are responsible for addressing security issues at federal facilities. This report is based primarily on our previous work and recent FPS interviews.
Since 2007, we have reported that FPS faces significant challenges with protecting federal facilities, and in response FPS has recently started to take steps to address some of them. In 2008, we reported that FPS does not use a risk management approach that links threats and vulnerabilities to resource requirements. Without a risk management approach that identifies threats and vulnerabilities and the resources required to achieve FPS's security goals, there is limited assurance that programs will be prioritized and resources will be allocated to address existing and potential security threats in an efficient and effective manner. FPS recently began implementing a new system referred to as the Risk Assessment Management Program (RAMP). This system is designed to be a central database for capturing and managing facility security information, including the risks posed to federal facilities and the countermeasures that are in place to mitigate risk. FPS expects that RAMP will enhance its approach to assessing risk, managing human capital, and measuring performance. Our July 2009 report on FPS's contract guard program also identified a number of challenges that the agency faces in managing its contract guard program, including ensuring that the 15,000 guards that are responsible for helping to protect federal facilities have the required training and certification to be deployed at a federal facility. In response to our report, FPS took a number of immediate actions with respect to contract guard management. For example, FPS has increased the number of guard inspections it conducts at federal facilities in some metropolitan areas and revised its guard training. We have not reviewed whether these actions are sufficient to fulfill our recommendations. Another area of continuing concern is that FPS continues to operate without a human capital plan and does not have an accurate estimate of its current and future workforce needs. In our July 2009 report, we recommended that FPS develop a human capital plan to guide its current and future workforce planning efforts. While FPS agreed with this recommendation, it has not yet fully developed or implemented a human capital plan. As we reported in 2009, FPS's ability to protect GSA facilities is further complicated by the FSC structure. Each FSC includes FPS, GSA, and a tenant agency representative and is responsible for addressing security issues at its respective facility and approving the funding and implementation of security countermeasures recommended by FPS. However, there are several weaknesses with the FSC. First, FSCs have operated since 1995 without procedures that outline how they should operate or make decisions, or that establish accountability. Second, the tenant agency representatives to the FSC generally do not have any security knowledge or experience but are expected to make security decisions for their respective agencies. Third, many of the FSC tenant agency representatives also do not have the authority to commit their respective organizations to fund security countermeasures. No actions have been taken on these issues since our 2009 report, and thus these weaknesses continue to result in ad hoc security and increased risk at some federal facilities. GAO recommends that the Secretary of DHS direct the Director of FPS to work in consultation with other representatives of the FSC to develop and implement procedures that, among other things, outline the committees' organization structure, operations, and accountability. DHS concurred with GAO's recommendation.
- Closed - implemented
- Closed - not implemented
Recommendation for Executive Action
Recommendation: The Secretary of DHS should direct the Under Secretary of the National Protection and Programs Directorate and the Director of Federal Protective Service to work in consultation with GSA and the Interagency Security Committee to develop and implement procedures that, among other things, outline the facility security committees' organizational structure, operations, decision-making authority, and accountability.
Agency Affected: Department of Homeland Security
Status: Closed - Implemented
Comments: In 2009, GAO reported that facility security committees (FSC), which are responsible for addressing security issues at federal facilities, have complicated Federal Protective Service's (FPS) ability to protect federal facilities under the control or custody of General Services Administration (GSA). FSCs have operated since 1995 without guidelines, policies, or procedures that outline how they should operate, make decisions, or establish accountability. This results in ad hoc security that undermines effective protection of individual facilities as well as the entire facilities' portfolio. Consequently, there is a lack of assurance that federal facilities under the control and custody of GSA are effectively protected by FPS. GAO recommended that FPS work with GSA and the Interagency Security Committee (ISC) to develop and implement procedures that, among other things, outline the FSC's organizational structure, operations, decision-making authority, and accountability. In response to our recommendation, on July 6, 2011, the ISC, in consultation with FPS and GSA released "Facility Security Committees: An Interagency Security Committee Standard," which establishes procedures for the FSC to use when presented with security issues that affect the entire facility, as well as the organizational structure, operations, accountability, and decision-making authority for FSCs. As a result, FSCs now have standardized procedures that outline how the FSC should operate and make decisions regarding a facility's security posture and enhance the protection of federal facilities.