From the U.S. Government Accountability Office, www.gao.gov Transcript for: Diplomatic Facility Security Description: Audio interview by GAO staff with Michael Courts, Director, International Affairs and Trade Related GAO Work: GAO-14-655: Diplomatic Security: Overseas Facilities May Face Greater Risks Due to Gaps in Security-Related Activities, Standards, and Policies Released: June 2014 [ Background Music ] [ Narrator: ] Welcome to GAO's Watchdog Report; your source for news and information from the U.S. Government Accountability Office. It's June 2014. U.S. policy can call for U.S. personnel to be posted to high-threat, high-risk posts overseas. To maintain a presence in these locations, the Department of State has often relied on older, acquired, and temporary work facilities that do not meet the same security standards as more recently constructed permanent facilities. A team led by Michael Courts, a director in GAO's International Affairs and Trade team, recently reviewed diplomatic facility security. GAO's Sarah Kaczmarek sat down with Michael to talk about what they found. [ Sarah Kaczmarek: ] What's the State Department doing to manage security risks at overseas facilities? [ Michael Courts: ] Well, State has several processes for that. First the State Department's Bureau of Diplomatic Security, which has the primary responsibility for protecting our diplomats abroad. They determine threat levels at each overseas diplomatic facility. For example, they would determine the level of danger posed by potential political violence in a particular country, or terrorism, or crime. And then those threat levels drive a number of other decisions including the various types of physical security standards that would apply to a particular facility. State also periodically assesses its facilities against those standards to determine whether there are any potential security vulnerabilities. Then the State Department puts all that information together, the threat levels, how the posts stack up against the security standards, and the vulnerabilities, and they use that information to rank the facilities overseas according to the overall level of risk that they face, and then the State Department also uses that information to help prioritize its construction plans for building new embassy and consulate buildings that are safer. [ Sarah Kaczmarek: ] Let me ask you. Are the physical security standards that State Department has in place for these facilities good enough? [ Michael Courts: ] We found a number of problems with State's physical security standards. First, we found that State actually lacks standards for certain types of facilities, which makes it a lot more difficult to periodically assess those facilities against potential security vulnerabilities and more likely that needed security measures may not be put in place. We also found that State's process for updating its security standards is not a timely one. For example, we found cases where State and its inner agency partners took more than eight years to update security standards. We also found inconsistencies within State’s standards, which could lead to confusion and possibly the inconsistent application of the standards, and then finally we found that State doesn't have a systematic process for re-evaluating its existing security standards against changing threats and risks. [ Sarah Kaczmarek: ] Now, your team is making 13 recommendations to State Department in this report. Could you tell me a little bit about what your team is recommending? [ Michael Courts: ] Sure. The 13 recommendations really fall into four broad categories, and the first addresses concerns that we have about the consistency and reliability of some of the data that State uses to make risk decisions. We also found inconsistencies within some of State's security policy guidance. The second category deals with the applicability and effectiveness of State's physical security standards. For example, we recommended that State develop security standards for certain types of facilities that currently don't have them. We also recommended that State better expedite its update process for security standards. The third category addresses State's waivers and exceptions process, and, for example, we recommended that State develop a process that ensures that the mitigation steps that have been agreed to as a condition for granting a waiver or an exception from security standards, that those mitigation steps have actually been taken. And then the final category addresses State's lack of a comprehensive risk management policy, and we recommended that State develop such a policy and procedures that include the roles and responsibilities of all the different stakeholders involved and a continuous feedback mechanism that continually incorporates new information. [ Sarah Kaczmarek: ] Finally, what do you see as the bottom line of this report? [ Michael Courts: ] The bottom line is that although the State Department has taken a number of very important steps to address security risks at its overseas facilities, we found a number of problems with their implementation of those activities, and unless the State Department develops and implements a comprehensive risk management policy that addresses all of the different deficiencies that we identified, it really can't be assured that it has the most effective security measures in place at a time when our diplomats are facing ever-increasing threats to their safety and security. [ Background Music ] [ Narrator: ] To learn more, visit GAO.gov, and be sure to tune in to the next episode of GAO's Watchdog Report for more from the congressional watchdog, the U.S. Government Accountability Office.