GAO reviewed efforts by the Interagency Security Committee (ISC) to protect critical federal infrastructure since the committee was created in 1995. ISC is chaired by the General Services Administration (GSA) and comprises 14 department-level agencies and other executive agencies and officials. ISC's primary responsibilities are to (1) establish policies for security in and protection of federal facilities; (2) develop and evaluate security standards for federal facilities, develop a strategy for ensuring compliance with such standards, and oversee the implementation of appropriate security measures in federal facilities; and (3) take the steps necessary to enhance the quality and effectiveness of security and protection of federal facilities. ISC has carried out some of its responsibilities, but it has made little progress on others. During the past 7 years, ISC has developed and issued security design criteria and minimum standards for building access procedures; disseminated information to member agencies, for their consideration and implementation, on entry security technology for buildings needing the highest security levels; and through its meetings and 13 working groups, provided a forum for federal agencies to discuss security issues and share information and ideas. ISC has made little or no progress in developing and establishing policies for security in and protection of federal facilities, developing a strategy for ensuring compliance with security standards, overseeing the implementation of appropriate security in federal facilities, and developing a centralized security database of all federal facilities. Several factors have limited ISC's progress, including (1) the lack of consistent and aggressive leadership by GSA, (2) inadequate staff support and funding for ISC, and (3) ISC's difficulty in making decisions. The creation of a Department of Homeland Security (DHS) would have significant implications for ISC and its responsibilities.
Matter for Congressional Consideration
|As Congress continues its deliberations on proposed legislation creating DHS, it may want to clarify DHS's jurisdiction with respect to the federal organizations under its purview and the specific security-related functions for which it is responsible. Federal organizations under DHS's jurisdiction could range from, exclusively, the federal buildings now under GSA's control to all facilities owned, occupied, or secured by the federal government. Limiting DHS's jurisdiction to exclusively GSA-controlled properties would leave out many nonmilitary facilities, while extending it to all property owned or occupied by the federal government would be an enormous undertaking. The functions for which DHS could assume responsibility could include policy and standard setting, training, information and intelligence sharing, planning and oversight, and the actual provision of security services. In deciding which security-related functions DHS should be responsible for providing, two factors for Congress to consider are the need for integrating the security function with the day-to-day management of the facility and the challenge that would be associated with providing day-to-day security for all federally owned, occupied, or secured facilities.||An approved accomplishment report was issued on this in FY 2003.|
Recommendations for Executive Action
|General Services Administration||In the short term, the Administrator of GSA should work with ISC to ensure that actions are effectively implemented to correct the problems identified with ISC in this report.|
|Office of Management and Budget||Given that the Office of Management and Budget (OMB) is a current member of ISC and has been given responsibility for heading the government's efforts to help establish DHS, the Director of OMB should work with DHS, GSA, and other appropriate entities to ensure that the issues GAO's review has identified are addressed by the appropriate agency or agencies that will have the responsibility of overseeing the protection of federal facilities and executive branch officials.|