GAO calls for security strategy

GAO Report: "Further Actions Needed to Coordinate Federal Agencies' Facility Protection Efforts and Promote Key Practices"

Congressional auditors say a federal interagency committee in charge of coordinating the protection of government facilities needs a strategic plan for identifying priorities and implementing security measures, including leveraging technology.

Such a plan would help the Interagency Security Committee (ISC) gain greater support within the federal government, provide detailed information on its needs, establish performance measures and propose strategies for challenges it faces, according to a recent report released Jan. 6 by the Government Accountability Office.

Those challenges include getting officials at agencies to agree to a governmentwide risk management process for assessing facilities, developing a compliance process so agencies can measure progress, educating senior-level staff about ISC and integrating physical security initiatives for the entire federal government and implementing change, the report states. The committee also needs more financial resources and greater staffing, according to the report.

ISC officials have made some progress, especially in the past two years. They include issuing some security standards and guidance for agencies, developing a Web site for posting policies and guidance, developing a secure Web portal for members to exchange information, and creating standard operating procedures to improve the quality of information sharing. But they need to do more.

The report identifies several major practices that could provide a framework for agencies' initiatives. They include using a risk management approach, information sharing, performance measurement and testing, aligning assets to an agency's mission, strategic workforce management, and using technology.

The report states that GAO officials, inspectors general, facility security experts and agency officials agreed that security technology is crucial. But any technology should be carefully analyzed to determine whether the benefits outweigh the costs and effects on privacy and convenience.

Some advanced technologies identified include smart cards and biometrics, detection and surveillance systems, X-ray scanners, and metal detectors. But sometimes other solutions, such as using trained dogs, may be more effective and less costly, the report states.

"It is important to note that focusing on obtaining and implementing the latest technology is not necessarily a key practice by itself," according to the report. "Instead, having an approach that allows for cost-effectively leveraging technology to supplement and reinforce other measures would represent an advanced security approach in this area."

ISC was formed after the 1995 Oklahoma City bombing to develop policies and standards, ensure compliance, oversee implementation, and share information. In 2003, the Homeland Security Department assumed responsibility of the committee from the General Services Administration.

ISC was designated last year to oversee agencies' physical security plans related to Homeland Security Presidential Directive-7, which requires agency officials to identify critical infrastructures and develop plans for prioritization, protection, recovery and reconstitution of systems or resources.

According to the report, DHS officials agreed with the overall conclusions and would implement GAO's recommendations.