GAO calls for security strategy

GAO Report: "Further Actions Needed to Coordinate Federal Agencies' Facility Protection Efforts and Promote Key Practices"

Related Links

"Travelin' shoes"

Congressional auditors say a federal interagency committee in charge of coordinating the protection of government facilities needs a strategic plan for identifying priorities and implementing security measures, including leveraging technology.

Such a plan would help the Interagency Security Committee (ISC) gain greater support within the federal government, provide detailed information on its needs, establish performance measures and propose strategies for challenges it faces, according to a recent report released Jan. 6 by the Government Accountability Office.

Those challenges include getting officials at agencies to agree to a governmentwide risk management process for assessing facilities, developing a compliance process so agencies can measure progress, educating senior-level staff about ISC and integrating physical security initiatives for the entire federal government and implementing change, the report states. The committee also needs more financial resources and greater staffing, according to the report.

ISC officials have made some progress, especially in the past two years. They include issuing some security standards and guidance for agencies, developing a Web site for posting policies and guidance, developing a secure Web portal for members to exchange information, and creating standard operating procedures to improve the quality of information sharing. But they need to do more.

The report identifies several major practices that could provide a framework for agencies' initiatives. They include using a risk management approach, information sharing, performance measurement and testing, aligning assets to an agency's mission, strategic workforce management, and using technology.

The report states that GAO officials, inspectors general, facility security experts and agency officials agreed that security technology is crucial. But any technology should be carefully analyzed to determine whether the benefits outweigh the costs and effects on privacy and convenience.

Some advanced technologies identified include smart cards and biometrics, detection and surveillance systems, X-ray scanners, and metal detectors. But sometimes other solutions, such as using trained dogs, may be more effective and less costly, the report states.

"It is important to note that focusing on obtaining and implementing the latest technology is not necessarily a key practice by itself," according to the report. "Instead, having an approach that allows for cost-effectively leveraging technology to supplement and reinforce other measures would represent an advanced security approach in this area."

ISC was formed after the 1995 Oklahoma City bombing to develop policies and standards, ensure compliance, oversee implementation, and share information. In 2003, the Homeland Security Department assumed responsibility of the committee from the General Services Administration.

ISC was designated last year to oversee agencies' physical security plans related to Homeland Security Presidential Directive-7, which requires agency officials to identify critical infrastructures and develop plans for prioritization, protection, recovery and reconstitution of systems or resources.

According to the report, DHS officials agreed with the overall conclusions and would implement GAO's recommendations.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.