Skip to main content

Homeland Security: Greater Attention to Key Practices Would Improve the Federal Protective Service's Approach to Facility Protection

GAO-10-142 Published: Oct 23, 2009. Publicly Released: Nov 18, 2009.
Jump To:
Skip to Highlights

Highlights

There is ongoing concern about the security of federal buildings and their occupants. The Federal Protective Service (FPS) within the Department of Homeland Security (DHS) is responsible for providing law enforcement and related security services for nearly 9,000 federal buildings under the control and custody of the General Services Administration (GSA). In 2004, GAO identified a set of key protection practices from the collective practices of federal agencies and the private sector that included: allocating resources using risk management, leveraging technology, and information sharing and coordination. As requested, GAO determined whether FPS's security efforts for GSA buildings reflected key practices. To meet this objective, GAO used its key practices as criteria, visited five sites to gain firsthand knowledge, analyzed pertinent DHS and GSA documents, and interviewed DHS, GSA, and tenant agency officials.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Homeland Security In order to move FPS toward greater use of the key practices, the Secretary should instruct the Director of FPS, in consultation, where appropriate, with other parts of DHS, GSA, and tenant agencies to provide the Secretary with regular updates, on a mutually agreed-to schedule, on the status of the Risk Assessment and Management Program (RAMP) and the National Countermeasures Program, including the implementation status of deliverables, clear timelines for completion of tasks and milestones, and plans for addressing any implementation obstacles.
Closed – Implemented
In 2010, we reported that the Federal Protective Service (FPS) was using an outdated risk assessment tool and a subjective, time-consuming process. As a result, GSA and tenant agencies were uncertain whether risks are being mitigated. Concerned with the quality and timeliness of FPS's risk assessment services, GSA and tenant agencies were pursuing some of these activities on their own. Although FPS was developing a new risk management program, full implementation was not planned until the end of fiscal year 2011 and has already experienced delays. We also reported that FPS was developing a program to standardize security equipment and contracting, known as the National Countermeasures Program, but the program had run behind schedule. We recommended that FPS update the Secretary of Homeland Security on the status of RAMP and the National Countermeasures Program, including the implementation status of deliverables, clear timelines for completion of tasks and milestones, and plans for addressing any implementation obstacles. In response, FPS provided the Secretary with an update through the Under Secretary, National Protection and Programs Directorate, which provided a timeline for implementation of the two programs and discussed obstacles FPS was facing. As a result, these issues were brought to the attention of DHS management, which became better positioned to oversee these FPS activities.
Department of Homeland Security In order to move FPS toward greater use of the key practices, the Secretary should instruct the Director of FPS, in consultation, where appropriate, with other parts of DHS, GSA, and tenant agencies in conjunction with the National Countermeasures Program, to develop a methodology and guidance for assessing and comparing the cost-effectiveness of technology alternatives.
Closed – Implemented
In 2010, we reported that in their efforts to leverage technology in the protection of federal facilities, Federal Protective Service (FPS) inspectors had considerable latitude for selecting technologies and countermeasures that tenant agencies funded, but FPS provided inspectors with little training and guidance for making cost-effective choices. Additionally, FPS did not provide tenant agencies with an analysis of alternative technologies, their cost, and associated reduction in risk. As a result, there was limited assurance that the recommendations inspectors make are the best available alternatives and tenant agencies must make resource allocation decisions without key information. We recommended that FPS develop a methodology and guidance for assessing and comparing the cost-effectiveness of technology alternatives. In response, FPS developed a white paper entitled "Analysis of Countermeasure Cost Effectiveness Versus Risk Reduction," which explains how cost factors were to be taken into account within its risk management framework. According to the white paper, with both the estimated cost and estimated risk reduction identified, FPS would be in a position to examine the benefits achieved by different countermeasures while examining their estimated costs. This effort meets the intent of our recommendation and will better equip FPS to cost effectively deploy facility protection countermeasures.
Department of Homeland Security In order to move FPS toward greater use of the key practices, the Secretary should instruct the Director of FPS, in consultation, where appropriate, with other parts of DHS, GSA, and tenant agencies to reach consensus with GSA on what information contained in the building security assessment (BSA) is needed for GSA to fulfill its responsibilities related to the protection of federal buildings and occupants, and accordingly, establish internal controls to ensure that shared information is adequately safeguarded; guidance for employees to use in deciding what information to protect with sensitive but unclassified (SBU) designations; provisions for training on making designations, controlling, and sharing such information with GSA and other entities; and a review process to evaluate how well this information sharing process is working, with results reported to the Secretary regularly on a mutually agreed-to schedule.
Closed – Implemented
In 2010, we reported that the Department of Homeland Security's (DHS) Federal Protective Service (FPS) and the General Services Administration (GSA) disagreed over what information in FPS security assessments could be shared with GSA. FPS maintained that sensitive information in the assessments, which needs to be safeguarded, was not needed for GSA to carry out its mission. GSA, which also has a security role, maintained that lacking this information constrained its ability to protect buildings and occupants. We recommended that DHS, through FPS, reach consensus with GSA on what information is needed for GSA to fulfill its responsibilities and ensure, among other things, that shared information is adequately safeguarded. In February 2014, FPS issued a directive on the implementation of facility security assessments (FSA) that, among other things, outlines a policy for sharing FSAs with GSA, if requested, and ensuring that sensitive information is safeguarded by following DHS policies for handling "For Official Use Only" material. On the basis of this policy, FPS has taken action to ensure that GSA will be better equipped to fulfill its mission as it relates to the protection of federal facilities.

Full Report

Office of Public Affairs

Topics

Building inspectionCost effectiveness analysisFacility securityFederal facilitiesFederal office buildingsFederal property managementHomeland securityInformation disclosurePhysical securityProgram managementProtective equipmentRisk assessmentRisk managementSchedule slippagesTechnologyTenantsInformation sharingProgram implementation