Since the jihadi attack on America on September 11, 2001, the security of federal facilities has been enhanced in numerous ways. However, little guidance exists to help federal agencies asses the cost-effectiveness of these security measures, according to a recent audit conducted by the Government Accountability Office (GAO).
These security enhancements include installing blast resistant windows, installing facility exterior barriers and increasing the number of guards who patrol federal facilities. Although the cost of these enhancements is likely significant, GAO said, “The total costs to the federal government for these enhancements are not known because there are no government-wide data that would allow for tracking them.”
GAO examined how the Department of Homeland Security (DHS), Federal Emergency Management Agency, General Services Administration, US Marshals Service, Smithsonian Institution and the Social Security Administration (SSA) track and manage the costs of physical security enhancements in federal facilities.
These agencies reported having difficulty tracking facility security expenditures when the costs were funded partially by another entity, were part of rent costs and not separately identified or were not a separate line-item for entities’ funding.
The Interagency Security Committee (ISC), which is chaired by DHS and has representation from across federal civilian entities, has a risk management standard that requires federal agencies to implement a cost analysis methodology that considers all costs, as well as performance measurements to help allocate resources.
However, ISC does not provide detailed guidance or specify methodologies federal entities could use for determining cost effectiveness and measuring performance. Federal agencies indicate the further guidance from ISC would be helpful.
Without oversight mechanisms to determine the cost-effectiveness of their security investments, agencies will have difficulty evaluating whether the benefits of security investments justify their costs and to what extent the enhancements have led to a decrease in federal facilities’ vulnerability to terrorist attacks.
“Given that it is not fully known how much entities expend on enhancements and that cost factors vary by facility, it becomes an even more essential key practice that entities at both the headquarters and facility levels have the tools necessary to make sound resource allocation decisions,” GAO stated. “Such tools could help entities understand the effectiveness an enhancement may have on improving security, and help ensure that the benefits of an enhancement outweigh the costs.”
GAO recommended the DHS secretary direct ISC to improve guidance to help federal agencies meet the cost-effectiveness and performance measurement aspects of ISC’s risk management standard.
DHS concurred with this recommendation.
“Improvements in these areas could enable federal entities to better determine the benefits of security investments and whether they have reduced federal facilities’ vulnerability to acts of terrorism or other forms of violence,” GAO said.
According to GAO’s audit, physical security for federal facilities has been a heightened government wide concern since the 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma.
Homeland Security Today reported that one week after a gunman in Ottawa shot a soldier and stormed Canada’s parliament building, DHS Secretary Jeh Johnson directed the Federal Protective Services (FPS) to enhance its presence and security at various US government buildings in Washington, DC and other major cities and locations around the country."
"The reasons for this action are self-evident: the continued public calls by terrorist organizations for attacks on the homeland and elsewhere, including against law enforcement and other government officials, and the acts of violence targeted at government personnel and installations in Canada and elsewhere recently," Johnson said. "Given world events, prudence dictates a heightened vigilance in the protection of US government installations and our personnel."
However, Homeland Security Today earlier reported that GAO called into question the security of federal facilities after finding that DHS lacks a strategy to address cyber risk to building and access control systems in federal facilities. Consequently, the nearly 9,000 federal facilities protected by FPS remain vulnerable to cyber threats.
“Federal facilities contain building and access control systems—computers that monitor and control building operations such as elevators, electrical power, and heating, ventilation, and air conditioning—that are increasingly being connected to other information systems and the Internet,” GAO said.