This is the accessible text file for GAO report number GAO-05-790 entitled 'Homeland Security: Actions Needed to Better Protect National Icons and Federal Office Buildings from Terrorism' which was released on June 24, 2005. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to the Chairman, Committee on Government Reform, House of Representatives: June 2005: Homeland Security: Actions Needed to Better Protect National Icons and Federal Office Buildings from Terrorism: GAO-05-790: GAO Highlights: Highlights of GAO-05-790, a report to the Chairman, Committee on Government Reform, House of Representatives: Why GAO Did This Study: The threat of terrorism has made physical security for federal real property assets a major concern. Protecting these assets can be particularly complex and contentious for agencies whose missions include ensuring public access such as the Department of the Interior (Interior) and the General Services Administration (GSA). GAO’s objectives were to (1) identify any challenges that Interior faces in protecting national icons and monuments from terrorism, as well as related actions intended to address these challenges; and similarly, (2) determine any challenges GSA faces related to the protection of federal office buildings it owns or leases and actions that have been taken. What GAO Found: Interior faces a range of major challenges in protecting national icons and monuments from terrorism—these include balancing security and public access; addressing jurisdictional and competing stakeholder issues; and securing assets in rugged, remote areas. In addition, there was concern among Interior officials about the department’s ability to leverage limited resources for security. Since September 11, 2001, Interior has improved security at high-profile sites, created a central security office to oversee its security efforts, developed physical security plans required by Homeland Security Presidential Directive 7, and developed a uniform risk management and ranking methodology. As Interior moves forward, linking the results of its risk rankings to security funding priorities at national icons and monuments is an important next step. Also, given Interior’s complex and often contentious environment, setting forth the guiding principles by which the department balances its core mission with security could have benefits. Other organizations have used guiding principles to foster greater transparency in complex environments. GSA also faces a range of major challenges, some similar to Interior’s, that include balancing security and public access, addressing jurisdictional and competing stakeholder issues, securing federally leased space, and adjusting to the transfer of the Federal Protective Service (FPS) from GSA to the Department of Homeland Security (DHS). Actions GSA has taken to address the challenges include working to develop security standards for securing leased space and establishing a memorandum of agreement with DHS on security at GSA’s facilities. However, despite these actions, GSA lacks a mechanism—such as a chief security officer position or formal point of contact—that could serve in a liaison role with FPS and tenant agencies, work to address the challenges GSA faces related to security at its buildings, and enable GSA to better define its overall role in security given the transfer of FPS to DHS. Examples of Security Measures at National Icons and Federal Buildings: [See PDF for image] [End of figure] What GAO Recommends: GAO recommends that the Secretary of the Interior (1) link the results of its risk assessments and related risk rankings to its funding priorities and (2) develop guiding principles for balancing security initiatives with Interior’s core mission. Interior did not comment on our recommendations. GAO also recommends that the Administrator of GSA establish a mechanism—such as a chief security officer position or formal point of contact—so it is better equipped to address security- related matters related to its federal building portfolio. GSA concurred with the recommendation. www.gao.gov/cgi-bin/getrpt?GAO-05-790. To view the full product, including the scope and methodology, click on the link above. For more information, contact Mark Goldstein at (202) 512-2834 or GoldsteinM@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: Terrorist Threat Poses a Range of Challenges for Interior in Protecting National Icons and Monuments: The Threat Against Federal Office Buildings is Significant, and GSA Faces Various Challenges as the Owner and Landlord of These Assets: Conclusions: Recommendations for Executive Action: Agency Comments and Our Evaluation: Appendixes: Appendix I: Objectives, Scope, and Methodology: Appendix II: Comments from the General Services Administration: Appendix III: GAO Contact and Acknowledgments: Figures: Figure 1: The Statue of Liberty in New York Harbor: Figure 2: Security Checkpoint for Liberty Island: Figure 3: Hoover Dam and Linked Boom Line Used to Enhance Perimeter Security: Figure 4: Security Checkpoint on the Arizona Side of Hoover Dam: Figure 5: Independence Hall in Philadelphia: Figure 6: Vehicle Traffic in Front of Independence Hall and Park Service Staff Allowing Visitors to Cross Chestnut Street: Figure 7: Jersey Barriers and Fencing on the East Side of the Lincoln Memorial: Figure 8: Jersey Barriers and Snow Fencing at the Jefferson Memorial: Figure 9: Security Camera near the Amphitheatre at Mt. Rushmore: Figure 10: Rugged Terrain Surrounding Mt. Rushmore: Figure 11: Bollards in Front of a Federal Building in New York: Abbreviations: BOR: Bureau of Reclamation: CFA: U.S. Commission on Fine Arts: DHS: Department of Homeland Security: EIS: Environmental Impact Statement: FBI: Federal Bureau of Investigation: FPS: Federal Protective Service: FSRM: Federal Security Risk Management: GSA: General Services Administration: HSPD-7: Homeland Security Presidential Directive Number 7: ICE: Immigrations and Customs Enforcement: IG: Inspector General: IMBARC: Independence Mall Business and Residents Coalition: Interior: Department of the Interior: INHP: Independence National Historical Park: ISC: Interagency Security Committee: MOU: Memorandum of Understanding: NCPC: National Capital Planning Commission: NHPA: National Historic Preservation Act: NPS: National Park Service: NPCA: National Parks Conservation Association: NYPD: New York Police Department: OLES: Office of Law Enforcement and Security: OMB: Office of Management and Budget: Park Service: National Park Service: Park Police: U.S. Park Police: SEPTA: Southeastern Pennsylvania Transportation Authority: SHPO: State Historic Preservation Officer: SSA: sector-specific agency: USMS: U.S. Marshals Service: Letter June 24, 2005: The Honorable Tom Davis: Chairman, Committee on Government Reform: House of Representatives: Dear Mr. Chairman: Since the 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City and the September 11, 2001, attacks, federal agencies have devoted significant resources and attention to the physical security of their real property assets. Protecting federal real property assets can be particularly complex and contentious for agencies whose missions include ensuring public access to their assets, including the Department of the Interior (Interior) and the General Services Administration (GSA). Interior and its eight bureaus are charged with protecting the nation's natural, historic, and cultural treasures, including thousands of facilities. GSA houses agencies in over 8,000 owned and leased facilities that contain roughly 338 million square feet. These facilities are used by over a million federal employees and contractors and are visited by citizens receiving services from, and conducting business with, the federal government. In November 2002, the Department of Homeland Security (DHS) was created to bring a central focus to the government's efforts to prevent and respond to terrorist threats, including threats to its physical infrastructure. DHS, through its Federal Protective Service (FPS), is directly responsible for law enforcement and related security functions at GSA facilities and also provides policy leadership on facility protection issues to other agencies, including Interior. Although law enforcement and related security functions were transferred from GSA to DHS when FPS transferred to DHS, GSA officials said that it still assists FPS and tenant agencies with facility security, implements various security measures that FPS recommends, and incorporates enhanced security measures into new space it constructs or leases. Our objectives were to (1) identify any challenges that Interior faces in protecting national icons and monuments from terrorism, as well as related actions intended to address these challenges; and similarly, (2) determine any challenges GSA faces related to the protection of office buildings it owns or leases and the actions that have been taken. To do this work, we interviewed officials from Interior, including officials at the department level, the National Park Service (Park Service), U.S. Park Police (Park Police), and the Bureau of Reclamation (BOR); GSA; and DHS, including FPS. We also interviewed other agencies and organizations that have an interest in security issues, including the National Capital Planning Commission and the National Parks Conservation Association. We also reviewed pertinent documents and policies that we obtained from these agencies and related laws and directives. Our work included visiting sites that Interior and GSA identified as particularly illustrative of the challenges they face and how they are trying to address them. Additional information about our methodology and the sites we visited, along with a complete description of the organizations we interviewed, appears at the end of this report. We conducted our work between January 2004 and March 2005 in accordance with generally accepted government auditing standards. Separately, we issued a "For Official Use Only" report detailing the results of our review. This version of the report, for public release, provides a general summary of the challenges identified and our recommendations to help Interior and GSA enhance their protection of national icons and federal office buildings from terrorism. (The "For Official Use Only" report provided technical details to assist Interior and GSA in their efforts.) Results in Brief: Interior faces a range of major challenges in protecting national icons and monuments from terrorism. First, there is an inherent conflict between physical security initiatives and Interior's mission to provide access to, and education about, the nation's natural and cultural heritage. Striking a balance between protecting its assets from terrorism and maintaining public access is a new role for Interior, which has historically focused mainly on its preservation and education mission. Second, jurisdictional issues and competing stakeholder interests are another challenge. Pursuing security improvements that Interior believes are needed often puts the department at odds with other entities--such as planning commissions, private foundations, and local governments--that have jurisdiction over, or input regarding, physical enhancements. Third, some icons and monuments are in rugged, remote locations and, therefore, pose additional challenges related to securing perimeters and ensuring an adequate response in the event of an attack. Lastly, leveraging limited resources is an ongoing challenge. Interior officials responsible for security at the individual icons and monuments were concerned about whether the department will have a sustained level of staff and funding resources for security initiatives. Effectively addressing these challenges is vital for Interior because highly visible assets such as the Washington Monument and Mt. Rushmore National Memorial (Mt. Rushmore) could be targeted for symbolic reasons and for the purpose of harming people. Information from Interior shows that these and other assets are vulnerable to attack in a variety of ways. In addition to security improvements Interior has made at individual locations, several broader actions have been taken that are intended to address the department's challenges and improve its security program overall. These security improvements are as follows: * The administration has identified goals for overcoming challenges and vulnerabilities unique to national icons and monuments as part of its national strategy for homeland security. * Interior has developed physical security plans in response to Homeland Security Presidential Directive 7 (HSPD-7). This directive establishes a national policy for prioritizing the protection of critical infrastructure and requires all departments and agencies to develop physical and cyber security plans for the assets they own. In addition, the directive designates Interior as a sector-specific agency (SSA) for the national icons and monuments sector--SSAs are responsible for coordinating protection in their respective sectors across all levels of government and the private sector. * To centrally manage Interior's security initiatives and address its challenges, the department established a central coordination and oversight office for homeland security-related activities. This office- -the Office of Law Enforcement and Security (OLES)--has worked within Interior to identify assets that are likely targets, conduct risk assessments using a number of external experts, and coordinate efforts by Interior's bureaus to enhance security at individual locations. * Interior has developed a uniform risk assessment methodology that it has used to generate risk rankings for high-profile national icons and monuments. Overall, these efforts have been positive steps. As Interior moves forward, linking the results of its risk assessments and related risk rankings to security funding priorities at national icons and monuments is an important next step that we are recommending. This should allow for well-informed decisions by stakeholders--such as Interior, OMB, and Congress--about where to direct resources so that they have an optimal return on investment in terms of better protection. Furthermore, given Interior's complex and often contentious environment, setting forth the guiding principles by which the department balances its core mission with security--which we are also recommending--could have benefits. Guiding principles have been used by other organizations to foster greater transparency and thus allow stakeholders to better understand the basis for decisions. By identifying and conveying the principles it follows for making security-related decisions, Interior could be better positioned to achieve additional transparency and more mutually acceptable outcomes with its stakeholders. Interior did not comment on our recommendations. GSA also faces a range of major challenges--some similar to those facing Interior--related to security at buildings it owns or leases. First, federal buildings are where the government and the public transact business, and striking a balance between security and public access is an ongoing challenge. This challenge is of particular concern with federally leased space, where the government does not have complete control over building access. Second, GSA faces challenges in addressing jurisdictional and competing stakeholder interests, particularly in urban areas where local governments and others have a role in the type of security that is employed. Finally, the transfer of FPS to DHS has presented a major challenge for GSA. In addition to no longer having direct control over security services in its buildings, GSA officials were concerned about their ability to track security expenditures and stay informed about FPS protection activities in GSA buildings. In general, GSA officials said that GSA is still trying to define its overall role in security given the transfer of FPS. Addressing these challenges is critical because the terrorist threat against federal office buildings is significant. The Oklahoma City bombing and September 11 attacks demonstrated that terrorists possess the capabilities to destroy these types of assets. In the post- September 11 era, warnings from DHS have shown that there is still a concern regarding the threat that terrorists will use methods such as truck bombs to destroy office buildings. GSA owns many federal office buildings, on which an attack could seriously disrupt the business of government and harm federal employees and the public. To address the challenges associated with protecting federal office buildings, a number of actions have been taken. GSA has continued with the implementation of security enhancements to buildings in its inventory that it began after the Oklahoma City bombing--these enhancements are designed, in part, to achieve a balance between security and access. GSA has worked with the Interagency Security Committee (ISC) to develop security design criteria for newly constructed office buildings and security standards for addressing challenges associated with federally leased space. Established after the Oklahoma City bombing, ISC has a range of governmentwide responsibilities related to protecting nonmilitary facilities and has representation from all the major property-holding agencies. The administration has also identified the challenge of protecting federal office buildings as a top priority in the critical infrastructure area. In addition, ISC is responsible for coordinating agencies' building security efforts. The transfer of FPS to DHS--though a challenge for GSA--was intended to improve law enforcement and related functions by centralizing building security activities with other homeland security functions. A March 2003 operational memorandum of agreement between GSA and DHS made FPS responsible for the same types of security services that FPS provided for GSA properties prior to the transfer to DHS. These include performing risk assessments, managing the installation of some security equipment, conducting criminal investigations, and managing the contract guard program. These actions are all steps in the right direction. However, despite the range of challenges GSA faces, it lacks a mechanism--such as a chief security officer position or formal point of contact--to coordinate homeland security efforts at its buildings with FPS and tenant agencies. The officer/official in such a position, which we are recommending, could serve in a liaison role with FPS and tenant agencies, work to address the challenges GSA faces related to security in buildings it owns and leases, and enable GSA to better define its overall role in security given the transfer of FPS to DHS. Having such a position is recognized in the security community as essential in organizations that own and operate large numbers of mission-critical facilities. GSA concurred with this recommendation. Background: Interior is responsible for the safety of 70,000 employees and 200,000 volunteers, 1.3 million daily visitors, and over 507 million acres of public lands that include a number of sites of historical or national significance (national monuments and icons), and the security of dams and reservoirs. The Park Service's mission is the unimpaired preservation of the natural and cultural resources and values of the national park system for the enjoyment, education, and inspiration of current and future generations. According to Interior officials, the Park Service cooperates with various partners to extend the benefits of natural and cultural resource conservation and outdoor recreation throughout this country and the world. Within Interior, the Park Service is responsible for managing and protecting some of the nation's most treasured icons, including the Washington Monument, the Lincoln and Jefferson Memorials, the Statue of Liberty, Independence Hall and the Liberty Bell in Philadelphia, and Mt. Rushmore in South Dakota. The Park Service welcomes 428 million visitors to its 388 national park units each year throughout the United States, American Samoa, Guam, Puerto Rico, and the Virgin Islands. The Park Police provides security and law enforcement services to Park Service monuments and memorials in the District of Columbia, New York City, and in conjunction with Park Service rangers in San Francisco. Park superintendents and rangers manage and provide security and law enforcement services at the other parks throughout the United States in conjunction with their other duties. These other duties include management of public use, dissemination of scientific and historical information, and protection and management of natural and cultural resources. Among Interior's other bureaus, BOR has an important role in protecting critical infrastructure because of its responsibilities related to dams. BOR's core mission is to manage, develop, and protect water and related resources in an environmentally and economically sound manner. It is the largest wholesale water supplier in the nation, delivering 10 trillion gallons of water to over 30 million people each year. According to information from BOR, it manages 471 dams, making it the nation's second largest producer of hydropower; the dams generate approximately 42 billion kilowatt hours each year. BOR, among other things, is responsible for managing and protecting well-known assets, such as Hoover Dam in Arizona and Nevada. While Interior is responsible for protecting icons, monuments, and dams, GSA serves as the federal government's landlord and designs, builds, and manages facilities to support the needs of other federal agencies throughout all three branches of government. GSA is responsible for managing over 8,000 owned and leased buildings that comprise roughly 3 billion square feet of building floor area. FPS was created in 1971 to provide security services and law enforcement to GSA- owned facilities across the United States. FPS has the authority to, among other things; enforce laws and regulations that protect federal property, and persons on such property, and conduct investigations. As a result of the Homeland Security Act, 22 agencies- -including FPS--were centralized under DHS, and FPS retained its role related to law enforcement and security at GSA buildings. In accordance with the act, the transfer of FPS from GSA to DHS became effective on March 1, 2003. GSA officials said that GSA still assists FPS and tenant agencies with facility security, implements various security measures that FPS recommends, and incorporates enhanced security measures into new space it constructs or leases. Within DHS, FPS fell under the authority of the Immigration and Customs Enforcement (ICE), which, according to DHS, is its largest investigative arm. DHS also chairs ISC, which has representation from all the major property-holding agencies and was established after the Oklahoma City bombing. ISC has a range of governmentwide responsibilities related to protecting nonmilitary facilities. In July 2004, we reported on issues related to the transfer of FPS from GSA to DHS; and in November 2004, we reported on progress ISC has made and key practices in facility protection.[Footnote 1] Terrorist Threat Poses a Range of Challenges for Interior in Protecting National Icons and Monuments: The September 11 attacks demonstrated the nation's vulnerability to the threat posed by formidable, well-organized terrorists. As evidenced by the attacks, the terrorists are sophisticated, relentless, and patient in their planning and execution. This new type of threat represents a shift from historical assumptions about national security, where the military, foreign policy establishment, and intelligence community are responsible for protecting the nation, to a new paradigm where others- -such as Interior, state and local governments, and the private sector- -also have a role in homeland security. National icons and monuments represent the nation's heritage, tradition, values, and political power. Among Interior assets that could logically be categorized as potential symbolic targets are national icons and monuments such as Mt. Rushmore and the Washington Monument. Destroying these icons would likely have a profound effect on the nation's morale. In addition, Interior's portfolio includes assets that are part of the nation's critical infrastructure, such as the 471 dams it operates that provide hydropower to Western states. Information from Interior shows that these assets are vulnerable to attack in a variety of ways and that Interior faces a range of challenges to improving protection. These challenges include the inherent conflict between security and public access, jurisdictional issues and competing stakeholder issues regarding such matters as access and oversight of enhancements, the effect that the rugged and remote location of some assets has on perimeter security, and the ability to leverage available resources to address vulnerabilities by implementing security enhancements. Balancing Security with Public Access at Icons and Monuments Is a Major Challenge: Interior officials and staff at the icons and monuments we visited acknowledged, and the Interior Inspector General (IG) has reported, that balancing security with access is a major challenge facing the department. Implementing appropriate physical protection measures can be a challenge because such measures often run counter to societal values that associate access to icons and monuments with living in a free society. And, the core missions of some of the Interior's agencies--including the Park Service--reflect a high level of public accessibility and interaction. As reported by the Interior IG and discussed by Interior officials we interviewed, the organizational challenge of shifting to a homeland security focus in a culture rooted in preservation and education is also significant.[Footnote 2] Overall, the challenge of balancing protection against terrorism with public access is formidable and transcends other challenges Interior faces, including jurisdictional issues and competing stakeholder interests. Security versus Access: The Statue of Liberty: The Park Service's efforts to balance security with access at the Statue of Liberty demonstrate this challenge. The Statue of Liberty is one of the nation's most treasured sites and is an international symbol of American values. Located on 12-acre Liberty Island in New York Harbor, the Statue of Liberty was a gift of international friendship from the people of France to the people of the United States and is one of the most universal symbols of political freedom and democracy. It is a popular tourist attraction for visitors from around the world. In fiscal year 2003, over 3.2 million people visited the Statue. Park Service management of the Statue of Liberty and Liberty Island also includes Ellis Island and its facilities. The Statue consists of three sections: the Statue, the pedestal, and a base known as Fort Wood. The Park Service and Park Police oversee the monument's security program, including operation of screening facilities housed at Battery Park in Lower Manhattan in New York and Liberty State Park in New Jersey. Park Service and Park Police officials consider these locations, plus Governor's Island, part of a 5-point security perimeter that they monitor within New York Harbor. Figure 1 shows the Statue of Liberty, which is surrounded by New York Harbor. Figure 1: The Statue of Liberty in New York Harbor: [See PDF for image] [End of figure] Due to concerns about additional terrorist attacks, the Park Service closed Liberty Island and the Statue of Liberty immediately following September 11. The Park Service reopened Liberty Island in December 2001 but refrained from allowing access to the Statue until additional security and fire safety assessments could be done. These assessments identified a number of steps that needed to be taken before visitors could be allowed back into the Statue. In addition, the primary threats included aerial attacks and explosives detonated inside the structure. In August 2004, the Park Service reopened the Statue to visitors with access restricted to the top of the pedestal and the exterior observation deck. The security improvements were primarily aimed at preventing would-be terrorists from gaining access to the interior of the Statue and its grounds. Under this revised plan, visitors are able to tour the Statue of Liberty Museum, see close-up views of the statue from the promenade, view the inside structural elements of the statue, and experience a 360-degree panoramic view of New York Harbor from the observation deck. In addition, the Park Service and Park Police implemented other improvements, including more rigorous visitor screening, better explosive detection capabilities, improved fire safety, and enhanced communications. Park Service officials also noted that new barriers were installed at the Ellis Island service bridge and that Park Service and Park Police staffing has been increased since September 11 to implement the improved security plan. The Park Service reported in mid-2004 that, to make these improvements, it had invested $19.6 million and was anticipating an additional $9 million in future spending. In addition, the Park Service reported that the Statue of Liberty-Ellis Island Foundation, which is a consortium of private donors, had partnered with the Park Service to assist with funding a number of the safety improvements. Figure 2 shows the security checkpoint for Liberty Island. Figure 2: Security Checkpoint for Liberty Island: [See PDF for image] [End of figure] According to Park Service officials, the issue of public access to the Statue received high visibility and publicity while a new security plan was being developed. Some of the editorial press from this time expressed a concern that by closing the Statue, it had "ceded to al Qaeda." The Mayor of New York was quoted in a newspaper saying that as long as the Statue is closed, "in some sense, the terrorists have won." Interior and Park Service officials said that it was difficult to communicate the rationale for initially prohibiting, then later limiting, public access to the Statue without revealing the specific vulnerabilities that led to their decisions. A major reason for limiting access to the Statue was the need to adhere to building codes related to fire safety. For example, the Statue did not meet standards for exits and fire suppression capability. However, Interior and Park Service officials were also concerned with the security vulnerabilities of the Statue and the fact that knowledge of these vulnerabilities could make the Statue an even more attractive target. Although many security improvements have been implemented at the Statue of Liberty National Monument and Ellis Island, Park Service officials noted that several key security challenges remain. Security versus Access: Hoover Dam: Hoover Dam in Nevada and Arizona is another icon that presents Interior with challenges related to public access. Located approximately 38 miles southeast of Las Vegas, Hoover Dam is a national, historical, hydrological, and structural icon that is part of the nation's critical infrastructure. Managed by BOR, it receives approximately 1 million paid visitors every year and provides water and electricity for millions of people throughout the Southwest. Its 4.4 million cubic yards of concrete is recognized as a marvel of civil engineering. In addition, nearly 9 million people visit adjacent Lake Mead every year, which is the nation's largest man-made lake and is a national recreational area managed by the Park Service. Hoover generates electricity for southwestern states through its 17 turbines using water from Lake Mead. Also, Interstate 93 sits on top of the dam, serving as the region's main vehicular route across the Colorado River. According to BOR officials, following the terrorist attacks of September 11, BOR implemented a range of security enhancements, such as hiring additional security officers and guards and revising and canceling some public tours. In addition, BOR is taking steps to provide a long-term solution for its biggest security concern to visitors--the proximity of Interstate 93 to large crowds of visitors who also have access to the top of the dam. Related to security staffing, BOR nearly doubled the number of federal police officers and added new contract security guards. To help control the flow of tourists and provide additional security, BOR added access doors, and contract guards to certain areas of the visitor center. BOR also improved security at the visitor center by adding blast-resistant films to the windows. In addition, BOR improved gates and fencing in some areas surrounding the dam to improve perimeter security. BOR also installed a series of buoys and linked "boom lines" to serve as a security perimeter at water access points. Figure 3 shows the dam and a linked boom line in the water. Figure 3: Hoover Dam and Linked Boom Line Used to Enhance Perimeter Security: [See PDF for image] [End of figure] To further secure the dam's perimeter, BOR created two traffic security checkpoints, one in Arizona and one in Nevada, to screen and inspect passenger vehicles crossing the dam. Figure 4 shows a security checkpoint on the Arizona side of the dam. Figure 4: Security Checkpoint on the Arizona Side of Hoover Dam: [See PDF for image] [End of figure] Since September 11, BOR also made other changes to its security operations, including performing additional background checks on contractor personnel, obtaining security clearances for office directors and key personnel, conducting various site security inspections, initiating boat patrols on Lake Mead, contracting for the design of a new integrated security system, and installing additional surveillance cameras to monitor traffic checkpoints and other parts of the dam and visitor areas. To address one security concern as far as visitors are concerned--public access to the top of the dam due to the proximity to Interstate 93--BOR is currently working with Arizona, Nevada, the Federal Highway Administration, and others to construct a new four-lane bridge across the Colorado River approximately 1,500 feet from the dam. This bridge and additional roadways would re-route Interstate 93 off of the dam and improve traffic flow for the thousands of trucks and vehicles that use this road daily and reduce security vulnerabilities for the dam and its visitors. The cost of the project is currently estimated at $234 million, with funding coming through a combination of federal and state sources. Construction has already begun on new highways that approach the bridge, and the project is currently scheduled to be completed in 2008. Nonetheless, although it appears that BOR has taken the necessary steps to address the security concern with the highway, ensuring adequate security while allowing vehicle access will remain a unique and significant challenge for the next few years. Addressing Jurisdictional Issues and Competing Stakeholder Interests Is Another Challenge for Interior: Complicating its efforts to balance security and access, balancing jurisdictional issues and competing stakeholder interests represents another challenge facing Interior. Pursuing security improvements that Interior believes are needed often puts the department at odds with other entities--such as planning commissions, private foundations, and local governments--that have jurisdiction over, or input regarding, physical security enhancements. For example, efforts to secure the perimeter of a national monument or icon in an urban setting by closing streets and/or alleyways can be prevented by local governments. Similarly, local planning commissions and other oversight groups can prevent the placement of various protective measures because of aesthetic concerns and other considerations, such as perceived loss of revenue. According to information from Interior, limiting the types of measures it can employ can lead to delays in enhancing security and the use of potentially more costly and/or less effective alternatives. Jurisdictional and Competing Stakeholder Issues: Independence National Historical Park in Philadelphia: One location that illustrates the major challenges Interior faces related to jurisdictional issues and competing stakeholder interests is Independence National Historical Park (INHP) in Philadelphia, Pennsylvania. INHP is an open, national park space in the center of a densely populated urban area. Spanning approximately 45 acres, the park has about 20 buildings open to the public, including Independence Hall (site of the signing of the Declaration of Independence) and the Liberty Bell Center. Additionally, INHP houses multiple historically irreplaceable buildings and documents, including Carpenter's Hall (site of the first Continental Congress), Congress Hall, and an original copy of the Declaration of Independence. Figure 5 shows a security sign near Independence Hall, where the Declaration of Independence and U.S. Constitution were created. Figure 5: Independence Hall in Philadelphia: [See PDF for image] [End of figure] Due to its urban location, oversight responsibility at INHP involves several stakeholders. The Park Service and the city of Philadelphia have a memorandum of understanding (MOU) regarding emergency response responsibilities and other jurisdictional issues. Public city streets that carry both pedestrian and vehicular traffic surround the park and its buildings. According to Interior officials, the park is surrounded by local businesses that, along with city officials, are consulted regarding any change in park operations. Complicating oversight, the Park Service owns the land that covers the three blocks known as Independence Mall, and the city of Philadelphia owns the Independence Hall building and the Liberty Bell. The city and the Park Service operate under a cooperative agreement for the management and operation of Independence Mall. Also, the focus on security in this area of Philadelphia is further heightened because of the presence of other federal assets. Within a few block radius of INHP are multiple federal buildings, including the U.S. Mint, the Federal Reserve Bank of Philadelphia, and a federal courthouse that houses the U.S. District Court for the Eastern District of Pennsylvania. Park Service officials reported that prior to September 11, INHP managed its law enforcement and security operation consistently with the majority of urban parks across the nation. After the Oklahoma City bombing, a blast assessment focused primarily on Independence Hall was conducted and influenced the design of the new Liberty Bell Center. Aside from this assessment, no comprehensive risk assessment had been completed that addressed overall threat potential. Following September 11, the Park Service decided to keep the park open but added staff patrols from parks around the country to support INHP staff for approximately 6 to 9 months. A perimeter consisting of temporary fencing and concrete jersey barriers was also placed around the two city blocks containing the Liberty Bell and Independence Hall and, with the approval of city officials, Chestnut Street was closed on December 12, 2001. With these security improvements, staff coverage was roughly doubled, but the Park Service had to have rangers work overtime to allow for 24-hour coverage. The Park Service also implemented security measures that included the use of magnetometers and individual hand searches conducted at Liberty Bell Center and Independence Hall. After September 11, the Park Service also contracted with a private firm to conduct a threat assessment, which used a pre-existing blast assessment. Park Service officials added that the blast assessment, however, was too narrowly focused, and the lack of a comprehensive assessment of threats and vulnerabilities limited their ability to identify the full range of security measures that were needed to fully protect the park. In early 2005, an Interior security official told us that a comprehensive assessment conducted in compliance with HSPD-7 had been completed, and Interior officials are evaluating this assessment to determine additional security enhancements. Interior officials told us that jurisdictional issues at INHP and the political sensitivity of related disagreements have been the greatest challenges in terms of implementing security enhancements since September 11. These officials said that although there is a standing operational agreement between the Park Service and the city of Philadelphia, there is no current MOU regarding law enforcement and security. INHP security officials stated that their ability to effectively secure the park is limited by a lack of authority over Chestnut Street and consensus among stakeholders as to how to provide the best protection. This challenge is evidenced most clearly by the ongoing disagreement between INHP and the city of Philadelphia over the closure of Chestnut Street, the street that carries both pedestrian and vehicular traffic between Independence Hall and the Liberty Bell Center. INHP officials said that the city reopened Chestnut Street on April 1, 2003, after local residents and business owners made the case to the city that the closure would have an adverse impact on business. Chestnut Street currently remains open to pedestrians and traffic with the use of a controlled pedestrian intersection at Sixth and Chestnut Streets managed by Park Service security staff and contract guards to monitor park visitors transiting from the Liberty Bell Center to Independence Hall. Figure 6 shows traffic in front of Independence Hall and park rangers allowing screened visitors to cross Chestnut Street. Figure 6: Vehicle Traffic in Front of Independence Hall and Park Service Staff Allowing Visitors to Cross Chestnut Street: [See PDF for image] [End of figure] In addition to addressing jurisdictional issues related to differences with the city, Park Service officials at INHP said that their views on what security measures are needed often put them directly at odds with local stakeholder groups and business owners, specifically the Independence Mall Business and Residents Coalition (IMBARC). IMBARC was created for the purpose of challenging the closure of Chestnut Street. IMBARC's chairman told us that IMBARC members are united in their belief that the security measures implemented at INHP since September 11 are excessive and aesthetically unappealing. In addition, potential street closures surrounding Independence Mall also affect the Southeastern Pennsylvania Transportation Authority (SEPTA), the regional transit provider. Chestnut and Sixth Street are considered thoroughfares through the city's downtown, and Park Service officials said that major changes to the traffic patterns would likely meet additional resistance. We did not evaluate the competing views of the Park Service, the city of Philadelphia, or IMBARC regarding the Park Service's security efforts at INHP. Nonetheless, the situation the Park Service faces at this park illustrates the complex and often differing jurisdictional and competing stakeholder views that Interior faces related to security in the post-September 11 era. Jurisdictional and Competing Stakeholder Issues: Monuments on the National Mall in Washington, D.C. Other national icons where Interior faces jurisdictional and competing stakeholder challenges are the monuments on the National Mall (the Mall) in Washington, D.C. In particular, Interior has responsibility for several major monuments on or near the Mall--including the Washington Monument; the Lincoln, Jefferson, and Roosevelt Memorials; and the World War II, Korean War, and Vietnam War Memorials. The Park Police provides protection for these monuments and icons. Prior to September 11, there was a concern that monuments and icons on or near the Mall could be the focus of a terrorist attack. According to Interior officials, after September 11, Interior worked with a private security firm to assess the risk of terrorist attacks at Mall monuments. This assessment examined potential threats and alternate methods of both prevention and protection. Additionally, the Park Service identified specific protection criteria and designated key areas with the highest vulnerability as priority status for increased security. According to Interior and Park Service officials, they have used the report's findings to determine where to allocate appropriated funds and implement security upgrades for high-risk structures. The Park Service has pursued a number of security enhancements to the Washington Monument and Lincoln and Jefferson Memorials, which were the focus of our review. Construction is currently under way on a landscape security solution for the grounds of the Washington Monument. When construction is complete, a 30-inch-high granite retaining wall along newly constructed pedestrian pathways will surround the monument. The wall will serve as a vehicle barrier while also providing visitor seating. In addition, the monument grounds will receive nearly 800 new shade and flowering trees, upgraded lighting, and granite paving on the plaza. The Park Service closed the monument to the public in September 2004 to complete the final phase of the security enhancement project and reopened it on April 1, 2005. At the Lincoln Memorial, the Park Service plans to construct a 35-inch-high granite retaining wall at the edge of the roadway around the north, west, and south sides of Lincoln Memorial Circle, and install retractable bollards for a portion of the circle that does not handle everyday traffic. The Park Service is also developing an alternative to a 715-foot line of jersey barriers on the memorial's east side, facing the Mall. Figure 7 shows the temporary jersey barriers and fencing on the east side of the memorial. Figure 7: Jersey Barriers and Fencing on the East Side of the Lincoln Memorial: [See PDF for image] [End of figure] For the Jefferson Memorial, the Park Service has proposed the construction of a security barrier, closure of a U-shaped driveway next to the monument to create a pedestrian plaza, and creation of additional parking away from the monument to improve security by limiting vehicular access. The Park Service's proposal includes the elimination of parking adjacent to the monument. According to the Park Service's environmental assessment of various options, the options under consideration would have adverse impacts on historic structures and the cultural landscape because the proposed security barrier would introduce a new element within the historic scene. However, the Park Service also said that the historic structures, cultural landscape, and aesthetic and visual quality would benefit due to the removal of the existing security measures that currently compromise the views, vistas, and historic scene. According to the Park Service, safety and security would be improved because the barrier would provide a first line of defense from the potential threat of a vehicle bomb and would serve as a deterrent to terrorists. Figure 8 shows a jersey barrier and temporary snow fencing at the memorial. According to Park Service officials, the snow fencing is used to control pedestrian flow to and from the memorial. Figure 8: Jersey Barriers and Snow Fencing at the Jefferson Memorial: [See PDF for image] [End of figure] In addition to these improvements at the monuments, the Park Service has upgraded its security camera capabilities in and around the Mall. The camera system began its initial test run in July 2002 and was fully operational by the fall of 2002. Park Service officials reported that the system consists of cameras mounted in and around the Mall that digitally record footage. It is designed for redundancy; if one camera fails, another camera could quickly cover the same area. Park Service officials stated that in the near future, they would like to expand coverage and progressively upgrade the camera system. Since September 11, Interior has also established internal security protocols directly tied to the Homeland Security Advisory System.[Footnote 3] In implementing security enhancements, several entities have an oversight, advisory, or advocacy role for the monuments on the National Mall and have an interest in security enhancements at the monuments. These entities include the National Capital Planning Commission (NCPC), Advisory Council on Historic Preservation (Advisory Council), the U.S. Commission on Fine Arts (CFA), and the District of Columbia's State Historic Preservation Officer (SHPO). In addition, advocacy groups, including the National Coalition to Save Our Mall and the National Parks Conservation Association (NPCA), are involved in, and offer their views on, security enhancements to the monuments. The roles of the major entities and organizations are as follows: * NCPC (www.ncpc.gov) is the central planning agency for the federal and District of Columbia governments in the national capital. Established in 1924 as the National Capital Park Commission and later renamed, NCPC's responsibilities include conducting comprehensive planning to direct federal activities and protect federal interests, reviewing and approving all federal development projects in the city and outlying region, leading specific initiatives to enhance the region, and preparing an annual Federal Capital Improvements Program. NCPC is composed of three presidential appointees, two D.C. mayoral appointees, the Secretaries of Defense and the Interior, the Chairmen of the Senate Committee on Homeland Security and Governmental Affairs and House Committee on Government Reform, the Administrator of GSA, the Mayor of the District of Columbia, and the Chairman of the D.C. City Council. * The Advisory Council (www.achp.gov) is an independent federal agency that promotes the preservation, enhancement, and productive use of the nation's historic resources and advises the president and Congress on national historic preservation policy. The National Historic Preservation Act (NHPA) established the Advisory Council in 1966. According to the Advisory Council, it seeks to have federal agencies act as responsible stewards of our nation's resources when their actions affect historic properties. The Advisory Council recommends administrative and legislative improvements for protecting the nation's heritage; advocates full consideration of historic values in federal decision making; and reviews federal programs and policies to promote effectiveness, coordination, and consistency with national preservation policies. * CFA (www.cfa.gov) was established by Congress in 1910 as an independent agency to advise the federal and District of Columbia governments on matters of art and architecture that affect the appearance of the nation's capital. CFA's primary role is to advise on proposed public building projects, but it also reviews private buildings adjacent to important public buildings and grounds. * NHPA provides for the designation of a SHPO in each state. SHPOs have duties that include locating and recording historic resources; nominating significant historic resources to the National Register of Historic Places; fostering historic preservation programs at the local government level; reviewing all federal projects for their impact on historic properties in accordance with Section 106 of NHPA; and providing technical assistance on rehabilitation projects and other preservation activities to federal agencies, state and local governments, and the private sector. * The National Coalition to Save Our Mall (www.savethemall.org) was founded in 2000 as a coalition of professional and civic organizations and other concerned artists, historians, and citizens to provide a national constituency dedicated to the protection and preservation of the National Mall in Washington, D.C. According to the Coalition's Web site, its mission is to: "defend our national gathering place and symbol of Constitutional principles against threats posed by recent and ongoing proposals--for new memorials, security barriers, service buildings and roads--that would encroach on the Mall's historical and cultural integrity, its open spaces and sweeping vistas, and its significance in American public life." * NCPA (www.ncpa.org) is an advocacy organization whose mission is to protect and enhance the National Park System for present and future generations. According to its Web site, NCPA has been in existence for 85 years and has 300,000 members. NCPA's objectives are to advocate for the national parks and the Park Service, educate decision makers and the public about the importance of preserving the parks, help to convince Members of Congress to uphold the laws that protect the parks and support of new legislation to address threats to the parks, fight attempts to weaken these laws in the courts, and assess the health of the parks and park management to better inform its advocacy work. Interior and Park Service officials said that implementing security measures can be particularly challenging at monuments on the Mall in Washington, D.C., because of the number of entities and organizations that have jurisdictional, advisory, or advocacy roles regarding changes. These officials said that in gaining the approval for projects from NCPC and incorporating the views of the other organizations, the Park Service tries to strike a balance among the various stakeholders and build consensus. For example, in an effort to streamline the process for gaining approval and input for enhancements at the Washington Monument, the Park Service, NCPC, ACHP, and the D.C. SHPO established a streamlined review process in 2002 that allows for public participation. However, Interior and Park Service officials acknowledged that there is often disagreement over how to balance security with public access and aesthetic beauty. For example, as part of its plans for security enhancements at the Washington Monument, the Park Service gained approval from the NCPC in April 2003 to build an underground visitor screening area and tunnel that would lead to the basement of the monument. However, after meeting significant resistance from NCPA, the Save Our Mall Coalition, and other interested stakeholders, a senior Park Service official told us that the Park Service abandoned this concept in the interest of maintaining support for security enhancements. Due to the high visibility that security enhancements at Mall monuments receive, Interior officials said that addressing jurisdictional issues and competing stakeholder interests on the Mall will remain their biggest challenge. Remote Location of Some Interior Assets Poses a Security Challenge: Due to the remote and rugged location of some assets, Interior officials reported that some icons and monuments pose additional issues related to securing perimeters and ensuring an adequate response in the event of an attack. According to information from Interior, although the remoteness of the locations may reduce the threat exposure associated with more "target rich" environments, it can present a significant disadvantage when Interior attempts to implement security measures. Remote Locations: Mt. Rushmore: Mt. Rushmore, which is located in the Black Hills of southwestern South Dakota, typifies how difficult it can be for Interior to protect icons and monuments that are located in remote and often rugged environments. Mt. Rushmore is the world's largest sculpture and is one of the most widely recognized symbols of the United States. In addition to its cultural and symbolic significance, size, and location, Mt. Rushmore hosts a large number of visitors each year, including numerous dignitaries. The monument has a visitor center, restaurant, gift shop, and amphitheatre that are used for various events. Each Fourth of July, the park hosts a holiday celebration with fireworks and other activities that attracts tens of thousands of visitors. The monument is also about 50 miles south of Sturgis, the site of an annual motorcycle rally that can bring over 500,000 tourists to the area--many of whom visit Mt. Rushmore. Approximately 2.9 million tourists visit the monument annually, with up to 40,000 visiting on some days during the summer months. Mt. Rushmore has a history prior to September 11 of security incidents involving domestic terrorists, political demonstrators, and bomb threats, according to Park Service officials. The threats and related incidents have included the following: * Between 1970 and 1973 there were multiple efforts by the American Indian Movement to occupy the mountain and deface the monument. * In 1975, a bomb was detonated in front of the visitor center--there were no injuries because the detonation occurred early in the morning. * In 1987, the environmental group Greenpeace illegally climbed the mountain and attempted to unfurl a protest banner. * In 1991, the Park Service received multiple, credible threats to assassinate then-President George H.W. Bush during the 50th anniversary celebration of the monument. * In 1999, a Colorado man was arrested for making a threat to blow up Mt. Rushmore. According to Park Service officials, because of these incidents, the Park Service took actions, including a security assessment in 1997 that recommended a range of countermeasures costing approximately $2.9 million, most of which were subsequently implemented. However, Park Service officials told us that prior to September 11, the focus of their security efforts was directed at protecting the monument. In light of the September 11 attacks, Park Service officials are now including visitors and employees in their protection at Mt. Rushmore. With increases in funding for security after September 11, Park Service officials told us in mid-2004 that they were in the process of adding protection park rangers and other employees. In addition, the Park Service made other security enhancements, including the installation of security fencing, lighting, and gates at multiple locations; improvements to existing mechanical systems for dispatch and incident management; and the purchase of all-terrain vehicles for use in patrols and at special events. Figure 9 shows a security camera mounted near the amphitheatre at the base of the monument. Figure 9: Security Camera near the Amphitheatre at Mt. Rushmore: [See PDF for image] [End of figure] Despite these improvements, security at Mt. Rushmore is a major Park Service concern, due to the large area to patrol and large number of visitors. The park has 1,278 acres, 40 acres of which are part of the visitor service area that offers hiking and educational opportunities at the sculptor's studio and visitor center's amphitheater, museum, and bookstores. In addition, the area immediately surrounding the sculpture has steep rock faces and a series of canyons. While terrain serves as a natural barrier for most visitors and casual hikers, preventing individuals seeking to climb to the top of the monument for nefarious purposes is difficult. Park rangers at the monument told us that in order to fully secure the monument's perimeter, rangers must regularly hike and patrol the mountain--a time-consuming and physically challenging task. Figure 10 shows the rugged terrain at the front of the sculpture and a canyon in the area behind the sculpture. Figure 10: Rugged Terrain Surrounding Mt. Rushmore: [See PDF for image] [End of figure] In addition, the park relies on backup from state and county law enforcement agencies, as well as the Federal Bureau of Investigation. According to Park Service officials, these agencies also provide support during major events at the park. Leveraging Limited Resources for Security Improvements Is Viewed by Interior Officials as a Challenge: In addition to the range of challenges with protecting icons and monuments, Interior officials were also concerned about the department's ability to leverage limited resources for its protection initiatives in terms of security staffing and funding. These officials said that the increased emphasis on visitor protection and homeland security demands that Interior maintain a well coordinated and highly professional law enforcement capability. However, the department's law enforcement staff is already spread thin, according to these officials, averaging one law enforcement officer for about every 110,000 visitors and 118,000 acres of land. Funding challenges for Interior homeland security programs have been well documented. According to the August 2003 Interior IG report mentioned earlier, September 11 and the resulting increase in icon park security have had an impact on other parks and law enforcement officers across the Park Service.[Footnote 4] According to the report, rangers have been detailed from their permanent parks to supplement the icon park forces, leaving many other parks with a diminished protection staff. The Interior IG also reported that law enforcement staff were strained right after September 11 because officers were working 12-hour shifts 7 days a week for several months and with no days off. The Interior IG reported that there is a concern about the long-term effectiveness of the protection staff and the officers who operate under these conditions. At the icons and monuments we visited, concerns about having adequate resources for security were evident. In Philadelphia at INHP, Park Service officials said that law enforcement represents the largest portion of the INHP budget at approximately $8 million per year and accounts for more than one-third of the park's budget. By comparison, prior to September 11, law enforcement accounted for about $2.4 million per year. At the Jefferson Memorial, Park Service officials told us that they sometimes leave the snow fencing (shown in fig. 8) in place because they lack the staff resources to remove and reinstall the fencing before and after each major event on the Mall. At Mt. Rushmore, the need for additional staff was, as mentioned before, an ongoing concern. Although we did not do a detailed assessment of security funding issues, officials at the sites we visited told us that they were concerned about their ability to implement further security enhancements that they believe are needed. They viewed lack of additional funding as a major challenge. Interior officials with OLES, including the Deputy Assistant Secretary for Law Enforcement and Security, expressed concern about the department's inability to obtain homeland security funding through DHS. These officials said that state and local governments receive significant funding through DHS. These officials said that there have been discussions within the administration about allowing other federal agencies to receive funding through DHS but such actions have not been taken. Nonetheless, with the establishment of a central office to manage security matters and Interior's efforts to respond to various governmentwide initiatives, the department has taken some important steps to better position itself to compete for homeland security-related funds. At the individual icons and monuments we visited, steps clearly had been taken to improve security since September 11, such as the Washington Monument perimeter landscaping project, the Lincoln and Jefferson Memorial security projects, the visitor screening system at the Statue of Liberty, increased staffing at Mt. Rushmore, and the rerouting of Interstate 93 at Hoover Dam. Initiatives to Protect National Icons and Monuments Are Part of the National Homeland Security Strategy: Initiatives by Congress and the administration since September 11 to improve homeland security have been intended to, among many objectives, address the range of challenges associated with protecting national icons, monuments, and other key assets held by Interior. The September 11 terrorist attacks prompted Congress to pass the Homeland Security Act, which created DHS. DHS's mission includes preventing terrorist attacks within the United States, reducing the vulnerability of the United States to terrorism, and minimizing the damage and assisting in the recovery from attacks that do occur. The creation of DHS centralized the government's homeland security efforts, including policy setting with regard to protecting national icons and monuments. As discussed earlier, several of Interior's assets are highly visible and symbolic icons, monuments, and critical infrastructure such as dams. Due to the prominence of Interior's assets, protecting them has figured heavily into the broad strategic goals set forth by the administration after September 11. More specifically, the President's July 2002 National Strategy for Homeland Security recognized the potential for attacks on national icons and monuments, which could be targets for symbolic reasons and whose destruction could profoundly damage national morale.[Footnote 5] The President's February 2003 National Strategy for the Physical Protection of Critical Infrastructures and Key Assets provides a statement of national policy to remain committed to protecting critical infrastructures and key assets--including national monuments, icons, and dams that Interior is responsible for--from terrorist attacks and is based on eight guiding principles. These principles include establishing responsibility and accountability and encouraging and facilitating partnering among all levels of government and between government and industry. The strategy also establishes three strategic objectives, which are to (1) identify and ensure the protection of the most critical assets, in terms of national level public health and safety, governance, and economic and national security and public confidence; (2) ensure protection of infrastructures and assets facing specific, imminent threats; and (3) pursue collaborative measures and initiatives to ensure the protection of other potential targets that may become attractive over time.[Footnote 6] The critical infrastructure strategy identifies Interior as the lead federal entity for taking actions in a number of areas, in conjunction with DHS, related to protecting icons, monuments, and other key assets. These actions include developing guidance and standards for determining criticalities and protection priorities, conducting threat and vulnerability assessments, exploring opportunities for using technology to protect visitors at monuments, and collaborating with state and local governments and private foundations to ensure the protection of symbols and icons outside the federal domain. In our prior work, we assessed these plans and in February 2004 testified that the national strategy related to critical infrastructure contained the most desirable characteristics among the strategic plans for homeland security that the administration has produced since September 11.[Footnote 7] These characteristics included addressing such areas as purpose, scope, and methodology; problem definition and risk assessment; and organizational roles, responsibilities, and coordination. While the 2002 and 2003 national strategies identified a broad framework for homeland security as it relates to critical infrastructure, HSPD-7, which the administration issued in December 2003, establishes a national policy for federal agencies to identify and prioritize critical U.S. infrastructure and key resources and to protect them from terrorism.[Footnote 8] The directive identified several critical infrastructure sectors, such as agriculture, water systems, public health, and national monuments and icons. For several of the sectors, the directive identifies lead agencies that have sector- specific knowledge, including Interior for national icons and monuments. SSA responsibilities include collaborating with all relevant federal entities, state and local governments, and the private sector; conducting or facilitating vulnerability assessments of the specific sector; and encouraging risk management strategies to protect against and mitigate the effects of attacks. Section 35 of the directive also requires, on an annual basis, that sector-specific agencies report on their efforts to identify, prioritize, and coordinate the protection initiatives in their respective sectors. In addition, section 34 of the directive requires that all federal departments and agencies develop physical and cyber security plans for the assets they own or operate. Interior's Actions Have Been Positive, and Further Steps Could Strengthen Its Efforts in the Security Area: After September 11, the Secretary of the Interior took steps to address serious organizational and management problems in the law enforcement and security components of the department. Of particular concern, according to Interior's IG, was the lack of coordination among these components and the absence of a meaningful single point of contact that the Secretary and senior managers could depend upon for reliable information and advice.[Footnote 9] The Secretary approved a Deputy Assistant Secretary for Law Enforcement and Security in July 2002, established the security office named OLES, and approved the implementation of the additional 24 recommendations from a January 2002 Inspector General report.[Footnote 10] OLES oversees the department's security efforts and seeks to ensure consistent application across bureaus and offices. OLES has responsibilities related to (1) coordinating the development of policies and standards, (2) coordinating and overseeing implementation of policies and standards, (3) representing the department externally, (4) conducting compliance reviews, and (5) providing leadership during incidents. Because Interior was designated as an SSA, OLES prepared a sector-specific security plan for icons and monuments, as required by section 35 of HSPD-7. Interior also developed a physical security plan for the assets it owns and operates in response to section 34 of HSPD-7. These plans recognize many of the major challenges facing Interior, including security versus access, jurisdictional considerations, security in remote locations, and security staffing issues. In response to HSPD-7's requirement that Interior formulate a plan for identifying, assessing, prioritizing, and developing protective programs for critical assets within the national icons and monuments sector, Interior developed a uniform risk assessment and ranking methodology called the National Monuments and Icons Assessment Methodology (NM&I methodology). According to information from Interior, the NM&I methodology is specifically designed to quantify risk, identify needed security enhancements, and measure risk-reduction benefits at icon and monument assets. The NM&I methodology has a consequence assessment phase and a risk assessment phase. During the consequence assessment phase, there is an asset tier ranking process, in which each asset's iconic significance is subjectively determined. Specific attack scenarios--such as chemical/biological, aircraft, or improvised explosive device--are used to evaluate security at each asset and score attack consequences. Consequence categories include casualties, economic impact, and length of disruption. During the risk assessment phase, Interior uses the methodology to determine the effectiveness of existing security systems for preventing or mitigating the specified attack scenarios. Using risk values calculated from this comparison, Interior assigns asset risk ratings of high, medium, or low, and specific mitigation recommendations are formulated. To date, Interior has applied this methodology to assets that fall under the purview of the Park Service. Interior officials said that BOR has used a risk assessment methodology for dams for several years. These officials said that BOR's methodology is similar, but also takes into account several factors that are unique to dams, such as downstream population at risk, structural vulnerability, and the economic impact if the asset were to be destroyed. Interior has made significant progress in the risk assessment area, particularly regarding the new methodology for national icons and monuments. Before the development of this approach, Interior did not have a uniform, comprehensive risk management approach for icons and monuments. It relied instead on the judgment of senior officials in determining where resources should be directed, and the risk assessments completed at individual sites were done by a number of external experts using different methodologies. Given the range of challenges Interior faces, particularly with regard to limited resources, it is especially important that Interior's funding priorities are linked with its risk rankings so that decision makers-- including Interior, Office of Management and Budget (OMB), and Congress--can direct resources where they will have an optimal return on investment in terms of better protection. Setting funding priorities for protecting assets using a uniform approach is the foundation of the National Strategy for Homeland Security and the National Strategy for the Physical Protection of Critical Infrastructure and Key Assets. For example, the section of the National Strategy related to critical infrastructure calls for DHS and stakeholders like Interior to develop a uniform methodology for identifying facilities, systems, and functions with national level criticality to help establish priorities. Government agencies often face a variety of interests whose competing demands force policymakers and managers to balance stakeholders' concerns and other factors such as quality, cost, and customer satisfaction. For Interior, the trade-offs that have to be made between security and its cultural mission are often difficult, which was apparent at the sites we visited. Full transparency regarding the basis for its decisions on security matters could, in our view, improve Interior's ability to achieve mutually acceptable and consistent outcomes with stakeholders. As Interior continues with the implementation of security measures, a clearly defined set of guiding principles for balancing security with its core cultural mission could also be beneficial due to the complex and often contentious environment in which Interior operates. Such principles could be used in conjunction with the broader guiding principles the administration set forth in the national strategy for critical infrastructure and efforts by the department to define its guiding principles in other areas that are already in place. For example, the Park Service's strategic plan for fiscal years 2001 to 2005 identifies a set of guiding principles for achieving its mission that include excellent service, productive partnerships, and citizen involvement. Guiding principles have been used by other organizations to improve transparency and thus allow stakeholders to better understand the basis for decisions. For example, the administration has outlined guiding principles for postal reform given the U.S. Postal Service's financial difficulties and a complex operating environment that involves multiple competing interests and stakeholders.[Footnote 11] These principles relate to best practices, transparency, flexibility, accountability, and financial self-sufficiency. In another example that relates directly to security, the government of Canada has identified guiding principles that are part of its long-term plan for the Parliament Precinct area in Ottawa.[Footnote 12] These principles address the issue of balancing openness, accessibility, and security; which, like in the United States, is a concern in Canada. The Threat Against Federal Office Buildings is Significant, and GSA Faces Various Challenges as the Owner and Landlord of These Assets: Terrorism is a major threat to federally owned and leased buildings, the civil servants and military personnel who work in them, and the public who visits them. This threat was evidenced by the Oklahoma City bombing in 1995; the 1998 embassy bombings in Africa; the September 11, 2001, attacks on the World Trade Center and Pentagon; and the anthrax attacks in the fall of 2001. Since the attacks on the World Trade Center and the Pentagon, the focus on security in federal buildings has been heightened considerably. More recently, DHS raised the national threat level to Code Orange in some areas in August 2004 because of specific threat information for office buildings with critical missions. According to information from DHS, intelligence reports indicated that al Qaeda was targeting several specific buildings, including the International Monetary Fund and World Bank in the District of Columbia, Prudential Financial in northern New Jersey, and Citigroup buildings and the New York Stock Exchange in New York. GSA owns several federal office buildings on which an attack could seriously disrupt the business of government and harm federal employees and the public. Overall, GSA controls more than 8,000 buildings that it owns and leases nationwide, encompassing about 338 million square feet of space. These properties include office buildings, courthouses, border stations, and other types of facilities, representing about 6 percent of all federally owned space worldwide and 39 percent of all federally leased space worldwide. In addition to most of the major departmental headquarters in Washington, D.C., including the Departments of State, Justice, and Interior, GSA owns most of the key multiagency federal office buildings in major cities, including New York, and Chicago, as well as every federal courthouse in the country. Various potential threats--including large-scale attacks using truck bombs to other breaches and attempts to bring weapons, explosives, or chemical/biological agents into the buildings--pose several challenges for GSA as the owner and landlord of these buildings. These include maintaining a proper level of security without limiting the public's access to federal offices for services that the government provides and for other business; working with stakeholders and other jurisdictions that have an interest in the type of security that is employed; securing access to privately owned buildings and space where GSA leases space for federal agencies, but where GSA and FPS do not have control over security for the building; and the challenge GSA faces as a result of the transfer of FPS, which has responsibility for providing law enforcement and security related functions, to DHS. Balancing Security with Public Access at Federal Facilities Is a Major Challenge: A major challenge in protecting federal buildings is balancing increased security with the public's access to government offices for services and to transact other business. According to GSA, its intent is to create an environment that reflects an open, welcome atmosphere, but one that challenges those with intent to do harm. In addition, GSA also considers federal workers' convenience and privacy an important part of these considerations. Nonetheless, striking a balance among these competing factors is an ongoing challenge. It is particularly challenging for federal agencies in GSA-owned buildings that require regular public access such as courthouses, and federal office buildings that have agencies that interact often with the public, such as the Social Security Administration. A GSA-owned and managed federal courthouse in Nevada demonstrates the challenge of balancing public access with security needs and how GSA has fostered this balance. This large courthouse houses multiple tenants requiring heightened security, including the federal courts, the U.S. Attorney's Office, and the U.S. Marshals Service (USMS). According to GSA officials, the courthouse is unique because it hosts cultural events such as concerts and contains many displays of sculpture, painting, and photographic art that are open to the public. Located in what GSA officials said is a neglected downtown area, the courthouse is also a key part of a business and community revitalization effort that offers free public events and encourages public participation. Balancing the need for securing the facility and public accessibility is especially important given the dual roles of the courthouse. The courthouse has many security features incorporated into its design. It is the first courthouse to be designed with federal architectural blast-resistance guidelines adopted after the Oklahoma City bombing. According to GSA officials, the design of the courthouse incorporated many of the lessons learned from Oklahoma City. Some of these many security features incorporated into the building design include the following: * setback from the streets; * window glazing and hardened exterior building; * advanced structure design; * bollards around building perimeter; * controlled parking for building staff; * security barriers entrance to mitigate the danger of high-speed vehicle attempting to enter the parking garage; * separate sally port for prisoner transfer and elevators for transfers of prisoners to courtrooms; * unique, unobtrusive design for magnetometer checkpoints at main public entrance; * access card operated doors and nonpublic elevators; and: * surveillance cameras both within and outside the structure. USMS and FPS provide law enforcement and security functions for federal buildings that house court functions. Given the events of September 11, FPS and USMS made a number of enhancements to their operations and physical security features at the courthouse. For example, FPS and USMS officials told us that they now hold weekly meetings with the buildings' principal stakeholders to review security issues. In addition, USMS officials told us that they have instituted new gun and hazardous materials training for their officers and have stepped up evacuation drills and training for building employees. FPS and USMS officials said that since September 11 there has been a great deal of cooperation amongst local law enforcement agencies. For example, one local law enforcement agency allowed FPS to link to its radio systems to enhance communication between the entities. The local law enforcement agency also involved USMS in their regionwide security efforts on New Year's eve 2003, when the national threat alert level was raised to orange. Finally, USMS and FPS have made physical security enhancements, including, among other things, hardening the exterior wall of the courthouse that did not have a setback with a reinforced retaining wall and a rock garden with large boulders, replacing the gates to the vehicle sally port--which is a secure entryway for the loading and unloading of prisoners and protected witnesses--with stronger iron gates, adding surveillance cameras, adding alarms, and constructing a secure gun locker for use by armed officers. The fact that office buildings traditionally have been constructed with an emphasis on ease of access makes security measures difficult to implement. However, as mentioned above, the design of the courthouse incorporated many of the lessons learned from the Oklahoma City bombing with respect to building security and safety, as well as a design that emphasizes openness and accessibility. Nonetheless, according to GSA officials, balancing security design and enhancement with access is an ongoing challenge. Addressing Jurisdictional Issues and Competing Stakeholder Interests Is Another Challenge for GSA: In addition to the challenges related to balancing security with public accessibility at GSA buildings, addressing the competing needs of federal agencies, local governments, and private sector entities in securing its buildings is a challenge. For example, local governments get involved when GSA requests permits to implement additional security enhancements that require such actions as closing streets, removing public parking spaces, and installing bollards around the perimeter of the facility. One location that typifies the jurisdictional and stakeholder issues GSA faces is a federal building in New York City. It is a GSA-owned and managed building that houses multiple federal agencies and is visited by thousands of individuals each year conducting business with the government. GSA was focused on security at the federal building before the September 11 terrorist attacks. In coordination with the FBI and the city, GSA had developed a preliminary security upgrade plan, which included improvements such as maintaining street control around the building, increasing the use of building access controls, and hardening the building to protect it from blasts. After September 11, GSA and FPS implemented several additional security enhancements, including further strengthening perimeter security, access control, surveillance, and blast resistance. GSA and FPS took steps to improve the perimeter security of the federal building by accelerating plans to install bollards and barriers around the perimeter and working with city and fire department officials to close some nearby streets to vehicular traffic. In addition, GSA instituted a new building access system employing smart card technology. Smart cards contain the name, title, and picture of the employee; electronic data that can prove the authenticity of the card; and biometric data about the employee. Figure 11 shows the bollards that were installed in front of the federal building. Figure 11: Bollards in Front of a Federal Building in New York: [See PDF for image] [End of figure] GSA officials said that to implement these and other security enhancements, their greatest challenge has been dealing with competing stakeholder interests and jurisdictional issues. GSA officials indicated that the decision-making process involves multiple stakeholders, steps, and requirements, most of which involve the city of New York. GSA officials noted that in addition to new steps and requirements that arose during the permit process, some requirements changed after permit issuance. In these cases, city officials have retracted some permits for security enhancements, and GSA has had to restart the permitting process. Specifically, GSA officials noted that they encountered delays when trying to install bollards along the building perimeter. Initially, the city Department of Transportation was supportive of the idea; but as the process continued, GSA officials said that issues related to historic preservation arose that needed to be addressed. Moreover, GSA officials also noted that the city has prevented GSA from making some security enhancements that they believed were needed. GSA has also experienced opposition from various groups in trying to close a nearby street due to security concerns. According to GSA officials, the city has asked GSA to prepare an environmental impact statement (EIS), hold public hearings, and consider traffic and economic impacts on the street closure. In contrast with the challenges they have encountered with the city, GSA officials said that the New York Police Department (NYPD) has been supportive of their security efforts. At a recent demonstration near the federal building, GSA officials said that NYPD provided police officers to assist with crowd control. Although GSA has been faced with various jurisdictional issues and the process has been challenging, the city ultimately has also allowed GSA to close streets and make several of the previously mentioned security upgrades. Nonetheless, GSA's experience at the federal building demonstrates the complexities it faces when attempting to implement security enhancements for large, multitenant buildings in urban settings. The Challenge of Security for Leased Space: Securing access to privately owned buildings and space that houses federal tenants is a unique challenge that may put the government at odds with private lessors and other nonfederal building occupants. GSA has reported that its goal and biggest challenge in this area is to provide the same level of security for occupants of leased facilities as it provides for those that GSA owns. However, this is often difficult because GSA has to work with lessors to implement changes and in some instances coordinate with other nonfederal tenants. As a result, GSA may have difficulty getting the lessor to allow security countermeasures in buildings that are not fully occupied by federal employees. This challenge arises because many private owners resisted heightened levels of security because of the adverse impact or inconvenience potentially caused to private tenants. GSA officials also identified negotiating the need and costs of increased security standards in leased properties as a significant challenge in the post- September 11 environment. GSA officials said that negotiating with private owners presents a challenge of determining how to effectively secure mixed-tenant buildings without security being overly burdensome. A GSA official, knowledgeable of leasing issues told us, however, that September 11 changed the perspective of private owners as they realized vulnerabilities and recognized that federal tenants would begin requiring increased levels of security in order to continue to lease space. The D.C. metro area, managed by GSA's National Capital Region, has a high concentration of federal leases. One such leased building is a 10- story, privately owned facility located in Washington, D.C. The property is a mixed-tenant space with both private sector and federal tenants. The building posts guards and operates screening checkpoints at each entrance and restricts access to elevator banks and stairwells to only those authorized or with escort. In addition, a GSA official said that at the request of the building's largest federal tenant, every individual entering the building must be screened. Additionally, the building also operates a mail facility to screen all mail, packages, and deliveries. Due to security concerns following the September 11 attacks, FPS, along with GSA and the building's largest federal tenant, assessed the building's risk and began to develop and implement a comprehensive security program. FPS conducted a threat assessment of the building and determined the building to be classified as a Level IV[Footnote 13] property. Once the building had been assessed and classified, agency officials from the building's largest federal tenant, GSA, and FPS began developing a plan for security program development and implementation. The program plan included armed contract guards manning magnetometers and X-ray machines, random spot checks of vehicles entering the parking garage, and close monitoring of visitor badges. Additionally, a GSA official said that technology advancement has changed since September 11. The leased building's security program incorporates its newest technology, the E-Pop system. The E-Pop system can be controlled by security officials; in the event of an emergency, it is able to connect to computers in the building and deliver emergency messages communicating evacuation instructions. Furthermore, E-Pop allows tenants to be immediately informed of an incident, thereby increasing their chances of exiting the building safely. The leased building is also considering implementing smart card technology, a building access system that uses plastic identification cards containing an individual's personal and biometric data. This is the same system used at the federal building in New York City. A GSA leasing official stated that ISC's development of leased space security standards, which will be discussed later, has been useful in effectively communicating increased physical security needs to private owners and involving them directly in the process of security program development for their buildings. This official said that the standards have established the credibility and validity of increased security measures, where no or few guidelines existed before. A GSA official said that even though the commercial real estate community in the capital area has become attuned to the needs of the federal government in the post-September 11 security environment, challenges still exist. According to GSA and security officials, one challenge in leasing space in property mixed with federal agency and private sector tenants is incorporating increased security standards while balancing occupants' varying interests and needs. Some private owners and their private sector tenants may not want random car checks conducted or magnetometers placed at the entrances to their buildings because this may, in some way, adversely affect their business. GSA officials also noted that negotiating the need and costs of increased security standards in leased properties is still a significant challenge, as security demands for privately owned buildings are still relatively new. FPS Transfer to DHS Poses a Challenge for GSA: The Homeland Security Act transferred FPS to DHS, effective March 1, 2003.[Footnote 14] FPS's transfer to DHS was intended to improve law enforcement and related security functions by centralizing building security activities with other homeland security functions. Under the act, DHS became responsible for protecting buildings, grounds, and property owned, occupied, or secured by the federal government that are under GSA's jurisdiction, as well as other DHS facilities. A March 2003 operational memorandum of agreement between GSA and DHS made FPS responsible for the same types of security services that FPS provided for GSA properties prior to the transfer to DHS. These include, among other things, performing risk assessments, managing the installation of some security equipment, conducting criminal investigations, and managing the contract guard program.[Footnote 15] Although law enforcement and security related functions were transferred to DHS from GSA, GSA officials said that it still assists FPS and tenant agencies in implementing various security measures that FPS recommends, and incorporating enhanced security measures into new space it constructs or leases. In October 2003, GSA and DHS agreed on a number of interim support services GSA would provide to FPS during the transition in a separate memorandum of agreement. In July 2004, we reported on the challenges FPS was facing related to the transfer, including its expanding homeland security mission and related increase in responsibility; unresolved issues related to how it would be funded, because its funds at that time were tied to the rent GSA charges tenant agencies; and, difficulties with transferring mission-support functions for FPS from GSA to DHS.[Footnote 16] DHS concurred with our findings and related recommendations and agreed to take action. In addition to the challenges facing FPS, our work for this review showed that GSA is facing its own management challenges because it no longer has control over the law enforcement and related security functions of its properties. GSA officials expressed concern about their ability to track security expenditures and stay informed about FPS protection activities in GSA buildings. These officials also expressed concern about not having a formal mechanism for communicating with FPS and for ensuring that FPS is meeting its responsibilities with regard to security enhancements and services. The Deputy Commissioner of GSA's Public Buildings Service said that since the departure of FPS, GSA has had difficulty adjusting to not having responsibility for protecting its own buildings and is still trying to define its overall role in security. This official said that GSA's new role should be that of a coordinator between FPS and the tenant agencies and that GSA was examining the MOU between GSA and DHS to determine if GSA's role and visibility in facility protection could be enhanced. Concerns about the departure of FPS were identified by GSA's Office of the Inspector General (IG) in its August 2004 updated assessment of GSA's major management challenges. The GSA IG identified protection of federal facilities and personnel as one of seven major management challenges facing the agency.[Footnote 17] The GSA IG said that although FPS was transferred to DHS, GSA will have a continual need to closely interact with security personnel due to GSA's mission of housing federal agencies. The GSA IG concluded that ensuring federal employees have a secure working environment and that building assets are adequately safeguarded must remain a primary concern of GSA. Prior to the creation of DHS, we expressed concern about separating security from other real property portfolio functions, such as site location, design, and construction for new federal buildings. Decisions on these factors have implications for what type of security will be necessary and effective.[Footnote 18] We concluded that if DHS was given the responsibility for securing facilities, the role of integrating security with other real property functions would be an important consideration. Given the transfer of FPS to DHS, the range of challenges FPS faces, and the concerns about GSA's new role expressed by GSA officials and the GSA IG, it is critical that GSA be well- equipped to engage in security-related matters given that it is still the owner and landlord of these buildings. However, GSA does not have an organizational unit or mechanism that is directly accountable for security matters, such as a chief security officer position or formal point of contact. Such an officer/official could coordinate GSA's responsibilities related to the safety and security of its facilities, similar to the role fulfilled by Interior's Deputy Assistant Secretary for Law Enforcement and Security and OLES. GSA's Deputy Commissioner for public buildings and other GSA officials who are knowledgeable of security matters said that it would be beneficial for GSA to have a designated position for coordination purposes. Having a chief security officer position for physical assets is recognized in the security industry as essential in organizations with large numbers of mission- critical facilities. According to chief security officer guidelines developed by ASIS International:[Footnote 19] "Traditionally, what has previously been lacking is a single position at the senior governance level having the responsibility for crafting, influencing, and directing an organization-wide protection strategy. In many organizations, accountability is dispersed, possibly among several managers in different departments; with potentially conflicting objectives….the diversity of today's risks comes in a complex matrix of interrelated threats, vulnerabilities, and impacts, the safeguards for which must, therefore, be interdependent. The ability to influence business strategy and address matters of internal risk exposure requires a chief security officer at the appropriate level in the organization." Protecting Government Facilities Is Part of the National Homeland Security Strategy: The National Strategy for the Physical Protection of Critical Infrastructures and Key Assets mentioned earlier has clear implications for GSA and its role as the owner and landlord of federal facilities. The strategy identifies a number of actions intended to improve federal facility protection. These included developing a process to screen nonfederal tenants and visitors entering private sector facilities that house federal organizations, determining the criticality and vulnerability of government facilities, developing long-term construction standards for facilities requiring specialized security measures, and implementing new security technology at federally occupied facilities. GSA Actions in Response to the National Homeland Security Strategy and Other Related Initiatives: GSA has taken a number of positive actions, as follows: * A senior GSA official chaired ISC's working group on security in leasing; after receiving input from ISC member agencies, ISC issued its policy on security standards for leased space in July 2003. * GSA is working with DHS to utilize a risk management process called Federal Security Risk Management (FSRM) for assessing federally owned and leased facilities. * GSA worked with ISC to develop security design criteria and is involved with ISC's ongoing efforts to update the criteria annually. * GSA is working with ISC on several technology-related initiatives, including smart card and biometrics access control technology, nonjersey barrier perimeter protection, and indoor air monitoring systems to prevent uncontrolled movement of toxic air substances. In the area of risk assessment, FPS uses a computer-based methodology that allows FPS to evaluate risk and identify countermeasures on an ongoing basis. FPS is able to use a series of input screens and queries to maintain pertinent data that can be adjusted as threats and vulnerabilities change. The tool allows the user to enter information on each asset, identify existing countermeasures, assign an impact of loss and a vulnerability rating to each threat, and input countermeasure upgrade alternatives and their associated costs. As mentioned earlier, HSPD-7 requires, on an annual basis, that sector- specific agencies report on their efforts to identify, prioritize, and coordinate the protection initiatives in various critical infrastructure sectors. Although GSA was not given responsibility for any of the sectors identified in the directive, all federal departments and agencies are required, under the directive, to develop physical and cyber security plans for the assets they own or operate. However, in a July 2004 letter to the Director of OMB, GSA stated that "no GSA owned or leased space meets the definitions for critical infrastructure and/ or key resources." The letter went on to say that "GSA owns and leases many buildings where important activities take place, but GSA is unable to make a determination as to whether these tenant activities are critical infrastructure." GSA officials said that OMB has not commented on GSA's response to HSPD- 7 regarding a physical security plan. The Executive Director of ISC-- which has responsibility for reviewing agencies' HSPD-7 plans for the administration--said that ISC has not completed its review of agencies' plans, including GSA's response to HSPD-7. We are deferring to ISC on whether GSA's decision not to prepare a physical security plan is reasonable. In the future, a chief security officer position or formal point of contact could aid in determining GSA's involvement in governmentwide critical infrastructure efforts such as HSPD-7. Conclusions: There is a heightened concern that terrorists may again try to exploit the nation's vulnerabilities. In this environment, Interior has a critical role in protecting our national icons and monuments and ensuring the safety of the millions of people who visit them. National icons such as the Statue of Liberty and Mt. Rushmore could be attacked for symbolic reasons. Since September 11, Interior has made significant progress in improving security by doing vulnerability assessments of high-profile sites that are likely targets and implementing various security measures. For example, at the individual icons and monuments we visited, steps clearly had been taken to improve security since September 11, such as the Washington Monument perimeter landscaping project, the Lincoln and Jefferson Memorial security projects, the visitor screening system at the Statue of Liberty, increased staffing at Mt. Rushmore, and the rerouting of Interstate 93 at Hoover Dam. In addition, Interior has made management changes, including creating a central security office, intended to enhance its homeland security initiatives, and has recently developed a uniform risk management methodology for national icons and monuments. These actions should help Interior address the major challenges it faces--which include balancing security and Interior's mission related to access and education; addressing jurisdictional and competing stakeholder issues; securing icons and monuments in rugged, remote areas; and leveraging limited staff and funding resources. As Interior moves forward, it could link the results of its risk assessments and related risk rankings to its security funding priorities. This could allow for well-informed decisions by stakeholders--such as Interior, OMB, and Congress--about where to direct resources so that they have an optimal return on investment in terms of better protection. Also, a set of guiding principles for balancing security with its core cultural and educational mission-- which Interior lacks but other organizations with complex environments have developed--could help in addressing the challenges. A set of guiding principles could provide decision makers and Interior's other stakeholders with greater transparency regarding the rationale for security decisions. An approach with these components should yield results that would allow decision makers both within and external to the department to better gauge and consider competing priorities. Since September 11, security at office buildings has remained a concern, as evidenced by threats revealed by DHS in August 2004 that al Qaeda was targeting several office buildings in New York, northern New Jersey, and Washington, D.C. GSA has taken action to address the challenges it faces as the owner and landlord of federal office buildings. These challenges include balancing security and public access, addressing jurisdictional and competing stakeholder issues, securing federally leased space, and adjusting to the transfer of FPS to DHS. These actions have included working with ISC to develop security standards, continuing with upgrades that GSA began implementing after the Oklahoma City bombing, and establishing a memorandum of agreement with DHS related to FPS. Despite these actions, GSA lacks a mechanism such as a chief security officer position or formal point of contact to coordinate security efforts for its federal office building portfolio. As a result, GSA is less equipped to effectively share information with FPS and tenant agencies, ensure that FPS is fulfilling its responsibilities, track security expenditures, and define its overall role in security--capabilities that GSA officials were concerned the agency was lacking. Recommendations for Executive Action: We are making two recommendations to the Secretary of the Interior and one recommendation to the Administrator of GSA. First, to ensure that useful information is available for decisions on resources for the protection of national icons and monuments, we recommend that the Secretary of the Interior link the results of the agency's risk assessments and related risk rankings to its funding priorities. Second, given the complex nature of the challenges Interior faces in protecting national icons and monuments, the Secretary should also develop guiding principles for balancing security initiatives with Interior's core mission so that decision makers and stakeholders will have a clearer, more transparent understanding of Interior's rationale for security enhancements at individual assets. Regarding GSA, we recommend that the Administrator establish a mechanism--such as a chief security officer position or formal point of contact--that could serve in a liaison role with FPS and tenant agencies, work to address the challenges GSA faces related to security in buildings it owns and leases, and enable GSA to define its overall role in security given the transfer of FPS to DHS. Agency Comments and Our Evaluation: We provided a draft of this report to Interior, GSA, and DHS for their review and comment. Interior did not comment on our conclusions and recommendations. However, Interior provided technical comments, which we incorporated, where appropriate. GSA concurred with the report's overall findings and stated that it concurs with the recommendation and will address it. GSA comments are contained in appendix II. DHS provided technical comments, which we incorporated where appropriate. We are sending copies of this report to the Secretaries of the Interior, Homeland Security, and the Administrator of GSA. Additional copies will be sent to other interested Congressional Committees. We will also make copies available to others upon request. In addition, the report will be available at no charge on the GAO Web site at http://www.gao.gov. If you have any questions regarding this report, please contact me on (202) 512-2834 or at [Hyperlink, goldsteinm@gao.gov]. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are listed in appendix III. Sincerely yours, Signed by: Mark L. Goldstein: Director, Physical Infrastructure Issues: [End of section] Appendixes: Appendix I: Objectives, Scope, and Methodology: Our objectives were to (1) identify any challenges that the Department of the Interior (Interior) faces in protecting national icons and monuments from terrorism, as well as related actions intended to address these challenges, and similarly, (2) determine any challenges the General Services Administration (GSA) faces related to the protection of federal office buildings it owns or leases and the actions that have been taken. To determine what challenges Interior and GSA have faced in their efforts, we interviewed Interior and GSA officials to identify the major challenges, and reviewed available reports and other documents. In addition, in consultation with these officials, we identified sites that are illustrative of these challenges. From the sites identified, we selected five Interior sites and three GSA buildings for further analysis of the challenges. These eight sites were geographically dispersed and represented a range of asset types, including office buildings and national icons in both densely populated and remote areas. The sites included, the Statue of Liberty, New York, NY; Independence National Historical Park, Philadelphia, PA; Mt. Rushmore National Memorial, Keystone, SD; Hoover Dam, Boulder City, NV; the Washington Monument and Lincoln and Jefferson Memorials on the National Mall in Washington, D.C.; and three major facilities in the GSA inventory. Collectively, the sites we selected provided examples of the range of challenges Interior and GSA reported facing. We included the Hoover Dam because, in addition to being a source of hydropower, the dam has iconic status and attracts large numbers of tourists. At each site, we interviewed agency officials with primary responsibility for security implementation, operation, and management. We toured each site and observed the physical environment, the facilities, and the principal security elements to gain firsthand insights on the challenges. Furthermore, we interviewed stakeholders with significant interest in the security program, including the National Parks Conservation Association, the Commission on Fine Arts, the National Capital Planning Commission, Independence Mall Business and Residents Coalition, the National Coalition to Save our Mall, the U.S. Marshals Service, a charitable organization, and local government and law enforcement officials. We collected documents, when available, that contained site-specific information on security plans, policies, procedures, budgets and staffing. Finally, we considered prior GAO work on challenges in facility protection and security. To determine what actions have been taken by Interior and GSA to address its challenges, we collected and analyzed documents from, and conducted interviews with Interior and GSA officials. The documents collected provided information on these agencies' past and present security plans, policies and procedures, organizational structures, funding and staffing. The interviews included officials from GSA's Public Building Services and Interior's Office of Law Enforcement and Security, National Park Service, and Bureau of Reclamation. We also interviewed officials from the Federal Protective Service, which is part of DHS and protects leased and owned GSA facilities. We reviewed relevant laws and guidance including the Homeland Security Act of 2002, the Federal Property and Administrative Services Act of 1949, and the Interagency Security Committee Security Standards for Leased Space. Additionally, we reviewed other pertinent reports, including the National Strategy for Homeland Security[Footnote 20] and the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets.[Footnote 21] We also considered past GAO work related to facility protection and security issues at Interior and GSA, as well as broader GAO work on homeland security issues. Agency officials and the representatives of stakeholder organizations provided much of the data and other information used in this report. In cases where officials provided their views and opinions within the context that they were speaking for their organization, we corroborated the information with other officials. We requested official comments on this report from Interior, GSA, and DHS. [End of section] Appendix II: Comments from the General Services Administration: GSA Administrator: May 5, 2005: The Honorable David M. Walker: Comptroller General of the United States: Government Accountability Office: Washington, DC 20548: Dear Mr. Walker: The General Services Administration (GSA) appreciates this opportunity to submit agency comments on the Government Accountability Office (GAO) "Draft Report to the Chairman, Committee on Government Reform, U.S. House of Representatives, Homeland Security. Actions Needed to Better Protect National Icons and Federal Office Buildings from Terrorism," GAO-05-367 (Draft Report). We agree with the draft report's findings and recommendation concerning the challenges GSA faces related to security in owned and leased buildings. GSA shares GAO's concern about separating security from other real property functions, such as site location, design, and construction for new Federal buildings. We will continue to work closely with the Federal Protective Service (FPS) in the Department of Homeland Security (DHS) to protect Federal facilities and personnel. We will address GAO's recommendation that GSA establish a mechanism-such as a chief security officer position or formal point of contact-that could serve in a liaison role with FPS and tenant agencies, work to address the challenges GSA faces related to security in buildings under its custody and control, and enable GSA to define its overall role in security given the transfer of FPS to DHS. If you have any questions or concerns, please contact me. Staff inquiries may be directed to Mr. Anthony E. Costa, Deputy Commissioner, Public Buildings Service, at (202) 501-1100. Sincerely, Signed by: Stephen A. Perry: Administrator: U.S. General Services Administration: 1800 F Street, NW: Washington, DC 20405-0002: Telephone: (202) 501-0800: Fax: (202) 219-1243: www.gsa.gov: [End of section] Appendix III: GAO Contact and Acknowledgments: GAO Contact: Mark Goldstein (202) 512-2834: Staff Acknowledgments: In addition to those individuals named above, David Sausville, Casey Brown, Matt Cail, Erika Carter, Roshni Davé, Daniel Hoy, Anne Izod, Donna Leiss, and Susan Michal-Smith were key contributors to this report. (543134): FOOTNOTES [1] GAO, Homeland Security: Transformation Strategy Needed to Address Challenges Facing the Federal Protective Service, GAO-04-537 (Washington, D.C.: July 14, 2004); GAO, Homeland Security: Further Actions Needed to Coordinate Federal Agencies' Facility Protection Efforts and Promote Key Practices, GAO-05-49 (Washington, D.C.: Nov. 30, 2004). [2] U.S. Department of the Interior, Office of the Inspector General, Review of National Icon Park Security, Report 2003-I-0063 (Washington, D.C.: August 2003). [3] As we reported in GAO, Homeland Security: Communication Protocols and Risk Communication Principles Can Assist in Refining the Advisory System, GAO-04-682 (Washington, D.C.: June 2004), the Homeland Security Advisory System is composed of five color-coded threat conditions, which represent levels of risk related to potential terror attack. Red is severe, orange high, yellow elevated, blue guarded, and green low. [4] 2003-I-0063. [5] The President of the United States, National Strategy for Homeland Security (Washington, D.C.: July 2002). [6] The President of the United States, National Strategy for the Physical Protection of Critical Infrastructures and Key Assets (Washington, D.C.: February 2003). [7] GAO, Combating Terrorism: Evaluation of Selected Characteristics in National Strategies Related to Terrorism, GAO-04-408T (Washington, D.C.: Feb. 3, 2004). [8] Homeland Security Presidential Directive Number 7, Critical Infrastructure Identification, Prioritization, and Protection (Washington, D.C.: Dec. 17, 2003). [9] U.S. Department of the Interior, Office of Inspector General, Disquieting State of Disorder: An Assessment of Department of the Interior Law Enforcement, Report 2002-I-0014 (Washington, D.C.: January 2002). [10] 2002-I-0014. [11] President's Commission on the United States Postal Service, Embracing the Future: Making the Tough Choices to Preserve Universal Mail Service (Washington, D.C.: July 31, 2003). [12] Public Works and Government Services Canada, A Legacy for Future Generations: The Long-Term Vision and Plan for the Parliamentary Precinct. [13] According to Department of Justice standards, a Level IV facility has over 450 federal employees. In addition, the facility likely has more than 150,000 square feet; a high volume of public contact; and tenant agencies that may include high-risk law enforcement and intelligence agencies, courts, judicial offices, and highly sensitive government records. [14] Executive Order 13286 dated February 28, 2003, amended numerous executive orders to reflect the transfer of certain functions and responsibilities to the Secretary of Homeland Security. Section 23 of the Executive Order transferred the ISC chairmanship responsibility from GSA to DHS. [15] As of September 30, 2003, FPS had approximately 1,100 uniformed officer full-time equivalents and 13,000 contract guards to protect GSA- owned or-occupied facilities. [16] GAO-04-537. [17] General Services Administration, Office of the Inspector General, Updated Assessment of GSA's Major Management Challenges (Washington, D.C.: August 2004). The other major management challenges the IG identified were procurement activities, contract management, information technology, management controls, aging federal buildings, and human capital. [18] GAO, Building Security: Security Responsibilities for Federally Owned and Leased Facilities, GAO-03-8 (Washington, D.C.: Oct. 31, 2002). [19] ASIS International has over 33,000 security industry members and according to its Web site is the preeminent international organization for professionals responsible for security, including managers and directors of security. [20] The President of the United States, National Strategy for Homeland Security (Washington, D.C.: July 2002). [21] The President of the United States, National Strategy for the Physical Protection of Critical Infrastructures and Key Assets, (Washington, D.C.: February 2003). GAO's Mission: The Government Accountability Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site ( www.gao.gov ) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select "Subscribe to e-mail alerts" under the "Order GAO Products" heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: