<DOC> [107th Congress House Hearings] [From the U.S. Government Printing Office via GPO Access] [DOCID: f:85838.wais] ENSURING THE SAFETY OF OUR FEDERAL WORKFORCE: GSA'S USE OF TECHNOLOGY TO SECURE FEDERAL BUILDINGS ======================================================================= HEARING before the SUBCOMMITTEE ON TECHNOLOGY AND PROCUREMENT POLICY of the COMMITTEE ON GOVERNMENT REFORM HOUSE OF REPRESENTATIVES ONE HUNDRED SEVENTH CONGRESS SECOND SESSION __________ APRIL 25, 2002 __________ Serial No. 107-180 __________ Printed for the use of the Committee on Government Reform Available via the World Wide Web: http://www.gpo.gov/congress/house http://www.house.gov/reform ______ 85-838 U.S. GOVERNMENT PRINTING OFFICE WASHINGTON : 2003 ____________________________________________________________________________ For Sale by the Superintendent of Documents, U.S. Government Printing Office Internet: bookstore.gpr.gov Phone: toll free (866) 512-1800; (202) 512ÿ091800 Fax: (202) 512ÿ092250 Mail: Stop SSOP, Washington, DC 20402ÿ090001 COMMITTEE ON GOVERNMENT REFORM DAN BURTON, Indiana, Chairman BENJAMIN A. GILMAN, New York HENRY A. WAXMAN, California CONSTANCE A. MORELLA, Maryland TOM LANTOS, California CHRISTOPHER SHAYS, Connecticut MAJOR R. OWENS, New York ILEANA ROS-LEHTINEN, Florida EDOLPHUS TOWNS, New York JOHN M. McHUGH, New York PAUL E. KANJORSKI, Pennsylvania STEPHEN HORN, California PATSY T. MINK, Hawaii JOHN L. MICA, Florida CAROLYN B. MALONEY, New York THOMAS M. DAVIS, Virginia ELEANOR HOLMES NORTON, Washington, MARK E. SOUDER, Indiana DC STEVEN C. LaTOURETTE, Ohio ELIJAH E. CUMMINGS, Maryland BOB BARR, Georgia DENNIS J. KUCINICH, Ohio DAN MILLER, Florida ROD R. BLAGOJEVICH, Illinois DOUG OSE, California DANNY K. DAVIS, Illinois RON LEWIS, Kentucky JOHN F. TIERNEY, Massachusetts JO ANN DAVIS, Virginia JIM TURNER, Texas TODD RUSSELL PLATTS, Pennsylvania THOMAS H. ALLEN, Maine DAVE WELDON, Florida JANICE D. SCHAKOWSKY, Illinois CHRIS CANNON, Utah WM. LACY CLAY, Missouri ADAM H. PUTNAM, Florida DIANE E. WATSON, California C.L. ``BUTCH'' OTTER, Idaho STEPHEN F. LYNCH, Massachusetts EDWARD L. SCHROCK, Virginia ------ JOHN J. DUNCAN, Jr., Tennessee BERNARD SANDERS, Vermont ------ ------ (Independent) Kevin Binger, Staff Director Daniel R. Moll, Deputy Staff Director James C. Wilson, Chief Counsel Robert A. Briggs, Chief Clerk Phil Schiliro, Minority Staff Director Subcommittee on Technology and Procurement Policy THOMAS M. DAVIS, Virginia, Chairman JO ANN DAVIS, Virginia JIM TURNER, Texas STEPHEN HORN, California PAUL E. KANJORSKI, Pennsylvania DOUG OSE, California PATSY T. MINK, Hawaii EDWARD L. SCHROCK, Virginia Ex Officio DAN BURTON, Indiana HENRY A. WAXMAN, California Melissa Wojciak, Staff Director Victoria Proctor, Professional Staff Member Teddy Kidd, Clerk Mark Stephenson, Minority Professional Staff Member C O N T E N T S ---------- Page Hearing held on April 25, 2002................................... 1 Statement of: Rhodes, Keith A., Chief Technologist, U.S. General Accounting Office; F. Joseph Moravec, Commissioner, Public Buildings Service, U.S. General Services Administration; Wendell Shingler, Director, Federal Protective Service, U.S. General Services Administration; John N. Jester, Chief, Defense Protective Service, Department of Defense; Frank R. Abram, general manager, Security Systems Group, Panasonic Digital Communications & Security Co.; and Roy N. Bordes, president/CEO, the Bordes Groups, Inc., and council vice president, American Society for Industrial Security........ 5 Letters, statements, etc., submitted for the record by: Abram, Frank R., general manager, Security Systems Group, Panasonic Digital Communications & Security Co., prepared statement of............................................... 56 Bordes, Roy N., president/CEO, the Bordes Groups, Inc., and council vice president, American Society for Industrial Security, prepared statement of............................ 69 Davis, Hon. Thomas M., a Representative in Congress from the State of Virginia, prepared statement of................... 3 Jester, John N., Chief, Defense Protective Service, Department of Defense, prepared statement of............... 50 Moravec, F. Joseph, Commissioner, Public Buildings Service, U.S. General Services Administration, prepared statement of 37 Rhodes, Keith A., Chief Technologist, U.S. General Accounting Office, prepared statement of.............................. 9 ENSURING THE SAFETY OF OUR FEDERAL WORKFORCE: GSA'S USE OF TECHNOLOGY TO SECURE FEDERAL BUILDINGS ---------- THURSDAY, APRIL 25, 2002 House of Representatives, Subcommittee on Technology and Procurement Policy, Committee on Government Reform, Washington, DC. The subcommittee met, pursuant to notice, at 2 p.m., in room 2154, Rayburn House Office Building, Hon. Thomas M. Davis (chairman of the subcommittee) presiding. Present: Representatives Thomas Davis, Jo Ann Davis and Turner. Staff present: George Rogers, Chip Nottingham, and Uyen Dinh, counsels; Victoria Proctor, professional staff member; John Brosnan, consultant; Teddy Kidd, clerk; Mark Stephenson, minority professional staff member; and Jean Gosa, minority assistant clerk. Mr. Tom Davis of Virginia. We are going to be voting in about 5 or 10 minutes, so I want to try and get the opening statements out of the way so when we come back we can hear from you. I apologize for that. I think once we start the hearing it will go pretty quickly, but at least let's get the politicians out of it so we can get to the experts. Good afternoon. I would like to welcome everybody to today's oversight hearing on the General Services Administration's efforts to secure Federal buildings that it owns and leases. We will discuss the advantages and disadvantages of using commercially available security technologies in Federal facilities and the potential concerns that may arise from their implementation. GSA acts as the Federal Government's property manager and is responsible for ensuring the safety and security of the Federal buildings it owns and leases. After the Oklahoma City bombings in 1995, GSA began a multi-million-dollar program to upgrade the security of its buildings using the criteria in the Justice Department's report titled ``Vulnerability Assessment of Federal Facilities.'' This was the first time that governmentwide security standards were established for public buildings. The terrorist attacks of September 11th have led to a renewed assessment of the vulnerability of Federal buildings and focus on a new array of security threats. The acquisition of technological upgrades and new technologies are part of the broader effort to combat these threats. And the effective use of these technologies will be critical to our success. Today, we are going to examine what role technology plays in the security initiatives that GSA is currently implementing in order to protect Federal buildings and the employees who work in them. We will also try to ascertain what barriers may exist in obtaining and implementing the most appropriate and effective technologies. Since September 11th, life is returning to normal for most Americans. However, for Federal employees, the effects of the attacks are ever present since Federal buildings remain at a heightened state of alert. In fact, each time there has been a terrorist attack on the United States over the last several years, we have seen a visible security increase in and around Federal buildings. Barricades, metal detectors, car searches, ID checks and security cameras have become familiar sights for the average Federal employee. These new and upgraded security products and services are used to protect employees and visitors, restrict access or detect intruders in Federal facilities. However, their implementation raises a number of concerns. We need to ensure that Federal agencies can achieve a secure work environment while still maintaining an atmosphere of openness. Furthermore, can advances in technology offer increased security with limited intrusiveness and inconvenience to employees and visitors? For instance, at the Capitol complex, there are elaborate procedures in place to examine packages sent to congressional offices. We reject courier deliveries for safety reasons. Overnight deliveries become over-a-week deliveries. Obviously, this poses an inconvenience to both recipient and sender. Not just an inconvenience, it is a very inefficient way of doing things. It even affected one of our witnesses testifying today. GSA must grapple with these same concerns. Additionally, Federal agencies have spent significant sums of money improving security measures, particularly in the wake of September 11th. Since the price for a single type of technology can vary widely, agencies must balance costs against the quality of proven security products and services. There is no question that the Federal Government is capable of providing security. We know we can use brute force to keep people and packages out of buildings. We did it immediately after September 11th. But our real objective should be the utilization of visible and discreet technologies to provide adequate security, thus allowing the government to work effectively and efficiently with minimal disruption, inconvenience and invasiveness. I understand the sensitive nature of this issue for security professionals. Therefore, I appreciate your willingness and the willingness of our witnesses to testify before our subcommittee today. [The prepared statement of Hon. Thomas M. Davis follows:] [GRAPHIC] [TIFF OMITTED] T5838.001 [GRAPHIC] [TIFF OMITTED] T5838.002 Mr. Tom Davis of Virginia. The subcommittee is going to hear from Keith Rhodes, the Chief Technologist at the General Accounting Office; F. Joseph Moravec, the Commissioner of Public Buildings Service from the General Services Administration; GSA supporting witness Wendell Shingler, Director of the Federal Protective Service; John N. Jester, Chief of Defense Protective Services, Department of Defense; Frank R. Abram, the general manager of the Security System Group; and Roy N. Bordes, the president and CEO of the Bordes Group and council vice president of the American Society for Industrial Security. I ask unanimous consent they be permitted to participate in today's hearing. Without objection, it will be so ordered. Representative Turner has not arrived here yet, and I will interrupt statements when at he comes so he can make a statement. But I would like to call our panel of witnesses. As you know, it is the policy of our committee that all witnesses be sworn before they can testify. If you would rise with me and raise your right hand. [Witnesses sworn.] Mr. Tom Davis of Virginia. Be seated. To afford sufficient time for questions, the witnesses will please limit themselves to no more than 5 minutes for any statement. All written statements from witnesses will be made part of the permanent record. I think I would like to start with Mr. Rhodes and then move straight down to Mr. Moravec, Mr. Jester, Mr. Abram, Mr. Bordes. Thank you for being with us. STATEMENTS OF KEITH A. RHODES, CHIEF TECHNOLOGIST, U.S. GENERAL ACCOUNTING OFFICE; F. JOSEPH MORAVEC, COMMISSIONER, PUBLIC BUILDINGS SERVICE, U.S. GENERAL SERVICES ADMINISTRATION; WENDELL SHINGLER, DIRECTOR, FEDERAL PROTECTIVE SERVICE, U.S. GENERAL SERVICES ADMINISTRATION; JOHN N. JESTER, CHIEF, DEFENSE PROTECTIVE SERVICE, DEPARTMENT OF DEFENSE; FRANK R. ABRAM, GENERAL MANAGER, SECURITY SYSTEMS GROUP, PANASONIC DIGITAL COMMUNICATIONS & SECURITY CO.; AND ROY N. BORDES, PRESIDENT/ CEO, THE BORDES GROUPS, INC., AND COUNCIL VICE PRESIDENT, AMERICAN SOCIETY FOR INDUSTRIAL SECURITY Mr. Rhodes. Mr. Chairman and members of the subcommittee, thank you for inviting me to participate in today's hearing on security technology to protect Federal facilities. As you stated, the terrorist attacks of September 11th on the World Trade Center and the Pentagon have intensified concerns about the physical security of our Federal buildings and the need to protect those who work in and visit these facilities. These concerns have been underscored by reports of long-standing vulnerabilities, including weak controls over building access. As you requested, today I will discuss commercially available security technologies that can be deployed to protect these facilities, ranging from turnstiles to smart cards to biometric systems. While many of these technologies can provide highly effective technical controls, the overall security of a Federal building will hinge on establishing robust risk management processes and implementing the three integral concepts of a holistic security process: protection, detection and reaction. The 1995 domestic terrorist bombing of the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma, led to the establishment of governmentwide minimum standards for security at all Federal facilities. Among the minimum standards for buildings of a higher risk level are security technologies including closed circuit television surveillance cameras, intrusion detection systems with central monitoring capability and metal detectors and x-ray machines to screen people and their belongings at entrances to Federal buildings. While minimum standards are necessary, no one should assume a false sense of security. Security is not perfect, as evidenced by testing. The GAO's Office of Special Investigations has done, in ongoing requests from Congress, testing the effectiveness of security at Federal buildings. The key here is risk management. Risk management is the foundation of effective security. In risk management, there are basically five seemingly simple questions that are rather complex to answer. First question is, what am I protecting? That is, what is the asset I am protecting and how am I valuing it? What would the impact be of its loss? Who are my adversaries? I have to figure out who my opponent is, do I have an adversary, does that adversary have the ability to attack me, and does the adversary have the intent to attack me. How am I vulnerable? This is where GAO's Office of Special Investigations work comes in, from our standpoint, in that we go out and test the security of Federal facilities to see how they are vulnerable. What are my priorities? Priorities are what do I want to protect first, second, third and last; and what can I do is actually a two-step question. The first part of the question of what I can do is, what are the countermeasures I can put in place to protect the environment? The second is, what can I afford to do? All of these questions have to be set up in a structure of protection, detection and reaction. Protection is the actual physical protection of the facility, talking about turnstiles and guards and Jersey barriers and things like that as well as access control. Detection is, once those systems have been breached, how do I know that they have been breached? What is going to let me know that something has gotten through the system without authorization? And reaction is, how is the organization established and how is security established in order to react to breach of security? One point I would like to make is that reaction--if reaction does not culminate in the use of a guard or a human being, the reaction has been proven to be ineffective. If people here fire an alarm but the fire department doesn't show up, that is ineffective reaction. Likewise, if someone breaks into a building or tries to break into a building and guards do not respond, that is also ineffective reaction. In looking at the technology itself, technology breaks down into three basic areas: access control, detection and intrusion detection. Detection in this case is detection of weapons or explosives or contraband of some kind. In the area of access control, there are biometrics. Biometrics are items that belong--that are on a human being himself or herself--a fingerprint, hand geometry, scan of the retina or a scan of the iris, facial recognition, trying to figure out the facial geometry, speaker recognition, voice pattern recognition or signature recognition. These are considered things--because they are biometric, these are things that someone cannot lose. They always have them with them. The second step in access control is an access card. First part of that is a magnetic swipe using something that looks like a credit card with a magnetic strip on it. You run it through a mag swipe reader and grants you access. Usually, that is associated with the application of a four-digit personal ID number. There are also proximity cards which have a little wireless communication in it. You get near the proximity reader and the reader will either grant you access or not. Then, finally, there are smart cards. Smart cards have embedded integrated circuits, actual computer chips in them that contains a wide range of information associated about the individual--access level. It will also give people particular access to rooms. Associated with access control, there is usually a key pad entry system which looks like a digital phone face, usually has ten numbers or nine numbers on it and a send key. You put in your four-digit personal identification number or however long the ID number is and hit enter and then a door may open. However, these biometric devices do need to be associated with an access barrier. It is not any good if I can walk by a proximity reader and just keep walking. There has to be something to stop me from getting in. These are usually turnstiles or can be revolving doors. Next area is detection. This is what most people end up going through at airports. You come in and you walk through a magnatometer, a metal detector. Metal detector will find out if you have any metal on you. If you have metal on you that reaches a certain threshold set by the turnstile or by the magnatometer, then they will order a secondary check. X-ray machines, this is probably familiar to everyone at airports. Also when your bag passes through an x-ray machine so they can look either for weapons or they can look for explosives or they can look for sharp objects in your bag. Finally, there are explosive detectors. Sometimes when I have gone to the airport, for example, and gone on an overnight trip somewhere, they have taken my bag and you will see sometimes they will wipe a swab on the strap of the bag and run into a system that checks for evidence of explosive material. Then, finally, there is intrusion detection, which focuses mainly on closed circuit television or intrusion sensors that track motion. All of these technologies are available today. Some are varying quality. Some, as you pointed out, Mr. Davis, can be extremely expensive. But no one of the technologies is going to solve all the access control problems or security problems, and technology alone is not going to be the only thing that we can apply to secure a facility. We have to have human beings in the loop who can respond. All of these must work together. Some of the limitations of the technology are, of course, technology can't compensate for human failure or ineffective security processes. Training of security personnel is vital. The training of the personnel is vital, and the retention of the personnel is vital. Very often, the government ends up being the great training ground for other organizations. We train security personnel in the military and we train security personnel through GSA or other government organizations only to lose them to either other departments and agencies in the government or we lose them to the private sector. Technology can also be overestimated. There has to be a healthy ``buyer beware'' in terms of the viability of the technology. But this is also two-way. Technology bought without an understanding of a department or agency's requirements for security is not the vendor's fault. If the department or agency hasn't laid out their requirements properly and they have just gone and bought technology when they saw what they considered to be an ill-defined problem, then it is not the vendor's fault that the technology does not work. Likewise, if they do establish good requirements and they haven't tested the equipment properly, that is also a problem. Sometimes a nontechnical solution may be best. Sometimes dogs can sniff out bombs better than technology. Lack of standards also impedes system integration. A lot of these devices are built by different companies, and therefore it's difficult to integrate the information together into a single system. And, as you pointed out, there are concerns by the user population about the personal intrusion on their privacy in the use of this technology. For example, just as a side comment before I close, fingerprint technology, even though it's probably the most robust biometric device is resisted by the majority of the population because it's association with law enforcement fingerprinting. So there are nonobvious resistance indicators to the technology. To close, I would just point out that there are a myriad of technologies available. However, if these technologies are--if the requirements for security are not clearly understood by the department or agency, then the benefits of the technology are overcome. Thank you very much, and I await any questions from the committee. Mr. Tom Davis of Virginia. Thank you very much. [The prepared statement of Mr. Rhodes follows:] [GRAPHIC] [TIFF OMITTED] T5838.003 [GRAPHIC] [TIFF OMITTED] T5838.004 [GRAPHIC] [TIFF OMITTED] T5838.005 [GRAPHIC] [TIFF OMITTED] T5838.006 [GRAPHIC] [TIFF OMITTED] T5838.007 [GRAPHIC] [TIFF OMITTED] T5838.008 [GRAPHIC] [TIFF OMITTED] T5838.009 [GRAPHIC] [TIFF OMITTED] T5838.010 [GRAPHIC] [TIFF OMITTED] T5838.011 [GRAPHIC] [TIFF OMITTED] T5838.012 [GRAPHIC] [TIFF OMITTED] T5838.013 [GRAPHIC] [TIFF OMITTED] T5838.014 [GRAPHIC] [TIFF OMITTED] T5838.015 [GRAPHIC] [TIFF OMITTED] T5838.016 [GRAPHIC] [TIFF OMITTED] T5838.017 [GRAPHIC] [TIFF OMITTED] T5838.018 [GRAPHIC] [TIFF OMITTED] T5838.019 [GRAPHIC] [TIFF OMITTED] T5838.020 [GRAPHIC] [TIFF OMITTED] T5838.021 [GRAPHIC] [TIFF OMITTED] T5838.022 [GRAPHIC] [TIFF OMITTED] T5838.023 [GRAPHIC] [TIFF OMITTED] T5838.024 [GRAPHIC] [TIFF OMITTED] T5838.025 [GRAPHIC] [TIFF OMITTED] T5838.026 [GRAPHIC] [TIFF OMITTED] T5838.027 [GRAPHIC] [TIFF OMITTED] T5838.028 Mr. Tom Davis of Virginia. Our mystery as to where Mr. Turner is has been solved. He has been on the floor arguing an amendment. So he has an excused absence until he gets here. Mr. Moravec. Mr. Moravec. Good afternoon, Mr. Chairman, and members of the subcommittee. I am Joe Moravec, Commissioner of the Public Buildings Service [PBS] at the General Services Administration [GSA]. I am pleased to appear before you today to provide information on GSA's program to secure Federal buildings that it owns or leases with a focus on the technologies necessary to achieve GSA's security objectives. The mission of GSA's Public Buildings Service is to provide a superior workplace for the Federal worker and, at the same time, superior value for the American taxpayer. We design, build, and manage about 340 million square feet of work space for over a million Federal associates in about 8,000 buildings in 1,600 American communities across the country. PBS's Federal Protective Service [FPS] provides security and law enforcement services for all of the buildings we own and lease. Our security philosophy is based on the premise that each facility presents a unique set of security and safety challenges. The mission of the Federal Protective Service is to enable Federal agencies and members of the public to conduct their business in a safe and secure environment. FPS is comprised of Police Officers, Criminal Investigators, Physical Security Specialists and Contract Guards. We work collaboratively with Federal customers across the Nation to ensure that effective security procedures are in place for the safety of all occupants in and visitors to GSA- controlled facilities. We work to identify and reduce the threat to Federal property through the application of a program that employs law enforcement, criminal intelligence gathering and sophisticated countermeasures. I prepared detailed answers to each of the questions to your letter of invitation, and I would like to submit them for the record. Let me summarize the theme of the responses. Since September 11th, our security needs and response to threats have changed. Prior to September 11th, our greatest threat was perceived to be a vehicular bomb that could result, as in the case of Oklahoma City, in the total collapse of a building. September 11th made us realize that the universe of threats we face has expanded and the mentality of those who wish to do us harm is even more dangerous than we'd imagined. We now must be prepared not only for truck bombs but also for chemical and biological weapons and weapons of mass destruction delivered by individuals who have no regard for human lives, including their own. In response to this, we have enhanced a number of efforts to protect our properties and the people housed in them. First, foreknowledge--knowledge of an imminent threat--is the best security measure. We are now working with the FBI, CIA and State and local law enforcement agencies in sharing of intelligence information that enables us to better assess the credibility of threats. We have expanded our training and physical security, ensuring that our security professionals are trained and kept current in the latest technologies and have access to the necessary intelligence information needed to develop specific countermeasures tailored to each facility. Each facility in the tenant agency operation is analyzed individually. Countermeasures are now building specific. We have also increased our ability to assess the effectiveness of a range of countermeasures that include building design modifications, site modifications, increased guard services and new technologies. Our threat assessment methodology for each building enables us to create a set of countermeasures designed to reduce the threat at that building. We also have increased our outreach to our Federal agency customers and to our GSA associates. They are our eyes and ears in the counterterrorism campaign. We conduct awareness briefings, have distributed pamphlets on keeping our building safe and on how to respond to suspicious acts. Our customers and associates have become vital and vocal members of each Building Security Committee. Finally, we know that processes and technologies are only as good as the people who follow or use them. We must maintain a well-trained and experienced law enforcement work force. We are exploring legislative and administrative options to help ensure we will continue to have a well-trained and stable work force capable of providing the necessary level of security needed to protect our facilities. Our goal is the safety and security for everyone in GSA- controlled space. We can only accomplish this goal through the use of technology, deployment of trained law enforcement professionals and contract guards, partnering with our fellow Federal, State and local law enforcement agencies and, perhaps most importantly, by encouraging all our associates to move to a higher sustainable level of alert, awareness and vigilance. Combining all of these will ensure that we can achieve a proper balance of openness and security in Federal facilities across the Nation. This concludes my prepared statement, Mr. Chairman. I have attached my statement and answers to issues raised by the subcommittee. I will be pleased to answer any questions that you or other members of the subcommittee may have on this matter. [The prepared statement of Mr. Moravec follows:] [GRAPHIC] [TIFF OMITTED] T5838.029 [GRAPHIC] [TIFF OMITTED] T5838.030 [GRAPHIC] [TIFF OMITTED] T5838.031 [GRAPHIC] [TIFF OMITTED] T5838.032 [GRAPHIC] [TIFF OMITTED] T5838.033 [GRAPHIC] [TIFF OMITTED] T5838.034 [GRAPHIC] [TIFF OMITTED] T5838.035 [GRAPHIC] [TIFF OMITTED] T5838.036 [GRAPHIC] [TIFF OMITTED] T5838.037 [GRAPHIC] [TIFF OMITTED] T5838.038 [GRAPHIC] [TIFF OMITTED] T5838.039 [GRAPHIC] [TIFF OMITTED] T5838.040 Mr. Tom Davis of Virginia. I think we will continue and probably can get a couple more testimonies before we go over to vote. Mr. Jester. Mr. Jester. Thank you, Mr. Chairman. Thank you for this opportunity to report to you on the Department of Defense's efforts to secure its federally owned and leased office buildings. As the Chief of the Defense Protective Service, I manage an organization responsible for providing force protection, security and law enforcement for the employees, facilities, infrastructure and other sources at the Pentagon and other DOD- occupied buildings in the national capital region. Although there are considerable challenges, I am pleased to report that we have made tremendous progress before and after the September 11th terrorist attacks. Moving beyond traditional guard forces and electronic alarm systems, we are executing a comprehensive force protection program that will provide enhanced protection for DOD employees, property and operations occupying leased and owned facilities. Leased facilities do present unique challenges for security. However, we are making every effort to ensure the safety and security of DOD agencies in leased buildings. In addition to the basic technologies that have been used to control access and detect explosives, we are beginning to use existing and new technology in several areas, notably in our chemical, biological and radiological program. While technology is providing many tools to augment our security forces, we have not forgotten security principles such an emergency planning, exercises and drills and work force awareness. These basic measures were critical components in our response to the terrorist attack at the Pentagon. I prepared specific written responses to your questions submitted to me and submitted those to your staff. That concludes my written response. Thank you. Mr. Tom Davis of Virginia. Thank you very much. [The prepared statement of Mr. Jester follows:] [GRAPHIC] [TIFF OMITTED] T5838.041 [GRAPHIC] [TIFF OMITTED] T5838.042 [GRAPHIC] [TIFF OMITTED] T5838.043 [GRAPHIC] [TIFF OMITTED] T5838.044 Mr. Tom Davis of Virginia. Mr. Abram. Mr. Abram. Mr. Chairman and members of this subcommittee, thank you very much for inviting me to testify before you today on new surveillance technologies available to protect Federal buildings. I am Frank Abram, General Manager of the Security and Vision Systems Group of Panasonic Digital Communications and Security Co., a leading supplier of security systems to both the U.S. Government and private industry. The security industry landscape has changed dramatically over recent years. Technology has progressed more in the last 5 years than it has in previous decades. Categorically, the two product classifications showing the most significant growth are video surveillance and access control. Today, I would like to provide you with a brief overview of some of the new technologies and comment on how the security industry can work with the U.S. Government to implement them. With the introduction of the first Digital Signal Processing cameras in the late 1980's, the performance of video surveillance took a quantum leap forward. Since then, video surveillance cameras have continued to evolve with each new generation. Perhaps the most significant development in this area has been the introduction of Super Dynamic II technology. SDII provides a video acquisition method that most closely simulates how the human eye detects and processes light. This technology provides a cost-effective solution to one of the most prevalent problems facing video surveillance system designers and installers--extreme light contrast within a scene. Today, SDII cameras are employed in a number of high-profile government facilities such as our embassies and consulates and the Federal Aviation Administration simply because of their light-sensing capabilities. New recording technology is also available. The proliferation of high-capacity hard drives has enabled video manufacturers to incorporate this reliable medium in a new generation of digital recorders specifically designed for security operations. In addition to their digital recording superiority, hard drive recorders incorporate numerous digital features that further enhance their utility beyond the traditional VCRs such as their ability to send images via the network. One of the security industry's greatest challenges has long been personnel authentication, since traditional forms of identification and access control can easily be replicated loss or stolen. The introduction of easily deployed biometric systems are alleviating these problems, because biometrics are virtually impossible to replicate. This is particularly true of one of the newest biometric technologies, iris recognition. Over the past year, iris recognition systems have become more affordable and practical for a wide range of access control and cyber security applications. These systems will provide added security with little or no inconvenience when entering a facility or accessing a computer terminal. With access control more of a concern than ever before, biometrics and iris recognition technology in particular can play an increasing role in homeland defense strategies. I believe budget and education are the two most common factors that constrain security operations by government facilities. Additionally, security personnel in Federal agencies and in general find it difficult to keep pace with today's rapid development of new surveillance and security technologies. Manufacturers of surveillance and security systems equipment can help alleviate these constraints by providing more education opportunities through the government. By keeping government security personnel appraised of new technology developments, we can foster the intelligent deployment of new systems technology where it is most needed. Another problem that has hampered the wide area of modernization of security in Federal buildings is the lack of set standards. One of the priorities for securing Federal buildings should be the establishment of a set of standards that clearly outlines the security measures to be taken. This will help assure minimal levels of security at each and every facility and bring attention to present deficits. The standard should also include more thorough specifications to assure greater levels of performance, compatibility and future system expansion. Thank you again for this opportunity to share with you my perspectives. I look forward to answering any questions you may have regarding security technologies or my comments on the way the Government may better secure its buildings. [The prepared statement of Mr. Abram follows:] [GRAPHIC] [TIFF OMITTED] T5838.045 [GRAPHIC] [TIFF OMITTED] T5838.046 [GRAPHIC] [TIFF OMITTED] T5838.047 [GRAPHIC] [TIFF OMITTED] T5838.048 [GRAPHIC] [TIFF OMITTED] T5838.049 [GRAPHIC] [TIFF OMITTED] T5838.050 [GRAPHIC] [TIFF OMITTED] T5838.051 [GRAPHIC] [TIFF OMITTED] T5838.052 [GRAPHIC] [TIFF OMITTED] T5838.053 [GRAPHIC] [TIFF OMITTED] T5838.054 Mr. Tom Davis of Virginia. Thank you. Mr. Bordes, if we can try to get you in, if you can do it in about 4 minutes, we can get all the testimony out of the way and come back for questions. Mr. Bordes. I'll try, sir. Good afternoon, Mr. Chairman, members of the subcommittee and distinguished guests. I would like to take this opportunity to thank you for allowing me to present this information on behalf of the private security industry and as a member of the American Society for Industrial Security. As a professional security consultant working in the private sector, I have over 25 years experience in the disciplines of threat analysis and countermeasures design. ASIS, with more than 32,000 members, is a preeminent international organization for security professionals. We have chapters in almost every country in the free world. There are three subjects I would like to address in today's presentation. The first will be how the private sector evaluates threat vulnerabilities and ultimately selects countermeasures to protect assets. Second, I will cover how that group works to develop the balance of security measures with convenience and protection of privacy for employees and visitors. Finally, I would like to present some of the new philosophies of security that have developed within the corporate world since September 11th. The private sector has for many years accepted the fact that a high percentage of security-related incidents of either general criminal activity or specific target action, such as workplace violence, can be attributed to the unauthorized individual gaining access to a facility. The approach to threat and vulnerability analysis has been to identify the layers of protection required to either deter or detect and neutralize a perpetrator prior to achievement of their objective. To accomplish this, basic technologies such as card access, biometrics, closed circuit surveillance and intrusion detection are combined into an integrated electronic security system. In determining how to protect the facilities, security assessment will address subjects such as local environment, facility use, total value of the asset, the possibility of a threat being successfully carried out, and the criticality level related to either partial or total loss of that asset. This approach can be applied to any scenario that ranges from protecting the CEO to ensuring that nuclear weapons are properly secured. The implementation of security measures does not, however, have to inflict the penalty of inconvenience or loss of privacy upon those working within the protected environment. The designed effort must ensure protection while at the same time maintaining the focus of developing user-friendly and nonintrusive security measures. Well-designed security programs should ultimately result in minimal contact with the subject and with all verification and surveillance being totally transparent to anyone other than the security team. As you all know, the invasion of privacy debate over the use of closed circuit television systems has gone on for years. This same argument will move to a higher plane as biometric template data bases become a reality. However, in the private sector, the trend has been for several years to develop surveillance teams that are reactive as opposed to passive, and to focus on using these same systems for security incident assessment as opposed to general surveillance. Even the American Civil Liberties Union has acknowledged the fact that people are more open to the use of surveillance systems based on the acceptance of the need for more security. Hence, the private sector has worked diligently with manufacturers and software development entities to ensure that data base access and abuse incidents are reduced to the lowest number possible by protecting access to sensitive information. Advances in the technologies of digital recording, as well as the ability to transmit signals over LAN, WAN, or GAN, has had a major impact on the effectiveness of security assessment. Today the security console officer of a global corporation can, through the use of proprietary network transmissions, receive real-time video, intrusion alarm data and access control transaction information from any company within the facilities around the world. Technologies currently being developed will further enhance security protection techniques by being able to lock onto a subject or an object for the purposes of tracking with a camera system. Should the subject go from one camera viewing area to another, the tracking process will roll over to the other camera in order to maintain surveillance. The use of biometric technology, such as finger and hand geometry, facial recognition, iris scan, retinal scan and other methods of providing positive identification, will have a definite impact on the design of access-controlled systems. A recent poll of systems integrators indicated that 66 percent of their clients either had installed biometric systems or were considering implementing the technology within the near future. September 11th has created an attitude of acceptance on the part of many Americans for increased security measures. One of the most significant within the private sector is the acceptance of the need to positively identify persons entering controlled areas. This decision has impacted the use of biometric verification techniques in private and government security programs. In fact, in the private sector, security has been a top priority, with money set aside for upgrades and new installations. Additionally, facilities such as water treatment plants, power generation stations are now implementing security measures that incorporate the whole gamut of electronic protection devices. Therefore, in summary, I would submit that in the private sector, one will no longer hear the phrase that's never happened here. We have been awakened to the fact that attacks can be carried out against our Nation and our workplaces and any place we gather in large numbers, such as the current threat from the FBI about malls. With the increased threat related to the use of biological/chemical agents, suicide bombers and weapons of mass destruction, the development of security measures in both the private as well as the Government sectors will continuously be improved upon and implemented to protect the people of this great Nation. Thank you again for allowing me time for this presentation and God bless America. I will now entertain questions. [The prepared statement of Mr. Bordes follows:] [GRAPHIC] [TIFF OMITTED] T5838.055 [GRAPHIC] [TIFF OMITTED] T5838.056 [GRAPHIC] [TIFF OMITTED] T5838.057 [GRAPHIC] [TIFF OMITTED] T5838.058 [GRAPHIC] [TIFF OMITTED] T5838.059 Mr. Tom Davis of Virginia. Thank you very much. There is a series of three votes. We're going to be at the end of one vote, so hopefully it will move quickly. But I'll declare a recess. It will probably be 20 minutes or so. Feel free to move about and be back here in 20 minutes. [Recess.] Mr. Tom Davis of Virginia. We're ready to start the questioning. I'm going to start with Mrs. Davis, the gentlelady from Virginia. Mrs. Jo Ann Davis of Virginia. Thank you, Mr. Chairman. And thank you, gentlemen, for being here. I apologize I couldn't be here to hear your testimony. I had several markups at the same time. My first question is for Mr. Moravec. As the Government's biggest landlord, how do you work with building tenants to determine the security needs and the products required? Mr. Moravec. I'm sorry, Congresswoman, I didn't hear the question. Mrs. Jo Ann Davis of Virginia. As the Government's biggest landlord, how do you work with the building tenants to determine the security need and products required? Mr. Moravec. Fundamental to our security philosophy is the understanding that each building constitutes a very distinct set of security and safety needs. So it has been our philosophy to work with the building security committee of that building. Every Federal building has a building security committee, sometimes called an occupant emergency organization, that is responsible for developing, in consultation with the Federal Protective Service, plans for the safety and security of the occupants and visitors to that building. So it's very individualized. Mrs. Jo Ann Davis of Virginia [presiding]. If you'll pardon me for changing seats there real quick. As a followup, what purchasing assistance does GSA provide to Government agencies interested in acquiring security technologies? Mr. Moravec. I'll defer to Wendell Shingler. Mr. Shingler. Actually we do a wide variety of things. We provide consulting services for the most part of going into a Federal agency and making recommendations on how to offset their vulnerabilities. On the flip side of that, the Federal Supply Service within GSA and our folks work in consultation to come up with contracts that would meet the needs to provide those items, cameras, monitors and the like for not only us but the individual departments and agencies. Mr. Moravec. Federal Protective Service is assessing its own needs all the time for the buildings that are GSA- controlled. We also, through interagency groups, for example, the Interagency Security Committee share information with security personnel at other agencies and departments of Government as to technologies that are emerging, technologies that have been proven to be especially effective. We definitely talk amongst ourselves within the Federal community. Mrs. Jo Ann Davis of Virginia. Do you feel you can do it in a timely manner since apparently it's going through several different agencies? Mr. Moravec. Well, it's an ongoing process. We are in constant dialog with each other. Within the Federal Protective Service we have been assessing new technologies on a somewhat ad hoc basis. We're now taking steps to create a standing committee within our organization of specialists who will be proactively involved in seeking out new security technologies. And clearly, since September 11th we're now aware of and defending against a much broader range of threats to Federal facilities. So it's very important that we be preemptive and proactive. Mrs. Jo Ann Davis of Virginia. Mr. Bordes, what has been the impact on demand since the September 11th terrorist attacks, and can the industry adequately meet the increased demand in a timely basis? And if not, who is stepping in to fill that role? Mr. Bordes. I was working the mic. I didn't hear the last half of your question. Mrs. Jo Ann Davis of Virginia. If you're not able to do it in a timely basis, who is stepping in to fill that role if the industry can't do it? Mr. Bordes. Well, the private sector is doing a lot of things to try to meet the threats that they now perceive after September 11th. The industry security has in some areas been able to meet that need. However, there are other technologies that the private sector is calling upon that probably a year ago the delivery date on that technology was 3 to 4 weeks, now that delivery date is 5 to 6 months. And it depends on the technology that you're addressing. But the private sector is really working very diligently to try to upgrade the security across their operation, as the Government is, and it's just an issue of supply and demand. The industry really is in some segments very, very small. In fact, the area of biometrics up until a couple years ago, each biometric was basically manufactured by one company. So these companies were not really geared up for to you walk in and say I need 1700 hand geometry readers. It would really blow them back. Mrs. Jo Ann Davis of Virginia. You said that before September 11th it would have been 3 to 4 weeks but now it's 5 to 6 months. That's because there is so much more demand? Mr. Bordes. Because of supply and demand. Mrs. Jo Ann Davis of Virginia. Who would step in or is there anyone to step in, in that interim? Mr. Bordes. In some technologies, ma'am, there is nobody to step in. Mrs. Jo Ann Davis of Virginia. In some. But how about others? Mr. Bordes. In others that are companies that are gearing up, companies that are in closed circuit television system, like Panasonic and these people, they are able to immediately increase output and to meet the needs. But in some sectors, like hydraulic bollards, vehicle barriers, motorized gates, crash gates for embassies, airports, this type situation, they're just not geared up to manufacture them that quickly. Mrs. Jo Ann Davis of Virginia. My time is up, but I thank you, gentlemen. Mr. Turner. Thank you. I unfortunately missed your testimony. I was on the floor debating an amendment to the INS reform bill. I was just curious, in looking through some of the testimony, is there a general agreement as to which technologies should be employed, or are we still at the point where there are so many different ones out there that nobody is really settled in on which ones are best? And I'd welcome any of your comments on this. Mr. Moravec. I'll take a stab at that. I think there's general agreement in the Federal community as to what the appropriate technologies are and how they ought to be generally deployed. As I testified earlier, Congressman Turner, we look at each building as a separate and distinct security threat and try to craft a package of countermeasures that address the vulnerabilities that we have assessed at a particular building. And it's a package of things that includes deployment of manpower, contract guard services, specific electronic countermeasures like magnetometers, x-ray machines, explosion detection devices. So it's a combination of both technology and manpower deployment and operations that really constitute a well-rounded security program. And I think there is general agreement in the Federal Government. The packages vary, depending on the perceived threat. Buildings can be perceived as having a higher or lower threat. So there's quite a bit of diversity or at least a range in terms of the intensity, if you will, of the security deployment at a particular building, depending on what the perceived level of threat is. Mr. Turner. I guess I was particularly interested in the biometrics area because it seems to me that, No. 1, the Federal Government should take the lead in trying to establish some standard there because once the Federal Government moves forward with the application of a given technology, it seems that it probably encourages the private sector and smaller purchasers to choose the same. And over time it would seem to me important to the Nation to have some standardization. If we all are walking around with cards that swipe and we could get in several places with that card or if we're going to rely on retinal scan technology, then others would adopt that and we become more standardized and access would be more readily afforded to the public in general if there was some standardization. Am I correct in that? Mr. Moravec. I completely agree with you. This is an opportunity for the Federal Government to show leadership to the private sector. The grim reality is that since Oklahoma City, the Federal Government, including the Federal Protective Service, have become very knowledgeable about ways of designing and building and defending buildings against different kinds of threats. And even we are very actively reaching out to the private sector through groups like the American Security Society for Industrial Security and through different real estate organizations to try to share that information with them. However, the Federal Government at this point in time, itself not being a monolithic entity, has a variety of different responses with regard to identity cards. With 100 different agencies, 100 different agencies have 100 different kinds of identity cards. That is part of the challenge of defending buildings. For us to show leadership with regard to access cards, whether they include biometric cards or not, or whether they're smart or not, the Federal Government needs to get together and decide on, I think, on a national government card. Mr. Turner. What would it take to accomplish that? Obviously we now have all these agencies, as you say, going out there adopting whatever system they want to put in place. What would it take to have some standardization accepted in our Federal agencies? Mr. Moravec. Well, I think that direction could certainly come from the executive branch. It could come through GSA. It could come through the Office of Personnel Management. It could come through the offices of the Homeland Security. There are a number of different places where that direction could come from. Mr. Turner. Thank you. Thank you, Mr. Chairman. Mr. Tom Davis of Virginia [presiding]. Thank you very much. Mr. Abram, let me ask you a question. Because of the heightened and immediate need for advanced security products and system components for our government facilities, are there any current constraints with the U.S. Government being able to quickly source the kind of equipment needed for security? Mr. Abram. I believe there are. And I believe the potential exists for even greater problems. The Buy America laws require the U.S. Government to source from domestic suppliers and, if not available, from suppliers in countries that have signed onto an international procurement agreement. In Asia, that includes only Hong Kong, Japan, Korea, and Singapore. Now because of globalization and economies of scale concerns, many of the security manufacturers, Panasonic included, are finding that they are moving to countries that can manufacture less expensive for us, countries like China and the Philippines. And this is a possible restraint in the Government purchasing product from organizations such as Panasonic. Recognizing this constraint at a time of increased security demands, the SARA, the Services Acquisition Reform Act of 2002 that Chairman Davis introduced, provides an exemption for this sourcing restriction for information technology commercial items. Because of the importance of the homeland security, the proposed legislation defines information technology to include imaging peripherals and certain devices necessary for security and surveillance. It is through the SARA that we will be able to correct some of these problems that are going to become more and more evident, at least in the video surveillance area. Mr. Tom Davis of Virginia. Let me ask Mr. Rhodes. The biometric technologies that were identified within your presentation represented several different technologies. Which technologies are actually in use and which do you believe are the most effective for security identification verification purposes? Or do you think it depends? Mr. Rhodes. Out of all of the biometric technologies, there is really only one that we couldn't find in pervasive use and that was signature recognition. The most prevalent technology biometric technology is the fingerprint scan, and that's because it grew out of law enforcement and it's the most established technology, the most established procedure for enrolling an individual into the system, and that's reflected in its price as well. It's only about $4 per user if you already have the server in place. From our analysis, the biometric technology that probably shows the most promise is the iris scan. That technology is going to advance because it's the least invasive to the individual. As was stated in an earlier statement from Panasonic, as the quality of the camera for both movement and room light improves, you can stand farther and farther away from the receptor, so people don't get the feeling of having it invade their body. And that's probably going to always be a resistance to somebody like a retina scan where you have to sit still for quite a long time while it scans the back of your eye. And so in a nutshell, the fingerprint scan is the most pervasive and the scan for iris is the one that probably has the best future. Mr. Tom Davis of Virginia. Fingerprint scan is fast. Isn't it pretty efficient? Mr. Rhodes. Yes. In some cases you can get it down to just a couple of seconds. As a matter of fact, it's being used currently by the FAA in some of their facilities for quick access to some of the doors, some of the secured access facilities. Mr. Tom Davis of Virginia. Let me ask Mr. Moravec and Mr. Jester about the use of biometric technologies. Are we using that widely in Government and are we restricting the use of the personal information that's stored? Mr. Moravec. In the Federal Protective Service we are not at this point, to my knowledge, deploying what could accurately be called biometric technology with regard to access cards or access controls. Mr. Tom Davis of Virginia. How hard and difficult would it be to do that? Mr. Moravec. It would be difficult for me to assess, sitting here, how difficult it would be. It would clearly be-- given the scope of our portfolio, which encompasses over 8,000 buildings and 340 million square feet, applying anything consistently and effectively on a base that big would certainly be logistically challenging. Mr. Tom Davis of Virginia. Right. OK. Mr. Jester. We're using biometrics at specific locations where you have a very sensitive office within a building. We're using iris scan, we are using hand geometry readers. There are limits of where we do use it. We don't use it in the entrance to the facility because at the Pentagon, for example, we have 20,000 employees and everybody going through it would be a long line waiting to come in. But we do use it at specific locations. The U.S. Army is leading an effort within the Department of Defense to look at--they have a biometric officer. They're looking at different applications of the biometric technology and looking where it can be used within the Department of Defense. So there is a program to encourage the use of biometrics. Mr. Tom Davis of Virginia. OK. Mr. Moravec, let me ask you. The Federal Protective Services are responsible for protecting Federal buildings. Do they use the same approach to designing countermeasures as would be found in the private sector? Mr. Moravec. Yes. Yes. In fact, we have a very close working relationship with the American Society for Industrial Security, absolutely. Mr. Tom Davis of Virginia. Mr. Bordes, what services can you offer to Federal security planners who are working to better protect Federal facilities? What recommendations does GSA give to these planners? Mr. Bordes. I think one of the most important things on Federal protection, developing Federal protection of facilities, is to get involved in the planning process early. That's one of the major problems that we see as, you know, from reading my information, I run the GSA FPS training program for physical security. And that particular program, we really try to stress to our people to get involved early in the planning to make sure that they have the input to be able to address situations such as barriers, setback, glazing of glass, or hardening of facility and this type of situation. The people in FPS basically use the same measures that the private sector does. They go out, they identify the threat, they try to find countermeasures that will address that threat, and then they address the issues of how they're going to respond appropriately and also run the educational program. But one of the major problems seems to be basically the issues of planning. It's important that in any design, in any security design, whether it's private sector or whether it's Government or whether it's military, that the people who are doing the design get involved in the process early on. Because there are a lot of things that go into a design that if you come in at a late stage in the design are extremely difficult and extremely expensive to implement. That seems to be a problem that is always being confronted by people who are designing the GSA security programs. Mr. Moravec. If I could respond to that. Since Oklahoma City, we have obviously been designing and building buildings in a completely different way. We have stringent setback criteria. We employ anti-progressive collapse technology in their design. We have hardened curtained walls, ballistic glass. Up until September 11th, we were primarily defending against what happened at Oklahoma City, which was the breaching of perimeter security by a truck bomb and the total collapse of the building. I think what Mr. Bordes is saying is absolutely correct. It's very important that Federal Protective Service trained physical security people and consultants, as well as building managers, be involved with architects and engineers in the design of buildings. We make every effort to make sure they have a seat at the table and, of course, even more so than since September 11th. Mr. Tom Davis of Virginia. There is always a tendency for generals to fight the last war. So you defend against Oklahoma City and now we look back to September 11th, defend against that. I mean, we are being proactive in figuring out what else could go wrong. Mr. Moravec. We are. Especially since the anthrax episodes, we're looking at the location of air intakes, we are looking into the purchase and deployment of equipment that can detect toxins in the building's water or air supply and devices to automatically take corrective action in that event. September 11th has really opened a whole new vista to us in terms of ways that people can--who wish us ill can do harm to people and to buildings. Mr. Tom Davis of Virginia. Yes. Let me ask both Mr. Jester and Mr. Moravec, how do you determine the proper balance between security and convenience and efficiency? To some extent, if you want to make a building entirely secure, it's going to be a real pain for somebody trying to get in and out some of the time. You can make it secure, but you also have to make it functional. It's a difficult balance, remembering most of these buildings will probably never undergo any kind of problem. How do you get that balance? Mr. Jester. I think it begins--the word planning has been used. Having gone through--having been about 300 feet from where the plane hit, a lot of lessons were learned. The key word is planning. And planning goes in this particular application, too. If we're looking for a location for a, for example, a DOD operation, we need to be careful on where we place that. We can't select the wrong building. If we put a very sensitive DOD operation--and we're not just concerned for terrorism, we're also concerned for foreign intelligence- gathering. So it has to be some care exercised simply--it's not simply a selection of how many square feet that building happens to be, we should not be putting a building or an operation into a building where there's a lot of highly public agencies in that building, for example, Social Security. We should not be mixing those organizations together. But it is a delicate balance. So we say it begins right in the very beginning, put them in the right location. If you, for example, take agencies with high security requirements and lump those together in those kinds of buildings where it can be more secure, don't mix and match high secure requirements with organizations that have a high public contact. Mr. Tom Davis of Virginia. OK. Mr. Moravec. That's certainly beneficial. Just for the General Services Administration, we are determined not to build bunkers. We are determined to build buildings, iconic buildings, 100-year buildings that are emblematic of the spirit of the American people, that are first and foremost secure, but are also esthetically pleasing and hopefully an adornment to the communities where they're located. We are very cognizant of avoiding--creating a climate of fear at buildings which is often present when you take especially stringent security measures. We want, as someone put it, I thought very well, we want to first welcome and then challenge people who are coming to the building, to do both, but to do it in a way that is not oppressive and is not obtrusive. And this is particularly challenging in courthouses. We're building a lot of courthouses across the country now, and we want those buildings to be like the American judicial system itself, open and accessible to all. But obviously at a courthouse in this day and age, those buildings need to be very secure. So it is a continuing challenge and one that we spend an awful lot of time thinking about and working on. Mr. Tom Davis of Virginia. Yes. I worked here in the 1960's as a page and you could drive in here at night, anybody could come in here at night. You didn't have the metal detectors and everything to get in and out of the building. It worked pretty smoothly. But I guess the world changes and you have to change with it. Somehow I would like the world to change back. It would be a lot more efficient in terms of how we could spend or money. In the meantime, you all have a very difficult job. Every time something goes wrong, everybody is going to second-guess you. To the extent that you are spending money doing these kinds of things, you can't do other things. Mr. Moravec. Well, as has been brought out by several of the witnesses, it really is a package of different countermeasures that really need to be undertaken. I mean we are expanding our guard contracts, we've enhanced the training and testing of our different kinds of countermeasures. We have very close involvement these days with the FBI and the CIA and different joint terrorism task forces. We are engaging security measures in major metropolitan areas to try to design security countermeasures in areas that are particularly densely populated with Federal workers that are not obtrusive. We are spending a lot of time in the buildings talking to the tenants and to the different building security committees about what they can do specifically to protect themselves. We're really trying to help the Federal associates and people who are visitors to Federal buildings move themselves to a higher state of vigilance and wariness which is, I think, necessary in this day and age. Mr. Jester. There was a failure, I think, on September 11th. It was probably, I would say, a failure of imagination. We have to in that particular field, we have to use our imagination and not, as you said a while ago, fight the last war. We have to look forward and think about what could happen. Years ago I think everybody in this country was shocked when someone went into a McDonalds in California and killed 21 people. We were shocked by that. We were shocked later on when school kids were shooting each other in school. So in our profession we need to be looking forward and almost to some degree have screen writers look about what things could happen. I don't think anyone would imagine the Pentagon--we had talked about planes hitting the building because we are very close to the airport, as an accident or maybe as a small aircraft. But never did we dream of a 757 coming into our building. So we need to use our imagination to think about what kinds of things could happen and then go back to that key element of having some plans and not think it won't happen on our watch. If we think it's not going to happen on our watch, we don't plan for it. So we need to do proper planning and then use all the technologies that are available to us. The technologies are great, they're fantastic tools, but to use those technologies as tools and be careful how we use them because we--as you learned, one of the biggest technologies that failed us on September 11th was the cell phones. We could not communicate throughout the entire city on cell phones. So using technologies, we ought to also go back to some very basic principles of planning and exercises and drills. Mr. Tom Davis of Virginia. Thank you. Mrs. Davis. Mrs. Jo Ann Davis of Virginia. Thank you, Mr. Chairman. These questions are probably just curious questions. But I think, Mr. Rhodes, you talked about the fingerprinting scan and the iris scan. Mr. Rhodes. Yes, ma'am. Mrs. Jo Ann Davis of Virginia. And Mr. Abram said that some of the technology was not available through Buy America. Would any of those be available through Buy America? Mr. Rhodes. I don't know the underlying--I think that at least some of the vendors on the GSA list would be available. I don't know that they would be available in the quantities that people would need. The fingerprints is very well established, so you'd probably be able to gear up for the procurement. But on the retina scan, that's still developing technology. So I don't know that would be--you would be able to buy it on the scale that you would need. Mrs. Jo Ann Davis of Virginia. On the iris scan--and somebody said they were using that now, I think you did, Mr. Jester. That's the colored part of your eye, right? That's the colored part of your eye, right? Mr. Jester. Yes, ma'am. Mrs. Jo Ann Davis of Virginia. If someone has one of those colored contact lenses, how does that affect it? Mr. Abram. I believe I can answer that. It really does not unless they are extremely dark, dark colored lenses, and then it would give you a negative access through the access control. The product takes--basically takes a picture of the iris, digitizes that picture into a 512 bit picture or 512 bit data image that is then used for comparison purposes. So as long as it is a coloring or tint in the contact lenses and a coloring or tint in your glasses, there is no effect or adverse effect from reading it. As you get much darker tints to both of those glasses and contacts, it will have an effect. Mrs. Jo Ann Davis of Virginia. Mr. Jester, the planes that hit the Pentagon and the Twin Towers, I'm not sure there's any security measures that we could have taken in either of those buildings for that. Mr. Jester. No, ma'am. I was asked by the press do we have guns on the roof. That will start with the airport security. It has to be at that point. Because we can't stop it in our building. We can be better prepared for that. And I think one of the things that we feel successful about was in the preceding year we had been doing drills with the employees, evacuation drills outside the building, as well as sheltering- in-place drills. So--because most employees in Federal buildings got their last instruction on fire drills when they were in the third grade. So we pushed that for a year. And so when we activated the alarms that day, I think we had less problems because people had actually been prepared by having drills. Mrs. Jo Ann Davis of Virginia. Thank you, gentlemen. Thank you, Mr. Chairman. Mr. Tom Davis of Virginia. Thank you all. Before we close, I want to take a moment to thank everyone for attending today's subcommittee hearing. Thanks for bearing with us as we went over and voted and came back. Our special thanks to the witnesses, to Representative Turner, Mrs. Davis, and other attendees. I also want to thank my staff for organizing what I consider to be a very productive hearing. I'm going to enter into the record the briefing memo that was distributed to subcommittee members. We'll hold the record open for 2 weeks from this date for those that want to forward submissions for inclusion into the record. These proceedings are closed. [Whereupon, at 3:45 p.m., the subcommittee was adjourned.]