<DOC>
[107th Congress House Hearings]
[From the U.S. Government Printing Office via GPO Access]
[DOCID: f:85838.wais]
ENSURING THE SAFETY OF OUR FEDERAL WORKFORCE: GSA'S USE OF TECHNOLOGY
TO SECURE FEDERAL BUILDINGS
=======================================================================
HEARING
before the
SUBCOMMITTEE ON TECHNOLOGY AND PROCUREMENT POLICY
of the
COMMITTEE ON
GOVERNMENT REFORM
HOUSE OF REPRESENTATIVES
ONE HUNDRED SEVENTH CONGRESS
SECOND SESSION
__________
APRIL 25, 2002
__________
Serial No. 107-180
__________
Printed for the use of the Committee on Government Reform
Available via the World Wide Web: http://www.gpo.gov/congress/house
http://www.house.gov/reform
______
85-838 U.S. GOVERNMENT PRINTING OFFICE
WASHINGTON : 2003
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpr.gov Phone: toll free (866) 512-1800; (202) 512ÿ091800
Fax: (202) 512ÿ092250 Mail: Stop SSOP, Washington, DC 20402ÿ090001
COMMITTEE ON GOVERNMENT REFORM
DAN BURTON, Indiana, Chairman
BENJAMIN A. GILMAN, New York HENRY A. WAXMAN, California
CONSTANCE A. MORELLA, Maryland TOM LANTOS, California
CHRISTOPHER SHAYS, Connecticut MAJOR R. OWENS, New York
ILEANA ROS-LEHTINEN, Florida EDOLPHUS TOWNS, New York
JOHN M. McHUGH, New York PAUL E. KANJORSKI, Pennsylvania
STEPHEN HORN, California PATSY T. MINK, Hawaii
JOHN L. MICA, Florida CAROLYN B. MALONEY, New York
THOMAS M. DAVIS, Virginia ELEANOR HOLMES NORTON, Washington,
MARK E. SOUDER, Indiana DC
STEVEN C. LaTOURETTE, Ohio ELIJAH E. CUMMINGS, Maryland
BOB BARR, Georgia DENNIS J. KUCINICH, Ohio
DAN MILLER, Florida ROD R. BLAGOJEVICH, Illinois
DOUG OSE, California DANNY K. DAVIS, Illinois
RON LEWIS, Kentucky JOHN F. TIERNEY, Massachusetts
JO ANN DAVIS, Virginia JIM TURNER, Texas
TODD RUSSELL PLATTS, Pennsylvania THOMAS H. ALLEN, Maine
DAVE WELDON, Florida JANICE D. SCHAKOWSKY, Illinois
CHRIS CANNON, Utah WM. LACY CLAY, Missouri
ADAM H. PUTNAM, Florida DIANE E. WATSON, California
C.L. ``BUTCH'' OTTER, Idaho STEPHEN F. LYNCH, Massachusetts
EDWARD L. SCHROCK, Virginia ------
JOHN J. DUNCAN, Jr., Tennessee BERNARD SANDERS, Vermont
------ ------ (Independent)
Kevin Binger, Staff Director
Daniel R. Moll, Deputy Staff Director
James C. Wilson, Chief Counsel
Robert A. Briggs, Chief Clerk
Phil Schiliro, Minority Staff Director
Subcommittee on Technology and Procurement Policy
THOMAS M. DAVIS, Virginia, Chairman
JO ANN DAVIS, Virginia JIM TURNER, Texas
STEPHEN HORN, California PAUL E. KANJORSKI, Pennsylvania
DOUG OSE, California PATSY T. MINK, Hawaii
EDWARD L. SCHROCK, Virginia
Ex Officio
DAN BURTON, Indiana HENRY A. WAXMAN, California
Melissa Wojciak, Staff Director
Victoria Proctor, Professional Staff Member
Teddy Kidd, Clerk
Mark Stephenson, Minority Professional Staff Member
C O N T E N T S
----------
Page
Hearing held on April 25, 2002................................... 1
Statement of:
Rhodes, Keith A., Chief Technologist, U.S. General Accounting
Office; F. Joseph Moravec, Commissioner, Public Buildings
Service, U.S. General Services Administration; Wendell
Shingler, Director, Federal Protective Service, U.S.
General Services Administration; John N. Jester, Chief,
Defense Protective Service, Department of Defense; Frank R.
Abram, general manager, Security Systems Group, Panasonic
Digital Communications & Security Co.; and Roy N. Bordes,
president/CEO, the Bordes Groups, Inc., and council vice
president, American Society for Industrial Security........ 5
Letters, statements, etc., submitted for the record by:
Abram, Frank R., general manager, Security Systems Group,
Panasonic Digital Communications & Security Co., prepared
statement of............................................... 56
Bordes, Roy N., president/CEO, the Bordes Groups, Inc., and
council vice president, American Society for Industrial
Security, prepared statement of............................ 69
Davis, Hon. Thomas M., a Representative in Congress from the
State of Virginia, prepared statement of................... 3
Jester, John N., Chief, Defense Protective Service,
Department of Defense, prepared statement of............... 50
Moravec, F. Joseph, Commissioner, Public Buildings Service,
U.S. General Services Administration, prepared statement of 37
Rhodes, Keith A., Chief Technologist, U.S. General Accounting
Office, prepared statement of.............................. 9
ENSURING THE SAFETY OF OUR FEDERAL WORKFORCE: GSA'S USE OF TECHNOLOGY
TO SECURE FEDERAL BUILDINGS
----------
THURSDAY, APRIL 25, 2002
House of Representatives,
Subcommittee on Technology and Procurement Policy,
Committee on Government Reform,
Washington, DC.
The subcommittee met, pursuant to notice, at 2 p.m., in
room 2154, Rayburn House Office Building, Hon. Thomas M. Davis
(chairman of the subcommittee) presiding.
Present: Representatives Thomas Davis, Jo Ann Davis and
Turner.
Staff present: George Rogers, Chip Nottingham, and Uyen
Dinh, counsels; Victoria Proctor, professional staff member;
John Brosnan, consultant; Teddy Kidd, clerk; Mark Stephenson,
minority professional staff member; and Jean Gosa, minority
assistant clerk.
Mr. Tom Davis of Virginia. We are going to be voting in
about 5 or 10 minutes, so I want to try and get the opening
statements out of the way so when we come back we can hear from
you. I apologize for that. I think once we start the hearing it
will go pretty quickly, but at least let's get the politicians
out of it so we can get to the experts.
Good afternoon. I would like to welcome everybody to
today's oversight hearing on the General Services
Administration's efforts to secure Federal buildings that it
owns and leases. We will discuss the advantages and
disadvantages of using commercially available security
technologies in Federal facilities and the potential concerns
that may arise from their implementation.
GSA acts as the Federal Government's property manager and
is responsible for ensuring the safety and security of the
Federal buildings it owns and leases. After the Oklahoma City
bombings in 1995, GSA began a multi-million-dollar program to
upgrade the security of its buildings using the criteria in the
Justice Department's report titled ``Vulnerability Assessment
of Federal Facilities.'' This was the first time that
governmentwide security standards were established for public
buildings.
The terrorist attacks of September 11th have led to a
renewed assessment of the vulnerability of Federal buildings
and focus on a new array of security threats. The acquisition
of technological upgrades and new technologies are part of the
broader effort to combat these threats. And the effective use
of these technologies will be critical to our success.
Today, we are going to examine what role technology plays
in the security initiatives that GSA is currently implementing
in order to protect Federal buildings and the employees who
work in them. We will also try to ascertain what barriers may
exist in obtaining and implementing the most appropriate and
effective technologies.
Since September 11th, life is returning to normal for most
Americans. However, for Federal employees, the effects of the
attacks are ever present since Federal buildings remain at a
heightened state of alert. In fact, each time there has been a
terrorist attack on the United States over the last several
years, we have seen a visible security increase in and around
Federal buildings. Barricades, metal detectors, car searches,
ID checks and security cameras have become familiar sights for
the average Federal employee.
These new and upgraded security products and services are
used to protect employees and visitors, restrict access or
detect intruders in Federal facilities. However, their
implementation raises a number of concerns. We need to ensure
that Federal agencies can achieve a secure work environment
while still maintaining an atmosphere of openness.
Furthermore, can advances in technology offer increased
security with limited intrusiveness and inconvenience to
employees and visitors? For instance, at the Capitol complex,
there are elaborate procedures in place to examine packages
sent to congressional offices. We reject courier deliveries for
safety reasons. Overnight deliveries become over-a-week
deliveries. Obviously, this poses an inconvenience to both
recipient and sender. Not just an inconvenience, it is a very
inefficient way of doing things. It even affected one of our
witnesses testifying today. GSA must grapple with these same
concerns.
Additionally, Federal agencies have spent significant sums
of money improving security measures, particularly in the wake
of September 11th. Since the price for a single type of
technology can vary widely, agencies must balance costs against
the quality of proven security products and services.
There is no question that the Federal Government is capable
of providing security. We know we can use brute force to keep
people and packages out of buildings. We did it immediately
after September 11th. But our real objective should be the
utilization of visible and discreet technologies to provide
adequate security, thus allowing the government to work
effectively and efficiently with minimal disruption,
inconvenience and invasiveness.
I understand the sensitive nature of this issue for
security professionals. Therefore, I appreciate your
willingness and the willingness of our witnesses to testify
before our subcommittee today.
[The prepared statement of Hon. Thomas M. Davis follows:]
[GRAPHIC] [TIFF OMITTED] T5838.001
[GRAPHIC] [TIFF OMITTED] T5838.002
Mr. Tom Davis of Virginia. The subcommittee is going to
hear from Keith Rhodes, the Chief Technologist at the General
Accounting Office; F. Joseph Moravec, the Commissioner of
Public Buildings Service from the General Services
Administration; GSA supporting witness Wendell Shingler,
Director of the Federal Protective Service; John N. Jester,
Chief of Defense Protective Services, Department of Defense;
Frank R. Abram, the general manager of the Security System
Group; and Roy N. Bordes, the president and CEO of the Bordes
Group and council vice president of the American Society for
Industrial Security.
I ask unanimous consent they be permitted to participate in
today's hearing. Without objection, it will be so ordered.
Representative Turner has not arrived here yet, and I will
interrupt statements when at he comes so he can make a
statement. But I would like to call our panel of witnesses.
As you know, it is the policy of our committee that all
witnesses be sworn before they can testify. If you would rise
with me and raise your right hand.
[Witnesses sworn.]
Mr. Tom Davis of Virginia. Be seated.
To afford sufficient time for questions, the witnesses will
please limit themselves to no more than 5 minutes for any
statement. All written statements from witnesses will be made
part of the permanent record.
I think I would like to start with Mr. Rhodes and then move
straight down to Mr. Moravec, Mr. Jester, Mr. Abram, Mr.
Bordes. Thank you for being with us.
STATEMENTS OF KEITH A. RHODES, CHIEF TECHNOLOGIST, U.S. GENERAL
ACCOUNTING OFFICE; F. JOSEPH MORAVEC, COMMISSIONER, PUBLIC
BUILDINGS SERVICE, U.S. GENERAL SERVICES ADMINISTRATION;
WENDELL SHINGLER, DIRECTOR, FEDERAL PROTECTIVE SERVICE, U.S.
GENERAL SERVICES ADMINISTRATION; JOHN N. JESTER, CHIEF, DEFENSE
PROTECTIVE SERVICE, DEPARTMENT OF DEFENSE; FRANK R. ABRAM,
GENERAL MANAGER, SECURITY SYSTEMS GROUP, PANASONIC DIGITAL
COMMUNICATIONS & SECURITY CO.; AND ROY N. BORDES, PRESIDENT/
CEO, THE BORDES GROUPS, INC., AND COUNCIL VICE PRESIDENT,
AMERICAN SOCIETY FOR INDUSTRIAL SECURITY
Mr. Rhodes. Mr. Chairman and members of the subcommittee,
thank you for inviting me to participate in today's hearing on
security technology to protect Federal facilities.
As you stated, the terrorist attacks of September 11th on
the World Trade Center and the Pentagon have intensified
concerns about the physical security of our Federal buildings
and the need to protect those who work in and visit these
facilities. These concerns have been underscored by reports of
long-standing vulnerabilities, including weak controls over
building access.
As you requested, today I will discuss commercially
available security technologies that can be deployed to protect
these facilities, ranging from turnstiles to smart cards to
biometric systems. While many of these technologies can provide
highly effective technical controls, the overall security of a
Federal building will hinge on establishing robust risk
management processes and implementing the three integral
concepts of a holistic security process: protection, detection
and reaction.
The 1995 domestic terrorist bombing of the Alfred P. Murrah
Federal Building in Oklahoma City, Oklahoma, led to the
establishment of governmentwide minimum standards for security
at all Federal facilities. Among the minimum standards for
buildings of a higher risk level are security technologies
including closed circuit television surveillance cameras,
intrusion detection systems with central monitoring capability
and metal detectors and x-ray machines to screen people and
their belongings at entrances to Federal buildings.
While minimum standards are necessary, no one should assume
a false sense of security. Security is not perfect, as
evidenced by testing. The GAO's Office of Special
Investigations has done, in ongoing requests from Congress,
testing the effectiveness of security at Federal buildings.
The key here is risk management. Risk management is the
foundation of effective security. In risk management, there are
basically five seemingly simple questions that are rather
complex to answer.
First question is, what am I protecting? That is, what is
the asset I am protecting and how am I valuing it? What would
the impact be of its loss? Who are my adversaries? I have to
figure out who my opponent is, do I have an adversary, does
that adversary have the ability to attack me, and does the
adversary have the intent to attack me. How am I vulnerable?
This is where GAO's Office of Special Investigations work
comes in, from our standpoint, in that we go out and test the
security of Federal facilities to see how they are vulnerable.
What are my priorities? Priorities are what do I want to
protect first, second, third and last; and what can I do is
actually a two-step question. The first part of the question of
what I can do is, what are the countermeasures I can put in
place to protect the environment? The second is, what can I
afford to do?
All of these questions have to be set up in a structure of
protection, detection and reaction. Protection is the actual
physical protection of the facility, talking about turnstiles
and guards and Jersey barriers and things like that as well as
access control. Detection is, once those systems have been
breached, how do I know that they have been breached? What is
going to let me know that something has gotten through the
system without authorization? And reaction is, how is the
organization established and how is security established in
order to react to breach of security?
One point I would like to make is that reaction--if
reaction does not culminate in the use of a guard or a human
being, the reaction has been proven to be ineffective. If
people here fire an alarm but the fire department doesn't show
up, that is ineffective reaction. Likewise, if someone breaks
into a building or tries to break into a building and guards do
not respond, that is also ineffective reaction.
In looking at the technology itself, technology breaks down
into three basic areas: access control, detection and intrusion
detection. Detection in this case is detection of weapons or
explosives or contraband of some kind.
In the area of access control, there are biometrics.
Biometrics are items that belong--that are on a human being
himself or herself--a fingerprint, hand geometry, scan of the
retina or a scan of the iris, facial recognition, trying to
figure out the facial geometry, speaker recognition, voice
pattern recognition or signature recognition. These are
considered things--because they are biometric, these are things
that someone cannot lose. They always have them with them.
The second step in access control is an access card. First
part of that is a magnetic swipe using something that looks
like a credit card with a magnetic strip on it. You run it
through a mag swipe reader and grants you access. Usually, that
is associated with the application of a four-digit personal ID
number.
There are also proximity cards which have a little wireless
communication in it. You get near the proximity reader and the
reader will either grant you access or not.
Then, finally, there are smart cards. Smart cards have
embedded integrated circuits, actual computer chips in them
that contains a wide range of information associated about the
individual--access level. It will also give people particular
access to rooms.
Associated with access control, there is usually a key pad
entry system which looks like a digital phone face, usually has
ten numbers or nine numbers on it and a send key. You put in
your four-digit personal identification number or however long
the ID number is and hit enter and then a door may open.
However, these biometric devices do need to be associated
with an access barrier. It is not any good if I can walk by a
proximity reader and just keep walking. There has to be
something to stop me from getting in. These are usually
turnstiles or can be revolving doors.
Next area is detection. This is what most people end up
going through at airports. You come in and you walk through a
magnatometer, a metal detector. Metal detector will find out if
you have any metal on you. If you have metal on you that
reaches a certain threshold set by the turnstile or by the
magnatometer, then they will order a secondary check.
X-ray machines, this is probably familiar to everyone at
airports. Also when your bag passes through an x-ray machine so
they can look either for weapons or they can look for
explosives or they can look for sharp objects in your bag.
Finally, there are explosive detectors. Sometimes when I
have gone to the airport, for example, and gone on an overnight
trip somewhere, they have taken my bag and you will see
sometimes they will wipe a swab on the strap of the bag and run
into a system that checks for evidence of explosive material.
Then, finally, there is intrusion detection, which focuses
mainly on closed circuit television or intrusion sensors that
track motion.
All of these technologies are available today. Some are
varying quality. Some, as you pointed out, Mr. Davis, can be
extremely expensive. But no one of the technologies is going to
solve all the access control problems or security problems, and
technology alone is not going to be the only thing that we can
apply to secure a facility. We have to have human beings in the
loop who can respond. All of these must work together.
Some of the limitations of the technology are, of course,
technology can't compensate for human failure or ineffective
security processes. Training of security personnel is vital.
The training of the personnel is vital, and the retention of
the personnel is vital.
Very often, the government ends up being the great training
ground for other organizations. We train security personnel in
the military and we train security personnel through GSA or
other government organizations only to lose them to either
other departments and agencies in the government or we lose
them to the private sector.
Technology can also be overestimated. There has to be a
healthy ``buyer beware'' in terms of the viability of the
technology. But this is also two-way. Technology bought without
an understanding of a department or agency's requirements for
security is not the vendor's fault. If the department or agency
hasn't laid out their requirements properly and they have just
gone and bought technology when they saw what they considered
to be an ill-defined problem, then it is not the vendor's fault
that the technology does not work. Likewise, if they do
establish good requirements and they haven't tested the
equipment properly, that is also a problem.
Sometimes a nontechnical solution may be best. Sometimes
dogs can sniff out bombs better than technology.
Lack of standards also impedes system integration. A lot of
these devices are built by different companies, and therefore
it's difficult to integrate the information together into a
single system.
And, as you pointed out, there are concerns by the user
population about the personal intrusion on their privacy in the
use of this technology. For example, just as a side comment
before I close, fingerprint technology, even though it's
probably the most robust biometric device is resisted by the
majority of the population because it's association with law
enforcement fingerprinting. So there are nonobvious resistance
indicators to the technology.
To close, I would just point out that there are a myriad of
technologies available. However, if these technologies are--if
the requirements for security are not clearly understood by the
department or agency, then the benefits of the technology are
overcome.
Thank you very much, and I await any questions from the
committee.
Mr. Tom Davis of Virginia. Thank you very much.
[The prepared statement of Mr. Rhodes follows:]
[GRAPHIC] [TIFF OMITTED] T5838.003
[GRAPHIC] [TIFF OMITTED] T5838.004
[GRAPHIC] [TIFF OMITTED] T5838.005
[GRAPHIC] [TIFF OMITTED] T5838.006
[GRAPHIC] [TIFF OMITTED] T5838.007
[GRAPHIC] [TIFF OMITTED] T5838.008
[GRAPHIC] [TIFF OMITTED] T5838.009
[GRAPHIC] [TIFF OMITTED] T5838.010
[GRAPHIC] [TIFF OMITTED] T5838.011
[GRAPHIC] [TIFF OMITTED] T5838.012
[GRAPHIC] [TIFF OMITTED] T5838.013
[GRAPHIC] [TIFF OMITTED] T5838.014
[GRAPHIC] [TIFF OMITTED] T5838.015
[GRAPHIC] [TIFF OMITTED] T5838.016
[GRAPHIC] [TIFF OMITTED] T5838.017
[GRAPHIC] [TIFF OMITTED] T5838.018
[GRAPHIC] [TIFF OMITTED] T5838.019
[GRAPHIC] [TIFF OMITTED] T5838.020
[GRAPHIC] [TIFF OMITTED] T5838.021
[GRAPHIC] [TIFF OMITTED] T5838.022
[GRAPHIC] [TIFF OMITTED] T5838.023
[GRAPHIC] [TIFF OMITTED] T5838.024
[GRAPHIC] [TIFF OMITTED] T5838.025
[GRAPHIC] [TIFF OMITTED] T5838.026
[GRAPHIC] [TIFF OMITTED] T5838.027
[GRAPHIC] [TIFF OMITTED] T5838.028
Mr. Tom Davis of Virginia. Our mystery as to where Mr.
Turner is has been solved. He has been on the floor arguing an
amendment. So he has an excused absence until he gets here.
Mr. Moravec.
Mr. Moravec. Good afternoon, Mr. Chairman, and members of
the subcommittee.
I am Joe Moravec, Commissioner of the Public Buildings
Service [PBS] at the General Services Administration [GSA]. I
am pleased to appear before you today to provide information on
GSA's program to secure Federal buildings that it owns or
leases with a focus on the technologies necessary to achieve
GSA's security objectives.
The mission of GSA's Public Buildings Service is to provide
a superior workplace for the Federal worker and, at the same
time, superior value for the American taxpayer. We design,
build, and manage about 340 million square feet of work space
for over a million Federal associates in about 8,000 buildings
in 1,600 American communities across the country.
PBS's Federal Protective Service [FPS] provides security
and law enforcement services for all of the buildings we own
and lease. Our security philosophy is based on the premise that
each facility presents a unique set of security and safety
challenges. The mission of the Federal Protective Service is to
enable Federal agencies and members of the public to conduct
their business in a safe and secure environment.
FPS is comprised of Police Officers, Criminal
Investigators, Physical Security Specialists and Contract
Guards. We work collaboratively with Federal customers across
the Nation to ensure that effective security procedures are in
place for the safety of all occupants in and visitors to GSA-
controlled facilities. We work to identify and reduce the
threat to Federal property through the application of a program
that employs law enforcement, criminal intelligence gathering
and sophisticated countermeasures.
I prepared detailed answers to each of the questions to
your letter of invitation, and I would like to submit them for
the record. Let me summarize the theme of the responses.
Since September 11th, our security needs and response to
threats have changed. Prior to September 11th, our greatest
threat was perceived to be a vehicular bomb that could result,
as in the case of Oklahoma City, in the total collapse of a
building. September 11th made us realize that the universe of
threats we face has expanded and the mentality of those who
wish to do us harm is even more dangerous than we'd imagined.
We now must be prepared not only for truck bombs but also for
chemical and biological weapons and weapons of mass destruction
delivered by individuals who have no regard for human lives,
including their own.
In response to this, we have enhanced a number of efforts
to protect our properties and the people housed in them. First,
foreknowledge--knowledge of an imminent threat--is the best
security measure. We are now working with the FBI, CIA and
State and local law enforcement agencies in sharing of
intelligence information that enables us to better assess the
credibility of threats.
We have expanded our training and physical security,
ensuring that our security professionals are trained and kept
current in the latest technologies and have access to the
necessary intelligence information needed to develop specific
countermeasures tailored to each facility. Each facility in the
tenant agency operation is analyzed individually.
Countermeasures are now building specific.
We have also increased our ability to assess the
effectiveness of a range of countermeasures that include
building design modifications, site modifications, increased
guard services and new technologies. Our threat assessment
methodology for each building enables us to create a set of
countermeasures designed to reduce the threat at that building.
We also have increased our outreach to our Federal agency
customers and to our GSA associates. They are our eyes and ears
in the counterterrorism campaign. We conduct awareness
briefings, have distributed pamphlets on keeping our building
safe and on how to respond to suspicious acts. Our customers
and associates have become vital and vocal members of each
Building Security Committee.
Finally, we know that processes and technologies are only
as good as the people who follow or use them. We must maintain
a well-trained and experienced law enforcement work force. We
are exploring legislative and administrative options to help
ensure we will continue to have a well-trained and stable work
force capable of providing the necessary level of security
needed to protect our facilities.
Our goal is the safety and security for everyone in GSA-
controlled space. We can only accomplish this goal through the
use of technology, deployment of trained law enforcement
professionals and contract guards, partnering with our fellow
Federal, State and local law enforcement agencies and, perhaps
most importantly, by encouraging all our associates to move to
a higher sustainable level of alert, awareness and vigilance.
Combining all of these will ensure that we can achieve a proper
balance of openness and security in Federal facilities across
the Nation.
This concludes my prepared statement, Mr. Chairman. I have
attached my statement and answers to issues raised by the
subcommittee. I will be pleased to answer any questions that
you or other members of the subcommittee may have on this
matter.
[The prepared statement of Mr. Moravec follows:]
[GRAPHIC] [TIFF OMITTED] T5838.029
[GRAPHIC] [TIFF OMITTED] T5838.030
[GRAPHIC] [TIFF OMITTED] T5838.031
[GRAPHIC] [TIFF OMITTED] T5838.032
[GRAPHIC] [TIFF OMITTED] T5838.033
[GRAPHIC] [TIFF OMITTED] T5838.034
[GRAPHIC] [TIFF OMITTED] T5838.035
[GRAPHIC] [TIFF OMITTED] T5838.036
[GRAPHIC] [TIFF OMITTED] T5838.037
[GRAPHIC] [TIFF OMITTED] T5838.038
[GRAPHIC] [TIFF OMITTED] T5838.039
[GRAPHIC] [TIFF OMITTED] T5838.040
Mr. Tom Davis of Virginia. I think we will continue and
probably can get a couple more testimonies before we go over to
vote.
Mr. Jester.
Mr. Jester. Thank you, Mr. Chairman. Thank you for this
opportunity to report to you on the Department of Defense's
efforts to secure its federally owned and leased office
buildings.
As the Chief of the Defense Protective Service, I manage an
organization responsible for providing force protection,
security and law enforcement for the employees, facilities,
infrastructure and other sources at the Pentagon and other DOD-
occupied buildings in the national capital region.
Although there are considerable challenges, I am pleased to
report that we have made tremendous progress before and after
the September 11th terrorist attacks. Moving beyond traditional
guard forces and electronic alarm systems, we are executing a
comprehensive force protection program that will provide
enhanced protection for DOD employees, property and operations
occupying leased and owned facilities. Leased facilities do
present unique challenges for security. However, we are making
every effort to ensure the safety and security of DOD agencies
in leased buildings.
In addition to the basic technologies that have been used
to control access and detect explosives, we are beginning to
use existing and new technology in several areas, notably in
our chemical, biological and radiological program.
While technology is providing many tools to augment our
security forces, we have not forgotten security principles such
an emergency planning, exercises and drills and work force
awareness. These basic measures were critical components in our
response to the terrorist attack at the Pentagon.
I prepared specific written responses to your questions
submitted to me and submitted those to your staff.
That concludes my written response. Thank you.
Mr. Tom Davis of Virginia. Thank you very much.
[The prepared statement of Mr. Jester follows:]
[GRAPHIC] [TIFF OMITTED] T5838.041
[GRAPHIC] [TIFF OMITTED] T5838.042
[GRAPHIC] [TIFF OMITTED] T5838.043
[GRAPHIC] [TIFF OMITTED] T5838.044
Mr. Tom Davis of Virginia. Mr. Abram.
Mr. Abram. Mr. Chairman and members of this subcommittee,
thank you very much for inviting me to testify before you today
on new surveillance technologies available to protect Federal
buildings.
I am Frank Abram, General Manager of the Security and
Vision Systems Group of Panasonic Digital Communications and
Security Co., a leading supplier of security systems to both
the U.S. Government and private industry.
The security industry landscape has changed dramatically
over recent years. Technology has progressed more in the last 5
years than it has in previous decades. Categorically, the two
product classifications showing the most significant growth are
video surveillance and access control. Today, I would like to
provide you with a brief overview of some of the new
technologies and comment on how the security industry can work
with the U.S. Government to implement them.
With the introduction of the first Digital Signal
Processing cameras in the late 1980's, the performance of video
surveillance took a quantum leap forward. Since then, video
surveillance cameras have continued to evolve with each new
generation.
Perhaps the most significant development in this area has
been the introduction of Super Dynamic II technology. SDII
provides a video acquisition method that most closely simulates
how the human eye detects and processes light. This technology
provides a cost-effective solution to one of the most prevalent
problems facing video surveillance system designers and
installers--extreme light contrast within a scene. Today, SDII
cameras are employed in a number of high-profile government
facilities such as our embassies and consulates and the Federal
Aviation Administration simply because of their light-sensing
capabilities.
New recording technology is also available. The
proliferation of high-capacity hard drives has enabled video
manufacturers to incorporate this reliable medium in a new
generation of digital recorders specifically designed for
security operations. In addition to their digital recording
superiority, hard drive recorders incorporate numerous digital
features that further enhance their utility beyond the
traditional VCRs such as their ability to send images via the
network.
One of the security industry's greatest challenges has long
been personnel authentication, since traditional forms of
identification and access control can easily be replicated loss
or stolen. The introduction of easily deployed biometric
systems are alleviating these problems, because biometrics are
virtually impossible to replicate. This is particularly true of
one of the newest biometric technologies, iris recognition.
Over the past year, iris recognition systems have become
more affordable and practical for a wide range of access
control and cyber security applications. These systems will
provide added security with little or no inconvenience when
entering a facility or accessing a computer terminal. With
access control more of a concern than ever before, biometrics
and iris recognition technology in particular can play an
increasing role in homeland defense strategies.
I believe budget and education are the two most common
factors that constrain security operations by government
facilities. Additionally, security personnel in Federal
agencies and in general find it difficult to keep pace with
today's rapid development of new surveillance and security
technologies. Manufacturers of surveillance and security
systems equipment can help alleviate these constraints by
providing more education opportunities through the government.
By keeping government security personnel appraised of new
technology developments, we can foster the intelligent
deployment of new systems technology where it is most needed.
Another problem that has hampered the wide area of
modernization of security in Federal buildings is the lack of
set standards. One of the priorities for securing Federal
buildings should be the establishment of a set of standards
that clearly outlines the security measures to be taken. This
will help assure minimal levels of security at each and every
facility and bring attention to present deficits.
The standard should also include more thorough
specifications to assure greater levels of performance,
compatibility and future system expansion.
Thank you again for this opportunity to share with you my
perspectives. I look forward to answering any questions you may
have regarding security technologies or my comments on the way
the Government may better secure its buildings.
[The prepared statement of Mr. Abram follows:]
[GRAPHIC] [TIFF OMITTED] T5838.045
[GRAPHIC] [TIFF OMITTED] T5838.046
[GRAPHIC] [TIFF OMITTED] T5838.047
[GRAPHIC] [TIFF OMITTED] T5838.048
[GRAPHIC] [TIFF OMITTED] T5838.049
[GRAPHIC] [TIFF OMITTED] T5838.050
[GRAPHIC] [TIFF OMITTED] T5838.051
[GRAPHIC] [TIFF OMITTED] T5838.052
[GRAPHIC] [TIFF OMITTED] T5838.053
[GRAPHIC] [TIFF OMITTED] T5838.054
Mr. Tom Davis of Virginia. Thank you. Mr. Bordes, if we can
try to get you in, if you can do it in about 4 minutes, we can
get all the testimony out of the way and come back for
questions.
Mr. Bordes. I'll try, sir. Good afternoon, Mr. Chairman,
members of the subcommittee and distinguished guests. I would
like to take this opportunity to thank you for allowing me to
present this information on behalf of the private security
industry and as a member of the American Society for Industrial
Security.
As a professional security consultant working in the
private sector, I have over 25 years experience in the
disciplines of threat analysis and countermeasures design.
ASIS, with more than 32,000 members, is a preeminent
international organization for security professionals. We have
chapters in almost every country in the free world.
There are three subjects I would like to address in today's
presentation. The first will be how the private sector
evaluates threat vulnerabilities and ultimately selects
countermeasures to protect assets.
Second, I will cover how that group works to develop the
balance of security measures with convenience and protection of
privacy for employees and visitors.
Finally, I would like to present some of the new
philosophies of security that have developed within the
corporate world since September 11th.
The private sector has for many years accepted the fact
that a high percentage of security-related incidents of either
general criminal activity or specific target action, such as
workplace violence, can be attributed to the unauthorized
individual gaining access to a facility. The approach to threat
and vulnerability analysis has been to identify the layers of
protection required to either deter or detect and neutralize a
perpetrator prior to achievement of their objective.
To accomplish this, basic technologies such as card access,
biometrics, closed circuit surveillance and intrusion detection
are combined into an integrated electronic security system. In
determining how to protect the facilities, security assessment
will address subjects such as local environment, facility use,
total value of the asset, the possibility of a threat being
successfully carried out, and the criticality level related to
either partial or total loss of that asset.
This approach can be applied to any scenario that ranges
from protecting the CEO to ensuring that nuclear weapons are
properly secured. The implementation of security measures does
not, however, have to inflict the penalty of inconvenience or
loss of privacy upon those working within the protected
environment.
The designed effort must ensure protection while at the
same time maintaining the focus of developing user-friendly and
nonintrusive security measures. Well-designed security programs
should ultimately result in minimal contact with the subject
and with all verification and surveillance being totally
transparent to anyone other than the security team.
As you all know, the invasion of privacy debate over the
use of closed circuit television systems has gone on for years.
This same argument will move to a higher plane as biometric
template data bases become a reality. However, in the private
sector, the trend has been for several years to develop
surveillance teams that are reactive as opposed to passive, and
to focus on using these same systems for security incident
assessment as opposed to general surveillance.
Even the American Civil Liberties Union has acknowledged
the fact that people are more open to the use of surveillance
systems based on the acceptance of the need for more security.
Hence, the private sector has worked diligently with
manufacturers and software development entities to ensure that
data base access and abuse incidents are reduced to the lowest
number possible by protecting access to sensitive information.
Advances in the technologies of digital recording, as well
as the ability to transmit signals over LAN, WAN, or GAN, has
had a major impact on the effectiveness of security assessment.
Today the security console officer of a global corporation can,
through the use of proprietary network transmissions, receive
real-time video, intrusion alarm data and access control
transaction information from any company within the facilities
around the world.
Technologies currently being developed will further enhance
security protection techniques by being able to lock onto a
subject or an object for the purposes of tracking with a camera
system. Should the subject go from one camera viewing area to
another, the tracking process will roll over to the other
camera in order to maintain surveillance.
The use of biometric technology, such as finger and hand
geometry, facial recognition, iris scan, retinal scan and other
methods of providing positive identification, will have a
definite impact on the design of access-controlled systems.
A recent poll of systems integrators indicated that 66
percent of their clients either had installed biometric systems
or were considering implementing the technology within the near
future.
September 11th has created an attitude of acceptance on the
part of many Americans for increased security measures. One of
the most significant within the private sector is the
acceptance of the need to positively identify persons entering
controlled areas. This decision has impacted the use of
biometric verification techniques in private and government
security programs. In fact, in the private sector, security has
been a top priority, with money set aside for upgrades and new
installations.
Additionally, facilities such as water treatment plants,
power generation stations are now implementing security
measures that incorporate the whole gamut of electronic
protection devices.
Therefore, in summary, I would submit that in the private
sector, one will no longer hear the phrase that's never
happened here. We have been awakened to the fact that attacks
can be carried out against our Nation and our workplaces and
any place we gather in large numbers, such as the current
threat from the FBI about malls. With the increased threat
related to the use of biological/chemical agents, suicide
bombers and weapons of mass destruction, the development of
security measures in both the private as well
as the Government sectors will continuously be improved upon
and implemented to protect the people of this great Nation.
Thank you again for allowing me time for this presentation and
God bless America. I will now entertain questions.
[The prepared statement of Mr. Bordes follows:]
[GRAPHIC] [TIFF OMITTED] T5838.055
[GRAPHIC] [TIFF OMITTED] T5838.056
[GRAPHIC] [TIFF OMITTED] T5838.057
[GRAPHIC] [TIFF OMITTED] T5838.058
[GRAPHIC] [TIFF OMITTED] T5838.059
Mr. Tom Davis of Virginia. Thank you very much. There is a
series of three votes. We're going to be at the end of one
vote, so hopefully it will move quickly. But I'll declare a
recess. It will probably be 20 minutes or so. Feel free to move
about and be back here in 20 minutes.
[Recess.]
Mr. Tom Davis of Virginia. We're ready to start the
questioning. I'm going to start with Mrs. Davis, the gentlelady
from Virginia.
Mrs. Jo Ann Davis of Virginia. Thank you, Mr. Chairman. And
thank you, gentlemen, for being here. I apologize I couldn't be
here to hear your testimony. I had several markups at the same
time.
My first question is for Mr. Moravec. As the Government's
biggest landlord, how do you work with building tenants to
determine the security needs and the products required?
Mr. Moravec. I'm sorry, Congresswoman, I didn't hear the
question.
Mrs. Jo Ann Davis of Virginia. As the Government's biggest
landlord, how do you work with the building tenants to
determine the security need and products required?
Mr. Moravec. Fundamental to our security philosophy is the
understanding that each building constitutes a very distinct
set of security and safety needs. So it has been our philosophy
to work with the building security committee of that building.
Every Federal building has a building security committee,
sometimes called an occupant emergency organization, that is
responsible for developing, in consultation with the Federal
Protective Service, plans for the safety and security of the
occupants and visitors to that building. So it's very
individualized.
Mrs. Jo Ann Davis of Virginia [presiding]. If you'll pardon
me for changing seats there real quick. As a followup, what
purchasing assistance does GSA provide to Government agencies
interested in acquiring security technologies?
Mr. Moravec. I'll defer to Wendell Shingler.
Mr. Shingler. Actually we do a wide variety of things. We
provide consulting services for the most part of going into a
Federal agency and making recommendations on how to offset
their vulnerabilities. On the flip side of that, the Federal
Supply Service within GSA and our folks work in consultation to
come up with contracts that would meet the needs to provide
those items, cameras, monitors and the like for not only us but
the individual departments and agencies.
Mr. Moravec. Federal Protective Service is assessing its
own needs all the time for the buildings that are GSA-
controlled. We also, through interagency groups, for example,
the Interagency Security Committee share information with
security personnel at other agencies and departments of
Government as to technologies that are emerging, technologies
that have been proven to be especially effective. We definitely
talk amongst ourselves within the Federal community.
Mrs. Jo Ann Davis of Virginia. Do you feel you can do it in
a timely manner since apparently it's going through several
different agencies?
Mr. Moravec. Well, it's an ongoing process. We are in
constant dialog with each other. Within the Federal Protective
Service we have been assessing new technologies on a somewhat
ad hoc basis. We're now taking steps to create a standing
committee within our organization of specialists who will be
proactively involved in seeking out new security technologies.
And clearly, since September 11th we're now aware of and
defending against a much broader range of threats to Federal
facilities. So it's very important that we be preemptive and
proactive.
Mrs. Jo Ann Davis of Virginia. Mr. Bordes, what has been
the impact on demand since the September 11th terrorist
attacks, and can the industry adequately meet the increased
demand in a timely basis? And if not, who is stepping in to
fill that role?
Mr. Bordes. I was working the mic. I didn't hear the last
half of your question.
Mrs. Jo Ann Davis of Virginia. If you're not able to do it
in a timely basis, who is stepping in to fill that role if the
industry can't do it?
Mr. Bordes. Well, the private sector is doing a lot of
things to try to meet the threats that they now perceive after
September 11th. The industry security has in some areas been
able to meet that need. However, there are other technologies
that the private sector is calling upon that probably a year
ago the delivery date on that technology was 3 to 4 weeks, now
that delivery date is 5 to 6 months. And it depends on the
technology that you're addressing.
But the private sector is really working very diligently to
try to upgrade the security across their operation, as the
Government is, and it's just an issue of supply and demand. The
industry really is in some segments very, very small.
In fact, the area of biometrics up until a couple years
ago, each biometric was basically manufactured by one company.
So these companies were not really geared up for to you walk in
and say I need 1700 hand geometry readers. It would really blow
them back.
Mrs. Jo Ann Davis of Virginia. You said that before
September 11th it would have been 3 to 4 weeks but now it's 5
to 6 months. That's because there is so much more demand?
Mr. Bordes. Because of supply and demand.
Mrs. Jo Ann Davis of Virginia. Who would step in or is
there anyone to step in, in that interim?
Mr. Bordes. In some technologies, ma'am, there is nobody to
step in.
Mrs. Jo Ann Davis of Virginia. In some. But how about
others?
Mr. Bordes. In others that are companies that are gearing
up, companies that are in closed circuit television system,
like Panasonic and these people, they are able to immediately
increase output and to meet the needs. But in some sectors,
like hydraulic bollards, vehicle barriers, motorized gates,
crash gates for embassies, airports, this type situation,
they're just not geared up to manufacture them that quickly.
Mrs. Jo Ann Davis of Virginia. My time is up, but I thank
you, gentlemen.
Mr. Turner. Thank you. I unfortunately missed your
testimony. I was on the floor debating an amendment to the INS
reform bill.
I was just curious, in looking through some of the
testimony, is there a general agreement as to which
technologies should be employed, or are we still at the point
where there are so many different ones out there that nobody is
really settled in on which ones are best? And I'd welcome any
of your comments on this.
Mr. Moravec. I'll take a stab at that. I think there's
general agreement in the Federal community as to what the
appropriate technologies are and how they ought to be generally
deployed. As I testified earlier, Congressman Turner, we look
at each building as a separate and distinct security threat and
try to craft a package of countermeasures that address the
vulnerabilities that we have assessed at a particular building.
And it's a package of things that includes deployment of
manpower, contract guard services, specific electronic
countermeasures like magnetometers, x-ray machines, explosion
detection devices. So it's a combination of both technology and
manpower deployment and operations that really constitute a
well-rounded security program. And I think there is general
agreement in the Federal Government. The packages vary,
depending on the perceived threat. Buildings can be perceived
as having a higher or lower threat. So there's quite a bit of
diversity or at least a range in terms of the intensity, if you
will, of the security deployment at a particular building,
depending on what the perceived level of threat is.
Mr. Turner. I guess I was particularly interested in the
biometrics area because it seems to me that, No. 1, the Federal
Government should take the lead in trying to establish some
standard there because once the Federal Government moves
forward with the application of a given technology, it seems
that it probably encourages the private sector and smaller
purchasers to choose the same. And over time it would seem to
me important to the Nation to have some standardization. If we
all are walking around with cards that swipe and we could get
in several places with that card or if we're going to rely on
retinal scan technology, then others would adopt that and we
become more standardized and access would be more readily
afforded to the public in general if there was some
standardization. Am I correct in that?
Mr. Moravec. I completely agree with you. This is an
opportunity for the Federal Government to show leadership to
the private sector. The grim reality is that since Oklahoma
City, the Federal Government, including the Federal Protective
Service, have become very knowledgeable about ways of designing
and building and defending buildings against different kinds of
threats. And even we are very actively reaching out to the
private sector through groups like the American Security
Society for Industrial Security and through different real
estate organizations to try to share that information with
them.
However, the Federal Government at this point in time,
itself not being a monolithic entity, has a variety of
different responses with regard to identity cards. With 100
different agencies, 100 different agencies have 100 different
kinds of identity cards. That is part of the challenge of
defending buildings. For us to show leadership with regard to
access cards, whether they include biometric cards or not, or
whether they're smart or not, the Federal Government needs to
get together and decide on, I think, on a national government
card.
Mr. Turner. What would it take to accomplish that?
Obviously we now have all these agencies, as you say, going out
there adopting whatever system they want to put in place. What
would it take to have some standardization accepted in our
Federal agencies?
Mr. Moravec. Well, I think that direction could certainly
come from the executive branch. It could come through GSA. It
could come through the Office of Personnel Management. It could
come through the offices of the Homeland Security. There are a
number of different places where that direction could come
from.
Mr. Turner. Thank you. Thank you, Mr. Chairman.
Mr. Tom Davis of Virginia [presiding]. Thank you very much.
Mr. Abram, let me ask you a question. Because of the heightened
and immediate need for advanced security products and system
components for our government facilities, are there any current
constraints with the U.S. Government being able to quickly
source the kind of equipment needed for security?
Mr. Abram. I believe there are. And I believe the potential
exists for even greater problems. The Buy America laws require
the U.S. Government to source from domestic suppliers and, if
not available, from suppliers in countries that have signed
onto an international procurement agreement. In Asia, that
includes only Hong Kong, Japan, Korea, and Singapore. Now
because of globalization and economies of scale concerns, many
of the security manufacturers, Panasonic included, are finding
that they are moving to countries that can manufacture less
expensive for us, countries like China and the Philippines. And
this is a possible restraint in the Government purchasing
product from organizations such as Panasonic.
Recognizing this constraint at a time of increased security
demands, the SARA, the Services Acquisition Reform Act of 2002
that Chairman Davis introduced, provides an exemption for this
sourcing restriction for information technology commercial
items. Because of the importance of the homeland security, the
proposed legislation defines information technology to include
imaging peripherals and certain devices necessary for security
and surveillance. It is through the SARA that we will be able
to correct some of these problems that are going to become more
and more evident, at least in the video surveillance area.
Mr. Tom Davis of Virginia. Let me ask Mr. Rhodes. The
biometric technologies that were identified within your
presentation represented several different technologies. Which
technologies are actually in use and which do you believe are
the most effective for security identification verification
purposes? Or do you think it depends?
Mr. Rhodes. Out of all of the biometric technologies, there
is really only one that we couldn't find in pervasive use and
that was signature recognition. The most prevalent technology
biometric technology is the fingerprint scan, and that's
because it grew out of law enforcement and it's the most
established technology, the most established procedure for
enrolling an individual into the system, and that's reflected
in its price as well. It's only about $4 per user if you
already have the server in place.
From our analysis, the biometric technology that probably
shows the most promise is the iris scan. That technology is
going to advance because it's the least invasive to the
individual. As was stated in an earlier statement from
Panasonic, as the quality of the camera for both movement and
room light improves, you can stand farther and farther away
from the receptor, so people don't get the feeling of having it
invade their body. And that's probably going to always be a
resistance to somebody like a retina scan where you have to sit
still for quite a long time while it scans the back of your
eye. And so in a nutshell, the fingerprint scan is the most
pervasive and the scan for iris is the one that probably has
the best future.
Mr. Tom Davis of Virginia. Fingerprint scan is fast. Isn't
it pretty efficient?
Mr. Rhodes. Yes. In some cases you can get it down to just
a couple of seconds. As a matter of fact, it's being used
currently by the FAA in some of their facilities for quick
access to some of the doors, some of the secured access
facilities.
Mr. Tom Davis of Virginia. Let me ask Mr. Moravec and Mr.
Jester about the use of biometric technologies. Are we using
that widely in Government and are we restricting the use of the
personal information that's stored?
Mr. Moravec. In the Federal Protective Service we are not
at this point, to my knowledge, deploying what could accurately
be called biometric technology with regard to access cards or
access controls.
Mr. Tom Davis of Virginia. How hard and difficult would it
be to do that?
Mr. Moravec. It would be difficult for me to assess,
sitting here, how difficult it would be. It would clearly be--
given the scope of our portfolio, which encompasses over 8,000
buildings and 340 million square feet, applying anything
consistently and effectively on a base that big would certainly
be logistically challenging.
Mr. Tom Davis of Virginia. Right. OK.
Mr. Jester. We're using biometrics at specific locations
where you have a very sensitive office within a building. We're
using iris scan, we are using hand geometry readers. There are
limits of where we do use it. We don't use it in the entrance
to the facility because at the Pentagon, for example, we have
20,000 employees and everybody going through it would be a long
line waiting to come in. But we do use it at specific
locations.
The U.S. Army is leading an effort within the Department of
Defense to look at--they have a biometric officer. They're
looking at different applications of the biometric technology
and looking where it can be used within the Department of
Defense. So there is a program to encourage the use of
biometrics.
Mr. Tom Davis of Virginia. OK. Mr. Moravec, let me ask you.
The Federal Protective Services are responsible for protecting
Federal buildings. Do they use the same approach to designing
countermeasures as would be found in the private sector?
Mr. Moravec. Yes. Yes. In fact, we have a very close
working relationship with the American Society for Industrial
Security, absolutely.
Mr. Tom Davis of Virginia. Mr. Bordes, what services can
you offer to Federal security planners who are working to
better protect Federal facilities? What recommendations does
GSA give to these planners?
Mr. Bordes. I think one of the most important things on
Federal protection, developing Federal protection of
facilities, is to get involved in the planning process early.
That's one of the major problems that we see as, you know, from
reading my information, I run the GSA FPS training program for
physical security. And that particular program, we really try
to stress to our people to get involved early in the planning
to make sure that they have the input to be able to address
situations such as barriers, setback, glazing of glass, or
hardening of facility and this type of situation.
The people in FPS basically use the same measures that the
private sector does. They go out, they identify the threat,
they try to find countermeasures that will address that threat,
and then they address the issues of how they're going to
respond appropriately and also run the educational program. But
one of the major problems seems to be basically the issues of
planning. It's important that in any design, in any security
design, whether it's private sector or whether it's Government
or whether it's military, that the people who are doing the
design get involved in the process early on. Because there are
a lot of things that go into a design that if you come in at a
late stage in the design are extremely difficult and extremely
expensive to implement. That seems to be a problem that is
always being confronted by people who are designing the GSA
security programs.
Mr. Moravec. If I could respond to that. Since Oklahoma
City, we have obviously been designing and building buildings
in a completely different way. We have stringent setback
criteria. We employ anti-progressive collapse technology in
their design. We have hardened curtained walls, ballistic
glass. Up until September 11th, we were primarily defending
against what happened at Oklahoma City, which was the breaching
of perimeter security by a truck bomb and the total collapse of
the building. I think what Mr. Bordes is saying is absolutely
correct. It's very important that Federal Protective Service
trained physical security people and consultants, as well as
building managers, be involved with architects and engineers in
the design of buildings. We make every effort to make sure they
have a seat at the table and, of course, even more so than
since September 11th.
Mr. Tom Davis of Virginia. There is always a tendency for
generals to fight the last war. So you defend against Oklahoma
City and now we look back to September 11th, defend against
that. I mean, we are being proactive in figuring out what else
could go wrong.
Mr. Moravec. We are. Especially since the anthrax episodes,
we're looking at the location of air intakes, we are looking
into the purchase and deployment of equipment that can detect
toxins in the building's water or air supply and devices to
automatically take corrective action in that event. September
11th has really opened a whole new vista to us in terms of ways
that people can--who wish us ill can do harm to people and to
buildings.
Mr. Tom Davis of Virginia. Yes. Let me ask both Mr. Jester
and Mr. Moravec, how do you determine the proper balance
between security and convenience and efficiency? To some
extent, if you want to make a building entirely secure, it's
going to be a real pain for somebody trying to get in and out
some of the time. You can make it secure, but you also have to
make it functional. It's a difficult balance, remembering most
of these buildings will probably never undergo any kind of
problem. How do you get that balance?
Mr. Jester. I think it begins--the word planning has been
used. Having gone through--having been about 300 feet from
where the plane hit, a lot of lessons were learned. The key
word is planning. And planning goes in this particular
application, too. If we're looking for a location for a, for
example, a DOD operation, we need to be careful on where we
place that. We can't select the wrong building. If we put a
very sensitive DOD operation--and we're not just concerned for
terrorism, we're also concerned for foreign intelligence-
gathering. So it has to be some care exercised simply--it's not
simply a selection of how many square feet that building
happens to be, we should not be putting a building or an
operation into a building where there's a lot of highly public
agencies in that building, for example, Social Security. We
should not be mixing those organizations together. But it is a
delicate balance. So we say it begins right in the very
beginning, put them in the right location.
If you, for example, take agencies with high security
requirements and lump those together in those kinds of
buildings where it can be more secure, don't mix and match high
secure requirements with organizations that have a high public
contact.
Mr. Tom Davis of Virginia. OK.
Mr. Moravec. That's certainly beneficial. Just for the
General Services Administration, we are determined not to build
bunkers. We are determined to build buildings, iconic
buildings, 100-year buildings that are emblematic of the spirit
of the American people, that are first and foremost secure, but
are also esthetically pleasing and hopefully an adornment to
the communities where they're located.
We are very cognizant of avoiding--creating a climate of
fear at buildings which is often present when you take
especially stringent security measures. We want, as someone put
it, I thought very well, we want to first welcome and then
challenge people who are coming to the building, to do both,
but to do it in a way that is not oppressive and is not
obtrusive. And this is particularly challenging in courthouses.
We're building a lot of courthouses across the country now, and
we want those buildings to be like the American judicial system
itself, open and accessible to all. But obviously at a
courthouse in this day and age, those buildings need to be very
secure.
So it is a continuing challenge and one that we spend an
awful lot of time thinking about and working on.
Mr. Tom Davis of Virginia. Yes. I worked here in the 1960's
as a page and you could drive in here at night, anybody could
come in here at night. You didn't have the metal detectors and
everything to get in and out of the building. It worked pretty
smoothly. But I guess the world changes and you have to change
with it. Somehow I would like the world to change back. It
would be a lot more efficient in terms of how we could spend or
money.
In the meantime, you all have a very difficult job. Every
time something goes wrong, everybody is going to second-guess
you. To the extent that you are spending money doing these
kinds of things, you can't do other things.
Mr. Moravec. Well, as has been brought out by several of
the witnesses, it really is a package of different
countermeasures that really need to be undertaken. I mean we
are expanding our guard contracts, we've enhanced the training
and testing of our different kinds of countermeasures. We have
very close involvement these days with the FBI and the CIA and
different joint terrorism task forces. We are engaging security
measures in major metropolitan areas to try to design security
countermeasures in areas that are particularly densely
populated with Federal workers that are not obtrusive. We are
spending a lot of time in the buildings talking to the tenants
and to the different building security committees about what
they can do specifically to protect themselves. We're really
trying to help the Federal associates and people who are
visitors to Federal buildings move themselves to a higher state
of vigilance and wariness which is, I think, necessary in this
day and age.
Mr. Jester. There was a failure, I think, on September
11th. It was probably, I would say, a failure of imagination.
We have to in that particular field, we have to use our
imagination and not, as you said a while ago, fight the last
war. We have to look forward and think about what could happen.
Years ago I think everybody in this country was shocked
when someone went into a McDonalds in California and killed 21
people. We were shocked by that. We were shocked later on when
school kids were shooting each other in school.
So in our profession we need to be looking forward and
almost to some degree have screen writers look about what
things could happen. I don't think anyone would imagine the
Pentagon--we had talked about planes hitting the building
because we are very close to the airport, as an accident or
maybe as a small aircraft. But never did we dream of a 757
coming into our building.
So we need to use our imagination to think about what kinds
of things could happen and then go back to that key element of
having some plans and not think it won't happen on our watch.
If we think it's not going to happen on our watch, we don't
plan for it. So we need to do proper planning and then use all
the technologies that are available to us. The technologies are
great, they're fantastic tools, but to use those technologies
as tools and be careful how we use them because we--as you
learned, one of the biggest technologies that failed us on
September 11th was the cell phones. We could not communicate
throughout the entire city on cell phones. So using
technologies, we ought to also go back to some very basic
principles of planning and exercises and drills.
Mr. Tom Davis of Virginia. Thank you.
Mrs. Davis.
Mrs. Jo Ann Davis of Virginia. Thank you, Mr. Chairman.
These questions are probably just curious questions. But I
think, Mr. Rhodes, you talked about the fingerprinting scan and
the iris scan.
Mr. Rhodes. Yes, ma'am.
Mrs. Jo Ann Davis of Virginia. And Mr. Abram said that some
of the technology was not available through Buy America. Would
any of those be available through Buy America?
Mr. Rhodes. I don't know the underlying--I think that at
least some of the vendors on the GSA list would be available. I
don't know that they would be available in the quantities that
people would need. The fingerprints is very well established,
so you'd probably be able to gear up for the procurement. But
on the retina scan, that's still developing technology. So I
don't know that would be--you would be able to buy it on the
scale that you would need.
Mrs. Jo Ann Davis of Virginia. On the iris scan--and
somebody said they were using that now, I think you did, Mr.
Jester. That's the colored part of your eye, right? That's the
colored part of your eye, right?
Mr. Jester. Yes, ma'am.
Mrs. Jo Ann Davis of Virginia. If someone has one of those
colored contact lenses, how does that affect it?
Mr. Abram. I believe I can answer that. It really does not
unless they are extremely dark, dark colored lenses, and then
it would give you a negative access through the access control.
The product takes--basically takes a picture of the iris,
digitizes that picture into a 512 bit picture or 512 bit data
image that is then used for comparison purposes. So as long as
it is a coloring or tint in the contact lenses and a coloring
or tint in your glasses, there is no effect or adverse effect
from reading it. As you get much darker tints to both of those
glasses and contacts, it will have an effect.
Mrs. Jo Ann Davis of Virginia. Mr. Jester, the planes that
hit the Pentagon and the Twin Towers, I'm not sure there's any
security measures that we could have taken in either of those
buildings for that.
Mr. Jester. No, ma'am. I was asked by the press do we have
guns on the roof. That will start with the airport security. It
has to be at that point. Because we can't stop it in our
building. We can be better prepared for that. And I think one
of the things that we feel successful about was in the
preceding year we had been doing drills with the employees,
evacuation drills outside the building, as well as sheltering-
in-place drills. So--because most employees in Federal
buildings got their last instruction on fire drills when they
were in the third grade. So we pushed that for a year. And so
when we activated the alarms that day, I think we had less
problems because people had actually been prepared by having
drills.
Mrs. Jo Ann Davis of Virginia. Thank you, gentlemen. Thank
you, Mr. Chairman.
Mr. Tom Davis of Virginia. Thank you all. Before we close,
I want to take a moment to thank everyone for attending today's
subcommittee hearing. Thanks for bearing with us as we went
over and voted and came back. Our special thanks to the
witnesses, to Representative Turner, Mrs. Davis, and other
attendees. I also want to thank my staff for organizing what I
consider to be a very productive hearing. I'm going to enter
into the record the briefing memo that was distributed to
subcommittee members. We'll hold the record open for 2 weeks
from this date for those that want to forward submissions for
inclusion into the record.
These proceedings are closed.
[Whereupon, at 3:45 p.m., the subcommittee was adjourned.]
�