WikiLeaks Document Release http://wikileaks.org/wiki/CRS-RS22121 February 2, 2009 Congressional Research Service Report RS22121 The Interagency Security Committee and Security Standards for Federal Buildings Stephanie Smith, Government and Finance Division November 23, 2007 Abstract. The September 2001 terrorist attacks on the Pentagon and the World Trade Center renewed concerns about the vulnerability of federal buildings to bombing or other forms of attack. On February 28, 2003, the chairmanship of the ISC was transferred to the Secretary of Homeland Security from the Administrator of General Services by E.O. 13286. In July 2004, based on Homeland Security Presidential Directive/HSPD-7, the ISC began reviewing federal agencies' physical security plans to better protect the nation's critical infrastructure and key resources. On December 13, 2006, the ISC issued its 2007-2008 Action Plan, which sets forth revised policy recommendations for enhancing the quality and effectiveness of security in federal facilities. Order Code RS22121 Updated November 23, 2007 The Interagency Security Committee and Security Standards for Federal Buildings Shawn Reese Analyst in Emergency Management and Homeland Security Policy Government and Finance Division Summary The federal government owns or leases 3.7 billion square feet of office space, http://wikileaks.org/wiki/CRS-RS22121 which may be vulnerable to acts of terrorism and other forms of violence. The Interagency Security Committee (ISC) was created by E.O. 12977 in 1995, following the domestic terrorist bombing of the Alfred P. Murrah Federal Building in Oklahoma City, OK, to address the quality and effectiveness of physical security requirements for federal facilities. The September 2001 terrorist attacks on the Pentagon and the World Trade Center renewed concerns about the vulnerability of federal buildings to bombing or other forms of attack. On February 28, 2003, the chairmanship of the ISC was transferred to the Secretary of Homeland Security from the Administrator of General Services by E.O. 13286. In July 2004, based on Homeland Security Presidential Directive/HSPD-7, the ISC began reviewing federal agencies' physical security plans to better protect the nation's critical infrastructure and key resources. On December 13, 2006, the ISC issued its 2007-2008 Action Plan, which sets forth revised policy recommendations for enhancing the quality and effectiveness of security in federal facilities. This report will not be updated. Background and Introduction1 In FY2006, the federal government's real property portfolio consisted of 3.87 billion square feet of owned and leased office space.2 The General Services Administration (GSA), through its Public Buildings Service (PBS), is the primary federal real property and asset management agency, with a real property portfolio consisting of 8,847 buildings 1 This report was written by Stephanie Smith, CRS Analyst in American National Government, who recently retired from CRS. The currently listed author is available for questions, but this report will not be updated. It will be superceded by a new CRS report if developments warrant. 2 U.S. General Services Administration, The Federal Real Property Council, FY2006 Federal Real Property Report: An Overview of the U.S. Federal Government's Real Property Assets (Washington: July 2007), p. 4. CRS-2 and structures with an estimated replacement value of $68.8 billion in FY2006.3 In addition to GSA, 27 other federal agencies have independent landholding and leasing authorities that enable them to acquire or construct specific types of buildings.4 GSA is responsible for the design and construction of its buildings, and for alterations and repairs to existing facilities. One of its primary goals has always been to assure the physical safety of federal employees who work in, and the private citizens who visit, government-owned or leased buildings. However, the federal government had no formally established building security standards for either federally owned or leased buildings when the April 1995 domestic terrorist bombing of the Alfred P. Murrah Federal Building occurred in Oklahoma City, OK.5 The Oklahoma City bombing brought a new awareness to the potential for violent acts directed at federal buildings as symbolic attacks against the federal government as a whole. The day following the April 19, 1995, bombing, President William Clinton directed the Department of Justice (DOJ) to assess the vulnerability of federal facilities to acts of terrorism or violence and to develop recommendations for minimum security standards.6 Because of its expertise in federal courts' security, the U.S. Marshals Service http://wikileaks.org/wiki/CRS-RS22121 (USMS) coordinated two working groups to accomplish these tasks, a Standards Committee and a Profile Committee. The Standards Committee, composed of security specialists and representatives from GSA, the Federal Bureau of Investigation, the U.S. Secret Service, the Social Security Administration, and the Departments of Defense and State, identified and evaluated the various types of security measures that could be used to strengthen potential vulnerabilities. The committee compiled a list of proposed minimum standards pertaining to secure perimeter buffer zones; the security of entrances and exits and related access procedures; the identification and admittance of employees and visitors; garage and vehicle service entrances; the location of day care centers; and the use of closed-circuit television monitoring. Because of the differences among federal buildings and their related security issues, the Standards Committee categorized federal facilities into five different levels (with corresponding security standards) based on factors such as building size, agency mission and function, tenant population, and volume of public access. A Level I building is defined as having not more than 2,500 square feet (sq. ft.) of space, with 10 or fewer federal employees, and little public access. A Level II building contains between 2,500 to 80,000 sq. ft., and has between 11 and 150 federal employees engaged in routine activities, with a moderate level of public access. An example of a Level II building is the Social Security Administration Office in El Dorado, CO. A Level III building is 3 Ibid, p. 6. For further information, see CRS Report RL32368, The General Services Administration and Federal Real Property Management: Overview and Current Legislation, by Stephanie Smith. 4 Ibid. 5 U.S. Department of Justice, U.S. Marshals Service, Vulnerability Assessment of Federal Facilities, June 28, 1995 (Washington: 1995), p. 1-1. 6 U.S. General Accounting Office, Building Security: Interagency Security Committee Has Had Limited Success in Fulfilling Its Responsibilities, GAO Report GAO-02-1004 (Washington: September 2002), p. 5. CRS-3 defined as occupying between 80,000 to 150,000 sq. ft. of space, and housing between 151 and 450 federal employees, with a moderate to high volume of public access. Level III facilities may house several federal tenants, law enforcement agencies, or court-related or archival agencies. Level IV facilities are categorized as occupying more than 150,000 sq. ft. of space, and housing more than 450 federal employees. These Level IV facilities are defined as having "high volume public contact" and include federal courthouses with high-risk court chambers, judicial offices, and buildings that house highly sensitive government records. Level V facilities are similar to Level IV buildings in size and numbers of federal employees. However, the missions of Level V facilities are considered "critical to national security." The Central Intelligence Agency headquarters and the Pentagon, for example, are both classified as Level V for security purposes. The Profile Committee, composed of USMS deputies and GSA security specialists, conducted inspections at more than 1,200 federal facilities to obtain security data on buildings for use in upgrading existing conditions to comply with the proposed minimum standards. Sixty days later, the working groups' findings and recommendations were published in a June 1995 report entitled Vulnerability Assessment of Federal Facilities.7 http://wikileaks.org/wiki/CRS-RS22121 Security Standards and Design Criteria The publication of the 1995 Vulnerability Assessment report was significant in that it represented the first time that broad security standards were applied to federal facilities, and they are still in effect. In conjunction with publication of the report, President Clinton directed all executive branch agencies to begin immediately upgrading their facilities to meet the recommended minimum security standards, to the extent possible within funding limitations. Based on the DOJ recommendations, he also required GSA to establish building security committees for all GSA facilities and called upon other landholding agencies to establish programs for upgrading their facilities to appropriate minimum security standards.8 Four months later, on October 19, 1995, President Clinton issued E.O. 12977, which established a permanent Interagency Security Committee (ISC) within the executive branch to address "continuing government-wide security" for federal facilities.9 Chaired by the GSA Administrator, the ISC was composed of representatives from each of the executive branch agencies, the Office of Management and Budget, the Environmental Protection Agency, and the Central Intelligence Agency. Other members included the following individuals or their designees: the Director of USMS; the Assistant Commissioner of the Federal Protective Service (FPS);10 the Assistant to the President for 7 U.S. Department of Justice, U.S. Marshals Service, Vulnerability Assessment of Federal Facilities. 8 U.S. President (Clinton), "Memorandum on Upgrading Security at Federal Facilities," Public Papers of the Presidents of the United States, vol. I, June 28, 1995, pp. 964-965. 9 U.S. President (Clinton), "Interagency Security Committee," Executive Order 12977, Federal Register, vol. 60, October 24, 1995, pp. 54411-54412. 10 The Federal Protective Service was transferred from GSA to DHS by the Homeland Security Act of 2002(116 Stat. 2178), and is now part of DHS's Bureau of Immigration and Customs (continued...) CRS-4 National Security Affairs; the Director of the Security Policy Board; and other federal officials appointed by the President. The ISC was also authorized to consult with other parties, including the Administrative Office of the U.S. Courts, in order to perform its duties. Section 5 of E.O. 12977 required the ISC to develop and evaluate existing security policies and to take necessary actions to enhance the quality of security and protection for federal facilities. These actions might include encouraging agencies with security responsibilities to share security-related intelligence in a timely manner; evaluating technology and information systems to facilitate cost-effective security upgrades; developing long-term construction standards for high-risk facilities that require blast- resistant structures or have other specialized security requirements; evaluating standards for the location and security of day care centers in federal facilities; and assisting the GSA Administrator in creating and maintaining a centralized security database of all federal facilities. While the 1995 Vulnerability Assessment report provided guidance for overall security standards for existing facilities, it did not provide criteria for the design and construction of new federal buildings. In January 1997, GSA completed its first draft of a document entitled GSA Security Criteria, which was revised and issued on October 8, http://wikileaks.org/wiki/CRS-RS22121 1997, to establish design standards for the protection of federal employees in civilian facilities.11 The GSA security document attempted to integrate security standards throughout all functional and design phases of the building process, including site and interior space planning, as well as structural and electrical design elements. Building upon GSA's 1997 Draft Security Criteria, the members of the ISC established a series of working groups that addressed new technology developments, cost considerations, the experience of architects and builders in applying GSA's design criteria, and the need to balance security standards with public access to federal buildings. In May 2001, the ISC issued its Security Design Criteria for New Federal Office Buildings and Major Modernization Projects, based on the five security levels for federal facilities.12 New ISC security requirements for future construction projects included the use of glazing protection for windows, the establishment of distances that buildings should be set back from the street, the control of vehicular access to the buildings, and the location and securing of air intakes. In July 2001, the ISC issued a second product for federal agencies to implement that set forth minimum standards for federal building access procedures. Two draft documents, one that addressed entry security technology, and the second, which pertained to preparedness for nuclear, biological, and chemical attacks, were not officially issued by the ISC membership. 10 (...continued) Enforcement (ICE), Border and Transportation Security Directorate. The FPS protects federally owned or occupied facilities under GSA's and DHS's jurisdictions. 11 U.S. General Services Administration, Public Buildings Service, Building Technologies Division, Office of Property Development, GSA Security Criteria, October 8, 1997, Limited Official Use Only. GSA also publishes The Facilities Standards for the Public Buildings Service, which is updated on a regular basis, and contains a chapter on security design. A brief overview can be found at [http://www.gsa.gov]. 12 Interagency Security Committee, ISC Security Design Criteria for New Federal Office Buildings and Major Modernization Projects, May 28, 2001, available on a limited-access website at [http://www.oca.gsa.gov]. CRS-5 The September 2001 terrorist attacks on the Pentagon and the World Trade Center heightened concerns about the vulnerability of federal buildings to violence or bombing attacks. In response to these events, the ISC issued revised procedures to respond to potential vehicle bomb attacks by recommending that new federal buildings be constructed at a minimum distance of between 20 to 50 feet from the nearest perimeter barrier, depending upon the security level.13 Even though the ISC successfully completed its Security Design Criteria and related draft documents, a 2002 General Accounting Office (GAO)14 report found that the committee had made "little progress" in other mandated responsibilities. Although the ISC had established 13 working groups since 1995, only two of the groups were still active as of July 2002. Also, while GAO reported that the ISC was successfully disseminating security information to member agencies, it also found that the group's effectiveness was hindered by GSA's "lack of aggressive leadership and support," in that the agency failed to issue operating procedures, and did not provide sufficient staff support and funding. GSA was also unable to provide any documention indicating that the agency or the ISC had actually monitored agency compliance with the ISC's security recommendations.15 http://wikileaks.org/wiki/CRS-RS22121 Recent Developments Congressional enactment of the Homeland Security Act16 in 2002 and the associated creation of the Department of Homeland Security centralized the federal government's efforts to respond to terrorism, including physical security for federal facilities. On February 28, 2003, the chairmanship of the ISC was transferred from the GSA Administrator to the Secretary of Homeland Security, and a representative from GSA was added to the ISC's membership.17 Within DHS, the chairmanship of the ISC was subsequently delegated to the Director of the Federal Protective Service in January 2004.18 Given the challenges that the ISC faces to successfully integrate security initiatives encompassing diverse agency needs, GAO recommended in September 2004 that DHS direct the ISC to develop a plan that "identifies resource needs, implementation goals, and 13 U.S. General Services Administration, Public Buildings Service, Memorandum for Assistant Regional Administrators, Implementation of the Interagency Security Committee (ISC) Design Criteria Regarding Site Selection, April 26, 2002, pp. 1-2. 14 In 2004, Congress changed GAO's name from the General Accounting Office to the Government Accountability Office. 118 Stat. 811. 15 U.S. General Accounting Office, Building Security, GAO Report GAO-02-1004, pp. 7-11. 16 116 Stat. 2135. 17 U.S. President (George W. Bush), "Amendment of Executive Orders, and Other Actions, in Connection with the Transfer of Certain Functions to the Secretary of Homeland Security," Executive Order 13286, Federal Register, vol. 68, March 5, 2003, p. 10624. 18 U.S. Government Accountability Office, Homeland Security: Further Actions Needed to Coordinate Federal Agencies' Facility Protection Efforts and Promote Key Practices, GAO Report GAO-05-49 (Washington: 2004), p. 9. CRS-6 time frames for meeting the ISC's ongoing and yet-unfulfilled responsibilities."19 GAO reported that standard operating procedures had been approved by agency members in September 2004, and included new requirements for attendance and participation at ISC meetings. DHS is also helping the ISC meet its requirement to create and maintain a centralized security database of all existing federal facilities. The ISC issued updated security standards for leased facilities in July 2003, as well as new recommendations to member agencies pertaining to the use of escape hoods. The updated version of the ISC Security Design Criteria for New Federal Office Buildings and Major Modernization Projects was approved by concurrence of the ISC membership on September 29, 2004. In addition to its duties to coordinate federal facility security efforts and to develop security standards for the construction of new federal facilities, the ISC has been assigned responsibilities to review federal agencies' physical security plans. Homeland Security Presidential Directive/HSPD-7, issued on December 17, 2003, established requirements for federal agencies "to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist attacks," and assigned implementation responsibilities to DHS.20 In July 2004, the ISC was designated to oversee and review each agency's physical security plan pertaining to protection of the nation's infrastructure http://wikileaks.org/wiki/CRS-RS22121 and key resources. According to GAO, the ISC's successful completion of these new responsibilities relating to homeland security issues would "represent a major step" toward carrying out its existing duties pertaining to compliance and oversight.21 A fundamental ISC objective is to improve the management of security programs by establishing policies and minimum standards for security operations. The successful integration of the federal government's facility protection standards is a formidable challenge because it involves diverse agencies with varying perspectives on security issues. On December 13, 2006, the ISC issued its 2007-2008 Action Plan, which included operational procedures for identifying and applying updated security technologies.22 Current ISC projects include the updating of the 1995 Vulnerability Assessment Report to make the document more specific to agencies' missions and strategic plans. The ISC membership is also striving for better formulation of security policies and directives to gain more consensus and compliance within the federal community. Through greater accountability and oversight, the ISC hopes to provide one leadership voice to integrate physical security initiatives successfully for the federal government.23 19 Ibid., pp. 47-48. 20 U.S. President (Bush), "Directive on Critical Infrastructure Identification, Prioritization, and Protection, Homeland Security Presidential Directive/HSPD-7," Weekly Compilation of Presidential Documents, vol. 39, December 17, 2003, p. 1816. 21 U.S. Government Accountability Office, Homeland Security, GAO Report GAO-05-49 , p. 11. 22 U.S. Department of Homeland Security, Interagency Security Committee Action Plan for Calendar Years 2007-2008 (Washington: December 2006), p. 1. 23 Information based on telephone conversation with the ISC Executive Director on April 1, 2005.