>> good morning. >> good morning, mr. chairman. >> how are you doing? you sound in good voice today. welcome, everyone, thank you for joining us and some of you, thank you for joining us again and again. it is nice to see you all. it is an important year. the second in a series of hearings that will enable us to take a closer look at the federal security for federal facilities. three months ago as we know, aaron alexis reported to the washington navy yard with the intention to inflict day in and suffering on anyone in his path. we do not now now and maybe we never will be entirely clear why

this tragedy came to pass but hopefully the lessons learned from it will provide a foundation for presenting -- preventing future tragedies like this one. let's take just a moment to recap our aaron alexis copy access to the navy are then allowed to successfully enter the facility that fateful morning. in 2007, aaron alexis joined the u.s. navy, as with other servicemembers he a background check was performed and he was granted a low level security clearance. after a discharge from the navy in 2011, alexis was hired by defense contractor that confirmed he possessed the balance security clearance. -- a valid security clearance. this marked him as a trustworthy individual. he was provided with an id card that was authorized his access to several buildings, including building 197 at the washington navy yard. shortly before 8:00 a.m. on

september 16, 2013, he drove to the front gate of the washington navy yard and displayed his access card. he was admitted by security, parked his car, and walked to building 197. two additional security layers, a turnstile that required a that a -- a valid access card, and a security guard. unfortunately these were to prevent unauthorized access, not to screen for weapons. the people working there were trustworthy because they had security clearances, and had been vetted. eight minutes after alexis late security he began shooting coworkers using a shotgun that he had successfully concealed. in the wake of the shooting of the washington navy yard this can really begin a review of security passages and procedures highlighted by the attack. our first oversight in the caret security cleared process and that federal agencies have

enabled them to determine who should have access to sensitive information or facilities. at that very wake board ways to improve the process and were reminded that quality cannot be sacrificed for speed. the purpose of today's hearing is to review how we physically secure the -- facilities from attack. in many instances security measures again well before a person approaches the facility. alexis was able to maintain a security cleared him and he was trusted as a defense clatter that contractor and granted access to a navy complex. he exploited the stress, and he hurt a lot of it is people. the aftermath, it is only natural that we wonder if all people entering a federal facility, in the that even employees, should be screened in some way? should we borrow and often used phrase from ronald reagan, trust but verify?

some of the examples of many undesirable threats facing our federal the syllabus -- facilities. in addition to active shooters, agencies must develop countermeasures for blued that improved explosive devices, biological weapons, and other types of results. today's hearing will examine federal agency's efforts to develop and maintain effective layers of security at their facilities, and prevent future attacks against innocent people. facility security is not just about protecting the physical structure of a building, it is about safeguarding the millions of innocent people who work and visit these facilities on an almost daily basis.

today's hearing on facility securities is also about honoring the memory of the 12 men and women who died on september 16, earlier this year. by learning for that incident and doing all that we can to prevent a similar tragedy from happening in the future. people who work with me know that one of my guiding principles is if it isn't perfect, make it better. our goal today is to make sure we know how to do a better job protecting people at facilities. we can start by asking some fundamental questions. first, we need to ask how do federal agencies determine what the threats are to their specific facilities? not every facility is the same rate of large federal buildings in big cities, for example the offered murray building in oakland the city may be target for terrorists because of their size of what they symbolize. however the more likely threat is a small social security office, maybe a and rrs -- and irs security center, where someone may be upset and acting badly.

we must be successful in prioritizing these risks. as we all know, the world around us is possibly changing. so is the nature of the threats that we face. as a result, methods for security -- securing our homeland should always be under observation and under assessment. because the nature of the threat continues to evolve, the methods we used to consider -- to ensure our homeland must involve my final question, how do agencies respond to these evolving threats? a security measure that made work for one facility may not work for another. not every facility might be able to be built from 50 feet away from the nearest road to protect from a vehicle threat. i would to know if agencies are sharing best practices. is the department of defense working with civilian agencies to share his experience?

what security measures should be able to did -- should be implemented? they may have years of experience and education and security matters. i would to know what actions or omissions have taken since the navy are shooting to secure facilities. agencies require some responsibility, and the federal protective services a point a department of the homeland security to protect those that are older leased by the general administration. the federal protective service has a difficult mission. the agency only employs about a dozen enforcement officers to protect more than 9000 civilian federal facilities.

these facility's are spread out all over our country. while effective services are was possible for assessing security at these facilities, and lacks the authority to let the security measures. the nadir prevents installing metal detectors and x-ray screening equipment at a facility, but it is the local facility security committee that decides whether to authorize and pay for those recommended security measures. as a repeated government accountability office report has highlighted, a number of internal management challenges have impeded the federal effective services ability to protect facilities.

for example, the federal protective service must the bleep the facility security assessment in a timely manner so it may share them with the offices it protects. this service has been able to do that and other agencies have sought to complete their own security assessments, creating unnecessary duplication and waste. the federal protective service must also do a better job of tracking and overseeing the training of the 14,000 contract guards that it uses to protect its facilities. the agency must ensure that post is federal law enforcement officers and the armed security guards it uses are appropriately trained, equipped, and prepared. insuring be training, the equipment, the preparedness of federal law-enforcement officers and contract security guards is essential to providing for the

security of facilities safeguarded by the federal addictive service -- protective service. in the wake of the shootings at the navy yard and the west virginia courthouse, we cannot afford to be ill-prepared for this type of threat. while director patterson has worked hard to improve the productive service performance, the agency has not received the subordinates from congress. i wanted sure director patterson that i am committed to working with him to make the agency more efficient, and more effective. we can start by focusing on the cost-saving and cost neutral solutions that are must more likely to be received by bipartisan support in congress. i have that today's hearing will help us to find better ways to improve security at all but all facilities. there's much to be learned from the navy yard treasury to help us prevent similar incidents in the future -- tragedy to help us prevent similar incidences in the future.

normally i don't turn to the senator from north dakota to see if once to make a comment, but i would like to ask her. >> let us proceed. >> ok. i just going to briefly introduce our witnesses, and reintroduce others. i want to introduce us our first with this -- witness, caitlin a. durkovich. where we have a newly confirmed secretary, jeh johnson, was approved yesterday by a vote of 78-16. i'm grateful to our colleagues,

both democrat and republican for their support. we need him in place, and he needs a team to lead, including an able deputy security -- section a of homeland security. ms. durkovich was appointed in may 2012 and leads the departments efforts to strengthen and make resilient our need -- our nation's infrastructure. she oversees its mission to develop best practices in the united states. our next witness is general patterson. director patterson was appointed to his vision on september of 2010, as rector mr. patterson oversees the services mission to protect and deliver rater law- enforcement security services to

over 9000 civilian federal facilities. to safeguard the more than 1.4 million daily occupants and visitors. you served in the air force for over 34 years, thank you for that service. finally, stephen lewis, deputy director, personnel and security policy within the office of the undersecretary of defense for the intelligence and united states martin of defense. -- department of defense. related to personnel and security. he has appeared before our committee just about a month ago in the first hearing on the ashington navy yard hearing. i welcome you all to today.

i ask ms. durkovich to leadoff. i yield to dr. coburn. good morning. >> i apologize for being late. i will put my opening statement in the record. >> fair enough. welcome. >> please continue, and your welcome to summarize as you see fit. try to stick within five minutes but if you go beyond that it is all right. >> thank you very much. i am pleased to appear for you today to help honor the memory of the 12 men and women who died at the navy yard and all of those who have been victims of violence in the federal workplace. as assistant secretary work production i have had the responsibility to lead the overall coordination of the nation's critical infrastructure security and resilience efforts. one of the most rewarding opportunities i have is to serve as chair of the interagency , the isc.ommittee

to oversee the development of standards, reports, guidelines, and best practices of the facilities securities at nearly 400,000 cell billion federal facilities -- civilian federal facilities. it was created by executive order following the bombing of the building and oklahoma city. it is responsible for the creation and adoption of numerous standards, guidelines, and best actresses for the protection of these nearly 400,000 non-military drill facilities across the country. the work is based on real world present day conditions and challenges and allows for cost savings by focusing on specific security needs of the agencies. isc standards defined security -- provide security measures and design and implementation of security policies. recently, the isc proceeded that

risk management process for the for federal security standard. those responsible for security should use to determine that the -- a security level and provide case -- a single source of facility security countermeasures. it explains that risk may be addressed in various ways to my depending on agency mission needs. for example, the presence of a childcare center on-site has historical significance. it is most important to note that the isc is a truly collaborative interagency body. 53. -- 53 federal departments and agencies participate and take the lead in bringing ideas to the table and drafting standards and best practices. when agencies cannot solve security related problems on their own the isc brings chief security officers and senior executives to solve continuing

government-wide security concerns. recent events have demonstrated the need to identify measures that can be taken to reduce the risk of mass casualty shootings in workplace violence -- and workplace violence. improved the department of -- the department aims to enhance preparedness through a community approach. and -- byng countering to respond to workplace violence. we have assisted owners and operators of critical infrastructure to better train their staff and courtney with local law-enforcement for these types of incidents. we have hosted workshops and developed an online training tool targeted at preparing those who work in these buildings.

these efforts and resources have been well received and are applicable to federal facilities as well as commercial spaces and other government buildings. cognizant of this growing threat, the isc this spring formed a federal active shooter working group while a number of guidance documents previously existed, this working group was formed to streamline the existing policy into a single cohesive document. to date, the working group has met five times, and is reviewed numerous documents, including training materials belched by departmentd by the for commercial facilities. it is our intention that the resulting work will serve as a resource for agencies to enhance preparedness or an active shooter incident in a federal facility. threats to our critical infrastructure including federal facilities are wide ranging and constantly evolving. not only are there terrorists

threats like a -- the bombing at the boston marathon this past spring or the complex shopping mall attack in nairobi in september, but hazards from weather-related events like hurricanes and he and the cipher -- cyber infrastructure increasingly under attack have impact. it is impossible to anticipate every threat but they department is taking a holistic approach to creating more secure and resilient infrastructure environments to better handle these challenges. the work of the isc example of eyes these efforts. ourring our federal secures secure and resilient is a large undertaking but the work of our member departments and agencies ensure that those responses -- responsible for federal security have the tools and resources needed. i would like to thank you for the opportunity to before -- appear before you and discuss the important work of the isc and ensure that these real-world events do not happen again. i look forward to answer any

questions you may have. >> thank you. thank you for your testimony and work. >> good morning. my name is eric patterson, and i'm the director of the federal protective service within the national protection and programs -- program director of homeland security. we are charged with protecting and deliberating integrated law- enforcement services to over 9000 still sell these owned or leased by the general services administration, and safeguard their nearly 1.4 million daily occupants and visitors. we employ over 1000 law- enforcement officers, effective, and special agents who perform a variety of critical functions but including fds contracted protected security officer oversight, facility security assessments, and uniform please response.

-- police response. our inspectors and special agents receive rigorous training at the federal law enforcement training center and in the field. this training ensures that our personnel are able to effectively respond to the tens of thousands of calls for service received annually, and conduct thorough assessments in these facilities. [inaudible] and provide a record of recommendations designed to meet standards for federal security facilities. we work with stakeholders to identify and gather all necessary information to characterize the risk unique to each facility. they then build a consensus with the 10 agencies regarding the type of countermeasures and number of guard posts staffed by

fps contracted officers. appropriate for each individual facility. approximately 13,000 appointees start -- extended guard posts. are responsible for responding to emergency situations. they also ensure prohibited items like fire items other dangerous weapons do not enter federal facilities. they stop approximately 700,000 prohibited items from entering facilities every year. fps part is with private committees to ensure that the cards have met the syndication training and qualification requirements specified in the contracts cover a subject areas such as crime scene production, actions to take in special situations such as building evacuation, safety and fire prevention, and public relations.

they must undergo background investigation checks to determine their fitness to work on behalf of the government, and are rigorously trained. however, it is important to note that pso's are not sworn law enforcement officers. individual authority to perform services are based on state specific laws where the pso is employed. to ensure hype performance of the workforce, personnel conduct inspections and activities to andtor vendor compliance countermeasure effectiveness. additionally, within the personnel files, they are audited periodically to evaluate their training records.

in fiscal year 2013, they conducted 54,830 inspections and audits. the federal protective service is committed to providing safety, security, and welding to -- a sense of well-being to thousands of federal employees who work and conduct business in these facilities each day. we continuously strive to tigre, andance, and transform our organization to meet the challenges of an evolving threat landscape and have recently made significant progress toward closing out outstanding gao recommendations pertaining to fps operations. in fiscal year 2013, fps submitted documentation for turning as pertaining to recommendations to improve communication. six were closed as implemented and seven are pending internal review for closure. significant progress has also recently made to closing long- standing recommendations

relating to handling of training and oversight. while challenges undoubtedly remain, they have successfully directly related to this program area, and is pending for closure two more. we have made advances for recommendations relative to our risk assessment methodology. specifically, fps designed the fsa progress to meet requirements for federal facilities and to ensure stakeholders have an under ranting of the threat they face. fps has begun to provide a threat assessment report as part of each fsa. going forward, fps will continue to work to explore consequences and impacts of the security assessments and to explore the inclusion of consequences to the fsa process.

i would like to a knowledge and thank the distinguished members of this committee for the opportunity to testify today. i will be pleased to answer any questions. >> thank you. these proceed. >> good morning. thank you, chairman carper, ranking member coburn, senator high camp. i appreciate the opportunity to be here today to address the pressure -- practices and procedures regarding facility security. i am steve lewis, director of the security policy and oversight directorate. in the office of the undersecretary of defense for intelligence. i am here on the behalf of the undersecretary of defense for intelligence, or usdi. it is the principal staff assistant for security matters, and it is responsible for setting over overall dod security policy. provide --e they

installations, facilities, and related assets. within the department, the security responsibilities are complemented by those of the assistant secretary of defense for homeland security and america's security affairs. responsible for the dod anti- terrorism program. in the wake of the tragic washington navy yard shooting incident, the secretary of defense initiated concurrent internal and independent reviews to identify and recommend actions that address gaps or deficiencies in the dod programs, policies, and procedures regarding security at dod installations. also cover the granting and renewing of security clearances for dod employees and contractor personnel. in order to address the department's facilities security practices and policies, it is important to describe the

requirement for military commanders or civilian equivalents to conduct a comprehensive security evaluation of a facility or activity. the purpose of this evaluation is to determine the ability of the installation to did, withstand, and recover from the full range of adversarial capabilities. based upon a threat assessment, compliance with protection standards, and risk management. based upon the results of these evaluations, active and passive measures are tailored to safeguard and prevent unauthorized access to personnel, equipment, installations, and information by employing a layered security concept known as security in depth. the department requires the development and maintenance of comprehensive plans to address a broad spectrum of natural and man-made scenarios. these include the development of joint response plans to adverse

or terrorist incidents such as active shooters and unauthorized access to facilities. military commanders and civilian equivalents conduct a local vulnerability assessment and are subject every 3 years to higher headquarters assessment such as a joint staff vulnerability assessment. the department has worked very hard to foster improvements that produce greater efficiencies and effectiveness in facility securities. in its continuing efforts to harmonize facility securities agencies, military commanders located in dod occupied facility space, primarily not on those on a dod installation, must utilize a

federal interagency committee's risk management process. this includes the incorporation of the physical security standards and dod guidance. for example, the unified facilities criteria. dod also participates in various such as thefora, interagency security committee, along with representatives and the department of homeland security and many other federal agencies and departments. these enable the sharing of best practices, physical security standards, and ciber and terrorist threat information in support of our collective resolve to enhance the quality and effectiveness of physical security of federal facilities. have various ongoing initiatives across the department to enhance facility security, such as the development of an identity management enterprise services architecture known as imesa. imesa will provide an approach to information and complement

ongoing efforts. imesa will provide real-time vetting of individuals requiring unescorted access to dod facilities, and these will be run against dod, federal, state, and other authoritative data services. imesa users will be able to authenticate individual consent -- credentials and fitness to enter a facility. we believe imesa will enhance the security of dod worldwide. thank you for your time. i am happy to take your questions. >> thank you. i'm going to call on dr. coburn for questions, and then we yield to senator high camp -- senator high camp. -- heitkamp. >> general patterson, go through the gao recommendations that you all have met and when they were met. my understanding was of the 26 gao recommendations between 2010

and 2012, prior to the navy yard only 4 of those have been acted on. is that correct? >> i can get you a listing of all of the recommendations -- >> in your testimony you listed several. will you do that again for me? >> i don't think i listed them specifically. >> you said numbers, that is what i want. >> i can get you the specifics, i do not have the recommendations before me right now, but the numbers are accurate. was 26 outstanding gao recommendations between 2010 and 2012. on 4 of them had been acted and accomplished based on the recommendations. you gave a litany of others who have acted on. clicks yes, sir. i was giving you a general oversight of the number -- >> go back to your testimony and

give that to me again, will you? >> in 2013, fps submitted documentation to the ca -- gao for closure and consideration pertaining to 13 gao recommendations, including fps strategies to enhance human capital planning and improve tenant communications. of those presented, six were as implemented, and seven are pending gao internal review for closure. >> ok. so that is half of them of the 26. my question to the secretary, were you aware that there were

26 outstanding recommendations made by gao, and that until the first of 2013 only 4 have been acted on? >> thank you for the question. yes. i am aware of the various gao recommendations that are open and have been closed. a more high-level standpoint, the department has initiated an overall effort to make sure that all open gao recommendations the various components and subcomponents work closely with gao to address those recommendations and to take steps to close them. >> when did you all initiate that? >> as recommendations are provided to us by gao, we begin our work to -- >> i understand that. but you just said you initiated a process where they would be

addressed. >> that is a standard process within the department. when we receive a recommendation from the gao, first of all we have to submit a letter about whether we agree or disagree. >> i understand that. >> i don't have specific oversight over the fps as thendations, assistant secretary for the office of infrastructure protection, i handle the recommendations that are specific to my programs, including the isc. we have five open gao recommendations and we were closely to document what we are doing to address those recommendations and provide regular up dates to the gao through letters to document what we are doing in the timeline for which we think we will meet the mitigation measures or measures we have taken to address the recommendation. >> see if i have got this right.

i may not. the interagency security committee does not monitor agencies for compliance. correct? >> based on the executive order, departments and agencies shall comply with the standards that are produced by the executive -- >> i understand that. what i masking, they do not -- what i am asking, they do not monitor the individual agencies to see if they are in compliance. those agencies are supposed to, but isc does not monitor to see that it happens. >> that is correct. >> it is the responsibility of each individual agency to make sure they comply. >> yes, based on the executive order. >> let's go back to fps. how is it that your agency is complying with the standards set by the isc? >> we do work with our federal

partners. as we go in and do assessments we make recommendations as they are outlined by the isc./ ad for a variety of reasons federal partner may or may not be able to implement. it could be because of cost. it could be because of a variety of things that they may decide they can't meet those specific recommendations. however, once we do understand that they are not able to we try to work with them to mitigate those shortfalls as much as we can. so it is not as if we walk away from that. >> i am not saying that. for example. active shooter training. >> yes, sir. >> a large proportion of our officers that we contract or have are not trained -- >> yes, sir. if i may explain. there is a reason for that. the reason is because historically, as i stated in my

testimony, active shooter response, not awareness, but active shooter response has been a function of law enforcement. as such, our pso's are not law enforcement officials. so to put them in a position to which they are responding as a law enforcement officer requires , at least, coordination with the state and contractual agreement that they will respond in that manner. now, because we recognize that 's will instances our pso be the only folks in a particular position to may be respond in a very prompt manner, we are now working with the national association of security companies to look at how we can provide training to where they response, if you

will, in that manner. but the bottom line is we still one law enforcement folks to respond, because that is where they are trained. we spend in a number of hours with our inspectors and our agents learning how to respond how to risks -- respond to an active shooter situation. we have not done that with our pso's. we have to find a happy medium so we do not put our pso's in harm's way. we need to find out the right level of training for them to respond effectively. >> so, we have security personnel at federal buildings. but if we have an active shooter, we do not want them, right now, they are not trained to handle that. >> here is what they are trained in. they are trained to protect the people, to get them, to keep folks from coming into the building so that they do not enter harm's way. they are also trained to help

people of actuate in a very timely manner. if, in fact, they are approached or come in contact with a shooter, they are trained to engage. trained in isnot to go find the shooter and take action. are trained to engage? >> they are trained to engage, all of them. >> ok. i am past my time. thank you. >> senator heitkamp. >> thank you. the first obligation of any employer is safety. i think you will find that in a lot of facilities across the country, whether they are manufacturing plants or processing lands of any type, or even in a major office. employeegood management, it actually saves a lot of money.

and i think this committee is deeply concerned about the safety of public employees in buildings. the navy yard is yet again another example where don't live in a perfect world, but were there things that could have been done that should have been done differently that would have prevented it or limited the deaths once the shooting began? i want to go back to a couple kind of critical points here. even though we have executive orders and we have all of the gao reports and the recommendations, it is kind of like the words get written but nobody is responsible for follow-up. no one is responsible for implementation. no one is responsible to the public employees to say, yes, we have done everything. we know what the path forward is that will enhance your safety. these made

recommendations, and we hope that whoever manages that building, whoever runs this agency, is taking safety as seriously as what we do. so i will tell you, i am concerned listening to this that there does not seem to be a lot of coordination, and even when there is a lot of coronation there is not a lot of follow-up in terms of making sure these things get done. i want to go back to maybe what i am not understanding, the engagement of an active shooter. i chaired a task force when i was attorney general on school safety. we made everyone in the building have training. our recommendation, which was carried out by very many schools across this country, is that we train on what happens if there is an active shooter. the person we found that we theed to train, give clearest training too, was the woman who answered the phone or the man who answered the phone at the reception desk. obviously, in most federal

buildings the first person you will encounter will be someone that is under your jurisdiction. so, what recommendations would you make to change what you are currently doing in an active shooter situation? >> yes, ma'am. as an agency, we have thought long and hard about this. we have been working very diligently with our vendors to take a look at where we need to be and -- in helping them and helping us understand how we go forward and proceed forward in training. what training do we need to provide? what level of training do we need to provide for our pso's? >> have you considered that maybe someone who is law enforcement trained and authorized to engage at a higher level should be on duty? not always to do the scanning and the screening, but have someone there who has a role in providing protection? >> we would love to.

i have about 600 inspectors who are law enforcement officials who are in a number of our buildings on a regular basis. but we have thousands of buildings, that i can't put law enforcement folks in every building. we have great relationships. we established great relationships with state and local authorities that we can call on very quickly to respond if we have a problem. but at this point, ma'am, i don't have the resources that will allow us to put a law enforcement individual in these facilities. now, there is a possibility that , you know, we could possibly contractorse of our . however, that would clearly be more costly, and we would have to figure out how we would do that. >> it is troubling that there does not seem to be a lot of creative thinking on how we can use the resources we have more

effectively to protect folks. , obviously this is a great tragedy and i know very many people within your sphere are still dealing with the extent of this tragedy. but i would suggest that maybe the best way we can deal with this tragedy is to assure people we have learned the lessons. so, can you tell me what lessons your agency has learned from this? i know you are undergoing this review. but give us a little peek into what the thinking is right now. talked a little bit about active shooter awareness and training, within the department we have incorporated active shooter awareness into the antiterrorism level on training. so that has been introduced throughout the dod population. in addition, we have published workplace violence and active shooter prevention and response. this was in response to the fort

hood incidents. so, we have measures in place to not only deal at an awareness level, but in terms of response within the department. since the washington navy yard tragedy, we have really focused on continuous evaluation of our cleared and vetted personnel. not just people who have security clearances, but people who are eligible to have access to dod installations. you can do the best investigation possible, but things change within people's lives over time. we have to be constantly aware of what those changes are. pilot onstablished a continuous evaluation which is going to look at, do automated dodies of public and

records to look for issues of concern. this is an ongoing effort. we are trying to expanded to include individuals who are visiting installations on a regular base this. imesa initiative i mentioned, which would in an automated fashion allow for sharing of individuals -- information of concern between dod facilities so that, if a visitor to one dod installation presented a problem, for whatever reason, that would be available to other dod installations that that person may be going to visit. that is our focus. how do we become a prized -- of information as it develops and not wait five years or 10 years for the next

reinvestigation. see betterlike to coordination and better follow- up. gao has a number of recommendations that sit around for a number of years, and we come and say, we are working on it. that is a constant source of frustration on this committee, about, we are working on it, or we are concerned about it. it does not cut any more, especially when we are talking about safety of public employees and the integrity of your missions. so, i would like to see maybe follow-up on the gao recommendations, what the timeline is for actually getting those implemented. >> may i take a moment to address the coordination issue? i want to go back to the interagency security committee and reiterate that over for the the 17 years we have had chief security opposite is another senior executives from 53 different departments and agencies who participate as part

of the committee, looking at you evolving threats and eve offering hazards and working together to produce standards and best practices. whether it is on occupant emergency plans, prohibited federal items in federal buildings, on the training of federal security committees. certainly, the risk management practice that we released this past it is a highly august. collaborative body. while there is not a formal compliance mechanism, the fact that these 53 security officers come together and work over months to produce these standards, it then becomes incumbent upon them to ensure that their facilities adopt them. compliancee informal mechanisms we are looking at. there are tools and development to help us better assess how facilities are implementing our standards and best practices, but i wanted to dispel the myth

that it is not highly collaborative. coming out of the navy yard and other incidents in federal facilities, we have established an active shooter working group. as i mentioned. both designed to look at what happened at the navy yard, but to leverage all the work that we have done over the course of the last six years in the commercial facility space. we have online training, in person training, part of the goal is to look at the various tools, documents, trainings that available right now to leverage those, so we can bring those to the federal workplace. i think training is a very important aspect. it is certainly something director patterson does as part of his responsibilities. but there are other things that we can do to augment that. to ensure that, as we look at developing best practices or standards, that we are encouraging and recommending, that we exercise, that we test the training that we

do. that we ensure that there are documents and marketing materials available to employees. but i think that there is a lot that can be done and they can be leveraged from the work we have already done with the commercial facility sector. that is certainly the goal of our active shooter working group. >> senator heitkamp. we request to have several members of the committee who have served as attorney general. thank you for bringing that expertise to bear. secretary durkovich, i am going to ask you to help make real this interagency security committee. cut through the jargon, not that you are using jargon. cut through the federal verbiage. where did it come from, why did

we create it. describe its , moren or missions, and importantly, how do you think it is working? how do we measure whether it is working well? just make it real for us. >> absolutely. thank you for the opportunity. the interagency security committee can about after the bombing of the alfred p murrell in oklahoma city, with the recognition we had to do a better job protecting our federal facilities. almost every department and agency participates in the federal interagency security commission -- committee. it is often the most senior physical security person within the department, the chief security officer. we take eve offering threats and evolving challenges, and it is the chief security officers who look at the particular threat

and decide, how do we, as a federal family, best address that threat and make sure that our facilities are able to mitigate them. so there is both a formal risk management process that the committee has produced, and it is the standard by which we go about securing all federal civilian facilities, with the exception of dod military installations. it begins with determining what is the facility's security level. particulark at a federal facility, and based on what its function is, is it a headquarters, a field office, does it have historical significance, for example, is the declaration of independence or the bill of rights contained in it? are there other ancillary functions? are there is -- childcare facilities? that is what allows us to

determine whether a facility is a level five, the highest level, or a level one, which is more of your storefront office. then we apply the physical security criteria. based on the level, and also what we call the design basis threat standard. that is 31 undesirable events that we have determined our most attractive are most likely to happen from -- to a federal facility. it ranges from arson to sabotage alsoe shooters and whether-related events. they stung those scenarios, what are the right security measures -- based on those scenarios, what are the right security measures to put in place at these federal facilities? it is a risk-based process. as you pointed out, it is difficult to apply all of these. because as you have noted, not all buildings were built 100 years or 150 years ago with a

15-foot setback. we have to think about how you mitigate vulnerabilities based on real-world realities. so we help provide facilities with options to include last- resistant windows. but working with the risk management process, the establishment of facility security committees, ensuring that the individuals who sit on those committees have the training they need to carry out their duties is a core part of, again, what the interagency security committee has thought , again, whenw we there are unique functions inside a building, how we ensure we are also protecting those functions. things like child care and other high-priority efforts. that is really the basis for what the interagency security committee does.

thinking about how we keep those standards fresh, how we recognize that we are living in a world where our adversaries are highly adaptive. when we start to see you merging threats -- the merging -- emerging threats, we bring the 53 security officers together to come up with a standard to ensure that all federal facilities are working from a certain baseline. we are doing that with active shooter. as you start to see the small- scale complex attacks, how are we accounting them, how we ensure we have the measures, the training. that we have done the preparedness so we can mitigate the threat. >> let me just interrupt. you may have said this and i missed it, but again, how do you measure, what metrics are reusing to measure whether the work of the interagency security committee is successful?

talk with us about sharing of best practices across whorange of the members comprise this committee, please. >> absolutely. i will answer your first question by saying, i do think the interagency security committee has been a success. we have done in formal surveys, but if you surveyed each of the federal departments and agencies , you will find they have implemented all of the interagency security, all of the isc standards. >> those standards continued to be updated? >> they continue to be updated. they are the ones who come together to help develop these standards. we don't have a formal mechanism for measuring what has been implemented. there is one approved tool that is in existence. we are working on improving others. thatotally, i am confident

all the member departments and agencies have implemented the standards. when they can't, they are responsible for coming to us and telling us why they can't, and the fact that they are willing to bear that risk. >> talk about sharing best practices. >> absolutely. this committee facilitates that. >> one of the benefits of the interagency security committee as you may have a chief security officer who represents a level five facility who can come and talk about some of the things they have done. for example, a headquarters building that sits on constitution avenue. the things they have put in place to mitigate the fact that they can't have a setback. use blast-at they resistant windows. the very nature of the interagency security committee is the fact that we can convene these senior-level executives to talk about best practices.

but what is unique about what we are doing with the isc, for over the last six years, we have been working with commercial facilities. these are buildings, stadiums, venues where the public passes through them day in and day out. where we have done active shooter training. were we have thought about how you strengthen and provide layers of security that may not always be obvious to the public. how do we take those lessons and best practices and bring them the federal facilities as well? as part of the active shooter working group that we have set up, you will see a mix of both what we are doing in the federal sector, but also the lessons learned, the leading practices we have developed in the commercial facilities sector at was -- as well. >> thanks. dr. coburn. >> a follow-up -- i want to put in the record a letter from dhs police deputy director of operations that was released november 22.

new active shooter guidelines. i am confused after reading this. i think -- i do not understand the engagement. if somebody is with a firearm in a federal building and we have a pso officer there, nothing here says they will engage him. >> yes, sir. my point was that the original objective and mission of the pso was to ensure the safe ingress and egress of people in a facility. it was not to pursue an active shooter. that has always been the purview of the ground of law enforcement personnel. as we have re-looked at how we have our pso's engage, we were looking at legal obstacles that we may have to overcome as a

result. as well as any state requirements that they may have to meet. my point in talking about -- that they will engage is an -- it's an armed individual comes into the facility and they recognize they are armed and they ask the individual to drop their gun or drop their weapon or put the weapon down and they do not, then they are authorized to engage. if they are clearing the building or trying to get people out of the building and they run into that active shooter, they will engage. what they are not trained to do is to go from room to room, trying to find the -- >> i understand. the point i'm making from this letter is that is not clear in here. this is the new requirement for active shooters. >> yes, sir. >> that is not a clear part of this. >> that was stated in november. in early december, we had a

conversation with all of our vendors telephonically, 90% of our vendors telephonically, to tell them we would be coming out with new instructions about how to engage and to be prepared. so yes, it is evolving. >> right now, if an event happened today, they would be following this, not what you testified. >> no, sir. they would continue to engage. priority is the safety of the folks in that building. so one, they keep people from coming in, and they help folks to get out. shooter,o engage the if they come into contact with one another, they will engage. what they will not do today is pursue -- >> i understand that. what i'm saying, it is not clear to me in terms of reading this letter that says they will engage. >> i will have to take a look at that. >> this is what you put out november 22.

that is the important thing. one other area to cover, general patterson. do we direct fps contracted security to do joint exercises with local law enforcement? in other words, dry run. much like senator heitkamp said. >> yes. we conduct a lot of exercises. in fact, we conduct a number of active shooter training exercises in federal facilities -- >> you are missing my point. do we require contractors to do joint training with local law enforcement. >> they do it when we do it. >> but i am saying, is it a requirement of their contract to do joint training with local law enforcement so we have dry runs so that everyone is coordinated? >> yes. their exercise would be part of our exercise as we practice with local law enforcement.

>> ok. going to have an exercise in every one of these buildings. >> that is true. >> that is what the record shows. is it not the fact that you have directed these contractors not to do joint training with local law enforcement? >> i would not say that we have directed them not to do joint training. the fact is, senator, i don't think at this point, we don't have anything specifically that addresses joint training with local law enforcement in our contract. i will have to get back with you. i don't have the contract before me. >> senator heitkamp. i was not intended on following up, i want to pick up from where senator coburn has taken the discussion. security is -- if i can say it this way -- is best done when it is clear that this is a high priority.

it concerns me that public employees and really the public sees someone sitting at a desk. usually in a uniform. there is an assumption that there are powers that come with that. that there is an aura of protection with that. if it does not include engagement and having folks who are at least capable of some kind of immediate intervention. if those rules are not clear, i think we have left the wrong message with people in public. ,nd so, i would like to know for many of these buildings there was not any kind of electronic screening or x-ray machines at the navy yard, correct? you could just walk. if you scanned in through the

turnstile and waved and signed in, that was it, right? ok. this is a building that has thousands of public employees. i can understand it if you are looking at the building that houses public employees for the farm service agency in north waterford city, north dakota, you might not want to put in any kind of reading device. building that houses and employees thousands of employees, it seems like there might be some cost-benefit in safety looking at electronic surveillance, some benefit in people andaw trained the friends to engage. that we might look at those kinds of procedures. i do not hear that today. i thought i was going to hear that we are looking and doing cost-benefit analysis. not that my folks in north dakota are not important, i do

not expect you to hire a law- trained guard. to protect the one person that works there. but i might expect you to think about doing that in a building that houses thousands of people in a city that frequently is a target, symbolically, of terrorism or these kinds of attacks. i really would ask you guys to just go back and rethink what you are saying today about how you can enhance security looking beyond simply continuing the process you have engaged in today. >> if i could address your concerns for a minute? we are doing due diligence in pursuing this matter. we are working aggressively with the vendors to one, look at what authorities -- the states entitle them to do with regard to engagement. we are looking at what

authorities we could render to these folks relative to legally. from the federal sector. we in fact are looking at how we might address this moving into the future, because we realize it is a concern. one of the other things that i spend a lot of time doing is engaging with the federal executive boards across the country. looking at what are some of the challenges they are having, the concerns from their people in these facilities, and how we can provide more training, additional training, to those folks in the facility as to how to respond to an active shooter. because that is very important as well. how do we get people out of harm's way when they recognize event in progress. i would tell you we are taking this very seriously. it may not come across that way in some of the testimony we are providing. but i can tell you we are spending a lot of time with our contractors and with legal to

find out what is that middle ground that we can take. because ultimately, we have to figure out who is going to bear the cost. how can we do this in a smart way but still provide the same result of protecting folks. >> not to the beleaguer the ,- the labor -- belabor this but it seems like if i were looking at this, sitting in any of your shoes, i would say, i have 1000 people that work in a building in a city that is a target. we do not have screening devices and we do not have law-trained guards. maybe we ought to rethink that as a strategy. >> if i may address that. part of when we set the facility security level, the recommended security practices. if you are level 3 or above, we at a minimum recommend that there are guards on-site.

as you move up, for example, at any of the headquarters buildings you see along constitution avenue you will find advanced screening techniques. magnetometers, run bags through. similar to what happened when we walked in the buildings today. to your point, as we go down to the storefront out in the states, that is where you will not see that level of security. based on what your security level is, there is a standard that goes with that. that is part of what the interagency security committee does. make recommendations and -- >> back to that point. you make recommendations and there is no mechanism to mandate that those recommendations are carried out. is that what we are hearing today? >> we do not have a formal compliance mechanism to monitor what has been adopted. >> if i may. i want to clarify.

general, what i am asking you specifically on the gao recommendations is the date at which you submitted. the dates they were cleared. just 2010 through 2012 gao recommendations. for secretary durkovich, is it public knowledge what federal buildings are rated what? can i go on a website somewhere and find that out? >> i have to -- no. it is not public knowledge. we can make that available to you. it presents a security -- >> sure, i understand. that's why i asked. thank you. >> i want to stick with the matter of gao recommendations. gao has a lot of people but they have a lot of work.

they frankly have not been getting the kinds of resources they need to do all we are asking them to do. describe for me, starting with general patterson. explain to us the process. gao comes in, they look at the work that is being done and how it is being managed. they make recommendations. describe the process and the give-and-take before they finalize fragmentation. -- the recommendations. >> i'm sorry? >> describer us the process whereby gao comes in, examines what is being done, makes tentative recommendations and you have the opportunity to respond. recommendations especially high risk lists as a , to do list. as we do oversight. and work in conjunction. >> describe the back-and-forth that leads to recommendation. you said there were 26 you mentioned? >> yes. >> about 13 of them have been responded to.

half of those 13 have been accepted. i am interested in the process. >> when the gao makes a recommendation, one of the first things we do is we sit down with my staff to take a look at what is -- what is the genesis and the challenge that we have for the recommendation. and the background on the recommendation. then we move forward to look at how we want to resolve the issue that, the challenge that gao had brought forward. what i recognizes that some things that we can handle and move forward pretty quickly. other things, not so. only because it will require extensive resources and we have to figure out how we do that. for instance, one of the challenges we have is we have that weso's, guards, have oversight responsibility

for, but we do not have an automated technology available to do our best job in oversight when theyfolks, come to work, when they check in, make sure their certifications are up-to-date, and so forth. one of the challenges i have set forth for the agencies to come up with a technology-based system that will allow us to move forward with that. to figure out, to know when a pso is on post, when he swipes in, out, that he or she has the proper certifications. that is one of the challenges, one of the issues that gao has brought forward, that because we only have 600 law enforcement folks out there to do this for 13,000 guards, it presents a bit of a challenge. these 13,000 guards generate about 170,000 records that we must review over a.

of time -- over a period of time. sciencengaged with dhs and technology to begin to help us look for ways and some off- the-shelf recommendations that we can begin to put in place that will allow us to better oversight the use 13,000 guards. it is issues like that, challenges like that, that you bus from moving forward as fromitiously -- keep us moving forward as expeditiously as we would like to. >> let me raise a question. 13,000 contracted guards and 600 people working directly for you that our law enforcement. that is less than 22 people a person. >> yes. >> we need an automated system to do that? what about random audits?

fire a contractor who does not perform. >> every one of my regions is responsible for doing 10% to 20% random audits per month. part of the challenge is that because there are so many records, in any given time, we can do an audit today. but tomorrow or within the next month, if that is not a record , it may -- the individual may lose said petition based on expiration or having to recertify or so forth. so allowing us, being able to automate our records would help us tremendously in better oversight. >> why should you automate? why shouldn't you force your contractors to automate? >> that is an option. >> it is not an option, it is the only common sense thing you would do. if you into contact with the federal government, you demonstrate people are compliant. and then you audit whether or

not they are telling you the truth. rather than spending a whole bunch of money running all 13,000 people when they are really not our employees. they are contract employees for someone who took a contract to guard a building. it goes back to contracting. what you expect of the contractors to supply, which is certified people doing their jobs. >> many of the contractors do have automated processes. however, from time to time we find discrepancies in record- keeping. >> then you fire that contractor. that is a reason for you to lose a contract. we will have somebody else have this contract next time. these are not non-lucrative contracts. they are making money off of every hour every guard works. >> without objection. this letter will be made part of the record.

i want to pivot a little bit. as a defense contractor with a valid department of defense id card, aaron alexis was allowed access to the washington navy yard. like many employees and other workplaces, he was considered a trusted employee. not screened for weapons. workplace violence continues to be a threat. i want to start with you, mr. lewis. could each of you answer the following two questions. do you believe that we should consider screening employees as well as visitors at federal facilities? do you believe we should consider screening employees as well as visitors at federal facilities? second, is there a downside to screening employees?

i would like for each of you to answer that. mr. lewis. >> current dod policy does not require that type of screening. where someone goes through a metal detection device. but it does allow for random selection of individuals for that type of screening. there are procedures in place. there is the option in place. we rely on the judgment of the installation commander to make a determination as to what is appropriate under local circumstances. the drawback to screening every employee coming through is the negative impact on mission accomplishment. there are facilities where there are 10,000 employees coming roughly theoften

same window, and screening every single employee would be disruptive to getting work done. that is the balance. factoring in cost and mission accomplishment. >> general patterson? >> i think it is something that can be considered. we put a lot of trust in the system that we have. we put a lot of trust and the fact that we do background investigations. once a background investigation is completed, we believe that the individual that has received that investigation is trustworthy. at the point that we decide maybe we do not believe in that background investigation, that is the time we start looking at a system that we screen all our employees as they come in. it is a way to begin to mitigate, if you will, some of the risk.

again, i think it would be something that we would have to think through very carefully before we do that. i know that in many of our facilities, and some of our facilities, we have both. in the department of transportation headquarters, they screen everybody. other facilities only screen visitors that come through. to date, in most of our facilities we have not had a problem with our employees or the folks who have been screened. if we decide we are going to screen, it might be a bit of a challenge only because it is a new process, and that process will require a longer processing time for folks to get through. we would have to work with gsa and others in how we organize that flow.

at 8:00 in the morning when you have hundreds of people entering a building and they are accustomed to moving through and showing a badge based on a security clearance, it could create a challenge. >> secretary durkovich, same question. >> the interagency security committee has put some thought to how we screen visitors. as they enter into or federal facilities. part of that is based on the facilities security level. i would agree with my colleague, director patterson, in that we have to have trust in the system. at the department of homeland security, in addition to evaluating clearances, we ensure employees and contractors affiliated with the department undergo a suitability. in order to ensure that there is not a negative impact on the

mission, we have to account for the fact that there are resource implications and opportunity costs associated with screening employees. the system that we have in place works overall. unfortunately, we have incidents where it is incumbent on us to look at those incidents and make sure we are leveraging the lessons learned. so we make sure it does not happen again. but i think that overall, there is a downside to screening employees. as you know from your oversight of the department, we all have taken on a lot of work to ensure the safety and security of the american people and that its way of life can thrive. any impediment or obstacle to allowing our employees to do their important job everyday is an impact on the mission. we have processes that allow us to ensure that we have employees

who are represent the highest standards. and we should trust in that system as opposed to screening everyone. clearly at certain facilities we have measures in place, as director patterson recognized. when i go to the nac, i have to swipe and show my badge. bringing a vehicle onto the premises, there are dogs and vehicle searches. there are different layers of security. >> before i recognize -- any questions. let me ask one last question. some of you have been before as before. i like to ask

what can we do here -- give me one idea each -- what can we do in the legislative branch to better ensure that you are able to meet the responsibilities that has been placed on you for workplace protection? while you're thinking about that, i will mention this. today, senator ayotte and my colleagues are debating a budget resolution, if framework for a spending plan for our federal government for the balance of this fiscal year. it does a number of things. i think there are three things we ought to do for deficit reduction. number one, entitlement reform that saves money, saves programs, doesn't savage for people. number two, tax reform that eliminates a number of our tax expenditures. we've got a lot of them. some of them have met their purpose, and they need to be retired or modified. to reduce revenues

corporate tax rates and the use of revenues for deficit reduction. number three, look at everything we do and see how we get better results for less money for everything we do. those are the three things that i continue to harp on. one of the things we do with the budget resolution, the omnibus appropriations bill or separate appropriations bills, we move away a little bit from sequestration, across-the-board cuts, to allow agencies and departments to say, these are the ways we need to allocate resources. that will hopefully enable us to look at risks and be able to put less money there with less risk. if you could give me one good idea, it if you could speak very briefly. >> i will start. in some ways, sir, you have answered my question. you have even my response. it is recognizing this country,

there are a number of risks we face. it is a large country. part of the conversation we have to have is with the department of homeland security and the administration, lawmakers, the american public, we cannot mitigate every threat. it is understanding those that will have the most significant consequences and ensuring we have a conversation about how we go about mitigating them, that we have the resources, personnel, to go about doing that. having the conversation that we have today and over the course of time are, i think, what is critical. you have already taken steps by moving away from sequestration. that will be helpful to us as well. i think recognizing we have to -- that we have to manage risk and that we cannot prevent every incident, and as long as we are adapting. >> general? >> yes, the federal protective

services is unique that we have to work through both state, local, federal, and civilian contractors environments. we do that with a very small force. your help in helping us -- and your support to help us move and that of a today's areas is critical, quite frankly, because we are trying to look out and predict, if you will, what is coming down the road to keep our people safe. and we really need the support of folks like yourself and this committee to help us see through that and to help us to work through some of these challenges. >> thank you. >> we believe that continuing to evaluate those employees who have access to classified

information and to our facilities is critical, and we need to have resources to be able to conduct those evaluations. we need to have access to records that are sometimes publicly available, sometimes not available, in order to do those evaluations. general support for that approach to doing business is essential. >> thanks. i was saying to a senator that we are blessed in this committee to have four former state attorney generals, and it adds a great deal of expertise to this area. >> thank you. i want to thank the witnesses for being here. i wanted to follow-up with you, mr. lewis, and ask you about how other dod policies might affect the security clearances at

facilities, and then those who can gain access to them. in particular, the thought of if there are any regulations the need to be reviewed or revise. for example, the current discharge regulations and how they are implemented. in the case of mr. alexis, had he been dishonorably discharged, that would have raised a flag, and that would have gone to correctly to his fitness to hold a security clearance. could you help me understand in light of this case, is this something we need to look at question mark --? one of the things i do not understand as well is the whole break down with the reached out -- that was beyond -- but is there anything we need to do on the mental health end? and so is 2020, looking back, so

you can see things that you did not see at the time, but is there anything we need to look at internally on this issues from the dod perspective or anything we can do -- i serve on the armed services committee, the committees that we should be doing? >> i do not believe there are issues with how discharges occur. not to get into specifics, but generally, based on what was known at the time of the discharge, it was not considered to be an unusual determination as an honorable discharge in that particular case. the larger issue is how do we collect, and identify, a wealth of information that allows us to constantly adjust our perspective about cleared

individuals, and individuals who are in and trusted positions -- and trusted positions -- ent rusted positions? continuous evaluation process, not just collecting the information, but having the staff available to evaluate the information and take action on that information, to me that is the real issue here. >> i appreciate it. senator collins, mccaskill, and high can't say we -- and heitkamp refer to one where there is a lengthy security clearance. i wanted to ask also, mr. lewis, what steps have we taken -- i'm sorry, i meant to call you general patterson -- i apologize -- general patterson, what the uc as we look at this whole situation -- what do you see as

we look at this whole situation at the navy yard that you are already implementing to make sure we do not find ourselves in the same situation? you are reviewing the situation and understanding what steps you are taking in a positive action that you can talk about here. >> yes. within the federal protective services we are working closely with our federal partners to look at processes and procedures for folks coming and going into federal buildings. we are also looking at our communications processes as well. one of the challenges during the navy yard was the fact that so many of the responding agencies, the level of communication and how you do that, so we are looking aggressively at how we do that, not just in the washington, d.c., area, but across the united states because in a crisis situation, communications become critical

and as such, wood, timely communication is essential to a positive result. we are looking at a variety of areas and taking lessons as they come about from the navy yard as to how we improve processes across the spectrum within the federal protective services. >> thank you very much. i wanted to ask you, mr. patterson, is it accurate to say that -- general patterson -- is it accurate to say that it does not use a user risk tool commensurate with the committee standards? i'm trying to understand where we are at this. there was also a report from gao that fps interim assessment tool was not consistent with this assessment standard because it excludes out sequences from assessments.

i want to understand if there is a difference, why isn't there, is it something we should be more uniformly putting in place, or is there a reason for it? >> there is a reason, and we have just dealt what we call a modified infrastructure survey tool, mist. that particular tool was developed from i.p. protection folks who had about that cool over a time of about six or seven years. we thought that this was a tool that we could modify, because it brought what we believed all of the areas of the isc requirements to bear. what we look at with our pool is specifically vulnerability. that is what the tool is structured for. separate we also do a threat

assessment. we connect with the joint terrorism task force, with local law enforcement, with any number of agencies out there to get what we believe a very in depth comprehensive perspective on a threat that we also provide to our federal partner. the piece that is not part of the process is the consequent piece, and it is not part because we have not figured out how to do that within the federal facilities. >> what does that mean? >> that is one of the things we're working with the isc to better identify. when you ask for consequence within a federal sector, what are you looking for? we know when we help a federal partner to begin to pull together and understand their emergency occupancy plans, that we help them to understand and we go to the consequence p iece, and when they look to

establish the federal security level, we are looking at the consequence peace. we have not figured out how to incorporate that in an outdoor rhythm type method -- in and out are the type method in -- alg ortihm method to provide a reasonable and rational meaning to consequence -- 10 tenets of a lease facility. we are certain that folks like irs and social security and others have set to the consequences of losing a facility or if there was in the event something happened to the facility. we have not figured out how to incorporate that into a tool. that is what we are working with with isc to figure that out. >> i appreciate your answer, and we look forward to working with you on this important issue. >> thank you, senator. i want to excuse this panel of witnesses, and thank you for your work.

i would say that you have background for work from here. just keep in mind all those hundreds of families who lost loved ones in oklahoma city, in that bombing. keep in mind those in fort hood who lost their lives. keep in mind, if you will, the families of the 12 men and women who died at the washington navy yard. and just think of them as you celebrate christmas, or some other way during the holidays, the families sitting around the christmas tree, their dining room table, and there is somebody missing. and we need to do our best every day to ensure that those numbers of empty chairs, people are not

around because of a tragedy like the ones i just mentioned. keep them in mind. keep their families in mind. let that energize our efforts going forward. this is not just about prices or recommendations. this is about saving people's lives and making sure they have a wood life and have a chance to share that life for good time with their families. take that with you. thank you. >> to our second and final

panel, welcome. we are glad you could join us. we want to introduce you and welcome your statements and have a chance to ask some questions. our first witness is mark goldstein, the director of physical infrastructure issues for the united states government accountability office. gao is the investigative arm of congress. we are grateful for what you do. he is responsible for their work in the area of government property, and telecommunications. at the request of this committee, and other congressional committees, gao

has conducted 12 reviews of federal substantive the -- federal facility securities as part of the homeland security in 2003. tao room ports on oversight -- gao reports on oversight of guards, budgeting for security, and challenges hampering federal agencies. the second witness is stephen amitay, executive drifter and general counsel for the national association of security companies. he has led the association working with congress and federal agencies and the gao on programs of legislation, other issues related to facility security since 2006. the final witness, david wright, he is the president of the federal protective service union, the american federation

of government employees. mr. wright has served in his capacity since 2006. mr. wright is a 27-year veteran of the detective services. his last 12 years he performed as inspector. responding to crimes to performing facility security assessments. mr. wright brings a welcomed amount of experience to this committee to find solutions to problems facing the federal protective services. tank you for that. we welcome you. we ask you to take about five minutes to make your prepared statement. thank you for joining us today. a question -- were you here for the first panel -- raise your hand. that is great. thanks for staying. your recognize. >> thank you, mr. chairman and members of the committee.

thank you for the opportunity to testify this morning about the protection of federal ability -- buildings. we are responsible for protecting nine thousand 600 federal facilities under the gao. recent incidents at facilities demonstrate vulnerability to acts of violence. to help publish its mission, fps conducts assessments and has 13,500 contract security guards. my testimony discusses challenges fps faces in injuring contract guards that are deployed to federal facilities and properly trained and conducting risk assessments at federal facilities. it is based on work through 2013 on fps guard risk assessments and results of gao's ongoing work to select federal agency

risk assessment methodology aligned with standards. our findings are as follows -- fps faces challenges injuring contract guards have been properly trained and certified before being deployed to facilities. in our september 2000 30 report, we found providing active shooter spots and screening is a challenge. according to guard companies, their contract guards have not received training on how to respond during incidents involving an active shooter. without ensuring all guards received training on how to respond to incidents, involving an active shooter, fps has limited assurance that guards are prepared for this thread. an official from one contract company stated that 133 of its 350 guards have never received screener training.

guards employed to federal training -- facilities may be using equipment, but they are not qualified to use, which raises their questions about being able to screen access to facilities. gao was unable to determine the extent to which the guards have received training in part because fps lacks a system for guard oversight. fps agreed with that recommendations and have taken steps to identify guards that require training and provided it to them. fps continues to lack management controls to ensure its guards have met requirements. although fps agreed with our 2012 reclamation in developing comprehensive system for managing information on guards training, altercations, it does not yet have a system. fps also continues to face

challenges assessing risk at federal facilities. gao reported in 2012 fps is not assessing risk in a manner consistent with federal standards. gao's results indicate it is still a challenge for fps in several facilities. federal standards such as a national infrastructure protection plan, risk management frame and can state that risk assessment should include threat, vulnerability, and consequent assessments. this helps decision makers identify and evaluate risks and implement measures to mitigate that risk. instead of conduct thing assessments, fps has been using a tool referred to as a modified infrastructure survey tool to a set -- to assess facilities. mist does not possess the consequence, the level, duration, and nature of potential loss, resulting from an undesired event. fps agreed that a tool that does

not make consequence is not allow an agency to fully access -- assess its risk. fps official stated they did not include consequence information. gao will continue to monitor this issue and plans to issue a report early next year. in response to our recent reports, dhs and fps have agreed with the recommendations in the 2012 and 2013 reports to improve guard processes. this concludes my opening statement. i will be happy to answer questions. >> thank you. mr. amitay? >> my name is stephen amitay, and i am the executive director for nasco. nasco is that country's largest trade association, employing over 300,000 security officers,

servicing urschel and governmental clients. nasco works with legislators and officials to put in place higher standards and requirements for security companies and private street officers. of most relevant to the hearing, since 2007 we have worked on issues related to legislation related to federal retentive services retentive security officer program. nasco also work with the federal security committee on its 2013 best practices for armed security officers in federal facilities. not including the military services, there are approximately 35000 contract security offers across the federal government, and use of contract security is a proven and cost-efficient counter measure.

to further ensure security, fps and contractors need to work together to address challenges with a program that gao has identified over the last several years. improvements need to be made in the risk assessment process for federal facilities. these helmets are governed by isc standards. as gsa has found out, often requirements of the isc are not met by federal facilities. one critical element in this process is the decision to implement security countermeasures for its facilities. in gsa owned or leased buildings, fps irresponsible for conducting the facility's security assessment and recommending countermeasures. but as you noted in your opening remarks, the decision to implement those recommendations were put -- or the decision to mitigate risk or accept risk is

solely up to the facility's security committee which is made up of representatives from facilities'tenant agencies. tenant agent representatives to the fsc do not have any security knowledge or sprints, but are expected to make security decisions for their respective agencies. the lack of experienced decision-makers on fsc's is something security contractors have witnessed, and calls into question whether fsc's are making informed decisions regarding the mitigation or acceptance of risk. tightened budgets have put research -- pressure on agencies. countermeasures should not be rejected because of lack of understanding or an unwillingness to provide funding. nasco supports requiring training for fsc members as well as dhs been able to challenge osc.

both these provisions were included in legislation that was passed last congress in committee. after addressing the program that gao has identified, as well as other issues of the program, while fps pace is not as fast as others or by, the commitment to improve the program is not questionable and there have been substantial progress made. since the appointment of the director, the degree of dialogue and breads of cooperation between contractors has been unparalleled, and currently fps and contractors are working on initiatives. to address the lack of fps resources to provide training, fps is about to launch a program that will train and certify contractor instructors so they can provide this important training.

fps is moving to increase active shooter trading for pso's, and they are looking at what other agencies are doing in this area come as well as seeking input from contractors. fps is working to revise and standardize the lesson plans in its plan to require that circularly contractors decertify. fps is coming out with a needed revision for guard manuals. it instructs pso's how to act, not following it is considered a contract violation. the format will allow for making revisions as needed. one area that needs review is the instruction elated to a pso's ability and authority to act and liability to act in active situations. congress might want to consider

providing dhs with authority to authorize pso's to make arrests on federal property. fps is working to improve pso post orders and improve its management of training and certification data. for this latter effort nasco recommends fps explore commercially available technologies. much needs to be done to address the pso program issues raised by gao. fps has come a long way in the past decade with it secured a force. nasco looks forward to working with fps and congress to improve security in federal facilities. >> thank you. you are now recognized. make sure your microphone is on, please. we want to hear every word. >> thank you for the opportunity to testify at this important hearing. i am david wright, president of

the american federation of government employees, local 91 eight, which represents federal protective service officers nationwide. we are committed to critical homeland security mission of securing our nation toss federal buildings -- nation's federal buildings. federal employees and facilities are extremely vulnerable to attack from criminal and terrorist traits. i want to assure you my fps law enforcement officers are committed to respond to active shooter attacks. i am appalled that bureaucracy and inefficiency restricted our fps law enforcement officers whose office is less than one mile away from navy yard from assisting with the pursuit of the active shooter. it is because the navy does not recognize the security piece of the fps. this must be viewed in the context of the leadership required to a commerce the fps mission, which remains unfocused

if not broken. at all levels. fiscal security place a significant role in protection of all documents of federal buildings, but the frustrating inefficient and outright wasteful bureaucratic system of determining physical security countermeasures through a flawed facility assessment progress -- process and implementation by a facilities pretty committee who has to diverge their mission funding is i can think and not true security. security in the dirksen senate office building is not based on individual senate office's ability to pay. why should other federal facilities the different? the fps workforce is beleaguered by new and modified security assessment programs and individual conflicting management danced throughout the assessment process. i have lost confidence -- confidence in the ability of the national director to resolve this wasteful process.

i understand the department's science and technology director has offered to make the integrated rapid visual screening tool implied with the isc. it was tested by both general services administration and officials at the federal protective service. that would be a good start to remedying our assessment problems. the use of product contract security guards is a race. they're basically limited to the arrest powers of the citizen. the proactive law enforcement control and weapons screening at this building is a commerce by federal police officers who have felt authority to respond to active shooters, and how can we demand less the federal buildings with thousands of occupants? how well are the 740 officers and agents providing the critical law enforcement

reduction of federal buildings? overall, quite well, given the dynamic mission, the headquarters staff with very littlefield experience. how is fps management doing? not so well. can we do better? absolutely. any organization is in trouble when leaders are not held accountable. a recent disclosure reveals that a regional director file dated rules when he arranged by a system -- violated rules when he arranged by system from a neighbor on the half of the government. i've been told there are other incidents of this content by equal and higher-ranked officials. after accountability is established, performance can improve, with focused, professional, and ethical management that builds on best practices in the regions. give our inspectors and police officers adequate staff, tools

that work, and direction on priorities, and we will make sure the job is done. in conclusion, federal employees and the public they serve deserve the best and most effective protection week can divide. they're not eating it now, and expeditious -- they are not getting it now, and expeditious action by congress is required. i thank you for this opportunity, and i am available for questions. >> i will yield to senator ayotte for the first round of questions. >> thank you very much. i appreciate that. i wanted to ask mr. goldstein, particularly on the gao report, and what you have found. it really troubles me when we think about that there is no comprehensive -- i believe you described it as a strategy or oversight model -- and then the fact that we are not sure,

the people are receiving. there are a category that are not receiving active-duty shooter training and or screener training. how can we, from the gao perspective, what is your recommendation in terms of from the policy perspective, how we can move this as quickly as possible to address this problem? >> thank you. we have been very concerned with respect active shooter training and training on magnetometer's that fps has not been done a good enough job to ensure its contract guard workforce is able to get that training. one of the problems with the active shooter training, which people do not understand here, it is only a small part of one part of the training they receive any how. they get what how the -- they get a special training of two hours which covers special

events of various kinds of might occur in the building. out of the 120 hours they receive in training overall, only two hours good to special events, and only a fraction of that two hours covers active shooter training. i think it is important to recognize contract guards are not really getting active shooter training for the most part. we're concerned they do not have enough training in that area. the same is true for magnetometers. when they did the testing in federal buildings in 2009 and penetrated all buildings that we try to get into in a friday of different cities, with all making materials, we found that time that guards did not have the requisite training to be at post, and we find now several years later that many arts still do not have that. >> and these are the contract guards, correct? >> yes, ma'am. >> let me ask with your site to the agencies that can pay the fee, how does your training differ? how does the training of the

individuals that understand would work -- and maybe i have this wrong -- but would work on the federal protective services end -- do you know how the training differs? >> as federal law enforcement officers, we complete our training at the federal law- enforcement training center. >> you would goes to the same training as any other federal officer? >> yes, and there is a slight difference. we are talking contract guards. they are stationary at their posts, whereas our federal protective service inspectors and police officers are mobile. >> and if you were to the point of your testimony -- if you were to provide the services, for example, at the navy yard, that the federal protective service -- so i understand -- would you

do more of a roaming capacity? you would not do the who stands. i am trying to understand what this looks like. >> that is the model i would look for, is a model that works here at the capitol and the capitol buildings, that you would have federal officers begin their career at the magnetometer, at the x-rays, before they promote up and gain seniority and go out into the field. >> i want to understand, is there other agencies with regard to this training issue on the fps contracting issues them is this something we are facing beyond the navy yard? i assume this contracting issue in terms of the training issue goes well beyond the navy yard facility. is that true? >> the work we have done here focuses on fps. i cannot comment more broadly. we have not looked at contract guard situations and what

funding made the -- >> so just focus on the navy yard. >> we have found the kind of training overall that fbs gives it -- fps gives its contract arts that similar training is given by the pentagon protection, kennedy center, and they are aligned in early with the training you would give to a contract guard at a federal facility, but the problem is implementing it. it is where we seem to see the falloff, ensuring that the guards are actually getting it. >> there's basically no credibility. we can check off the training box, but nobody is saying this person has actually done it, that we are attracting them. basically, in a law-enforcement setting, you have to do a certain amount of training, that you have to complete every year, a part of that is being a in that position. that is not happening?

>> as senator coburn noted, there is a contract requirement to have your protective security officers have to require training and certifications, and it would be a contract violation. >> so we are entering contracts where we do not have the required to train screening? >> the requirements are in the contract. with the x and magnetometer training, of the 132 hours of required training for protective security officers, the contract guards, 16 hours are provided by fps. eight of which is mag screening. it is for their personnel to provide that training is an issue that the gao has noted. that is not a matter of the security contractors providing the training that they are required to provide. >> we are not providing the training to security contractors, but we should be

reviewing these contracts to make sure that we are properly higher are teasing what type of agreement we are brokering in terms of the requirements for background and training, should we? >> yes. a couple issues. as mr. amitay says correctly, protective services not providing the training they are obligated to provide in the contract. on the other hand, fps is not gaining the assurance that it needs that the contract guard companies themselves are providing the training that they are obligated to provide. they are not doing enough of the checks and certification. >> who is watching this? you're watching it? who within the chain of command, meaning the management of this, is making sure this is getting done? >> each region is investigatory process to assure themselves and do checks and do audits. some regions have not done it. some regions have not done it or any random fashion at all where they can gain assurance.

when we have looked at what they have done, not only did we find our breaches in many cases of guards standing without the proper certifications, we found disparities between our reviewed and the review that fps had done as well. >> i think some of those disparities are disparities in the documentation. there are instances where the guards have received required training. they have their cards or vacations. but there are issues with the documentations. for instance, with certain medical requirements, some statements of work require a licensed physician to sign off

on those medical requirements. on others, it could be a nurse practitioner. gao might come in and look at what the current requirements are for licensed physician and see that this pso was signed off by a nurse protection or -- practitioner, so that is in violation. >> wet we are talking about is the documentation on the training for -- what we're talking about is that the condition for the on the training for the screening an active shooter training. >> it was a wide variety of issues. we found not just the magnetometer and the active shooter training, but we found 23% of files we reviewed contained no documentation for required training and certification in a variety of areas, firearms training, drug testing him no indication fps had monitored firearms qualifications. it is across the spectrum of the kinds of certifications that guards need. >> my time is up, so i will -- >> thank you. thank you for those questions. i will ask two questions. the last one, the second one, is i like to ask them in a situation like this, a couple from panels, different points of view, a rock range of perspectives from which to

testify and answer questions. i want you to each pic maybe two -- go back to what you heard one another saying in response. it could be response to your testimony, questions. the impact of the first panel, some things they said, things they said in the testimony in response to our questions, and think about the ways for us on the side of the dais, that you would just like to put an exclamation point behind and say as he goat out of this room today, for god's sake, keep this in mind. these are good takeaways. that is my second question. think about that. i first question is i have is for mr. goldstein. we have already talked to this

to some extent. i will come back and revisit it very briefly. in the past decade or so, you have overseen 12 independent reports of federal facility security. you have looked at the armed guard programs, you have collaborated with state and local law enforcement and the human capital planning. gao has also conducted what we call them covert testing. you talked about some of that that is going on of federal facilities. in other words, you try to penetrate federal facilities to test how security works. it is like what we do in the nuclear power plant world. again, for the record, how would you assess federal facility security today? over 30,000 feet, how would you assess federal facility security today, realizing we are on a time continuum, where folks

focus on this, going back to 1995, oklahoma city -- is it getting better, worse, it is uneven? >> i think it is very uneven, mr. chairman. yes, there have been improvements since oklahoma city and since the twin towers, of course. we have had more focus on this area. we have more physical protections in many places. we have more intelligence as well. but some of the basic issues stormy unresolved, the kinds of issues that you have brought up in some of your witnesses have brought up this morning. there is still inadequate attention to many of the things that are in the forefront of what we need to do in terms of getting into a federal building and making sure that not only that the people who stand on the front lines in federal buildings are qualified to be there and can do the service that they are being paid to do, that taxpayers are paying them for, but more

broadly that we are wising using -- wisely using government resources in this area because we have not effectively adapted a risk management process to the federal portfolio. virtually every building at a level three or a level for security risk is treated in the same fashion, and we did not prioritize across that portfolio in an effective way to make sure that we are effectively spending government resources. so i think we would still have a long way to go, sir. >> a follow-up question -- if you had to pick the next thing or the first thing that the federal protective services are doing in order to further improve federal facility security as expeditiously as possible? i do not know if that is a fair question. >> sure. we have talked a lot this morning about two fundamental issues, risk assessments and

contract guards. while they are moving slowly, they're trying to move in the right direction in both of those areas. i think the area that still is with the security humidity is a three legged stool between gsa, the federal security committees, and fps in trying to figure out the best way to get security at federal buildings. should there really be a significant role for individual agencies within a specific building for people who do not have a lot of security background? should they be making decisions about the government's buildings? i think, while the isc has developed standards to try to improve the level of and effectiveness of the federal security committees, that is an area where they need to spend time out to figure out if that is the this way to

protect federal buildings. >> good, thanks. thanks very much. i asked you, mr. amitay, to respond to my first question again. a point you would really like to say, for god sakes, do not forget this, and there's probably more than a few things that we ought to keep in mind, and we will. one or two, if you would. there you go. >> if you will indulge. the folks at this hearing -- the focus at this hearing was an the navy yard tragedy. in regard active shooter, look at our jurisdiction authority. our guys responded to the navy yard. we were less than two minutes

away, and we had people at the dot and the department of transportation facility across the street, ready to activate and use their training and equipment. we were held back. so that is just real low-level stuff. i need you to demand accountability. this committee, as referred to by mr. goldstein, in 2009, after they penetrated 10 of our buildings, or fps director sat here and committed to this committee that he would fix the national weapons detection training program. to this day, that program is not complete. >> are they making any progress? >> uneven. it is scattered across the nation. i think the big problems with fps is you finally have a vision or at least somewhat of a vision , a headquarters, and i

guarantee you once that vision leaves headquarters, goes down to 11 different regions, i think 3, 4, 5 different senior executives service officials and the message gets lost, thereby, once again reducing any semblance of accountability. we have 11 different regions and 11 different ways of doing business regardless of what our headquarters says. >> ok. thank you. mr. amitay? >> yes, thank you. going off what david just said, it is true that there is a vision now at headquarters. art of that vision is to standardize the training him and to increase the training, and the lines of communication with

the regions do need to be improved. that has always been a problem with fps, the fact that it has had to deal with 11 different regions. i think you will see fps -- david mentioned the national weapons training protective program which is the x-ray and magnetometer training program for pso's. this will require additional training. compare that to the current requirement of eight hours training and eight hours that is combined with 40 hours of refresher training every three years. that is a positive development. the delivery of this training -- that has been a problem and it has been slow getting it out. fps realizes the stretched-thin inspectors should not be doing training. that should be their mission, and they are starting to turn this over sp1 to turn it over to certified contract security instructors, and we think that is a great idea that will allow for cost efficient and faster training. an active shooter training -- f ps needs to be doing more with that. other agencies are well ahead of

fps in terms of training their contract security officers to respond to active shooter incidents. i have talked with several contractors, and they basically say that with those instructions and post orders, there is some confusion for pso's as to what they can do in an active shooter situation. obviously, as the instructions do say, when you're faced with an active shooter and the loss of life, you can engage him. are they able to be more aggressive in terms of maybe detecting an active shooter, if a person comes in as being really suspicious, can make it into a guy's face and see what he is doing? to delete the active shooter policy for this officers is do not let the threat continue, period. i think fps is working to

improve the training, to bring it up to a higher quality. they're working also, as mark said, to try to monitor better their certification and training records and, mark, stay on them with that, because we do think that there is technology out there. i sometimes cringe when they say we are working with the science and technology directorate, to basically try to come up with a data management system, something that, as mr. coburn pointed out, that contractors must have. there should be greater integration and terms of the comprehensive data management system. so that fps and contractors can no who has the -- can know who has the qualifications. >> mr. goldstein, last word? >> one quick quotation for dr. coburn. gao's recommendations -- there've been 26 and only four

are in process and have only been in process for about four weeks, meaning there are 22 still open, and we will provide your staff with the exact information on those. >> they're interesting. thank you for the clarification. >> some points that have not been brought up that are relevant. the first, as mr. amitay has said, it is important that there be better clarity in terms of contractors liabilities. we have interviewed dozens of contract guards over the last decade all of whom have felt they do not have clarity on what their roles and responsibilities are and when they can use force and cannot use force. and most have told us over the years that their companies have all but said don't you ever pull out your gun, don't you ever do anything with it. there is a lot of lack of clarity in this area. the second is the role of the inspector at the federal

protective service. it would be great if they were able to, as mr. wright said, to be able to roam around, do more things, be able to assure the security of the buildings they are responsible for. in many cases they are locked at their desk, doing other work. they are involved in getting contracts out the door, often still hundred officers, and the level of things that they are responsible for really precludes them in many instances from actually being out and about and being the eyes and the ears and taking care of the police function that they really have. that would be the second. the third, finally, is i do not believe there really is much coordination at all based on the work we have done in the past with local and state police jurisdictions, so that when tragedy does strike that the federal protective service has worked out in any kind of detail with local police jurisdictions exactly what kind of focus, what kind of approach, what kind of counter measures they can take

in these tragedies. more work and speed on that area as well. thank you. >> thank you. thank you all for being here. thank you for what you do with your lives. thank you for your preparation for this hearing, for your response to our questions. mr. goldstein, a special thanks to you, and everybody at gao for the continued good work that you do. >> thank you. >> i do not have time. our caucus lunch has begun, and i am late. so i will wrap it up here. if i had more time, one of the things i would get into is the issue of turnover among these contract officers. i do not think we have spent much time on that. i would just say, as a closing thought, when i was governor of delaware we had a real problem in the area of information

technology training folks who work in that area for us as a state employee, developing their skills, and getting hired away by someone who would pay more money. and the governor who succeeded me was smart enough to realize we ought to pay and change up the way we awarded and incentivized folks who come to work for delaware and that arena. a similar problem in the federal government. if you look at the skill sets, there is a problem in attracting skilled folks in the cyber world, and the department of homeland security, as compared to the national security area. there is a difference. dr. coburn and our staffs and colleagues are working in a way to reduce that the severity so that dhs will just hire people who will work in cybersecurity that are trained away by others.

we will work on that. it would be interesting to know what we lose -- it is one of the things that we come back to, quality of training, quality of training, but not only original training, but refresher training. the thought in my background is what is going on with turnover. i guess is there is a fair amount of japanese jobs, and a lot of things done-- in order to benefit taxpayers, but also to benefit the contract officers who good work. i would ask each of you to respond to that if i had time. if you would just raise your hands or by raising your hand, is that a problem, a concern that we should have? ok, thanks for a much. all right. i would just say in closing, the hearing record will remain open for the next 17 months. all right, 17 days, until january 3, 5:00 p.m., and the

walrus crochet in responding -- and we will appreciate your responder questions. we hope you have a good holiday season. thanks very much. [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2013]

says thee ginsburg support -- supreme court should not manipulate their retirement. her remarks are next on c-span. the debate on the federal budget agreement. a senate panel will look at the accountity and savings. we would hear from the president of aarp. morning at 10ow a.m. eastern. later in the day, the senate commerce c