[Senate Hearing 113-425]
[From the U.S. Government Publishing Office]
S. Hrg. 113-425
THE NAVY YARD TRAGEDY
=======================================================================
HEARING
before the
COMMITTEE ON
HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
ONE HUNDRED THIRTEENTH CONGRESS
FIRST SESSION
__________
EXAMINING GOVERNMENT CLEARANCES
AND BACKGROUND CHECKS,
OCTOBER 31, 2013
EXAMINING PHYSICAL SECURITY FOR FEDERAL FACILITIES, DECEMBER 17, 2013
__________
Available via the World Wide Web: http://www.fdsys.gov/
Printed for the use of the
Committee on Homeland Security and Governmental Affairs
U.S. GOVERNMENT PRINTING OFFICE
85-500 WASHINGTON : 2014
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC
area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC
20402-0001
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
THOMAS R. CARPER, Delaware Chairman
CARL LEVIN, Michigan TOM COBURN, Oklahoma
MARK L. PRYOR, Arkansas JOHN McCAIN, Arizona
MARY L. LANDRIEU, Louisiana RON JOHNSON, Wisconsin
CLAIRE McCASKILL, Missouri ROB PORTMAN, Ohio
JON TESTER, Montana RAND PAUL, Kentucky
MARK BEGICH, Alaska MICHAEL B. ENZI, Wyoming
TAMMY BALDWIN, Wisconsin KELLY AYOTTE, New Hampshire
HEIDI HEITKAMP, North Dakota
Richard J. Kessler, Staff Director
John P. Kilvington, Deputy Staff Director
Troy H. Cribb, Chief Counsel for Governmental Affairs
Lawrence B. Novey, Chief Counsel for Governmental Affairs
Jason M. Yanussi, Senior Professional Staff Member
Nicole B. Mainor, U.S. Secret Service Detailee
Keith B. Ashdown, Minority Staff Director
Mark K. Harris, Minority U.S. Coast Guard Detailee
James P. Gelfand, Minority Counsel
Cory P. Wilson, Minority U.S. Secret Service Detailee
Laura W. Kilbride, Chief Clerk
Lauren M. Corcoran, Hearing Clerk
C O N T E N T S
------
Opening statements:
Page
Senator Carper
Senator Coburn
Senator Tester............................................... 4
Senator Ayotte............................................... 26
Senator Heitkamp............................................. 30
Senator McCaskill............................................ 32
Senator Portman.............................................. 35
Prepared statements:
Senator Carper
Senator Coburn............................................... 189
WITNESSES
Thursday, October 31, 2013
Hon. Joseph G. Jordan, Administrator for Federal Procurement
Policy, Office of Management and Budget........................ 7
Hon. Elaine D. Kaplan, Acting Director, Office of Personnel
Management..................................................... 9
Brian A. Prioletti, Assistant Director, Special Security
Directorate, National Counterintelligence Executive, Office of
the Director of National Intelligence.......................... 11
Stephen F. Lewis, Deputy Director for Personnel, Industrial and
Physical Security Policy, Directorate of Security Policy &
Oversight, Office of Under Secretary of Defense for
Intelligence, U.S. Department of Defense....................... 13
Brenda S. Farrell, Director, Defense Capabilities and Management,
U.S. Government Accountability Office.......................... 15
Alphabetical List of Witnesses
Farrell Brenda S.:
Testimony.................................................... 15
Prepared statement........................................... 72
Jordan, Hon. Joseph G.:
Testimony.................................................... 7
Prepared statement........................................... 48
Kaplan, Hon. Elaine D.:
Testimony.................................................... 9
Prepared statement........................................... 55
Lewis, Stephen F.:
Testimony.................................................... 13
Prepared statement........................................... 68
Prioletti, Brian A.:
Testimony.................................................... 11
Prepared statement........................................... 61
APPENDIX
Statement from the Professional Services Council................. 95
Letter from Ms. Kaplan to Senator Coburn......................... 101
OPM Whitepaper................................................... 102
Responses for post-hearing questions for the Record from:
Mr. Jordan................................................... 112
Ms. Kaplan................................................... 116
Mr. Prioletti................................................ 123
Mr. Lewis.................................................... 129
Ms. Farrell.................................................. 134
Tuesday, December 17, 2013
Caitlin A. Durkovich, Assistant Secretary for Infrastructure
Protection, National Protection and Programs Directorate, U.S.
Department of Homeland Security................................ 146
Leonard Eric Patterson, Director, Federal Protective Service,
National Protection and Programs Directorate, U.S. Department
of Homeland Security........................................... 148
Stephen F. Lewis, Deputy Director for Personnel, Industrial and
Physical Security Policy, Directorate of Security Policy and
Oversight, Office of Under Secretary of Defense for
Intelligence, U.S. Department of Defense....................... 150
Mark L. Goldstein, Director, Physical Infrastructure Issues, U.S.
Government Accountability Office............................... 172
Stephen D. Amitay, Executive Director, National Association of
Security Companies............................................. 173
David L. Wright, President, Federal Protective Service Union,
American Federation of Government Employees.................... 175
Alphabetical List of Witnesses
Amitay, Stephen D.:
Testimony.................................................... 173
Prepared statement........................................... 221
Durkovich, Caitlin A.:
Testimony.................................................... 146
Prepared statement........................................... 192
Goldstein, Mark L.:
Testimony.................................................... 172
Prepared statement........................................... 210
Lewis, Stephen F.:
Testimony.................................................... 150
Prepared statement........................................... 205
Patterson, Leonard Eric:
Testimony.................................................... 148
Prepared statement........................................... 198
Wright, David L.:
Testimony.................................................... 175
Prepared statement........................................... 239
APPENDIX
DHS Active Shooter updated submitted by Senator Coburn........... 254
Responses for post-hearing questions for the Record from:
Ms. Durkovich and Mr. Patterson.............................. 256
Mr. Lewis.................................................... 316
Mr. Goldstein................................................ 326
Mr. Amitay................................................... 330
Mr. Wright................................................... 335
THE NAVY YARD TRAGEDY: EXAMINING
GOVERNMENT CLEARANCES AND BACKGROUND CHECKS
----------
THURSDAY, OCTOBER 31, 2013
U.S. Senate,
Committee on Homeland Security
and Governmental Affairs,
Washington, DC.
The Committee met, pursuant to notice, at 10:01 a.m., in
room SD-342, Dirksen Senate Office Building, Hon. Thomas R.
Carper, Chairman of the Committee, presiding.
Present: Senators Carper, Landrieu, McCaskill, Tester,
Heitkamp, Coburn, Portman, and Ayotte.
OPENING STATEMENT OF CHAIRMAN CARPER
Chairman Carper. Well, good morning, everyone. The hearing
will come to order. Welcome, one and all.
On Monday, September 16, a horrible tragedy unfolded at the
Navy Yard in Washington D.C. A very troubled individual took 12
lives in a senseless act of violence. The circumstances that
led to this tragedy are multidimensional.
Many of the issues raised by this tragedy--such as the
adequacy of our gun laws and the quality of mental health
care--are outside the purview of this Committee. But as we have
learned more about Aaron Alexis, a number of my colleagues and
I have been asking each other why such a troubled, unstable
individual possessed a security clearance from the U.S.
Government.
Why was he originally granted a security clearance when he
did not disclose his arrest record on his application? Why did
the investigator responsible for looking into that arrest write
up that Alexis had ``retaliated by deflating'' someone's tires
instead of disclosing that Alexis had shot those tires? And we
also wonder how such violence could have taken place at the
Navy Yard, which is more secure than just about any workplace
in our country.
The Navy Yard tragedy is not the only reason that Members
of Congress are questioning the quality of the background
checks. The Edward Snowden case, of course, raises many of the
same questions. So have the Wikileaks disclosures by Private
Bradley Manning.
Just yesterday, we learned that the Department of Justice
(DOJ) has joined a lawsuit against a company called United
States Investigations Services (USIS). This is the company that
performs about 45 percent of the background investigations that
are contracted out by the Office of Personnel Management (OPM).
According to this lawsuit, USIS engaged in a practice that
company insiders referred to as ``dumping.'' Some refer to it
as ``flushing.'' Under this alleged scam, USIS would send
investigations back to the Office of Personnel Management even
though they had not gone through the full review process.
Through this dumping, USIS maximized its profits.
Many national security experts have long argued that the
security clearance process is antiquated and in need of
modernization, and given recent events, I think we have to ask
whether the system is fundamentally flawed. But we should also
be mindful that, for many years, both Congress and Federal
agencies were concerned about the backlog of security clearance
applications, which grew larger after September 11, 2001. We
need to make sure that investigators do not feel pressured to
sacrifice quality for speed.
Many have heard me say that almost everything I do, I know
I can do better. The same is true, I think, for all of us and
most Federal programs. It is in that spirit Dr. Coburn and I
have convened today's hearing. Our primary purpose is to learn
what we are doing right in the security clearance process, do
more of that, while also learning how we can improve it.
We have many questions to ask, and here are some of them:
Are we looking at the right risk factors in attempting to
identify people who should not be trusted with a clearance, or
who could do serious harm to our government and our country?
What important information do background checks miss in the
current system, which relies heavily on self-reporting by the
individuals applying for a clearance?
Once a clearance is granted, what events should trigger a
reexamination of an individual's suitability to retain that
clearance?
What problems are created by the heavy reliance by the
Office of Personnel Management on contractors to perform the
background checks?
What are the advantages of that reliance?
And what is the relationship between background checks for
security clearances and background checks for other types of
privileges, such as access to governmental facilities?
We also need to ask what impacts sequestration and years of
strained budgets have had on the clearance process. Under the
current system, periodic reinvestigations of individuals
holding clearances are supposed to be done every 5 years for
people with Top Secret clearances, and every 10 years for
people with Secret clearances.
However, because of funding shortfalls, employees sometimes
continue to work in positions that allow access to classified
information, even if the initial period of clearance has
lapsed. For example, this summer, for 10 weeks the Department
of Defense (DOD) suspended the periodic reviews of some
contractor employees due to funding shortfalls.
I would like to hear from our witnesses today about how
often suspensions like that are happening across the Federal
Government. I would also like to hear about what agencies are
doing to manage risks to our security when clearances are not
reexamined on schedule through the periodic review process.
Today, we have been joined by officials from the four
agencies responsible for the policies and procedures used to
determine who is eligible to obtain security clearances and
access to government facilities and computers. They are the
Office of Management and Budget (OMB), the Office of Personnel
Management, the Office of the Director of National Intelligence
(ODNI), and the Department of Defense.
We want these officials to talk with us this morning about
the critical security related policies and procedures and also
about the coordinated reviews of these processes now underway
throughout the government in the aftermath of the Navy Yard
tragedy and other recent incidents. We also will hear from an
expert at the Government Accountability Office (GAO), which has
produced a wide body of work on the security clearance process.
Welcome.
This hearing builds on the ongoing good work of our
Subcommittees, which held a hearing on security clearances just
this past June under the able leadership of Senators Tester,
Portman, McCaskill, and Johnson. That hearing exposed the
urgent need for additional resources for the Inspector General
(IG) at the Office of Personnel Management to enable that IG to
conduct important oversight of background investigations.
In July, our Committee approved a portion of a bill
sponsored by Senator Tester and cosponsored by Dr. Coburn,
Senator McCaskill, Senator Portman, Senator Begich, Senator
Johnson, Senator Nelson, and Senator Baucus to allow the
Inspector General to tap into OPM's revolving fund for the
purposes of performing that much needed oversight, and we
commend Senator Tester and our colleagues, for their good work.
The legislation passed the Senate earlier this month, and my
hope is it will be signed into law by the President soon.
In closing, I want to say that the vast majority of
individuals who hold security clearances are honorable and
trustworthy people. Many of them felt called into service after
September 11, 2001, to help protect our country, and they
deserve our thanks. Having said that, though, we still must
have a system that does a better job of rooting out those with
nefarious purposes and those who become deeply troubled and
unstable. That system must identify those whose behavior
signals an unacceptable risk to be entrusted with classified
information or access to sensitive Federal facilities. I hope
that our hearing today will help point us to a number of
sensible solutions that--taken together--will truly improve our
national security.
Finally, I think it is important to note that our Committee
continues to look at other aspects of the Navy Yard tragedy,
including the physical security of Federal buildings, as well
as preparedness, emergency response, and communications issues.
So, we have much work to do to learn as much as we can from
this tragedy and try to prevent similar ones from occurring in
the future.
With that, let me welcome Dr. Coburn and say that I look
forward to his opening comments, and then we will turn to our
witnesses. Dr. Coburn, welcome.
OPENING STATEMENT OF SENATOR COBURN
Senator Coburn. Well, thank you, Chairman Carper, and
welcome to our witnesses.
First, let me extend my deepest condolences to the
families, co-workers, and friends of those that were lost on
September 16. To me this is not a political issue. This is an
issue of us failing to do our job in a proper way when it comes
to security clearances.
Today GAO is releasing a report that shows some 8,400
people received security clearances while they had tax debts,
which is a vulnerability. And the vast majority of those were
Top Secret security clearances. So our process is obviously
broken, not complete, and not adequate.
Until this year, OPM did not even have the means of
debarring persons or companies that falsified background checks
for clearances. Worse, OPM's IG recommended debarment of 22
individuals, have received no answer on 14 of the cases, and
have been informed that the other 8 would not be debarred.
Something is very wrong.
It is unlikely that a stricter clearance process would have
prevented a deranged individual from committing murder, but
this event should be a catalyst for Congress to try to fix the
way this country categorizes, handles, and grants access to
sensitive data.
Two problems. One, there is way too much stuff that is
classified that does not need to be classified. And, two, there
are way too many security clearances approved. So if you
markedly increase the amount of material that does not need to
be classified, you have to increase the number of people that
need to have access to it.
So we need to address both problems. I look forward to
going through the comments today and with our panel of
witnesses and get closer to the real answers, and, Chairman
Carper, I thank you again for holding this hearing, and I
appreciate the work of Senator Tester.
Chairman Carper. Thank you, Dr. Coburn.
I am going to ask Senator Tester, before we turn to the
witnesses, to make some comments as well and, again, to
commend----
OPENING STATEMENT OF SENATOR TESTER
Senator Tester. Yes, I would like to. Thank you, Chairman
Carper, and I want to thank Dr. Coburn for his leadership on
this issue as well.
It was 4 months ago when we had the hearing after the
Snowden leaks, Senator Portman and I had. In fact, Stephen
Lewis and Brenda Farrell were part of that panel, and I want to
thank you for being here today as well as last time.
In my opening remarks, I said that, given the fiscal and
security stakes involved, we had to get it right and there was
no margin for error. The fact was, as we knew then, as we know
today, we need to make immediate reform of the process. There
needs to be more transparency. There needs to be more
oversight.
The outcome of that hearing was a bill that the Chairman
talked about introduced by myself as well as Senators Portman,
McCaskill, Johnson, and Coburn. A provision of that
legislation, known as the ``SCORE Act,'' subsequently passed
the Senate. When signed into law, it is going to bring better
oversight to the background investigations conducted by OPM and
its contractors.
But there are two other provisions that are also very
important that we need to get across the finish line that dealt
with the issues that Senator Coburn talked about with the
number of security clearances given and, quite frankly, another
issue that deals with what do we do when we have a company that
screws up and screws up with some regularity. It is too
important. And we saw that with the attacks on September 16
when 12 good men and women left for home, as they did most
every other Monday morning. Within a couple of hours, no
warning, no motive, they were killed by a man with a history of
mental illness, a pattern of violent behavior, and a criminal
record--a man who was cleared by our government through a
contractor as someone who should have access to this Nation's
most secure facilities and sensitive information.
Look, there are real-life consequences for failures within
our government, and we need answers, we need solutions, we need
action, because, quite frankly, the men and women who rely on
that action deserve no less.
I would just say thank you, Mr. Chairman, for having this
hearing. It would seem to me that it is critically important
that we act as efficiently and as thoughtfully as possible to
get this problem solved because it is obviously a problem and a
big one.
Chairman Carper. Thank you, and thanks for your leadership
and your good work and that of Senator Portman and others who
joined you in it.
Let me now turn to our panel and introduce each of our
distinguished witnesses.
The first witness is the Hon. Joseph Jordan, Administrator
of the Office of Federal Procurement Policy at the Office of
Management and Budget. Who do you report to?
Mr. Jordan. I report to Beth Cobert, the newly confirmed
Deputy Director.
Chairman Carper. We have heard of her.
Mr. Jordan. Thank you for your----
Chairman Carper. We got her through very quickly. I want to
thank Dr. Coburn and others, Senator Johnson and others, and
actually John Cornyn was very helpful in trying to expedite
that, and we are delighted that we got her through almost in
record time.
Mr. Jordan. We sincerely appreciate it.
Chairman Carper. I think Sylvia Burwell has a top-flight
leadership team there. We expect a balanced budget in about 2
years.
Our first witness is Joe Jordan from OMB. Welcome. Mr.
Jordan was confirmed as the Administrator for Federal
Procurement Policy (FPP) in May 2012. He is responsible for
developing and implementing government contracting policies and
as the senior leader and formal adviser to the OMB Director, he
will speak to OMB's role in the security clearance process.
Again, we thank you for your testimony and for your service.
Our next witness is Elaine Kaplan, the Acting Director of
the Office of Personnel Management, a position she has held
since April 2013. I understand she has been confirmed for a new
job. Is that true? Do you want to tell us what it is?
Ms. Kaplan. Yes. I have been confirmed to be a judge on the
United States Court of Federal Claims.
Chairman Carper. Did any of us vote for you?
Ms. Kaplan. Some of you did. The others were clearly
mistaken. [Laughter.]
Chairman Carper. Congratulations, and thank you for doing
double duty here in the last 6 months and taking this on. And
to our colleagues who were good enough to find their way to
supporting a confirmed Director, Ms. Archuleta, thank you for
your support.
As the Acting Director, Ms. Kaplan oversees the Office of
Federal Investigative Services (FIS). This office is
responsible for ensuring that the Federal Government has a
workforce that is worthy of the public trust by investigating
and reviewing applications for security clearances and by
performing background checks to determine whether a person is
suitable for employment by the Federal Government or Federal
contractor.
Acting Director Kaplan, thank you for your testimony, for
your leadership all these months, and good luck in what lies
ahead.
Our next witness is Brian Prioletti, an Assistant Director
in the Special Security Directorate at the Office of the
Director of National Intelligence. Mr. Prioletti has served in
this position since May 2013 after serving at the Central
Intelligence Agency (CIA) from 1981 to 2013. As the Assistant
Director of the Special Security Directorate, Mr. Prioletti is
responsible for leading the oversight and reform efforts of the
security clearance process on behalf of the Director of
National Intelligence (DNI).
We thank you for that, and we thank you for all your
service to our country and for joining us today.
Our next witness is Stephen Lewis, the Deputy Director for
Personnel, Industrial and Physical Security Policy in the
Office of the Under Secretary for Intelligence at the
Department of Defense. The Under Secretary of Defense for
Intelligence (USDI) is responsible for DOD's policies,
programs, and guidance related to, among other things,
personnel and facility security.
Mr. Lewis, we thank you for your testimony today, and we
are delighted to note--I mentioned to Dr. Coburn that in the
audience today is your daughter, Sara, who for a number of
years was my scheduler. She told me where to go every day, with
relish, and I usually went there--not always on time. But we
welcome both you and Sara.
The Under Secretary for Defense Intelligence is responsible
for DOD policies, programs, and guidance related to, among
other things, personnel and facility security. You have that
whole broad realm?
Mr. Lewis. Yes, we do.
Chairman Carper. All right. And how long have you been
doing this?
Mr. Lewis. Six years now.
Chairman Carper. All right. Thank you.
Our final witness is Brenda Farrell, the Director of
Defense Capabilities and Management at the Government
Accountability Office. In April 2007, Ms. Farrell was appointed
to serve as Director in GAO's Defense Capabilities and
Management team where she is responsible for military and
civilian personnel issues, including personnel security
clearance process issues. Ms. Farrell has authored several GAO
reports critiquing governmental efforts to reform the security
clearance process. We thank you for your testimony today and
earlier before Senator Tester's Committee.
Before turning it over to Mr. Jordan for his remarks, we
had a short scrum before the hearing began in the anteroom. Ms.
Farrell was not, I do not think, present in the anteroom, but
what I said to our witnesses, colleagues, and guests, I said
part of what we are trying to do here is figure out what is the
role of government. I quoted Abraham Lincoln, who used to say,
``The role of government is to do for the people what they
cannot do for themselves.'' And David Osborne more recently
said in a book called ``Reinventing Government,'' that the role
of government is to steer the boat, not to row the boat. And
here today we hopefully are going to figure out better what is
the role of government, what kind of steering do we need to do,
and who should be doing the rowing, and how do we make sure
that we are steering better; but whoever is doing the rowing,
whether it is the public sector, the Federal Government, or the
private sector, they are doing a much better job than they have
done here of late.
Mr. Jordan, you have roughly 5 minutes to give us your
statement. If you go way beyond that, we will rein you in, but
stick to that and we will be just fine. Thanks so much.
TESTIMONY OF THE HON. JOSEPH G. JORDAN,\1\ ADMINISTRATOR FOR
FEDERAL PROCUREMENT POLICY, OFFICE OF MANAGEMENT AND BUDGET
Mr. Jordan. Thank you.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Jordan appears in the Appendix on
page 48.
---------------------------------------------------------------------------
Chairman Carper, Ranking Member Coburn, and Members of the
Committee, I appreciate the opportunity to appear before you
today to discuss the government's practices and procedures
regarding security clearances, facility access, and suitability
determinations.
Before I begin my testimony, I wanted to first say a few
words about the tragic events that occurred at the Washington
Navy Yard on September 16. On behalf of the Administration and
my colleagues here today, I want to extend our deepest
condolences to all those affected by this tragedy. While
nothing can bring back the loved ones who died that day, it is
clear that collectively we need to do a better job of securing
our military facilities and deciding who gets access to them.
I and my fellow witnesses take this responsibility
incredibly seriously and are deeply and personally committed to
this effort.
I also wanted to note that, to assist with addressing the
full spectrum----
Chairman Carper. Mr. Jordan, sorry to interrupt. I said 5
minutes. You have seven. I think you were told you have 7
minutes, so take seven.
Mr. Jordan. OK. Thank you, Mr. Chairman.
Chairman Carper. You can take less. [Laughter.]
Try not to take any more.
Mr. Jordan. I shall. I also wanted to note that, to assist
with addressing the full spectrum of needs of all individuals
affected by the tragedy, we have established the Washington
Navy Yard Recovery Task Force, led by the Assistant Secretary
of the Navy for Energy, Installations, and the Environment.
As government officials, our highest duty is to protect the
national security, including the confidentiality of classified
information. Simultaneously, we have a critically important
obligation to protect individuals performing work on behalf of
Federal agencies from workplace violence. In recent years, with
Congress' help, we have taken a number of important actions to
strengthen protections of both national security information
and the physical security of Federal facilities, such as
improving the effectiveness and efficiency of background
investigations and strengthening the processes by which
agencies make national security and suitability determinations.
We must ensure those processes for granting or revoking access
to facilities and information systems fully mitigate risks.
We have a multisector workforce, comprised of military,
civilian, and contractor personnel. We have worked to ensure
that robust vetting policies and processes are applied to all
individuals with access to Federal facilities, networks, or
classified information in a consistent manner. This approach
reflects two important principles: First, the need to protect
our national security is no less critical when the work is
performed by contractors than when it is performed by Federal
employees; second, the men and women who make up the contractor
workforce are no less patriotic than their government
counterparts, and in fact, many have had meaningful careers as
Federal employees or in the Armed Forces.
While we have made significant progress in the area of
fitness and suitability, security clearance, and credentialing
process reform, we need to do more.
In 2004, Congress passed the Intelligence Reform and
Terrorism Prevention Act (IRTPA), which required all agencies
to complete 90 percent of their security clearances in an
average of 60 days.
As a result of actions the executive branch has taken to
meet the goals and objectives of that act, by December 2009
compliance was achieved. We have consistently met these goals
every quarter since, while maintaining the standards expected
of the clearance process, and the backlog of initial
investigations has been eliminated.
Importantly, executive branch reform efforts have also
extended beyond just meeting timeliness goals. In order to
align suitability and national security policies and practices
and to establish enterprise information technology standards to
improve efficiency and reciprocity, we established the
Suitability and Security Clearance Performance Accountability
Council (PAC). It is chaired by OMB's Deputy Director for
Management and accountable to the President for reform goals.
As a marker of the significant progress made, in 2011 GAO
removed DOD's Personnel Security Clearance Program from its
high-risk list. However, we recognize the serious nature of
recent events and will continue to intensify our efforts to
strengthen and improve our existing policies and processes. To
that end, the President directed OMB to lead a 120-day
interagency review of suitability and security processes. For
suitability and fitness, the review will focus on whether the
processes in place adequately identify applicants who, based
upon their character and past conduct, may be disruptive to
operations or even dangerous to the workplace. The focus on
national security risk will center on determining eligibility
and granting access that could lead to loss of classified
information and damage to national security. Additionally, we
will evaluate the means to collect, share, process, and store
information that supports these decisions, while emphasizing
transactions among and equities shared across agencies.
As part of these efforts, we will also be considering
opportunities to improve the application of these standards and
procedures to contracting, which may include, as just one
example, improved information sharing between agencies
suspending and debarring officials and the offices responsible
for making determinations for fitness and security clearances.
Our first interagency meeting is scheduled for next week
and will serve to launch our review process. Additional
meetings will occur over the coming weeks, and we fully
anticipate this review to be completed within the 120-day
timeframe.
Once again, thank you for the opportunity to testify. As I
noted in the beginning of my testimony, there is nothing more
important than the two goals of protecting our people and
protecting our sensitive information. We have steadfastly
worked in a collaborative manner to improve our processes and
procedures to ensure the safety of both. As recent tragic
events have highlighted, however, we must maintain a strong
focus on continuous improvements, and we will heed the
President's call to conduct a comprehensive review and address
any potential gaps in the most effective and quickest manner
possible. We look forward to working with this Committee and
Congress as we undertake this important work.
Chairman Carper. Mr. Jordan, thank you so much.
Ms. Kaplan, please.
TESTIMONY OF THE HON. ELAINE D. KAPLAN,\1\ ACTING DIRECTOR,
OFFICE OF PERSONNEL MANAGEMENT
Mr. Kaplan. Chairman Carper, Ranking Member Coburn, and
Members of the Committee, thank you for asking me to be here
today. The events that occurred last month at the Navy Yard
were horrifying and heartbreaking. Twelve civilian employees,
among them both civil servants and members of our contract
workforce, were ruthlessly gunned down. All of these
individuals were doing what millions of their colleagues in the
Federal workforce across the country do every day: coming to
work to serve the American people, put food on their tables,
and provide for their families.
---------------------------------------------------------------------------
\1\ The prepared statement of Ms. Kaplan appears in the Appendix on
page 55.
---------------------------------------------------------------------------
As the Acting Director of the Office of Personnel
Management and the Federal Government's Chief Personnel
Officer, I share your commitment and that of our President to
identifying and addressing the root causes of this terrible
tragedy. I also share your commitment and that of my colleagues
seated at this table to perfecting, to the greatest extent
humanly possible, our processes and procedures for determining
who shall be allowed access to our Nation's secrets, granted
the privilege of serving in a position of public trust, or
given permission to enter Federal buildings and facilities like
the Navy Yard.
To those ends, since 2008 OPM, OMB, DOD, and ODNI have
worked diligently together on a reform effort to ensure that
there is an efficient, aligned, high-quality, and cost-
effective system for conducting background investigations and
making determinations regarding security clearances, employee
suitability, and contractor fitness. We have made great
progress, as is reflected in the written testimony of the
witnesses at this table. So as Mr. Jordan just mentioned, we
have eliminated the backlog of security clearance
investigations that in and of themselves posed a risk to our
national security. We have dramatically reduced the time it
takes to complete such investigations to meet the deadlines
that Congress has established. We have imposed reciprocity
requirements for greater efficiency, issued new investigative
standards that we are now preparing to implement. We have
enhanced and professionalized the training of investigators and
adjudicators, and we have worked together to implement GAO's
very helpful recommendations by designing and imminently
deploying a new set of agreed upon metrics that we can use to
measure and drive up the quality of our investigative products.
At OPM we have implemented our own new quality control
measures and have an aggressive program to hold investigators
to the highest standards of integrity and to ensure that their
work product is something on which Federal agencies should be
able to rely with confidence.
We have overhauled and improved our processes for reviewing
the work of our investigators, increased our oversight staff,
and are retooling our audit process. We do not tolerate fraud
or falsification. We actively look for it, and in those few
cases where we find it, we take immediate administrative action
and then work, as we have, with our IG and the Department of
Justice to pursue criminal sanctions against those who betray
the trust that has been bestowed upon them.
Of course, much more remains to be done. Even the highest
quality and most comprehensive background investigation is just
a snapshot in time. The evolution of the security clearance
process has to include the ability to obtain and easily share
relevant information on a more frequent or real-time basis.
We also need to improve our capacity to receive information
in machine-readable form and to share information across the
Federal Government and with State and local law enforcement.
At the President's direction and under the leadership of
the Director of OMB, OPM has been and will continue to work
with its colleagues on the Performance Accountability Council
to conduct the 120-day review of the oversight, the nature and
implementation of national security, credentialing and fitness
standards for individuals working at Federal facilities. Our
review will focus on steps that can be taken to strengthen
these processes and the implementation of solutions.
The tragic events at the Navy Yard as well as recent high-
profile security breaches highlight the need to be ever
vigilant in ensuring that individuals entrusted with access to
classified information, and, more generally, individuals with
physical access to Federal facilities and information do not
present a risk of harm to the national security or to the
safety of our employees in our workplaces, and to the end of
improving our processes and procedures.
I thank you for the opportunity to testify regarding all of
these issues, and I will be happy to answer any questions that
you might have. Thank you.
Chairman Carper. Ms. Kaplan, thank you for that, and for
those encouraging words.
Mr. Prioletti, please proceed. Again, thanks for joining
us.
TESTIMONY OF BRIAN A. PRIOLETTI,\1\ ASSISTANT DIRECTOR, SPECIAL
SECURITY DIRECTORATE, NATIONAL COUNTERINTELLIGENCE EXECUTIVE,
OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE
Mr. Prioletti. Good morning, Chairman Carper, Ranking
Member Coburn, and distinguished Members of the Committee.
Thank you for the invitation to provide information on the
government's practices and procedures regarding security
clearances and background investigations. My statement will
address the role of the Director of National Intelligence, as
Security Executive Agent, has authority and responsibility for
oversight of the security clearance process across the
government, areas in need of attention in the current process,
and initiatives underway to address those areas. Before I
followup, I would like to make the comment that we also add our
deepest condolences to the family members for their loss and
our commitment to work toward continuing to improve the
security processes and access capabilities of the U.S.
Government.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Prioletti appears in the Appendix
on page 61.
---------------------------------------------------------------------------
Pursuant to Executive Order (EO) 13467, the DNI, as the
Security Executive Agent, is responsible for the development
and oversight of effective, efficient, uniform policies and
procedures governing the timely conduct of investigations and
adjudications for eligibility for access to classified
information or eligibility to hold a sensitive position. The
DNI also serves as the final authority to designate agencies to
conduct background investigations and determine eligibility for
access to classified information and ensures reciprocal
recognition of investigations and adjudication determinations
among those agencies.
I would like to focus on two essential components of the
security clearance process: The background investigation and
adjudicative determination.
The 1997 Federal Investigative Standards (FIS), as amended
in 2004, are the current standards used to conduct background
checks or investigations. These checks are required prior to
making a determination for eligibility for access to classified
information or eligibility to occupy a sensitive position.
The scope of the background investigation is dependent upon
the level of the security clearance required. Regardless of the
type of clearance involved, identified issues must be fully
investigated and resolved prior to any adjudication. An
adjudicative determination is based upon Adjudicative
Guidelines issued by the White House in 2005.
Clearance decisions are made utilizing the whole-person
concept, which is a careful weighing of available, reliable
information about the person, both past and present, favorable
and unfavorable.
Recently, two highly publicized and critical events
involving individuals with clearances highlighted areas in need
of attention in the current security clearance process. The
ODNI, in collaboration with our colleagues here--OMB, OPM, DOD,
and other Federal partners--has been leading security clearance
reform now for several years. Although these efforts are still
a work in progress, when mature, they will mitigate many of
these gaps and enhance the Nation's security posture.
Under current policies and practices, an individual's
continued eligibility for access to classified information
relies heavily on a periodic reinvestigation--essentially a
background investigation and adjudication conducted every 5
years for a Top Secret clearance and every 10 years for a
Secret clearance. The time interval between periodic
reinvestigations leaves the U.S. Government uninformed as to
behavior that potentially poses a security or
counterintelligence risk.
Continuous Evaluation (CE), is a tool that will assist in
closing this information gap. CE allows for ongoing reviews of
an individual with access to classified information, or in a
sensitive position, to ensure that that individual continues to
meet the requirements for eligibility.
CE, as envisioned in the reformed security clearance
process, includes automated record checks of commercial
databases, government databases, and other lawfully available
information. A number of pilot studies have been initiated to
assess the feasibility of automated record checks and the
utility of publicly available electronic information. More
research is required at this time to assess resource impacts
and determine the most effective practices.
A robust CE capability will also support and inform the
Insider Threat Programs. We must build an enterprise-wide CE
program that will promote the sharing of trustworthiness,
eligibility, and risk data within and across government
agencies to ensure that information is readily available for
analysis and action.
Another area in need of attention is consistency and
quality of investigations and adjudications. The revised
Investigative Standards, when implemented, will provide clear
guidance on issue identification and resolution. In addition,
the ODNI, OPM, and DOD are co-chairing a working group that is
developing common standards and metrics to evaluate background
investigations for quality and comprehensiveness. Furthermore,
the ODNI has hosted a working group to refine the Adjudicative
Guidelines, and recommendations regarding these guidelines are
in the policy development phase.
Another initiative supporting a more robust security
clearance process was the development of the National Training
Standards, which were approved in August 2012 by the DNI and
the Director of OPM for implementation in 2014. These standards
create uniform training criteria for background investigators,
national security adjudicators, and suitability adjudicators.
Additionally, OMB, ODNI, and OPM are working to revise
Standard Form 86, the Questionnaire for National Security
Positions, to improve the collection of accurate information
pertinent to today's security and counterintelligence concerns.
As a final note, per the President's direction, OMB is
conducting a review of the security and suitability processes.
As such, the DNI, OPM, and DOD will review the policies,
processes, and procedures related to the initiation,
investigation, and adjudication of background investigations
for personnel security, suitability for employment, and fitness
to perform on a contract.
In closing, I want to emphasize the DNI's resolve to lead
the initiatives discussed today and continue the collaborative
efforts established with OMB, DOD, OPM, and our Federal
partners. We thank you for the opportunity to update the
Committee at this time and look forward to working with you on
these matters.
Chairman Carper. Mr. Prioletti, thank you for that update.
We now look forward to hearing from Mr. Lewis.
TESTIMONY OF STEPHEN LEWIS,\1\ DEPUTY DIRECTOR FOR PERSONNEL,
INDUSTRIAL AND PHYSICAL SECURITY POLICY, DIRECTORATE OF
SECURITY POLICY & OVERSIGHT, OFFICE OF UNDER SECRETARY OF
DEFENSE FOR INTELLIGENCE, U.S. DEPARTMENT OF DEFENSE
Mr. Lewis. Good morning.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Lewis appears in the Appendix on
page 68.
---------------------------------------------------------------------------
Chairman Carper, Ranking Member Coburn, and distinguished
Members of the Committee, I appreciate the opportunity to
appear before you today to address the practices and procedures
in the Department of Defense regarding security clearances,
facility access, and background investigations.
The Under Secretary of Defense for Intelligence Dr. Michael
Vickers is the Principal Staff Assistant to the Secretary and
Deputy Secretary for security matters. In this capacity, Dr.
Vickers exercises his authority as the senior official for
DOD's personnel security program and has primary responsibility
for providing and approving guidance, oversight, and
development for policy and procedures governing civilian,
military, and industrial base personnel security programs
within the DOD.
In order to address the Department's personnel security
policies, I believe it is important to first identify the
national level policy framework. Executive Order 13467
designates the Director of National Intelligence as the
Security Executive Agent with the responsibility to develop
uniform policies and procedures to ensure effective completion
of investigations and determinations of eligibility, for access
to classified information or to hold National Security
Positions, and this includes reciprocal acceptance of those
determinations. In addition, the Executive Order designates the
Director of the Office of Personnel Management as the
Suitability Executive Agent, with responsibility for developing
and implementing uniform and consistent policies and procedures
regarding investigations and adjudications relating to
determinations of suitability and eligibility for logical and
physical access to Federal Government installations and
systems. Finally, the Executive Order creates a Performance
Accountability Council, chaired by the Deputy Director for
Management at OMB and including the DNI and the Director of
OPM, with the responsibility to align suitability, security,
and, as appropriate, contractor fitness investigative and
adjudicative processes.
With regard to the oversight roles within the DOD, the
heads of DOD components are responsible for establishing and
overseeing implementation of procedures to ensure prompt
reporting of significant derogatory information, unfavorable
administrative actions, and adverse actions related to
personnel, and this needs to be provided to appropriate
officials within their component and, as applicable, to the DOD
Consolidated Adjudication Facility. This responsibility applies
to military service members, DOD civilians, and contractor
personnel.
Under the National Industrial Security Program (NISP),
cleared contractors are required to report adverse information
coming to their attention regarding their cleared employees. In
addition, the Defense Security Service (DSS) is responsible for
conducting oversight of companies cleared to perform on
classified contracts for DOD and 26 other Federal departments
and agencies that use DOD industrial security services.
The Department has worked very hard to create improvements
that produced greater efficiencies and effectiveness in the
phases of initiating and adjudicating background
investigations. As a result, in 2011, the Government
Accountability Office removed DOD's personnel security
clearance program from the high-risk list.
We have used multiple initiatives to review and confirm the
quality of the investigative products we receive, the quality
of our adjudications, and the accuracy and the completeness of
the documentation of the adjudicative rationale which is the
basis for these determinations. This helps to support our
oversight as well as reciprocity. In addition, we have
implemented a certification process for DOD personnel security
adjudicators, and over 90 percent of these adjudicators are
certified to rigid standards, and ultimately it is a condition
of employment that each adjudicator will complete this
certification process.
In May 2012, the Deputy Secretary of Defense directed the
consolidation of all adjudicative functions and resources,
except for DOD Intelligence Agencies, at Fort Meade, Maryland,
under the direction, command, and control of the Director of
Administration and Management (DA&M). This decision was made in
order to maximize the efficiencies realized by the collocation
of the Centralized Adjudications Facilities (CAFs) under the
2005 round of Base Realignment and Closure (BRAC). And
effective October 1, the DOD CAF assumed responsibility to
adjudicate background investigations which are the basis for
the issuance of Common Access Cards (CACs) used for physical
access to DOD installations and access to DOD information
systems.
Thank you for your time, and I look forward to answering
your questions.
Chairman Carper. Thank you very much.
Brenda Farrell, It is great to see you. Welcome. Please
proceed.
TESTIMONY OF BRENDA S. FARRELL,\1\ DIRECTOR, DEFENSE
CAPABILITIES AND MANAGEMENT, U.S. GOVERNMENT ACCOUNTABILITY
OFFICE
Ms. Farrell. Thank you very much. Chairman Carper, Ranking
Member Coburn, Members of the Committee, thank you so much for
this opportunity to be here today to discuss the Federal
Government's personnel security clearance process. Let me
briefly summarize my written statement for the record and to
some extent what has already been conveyed here today.
---------------------------------------------------------------------------
\1\ The prepared statement of Ms. Farrell appears in the Appendix
on page 72
---------------------------------------------------------------------------
Personnel security clearances allow for access to
classified information on a need-to-know basis. Recent events,
such as the unauthorized disclosure of classified information,
have shown that there is much work to be done by Federal
agencies, as you noted, Mr. Chairman, to help ensure the
process functions effectively and efficiently so that only
trustworthy individuals hold security clearances.
Over the years, GAO has conducted a body of work on
personnel security clearance issues that gives us a unique
historical perspective. My remarks today are based on our
reports issued from 2008 through 2013 on DOD's personnel
security clearance program and governmentwide reform efforts.
My main message today is that quality--and, importantly,
quality metrics--needs to be built into every step of the
clearance process.
My written statement is divided into two parts.
The first addresses the overall security clearance process.
Multiple executive branch agencies are responsible for
different steps of the multiphased personnel security clearance
process that includes: (1), determination of whether a position
requires a clearance; (2), application submission; (3),
investigation; (4), adjudication; and, (5), possible appeal if
a clearance is denied or revoked.
For example, in 2008, Executive Order 13467 designated the
DNI as the Security Executive Agent. As such, the DNI is
responsible for developing policies and procedures to help
ensure the effective, efficient, and timely completion of
background investigations and adjudications relating to
determinations of eligibility for access to classified
information. In turn, executive branch agencies, such as DOD
that accounts for the vast majority of personnel security
clearances, determine which of their positions--military,
civilian, or contractors--require access to classified
information and, therefore, which employees must apply for and
undergo a clearance investigation.
Investigators, often contractors for OPM, conduct these
investigations for most of the government. OPM provides the
resulting investigative report to the requesting agencies for
their internal adjudicators to make the decision as to whether
or not the person is eligible to hold a clearance. In 2012, we
reported that there were issues with the first step of the
process: Determining which positions require access to
classified information. We reported that the DNI, as Security
Executive Agent, had not provided agencies clearly defined
policies and procedures to consistently determine if a position
requires a clearance or establish guidance to require agencies
to review and validate existing Federal civilian positions.
We recommended that the DNI, in coordination with OPM,
issue such guidance, and ODNI concurred with our
recommendations. I am pleased to say that the DNI and OPM have
actions underway to address our recommendations, and we will
continue to monitor their actions.
The second part of my statement addresses the extent to
which executive branch agencies have metrics to help determine
the quality of the security clearance process. For more than a
decade, GAO has emphasized the need to build and monitor
quality throughout this personnel security clearance process to
promote oversight and positive outcomes, such as maximizing the
likelihood that individuals who are security risks will be
scrutinized more closely.
For example, GAO reported in 2009 that, with respect to
initial Top Secret clearances adjudicated in July 2008 for DOD,
documentation was incomplete for most OPM investigations. We
independently estimated that 87 percent of 3,500 investigative
reports that DOD adjudicators used to make clearance
eligibility decisions were missing some required information,
such as verification of all of the applicant's employment. We
also estimated that about 12 percent of the 3,500 reports did
not contain the required subject interview.
In 2009, we recommended that OPM measure the frequency with
which its investigative reports met Federal investigative
standards in order to improve the quality of investigative
documentation. As of August 2013, OPM had not implemented this
recommendation.
Finally, I would like to note that we initially placed
DOD's clearance program on our high-risk list in 2005 because
of delays in processing clearances, and we continued that
designation until 2011, when we removed DOD's program in large
part due to the significant progress in reducing the amount of
time to process a clearance and steps DOD had taken to help
ensure the quality of the adjudication process.
At that time we noted executive branch efforts underway to
develop and implement metrics to measure the completeness of
OPM's investigations provided to DOD. Unfortunately, these
efforts have not been realized.
The progress that was made with respect to reducing the
amount of time to process clearances would not have been made
possible without the committed and sustained oversight by
Congress and the executive branch agency leadership. Further
actions are needed now to oversee quality at every step of the
process, including background investigations.
Mr. Chairman, this concludes my remarks. I would be pleased
to take questions when you are ready.
Chairman Carper. Great. Thanks so much for your testimony.
Thanks for your good work in this area, and to all of you for
your work in this area.
After I ask some questions, Dr. Coburn will be recognized,
then Senator Tester, and then in the following order: Senator
Ayotte, Senator Heitkamp, Senator Landrieu, Senator McCaskill,
and Senator Portman. Some of those folks have slipped out, but
they will come back.
I just want to start with you, Ms. Farrell, if I could. We
appreciate very much your formal testimony. I want to just have
a less formal conversation. Of the things that we have heard
from each of our witnesses, about the changes that are being
made, the reforms that are being adopted or have been adopted,
what should we feel especially good about?
Ms. Farrell. I think the collaboration between DNI and OPM
and the other agencies has improved over the years. I think
when we started this work back in 2005 looking at timeliness
issues, there was not a lot of collaboration and communication
going on. I think that Executive Order 13467 that established
the Performance Accountability Council and appointed the Deputy
Director for Management at OMB as the Chair helped provide a
governance structure for that collaboration to continue.
The most notable improvement that we have seen is with the
processing of initial personnel security clearances at the top
secret level. There are no metrics for the processing times for
other aspects, such as the periodic reinvestigations, and,
again, our concern has been--and we have stated this over the
years since 2005--that we do not want to see the processing of
the clearances expedited at the expense of the quality of the
investigations.
Chairman Carper. All right. Of the work that is in
progress, some of which we heard discussed today, would you
just talk with us for a little bit about what are some of the
most important aspects of that work that are in progress, and
with a thought of how we in the legislative branch can be
helpful, most helpful in expediting that work that is in
progress?
Ms. Farrell. Yes, I think the work that the agencies are
doing to revisit the investigative standards is very important.
This gets to the heart of what we are saying about quality. By
quality, we mean for the background investigations in
particular, are we obtaining the right information, the best
available information from the right sources? Is it complete?
Is it reliable?
So I think revisiting the Federal Investigative Standards
and seeing if there are new techniques or new information that
needs to be included--and perhaps some needs to be excluded
since these standards go back decades. But that is, I think, a
very good focus: First determine if you are collecting the
information that you need for the background investigations,
and then make sure that you have metrics for the completeness
of that information.
Chairman Carper. The second half of my question is advice
you might have for this oversight Committee to try to make sure
that the work that is in progress, some of the most important
work that is in progress, is actually accomplished. Your advice
to us?
Ms. Farrell. Yes. I think part of the reason that we saw
progress with the timeliness issue was due to congressional
oversight, as I noted in the opening and in my statement. Also
at that time, the Intelligence Reform and Terrorism Prevention
Act of 2004 required an annual report to Congress for interim
steps to meet the final goal of processing clearances within a
60-day period. The good thing was it was not something expected
to happen overnight. Again, there were interim steps for the
executive branch to take to meet that 60-day goal.
That annual report reflected information on timeliness to
help make sure that they were meeting those interim goals, and
if they were not meeting them, what could they do to make a
course correction in order to continue that significant
progress?
There was a sunset clause on that annual reporting, and we
have not had the same type of oversight for the remainder of
the reform efforts as we did for timeliness. So I think this
may be an area, either through reporting or through continued
congressional hearings, with interim steps to help meet the
goals.
One of the areas we have concerns is on metrics. In May
2010, several of the executive branch leaders signed a memo to
some congressional leaders noting metrics under development
that they were planning to put in place, and this covered not
only timeliness but the investigations, the adjudications, and
reciprocity. A lot of these metrics dealt with quality of the
process. But those metrics, as I have noted, with the exception
of timeliness, have not been fully developed, and this is
something that we would like to understand why not, what is the
plan to proceed?
Chairman Carper. All right. Thank you. I want to drill down
a little bit, if I could, on the issue of quality control.
Yesterday the Department of Justice announced, I believe, that
it is joining a lawsuit brought against the United States
Investigations Services, a company that performs about almost
half of all investigations that are contracted out by the
Office of Personnel Management. The case alleges that USIS sent
back to OPM investigation reports that were not yet complete in
order to maximize profits, a practice that I previously
referred to as ``dumping.''
For Ms. Kaplan, if I could, this lawsuit comes on top of
all the questions that have been raised about the
investigations of Aaron Alexis and Edward Snowden. Are we at a
crisis point with the credibility and integrity of the security
clearance process? What should give us any faith in the current
system?
Ms. Kaplan. I appreciate the question, and I certainly
understand it based on the reports that have appeared. As you
mentioned, Senator, on Tuesday afternoon, a False Claims Act
complaint was unsealed, and it contains very serious
allegations of contract fraud against USIS arising out of
conduct that took place in 2010 and 2011. We have been aware of
these allegations since the complaint was filed in July 2011.
We have been working closely with DOJ and our IG to implement
changes that would address the contract fraud and ensure that
it would not continue.
Let me explain to you what we understand the allegations to
be.
We understand the allegations to be that--well, the
contractors have an obligation under the contract to conduct
their own quality reviews of investigations. Once they finish
their quality reviews, they send the product to OPM, and we
conduct our own quality reviews of the investigation.
What the allegation is here is that, in order to move cases
more quickly, USIS did not conduct its own quality reviews. And
that is a real problem, obviously, if the allegations are
substantiated because it is contract fraud, because they were
certifying that they were completing the quality reviews. It is
also a real problem because we rely on their quality reviews in
order for us to be able to move the investigations along more
quickly. We like them to catch issues and fix them before they
send the reports on to us.
I will say, maybe it is cold comfort, but the cases that
were, to use the phrase, ``dumped'' were cases that also were
subject to OPM quality review. So it is not that the cases were
never reviewed before they were passed on to the agency.
That being said, we have done a number of things as soon as
we became aware of the allegations. With respect to OPM, we
have significantly increased the number of government personnel
performing contractor oversight by increasing the number of
people, the full-time equivalent (FTE) levels, and realigning
our internal staff.
We have increased onsite inspections with contractor
review, including a comparison of their process to the
requirements of the contract.
We have increased the frequency of the audits of cases
closed by the contractor.
We have developed a new report to detect instances where
quality reviews may not have been performed according to the
terms of the contract, as is alleged to have occurred here.
We have sort of conducted inspections on the average number
of reports being reviewed and released by the contractor's
review staff for trend analysis so we can find anomalies.
We have removed former USIS officials allegedly involved
with the misconduct from the OPM contract.
And we are currently in the process of recompensing our
support services contract, which is also held by USIS, to
preclude a concern that there might be collusion between the
support staff and the field investigators. And that was a
recommendation of our Inspector General.
Lots of things have occurred at USIS since this----
Chairman Carper. My time has expired. I want to be
respectful of my colleagues.
Ms. Kaplan. OK. Sure.
Chairman Carper. But just sum it up in one more sentence,
and then I need to recognize Dr. Coburn. But thank you. This is
a good response.
Ms. Kaplan. Understood. Well, a lot of changes have been
made at USIS. There is a new Chief Executive Officer (CEO)
there. There is a chief compliance officer. There are new
integrity standards. There is an internal audit committee.
There have been a lot of changes made since the events that are
revealed in the complaint, and that has given us some level of
comfort and confidence that we can rely on these products,
rely, and trust, but verify.
Chairman Carper. Trust, but verify. Well said.
Dr. Coburn, thank you.
Senator Coburn. Well, thank you. Thank you for your
testimony. I kind of see this as a multitude of problems. I
mentioned in my opening statement we overclassify, which is a
problem for the American people because that means it is not
transparent. And sitting on the Intelligence Committee, I get
to see what is secret and what is top secret, highly classified
and compartmentalized.
One of the other things I see is in five different
instances we have people who are doing the investigations who
are also doing the adjudication. So we had an absolute conflict
of interest in terms of separating of authorities and
responsibilities in five areas in the clearance process, five
separate areas where we have the same person adjudicating or
the same firm adjudicating what was cleared, what was
investigated.
Third, as we have noted, we have three different instances
in our very remote history where we have obviously failed in
terms of our clearances. Whether it is Bradley Manning or what
happened here at the Navy Yard or what happened at the National
Security Agency (NSA), we have a failure. And the other thing
we have is now we know that we have 8,400 people with
clearances that do not follow the law when it comes to paying
their taxes, and half of them have a Top Secret clearance. The
American people ought to be asking what in the world is going
on.
So my question is: We have now seen outlined who is
ultimately responsible for it. That is the DNI. Correct?
Mr. Prioletti. Yes, sir.
Senator Coburn. And we have the Defense Department that is
making improvements but still has a way to go, and we have
failure with contractors in allegedly not doing what they are
supposed to do. There is also another IG investigation going on
along with that. So what is the answer?
One of the answers has to be doing the job that we do
better, one. No. 2, the other has to be using data that is
available. Where is that form? This form, for 20 bucks you can
get 90 percent of the information on the Internet that is in
this form. Now, we pay $2,400 for Top Secret clearances. Is
that right? That is about what we pay. It is about $2,400.
Ms. Farrell. For Top Secret, it is more than that. It is a
little over $4,000.
Senator Coburn. OK, $4,000. For Secret, what do we pay?
Ms. Farrell. About $262.
Senator Coburn. OK. And for $20, you can find out 90
percent of this stuff online right now. And so the question is:
Maybe we need to step back and say, first of all, we have way
too much stuff classified, we have way too many people who have
to have a clearance. Second, how we are doing it is not
utilizing data that is out there today that is readily
available. Third, we have had a response from Director Clapper
that they are going to start coordinating with the Internal
Revenue Service (IRS). Well, most people would say that is kind
of a no-brainer. That would be one of the things you would want
to check. You have a form. It is in the form: Have you paid
your taxes? But it looks to me like nobody ever cross-
referenced that with the IRS. Nobody ever checked to see if
that data was accurate. And all that is a computer check.
So I guess my question to you is--and my final point is
this: Creating the expectation that your clearance is tentative
on the basis of you passing some type of renewal and not
knowing when that is going to be--the CIA used to have random
polygraph tests. They do not even have random polygraph tests
now. You are noticed. I can pass any polygraph test with two
drugs in me, and you will never know it. And so the fact is we
need to create an environment where, one, we lessen the number
of people that need a clearance, we do a whole lot better
clearing, and then we need to create the expectation that you
are going to be randomly checked to see if, in fact, you still
deserve to have that clearance. That is the system. And the
details are difficult. I am not saying it is not difficult. But
how we do it and how much it costs and holding contractors
accountable for doing the very job we are paying them to do
does not seem to be happening.
And my question, I would just like a response from you all:
How do we solve this? You all have laid out where we are. But
how do we solve it? We have all these areas. This form, three
pages of instructions, seven pages where you live, five pages
of names, 17 pages of employment, four pages of military, 29
pages on relationship, 21 pages on foreign activity, two pages
on emotional health, seven pages on police records, 11 pages on
drug and alcohol, eight pages on financial records, five pages
on associations, and three signature pages. And I know you are
reforming the form, but the point is what we want to do is go
for the gold. And so not all of this, first of all, is checked
from a quality assurance check, and No. 2 would be: Can we
create a process that gets to the gold and not rely on a form
as much as we can data that is already out there that the
government already holds?
I am amazed--are you all amazed that 8,400 people in this
country have a tax debt that makes them vulnerable to divulging
secret data or top secret data and they have clearances today?
Does that bother anybody here? That puts us at risk.
So my question is: Whoever wants to answer my broad
commentary or at least educate me in a different direction, I
would love to have it.
Ms. Kaplan. If I could just make one point, and I am sure
my colleagues will jump in. You had noted--and I think this is
a misimpression that a lot of folks have--that the contractors
are doing both the investigations and the adjudications, and
that would be a really bad system. But, in fact, the
adjudication is not done by the contractors. It is done by the
agency that is granting the clearance. So I just wanted to
make----
Senator Coburn. Can they use a contractor to do it?
Ms. Kaplan. No. That is an inherently governmental
function. It is not something we would entrust to a contractor.
I believe I am right about that----
Senator Coburn. Let me ask you another question. We are
using contractors for this clearance process. To me it would
seem that the clearance process in and of itself is an
inherently government function, not just the adjudication but
the investigation. Any comments on that?
Ms. Kaplan. Well, I am actually going to turn that over to
Mr. Jordan.
Mr. Jordan. Senator, the collection of information, the
analysis is not an inherently governmental function. As
Director Kaplan said, the decision, the adjudication is an
inherently governmental function. That should only be performed
by government employees. But the collection of information is
not inherently governmental.
And to your earlier question, this goes to the very nature
of what we are doing in our coordinated interagency review. How
do we get the right data in the right people's hands at the
right time to make the right decision? So Continuous
Evaluation, which Mr. Prioletti spoke of, is a very important
piece. Automated records checks, to the extent that we can
build out our capabilities there, very important. Building both
efficiency and effectiveness, furthering both of those in the
system. And then making sure that we are constantly looking at
all of the processes in the end-to-end spectrum, from
initiation through the investigation and the adjudication, and
then on an ongoing basis to make sure that we address any gaps,
any weaknesses as quickly as possible.
We have about 5 million people with security clearances,
and you noted several instances, but they are few. The issue is
any single point of failure has such monumental negative
consequences that we need to do everything we can to make sure
we do not have a single one.
Senator Coburn. Well, I have not heard anybody say
anything--I think Senator Tester and I agree. We classify way
too much stuff. Do you all disagree with that? And what is the
answer to that? Because once you create something that is
classified, the only people that can work on it are people that
have a clearance for that classification or above. What is
GAO's response on that?
Ms. Farrell. That is a separate issue from the people part,
but we have done work in the past looking at the potential
overclassification of materials, and we do have work that just
started looking again at the potential overclassification.
That, though, does relate to the first step of the personnel
security clearance process, determining if a position needs to
have access to classified information, and that is where those
types of tradeoffs could be made.
There is a misperception often that security clearance
follows the person. It does not. It follows the position, so as
we have noted, there has been a lack of guidance in that area.
We did work at DOD and DHS, components within both of those
departments. We found that some components took initiative to
revalidate existing positions, and some did it one time and had
no plans to do it again. Some never did it.
So from a personnel security clearance process view, that
very first step is very important to make sure that the
position does require access to classified information. That is
where those types of questions could be asked: What is that
classified information? If you overclassify, then you
overclassify positions, then it starts the snowball effect of
having 5 million people who have clearances now.
Senator Coburn. I will wait for the second round. Sorry.
Chairman Carper. That is quite all right.
Just a quick note, if I could. I did a little bit of math.
I hope I did this right. If there are 8,400 people out of the
4.9 million people that have clearances, that is about 0.16
percent that apparently owe the government some money. My hope
is that most of them are on a repayment schedule. We do not
know, but hopefully they are.
Dr. Coburn says 40 percent of those are on repayment
schedules, so that means that about 0.16 percent owe the
government some money that are not on a repayment schedule.
That is not good. But compared to what? Compared to the 99.9
percent who have a clearance who do not owe the Federal
Government anything on taxes. So----
Senator Coburn. Would you yield for a minute?
Chairman Carper. Sure.
Senator Coburn. To me it raises the question. It is not
about a percentage. It is if you are not following the law in
terms of paying your taxes, why should you have a security
clearance at all, whether you have a payment plan or not? You
have not complied with what we expect every other American
citizen to comply with, and you have a security clearance? To
me it begs the question, you are not up to date on your taxes,
you no longer have a clearance, period. I mean, it is creating
the right expectations, is my thought.
Chairman Carper. OK. Good. The other thing I would say, I
spent 23 years of my life as an active and reserve duty naval
flight officer. If I had a dollar for every time I heard me and
others of my colleagues say, ``We have too much stuff
overclassified''--this is an age-old problem. It is still a
problem. I would readily acknowledge that. It is the kind of
thing we have to go back again and again and again in looking
at this stuff that we are classifying and ask the question: Do
we really need to classify this? So that is a good question to
ask.
Senator Tester, you have done good work, you and Senator
Portman there sitting next to you, and Senator McCaskill and
others. We thank you for all that, and you are recognized.
Senator Tester. Yes, thank you, Mr. Chairman, and I think
even the bigger issue than the taxes paid is that taxes paid is
pretty basic, so what else is going on out there that they are
allowing--that are slipping through the cracks on security
clearances? Because taxes, I mean, that is right in front of
our face, and we are missing that.
Mr. Chairman, to followup with Senator Coburn's comments, I
think that we have pushed through this Committee the revolving
fund dollars to be allowed for more transparency, more audit,
and more accountability. The House Committee has passed that,
but the House has not, and I would encourage you to do what you
can do with your counterpart over in the House to make sure the
full House takes that up, because that is critically important.
Then there are two other pieces of that bill that Senator
Portman, Senator McCaskill, Senator Johnson, and Senator Coburn
are all a part of, plus some others, that deals with
accountability and it deals with a number of clearances that
are out there, and I think that we should push to try--I know
there are negotiations going on, but you have to set a level of
expectation, and I think that is what that does in part.
I want to followup a little bit on what Chairman Carper
talked with you, Elaine, on the DOJ suit that was filed in
July, 2011, and we were told by OPM that there was not any
problems with USIS. And there is a suit out there that does not
look very good to me, and now we are finding out that OPM is
probably going to get on board or may be going to get board or
is getting on board. What is going on? It looks to me like,
quite frankly, there is a real disconnect here between what the
contractors are doing and what the expectation is for the
contractors to do. And people are dying because of it. We are
losing critical information because of it. I mean, the list
goes on and on.
So what is going on?
Ms. Kaplan. Thanks for the question. I am not aware of
anyone at OPM saying there was no problem with USIS. I do know
that because of the fact that this complaint was under seal we
were unable to talk about the complaint. And now we can talk
about the complaint, which I think is a good thing. And I think
what we have tried to do, as I was explaining to Senator Carper
before, was--and this started before the complaint became
public, and it has been over the last several years--is to
address and to rectify the problems that are revealed in these
allegations in this complaint, which was under seal.
And as I mentioned, we have done many things at OPM to
prevent this from happening again. This is contract fraud, a
failure to do quality reviews that they were obligated to do
under the contract. And there have been many changes made at
USIS as well--many changes involving a whole new staff at the
top, a compliance office, internal audit, all sorts of things
that have given us greater confidence----
Senator Tester. When were those changes made?
Ms. Kaplan. Those changes have been made over the last 2
years, since the allegations in the complaint, and we have been
working with our IG on it and with the Justice Department, and
so we feel that the allegations are certainly very disturbing,
and what we have tried to do is address the underlying concerns
without speaking publicly about them.
Senator Tester. I am not an attorney, but they have been
sealed, but you have known what is in the charges, you just
cannot talk about it publicly. Is that correct?
Ms. Kaplan. I can tell you right now--in fact, you can go
online probably----
Senator Tester. Yes, I do not care about now. I want to
know about July 2011. Were you guys aware of what the charges
were?
Ms. Kaplan. We knew what the allegations were in the
complaint. However, working with the Justice Department and our
IG, we were advised, of course, not to discuss it because it
was a matter under seal.
Senator Tester. And that is cool. That is fine. I guess the
real question here is that they--USIS does 60 percent of the
background checks, right?
Ms. Kaplan. I think it is 50.
Senator Tester. 50 percent, which is----
Mr. Kaplan. Yes, close enough.
Senator Tester. There are three companies that do the
contracting, so they are doing the lion's share of it.
Mr. Kaplan. Yes.
Senator Tester. Was there any oversight, additional
oversight given as of July 1 on the work that they were doing?
How often was it done? And, by the way, are those kind of
metrics used now on all of them? Because, quite frankly, when
money is involved, obviously there are some folks that do not
give a damn about the product and they just want to make the
money.
Ms. Kaplan. Yes, I mean, that is a good question. What we
have done--and it is not just oversight of USIS, because we
have other contractors and we have Federal employees, quite
frankly, who do the work, too. They need to be watched.
Senator Tester. So what determines what background checks
go to USIS and what goes to--these guys do some things
particularly well and other things not so well? Or do you just
dole them out like a deck of cards or what?
Ms. Kaplan. I do not think it is like a deck of cards, and
I actually do not know what the--I will get an answer to you on
that question. I suspect it is based on the location of the
investigation, but it is not as though, oh, they do the top
secret and the Federal staff does----
Senator Tester. I believe it was you that talked about
quality metrics. It might have been Brenda, too. What
determines what background checks you guys look at to see if
they are done appropriately?
Ms. Kaplan. We look at all of them. We look at each
background investigation.
Senator Tester. So you looked at Alexis' background check?
Ms. Kaplan. Yes, we did. Well, would you like me to talk
about the Alexis----
Senator Tester. Well, I mean, you can, but the information
is out there. I mean, the naval record alone should have
brought up some red flags.
Mr. Kaplan. Well, what we did----
Senator Tester. And what you are saying is two folks missed
it now. USIS missed it--well, I do not know if USIS did that
one or not. But the contractor missed it--they did?
Senator McCaskill. They did.
Senator Tester. The contractor missed it and you guys
missed it.
Ms. Kaplan. Well, to be clear, I would have to say that
based on our own review and I believe also ODNI's review the
Alexis investigation, yes, we all missed something for sure.
But we did what was required of----
Senator Tester. Multiple somethings.
Ms. Kaplan. Well, I want to make sure, because it is really
important to get to the root cause of this, that we understand
each part of this. We did the investigation in 2007, and it was
for a Secret clearance, and there are certain protocols and
standards that apply to a Secret clearance. It is not a Top
Secret clearance. We conducted the investigation that was
required by the Investigative Standards, so having gone through
quality control both at USIS and OPM, we would have passed that
investigation because it complied with Investigative Standards.
Now, what we are looking at right now in the context of the
review and what we have been looking at is, well, are the
standards up to snuff? Should we be required to get police
reports, for example? Should we be required to get mental
health information even from someone who has a Secret as
opposed to a Top Secret clearance? All these things need to be
looked at. But it was not, in our view, a case of malfeasance
on the part of the contractor. We believe the contractor did
what they were supposed to do.
Senator Tester. Senator Coburn obviously knows what you
looked at because he had the thick file, but if you do not look
at police reports and you do not look at criminal background--
what do you look at?
Ms. Kaplan. No, we did look at the criminal--I will tell
you what we looked at. The way it works is when--with this
Secret clearance is that there is an FBI check done, and we get
the FBI database, and the FBI reveals arrests, it frequently
does not reveal the disposition of cases that are handled at
the State and local level. And so the FBI record revealed that
Mr. Alexis had been charged and arrested for what was called
``malicious mischief.'' And under the existing standards, our
job, or the job of the contractor in this case, was to go out
and find out what the disposition of that charge was and to
find out more information about the charge.
Now, some have questioned now why OPM's investigators did
not go get a police report. Well, the reason that a police
report was not obtained was because , there were like 1,700
different localities, law enforcement jurisdictions. They all
have different rules about what they are going to supply to us.
And in this case, we had experience with Seattle. Seattle did
not provide police reports. And they have their own good
reasons, I am sure.
Senator Tester. All right.
Mr. Kaplan. So what we were referred to by Seattle was this
State database, the State of Washington, their court records,
and that is where we went. And that revealed that Mr. Alexis
was charged with malicious mischief, but the charges were not--
--
Senator Tester. Can I--and I appreciate I am over time, but
can I just ask you, when you guys do an oversight look, how
many do you find a problem with?
Ms. Kaplan. I do not have that information, but I can get
it for you. If there is a problem--and there are all kinds of
different problems--we try to get the contractor to fix the
problem, for example, if it is incomplete. And then if there is
a problem, if the adjudicator looks at our investigation and
feels like it is inadequate, they can come back to us and ask
us to do more work.
Senator Tester. We could be here all day, and we probably
should be here all day. It is important. Thank you.
Chairman Carper. Thank you, Senator Tester.
Senator Ayotte, welcome.
OPENING STATEMENT OF SENATOR AYOTTE
Senator Ayotte. Thank you, Mr. Chairman, and I want to
thank you for holding this very important hearing.
Let me just followup as to what Senator Tester said. As I
understand it, in the case of Mr. Alexis, OPM did actually go
to the Seattle Police Department to get the underlying police
report?
Ms. Kaplan. No.
Senator Ayotte. They did not?
Ms. Kaplan. No, we did not because we do a lot of these
investigations and our understanding was that Seattle did not
make that kind of information available. They routinely
referred us to the State of Washington database, and that is
where we went.
Senator Ayotte. So we did not try to get the underlying
police report. The decision of OPM was just that we have dealt
with Seattle in the past, they will not give us a report?
Ms. Kaplan. Well, our obligation is to try to find out the
disposition or if there have been charges, and it was not as
though we decided we are not going to make an effort here. We
just, based upon the fact that in the past--and this occurs
with other jurisdictions besides Seattle. They will refer us to
another database, and, that is what they did. And we did not go
in this particular case and say, ``Will you depart from your
policy?'' But, just--this is, again, something that we need to
take a really close look at and we are going to be looking at
as part of the President's review, because it is problematic,
certainly, that, there was this information written on a piece
of paper somewhere that we did not have access to.
Senator Ayotte. Yes, I find it actually incredibly shocking
that we would not pursue a police report in any of these arrest
situations, because the nature of the charge looking at the
underlying police report, having been a prosecutor, can tell us
very different information, and a prosecutor may not have the
elements to make a particular charge, and the disposition may
tell us nothing. But, seeing prior behavior here with Aaron
Alexis getting a police report would have flagged a very
different set of conduct for anyone looking at that. So I
believe we do have to change that, we do have to get the
underlying reports. And if that requires coming to an
understanding with law enforcement across the country, I would
be shocked, having worked with so many police officers, that
they would not be willing to have an understanding with the
Federal Government on this given what is at stake for the
country.
One of the things that concerned me also as I heard the
discussion, Judge, between you and Mr. Tester was this issue of
the USIS lawsuit. In 2011, coming before the Committee, I was
not a Member of the Committee then, but the fact that this suit
was sealed and as a result of consultation with Justice you did
not feel because of the sealing of the suit that you could
share that information. I understand you have to go to Justice
for advice on these issues, so I am not being critical of you
on this. But what I would be critical of is why wasn't there--
this seems to me a core issue of oversight that the Committee
would need to know that was the subject of this sealed suit
that now we are seeing obviously some of the consequences of
perhaps part of this being USIS obviously with Snowden and with
what we are seeing in other cases. And it really troubles me to
think that this would be sealed. Was there any discussion with
Justice about how this is a very important piece of information
that the Committee really needs to know? Because I have a real
problem that Justice would not have gone to the court and taken
actions, having been a prosecutor myself, to try to unseal it,
explain that there is a separate duty here that the Congress
needs to be aware of information and protect the country. And I
think this is part of a bigger issue, so I wanted to get your
thoughts on that. And did you come subsequently and update us
as soon as you could once this thing was unsealed?
Ms. Kaplan. I am here today. It was just unsealed 2 days
ago.
Senator Ayotte. OK. Fair enough. So, in other words, it was
sealed for 2 years.
Ms. Kaplan. Well, and, I am not an expert in this, and
thank you for calling me ``Judge,'' even though I am not a
judge yet. I appreciate it. And I am not an expert in this, but
this is, a False Claims Act case----
Senator Ayotte. Right.
Ms. Kaplan. They are--they have a very special treatment
because somebody comes forward as a whistleblower, and then the
government has to keep it under seal because the government
wants to decide whether to intervene in the case.
Senator Ayotte. Right.
Mr. Kaplan. And so I think that is the reasoning behind the
sealing. That is----
Senator Ayotte. So understanding that there obviously are
different rules in a False Claims case--but this is an issue
because we have a separate responsibility, and we have to get
to the bottom of this so that this Committee is not waiting a
couple years later while this decisionmaking is ongoing in the
Government when there is a critical issue with a contractor
that needs to be addressed. I believe that this is an important
issue that we have to get at.
Senator Coburn. If you would yield, I think the real
question is, now that you have this problem out there, the
response I would say is: Why weren't we monitoring quality
assurance on our contractors to begin with? And what have we
done since then to monitor quality assurance on the three
contractors that are out there doing it?
Ms. Kaplan. That is a fair question. With respect to what
were we doing before, I have been told that actually we were
sort of hot on the heels of this around the time that the
complaint was filed, because we were starting to notice that
the quality reviews were being done either too much by one
person or too quickly, and so we had already made inquiry with
USIS. But obviously we did not catch it quickly enough, because
it occurred. And so what we have done since then is we have
focused more, as I had said before, on those reports to enable
us to find anomalies before the problem was occurring more
quickly, and we have beefed up the staff, the Federal staff
that is working on those matters. And at the same time, USIS
has made many, many significant changes in the way that they
operate, and so there have been a lot of changes made.
And with respect to the question about not being able to
talk about it, in some ways it was very frustrating to us as
well, because you are looking at----
Senator Ayotte. I can imagine.
Ms. Kaplan [continuing]. Things in the newspaper and you
are unable to--but I think that you would have to ask the
Justice Department more about it, but I think that they believe
that this is required by law.
Senator Ayotte. Thank you. And I think obviously that is
something we need to work through so we are not in this
situation in the future.
I also wanted to ask about--I believe, Mr. Prioletti, you
raised the issue of Continuous Evaluation, and yesterday
Senator Collins, along with Senator McCaskill, myself, and
Senator Heitkamp, introduced a bill that would provide--one of
the issues I see in all of this is an issue that we rely too
much on self-reporting, particularly after we have granted a
clearance. And our bill is fairly straightforward in that there
would be two random audits conducted.
As I understand your testimony, you have talked about this
idea in your testimony of automated record checks, yet you say
there is more research required. I do not understand how, if we
do not have some random checks and we are relying totally on
self-reporting--frankly, people's lives change dramatically and
can change in 5 years' time--that we will have a system that
really verifies that people should maintain their clearance
status. So I wanted to get your thoughts on that.
Mr. Prioletti. Thank you, Senator. What I was referring to
is we do automated record checks at this time or electronic
record checks. All the government agencies do that at times.
For example, when Director Kaplan referred to the police
checks, going to the electronic record checks to get that
information, there are ongoing processes such as that going on
right now.
What I was referring to with Continuous Evaluation is an
expansion of that into more areas that include internal
government databases as well as external, both government and
commercial databases. Some of the specificity I cannot get into
in today's current environment in this proceeding here. But
what we are talking about is building the enterprise-wise--in
other words, have an automated records check ability, a
Continuous Evaluation, whether it be several times over a 5-
year period or whether it be more frequently than that, that
can serve both the United States military units, can serve the
intelligence community as well as serving the non-Title 50's.
What we have done is we launched a CE, if I may use the
term, Continuous Evaluation Working Group that was made up of
Intelligence Community (IC) members, OMB had representation,
OPM had representation, and DOD had representation. And we
created a concept of operations that is now ready for testing
that takes a level of checks that are high enough to satisfy
the requirements of Top Secret Sensitive Compartmented
Information (SCI) organizations such as the IC, but also
reasonable for the expectations of an non-Title 50 organization
or some of the other organizations. That is a very touchy
balancing act to make sure that we have enough checks, but it
is an expansion on what is currently done.
Director Kaplan mentioned that there are national agency
checks, police checks, and financial checks for the Secret
level clearances. We have expanded those to cover other areas,
some databases which include classified information and some
that do not, as well as the commercial databases.
The area that I think you are most concerned about is the
social media or publicly available electronic information, and
that is where the research is being done, Senator. We have to
find that balance between the civil liberties and privacies of
a U.S. citizen versus national security interests. That is
where we are doing it. I do not have, as a representative of
the ODNI, the luxury of going into a social media or publicly
available database, pull information out of there, and submit
it as being the truth. The government has a responsibility, an
obligation to every one of its citizens to ensure that the
information is true and accurate before we use it in the
adjudicative process.
Senator Ayotte. Well, I know my time is up, but I can tell
you that obviously when our teenagers go online and get
important information on social media and yet we are not going
to use it to find out that someone is involved in something, I
think that is a little hard to believe. We need to take a
commonsense approach to this.
So my time is up. I also think we need to have random
checks on people instead of just relying on their own self-
reporting. Thanks.
Chairman Carper. Senator Ayotte, thank you. Senator
Heitkamp.
OPENING STATEMENT OF SENATOR HEITKAMP
Senator Heitkamp. Thank you so much, Mr. Chairman, and
thank you, Ranking Member. I think this is such a critically
important response and quick response to this horrible tragedy,
and I hope that the family members take some comfort that we,
too, share their concerns.
I have read this report, and I can tell you honestly, as
somebody who used to do background checks for people involved
in gambling in North Dakota, if you were going to get paid
minimum wage to deal Blackjack, he would not have passed that
background check. He could not have dealt Blackjack in North
Dakota, but yet he had a clearance that allowed him to come on
to a Navy base and do serious human damage. And so it is really
frustrating; we are all frustrated here with this process.
And I completely appreciate your privacy rules, but when
you apply for this clearance, you waive your right to privacy.
And every parent on this panel who deals with social media
knows if you want to know what your kid is doing, go out on
social media. You may think that does not have the veracity of
a court record, but I can tell you, as somebody who has looked
at court records repeatedly doing background checks, it
certainly does. A picture is worth a thousand words, and it is
heartbreaking.
And so we take this one example, and I always fear that one
example does not prove the case, but we have multiple examples
now of where we failed in the clearance system to actually
ferret out people who would do damage to co-workers, murder co-
workers, but also damage to our national security. And so this
is a very broad issue and a very important issue.
I want to talk about self-reporting, and I want to talk
about the consequences of not self-reporting. I was, quite
honestly, shocked--because I am new to this Committee and new
to looking at government security clearances--the huge number
of people in this country who have these clearances. I mean,
this is a big group to manage. Right? We would all agree with
that. So obviously random checks are a critical and important
part of this, and you see that from the bill that we
introduced. But we need to make the self-reporting more
effective as well.
So I want to know, of all those millions of people who have
these clearances, how many have ever been discharged from the
government for failure to self-report.
Mr. Jordan. We can get you that information. We do not have
it with us.
Senator Heitkamp. In your database, how would you know that
information?
Ms. Kaplan. Well, if, for example, someone fails to
report--do you mean on their form they are deceptive and they--
--
Senator Heitkamp. No. Either lying on their application or
failure to report after a serious event that occurs after the
clearance.
Ms. Kaplan. We will have to get you that information, but
the latter is certainly grounds for revoking a security
clearance, and failing to report or being dishonest when you
fill out your form is something that the adjudicator would take
into consideration in deciding whether to grant a clearance in
the first instance.
Senator Heitkamp. Right, but if you are--with all due
respect, if you are not checking local police records, you have
no guarantee that when somebody checks the box and says they
have never been arrested, they are telling the truth.
Ms. Kaplan. No, and with respect to that, there is never a
guarantee, but we do not just take their word for whether they
have been arrested. I mean, we do an FBI check, and the FBI
database, which receives reports from the States----
Senator Heitkamp. I am familiar with it.
Ms. Kaplan. Yes, probably more familiar than I am, frankly.
It will spit out whether someone has been arrested, and then we
do the followup, and it often requires work on a State-by-State
basis or local jurisdiction to find out what the disposition
was.
Now, let us remember, we are talking in his case about a
Secret clearance. If it was a Top Secret clearance, there would
have been a more extensive investigation done, which perhaps
would have uncovered the gun part of this and maybe other
things. That is speculation, but this is a Secret clearance.
Senator Heitkamp. If I can just take it one step further,
we are talking about revoking the clearance. What about
requiring that employment be terminated? Is that one of the
things that you are considering and looking at going forward,
that this person obviously--for contractors that is a tough
call. But certainly for government employment, to me it is not
enough to just revoke their clearance. I think that it should
be prima facie a case that you now lose your job.
There has to be serious consequences for not reporting.
There has to be serious consequences for lying. And we have to
look at the number of people who are out there who are not
currently self-reporting, because even random checks cannot
solve this problem. There has to be true consequences. And so I
am interested, anyone on the panel, about how we are going to
amp up the penalties for employees not self-reporting.
Mr. Jordan. That is absolutely what we are looking at as
part of our 120-day interagency review, both the piece that you
were talking about where, are there any gaps in the self-
reporting portion versus an active reinvestigation period would
address that in scope. What is the information that we collect
and measured against the 13 adjudicative standards, and does it
all flow right? That is all part of it and then the
accountability. There are currently significant penalties for
lying or not reporting adverse information. Yes, it includes
revocation of your clearance. You mentioned contractors. An
agency can suspend or debar the contracting firm. If they think
it is just a problem with an individual, they can direct that
that individual not work on that contract, or you could suspend
or debar the individual. And we are looking at all of the
accountability measures for both Federal employees and
contractors to make sure that only the people who should have
access to our facilities and our sensitive information do at
any given time, not just when they are cleared.
Senator Heitkamp. Yes, I mean, just human nature being what
it is, if simply saying, well, there might be a consequence
or--the point that I am getting at is a mandated: this is going
to happen if you do not self-report. And, Mr. Contractor, we do
not know this; it is your job to help us enforce, it is your
job to report back to us. And if you do not, black mark on you,
you will not be a government contractor very long.
And so that is the level at which I have passion for this
issue, that we should not be letting--when we give them the
Good Housekeeping Seal of Approval, which is what this security
clearance is, that ought to mean something. And if they breach
it, that ought to be something that we consider very serious
with very serious consequences.
And so I applaud your work. I would like to know how many
have actually been discharged or disciplined for either lying
on applications--obviously they would not get the clearance,
but not reporting after the fact.
Mr. Chairman, again, thank you for the time.
Chairman Carper. Thanks for those tough questions. Senator
McCaskill.
OPENING STATEMENT OF SENATOR MCCASKILL
Senator McCaskill. I think one of the most revealing things
this morning is the realization that while an arrest report may
be part of a background check, there is not a requirement that
the underlying police report be obtained. And I will tell you
why this is a shocking revelation. Like Senator Ayotte, I am a
former prosecutor, and the vast majority of cases that would
reveal a mental disturbance will not have a disposition.
The criminal justice system does a very bad job of
adjudicating the mentally ill because with the mentally ill
really, from a prosecutor's standpoint, if they have not hurt
anyone, putting them in prison sometimes creates more problems
than it solves. So most prosecutors, when they are confronted
with a mental illness issue, like someone who says they have
heard voices, someone where the police have been called to a
motel room on a disturbance where someone says there are
microwaves coming through the vents and, ``People are here to
get me,'' they will do a police report, and most of the time
the police department will not even try to file charges. That
is a disturbance call that is related to someone that, in their
minds, they do this all the time.
Now, that is not something that--especially in a city as
large as Seattle, Kansas City, or a city as large as St. Louis,
that kind of disturbance call, where someone is making a racket
because they are mentally disturbed, most police departments
will not even take it to the prosecutor for disposition. In
fact, we are horrific in this country with even getting that
person to mental health services. And the vast majority of
these shootings are not going to be around the issue of whether
or not someone has shown violent tendencies but whether or not
they have shown tendencies of having a mental issue.
So the notion that we are saying, well, if a police
department will not give us the report, we have checked the
box, and I think if we do a gut check on this issue, we will
realize that a lot of the work that we have been doing around
this has been checking boxes.
Now, I get it that we cannot go out and do one-on-one and
pull every thread on every application for clearance, although
if we did that, we would probably make them so expensive, we
would be much more disciplined about deciding who gets them.
But the notion that you are calling what you are doing quality
control, Ms. Kaplan, is probably, I think, offensive, because I
think there is just a lot of checking boxes going on. Was this
report obtained? Yes.
What I do not have confidence of is that there is, even on
a random basis, a more thorough examination. And I am glad to
hear you have a working group, and what I would like to see us
do as a Committee is ask for some specific recommendations on
who is getting clearances and are they all necessary. And all
of this is risky. I mean, we can say that we are doing too
many, and then we could have a bad thing happen. And then we
would be back here saying, ``Well, why didn't they have a
security clearance?''
On the other hand, what we are doing now is the worst of
all situations because we are giving the impression that all
these millions of people who have security clearances, we have
checked them out. We are confident that they are mentally
stable, they are not criminals, and they obey the law. We have
no idea if that is true. We are clueless as to whether or not
that is true, because this process has become in a way a pro
forma kind of process with contractors. And the reason the
contractors were off the reservation is because they bid an
amount and that contractor wanted to make money, so that was
time to cut corners. You wanted to make your number? You wanted
to make money? Well, then, you did not have to do the whole
thing. You just turned it in and pretended like you did.
So I agree with the Chair and the Ranking Member that this
is time for all of us to really quit nibbling around the edges
on this thing and let us get to the meat of the matter. Saying
that Seattle does not give a police report, that dog does not
hunt in this context. That just does not work.
And, Mr. Lewis, I have a specific question for you. My
Subcommittee has learned that we have had a bunch of felons on
Navy installations. We have learned that the Navy was giving
these contractors 28 temporary passes at the get-go without any
checks on anybody. Is that true?
Mr. Lewis. This was a subject of a DOD IG report, and the
Navy has looked into these specific circumstances. I believe
there were about 50 people identified who were convicted felons
who were given access without the proper checks, and the Navy
has taken corrective action, removing individuals who do not
warrant access from the installation.
In other instances given the date that--some of the felony
convictions were quite old, the Navy made a decision to allow
them to continue to have access.
But the fundamental issue is there was a failure to conduct
the required checks for installation access, and the Navy has
taken corrective action on that.
Senator McCaskill. And so no more temporary passes?
Mr. Lewis. The passes would have to be based on the
required checks, the National Criminal Investigative Check as
well as the terrorism database check.
Senator McCaskill. OK.
Mr. Lewis. So that would bring up a felony conviction.
Senator McCaskill. OK. So is there a different status for a
certain kind of pass than for a permanent pass now? Are you
saying that they are doing something before they do a temporary
pass? Or are they getting the full complement of checks?
Mr. Lewis. For installation access, there are two basic
criteria. One is someone who is going to be on the installation
on a temporary basis. Those individuals require a degree of
vetting, a criminal records check and the terrorism database
check. For individuals who are going to have ongoing access,
there is a requirement for a national agency check with written
inquiries and other checks, which is the minimum standard for
that CAC issuance.
Senator McCaskill. So we have corrected the problem that
someone was getting temporary passes without any check.
Mr. Lewis. Yes.
Senator McCaskill. And is this going on in other branches,
temporary passes with no checks?
Mr. Lewis. We are not aware of that, but we are certainly
engaged with the components on this particular issue.
Senator McCaskill. OK. Well, I would like a report back
that this is not going on in any of the other branches.
Mr. Lewis. Yes, ma'am. We will do that.
Senator McCaskill. Thank you. My time has expired. Thank
you, Mr. Chairman.
Senator Coburn. Just one followup, just for information.
Who ever made the decision to allow that to happen, to go
around? Were there any consequences to that individual that
actually made the decision?
Mr. Lewis. There is an ongoing Navy review of what occurred
at the Navy Yard that day, to include all of the aspects that
went into that, and that is an ongoing review.
Senator Coburn. Could we hear back from you to this
Committee when the review is completed as far as the
consequences to the person who made that decision?
Mr. Lewis. The Navy review, the overall DOD reviews, and
other reviews that are being conducted will be brought together
in an OMB final review of our overarching security practices,
and I expect that to be part of the review.
Senator Coburn. Well, my specific question is a report back
to the Committee on it; somebody was held accountable for going
outside the curve. That is a real problem, is accountability in
Federal Government. It is accountability. And all I want to
know is what are the results of holding some--did we hold
whoever made that decision accountable?
Chairman Carper. I would appreciate it if you could just
close the loop at the end of the day for us, if you would
please.
Mr. Lewis. Yes, we will do that.
Chairman Carper. Thank you.
All right. Senator Portman, please. Welcome.
OPENING STATEMENT OF SENATOR PORTMAN
Senator Portman. Thanks, Mr. Chairman. I appreciate your
holding the hearing, and I think it has been constructive
because we have raised obviously a lot of troubling issues and
had the opportunity to hear from some Senators who have a lot
of interest and background in this.
At the Federal Workforce Subcommittee, as you know, we have
held some hearings, and in June we held one regarding
background investigations, and specifically the inability of
the OPM Inspector General to effectively audit the revolving
fund and really the background investigation process. And that
is why the SCORE Act was developed--Senator McCaskill is still
here, Senator Tester, and the Chair and Ranking Member and
others. And I am pleased that we were able to get that done.
Just a couple weeks ago we got it off the Senate floor. It is a
small step, but it does fix that IG issue. And I know, Brenda,
you worked with us on that, and we want to continue to follow
that and make sure we get that cleaned up.
We have another hearing in a few weeks to continue looking
at this issue and others, and Senator Tester, who again was
here earlier, we are going to stay on this at the Subcommittee
level.
I am going to focus on something that I think is critical
if we are really going to get at this issue, and I guess the
tragic example recently at the Navy Yard is unfortunately a
perfect example of it. But it is not a new issue. It is this
whole issue of continuous evaluation, and, whether it is the 5-
year cycle or the 10-year cycle, this is to me the critical
issue that we are missing. And we saw it not just with regard
to the Navy Yard, but also with this Ricky Elder case. This is
the specialist, Ricky Elder, who, in 2012, shot and killed his
commanding officer at Fort Bragg and then turned the weapon on
himself. His clearance timeline was actually reminiscent of
Aaron Alexis'. His background investigation was done in 2006.
Over the next 5 years after 2006, he was charged twice with
assault, once for DUI hit-and-run, once for felony aggravated
assault--by the way, none of which were reported in his
personnel security chain.
Aaron Alexis, similar: After receiving a security
clearance, he received nonjudicial punishment for unauthorized
absence while in jail for disorderly conduct; another
nonjudicial punishment for being drunk and disorderly; an
arrest for firearm discharge; multiple law enforcement
interactions, both military and civilian, a month prior to the
incident that would have highlighted his mental health
problems. And none of these triggered a reevaluation of his
access to classified material, classified facilities, none of
those.
I think this is--I mean, every issue that was raised here
today is important, but if we do not get at this, this interim
period between a clearance and--again, whether it is a 5-or 10-
year cycle--the next clearance, I think we are going to
continue to have these tragic incidents.
In 2005, interestingly, a year before Ricky Elder enlisted
in the Army, 2 years before Aaron Alexis enlisted in the Navy,
and 7 years to the day before Ricky Elder's deadly attack, the
Department of Defense testified to this Committee--and this was
in June 2005--about the Automated Continuous Evaluation System,
(ACES). And you all said that you were going to continuously
evaluate the background and suitability of security clearances.
Mr. Prioletti, in your opening--in your written statement--I
did not hear you say it in your statement, but in your written
statement you noted that 3 years earlier, in 2008--3 years
later from the 2005 testimony you gave before this Committee,
in 2008 President Bush directed by his Executive Order that an
individual who has been determined to be eligible for or
currently has access to classified information shall be subject
to Continuous Evaluation. That was an Executive Order back in
2008.
I know we have heard today, ``We are working on this.'' I
heard in response to an earlier question, ``We have an
interagency working group. We are developing a concept of
operations.'' I wrote this down. ``We are doing research.''
Again, this has been going on now for a decade. If you
testified in 2005 it was going on in 2004, it may be more than
a decade.
So here we are. It is 5 years after the Executive Order, 8
years after this Committee heard about the plans, and we are
dealing with the tragedy at the Navy Yard.
So I do not know who would like to talk about it. Mr.
Lewis, maybe you can talk about DOD. And, by the way, you are
also talking about putting something in place but not for
another 3 years. And then it would be DOD only.
So I guess I would like to hear what is happening, and, Mr.
Lewis, again, since DOD is taking the lead on trying to get
this in place, I see from the technical report on the project
that there have been some pilot projects. You have 3,600
personnel records that have been searched. And it is working.
Sixty-five of those 3,600 ended up having clearances suspended
or revoked due to derogatory discoveries. Your search
algorithms have found problems. But 3,600 people is a drop in
the bucket when we have over 5 million people with security
clearances.
So, again, it has been 10 years since we were told, this
Committee was told, and I quote: ``Beta testing results and
lessons learned are being incorporated into an initial
operating capability basis to be in place by the end of 2005.''
And here we are in 2013.
So taxpayers have paid $11.6 million for this just in the 2
years between 2012 and 2014. I do not know what the development
costs are--we are trying to find out--or the costs after 2014
to fully demonstrate its capability at DOD.
So can you explain the reasons why this capability will
take over a decade to field? Can you give us some sense of the
total cost for this and what it is going to cost to field it
over at the Department of Defense?
Mr. Lewis. I cannot speak to the total cost. I would have
to come back with that information. But I can give you a
current status of how the Automated Continuous Evaluation
System is being used. It does provide on-demand queries of a
large number of government and commercial data sources, as well
as an analytical capability to flag issues of concern. So that
is an existing capability.
As you mentioned, it was used in an Army project, and out
of 3,300-odd individuals, a total of 100 personnel actions were
taken as a result of information identified during those
queries.
In addition, the Defense Security Enterprise is developing
a Continuous Evaluation concept demonstration which would take
this a step further. So ACES, does a one-time snapshot-in-time
query. This concept demonstration would have real-time updates
so that as information became available, it would be pushed
into the system. And the concept demonstration is currently
scheduled to run from April to October 2014. The anticipated
population would be 100,000 cleared military, civilian, and
contractor personnel. And so we are anxiously looking forward
to completing that concept demonstration.
In the interim we are using ACES for Continuous Evaluation
checks, again, testing the concept, getting more validation,
looking at things like privileged users and some other groups
of contractor employees.
So this is an ongoing effort. We get results on a regular
basis. And we are looking to take that to the next level in
terms of a true Continuous Evaluation, which would give
feedback to the system as it is developed so that if an
individual gets arrested tomorrow, the system would push that
back to DOD instead of waiting for DOD to make that query.
Senator Portman. You were not here in this job 9 years ago
when we heard that it was going to be in place by 2005. But you
are here now, and so, one question I could ask you is: Why has
it taken so long? And you might say, ``I do not know. I was not
in charge.'' But you are in charge now, and you are saying that
you are going to have this fully operational in 3 years. Is
that correct?
Mr. Lewis. For the Automated Continuous Evaluation System
as it currently stands, it is an operational system. It is
still in a research and development mode, but it is an
operational system. The limits right now----
Senator Portman. I mean, when I say ``operational,'' I mean
it actually would cover more than a small percentage of the
people who are in between their clearances. You are talking
about taking it from 3,600 up to 100,000. How many security
clearances do you have at DOD?
Mr. Lewis. We have about 2.5 million people who are
eligible and in access for classified information.
Senator Portman. So when are we going to cover these
people?
Mr. Lewis. One of the things we are examining is can we
expand the capability of the system to handle that larger
volume, and that is a work in progress and something that we
could report back to you on.
Senator Portman. Do you think it is important?
Mr. Lewis. Yes, we do. We need to address what happens
between investigations, and----
Senator Portman. So what are you looking for in order to
get this done? You are going to get back to us as to what the
costs are.
Mr. Lewis. Yes.
Senator Portman. Have you sought additional funding? Is
that what you are thinking is the problem?
Mr. Lewis. It is a question of having the right criteria in
place to conduct the evaluations and then what we do with the
data once it is generated from the system, how you evaluate
that and how you take action based on that information.
Senator Portman. My time is up, and I apologize, Mr.
Chairman. I just think we have to have some answers on this
because if we do not fix this problem--the initial clearances
is incredibly important. We have talked a lot about the need to
have arrest records and so on. But if you have this interim
period where you are not keeping up with what is happening, and
in the case of Aaron Alexis, I mean, it was clear as day, and
yet there was no system to incorporate that data. And so to Mr.
Prioletti on the intel side, I want to hear what you are doing,
too, but we do not have time to get into it right now with this
question, but I hope you will get back to us in writing as to
what you are doing because we were just talking about DOD here.
And then, finally, I hope that GAO can help us on this to
establish some metrics, let us come up with a timeline that
makes sense. If you are looking for additional resources or
something, let us know. But, if it is going to take another 10
years because we are doing more pilots and more research and so
on, that is unacceptable.
Thank you, Mr. Chairman.
Chairman Carper. Thank you, Senator.
Senator Coburn, and then I will wrap it up.
Senator Coburn. Mr. Jordan, can you explain to me the
difference in the field work contract and the supply services
contract you have with USIS, one?
And, No. 2, are contractors completing background
investigations, then other contractors validating the
completeness of those investigations? And are these contractors
from the same company?
Mr. Jordan. So I can answer the second part, but OPM is
better suited to answer the first part since they have that
contract. And, yes, contractors perform background
investigations, and, yes, contractors can perform quality
reviews on those investigations. But only government employees
make a determination as to whether to grant a security
clearance to someone.
Senator Coburn. But my question is: Is it the same company
that is validating the work of their colleagues doing the
investigations? Is that correct?
Mr. Jordan. I would have to defer to OPM.
Ms. Kaplan. No. The companies that are doing the
investigations have an obligation under the contract to also do
a quality review. But then we do another quality review, and
the purpose of their quality review is we would like them to
catch errors before the file gets to us, but we do a quality
review as well.
Senator Coburn. So OPM is the final validator of the
completeness of the investigation?
Ms. Kaplan. To some extent. I mean, I think another thing
that validates the completeness of the investigation, it gets
sent to an adjudicator. An adjudicator may want more
information. And so ultimately it is a collaborative effort.
They may send something back to us. But we are the arbiter of
whether we have provided an adequate investigative product, a
quality investigative product.
Senator Coburn. Is every investigation validated by you?
Ms. Kaplan. Every investigation is reviewed for quality,
yes.
Senator Coburn. By OPM?
Ms. Kaplan. By OPM.
Senator Coburn. All right. I have one other question, and
then I will submit the rest of my questions. There is a
revolving fund where you charge agencies for this. It has $2
billion in it. Has it ever been audited?
Ms. Kaplan. I am told it has not by the Office of Inspector
General (OIG) because they have told us they do not have the
resources, which is why we are supporting, the administration
is supporting their request to be able to draw from the
revolving fund in order to give them the resources they need to
do that.
Senator Coburn. OK. Thank you. I will have questions for
the record.
Chairman Carper. OK. I suspect you will have a number of
questions for the record. We thank you for your verbal answers
today.
I want to telegraph my pitch. Right now at 12 o'clock in
the Senate, we have a new Senator being sworn in. Cory Booker
is taking the oath of office, and we will start voting and have
the first of several votes beginning about 10 after 12, so we
will wrap up here probably about 12:20.
The last question I will ask each of you is this, so you
will have a chance to think about it. Sometimes I say when you
see something awful that has happened and you hope that some
good will come of it, sometimes it does and sometimes it does
not. Few things could be much worse than losing a loved one,
and 12 families lost loved ones in the Navy Yard, not far from
here. They would like to know that something good is going to
come out of something that was awful for them, and I think the
American people feel that way as well.
One of the last things I will ask you to do is just to
reflect on what you said, what you have heard here today, what
you have been asked here today, and see if you can give those
families some assurance that out of the tragedy they have
suffered through, some good is going to come and what that
might be. So just know that question is coming, OK?
Senator Coburn. I have one more question.
Chairman Carper. Dr. Coburn.
Senator Coburn. I just wanted to followup. I am not clear.
When you say OPM validates, do you use a contractor to
validate?
Ms. Kaplan. The Federal employees who validate----
Senator Coburn. It is all Federal----
Mr. Kaplan. When you say ``validate,'' we do a quality
review. It is all Federal employees. They do a quality review,
too, but then we do one as well.
Senator Coburn. OK. So it is all Federal employees that do
a validation on the background information on everything that
comes in.
Ms. Kaplan. Yes.
Senator Coburn. OK. Thank you.
Chairman Carper. I want to come back, Mr. Prioletti, to--I
think a question was maybe asked by Senator Ayotte and I think
by Senator Heitkamp, and I want to give you a chance to respond
to it. I think it dealt with using social media in the
Continuous Evaluation program. Could you just give us some
thoughts on that briefly, please?
Mr. Prioletti. Yes, Senator, I can. What I was referring to
there is we are seeking to provide as much of the comprehensive
capabilities as possible in the overall background
investigation on the individual. The more information we can
gain, the more enlightened the decision can be on whether or
not to grant the access to classified or access to a sensitive
position.
One of the obvious sources, potential sources of
information, is social media or publicly available electronic
information. What I referred to in terms of the research was
the idea that we need to look at both what possible sources of
information are out there, which ones would be of most benefit
to provide adjudicatively relevant information for the access
to classified information, and how do we do that in the best
way that protects both the personal rights of the individual as
well as the veracity and the coverage of the U.S. Government.
Chairman Carper. OK. Thank you. I have a couple of
questions, a series of questions, Ms. Farrell, if I could, for
you. And before I ask the questions, let me just make a short
statement. But when an investigator fails to discover or
disclose crucial information during a background investigation,
it is an obvious failure. What could be more troubling is GAO's
report that efforts by agencies to measure and improve the
quality of investigations have fallen short. The Office of
Personnel Management is supposed to review the investigative
file and make sure it meets minimum standards. The agency
responsible for granting the security clearance also has the
responsibility to review the file.
Yet when GAO looked into what OPM and other Federal
agencies were doing in 2008 to review the quality of background
investigations, it found almost 90 percent of the investigation
reports that DOD was using to evaluate an applicant for a
security clearance were missing required documentation. Three
questions:
First, how often were agencies making a security clearance
decision without having all of the required information? And
what motive did agencies have for doing this? That is the first
question.
Ms. Farrell. The answer is we do not know because GAO
performed this analysis of the complete documentation for DOD
in 2006 and 2009. So we do not know outside of DOD the
information that you are asking for, and this is the type of
oversight that we are saying is needed.
Chairman Carper. All right. Second question: What type of
information is missing? Could you give us some idea?
Mr. Farrell. Employment verification and discussions with
the employers; social references, especially the number of
social references in order to determine someone's character;
completeness of the application, which should be the very first
step, as we have noted before, that should be done before OPM
even moves forward.
Chairman Carper. All right. Thank you. And the third
question: Has GAO had an opportunity to take another look at
this issue since 2008? And if you have, has there been any
noted improvement?
Ms. Farrell. We have continued to monitor OPM's actions to
implement the recommendation that we made at that time. As I
noted, in 2010 we were very encouraged that there was agreement
among OMB, OPM, DOD, and the DNI regarding metrics for quality
of investigations as well as adjudications and other aspects of
the process. There was somewhat of a plan to move forward
beyond that. We have continued to monitor, but at this time all
we know is that that plan has fallen apart.
Chairman Carper. OK. Thank you.
My next question would be for Mr. Prioletti and I think for
Mr. Lewis. According to some news reports, the company that
hired Alexis--it is, I think, a company called ``The
Experts''--had phoned his hotel room in Rhode Island, I believe
in August, saying that he was unstable and that the company was
bringing him home.
According to other news reports, the human resources
director of The Experts talked to the mother of Aaron Alexis on
August 9, and she informed the company of her son's past
paranoid behavior and stated that he probably needed therapy.
And I would just ask, first of all, for Mr. Prioletti, if the
company that had hired Alexis had become aware of the
increasingly troubled behavior, do you think that the
contractor should have a duty to report the behavior to the
Department of Defense? And did they report it?
Mr. Prioletti. Senator, in this particular case that you
have just described, in terms of a national security
perspective, it behooves everyone to report any unusual
activity that they see, whether it be a colleague, a co-worker,
or a subordinate that works for you.
Chairman Carper. And the second half of my question was:
Did they report it?
Mr. Prioletti. To the best of my knowledge, sir, it was
just reported to the mother, as you described there. I am not
positive whether or not they reported it to DOD.
Chairman Carper. I am going to ask both you and Mr. Lewis
to answer that question for the record. I will give Mr. Lewis a
chance to answer it right now.
Mr. Lewis. The contractor is required to report any
derogatory information coming to their attention regarding a
cleared employee. The Defense Security Service has done a
followup review at The Experts, and they have determined that
the company was aware of the indications of mental instability
on Mr. Alexis' part, and that they failed to report that
information.
Chairman Carper. All right. Thank you.
Mr. Lewis, stay with us in this area of questioning. What
do you think should be the role of DOD contractors in
monitoring the suitability of their employees to hold a
clearance?
Mr. Lewis. This is part and parcel of their
responsibilities as a cleared contractor. As a prerequisite for
getting a company cleared, they must execute a security
agreement, and part of that security agreement is the National
Industrial Security Program Operating Manual (NISPOM). They
have been required to do this literally for decades. This is an
established process, and contractors must execute that
responsibility.
Chairman Carper. OK. Thank you.
I would ask you to think about a question. I have given
that question so you had a little time to think about it. What
can we say, what can you say to those who lost their loved
ones, their husbands, their wives, their moms and dads, a
brother or sister, what can we say to them that might give them
some comfort to know that out of the horrible tragedy in their
lives, and really our country's life, what can we say today to
make them feel that some good is going to come out of this? Mr.
Jordan.
Mr. Jordan. Thank you, Mr. Chairman. I would first say that
we owe the survivors of this tragedy and the American people a
comprehensive and thoughtful review. What information do we
look at? When do we review people in the suitability and
security clearance process? How are decisions made and how can
we improve upon all of these aspects?
The review that I talked about will be done
collaboratively. There are the Navy's reviews that have
happened, Department of Defense reviews, OPM, and then the
overarching review, which all of our agencies are involved in.
This will not be a siloed effort. And we will act on any
improvements as quickly as possible. Where there are gaps, we
will close them. Where there were failures, we correct them.
But if I was one of the families of the victims, I would
not just want to hear about processes and procedures. I would
probably have some concerns that there is a blue-ribbon panel
type creation as opposed to actual improvements, that we will
do everything we can to prevent this from happening again. So I
would just say to them that I live near the Navy Yard. On the
morning of September 16, my wife and my 2-year-old son were
actually playing in a park across the street when they were
cleared by police as the tragedy was unfolding in the Navy
Yard. We lost a husband of a senior member of our acquisition
community.
So I would tell them that getting this right is personal to
me, and we will do everything we can to improve our processes
and everything under our power to make sure nothing like this
happens again.
Chairman Carper. Good. Thank you. Ms. Kaplan.
Ms. Kaplan. Of course, I would echo what Joe said, and our
hearts really were broken that day for the families and for the
folks that we lost, the Federal employees and the contractors.
And I think in addition to what Joe said, this is getting
attention at the highest levels. The President is the one that
ordered this review. And I am sure and I know that he feels
very strongly in the same way that Joe just articulated that
this was an awful loss, and we have to do whatever we can to
prevent it from happening again.
Chairman Carper. All right. Thank you. Mr. Prioletti.
Mr. Prioletti. I also would like to echo the comments of
Director Kaplan and Mr. Jordan. There are no real words to
describe the loss both to this Nation as well as to family
members that are sitting behind us. But I can give you a
guaranteed commitment from not only the DNI but each one of us
at this table that we will continue to work to find the
solution. This is an evolutionary process. As we find gaps in
our processes and the way we do our business, the techniques,
the available information, we will continue to utilize those to
come up with the best possible process to improve how we do our
business on behalf of the U.S. Government as well as the U.S.
citizens.
Chairman Carper. Thank you, sir. Stephen.
Mr. Lewis. In addition to what my fellow witnesses have had
to say, I would just add that we need to make a commitment and
effectively ensure that what happens between investigations is
something that is tracked. We vet people. We entrust them with
our classified information and access to our sensitive
facilities. And we have an obligation to ensure that we are
looking at people between investigations and taking appropriate
corrective action as needed.
Chairman Carper. Thank you. Ms. Farrell.
Mr. Farrell. I would say it is unfortunate that the
tragedies that we saw at the Navy Yard focuses attention on
this process. But we have seen the dedicated leadership from
these executive branch agencies in the past, and when they make
their minds up to take on a problem and solve it, they do it.
And now is the time for actions, not just review groups.
Chairman Carper. A lot of folks in the room know that the
Government Accountability Office, is regarded as a watchdog and
an arm of the legislative branch of our government to be a
watchdog for really the whole expanse of the Federal
Government. It is a huge job. You have a lot of people that do
it, probably not enough, I am told by Gene Dodaro, the
Comptroller General. But we need your continued vigilance to
help us do our job, and that is the oversight role.
I think probably the two most quoted things that Ronald
Reagan ever said was, one, when he said to Mr. Gorbachev, ``Mr.
Gorbachev, tear down this wall,'' as he stood at the Berlin
Wall, and it was torn down. He also used to say, when he was
trying to negotiate reductions in nuclear arms with the Soviet
Union, he would say of his friend Gorbachev, ``Trust, but
verify.''
All of us on the Committee, our staffs as well, trust you,
and we trust the good will of the folks with whom you work who
are responsible for carrying through on these reforms and to
make sure it is not just words but there are actions to back it
up. So we are trustful, but this Committee is going to be, in
concert with GAO and you and your colleagues, we are going to
be doing some verification along the way.
Ms. Kaplan, as you go off to your next assignment, we wish
you well. And we again appreciate the preparation time you have
given to being with us today. Even more we appreciate the
commitment of those who, in your case, Ms. Kaplan, will follow
you and those with whom the rest of you serve to make sure that
these words are words and this promise is a promise that we
keep.
With that having been said, this hearing is adjourned.
Thanks so much.
[Whereupon, at 12:17 p.m., the Committee was adjourned.]
A P P E N D I X
----------
[GRAPHIC] [TIFF OMITTED] T5500.001
[GRAPHIC] [TIFF OMITTED] T5500.002
[GRAPHIC] [TIFF OMITTED] T5500.003
[GRAPHIC] [TIFF OMITTED] T5500.004
[GRAPHIC] [TIFF OMITTED] T5500.005
[GRAPHIC] [TIFF OMITTED] T5500.006
[GRAPHIC] [TIFF OMITTED] T5500.007
[GRAPHIC] [TIFF OMITTED] T5500.008
[GRAPHIC] [TIFF OMITTED] T5500.009
[GRAPHIC] [TIFF OMITTED] T5500.010
[GRAPHIC] [TIFF OMITTED] T5500.011
[GRAPHIC] [TIFF OMITTED] T5500.012
[GRAPHIC] [TIFF OMITTED] T5500.013
[GRAPHIC] [TIFF OMITTED] T5500.014
[GRAPHIC] [TIFF OMITTED] T5500.015
[GRAPHIC] [TIFF OMITTED] T5500.016
[GRAPHIC] [TIFF OMITTED] T5500.017
[GRAPHIC] [TIFF OMITTED] T5500.018
[GRAPHIC] [TIFF OMITTED] T5500.019
[GRAPHIC] [TIFF OMITTED] T5500.020
[GRAPHIC] [TIFF OMITTED] T5500.021
[GRAPHIC] [TIFF OMITTED] T5500.022
[GRAPHIC] [TIFF OMITTED] T5500.023
[GRAPHIC] [TIFF OMITTED] T5500.024
[GRAPHIC] [TIFF OMITTED] T5500.025
[GRAPHIC] [TIFF OMITTED] T5500.026
[GRAPHIC] [TIFF OMITTED] T5500.027
[GRAPHIC] [TIFF OMITTED] T5500.028
[GRAPHIC] [TIFF OMITTED] T5500.029
[GRAPHIC] [TIFF OMITTED] T5500.030
[GRAPHIC] [TIFF OMITTED] T5500.031
[GRAPHIC] [TIFF OMITTED] T5500.032
[GRAPHIC] [TIFF OMITTED] T5500.033
[GRAPHIC] [TIFF OMITTED] T5500.034
[GRAPHIC] [TIFF OMITTED] T5500.035
[GRAPHIC] [TIFF OMITTED] T5500.036
[GRAPHIC] [TIFF OMITTED] T5500.037
[GRAPHIC] [TIFF OMITTED] T5500.038
[GRAPHIC] [TIFF OMITTED] T5500.039
[GRAPHIC] [TIFF OMITTED] T5500.040
[GRAPHIC] [TIFF OMITTED] T5500.041
[GRAPHIC] [TIFF OMITTED] T5500.042
[GRAPHIC] [TIFF OMITTED] T5500.043
[GRAPHIC] [TIFF OMITTED] T5500.044
[GRAPHIC] [TIFF OMITTED] T5500.045
[GRAPHIC] [TIFF OMITTED] T5500.046
[GRAPHIC] [TIFF OMITTED] T5500.047
[GRAPHIC] [TIFF OMITTED] T5500.048
[GRAPHIC] [TIFF OMITTED] T5500.049
[GRAPHIC] [TIFF OMITTED] T5500.050
[GRAPHIC] [TIFF OMITTED] T5500.051
[GRAPHIC] [TIFF OMITTED] T5500.052
[GRAPHIC] [TIFF OMITTED] T5500.053
[GRAPHIC] [TIFF OMITTED] T5500.054
[GRAPHIC] [TIFF OMITTED] T5500.055
[GRAPHIC] [TIFF OMITTED] T5500.056
[GRAPHIC] [TIFF OMITTED] T5500.057
[GRAPHIC] [TIFF OMITTED] T5500.058
[GRAPHIC] [TIFF OMITTED] T5500.059
[GRAPHIC] [TIFF OMITTED] T5500.060
[GRAPHIC] [TIFF OMITTED] T5500.061
[GRAPHIC] [TIFF OMITTED] T5500.062
[GRAPHIC] [TIFF OMITTED] T5500.063
[GRAPHIC] [TIFF OMITTED] T5500.064
[GRAPHIC] [TIFF OMITTED] T5500.065
[GRAPHIC] [TIFF OMITTED] T5500.066
[GRAPHIC] [TIFF OMITTED] T5500.067
[GRAPHIC] [TIFF OMITTED] T5500.068
[GRAPHIC] [TIFF OMITTED] T5500.069
[GRAPHIC] [TIFF OMITTED] T5500.070
[GRAPHIC] [TIFF OMITTED] T5500.071
[GRAPHIC] [TIFF OMITTED] T5500.072
[GRAPHIC] [TIFF OMITTED] T5500.073
[GRAPHIC] [TIFF OMITTED] T5500.074
[GRAPHIC] [TIFF OMITTED] T5500.075
[GRAPHIC] [TIFF OMITTED] T5500.076
[GRAPHIC] [TIFF OMITTED] T5500.077
[GRAPHIC] [TIFF OMITTED] T5500.078
[GRAPHIC] [TIFF OMITTED] T5500.079
[GRAPHIC] [TIFF OMITTED] T5500.080
[GRAPHIC] [TIFF OMITTED] T5500.081
[GRAPHIC] [TIFF OMITTED] T5500.082
[GRAPHIC] [TIFF OMITTED] T5500.083
[GRAPHIC] [TIFF OMITTED] T5500.084
[GRAPHIC] [TIFF OMITTED] T5500.085
[GRAPHIC] [TIFF OMITTED] T5500.086
[GRAPHIC] [TIFF OMITTED] T5500.087
[GRAPHIC] [TIFF OMITTED] T5500.088
[GRAPHIC] [TIFF OMITTED] T5500.089
[GRAPHIC] [TIFF OMITTED] T5500.090
[GRAPHIC] [TIFF OMITTED] T5500.091
[GRAPHIC] [TIFF OMITTED]
THE NAVY YARD TRAGEDY: EXAMINING PHYSICAL SECURITY FOR FEDERAL
FACILITIES
----------
TUESDAY, DECEMBER 17, 2013
U.S. Senate,
Committee on Homeland Security
and Governmental Affairs,
Washington, DC.
The Committee met, pursuant to notice, at 10:34 a.m., in
room SD-342, Dirksen Senate Office Building, Hon. Thomas R.
Carper, Chairman of the Committee, presiding.
Present: Senators Carper, Heitkamp, Coburn, and Ayotte.
OPENING STATEMENT OF CHAIRMAN CARPER
Chairman Carper. Good morning, Senator Heitkamp. The early
bird.
Senator Heitkamp. Good morning, Mr. Chairman.
Chairman Carper. How are you doing? You sound in good voice
today.
Welcome, everyone. Thank you for joining us, and some of
you, thank you for joining us again and again. It is nice to
see you all.
This is an important hearing. This is actually the second
in a series of hearings that will enable us to take a closer
look at physical security for Federal facilities.
Three months ago, as we know, Aaron Alexis reported to the
Washington Navy Yard with intentions to inflict pain and
suffering on anyone in his path. We do not know now and maybe
we never will be entirely clear why this tragedy came to pass,
but hopefully the lessons learned from it will provide a
foundation for preventing future tragedies like this one.
Let us take just a moment to recount how Aaron Alexis got
the access to the Navy Yard that allowed him to successfully
enter the facility that fateful morning.
In 2007, Aaron Alexis joined the U.S. Navy. As with other
servicemembers, a background check was performed and he was
granted a low-level security clearance. After an honorable
discharge from the Navy in 2011, Alexis was hired by a defense
contractor who confirmed that he possessed a valid security
clearance.
This marked him as a trustworthy individual. Because of
that security clearance and that job, Alexis was provided with
an ID card that would authorize his access to certain
facilities, including Building 197 at the Washington Navy Yard.
Shortly before 8 a.m., on September 16, 2013, Aaron Alexis
drove to the front gate of the Washington Navy Yard and
displayed his access card. He was admitted by security, parked
his car, and walked to Building 197.
Upon entering that building, Alexis encountered two
additional security layers: an automated turnstile which
required a valid access card and an armed security guard posted
near an entrance.
Unfortunately, these measures were designed primarily to
prevent unauthorized access and not to screen for weapons.
Officials probably thought that the people working there were
trustworthy because they had security clearances and had been
vetted.
Eight minutes after Alexis cleared security, he began
shooting co-workers using a shotgun that he had successfully
concealed.
In the wake of the shooting at the Washington Navy Yard,
this Committee began a review of security practices and
procedures highlighted by the attack.
Our first oversight hearing looked at the security
clearance processes that Federal agencies have implemented to
determine who should have access to sensitive information or to
facilities. At that hearing we explored ways to improve the
process and were reminded that quality cannot be sacrificed for
speed. The purpose of today's hearing is to review how we
physically secure Federal facilities from attack.
In many instances, security measures begin long before a
person approaches the facility. Because Mr. Alexis was able to
maintain a security clearance, he was trusted as a defense
contractor and granted access to the Navy Yard complex. Aaron
Alexis exploited this trust, and he hurt a lot of innocent
people.
In the aftermath, it is only natural that we wonder if all
people entering a Federal facility--even employees--should be
screened in some way. Should we, to borrow an often used phrase
from Ronald Reagan, ``trust, but verify''?
Workplace violence and insider threats are just some of the
examples of the many undesirable threats facing our Federal
facilities. There are many other potential threats that
agencies must attempt to detect and deter. In addition to
active shooters, agencies must develop countermeasures for
improved explosive devices, biological weapons, and other types
of assaults.
Today's hearing will examine Federal agencies' efforts to
develop and maintain effective layers of security at their
facilities and prevent future attacks against innocent people.
Facility security is not just about protecting the physical
structure of a building; it is about safeguarding the millions
of innocent people who work and visit these facilities on an
almost daily basis. Today's hearing on facility security is
also about honoring the memory of the 12 men and women who died
on September 16, earlier this year by learning from that
incident and doing all that we can to prevent a similar tragedy
from happening in the future.
People who work with me know that one of my guiding
principles is, ``If it is not perfect, make it better.'' And
our goal today is to figure out how we can do a better job
protecting people at our Federal facilities. We can start by
asking some fundamental questions.
First, we need to ask: How do Federal agencies determine
what the threats are to their specific facilities?
As we know, not every facility is the same. Large Federal
buildings in big cities--for example, the Alfred P. Murrah
building in Oklahoma City--may be a target for terrorists
because of their size and what they symbolize. However, the
more likely threat is probably to a small Social Security
office or maybe an Internal Revenue Service (IRS) Taxpayer
Assistance Center because of a tired or angry citizen reacting
badly and out of impulse.
Second, we should ask: Are Federal agencies properly
assessing and prioritizing these risks?
As we all know, the world around us is constantly changing.
So is the nature of the threats that we face. As a result,
methods for securing our homeland should always be under
observation and under assessment because the nature of the
threat continues to evolve. The methods we use to secure our
homeland must continue to evolve.
That leads me to my final question, and that is: How do
agencies respond to these evolving threats?
A security measure that may work for one facility may not
work for another. For example, not every facility might be able
to be built 50 feet or more away from the nearest public road
in order to protect against a vehicle-borne threat.
I also want to know if Federal agencies are sufficiently
sharing best practices. Is the Department of Defense (DOD)
working with civilian agencies to share its expertise and its
experience?
For both military and civilian facilities, senior officials
at a facility are responsible for determining which security
measures should be implemented. However, civilian officials
sitting on a local Facility Security Committee (FSC) may have
little or no training in security matters; whereas, the
commanding officer for a military installation may have years
of experience and education in security matters.
Most importantly, I want to know what actions different
organizations have undertaken since the Navy Yard shooting to
improve security at Federal facilities.
Many departments and agencies bear some responsibility for
securing Federal facilities. This includes the Department of
Defense and the General Services Administration (GSA) and even
the Department of Energy (DOE). It also includes the Federal
Protective Service (FPS), a component of the Department of
Homeland Security (DHS) that is responsible for protecting
Federal facilities owned or leased by the General Services
Administration.
There is no doubt that the Federal Protective Service has a
difficult mission. That agency employs only about 1,000 law
enforcement officers to protect more than 9,000 civilian
Federal facilities. Think about that. These facilities are
spread out all across the country.
Yet while the Federal Protective Service is responsible for
assessing security at each of these facilities, it lacks
complete authority to implement security measures. It may
recommend installing metal detectors and X-ray screening
equipment at a facility, but it is the local Facility Security
Committee that decides whether to authorize and pay for those
recommended security measures.
As repeated Government Accountability Office (GAO) reports
have highlighted, a number of internal management challenges
have impeded the Federal Protective Service's ability to
protect facilities. For example, the Federal Protective Service
must complete the facility security assessments in a timely
manner so that it can share them with the offices it protects.
Because the Federal Protective Service has been unable to do
that, other agencies have sought to complete their own facility
security assessments, creating unnecessary duplication and
waste.
The Federal Protective Service must also do a better job of
tracking and overseeing training for the 14,000 contract guards
that it uses to protect facilities. The agency must ensure both
its Federal law enforcement officers and the armed security
guards it uses are appropriately trained, equipped, and
prepared.
Ensuring the training, the equipment, and the preparedness
of Federal law enforcement officers and armed contract security
guards is central to providing for the security of the
facilities safeguarded by the Federal Protective Service. This
will require, at a minimum, a greater focus on active-shooter
scenario training. In the wake of the shootings at the Navy
Yard and the Wheeling, West Virginia, Courthouse, we cannot
afford to be ill prepared for this type of threat.
While Director Eric Patterson has worked hard to improve
the Federal Protective Service's performance, the agency has
not always received the support it needs from Congress. I want
to assure Director Patterson that I am committed to working
with him to make the agency more efficient and more effective.
We can start by focusing on the cost-saving or cost-neutral
solutions that are much more likely to receive broad bipartisan
support from our colleagues here in Congress.
I hope that today's hearing will help us find better ways
to improve security at all Federal facilities. I believe there
is much to be learned from the Navy Yard tragedy to help us
prevent similar incidents in the future.
And I suspect we will be joined here later this morning by
Dr. Coburn, who I know has a strong interest in these issues.
Normally I do not turn to the Senator from North Dakota to
see if she would like to make a comment or two, but you are
welcome to, if you would like, Heidi.
Senator Heitkamp. No. Mr. Chairman, we will go ahead and
proceed.
Chairman Carper. OK. I am going to just briefly introduce
our witnesses and reintroduce others.
I want to introduce as our first witness Caitlin--do you
pronounce your name ``Durkovich''?
Ms. Durkovich. Yes.
Chairman Carper. Caitlin Durkovich, Assistant Secretary for
Infrastructure Protection for the National Protection and
Programs Directorate (NPPD) at the Department of Homeland
Security, where we have a newly confirmed Secretary, Jeh
Johnson, who was approved I think yesterday by a vote of about
78-16. I just would say here publicly how grateful I am to our
colleagues, Democrat and Republican, for their support,
especially to Dr. Coburn, who was a strong supporter of Jeh's
nomination. And I think it may take a couple of days to process
the paperwork so that he can be sworn in and be on the payroll,
but we need him in place, and he needs a team to lead,
including an able Deputy Secretary of Homeland Security. I
believe Alejandro Mayorkas, if confirmed, will be that person.
Ms. Durkovich was appointed to her current position in May
2012. As Assistant Secretary for Infrastructure Protection, Ms.
Durkovich leads the Department's efforts to strengthen and
build resilience in our Nation's critical infrastructure. As
Chair of the Interagency Security Committee (ISC), Ms.
Durkovich oversees its mission to develop security standards
and best practices for civilian Federal facilities in the
United States.
Our next witness is Retired Brigadier General Eric
Patterson--great to see you--Director of the Federal Protective
Service, a component of the Department of Homeland Security's
National Protection and Programs Directorate. Director
Patterson was appointed to his position in September 2010. As
Director, Mr. Patterson oversees the Service's mission to
protect and deliver integrated law enforcement and security
services to over 9,000 civilian Federal facilities and to
safeguard their more than 1.4 million daily occupants and
visitors.
Now, I understand you served in the Air Force for over 30
years.
General Patterson. Yes, sir.
Chairman Carper. Thank you for that service, too.
Our final witness is Stephen Lewis, Deputy Director for
Personnel, Industrial and Physical Security Policy within the
Office of the Under Secretary of Defense for Intelligence,
United States Department of Defense. The Under Secretary of
Defense for Intelligence oversees DOD's policies, programs, and
guidance related to, among other things, personnel and facility
security. Mr. Lewis also previously appeared before our
Committee just about a month ago at our first hearing on the
Washington Navy Yard hearing.
We welcome you all today, and before I ask Ms. Durkovich to
lead off, I am going to yield to Dr. Coburn. Good morning.
OPENING STATEMENT OF SENATOR COBURN
Senator Coburn. I apologize for being late, both to our
witnesses and to the Chairman. I will put my opening statement
in the record.\1\
---------------------------------------------------------------------------
\1\ The prepared statement of Senator Coburn appears in the
Appendix on page 189.
---------------------------------------------------------------------------
Chairman Carper. Fair enough. Welcome.
Ms. Durkovich, please proceed. Your entire statement will
be made part of the record, and you are welcome to summarize as
you see fit. Try to stick within about 5 minutes, but if you go
a little beyond that, that is all right.
TESTIMONY OF CAITLIN A. DURKOVICH,\1\ ASSISTANT SECRETARY FOR
INFRASTRUCTURE PROTECTION, NATIONAL PROTECTION AND PROGRAMS
DIRECTORATE, U.S. DEPARTMENT OF HOMELAND SECURITY
Ms. Durkovich. Thank you very much, Chairman Carper,
Ranking Member Coburn, Senator Heitkamp, and other
distinguished Members of the Committee. I am pleased to appear
before you today to help honor the memory of the 12 men and
women who died at the Navy Yard and all of those who have been
victims of violence in the Federal workplace.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Durkovich appears in the Appendix
on page 192.
---------------------------------------------------------------------------
As Assistant Secretary for Infrastructure Protection (IP),
I have had the responsibility to lead the overall coordination
of the Nation's critical infrastructure security and resilience
efforts. One of the most rewarding opportunities I have is to
serve as Chair of the Interagency Security Committee, and
oversee the development of standards, reports, guidelines, and
best practices for facility security at nearly 400,000 civilian
Federal facilities.
The ISC was created by Executive Order (EO) following the
bombing of the Alfred P. Murrah Federal Building in Oklahoma
City on April 19, 1995. The ISC and its 53 member Federal
departments and agencies is responsible for the creation and
adoption of numerous standards, guidelines, and best practices
for the protection of these nearly 400,000 non-military Federal
facilities across the country.
The work is based on real-world, present-day conditions and
challenges and allows for cost savings by focusing on specific
security needs of the agencies. ISC standards provide the
Federal community with strategies for identifying physical
security measures and facilities, the design and implementation
of risk-based security policies.
Recently the ISC issued the Risk Management Process for
Federal Facilities Standard, a standard that defines the
criteria and processes that those responsible for security
should use to determine a facility's security level and
provides an integrated, single source of facility security
countermeasures for all non-military Federal facilities. The
standard also provides guidance for customization of the
countermeasures for Federal facilities and explains that risk
may be addressed in various ways, depending on agency mission
needs, for example, presence of a child-care center onsite and
historical significance.
It is most important to note that the ISC is a truly
collaborative interagency body. Fifty-three Federal departments
and agencies participate in the ISC and take the lead on
bringing ideas to the table in drafting standards and best
practices. When agencies cannot solve security-related problems
on their own, the ISC brings chief security officers and senior
executives together to solve continuing governmentwide security
concerns.
ISC membership also engages in the development of standards
and best practices based on evolving real-world threats. Recent
events have demonstrated the need to identify measures that can
be taken to reduce the risk of mass casualty shootings and
workplace violence, improve preparedness, and expand and
strengthen ongoing efforts intended to prevent future
incidents.
The Department of Homeland Security aims to enhance
preparedness through a whole-of-community approach by providing
resources to a broad range of stakeholders on issues such as
active-shooter awareness, countering improvised explosive
devices (IEDs), incident response, and workplace violence.
Working with partners in the private sector, DHS has developed
training and other awareness materials to assist owners and
operators of critical infrastructure to better train their
staff and coordinate with local law enforcement for these types
of incidents. We have hosted workshops and developed an online
training tool targeted at preparing those who work in the
buildings. These efforts and resources have been well received
and are applicable to Federal facilities as well as commercial
spaces and other government buildings.
Cognizant of this growing threat, the ISC this spring
formed a Federal Active Shooter Working Group. While a number
of Federal guidance documents previously existed on active-
shooter preparedness and response, this working group was
formed to streamline the existing ISC policy into a single
cohesive document. To date, the working group has met five
times and has reviewed numerous publications and guidance
documents including training and materials developed by the
Department for commercial facilities. It will also leverage
lessons learned from real-world incidents, such as the Navy
Yard shooting. It is our intention that the resulting work will
serve as a resource for agencies to enhance preparedness for an
active-shooter incident in a Federal facility.
Threats to our critical infrastructure, including Federal
facilities, are wide-ranging and constantly evolving. Not only
are there terrorist threats, like the bombing at the Boston
Marathon this past spring or the complex shopping mall attack
in Nairobi in September, but hazards from weather-related
events such as Hurricane Sandy and a cyber infrastructure
increasingly under attack all have a direct impact on the
security of our Federal buildings. It is impossible to
anticipate every threat, but the Department is taking a
holistic approach to create a more secure and resilient
infrastructure environment to better handle these challenges,
and the work of the ISC exemplifies these efforts.
Ensuring our Federal facilities are secure and resilient is
a large undertaking, but the work of our member departments and
agencies ensures that those responsible for Federal facility
security have the tools and resources to mitigate the threats.
In closing, I would like to thank you for the opportunity
to appear before you and discuss the important work of the ISC
and how we can learn from real-world events and ensure they do
not happen again. I look forward to answering any questions you
may have.
Chairman Carper. Secretary Durkovich, thank you. Thanks for
being here. Thanks for your testimony and your work.
General, welcome.
TESTIMONY OF LEONARD ERIC PATTERSON,\1\ DIRECTOR, FEDERAL
PROTECTIVE SERVICE, NATIONAL PROTECTION AND PROGRAMS
DIRECTORATE, U.S. DEPARTMENT OF HOMELAND SECURITY
General Patterson. Good morning. Thank you, Chairman
Carper, Ranking Member Coburn, and Senator Heitkamp. My name is
Eric Patterson, and I am the Director of the Federal Protective
Service within the National Protection and Programs Directorate
of the Department of Homeland Security. I am honored to testify
before this Committee today regarding the mission and
operations of the Federal Protective Service.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Patterson appears in the Appendix
on page 198.
---------------------------------------------------------------------------
FPS is charged with protecting and delivering integrated
law enforcement and security services to over 9,000 facilities
owned or leased by the General Services Administration and
safeguard their more than 1.4 million daily occupants and
visitors.
In performing this mission, FPS directly employs over 1,000
law enforcement officers , inspectors, and special agents who
perform a variety of critical functions, including FPS-
contracted protective security officer oversight, facility
security assessments, and uniformed police response.
Our inspectors and special agents receive extensive and
rigorous training at the Federal Law Enforcement Training
Center (FLETC) and in the field. This training ensures that our
law enforcement personnel are able to effectively respond to
tens of thousands of calls for service received annually by the
FPS and conduct thorough, comprehensive facility security
assessments in FPS-protected facilities.
The Facility Security Assessments (FSAs), document
security-related risk to a given facility and provide a record
of countermeasure recommendations designed to enable tenant
agencies to meet Interagency Security Committee standards for
Federal facility security. Throughout the FSA process, FPS
works with stakeholders to identify and gather all necessary
information for characterizing the risks unique to each
facility. FPS then builds a consensus with tenant agencies
regarding the type of physical countermeasures and number and
type of guard posts staffed by FPS-contracted Protective
Security Officers (PSOs) appropriate for each individual
facility.
Approximately 13,000 FPS-contracted PSOs staff guard posts
at FPS-protected Federal facilities. PSOs are responsible for
controlling access to Federal facilities, detecting and
reporting criminal activities, and responding to emergency
situations. PSOs also ensure prohibited items, such as
firearms, explosives, knives, and other dangerous weapons, do
not enter Federal facilities. In fact, FPS PSOs stop
approximately 700,000 prohibited items from entering Federal
facilities every year.
FPS partners with private sector guard companies to ensure
that the guards have met the certification, training, and
qualification requirements specified in the contracts covering
subject areas such as crime scene protection, actions to take
in special situations such as building evacuations, safety, and
fire prevention, and public relations.
All PSOs must undergo background investigation checks to
determine their fitness to begin work on behalf of the
government and are rigorously trained. However, it is important
to note that PSOs are not sworn law enforcement officers.
Rather, PSOs are employees of private security companies, and
FPS does not have the authority to deputize PSOs in a law
enforcement capacity. An individual PSO's authority to perform
protective services are based on State-specific laws where the
PSO is employed.
To ensure high performance of our contracted PSO workforce,
FPS law enforcement personnel conduct PSO post inspections and
integrated covert test activities to monitor vendor compliance
and countermeasure effectiveness. Additionally, vendor
personnel files are audited periodically to validate that PSO
certifications and training records reflect compliance with
contract requirements. In fiscal year (FY) 2013 alone, FPS
conducted 54,830 PSO post inspections and over 17,000 PSO
personnel file audits.
The Federal Protective Service is committed to providing
safety, security, and a sense of well-being to thousands of
Federal employees who work and conduct business in our
facilities each day.
We continuously strive to further enhance, integrate, and
transform our organization to meet the challenges of an
evolving threat landscape and have recently made significant
progress toward closing out outstanding the Government
Accountability Office (GAO) recommendations pertaining to FPS
operations. In fiscal year 2013 alone, FPS submitted
documentation to the GAO for closure and consideration
pertaining to 13 GAO recommendations including FPS strategies
to enhance its human capital planning and improve tenant
communication. Of those presented, six were successfully closed
as implemented, and seven are pending GAO's internal review for
closure.
Significant progress has also recently been made toward
closing longstanding GAO recommendations related to FPS'
handling of PSO training and oversight. While challenges
undoubtedly remain, FPS has successfully closed six outstanding
recommendations directly related to this program area and is
pending GAO's internal review process for closure consideration
for two more.
We have also made advances toward addressing
recommendations relative to our risk-assessment methodology.
Specifically, FPS designed its FSA process to meet the
requirements of the ISC's Risk Management Process for Federal
Facilities and, to ensure that stakeholders have an
understanding of the threats they face, FPS has begun to
provide a Threat Assessment Report as part of each FSA. Going
forward, FPS will continue to work with the ISC to explore
consequences and impacts in the context of Federal facility
security assessments and explore the inclusion of consequences
into the FSA process.
In closing, I would like to acknowledge and thank the
distinguished Members of this Committee for the opportunity to
testify today, and I would be pleased to answer any questions
you may have.
Chairman Carper. Thank you, General.
Mr. Lewis, welcome. Good to see you. Please proceed.
TESTIMONY OF STEPHEN F. LEWIS,\1\ DEPUTY DIRECTOR FOR
PERSONNEL, INDUSTRIAL AND PHYSICAL SECURITY POLICY, DIRECTORATE
OF SECURITY POLICY AND OVERSIGHT, OFFICE OF UNDER SECRETARY OF
DEFENSE FOR INTELLIGENCE, U.S. DEPARTMENT OF DEFENSE
Mr. Lewis. Good morning. Thank you, Chairman Carper,
Ranking Member Coburn, and Senator Heitkamp. I appreciate the
opportunity to be here today to address the practices and
procedures in the Department of Defense regarding facility
security. I am Steve Lewis, Deputy Director of the Security
Policy and Oversight Directorate in the Office of the Under
Secretary of Defense for Intelligence, and I am here today on
behalf of Dr. Michael Vickers, the Under Secretary of Defense
for Intelligence, or (USD(I)).
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Lewis appears in the Appendix on
page 205.
---------------------------------------------------------------------------
The USD(I) is the Principal Staff Assistant to the
Secretary and Deputy Secretary of Defense for security matters
and is responsible for setting overall DOD physical security
policy. In this role, the USD(I) provides security policy
standards for the protection of DOD personnel, installations,
facilities, operations, and related assets.
Within the Department, the USD(I)'s security
responsibilities are complemented by those of the Assistant
Secretary of Defense for Homeland Security and Americas'
Security Affairs, who is responsible for the DOD Antiterrorism
Program.
In the wake of the tragic Washington Navy Yard shooting
incident, the Secretary of Defense initiated concurrent
internal and independent reviews to identify and recommend
actions that address gaps or deficiencies in DOD programs,
policies, and procedures regarding security at DOD
installations. The reviews also cover the granting and renewing
of security clearances for DOD employees, military service
members, and contractor personnel.
In order to address the Department's facility security
policies and practices, it is first important to describe the
requirement for military commanders, or their civilian
equivalents, to conduct a comprehensive security evaluation of
a facility or activity. The purpose of this evaluation is to
determine the ability of the installation to deter, withstand,
and recover from the full range of adversarial capabilities
based upon a threat assessment, compliance with established
protection standards, and risk management. Based upon the
results of these evaluations, active and passive measures are
tailored to safeguard and prevent unauthorized access to
personnel, equipment, installations, and information by
employing a layered security concept known as ``security-in-
depth.''
The Department requires the development and maintenance of
comprehensive plans to address a broad spectrum of natural and
manmade scenarios. These include the development of joint
response plans to adverse or terrorist incidents, such as
active shooters and unauthorized access to facilities. Military
commanders, or their civilian equivalents, using risk
management principles, are required to conduct an annual local
vulnerability assessment and are subject every 3 years to a
Higher-Headquarters Assessments, such as the Joint Staff
Integrated Vulnerability Assessment (JSIVA).
The Department has worked very hard to foster improvements
that produce greater efficiencies and effectiveness in facility
security. In its continuing efforts to harmonize its facility
security posture with other Federal departments and agencies,
military commanders located in DOD-occupied leased facility
space--primarily those not on a DOD installation, must utilize
the Federal Interagency Security Committee's Risk Management
Process for Federal Buildings. This effort includes the
incorporation of the ISC's physical security standards in DOD
guidance, for example, the Unified Facilities Criteria.
DOD also participates in various interagency fora such as
the Interagency Security Committee, along with representatives
from the Department of Homeland Security and many other Federal
agencies and departments. These fora enable the sharing of best
practices, physical security standards, and cyber and terrorist
threat information in support of our collective resolve to
enhance the quality and effectiveness of physical security of
Federal facilities.
We also have various ongoing initiatives across the
Department to enhance facility security, such as the
development of an Identity Management Enterprise Services
Architecture (IMESA). IMESA will provide an enterprise approach
to the sharing of identity and physical access control
information and complement ongoing continuous evaluation
concept demonstration efforts. IMESA will provide real-time
vetting of individuals requiring unescorted access to DOD
facilities, and these will be run against DOD, Federal, State,
and other authoritative data sources. IMESA users will be able
to authenticate individuals' access credentials and fitness to
enter the facility. We believe that IMESA will vastly enhance
the security of DOD personnel and facilities worldwide.
Thank you for your time. I am happy to take your questions.
Chairman Carper. Thank you, Mr. Lewis. I am going to call
on Dr. Coburn for the first questions, and then I will yield to
Senator Heitkamp and then follow her. Dr. Coburn.
Senator Coburn. General Patterson, go through again the GAO
recommendations that you all have now met and when they were
met, because my understanding was that of the 26 GAO
recommendations between 2010 and 2012, prior to the Navy Yard
shooting, only four of those had been acted on. Is that
correct?
General Patterson. No, sir. I can get you a listing of all
of the specific recommendations.
Senator Coburn. In your testimony, you listed several.
Would you do that again for me?
General Patterson. I do not think I listed them
specifically, sir.
Senator Coburn. You said numbers, and that is the numbers I
want.
General Patterson. Yes, sir, and I can get you the
specifics behind the different recommendations. I do not have
the recommendations before me right now. But the numbers are
accurate.
Senator Coburn. But there were 26 outstanding GAO
recommendations between 2010 and 2012.
General Patterson. I would have to find that, sir.
Senator Coburn. And four of them had been acted on and
accomplished based on their recommendations, and you gave a
litany of others that you have acted on.
General Patterson. Yes, sir. I was giving you a general
oversight of the number that we had been----
Senator Coburn. Yes, well, go back to your testimony and
give that to me again, would you?
General Patterson. Yes, sir, I sure will.
In 2013, FPS submitted documentation to the GAO for closure
and consideration pertaining to 13 GAO recommendations
including FPS strategies to enhance its human capital planning
and improve tenant communication. Of those presented, six were
accepted and closed as implemented, and seven are pending GAO's
internal review for closure.
Senator Coburn. So that is half of them, of the 26.
General Patterson. Yes, sir.
Senator Coburn. So my question to Secretary Durkovich: Were
you aware at the National Protection and Programs Directorate
that there were 26 outstanding recommendations made by GAO and
that up until the first of 13, only 4 had been acted on?
Ms. Durkovich. Thank you for the question. Yes, I am aware
of the various GAO recommendations that are open and that have
been closed. Just from a more high level standpoint, the
Department has initiated an overall effort to make sure that
all of the open GAO recommendations that the various components
and subcomponents work closely with GAO to address those
recommendations and to take steps to close them. So----
Senator Coburn. When did you all initiate that?
Ms. Durkovich. So as recommendations are provided to us by
GAO, we begin our work to----
Senator Coburn. I understand that, but you just said you
initiated a process where they would be addressed.
Ms. Durkovich. That is a standard process within the
Department. Again, when we receive a recommendation from the
GAO, first of all, we have to submit a letter about whether we
agree or disagree with the recommendation----
Senator Coburn. Right. I understand that.
Ms. Durkovich [continuing]. And that begins the process. I
do not have specific oversight over the FPS recommendations. As
the Assistant Secretary for the Office of Infrastructure
Protection, I handle the recommendations that are specific, for
example, to my programs, including the ISC. So we have five
open GAO recommendations, and we work very closely to document
what we are doing to address those recommendations and provide
regular updates to the GAO through letters to, again, document
what we are doing and the timeline for which we think that we
will meet the mitigation measures or the measures that we have
taken to address the recommendations.
Senator Coburn. See if I have this right, because I may
not. The Interagency Security Committee does not monitor
agencies for compliance. Is that correct?
Ms. Durkovich. Based on the Executive Order, departments
and agencies shall comply with the standards that are produced
by the Interagency----
Senator Coburn. I understand that.
Ms. Durkovich [continuing]. Security Committee.
Senator Coburn. But what I am asking is they do not monitor
the individual agencies to see if they are in compliance. There
is an Executive Order----
Ms. Durkovich. We do not specifically----
Senator Coburn [continuing]. That says the agencies are
supposed to do it, but ISC does not monitor to see that that
happens. Is that correct?
Ms. Durkovich. That is correct, yes.
Senator Coburn. And it is the responsibility of each
individual agency to make sure they comply with that.
Ms. Durkovich. Yes. Based on the Executive Order, yes, sir.
Senator Coburn. So let us go back to FPS for a second. How
is it that your agency is complying with the standard set by
the ISC?
General Patterson. Well, sir, we do work with our Federal
partners as we go in and do assessments. We will make
recommendations as they are outlined by the ISC, and for a
variety of reasons, a Federal partner may or may not be able to
implement. It could be because of cost. It could be because of
a variety of things that they may decide that they cannot meet
those specific recommendations.
However, once we do understand that they are not able to,
we have tried to work with them to try to mitigate those
shortfalls as much as we can. So it is not as if we walk away
from that.
Senator Coburn. No. I am not saying that. I am just--for
example, active-shooter training, all right?
General Patterson. Yes, sir.
Senator Coburn. A large proportion of our officers that we
either contract or have are not trained.
General Patterson. Yes, sir, and if I may explain, there is
a reason for that, and the reason is because historically, as I
stated in my testimony, active-shooter response, not awareness
but active-shooter response, has been a function of law
enforcement, period. Our PSOs are not law enforcement
officials. And so to put them in a position to where they are
responding as a law enforcement officer requires at least our
coordination with the State, and there has to be some
contractual agreement that they will respond in that manner.
Now, because we recognize that in some instances our PSOs
will be the only folks in a particular position to respond in a
prompt manner, we are now working with the National Association
of Security Companies (NASCO), to look at how we can provide
training to where they can apply some response. But the bottom
line is we still want law enforcement folks to respond because
that is where they are trained. We spend any number of hours
with our inspectors and our agents in learning how to respond
to an active-shooter situation, and we have not done that with
our PSOs. So we have to find out what the happy medium is here
so we do not put our PSOs in harm's way as well. So we need to
find out what the right level of training would be for them in
order for them to respond effectively.
Senator Coburn. So we have security personnel at Federal
buildings, but if we have an active shooter, we do not want
them to respond; right now they are not trained in a way to
handle that situation.
General Patterson. Here is what they are trained in, sir:
They are trained to protect the people and to keep people from
coming in the building so that they do not enter harm's way.
They are also trained to help people evacuate in a very timely
manner. And if, in fact, they are approached or come in contact
with a shooter, they are trained to engage.
What they are not trained in is to go find the shooter and
then take action.
Senator Coburn. So they are trained to engage?
General Patterson. They are trained to engage. Yes, sir.
Senator Coburn. And all of them are?
General Patterson. Yes, sir.
Senator Coburn. OK. I am past my time. Thank you.
Chairman Carper. Thank you. Senator Heitkamp.
Senator Heitkamp. Thank you, Mr. Chairman.
The first obligation of any employer is safety. I think you
will find that in a lot of facilities across the country,
whether they are a manufacturing plant or a processing plant of
any type or even in a major office. It is not only good
employee management, it actually saves a lot of money. And I
think this Committee is deeply concerned about the safety of
public employees in buildings, and certainly the Navy Yard is
yet again another example where we do not live in a perfect
world, but were there things that could have been done, that
should have been done differently that would have either
prevented it or limited the deaths once the shooting began?
I want to go back to a couple kind of critical points here,
which is even though we have Executive Orders and we have all
of the GAO reports and all the recommendations, it is kind of
like the words get written but no one is responsible for
followup, no one is responsible for implementation, no one is
responsible to the public employees to say yes, we have done
everything that we can, we know what the path forward is that
will enhance your safety. But we just made these
recommendations, and we hope that whoever manages that building
or whoever runs this agency is taking safety as seriously as
what we do.
And so I will tell you I am concerned listening to this
that there does not seem to be a lot of coordination, and even
when there is coordination, there is not a lot of followup in
terms of making sure that these things get done.
I want to go back to maybe what I am not understanding is
the engagement of an active shooter. I chaired a task force
when I was Attorney General (AG) on school safety. We made
everyone in the building have training. Our recommendation,
which was carried out by many schools across this country, is
that we train on what happens if there is an active shooter.
And the person we found out we needed to train, give the
clearest training to, was the woman who answered the phone or
the man who answered the phone at the reception desk. And
obviously in most Federal buildings the first person you are
going to encounter will be someone in uniform, General, that is
under your jurisdiction. And so what recommendations would you
make to change what you are currently doing in an active-
shooter situation?
General Patterson. Yes, ma'am. As an agency we have thought
long and hard about this. We have been working very diligently
with our vendors to take a look at where we need to be in
helping them and helping us to understand: how do we go forward
and proceed forward now in the training? What training do we
need to provide, what level of training do we need to provide
for our PSOs?
Senator Heitkamp. Have you considered that maybe someone
who is law enforcement trained and authorized to engage at a
much higher level should be on duty, not always to do the
scanning and the screening and, the kind of day-to-day but have
someone there who actually has a role in providing protection?
General Patterson. Yes, ma'am, we would love to. I have
about 600 inspectors who are law enforcement officials who are
in a number of our buildings on a regular basis. But we have
thousands of buildings, so I cannot put law enforcement folks
in every building.
We have great relationships, with State and local
authorities that we can call on very quickly to respond if we
have a problem. But at this point, ma'am, I do not have the
resources that would allow us to put a law enforcement
individual in these facilities.
Now, there is a possibility that we could possibly deputize
some of our contractor personnel. However, that would clearly
be more costly, and we would have to figure out how we would do
that.
Senator Heitkamp. It is troubling that there does not seem
to be a lot of kind of creative thinking on how we can use the
resources we have more effectively to protect folks. And, Mr.
Lewis, obviously this is a great tragedy, and I know very many
people within your sphere are still dealing with the extent of
this tragedy. But I would suggest that maybe the best way we
can deal with this tragedy is assure people we have learned the
lessons. And so can you tell me what lessons your agency has
learned from this? I know you are undergoing this review, but
give us a little peek into what the thinking is right now.
Mr. Lewis. Well, since we talked a little bit about active-
shooter awareness and training, within the Department we have
incorporated active-shooter awareness into the antiterrorism
level one training. So that has been introduced throughout the
DOD population.
In addition, we have published Workplace Violence and
Active Shooter Prevention and Response, and this was in
response to the Fort Hood incidents. So we have measures in
place to not only deal at an awareness level but in terms of
response within the Department.
Since the Washington Navy Yard tragedy, we have really
focused on continuous evaluation of our cleared and vetted
personnel, so not just people who have security clearances but
also people who are eligible to have access to DOD
installations. And you can do the best investigation possible,
but things change in people's lives over time. And we have to
be constantly aware of what those changes are, and we have
established a pilot on continuous evaluation, which is going to
do queries, automated queries of public and DOD records to look
for issues of concern. And this is an ongoing effort. We are
trying to expand it to include individuals who are visiting
installations on a fairly regular basis. That was the IMESA
initiative that I mentioned, which would, in an automated
fashion, allow for sharing of information of concern between
DOD facilities so that if a visitor to one DOD installation
presented a problem there for whatever reason, that would be
available to other DOD installations that that person may be
going to visit.
So that is our focus. How do we become apprised of
information as it develops and not wait 5 years or 10 years for
the next reinvestigation?
Senator Heitkamp. If I can just make a comment, I think
honestly I would like to see better coordination, and I would
like to see better followup when GAO has a number of
recommendations that sit around for a number of years, and we
come and we say, ``Well, yes, we are working on it.'' That just
is a constant source of frustration on this Committee. ``We are
working on it,'' or, ``Yes, we are concerned about it,'' does
not cut it anymore, especially when we are talking about safety
of public employees and really the integrity of your missions.
And so I would like to see maybe followup on the GAO
recommendations, what the timeline is for actually getting
those implemented.
Ms. Durkovich. May I take a moment just to address the
coordination issue?
Chairman Carper. Sure. Go ahead.
Ms. Durkovich. And I just want to go back to the
Interagency Security Committee and reiterate that for over the
last 17 years we have had the chief security officers and other
senior executives from 53 different departments and agencies
who participate as part of the committee and look at evolving
threats and evolving hazards and work together to produce
standards and best practices, whether it is on occupant
emergency plans, whether it is on prohibited Federal items in
Federal buildings, whether it is on the training of Federal
Security Committees, and certainly the risk management process
that we released this past August. It is a highly collaborative
body, and while there is not a formal compliance mechanism, the
fact that these 53 chief security officers come together and
work over months to produce these standards, it then becomes
incumbent on them to ensure that their facilities adopt them.
We have some informal soft compliance mechanisms that we
are looking at. There are tools that are in development to help
us better assess how facilities are implementing our standards
and best practices, but I want to dispel the myth that it is
not highly collaborative.
Certainly coming out of the Navy Yard and other incidents
in Federal facilities, we have established an Active Shooter
Working Group, as I mentioned in my opening statement, both
designed to look at what happened at the Navy Yard but to
leverage all of the work that we have done over the course of
the last 6 years in the commercial facility space. We have
online training, we do in-person training, and part of the goal
here is to look at all of the various tools, documents,
trainings that are available right now, to leverage those so we
can bring them to the Federal workplace. I think training is a
very important aspect of this. It is certainly something that
Director Patterson does as part of his responsibilities. But
there are other things, I think, that we can do to augment
that, to answer your question, and to ensure that as we look at
developing, whether it become a best practice or a standard,
that we are encouraging and recommending that we exercise, that
we test the training that we do, that we ensure that there are
documents, that there are marketing materials available to our
employees. But I think that there is a lot that can be done and
that can be leveraged from the work that we have already done
with the commercial facilities sector, and that is certainly
the goal of our Active Shooter Working Group.
Chairman Carper. Senator Heitkamp, we are blessed on this
Committee to have several Members of the Committee who have
served as Attorney General in their own States, and thank you
for bringing that expertise to bear here.
Secretary Durkovich, I am going to ask you to help make
real for me and maybe for some of my colleagues this
Interagency Security Committee. Just cut through the--not that
you are using jargon. Just cut through the Federal verbiage and
just say where did it come from, why did we create it. Just
describe its mission or missions. And maybe more importantly,
how do you think it is working? How do we measure whether it is
working well? How do we measure success? Please, just make it
real for us.
Ms. Durkovich. Absolutely, and thank you for the
opportunity to further explain it. So the Interagency Security
Committee came about after the bombing at the Alfred P. Murrah
Building in Oklahoma City in 1995, with the recognition really
that we had to do a better job protecting our Federal
facilities. Again, almost every department and agency
participates in the Interagency Security Committee, and it is
often the most senior physical security person within that
department, the chief security officer.
We take evolving threats and evolving challenges, and it is
the chief security officers who look at the particular threat
and decide how do we, as a Federal family, best address that
threat and make sure that our facilities are able to mitigate
them. So there is a formal risk management process that the
committee has produced, and it is the standard by which we go
about securing all Federal civilian facilities with the
exception of DOD military installations. And it begins with
determining what is the facility security level. So you look at
a particular Federal facility, and based on what its function
is--is it a headquarters office? Is it a field office? Does it
have historical significance? For example, is the Declaration
of Independence or the Bill of Rights contained in it? Are
there other ancillary functions? Are there child-care
facilities and things? That is what allows us to determine
whether a facility is either a Level 5, which is the highest
level, or a Level 1, which is more of your storefront office.
Then we apply the physical security criteria. So based on
the level and also what we call the design-basis threat
standard, that is 31 undesirable events that we have determined
are most attractive or most likely to happen to a Federal
facility, and it ranges from arson to sabotage to active
shooters and also weather-related events. But based on those
scenarios, what are the right security measures to put in place
at these Federal facilities?
Now, it is a risk-based process, and as you pointed out in
your opening statement, it is difficult at times to apply all
of these because, as you have noted, not all buildings were
built 100 or 150 years ago with a 15-to an 18-foot setback. We
have to think about how you mitigate some of these
vulnerabilities based on the real-world realities. And so we
help provide facilities with options to include bollards,
thinking about blast-resistant windows, but really working them
through this risk management process. The establishment of
facility security committees, and ensuring that the individuals
that sit on those committees have the training that they need
to carry out their duties is a core part of, again, what the
Interagency Security Committee has thought about and how we--
again, when there are unique functions inside a building, how
do we ensure that we are also protecting those functions? And,
again, that is things like child care and other high-priority
efforts.
So that is really the basis for what the Interagency
Security Committee does, and again, thinking about how we keep
those standards fresh, how we recognize that we are living in a
world where our adversaries are highly adaptive. So when we
start to see emerging threats or new trends, again, we bring
the 53 chief security officers together to come up with a
standard to ensure that all Federal facilities at least are
working from a certain baseline, and we are doing that with
active shooter. We are thinking about as we start to see some
of these small-scale complex attacks, how are we accounting for
them? And, again, how do we ensure that we have the measures,
the training? We have done the preparedness so that we can
mitigate the threats.
I do think----
Chairman Carper. Let me just interrupt. Come back--and you
may have said this and I missed it, but, again, how do you
measure success? What metric are we using to measure whether or
not the work of the Interagency Security Committee is
successful?
Second, talk with us about sharing, the sharing of best
practices across the range of the Members who comprise this
committee. Two things.
Ms. Durkovich. Absolutely. So I will answer your first
question by saying I do think that the Interagency Security
Committee has been a success, and I think that if you--and we
have done informal surveys, but if you went out and surveyed
each of the Federal departments and agencies, you will find
that they have implemented all of the ISC standards. If there
is----
Chairman Carper. And you said those standards continue to
be updated. Is that right?
Ms. Durkovich. And they continue to be updated. And, again,
they are the ones who come together to help develop these
standards. We do not have a formal mechanism for measuring what
has been implemented. There is one ISC-approved tool that is in
existence. We are working on approving others. But anecdotally
I would--again, I am confident that all of the member
departments and agencies have implemented the standards, and
when they cannot, they are responsible for coming to us and
telling us why they cannot and the fact that they are willing
to bear that risk.
Chairman Carper. Talk with us about sharing best practices
across departments.
Ms. Durkovich. Absolutely. Again----
Chairman Carper. And how, if at all, this committee
facilitates that.
Ms. Durkovich. One of the benefits of the Interagency
Security Committee is that you may have a chief security
officer who represents a Level 5 facility who can come and talk
about some of the things that they have done. Take, for
example, a headquarters building that sits on Constitution
Avenue. The things that they have put in place to mitigate the
fact that they cannot have a setback, the fact that they use
bollards, the fact that they use, again, blast-resistant
windows. So part of, again, the very nature of the Interagency
Security Committee is the fact that we can bring together and
we can convene these senior-level executives to talk about best
practices. But I think what is unique about what we are doing
with the ISC is it is not just the sharing of Federal facility
best practices, but the fact that for over the course of the
last 6 years, we have been working very closely with the
commercial facilities sector. These are buildings, these are
stadiums, these are venues where the public passes through them
day in and day out, where we have done active-shooter training,
where we have thought about how do you, again, strengthen and
provide layers of security that may not always be obvious to
the public. How do we take those lessons learned, how do we
take those best practices and bring them to Federal facilities
as well?
And so I think as part of the Active Shooter Working Group
that we have stood up, you are going to see a mix of both what
we are doing in the Federal sector but also the lessons
learned, the leading practices that we have developed in the
commercial facilities sector as well.
Chairman Carper. OK. Thanks. Dr. Coburn.
Senator Coburn. Just to followup, I want to put in the
record a letter from the DHS Police Deputy Director of
Operations Kris Cline\1\ that was released November 22, which
is new Active Shooter Guidelines.
---------------------------------------------------------------------------
\1\ The letter from Kris Cline appears in the Appendix on page 254.
---------------------------------------------------------------------------
And I am somewhat confused after reading this, and I do not
understand the engagement. If somebody is with a firearm in a
Federal building and we have a PSO officer there, nothing here
says that they will engage them.
General Patterson. Yes, sir. The original objective and
mission of the PSO was to ensure the safe egress and ingress of
people coming into the facility. It was not to pursue an active
shooter. That has always been the purview of and the ground for
trained law enforcement personnel.
As we have looked at how we might have our PSOs engage, we
were looking at any legal obstacles that we may have to
overcome as a result of that, as well as any State requirements
that they may have to meet as well. So my point in talking
about it is if an armed individual comes into that facility and
they recognize that they are armed and they ask that individual
to please drop their gun or drop their weapon or put the weapon
down and they do not, then they are authorized to engage.
If, in fact, they are clearing the building or trying to
get people out of the building and then they run into that
active shooter, they will engage.
What they are not trained to do is go from room to room
trying to find the individual.
Senator Coburn. I understand that, but I guess my point I
am making from this letter, that is not clear in here. This is
the new requirements for active shooters.
General Patterson. Yes, sir.
Senator Coburn. That is not a clear part of this statement.
General Patterson. Yes, sir. And since that was dated in
November, and in early December, we had a conversation with
most of our vendors, telephonically, to tell them that we would
be coming out with new instructions about how they would engage
and to be prepared for that. So, yes, sir, it is evolving.
Senator Coburn. OK. So right now, if an event happened
today, they would be following this, not what you testified?
General Patterson. No, sir. They would continue to engage.
Their first priority is the safety of the folks that are in
that building. So they are going to keep people from coming in,
and they are going to help folks to get out.
Now, if they come into contact with a shooter, they will
engage. What they will not do today is pursue the active
shooter.
Senator Coburn. I understand that.
General Patterson. Yes, sir.
Senator Coburn. What I am saying is it is not clear to me
in terms of reading this letter that says they will engage.
General Patterson. OK. I will have to take a look at that.
Senator Coburn. Well, this is what you all put out November
22, and that is the important thing.
One other area I want to cover with you, General Patterson.
Do we direct FPS-contracted security to do joint exercises with
local law enforcement? In other words, a dry run--much like
Senator Heitkamp said.
General Patterson. Yes, sir. What we do is when we conduct
an exercise, we conduct a lot of exercises--in fact, we conduct
a number of active-shooter training exercises in Federal----
Senator Coburn. You are missing my point. Do we require our
contractors----
General Patterson. Yes, sir. I was going to get to that.
Senator Coburn [continuing]. To do joint training with
local law enforcement?
General Patterson. Well, they will do it when we do it.
Senator Coburn. No. But I am saying, is it a requirement of
their contract to do joint training with local law enforcement
so that we have dry runs, so that everybody is coordinated,
going back to what Senator Heitkamp said?
General Patterson. Right. Yes, sir. Their exercise will be
part of our exercise as we practice with local law enforcement.
Senator Coburn. OK. But you are not in every one of these
buildings, and you are not going to have an exercise in every
one of these buildings.
General Patterson. That is true.
Senator Coburn. As a matter of fact, that is what the
record shows.
General Patterson. That is true.
Senator Coburn. So is it not the fact that you have
actually directed these contractors not to do joint training
with local law enforcement?
General Patterson. No, I would not say that we have
directed them not to do joint training. The fact is, Senator,
at this point we do not have anything specifically that
addresses joint training with local law enforcement in our
contracts. But I will have to get back with you on that. I do
not have the contract before me, so I would have to take a
look.
Senator Coburn. Senator Heitkamp.
Senator Heitkamp. I was not intending on following up, but
I do want to kind of pick up from where Senator Coburn has
taken the discussion, which is security is--I guess if I can
just say it this way--best done when it is clear that this is a
high priority. And, it concerns me that public employees and
really the public see someone sitting at a desk, and they are
usually uniformed, and there is an assumption that there is a
bevy of powers that comes with that and that there is an aura
of protection that goes with that. And if it does not include
engagement, if it does not include having folks who are at
least capable of some kind of immediate intervention, and if
those roles are not clear, I think we have left the wrong
message with a lot of people in the public.
And so I would like to know--for many of these buildings,
there was not any kind of electronic screening or X-ray
machines at the Navy Yard. Correct?
General Patterson. I do not know.
Senator Heitkamp. You could just walk--I mean, if you
scanned in through the turnstile and, kind of waved and signed
in and that was it, right?
Mr. Lewis. Yes.
Senator Heitkamp. OK. Now, this is a building that has
thousands of public employees. I can understand that if you are
looking at the building that houses the public employees for
the Farm Service Agency in Watford City, North Dakota, you
might not want to put any kind of screening device. But for a
building that houses and employs--where thousands of employees
come, it seems like there might be some cost/benefit in safety
in looking at electronic surveillance. There might be some
cost/benefit in providing law enforcement-trained people at the
front to engage, that we might look at those kinds of
procedures. And I do not hear that today.
I thought I was going to hear that we are looking, doing
cost/benefit analysis, and it is not that my folks in Watford
City are not important. But I do not expect you to hire a law
enforcement-trained guard to protect the one person that works
there. I do not expect that. But I might expect you to think
about doing that in a building that houses thousands of people
in a city that frequently is a target symbolically of terrorism
or these kinds of attacks.
I really would ask you guys to just go back and rethink
what you are saying today about how you can enhance security
looking beyond simply kind of continuing the process that you
have engaged in today.
General Patterson. Ma'am, if I could address your concerns
just for a minute. We are actually doing due diligence in
pursuing this matter. We are working aggressively with the
vendors, one, to look at what authorities the States entitle
them to relative to engagement. We are also looking within the
Department to look at what authorities might be levied where we
could render to these folks relative to legally from the
Federal sector. So we, in fact, are looking at how we might
address this moving into the future, because we realize it is a
concern.
One of the other things that I spend a lot of time doing is
engaging with the Federal executive boards across the country,
looking at what are some of the challenges that they are
having, what are the concerns from their people in these
facilities, and how can we provide better training, more
training, additional training to those folks in the facility as
to how to respond to an active shooter, because that is very
important as well. How do we get people out of harm's way when
they recognize that there is an event in progress?
So I would tell you we are looking at this. We are taking
it very seriously. It may not come across that way in some of
the testimony that we are providing, but I can tell you that we
are spending a lot of time with our contractors, a lot of time
with legal, to find out what is that middle ground, what is
that ground that we can take, because ultimately we have to
figure out who is going to bear the cost of this. And how can
we do this in fundamentally a smart way, an effective way, an
efficient way, but still provide the same result or similar
result of protecting the folks in those facilities?
Senator Heitkamp. All right. Not to belabor this, but it
just seems like if I were looking at this and I was sitting in
any of your shoes, I would say I have 1,000 people that work in
a building in a city that is a target. We do not have screening
devices, and we do not have law enforcement-trained guards.
Maybe we ought to rethink that as a strategy.
Ms. Durkovich. So if I may address that, when we set the
facility security level, as part of the recommended security
practices, if you are a Level 3 or above, for example, we will
at a minimum recommend that there are guards onsite at the
facility. As you move up, so, for example, in any of the
headquarters buildings again that you see along Constitution
Avenue, you will find advanced screening techniques--
magnetometers, you have to run your bags through--similar to
what happened when we walked in the building today.
To your point, as we go down to those storefronts out in
the States, that is where you will not see that level of
security. But based on what your facility security level is,
there is a standard that goes with that security, and that is
part of what the Interagency Security Committee does, is make
recommendations. And, again----
Senator Heitkamp. Secretary, back to that point, you make
recommendations, and there is no mechanism to mandate that
those recommendations are carried out. Is that what we are
hearing today?
Ms. Durkovich. We do not have a formal compliance mechanism
to monitor what has been adopted, yes.
Senator Coburn. If I may, I just want to clarify. General,
what I am asking you specifically on the GAO recommendations is
the dates at which you submitted, the dates that were cleared
on just the 2010 through 2012 GAO recommendations.
General Patterson. 2010 to 2012.
Senator Coburn. And then a question for Secretary
Durkovich. Is it public knowledge what Federal buildings are
rated what? Can I go on a website somewhere and find that out?
Ms. Durkovich. It is not public knowledge.
Senator Coburn. So I could not find----
Ms. Durkovich. We can make that available to you, but it is
not public, no, because it presents a security risk as well.
Senator Coburn. Sure. I understand that. That is why I
asked the question. Thank you.
Chairman Carper. I want to stick with the matter of GAO
recommendations. GAO does very good work. They have a lot of
people, but they have a whole lot of work to do, and they
frankly have not been getting the kind of resources they need
to do all that we are asking them to do.
Just describe for me, one or both of you--we will start
maybe with General Patterson. Explain to us the process. GAO
comes in. They are looking at the work that is being done, how
it is being managed, funded, and so forth. And they make
recommendations. Just describe the process, the give-and-take
before they actually finalize their recommendations, please.
General Patterson. I am sorry. Could you----
Chairman Carper. The process, just describe for us the
process whereby GAO comes in, examines what is being done.
General Patterson. Right.
Chairman Carper. Makes tentative recommendations. You have
the opportunity, I presume, to respond to that, and then they
finalize that.
General Patterson. Yes, sir.
Chairman Carper. What we do here, we use the GAO
recommendations, especially their high-risk lists that they put
out at the beginning of every 2 years. We almost use it as a
to-do list for us as we do our oversight and work in
conjunction with them. Just describe the back-and-forth that
leads to the issuance of a recommendation. I think you said
there were 26 of them that you mentioned?
General Patterson. Yes, sir.
Chairman Carper. And about 13 of them have been responded
to.
General Patterson. Yes.
Chairman Carper. And about half of those 13 have been, if
you will, accepted. I am just interested in the process.
General Patterson. Yes, sir. Well, the process, when the
GAO makes a recommendation, one of the first things that we do
is we sit down with my staff to take a look at what is the
genesis and what is the challenge here and what is the
background on the recommendation. And then we move forward to
look at how we are going to resolve the challenge that GAO has
brought forward.
What I have recognized is that some things we can handle
and move forward pretty quickly. Other things not so, only
because it would require extensive resources and we have to
figure out how we do that.
For instance, one of the challenges that we have is that we
have 13,000 PSOs, guards, that we have oversight responsibility
for, but we do not have the technology right now available to
oversee them when they come to work, when they check in, and
when they leave, to make sure that their certifications are up
to where they need to be and so forth.
So one of the challenges that I have set forth for my staff
and for the agency is to come up with a technology-based system
that will allow us to move forward with that, to figure out
when a PSO is on post, when he swiped in, when he swiped out,
and to ensure that he or she has the proper certifications
because that is one of the challenges that GAO has brought
forward, because we only have 600 law enforcement folks out
there to do this for 13,000 guards, it presents a bit of a
challenge.
These 13,000 guards probably generate about 170,000 records
that we must review over a period of time. So what we are
looking for is an automated process to help with that. So we
are engaged with DHS Science and Technology to help us begin to
look for ways, and some off-the-shelf technology possibly,
recommendations that we can begin to put into place that will
allow us to better oversee these 13,000 guards.
So it is challenges like that that keep us from moving
forward as expeditiously as we would like to.
Senator Coburn. Let me raise a question about that. You
have 13,000 contracted guards.
General Patterson. Yes, sir.
Senator Coburn. And you have 600 people working directly
for you----
General Patterson. Yes, sir.
Senator Coburn [continuing]. That are law enforcement
officers.
General Patterson. Yes, sir.
Senator Coburn. That is less than 22 people a person.
General Patterson. Yes, sir.
Senator Coburn. We need an automated system to do that?
What about random audits? How about firing a contractor who
does not perform?
General Patterson. We do random audits, sir. Every one of
my regions is responsible for doing 10 percent to 20 percent
random audits per month. Part of the challenge, though, sir, is
that because there are so many records, we can do an audit
today, but tomorrow or within the next month, the individual
may lose his certification based upon expiration of time or
having to recertify and so forth. So allowing us to automate
our records would help us tremendously in better overseeing
this process.
Senator Coburn. Why should you automate it? Why shouldn't
you force your contractors to automate it and present it to
you?
General Patterson. That is an option, yes, sir.
Senator Coburn. It is not an option. It is the only common-
sense thing you would do. If you want to contract with the
Federal Government, you will demonstrate that the people that
you have there are certified and compliant. And then you audit
whether or not they are telling you the truth rather than spend
a whole bunch of money, us running all 13,000 people when they
are really not our employees. They are contract employees for
somebody that took a contract to guard a building. Again, it
goes back to contracting.
General Patterson. Yes, sir.
Senator Coburn. Putting in the contract what you expect of
the contractors to supply, which is certified people doing
their jobs.
General Patterson. And many of the contractors do have an
automated process. However, from time to time we do find
discrepancies in their recordkeeping.
Senator Coburn. Good. So then you would fire that
contractor, and that is what you put in the contract as a
reason for you to lose the contract, and oh, by the way, we
will have somebody else to have this contract next time.
General Patterson. Yes, sir.
Senator Coburn. These are not non-lucrative contracts. They
are making money off of every hour every guard works.
Chairman Carper. I want to----
Senator Coburn. I ask unanimous consent that this be made
part of the record.
Chairman Carper. Without objection, this letter\1\ will be
made part of the record.
---------------------------------------------------------------------------
\1\ The letter referenced by Senator Coburn appears in the Appendix
on page 254.
---------------------------------------------------------------------------
Chairman Carper. I want to pivot a little bit here and just
say as a defense contractor with a valid Department of Defense
ID card, Aaron Alexis was allowed access to the Washington Navy
Yard, as we know. And like many employees in other workplaces,
he was considered a trusted employee, not screened for any
weapons. Unfortunately, workplace violence continues to be a
threat.
I just want to start with you, Mr. Lewis, if I could here,
but could each of you answer really the following two
questions? The first question is: Do you believe that we should
consider screening employees as well as visitors at Federal
facilities?
Second, is there any potential downside to screening
employees? And I would like for each of you to answer that. Mr.
Lewis, if you would start first.
Mr. Lewis. Current DOD policy does not require that type of
screening where someone goes through a metal detection device.
But it does allow for random selection of individuals for that
type of screening. So there are procedures in place, there is
the option in place, and again, we rely on the judgment of the
installation commander to make a determination as to what is
appropriate under the local circumstances.
The drawback to screening every employee coming through is
the negative impact on mission accomplishment, and there are
facilities where there are 10,000 employees coming through
often in roughly the same window, and screening every single
employee would be disruptive to getting the work done. And that
is the balance, factoring in cost and mission accomplishment
against screening every employee.
Chairman Carper. All right. Thank you.
Mr. Patterson.
General Patterson. Yes, sir. I think it is something I am
sure can be considered. We put a lot of trust in the system
that we have. We put a lot of trust in the fact that we do
background investigations, and once a background investigation
is completed, we believe that the individual that has received
that background investigation is trustworthy.
So if we decide that we do not believe in that background
investigation, that may be the time we start looking at a
system where we screen all of our employees as they come in. It
is a way to begin to mitigate, some of the risk, but, again, I
think it would be something that we would have to think through
very carefully.
I know that in some of our facilities we have both. In the
Department of Transportation (DOT), they screen everybody in
their headquarters building. In other facilities, they only
screen the visitors that come through. So to date, in most of
our facilities we have not had a problem with our employees or
with the folks who have been screened.
If we decide that we are going to screen, then it might be
a bit of a challenge only because it is a new process, and that
process will require a longer processing time for our folks to
get through. So we would have to carefully work with GSA and
others in how we organize that flow because at 8 o'clock in the
morning when you have literally hundreds of people entering a
building and when they are accustomed to just moving through
and showing their badge based upon a security clearance, it
could create a challenge.
Chairman Carper. All right. Secretary Durkovich, same
question, please.
Ms. Durkovich. So as I mentioned, the Interagency Security
Committee has put some thought through at least how we go about
screening visitors as they enter into our Federal facilities,
and part of that is based again on the facility security level.
I would agree with my colleague Director Patterson in that we
have to have trust in the system. And at the Department of
Homeland Security, in addition to evaluating who has
clearances, we also ensure that employees and contractors who
are affiliated with the Department also undergo a suitability
determination.
I think in order to ensure that there is not a negative
impact on the mission, and we have to account for the fact that
there are resource implications but opportunity costs
associated with screening employees that, I think the system
that we have in place works overall. And unfortunately we do
have incidents where I think it is incumbent on us to look at
those incidents and to make sure that we are leveraging the
lessons learned so we make sure that it does not happen again.
But I think that overall there is a downside to screening
employees. As you know, sir, from your oversight of the
Department, we all have taken on an awful lot of work to ensure
the safety and security of the American people and that its way
of life can thrive, and that any impediment or obstacle to
allowing our employees to do their important job every day is
an impact on the mission. And we have processes in place that
allow us to ensure that we have employees who represent the
highest standards and that we should continue to trust in that
system as opposed to screening everyone.
Clearly, at certain facilities we do have measures in
place, as Director Patterson recognized. When I got to the
Nebraska Avenue Complex (NAC) every day I have to show--not
only swipe my badge but show my badge. There is a physical ID.
If I am bringing a vehicle on to the premises, there are dogs
and there are vehicle searches that happen. So there are,
again, depending on the level of facility, different layers of
security. But in terms of actually putting people through, no.
Chairman Carper. OK. Thanks.
Before I recognize Senator Ayotte for any questions she
might like to ask, let me just ask one last quick question, and
I will ask you to be very brief.
Some of you have been before us before, and I like to ask
so much of what you are expected to do and those who work for
you are expected to do to meet your responsibilities. What can
we do here, just maybe give me one good idea of what can we do
in the legislative branch to better ensure that you are able to
meet the responsibilities that have been placed on you for
workplace protection.
And while you are thinking about that, I will just mention
this. Today Senator Ayotte and I and our colleagues are
debating a budget resolution, if you will, a framework for a
spending plan for the Federal Government for the balance of
this fiscal year. It does a number of things. I think there are
three things we ought to do for deficit reduction, at least
this makes it really simple:
No. 1, entitlement reform that saves money, saves the
programs, does not savage old people or poor people;
No. 2, tax reform that eliminates a number of our tax
expenditures. We have a lot of them, some of which have met
their purpose, have long met their purpose, and they need to be
retired or modified. But use some of the revenues that we
generate to reduce corporate tax rates and use some of the
revenues for deficit reduction;
No. 3, just look at everything we do and say across the
Federal Government how do we get better results for less money
for everything we do.
Those are three things that I continue to harp on, but one
of the things that we do with the budget resolution, if you
will, an omnibus appropriations bill, or separate
appropriations bills that follow, is that we move away a little
bit from sequestration, across-the-board cuts, to allow
agencies and departments to better say this is the way we need
to allocate resources. Hopefully that is something that will
enable us to look at risk, look at areas of risk, put more
money there, and areas of less risk, because able to put less
money there. But in terms of what we can do to help you do your
work better, each of you just give us one good idea, and just
be very brief.
Ms. Durkovich. I will start, and in some ways, sir, you
have answered my question, or you have given my response, and
it is recognizing that in this country there are a number of
risks that we face. It is a large country, and part of the
conversation that we have to have as both the Department of
Homeland Security, as an administration, as law makers, and
with the American public is we cannot mitigate every threat.
And so it is our understanding that those are going to have the
most significant consequences and ensuring that we are having a
conversation about how we go about mitigating them, that we
have the resources, the personnel to go about doing that. So
having the conversations that we have today and over the course
of time is I think what is critical.
You have already taken steps by moving away from
sequestration. That will be helpful to us as well. But, again,
I think that recognizing that we have to manage risk and that
we cannot prevent every incident, and as long as we are
adapting, that is what is key.
Chairman Carper. OK. Thank you. General.
General Patterson. Yes, sir. The Federal Protective Service
is in----
Chairman Carper. I am going to ask you to be very brief.
General Patterson. Yes, sir FPS is--in a fairly unique
position in that we have to work and weave our way through both
State, local, Federal, and civilian contractor environments,
and we do that with a very small force. Your support in helping
us to move through and navigate through some of those areas is
critical, because we are trying to look out and predict, what
is coming down the road to keep our people safe, and we really
need the support of folks like yourself and this Committee to
help us work through some of these challenges.
Chairman Carper. All right. Thank you.
Mr. Lewis, same question. A very brief response, please.
Mr. Lewis. We believe that continuing to evaluate those
employees who have access to classified information and to our
facilities is critical, and we need to have the resources to be
able to conduct those evaluations, and we need to have access
to records that are sometimes publicly available, sometimes not
publicly available, in order to do those evaluations. And
general support for that approach to doing business I think is
essential.
Chairman Carper. All right. Thanks. Thanks so much.
Senator Ayotte, welcome. Before you arrived, I was saying
to Senator Heitkamp who was here that we are blessed in this
Committee to have not one, not two, not three--we used to have
four with Jeff Chiesa--Attorney Generals, former State Attorney
Generals on this Committee that really add a great deal of
expertise in this particular area. So welcome.
Senator Ayotte. Well, thank you, Mr. Chairman. I want to
thank the witnesses for being here.
I wanted to followup with you, Mr. Lewis, and ask you about
how other DOD policies might affect the security clearances at
facilities and then those who can gain access to them, in
particular, just a thought of whether there are any DOD
regulations that need to be reviewed or revised, for example,
the current discharge regulations and how they are implemented.
As I understand it, in the case of Mr. Alexis, had he been
dishonorably discharged, that would have raised a flag, and
that obviously would have gone right directly to his fitness to
hold the security clearance.
Could you help me understand, in light of this case, is
this something that we need to think about? And one of the
things that I am wondering about as well is the whole breakdown
with the reach-out. Obviously that was beyond--but is there
anything that we need to do on the mental health end here
looking back on this? And I understand that 20/20--it is always
20/20 when you look back at something and you can see things
that you did not see at the time. But what I am trying to
understand, is there anything that we need to look at
internally on those two issues from the DOD perspective or
anything we can do--I also serve on the Armed Services
Committee--working jointly, the committees, that we should be
doing?
Mr. Lewis. I do not believe that there are issues with how
the discharges occur, and not to get into specifics, but
generally based on what was known at the time of the discharge,
it was not considered to be an unusual determination as to an
honorable discharge in that particular case.
But the larger issue is how do we collect--how do we
identify and collect relevant information that allows us to
constantly adjust our perspective about cleared individuals and
individuals who are in trusted positions? And that is really
the challenge.
I hate to keep blowing the same horn, but the continuous
evaluation process of not just collecting the information but
having the staff available to evaluate the information and take
action on that information, to me that is the real issue here.
Senator Ayotte. Well, I appreciate it. Then, of course,
Senator Collins, Senator McCaskill, Senator Heitkamp, and I
also have one where there would be random checks that I think
is important as well, after you receive your security
clearance. It is a pretty lengthy period right now upon which
there is a review unless there is a reason that something is
flagged.
I wanted to ask also, General Patterson, what do you see as
we look at this whole situation now with what is happening at
the Navy Yard that you are already implementing to make sure
that we do not find ourselves in the same situation? We can
obviously legislate, but I know you are reviewing the whole
situation and understanding what steps you are already taking
in a positive fashion that you can talk about here?
General Patterson. Yes, ma'am. Within the Federal
Protective Service, we are working very closely with our
Federal partners to look at processes and procedures for folks
coming and going into Federal buildings. But we are also
looking at our communications processes as well. One of the
challenges during the Navy Yard was just the fact that so many
agencies responded, just the level of communication and how do
you do that. And so we are looking aggressively at how we do
that, not just in the Washington, DC, area but across the
United States, because in a crisis situation, communication
becomes critical, and as such, good, timely communications is
essential, hopefully, to a positive result.
So we are looking in a variety of areas and taking lessons
from the Navy Yard as to how we improve processes across the
spectrum within the Federal Protective Service.
Senator Ayotte. Thank you very much.
I also wanted to ask you, General Patterson, is it accurate
to say that FPS does not use a risk assessment tool consistent
with the Interagency Security Committee's standards? I am
trying to understand where we are with this, and I know that
there was also a report from GAO that FPS' interim facility
assessment tool was not consistent with the assessment
standards because it excludes consequence from assessments. And
I want to understand if there is a difference, why is it there?
Is it something that we should be more uniformly putting in
place? Or is there a reason for it?
General Patterson. There is a reason, and we have just
built the Modified Infrastructure Survey Tool (MIST), and that
particular tool was developed with the Infrastructure
Protection folks, within the Department who had developed a
tool over a period of about 6 or 7 years. And we thought that
this was a tool that we could modify because it brought what we
believe are all of the areas of the ISC requirements to bear.
Now, with our tool we look at specifically vulnerability.
That is what the tool is structured for, to look at the
vulnerability of a facility. Separate from the vulnerability
piece, we also do a threat assessment. We connect with the
Joint Terrorism Task Force (JTTF), with local law enforcement,
with any number of agencies out there to get what we believe is
a very in-depth, comprehensive perspective on the threat that
we also provide to our Federal partners.
The piece that is not part of the process is the
consequence piece, and it is not part of that process because
we have not figured out how to do that yet within a Federal
facility.
Senator Ayotte. What does that mean? Just so we understand.
General Patterson. Well, that is one of the things we are
working with the ISC to help us better define. When you are
asking for a consequence within the Federal sector, what is it
you are looking for?
We know that when we help a Federal partner to begin to
pull together and understand their emergency occupancy plans,
we help them to understand and we go through the consequence
piece, and when they are looking at establishing the facility
security level, we are also looking at the consequence piece
there. We have not figured out yet how to incorporate that in
an automatic method that will allow us to provide a reasonable
and rational meaning to consequence to, let us say, 10 tenants
of a leased facility. We are fairly certain that folks like the
IRS and Social Security and others have stepped through the
consequences of losing a facility in the event something
happened to the facility. But we have not figured out yet how
to incorporate that into a tool, and that is something we are
working with the ISC to figure that out.
Senator Ayotte. OK. I appreciate your answer, and I want to
thank all of you. We look forward to working with you on this
important issue. Thank you.
Chairman Carper. Thank you, Senator Ayotte.
At this point I am going to excuse this first panel of
witnesses and thank you again for being here. Thanks for the
work you are doing.
I would just say as you head back for work from here, just
keep in mind all those people, the hundreds of families who
lost loved ones in Oklahoma City in that bombing. Keep in mind
those at Fort Hood who lost their loved ones. Keep in mind, if
you will, the families of the 12 men and women who died at the
Washington Navy Yard. And just think of them as they celebrate
Christmas or some other holidays, the families sitting around
the Christmas tree, their dining room table, and there is
somebody missing.
We need to do our dead level best every day to ensure that
those number of empty chairs, people that are not around
because of a tragedy like the ones I have just mentioned, keep
them in mind, keep their families in mind and let that just
energize our efforts going forward. This is not just about
process. This is not just about GAO recommendations and
complying with those recommendations. This is about saving
people's lives and making sure they have a good life and a
chance to share that life for a long time with their families.
Take that with you. Thank you. [Pause.]
To our second and final panel, welcome. We are glad you
could join us. Let me just very briefly introduce you, and then
we will welcome your statements and have a chance to ask some
questions.
Our first witness is Mark Goldstein. Mark is the Director
of Physical Infrastructure Issues for the U.S. Government
Accountability Office, as we mentioned earlier, is the
investigative audit arm of the U.S. Congress. We are grateful
for the work that you and your colleagues do. Mr. Goldstein is
responsible for GAO's work in the area of government property,
critical infrastructure, and telecommunications.
At the request of this Committee and I think other
congressional committees, GAO has conducted 12 reviews of
Federal facility security since the Federal Protective Service
became part of the Department of Homeland Security in 2003. GAO
reports have focused on oversight of contract guards, facility
risk assessments, cooperation with local law enforcement,
planning and budgeting for security, and challenges hampering
the protection of Federal agencies.
Our second witness is Stephen Amitay. Is the emphasis on
the first syllable?
Mr. Amitay. Yes.
Chairman Carper. Oh, good. Amitay. Stephen Amitay,
Executive Director and General Counsel for the National
Association of Security Companies. Mr. Amitay has led the
association's efforts working with Congress, with Federal
agencies, and the Government Accountability Office on programs,
on legislation, and other issues related to facility security
since 2006.
Our final witness is David Wright. Mr. Wright is the
President of the National Protection and Programs Directorate
Union, American Federation of Government Employees. Mr. Wright
has served in his present capacity I believe since 2006, and
Mr. Wright is a 27-year veteran of the Federal Protective
Service. His last 12 years he served as an Inspector, performed
myriad responsibilities necessary to that position, from
responding to crimes to overseeing contract guards to
performing facility security assessments. Mr. Wright brings a
wealth of field experience before this Committee, and he has
worked with the agency and Congress to find solutions to many
of the challenges that face the Federal Protective Service. We
thank you for all of that.
We welcome you all. You will each be invited to summarize
your prepared statement. We would ask you to take about 5
minutes, and your entire statement will be made part of the
record, as I indicated to the first panel. So thank you for
joining us today.
Well, let me ask a question. Here is the first question:
Were you all here for the first panel? Raise your hand. Ah,
good. OK. That is great. Thanks. Thanks for staying for yours.
All right. You are recognized, Mr. Goldstein.
TESTIMONY OF MARK L. GOLDSTEIN,\1\ DIRECTOR, PHYSICAL
INFRASTRUCTURE ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE
Mr. Goldstein. Thank you, Mr. Chairman and Members of the
Committee. Thank you for the opportunity to testify this
morning on issues related to the Federal Protective Service and
the protection of Federal buildings.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Goldstein appears in the Appendix
on page 210.
---------------------------------------------------------------------------
As part of the Department of Homeland Security, the Federal
Protective Service is responsible for protecting Federal
employees and visitors in approximately 9,600 Federal
facilities under the control and custody of the General
Services Administration. Recent incidents at Federal facilities
demonstrate their continued vulnerability to attacks or other
acts of violence. To help accomplish its mission, FPS conducts
facility security assessments and has approximately 13,500
contract security guards deployed to Federal facilities.
My testimony this morning discusses challenges that FPS
faces in, first, ensuring contract guards are deployed to
Federal facilities and properly trained; and, second,
conducting risk assessments at Federal facilities. It is based
on GAO's work issued from 2008 through 2013 on FPS' contract
guard and risk assessment programs and preliminary results of
GAO's ongoing work to determine the extent to which FPS and
select Federal agency facility risk assessment methodologies
align with Federal risk assessment standards. Our findings are
as follows:
First, FPS faces challenges ensuring that contract guards
have been properly trained and certified before being deployed
to Federal facilities around the country. In our September 2013
report, we found that providing active-shooter response and
screener training is a challenge for FPS.
For example, according to guard companies, at five guard
companies, their contract guards have not received training in
how to respond during incidents involving an active shooter.
Without ensuring that all guards receive training in how to
respond to incidents at Federal facilities involving an active
shooter, FPS has limited assurance that its guards are prepared
for this threat.
Similarly, an official from one of FPS' contract guard
companies stated that 133, about 38 percent, of its 350 guards
have never received screener training. As a result, guards
deployed to Federal facilities may be using X-ray and
magnetometer equipment that they are not qualified to use,
which raises questions about their ability to screen access
control points at Federal facilities--one of their primary
responsibilities.
GAO was unable to determine the extent to which FPS' guards
have received active-shooter response and screener training in
part because FPS lacks a comprehensive and reliable system for
guard oversight. FPS agreed with GAO's 2013 recommendation that
they take steps to identify guards that have not received
training and provide it to them.
GAO also found that FPS continues to lack effective
management controls to ensure its guards have met its training
and certification requirements. For instance, although FPS
agreed with our 2012 recommendation that it develop a
comprehensive and reliable system for managing information on
guards' training, certifications, and qualifications, it does
not yet have such a system.
Second, FPS also continues to face challenges assessing
risk at Federal facilities. GAO reported in 2012 that FPS is
not assessing risk at Federal facilities in a manner consistent
with Federal standards. GAO's preliminary results from its
ongoing work on risk assessments at Federal facilities
indicates that it still is a challenge for FPS and several
other Federal facilities.
Federal standards, such as the National Infrastructure
Protection Plan's risk management framework and ISC's risk
assessment provisions, state that a risk assessment should
include threat, vulnerability, and consequence assessments.
Risk assessments help decisionmakers to identify and evaluate
security risks and implement protective measures to mitigate
that risk. Instead of conducting risk assessments, FPS is using
an interim vulnerability assessment tool, referred to as the
Modified Infrastructure Survey Tool to assess Federal
facilities until it develops a longer-term solution. However,
MIST does not assess the consequence--the level, duration, and
nature of potential loss resulting from an undesirable event.
Risk assessment experts GAO spoke with generally agreed that a
tool that does not estimate consequences does not allow an
agency to fully assess its risks. Thus, FPS has limited
knowledge of risks faced at about 9,600 Federal facilities
around the country. FPS officials stated that they did not
include consequence information in MIST because it was not part
of the original design. GAO will continue to monitor this issue
and plans to issue a report on this issue early next year.
In response to our recent reports, DHS and FPS have agreed
with the recommendations in our 2012 and 2013 reports to
improve FPS contract guard and the risk assessment processes.
Mr. Chairman, this concludes my opening statement. I will
be happy to answer questions you may have. Thank you.
Chairman Carper. Good. Thanks so much, Mr. Goldstein.
Mr. Amitay, please.
TESTIMONY OF STEPHEN D. AMITAY,\1\ EXECUTIVE DIRECTOR, NATIONAL
ASSOCIATION OF SECURITY COMPANIES
Mr. Amitay. Chairman Carper, Senator Ayotte, my name is
Stephen Amitay, and I am Executive Director for the National
Association of Security Companies. NASCO is the Nation's
largest contract security trade association whose member
companies employ more than 300,000 security officers across the
Nation servicing commercial and governmental clients, including
numerous Federal agencies. NASCO works with legislators and
officials at every level of government to put in place higher
standards and requirements for security companies and private
security officers.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Amitay appears in the Appendix on
page 221.
---------------------------------------------------------------------------
Of most relevance to today's hearing, since 2007 NASCO has
worked with Congress, FPS, and GAO on issues and legislation
related to the Federal Protective Service's Protective Security
Officer Program. It was formerly called the Contract Guard
Program. NASCO also worked with the Federal Interagency
Security Committee on its 2013 best practices for armed
security officers in Federal facilities.
Not including the military services, there are
approximately 35,000 contract security officers across the
Federal Government, and the use of contract security is a
proven, effective, and cost-efficient countermeasure to reduce
risk and mitigate threats to Federal facilities.
To further ensure security at Federal facilities, FPS and
its security contractors need to work together to address
issues and challenges with the PSO program that GAO has
identified over the past several years. At the same time,
improvements need to be made to other elements in the risk
assessment and threat mitigation process for Federal
facilities. These elements are governed by ISC standards;
however, as GSA has found out and as we learned earlier today,
often the requirements of the ISC standards are not met by
Federal facilities.
One critical element in this process is the decision to
implement specific security countermeasures for each facility.
In GSA-owned or--leased buildings, FPS is responsible for
conducting the facility security assessment and recommending
countermeasures. But, Mr. Chairman, as you noted in your
opening remarks, the decision to implement those
recommendations or, put another way, the decision to mitigate
risk or accept risk is solely up to the Facility Security
Committee, which is made up of representatives from facilities'
tenant agencies.
However, again, as GAO has found, ``tenant agency
representatives to the FSC generally do not have any security
knowledge or experience but are expected to make security
decisions for their respective agencies.'' The lack of
experienced decisionmakers on FSC is something that security
contractors have witnessed firsthand, and it calls into
question whether FSCs are making informed risk-based decisions
regarding the mitigation or acceptance of risk.
Of course, tightened budgets have also put pressure on
tenant agencies to accept more risk. In the end, though,
countermeasures deemed necessary for security should not be
rejected because of either lack of understanding or an
unwillingness to provide funding.
NASCO supports requiring training for FSC members as well
as DHS being able to challenge an FSC over noncompliance with
ISC standards or decision not to implement countermeasures.
Both these provisions were in legislation that was passed last
Congress by this Committee.
As to addressing the issues with FPS' PSO program that GAO
has identified, as well as other issues with the program, while
FPS' pace may not be as fast as GSA and security contractors
would like, nonetheless FPS' commitment to improving the PSO
program is unquestionable, and there has been substantial
progress made.
Since the appointment of Director Patterson, the degree of
dialogue and breadth of cooperation between FPS and security
contractors has been unparalleled, and currently FPS and
security contractors are working on a host of initiatives to
improve the PSO program.
To address the lack of FPS personnel resources to provide
critical PSO X-ray and magnetometer training, FPS is about to
launch a pilot program developed with NASCO that will train and
certify contractor instructors so that they can provide this
important training. FPS is also moving to increase active-
shooter training for PSOs and, wisely, they are looking at what
other Federal agencies are doing in this area as well as
seeking input from security contractors.
FPS is working with NASCO to revise and standardize the PSO
training lesson plans and is planning to require that security
contractor instructors be certified for all areas of PSO
training.
FPS is also coming out with a much needed revision of the
Security Guard Information Manual (SGIM). The SGIM governs and
instructs PSOs on how to act, and not following the SGIM is
considered a contract violation. The format of this new version
will also allow for making revisions as needed.
One area that needs further review are the instructions
related to a PSO's ability and authority to act and potential
liability for acting in extreme situations such as active
shooters. As is provided to contract security officers at some
other Federal agencies, Congress might want to consider
providing DHS with statutory authority to authorize PSOs to
make arrests on Federal property.
FPS is also working to improve PSO post orders and improve
its management of PSO training and certification data. For this
latter effort, NASCO strongly recommends that FPS explore
commercially available technologies.
In conclusion, much still needs to be done to address the
PSO program issues raised by GAO. However, FPS has come a long
way in the past decade with its contract security force. NASCO
looks forward to continuing to work with FPS and Congress to
improve the security at Federal facilities.
Thank you.
Chairman Carper. Mr. Amitay, thank you so much.
Mr. Wright, you are now recognized.
TESTIMONY OF DAVID L. WRIGHT,\1\ PRESIDENT, FEDERAL PROTECTIVE
SERVICE UNION, AMERICAN FEDERATION OF GOVERNMENT EMPLOYEES
Mr. Wright. Chairman Carper, Senator Ayotte, thank you for
the opportunity to testify at this important hearing. I am
David Wright, President of American Federation of Government
Employees (AFGE) Local 918, which represents Federal Protective
Service officers nationwide. I am also an inspector with the
FPS. We are committed to the critical homeland security mission
of securing our Nation's Federal buildings, but there are
important issues that require resolution.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Wright appears in the Appendix on
page 239.
---------------------------------------------------------------------------
Federal employees and facilities are extremely vulnerable
to attack from both criminal and terrorist threats. I want to
assure you that my fellow FPS law enforcement officers are
trained, equipped, and competent at responding to active-
shooter attacks, and I am appalled that bureaucracy and
inefficiency restricted our FPS law enforcement officers, whose
office is less than 1 mile away from the Navy Yard, from
assisting with the pursuit of the active shooter. Basically it
is because the Navy does not pay security fees to the FPS.
Congressional review of physical security at Federal
properties must be viewed in the context of the leadership
required to accomplish the FPS mission, which, to say the
least, remains unfocused, if not broken, at all levels.
Physical security plays a significant role in protection of all
occupants of Federal buildings, but the frustrating,
inefficient, and outright wasteful bureaucratic system of
implementing physical security countermeasures through a flawed
facility security assessment process and implementation by
facility security committees who have to divert their mission
funding is eye candy and not true security. Security in the
Dirksen Senate Office Building is not based on an individual
Senate office's ability to pay. Why should other major Federal
facilities be different?
The FPS inspector workforce is constantly beleaguered by
new and/or modified security assessment programs and individual
conflicting management demands throughout the assessment
process. I have lost confidence in the ability of the National
Protection Programs Directorate to resolve this wasteful
process.
I understand that the Department's Science and Technology
Directorate has offered to make the integrated rapid visual
screening tool compliant with the ISC. It was tested by both
the General Services Administration and officials at the
Federal Protective Service. I think that would be a good start
to remedying our assessment problems.
Use of private contract security guards at major Federal
facilities is a risk because they are basically limited to the
arrest powers of a citizen. The proactive law enforcement
patrol and weapons screening at this building is accomplished
by Federal police officers who have the lawful authority to
respond to active shooters. How can we demand less in Federal
buildings with thousands of occupants?
How well are the 740 or so boots-on-the-ground officers and
agents doing--providing the critical law enforcement protection
of Federal buildings overall quite well given the dynamic
mission, the headquarters staff with very little field
experience, and an inadequate field staff? How is FPS
management doing? Not so well. Can do better? Absolutely. Any
organization is in trouble when leaders are not held
accountable. A recent Office of Special Counsel (OSC) public
file disclosure reveals that a regional director violated rules
when he arranged to buy a system from his neighbor on behalf of
the government. The punishment of a 3-day suspension is the
opposite of accountability. I have been told that there are
other instances of misconduct by equal and even higher-ranking
officials.
After accountability is established, performance across the
board can improve with focused professional and ethical
management that builds on best practices in the regions. Give
our inspectors and police officers adequate staff, tools that
work, and direction on priorities, and we will make sure the
job is done.
In conclusion, the Federal employees and the public they
serve deserve the best and most effective protection we can
provide. They are not getting it now, and expeditious, sincere
action by DHS and Congress is required. Once again, I thank you
for this opportunity, and I am available for questions.
Chairman Carper. Great. Mr. Wright, thanks very much for
coming and for your service.
I am going to yield to Senator Ayotte for the first
questions of this panel. Senator Ayotte.
Senator Ayotte. Thank you very much, Mr. Chairman. I really
appreciate that.
I wanted to ask Mr. Goldstein if--particularly on the GAO
reports and what you have found, it really troubles me when we
think about that there is no comprehensive--I believe you
described it as strategy or oversight model, and then the fact
that we are not sure how many people are receiving--there is
certainly a category that are not receiving active-shooter
training and/or screener training.
From the GAO perspective what is your recommendation in
terms of from the policy perspective how we can move this as
quickly as possible to address this problem?
Mr. Goldstein. Thank you, Senator. We have been very
concerned that, with respect to both active-shooter training
and training on magnetometers, FPS has not done a good enough
job at ensuring that its contract guard workforce is able to
get that training.
One of the problems with the active-shooter training which
I think people do not understand here, though, is that it is
only a very small part of just one part of the training they
receive anyhow. They get a kind of special training of 2 hours
which covers special events of various kinds that might occur
in a building. So out of the 120 hours of training that they
receive overall, only 2 hours go to special events, and only a
fraction of that 2 hours actually covers active-shooter
training.
So I think it is important to recognize that, for all
intents and purposes, contract guards are not really getting
active-shooter training for the most part. We are concerned
that they do not have enough training in this area.
The same is true for magnetometers. When GAO did its
penetration testing of a number of Federal buildings back in
2009 and penetrated all 10 buildings that we tried to get into
in a variety of different cities with bomb-making materials, we
found at that time that guards did not have the requisite
training to be at post, and we find now several years later
that many guards still do not have that training.
Senator Ayotte. And these are the contract guards, correct?
Mr. Goldstein. Yes, ma'am.
Senator Ayotte. So let me ask Mr. Wright, with respect to
the agencies that can pay the fee, how does your training
differ? How did the training of the individuals that I
understand would work--and maybe I have this wrong, but would
work in the Federal Protective Service Union when we are
looking at this training issue, do you know how the training
differs?
Mr. Wright. As Federal law enforcement officers, we
complete our training at the Federal Law Enforcement Training
Center----
Senator Ayotte. So you would go through the same training
as any Federal law enforcement officer?
Mr. Wright. Yes.
Senator Ayotte. OK.
Mr. Wright. And there is a slight difference. We are
talking contract guards. They are stationary at their post;
whereas, our Federal Protective Service inspectors and police
officers are mobile.
Senator Ayotte. To the point of your testimony, if you were
to provide the services, for example, at the Navy Yard that the
Federal Protective Service--just so I understand, would you do
more of a roaming capacity, is what you are saying? You would
not do the person who stands--because the Capitol Police
officers here, they actually stand at the magnetometer when we
walk through, and I am just trying to understand physically
what this would look like.
Mr. Wright. Right, and I think that is the model that I
would look for, is a model that works here at the Capitol and
the Capitol buildings, that you would have Federal officers
begin their career at the magnetometer, at the X-rays before
they promote up and gain seniority and go out into the field.
Senator Ayotte. And I want to understand, are there other
agencies that, with regard to this training issue on the FPS
contracting issue, is this something that we are facing beyond
the Navy Yard? I mean, I assume that this contracting issue in
terms of the training issue goes well beyond the Navy Yard
facility. Is that true, Mr. Goldstein?
Mr. Goldstein. The work we have done here really focuses on
FPS, so I cannot comment more broadly. We have not looked at
contract guard situations and what training they maybe----
Senator Ayotte. So it would really just be focused here on
the Navy Yard.
Mr. Goldstein. Right, but we have found that the kind of
training overall that FPS gives its contract guards, is similar
to training given by DOE, by the National Aeronautics and Space
Administration (NASA), by the Pentagon Force Protection Agency,
State, Kennedy Center. So they are in line generally with the
kinds of training that you would give to a contract guard at a
Federal facility. The problem is implementing it. That is where
we seem to see the fall-off, ensuring that the guards are
actually getting that training.
Senator Ayotte. So there is basically no accountability. In
other words, we can check off the training box, but no one is
saying this person actually has done it, that we are tracking
them. I mean, basically in a law enforcement setting, you have
to do a certain amount of training that you have to complete
every year, and that is part of being in that position. That is
not happening with this?
Mr. Amitay. Well, excuse me. As Senator Coburn noted, those
are contract requirements to have your protective security
officers have the required training and certifications, and
that would be a contract violation. So, you know----
Senator Ayotte. So we are actually entering contracts where
we do not have them required to train on screening and----
Mr. Amitay. The requirements are in the contract.
Senator Ayotte [continuing]. Active shooters?
Mr. Amitay. With the X-ray and magnetometer training,
that--of the 132 hours of required training for FPS protective
security officers, the contract guards, 16 hours are provided
by FPS, 8 of which is X-ray/mag screening. And FPS' inability
for their personnel to be able to provide that training is an
issue that the GAO has noted. But that is not a matter of the
security contractors not providing the training that they are
required to provide.
Senator Ayotte. So we are not providing the training for
the security contractors, but we should be reviewing these
contracts to make sure that we are properly prioritizing what
type of agreement we are brokering in terms of the requirements
for background and training, shouldn't we?
Mr. Goldstein. Yes, there are a couple of issues. One is,
as Mr. Amitay says correctly, that the Federal Protective
Service is not providing in many cases the training that they
are obligated to provide under the contract.
Senator Ayotte. Right.
Mr. Goldstein. On the other hand, FPS is also not gaining
the assurance that it needs that the contract guard companies
themselves are providing the training that they are obligated
to provide. They are not doing enough checks on the
certifications.
Senator Ayotte. And who is watching all this? I mean, isn't
there supposed to be----
Mr. Goldstein. I guess GAO----
Senator Ayotte. But, I mean, you are watching it, but who
within the chain of command, meaning the management of this, is
making sure that it gets done?
Mr. Goldstein. Each region is supposed to go through a
process to assure themselves and do checks and do audits. Some
regions have not done it. Some regions have not done it in a
random fashion at all where they could really gain assurance.
Some have done it. When we have gone in behind them and looked
at what they have done, not only did we find our own breaches
in many cases of guards standing post without the proper
certifications and qualifications; we also found significant
disparities between our review and the review that FPS had done
as well.
Mr. Amitay. I also think some of those disparities are
disparities in the documentation per se, and I think there are
instances where the guards have received the required training,
they do have the required certifications, but there are issues
with the documentation.
For instance, with certain medical requirements, some
statements of work require a licensed physician to sign off on
those medical requirements. On others it could be a nurse
practitioner. And GAO might come in and looking at what the
current requirements are for licensed physicians and see that,
oh, this PSO was signed off by a nurse practitioner; therefore,
that is in violation.
Senator Ayotte. Well, I know my time is up, but what we are
talking about here, though, is the documentation on the
training for, I assume, the most important focus here, the
screening and active-shooter training.
Mr. Goldstein. It was a wide variety of issues. We found
not just the magnetometer and the active-shooter training, but
we found 23 percent of files we reviewed contained no
documentation for required training and certification in a
variety of areas. This could be firearms training, or drug
testing, and there was no indication that FPS had monitored
firearms qualifications in 68 of the files we reviewed. So it
is across the spectrum of the kinds of certifications guards
need.
Senator Ayotte. Well, my time is up, so I will thank you.
Chairman Carper. Thank you. Thank you for those questions.
I am going to ask two questions. The second question I am
going to ask is when--in some sense, I like to ask when we are
in a situation like this--a couple different panels, different
points of view, a broad range of perspectives from which to
testify and answer questions. I want you to each pick maybe
one--or we will say two--go back to what you have heard one
another saying in response to--well, it could just be your
testimony, your response to our questions. Think back to the
first panel, some of the things that they said, things they
said in the testimony or in response to our questions, and just
be thinking about takeaways for us on this side of the dais
that you would just like to put an exclamation point behind,
underline, and say as we go out of this room today, this
hearing room, for God's sake, keep these couple of points in
mind, these are really good takeaways. And that is my second
question, so you can be thinking about that.
The first question I have is for Mr. Goldstein, and we have
already talked about this to some extent. I am going to come
back and just revisit it very briefly. But in the past decade
or so, you have overseen, I think, 12 independent reports of
Federal facility security. You have looked at the armed guard
programs. You have collaborated with State and local law
enforcement in human capital planning. GAO has also conducted
covert testing. You have talked a little bit about some of what
is going on in Federal facilities. In other words, you actually
tried to penetrate Federal facilities to test how secure they
are, which is a little bit like what we do in the nuclear power
plant world.
Again, for the record, how would you assess Federal
facility security today? Over 30,000 feet, how would you assess
Federal facility security today, realizing this is on a time
continuum, where we focus more and more on this going back to
especially 1995 with the bombing in Oklahoma City? But how are
we doing today? Is it getting better? Is it getting worse? Have
we plateaued? Is it uneven?
Mr. Goldstein. I think it is very uneven, Mr. Chairman. I
think that, yes, there have been improvements since Oklahoma
City and since the Twin Towers, of course. We have more focus
on this area. We have more physical protections in many places.
We have more intelligence as well. But some of the basic issues
still remain unresolved, the kinds of issues that you have
brought up and that some of your witnesses have brought up this
morning. There is still inadequate attention to many of the
things that are in the forefront of what we need to do in terms
of getting into a Federal building and making sure not only
that the people who stand on the front lines of Federal
buildings are qualified to be there and can do the service that
they are being paid to do, that taxpayers are paying them for;
but more broadly that we are wisely using government resources
in this area.
Because we have not effectively adapted a risk management
process to the Federal portfolio, virtually every building that
is at a Level 3 or a Level 4 security risk is treated in the
same fashion, and we do not prioritize across that portfolio in
an effective way to make sure that we are effectively spending
government resources. So I think we still have a long way to
go, sir.
Chairman Carper. All right. A followup question. If you
maybe had to pick the next thing that the Federal Protective
Service ought to be doing in order to further improve Federal
facility security as expeditiously as possible--and I do not
know if that is a fair question, but take a shot at it.
Mr. Goldstein. Sure. I mean, we have talked a lot this
morning about the two fundamental issues in our last report on
risk assessments and on contract guards. And while they are
moving slowly, I think they are trying to move in the right
direction in both of those areas.
I think the area that still bedevils the security community
here and has come up a couple times is this three-legged stool
between GSA, the facility Security Committees, and FPS, in
trying to figure out the best way to get security at Federal
buildings. Should there really be a very significant role for
individual agencies within a specific building for people who
do not have a lot of security background? Should they really be
making decisions about the government's buildings?
I do think while the ISC has developed standards to try and
improve the level and effectiveness of the Facility Security
Committees, that is an area that I think they still need to
spend a lot more time in trying to figure out--is that really
the best way that we can protect Federal buildings.
Chairman Carper. OK. Good. Thank you very much.
All right. Mr. Wright, I am going to ask you to respond to
my first question. Again, a point or two that you would really
like to say, for God's sake, if you forget everything else that
you heard in this hearing, do not forget this. And there is
probably more than a few things that we ought to keep in mind,
and we will, but just one or two if you would.
Mr. Wright. If you will indulge, the focus of this hearing
was the Navy Yard tragedy, so just very clearly, right off the
bat, in regards to active shooter, look at our jurisdiction and
authority. Our guys responded to the Navy Yard. We were less
than 2 minutes away, and we had people at the Department of
Transportation facility right across the street ready to
activate and use their training and equipment, and we were held
back. So that is just real, low-level stuff.
I need you to demand accountability. This Committee, as
referred to by Mr. Goldstein, in 2009 after they penetrated 10
of our buildings, our FPS Director sat here and committed to
this Committee that he would fix the National Weapons Detection
Training Program. To this day, that program is not complete.
Chairman Carper. Are we making any progress?
Mr. Wright. Uneven. It is scattered across the Nation. I
think one of the big problems with FPS is you finally have a
vision or at least somewhat of a vision at headquarters, and I
guarantee you, once that vision leaves headquarters, it goes
down to 11 different regions, I think three, four, five
different Senior Executive Service (SES) officials, and the
message gets lost, thereby once again reducing any semblance of
accountability. We have 11 different regions and 11 different
ways of doing business regardless of what our headquarters
says.
Chairman Carper. OK. Thank you. Mr. Amitay.
Mr. Amitay. Yes, thank you. Going off what David just said,
it is true that there is a vision now at headquarters. Part of
that vision is to standardize the training, to increase the
training, and the lines of communications with the regions do
need to be improved. And that has always been a problem,
though, with FPS, is the fact that it has had to deal with 11
different regions.
I think, though, you will see at FPS--David also mentioned
the National Weapons Detection Training Program, which is
basically the X-ray and magnetometer training for PSOs. That is
a new program that will require 16 hours of initial training
and then 8 hours of annual refresher training. Compare that to
the current requirement of 8 hours of initial training, and
then, essentially 8 hours that is combined with 40 hours of
refresher training every 3 years. That is a positive
development. The delivery of this training, though, that has
been a problem, and it has been slow getting it out. And I
think FPS realizes that the stretched-thin FPS inspectors
really should not be doing training. That should not be their
mission. And they are starting to turn this over to the--they
want to turn it over to certified contract security
instructors, and we think that is a great idea. That will allow
for more cost-efficient and faster training.
Also, in active-shooter training, definitely FPS needs to
be doing more with that. I mean, other agencies are well ahead
of FPS in terms of training their contract security officers to
respond to active-shooter incidents. I have talked with several
contractors, and they basically say that with those
instructions and post orders, there really is some confusion
for PSOs as to what they can do in an active-shooter situation.
I mean obviously, as the instructions do say, when you are
faced with an active shooter and the loss of life, you can
engage them. But, are they able to be more aggressive in terms
of maybe detecting an active shooter? If a person comes in, is
being really suspicious, can they kind of get into the guy's
face and see what he is doing?
I have been told that at DOE the active-shooter policy for
their contract security officers is basically do not let the
threat continue, period.
But I think FPS is working to improve the training, to
bring it up to a higher quality. They are working also, as Mark
said, to try to better monitor their certification and training
records, and, Mark, stay on them with that, because we do think
that there is technology out there. I sometimes cringe when
they say, well, we are working with the Science and Technology
Directorate to basically try to come up with a data management
system, something that, as Mr. Coburn pointed out, the
contractors must have and already do have. And so there should
be greater integration in terms of a comprehensive data
management system, so the FPS and contractors can know and GAO
can know who exactly does have the required training and
certifications.
Chairman Carper. All right. Thank you.
Mr. Goldstein, the last word.
Mr. Goldstein. Thank you, Mr. Chairman. One quick
clarification for Dr. Coburn's benefit. Regarding GAO's
recommendations, there have been 26 between 2010 and 2013. By
our records, only four are in process, and have only been in
process for about 3 or 4 weeks when we received them, meaning
that there are 22 still open. We will provide your staff with
the exact information behind all those.
Chairman Carper. Thank you. That is very interesting. Thank
you for that clarification.
Mr. Goldstein. Yes, sir.
Just three brief points that have not been brought up too
much this morning which I think are very relevant.
The first, as Mr. Amitay has said, I think it is important
that there be better clarity in terms of contractors'
liabilities. We have interviewed dozens and dozens of contract
guards over the last decade, all of whom have felt that they do
not have clarity on what their roles and responsibilities are
and when they can use force and when they cannot use force. And
most have told us over the years that their companies have all
but said, ``Don't you ever pull out your gun. Don't you ever do
anything with it.'' So there is a lot of lack of clarity in
this area.
The second is the role of the inspector at the Federal
Protective Service. It would be great if they were able, as Mr.
Wright has said, to roam around more, to do more things, to be
able to assure the security of the buildings they are
responsible for. But in many cases, they are locked at their
desks. They are doing other work. They are involved in getting
contracts out the door. They are often still contract officers.
The level of things that they are responsible for really
precludes them in many instances from actually being out and
about and being the eyes and the ears and taking care of the
police function that they really have. So that would be the
second.
And then the third, finally, is I do not believe there
really is much coordination at all based on the work we have
done in the past with local and State police jurisdictions, so
that when tragedy does strike that the Federal Protective
Service has worked out in any kind of detail with local police
jurisdictions exactly what kind of focus, what kind of
approach, what kind of countermeasures they can take in the
event of a tragedy. So more work needs to be done in that area
as well.
Thank you, sir.
Chairman Carper. Thank you. Thank you all for being here.
Thank you for what you do with your lives. Thank you for your
preparation for this hearing and for your responses to our
questions.
Mr. Goldstein, a special thanks to everyone at GAO for the
continued good work that you do.
Mr. Goldstein. Thank you, sir.
Chairman Carper. I do not have time--the weekly caucus
lunch has begun, and I am late. So I am going to wrap it up
here. If we had more time, one of the things I would get into
is the issue of turnover among these contract officers. I do
not think we really spent much time on that. I would just say
as a closing thought, when I was Governor of Delaware, we had a
real problem in the area of information technology, training
folks to work in that area for us as a State employee,
developing their skills and getting hired away by someone who
would pay them a lot more money. And the Governor who succeeded
me was smart enough to realize that we ought to pay and change
up the way we rewarded and incentivized folks to work for the
State of Delaware in that arena.
We have a similar problem actually here in the Federal
Government. If you look at the skill sets and the compensation
packages and the way we attract and retain skilled folks in the
cyber world, in the Department of Homeland Security as
compared, say, to the National Security Agency, there is a
difference. And Dr. Coburn and I and our staffs and our
colleagues are working on a way to reduce that disparity so
that DHS will not just hire people to work in cybersecurity and
see them trained and then hired away by others. We are going to
work on that, and it would be interesting to know what we lose.
Their training is so important here. That is one of the things
we keep coming back to--the quality of the training, not just
original training but refresher training, and the quality of
that training.
The thought that is in the back of my mind is what is going
on with turnover. My guess is there is a fair amount of that in
these jobs, and so a lot of training that is done might not
inure to the benefit of the Federal taxpayers, but to those who
ultimately these contract officers go to work for.
If I had more time, I would ask each of you to respond to
that, but if you would just raise your hands, and just by
raising your hands, is that a problem? Is that a concern that
we should have? OK. Thanks very much.
All right. I would just say in closing that the hearing
record will remain open for the next 17 months---- [Laughter.]
Chairman Carper. All right, 17 days, until January 3 at 5
p.m. for the submission of statements and questions for the
record. I am sure you will get some, and we would appreciate
your responding to those.
Again, thank you very much for being here with us today.
Our best wishes to you and your families in this holiday
season. Thanks very much.
[Whereupon, at 12:57 p.m., the Committee was adjourned.]
A P P E N D I X
----------
[GRAPHIC] [TIFF OMITTED]
�