[House Hearing, 107 Congress]
[From the U.S. Government Publishing Office]




 ENSURING THE SAFETY OF OUR FEDERAL WORKFORCE: GSA'S USE OF TECHNOLOGY 
                      TO SECURE FEDERAL BUILDINGS

=======================================================================

                                HEARING

                               before the

           SUBCOMMITTEE ON TECHNOLOGY AND PROCUREMENT POLICY

                                 of the

                              COMMITTEE ON
                           GOVERNMENT REFORM

                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED SEVENTH CONGRESS

                             SECOND SESSION

                               __________

                             APRIL 25, 2002

                               __________

                           Serial No. 107-180

                               __________

       Printed for the use of the Committee on Government Reform


  Available via the World Wide Web: http://www.gpo.gov/congress/house
                      http://www.house.gov/reform


                                 ______

85-838              U.S. GOVERNMENT PRINTING OFFICE
                            WASHINGTON : 2003
____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpr.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001

                     COMMITTEE ON GOVERNMENT REFORM

                     DAN BURTON, Indiana, Chairman
BENJAMIN A. GILMAN, New York         HENRY A. WAXMAN, California
CONSTANCE A. MORELLA, Maryland       TOM LANTOS, California
CHRISTOPHER SHAYS, Connecticut       MAJOR R. OWENS, New York
ILEANA ROS-LEHTINEN, Florida         EDOLPHUS TOWNS, New York
JOHN M. McHUGH, New York             PAUL E. KANJORSKI, Pennsylvania
STEPHEN HORN, California             PATSY T. MINK, Hawaii
JOHN L. MICA, Florida                CAROLYN B. MALONEY, New York
THOMAS M. DAVIS, Virginia            ELEANOR HOLMES NORTON, Washington, 
MARK E. SOUDER, Indiana                  DC
STEVEN C. LaTOURETTE, Ohio           ELIJAH E. CUMMINGS, Maryland
BOB BARR, Georgia                    DENNIS J. KUCINICH, Ohio
DAN MILLER, Florida                  ROD R. BLAGOJEVICH, Illinois
DOUG OSE, California                 DANNY K. DAVIS, Illinois
RON LEWIS, Kentucky                  JOHN F. TIERNEY, Massachusetts
JO ANN DAVIS, Virginia               JIM TURNER, Texas
TODD RUSSELL PLATTS, Pennsylvania    THOMAS H. ALLEN, Maine
DAVE WELDON, Florida                 JANICE D. SCHAKOWSKY, Illinois
CHRIS CANNON, Utah                   WM. LACY CLAY, Missouri
ADAM H. PUTNAM, Florida              DIANE E. WATSON, California
C.L. ``BUTCH'' OTTER, Idaho          STEPHEN F. LYNCH, Massachusetts
EDWARD L. SCHROCK, Virginia                      ------
JOHN J. DUNCAN, Jr., Tennessee       BERNARD SANDERS, Vermont 
------ ------                            (Independent)


                      Kevin Binger, Staff Director
                 Daniel R. Moll, Deputy Staff Director
                     James C. Wilson, Chief Counsel
                     Robert A. Briggs, Chief Clerk
                 Phil Schiliro, Minority Staff Director

           Subcommittee on Technology and Procurement Policy

                  THOMAS M. DAVIS, Virginia, Chairman
JO ANN DAVIS, Virginia               JIM TURNER, Texas
STEPHEN HORN, California             PAUL E. KANJORSKI, Pennsylvania
DOUG OSE, California                 PATSY T. MINK, Hawaii
EDWARD L. SCHROCK, Virginia

                               Ex Officio

DAN BURTON, Indiana                  HENRY A. WAXMAN, California
                    Melissa Wojciak, Staff Director
              Victoria Proctor, Professional Staff Member
                           Teddy Kidd, Clerk
          Mark Stephenson, Minority Professional Staff Member


                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on April 25, 2002...................................     1
Statement of:
    Rhodes, Keith A., Chief Technologist, U.S. General Accounting 
      Office; F. Joseph Moravec, Commissioner, Public Buildings 
      Service, U.S. General Services Administration; Wendell 
      Shingler, Director, Federal Protective Service, U.S. 
      General Services Administration; John N. Jester, Chief, 
      Defense Protective Service, Department of Defense; Frank R. 
      Abram, general manager, Security Systems Group, Panasonic 
      Digital Communications & Security Co.; and Roy N. Bordes, 
      president/CEO, the Bordes Groups, Inc., and council vice 
      president, American Society for Industrial Security........     5
Letters, statements, etc., submitted for the record by:
    Abram, Frank R., general manager, Security Systems Group, 
      Panasonic Digital Communications & Security Co., prepared 
      statement of...............................................    56
    Bordes, Roy N., president/CEO, the Bordes Groups, Inc., and 
      council vice president, American Society for Industrial 
      Security, prepared statement of............................    69
    Davis, Hon. Thomas M., a Representative in Congress from the 
      State of Virginia, prepared statement of...................     3
    Jester, John N., Chief, Defense Protective Service, 
      Department of Defense, prepared statement of...............    50
    Moravec, F. Joseph, Commissioner, Public Buildings Service, 
      U.S. General Services Administration, prepared statement of    37
    Rhodes, Keith A., Chief Technologist, U.S. General Accounting 
      Office, prepared statement of..............................     9

 
 ENSURING THE SAFETY OF OUR FEDERAL WORKFORCE: GSA'S USE OF TECHNOLOGY 
                      TO SECURE FEDERAL BUILDINGS

                              ----------                              


                        THURSDAY, APRIL 25, 2002

                  House of Representatives,
 Subcommittee on Technology and Procurement Policy,
                            Committee on Government Reform,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 2 p.m., in 
room 2154, Rayburn House Office Building, Hon. Thomas M. Davis 
(chairman of the subcommittee) presiding.
    Present: Representatives Thomas Davis, Jo Ann Davis and 
Turner.
    Staff present: George Rogers, Chip Nottingham, and Uyen 
Dinh, counsels; Victoria Proctor, professional staff member; 
John Brosnan, consultant; Teddy Kidd, clerk; Mark Stephenson, 
minority professional staff member; and Jean Gosa, minority 
assistant clerk.
    Mr. Tom Davis of Virginia. We are going to be voting in 
about 5 or 10 minutes, so I want to try and get the opening 
statements out of the way so when we come back we can hear from 
you. I apologize for that. I think once we start the hearing it 
will go pretty quickly, but at least let's get the politicians 
out of it so we can get to the experts.
    Good afternoon. I would like to welcome everybody to 
today's oversight hearing on the General Services 
Administration's efforts to secure Federal buildings that it 
owns and leases. We will discuss the advantages and 
disadvantages of using commercially available security 
technologies in Federal facilities and the potential concerns 
that may arise from their implementation.
    GSA acts as the Federal Government's property manager and 
is responsible for ensuring the safety and security of the 
Federal buildings it owns and leases. After the Oklahoma City 
bombings in 1995, GSA began a multi-million-dollar program to 
upgrade the security of its buildings using the criteria in the 
Justice Department's report titled ``Vulnerability Assessment 
of Federal Facilities.'' This was the first time that 
governmentwide security standards were established for public 
buildings.
    The terrorist attacks of September 11th have led to a 
renewed assessment of the vulnerability of Federal buildings 
and focus on a new array of security threats. The acquisition 
of technological upgrades and new technologies are part of the 
broader effort to combat these threats. And the effective use 
of these technologies will be critical to our success.
    Today, we are going to examine what role technology plays 
in the security initiatives that GSA is currently implementing 
in order to protect Federal buildings and the employees who 
work in them. We will also try to ascertain what barriers may 
exist in obtaining and implementing the most appropriate and 
effective technologies.
    Since September 11th, life is returning to normal for most 
Americans. However, for Federal employees, the effects of the 
attacks are ever present since Federal buildings remain at a 
heightened state of alert. In fact, each time there has been a 
terrorist attack on the United States over the last several 
years, we have seen a visible security increase in and around 
Federal buildings. Barricades, metal detectors, car searches, 
ID checks and security cameras have become familiar sights for 
the average Federal employee.
    These new and upgraded security products and services are 
used to protect employees and visitors, restrict access or 
detect intruders in Federal facilities. However, their 
implementation raises a number of concerns. We need to ensure 
that Federal agencies can achieve a secure work environment 
while still maintaining an atmosphere of openness.
    Furthermore, can advances in technology offer increased 
security with limited intrusiveness and inconvenience to 
employees and visitors? For instance, at the Capitol complex, 
there are elaborate procedures in place to examine packages 
sent to congressional offices. We reject courier deliveries for 
safety reasons. Overnight deliveries become over-a-week 
deliveries. Obviously, this poses an inconvenience to both 
recipient and sender. Not just an inconvenience, it is a very 
inefficient way of doing things. It even affected one of our 
witnesses testifying today. GSA must grapple with these same 
concerns.
    Additionally, Federal agencies have spent significant sums 
of money improving security measures, particularly in the wake 
of September 11th. Since the price for a single type of 
technology can vary widely, agencies must balance costs against 
the quality of proven security products and services.
    There is no question that the Federal Government is capable 
of providing security. We know we can use brute force to keep 
people and packages out of buildings. We did it immediately 
after September 11th. But our real objective should be the 
utilization of visible and discreet technologies to provide 
adequate security, thus allowing the government to work 
effectively and efficiently with minimal disruption, 
inconvenience and invasiveness.
    I understand the sensitive nature of this issue for 
security professionals. Therefore, I appreciate your 
willingness and the willingness of our witnesses to testify 
before our subcommittee today.
    [The prepared statement of Hon. Thomas M. Davis follows:]

    [GRAPHIC] [TIFF OMITTED] T5838.001
    
    [GRAPHIC] [TIFF OMITTED] T5838.002
    
    Mr. Tom Davis of Virginia. The subcommittee is going to 
hear from Keith Rhodes, the Chief Technologist at the General 
Accounting Office; F. Joseph Moravec, the Commissioner of 
Public Buildings Service from the General Services 
Administration; GSA supporting witness Wendell Shingler, 
Director of the Federal Protective Service; John N. Jester, 
Chief of Defense Protective Services, Department of Defense; 
Frank R. Abram, the general manager of the Security System 
Group; and Roy N. Bordes, the president and CEO of the Bordes 
Group and council vice president of the American Society for 
Industrial Security.
    I ask unanimous consent they be permitted to participate in 
today's hearing. Without objection, it will be so ordered.
    Representative Turner has not arrived here yet, and I will 
interrupt statements when at he comes so he can make a 
statement. But I would like to call our panel of witnesses.
    As you know, it is the policy of our committee that all 
witnesses be sworn before they can testify. If you would rise 
with me and raise your right hand.
    [Witnesses sworn.]
    Mr. Tom Davis of Virginia. Be seated.
    To afford sufficient time for questions, the witnesses will 
please limit themselves to no more than 5 minutes for any 
statement. All written statements from witnesses will be made 
part of the permanent record.
    I think I would like to start with Mr. Rhodes and then move 
straight down to Mr. Moravec, Mr. Jester, Mr. Abram, Mr. 
Bordes. Thank you for being with us.

STATEMENTS OF KEITH A. RHODES, CHIEF TECHNOLOGIST, U.S. GENERAL 
  ACCOUNTING OFFICE; F. JOSEPH MORAVEC, COMMISSIONER, PUBLIC 
   BUILDINGS SERVICE, U.S. GENERAL SERVICES ADMINISTRATION; 
 WENDELL SHINGLER, DIRECTOR, FEDERAL PROTECTIVE SERVICE, U.S. 
GENERAL SERVICES ADMINISTRATION; JOHN N. JESTER, CHIEF, DEFENSE 
  PROTECTIVE SERVICE, DEPARTMENT OF DEFENSE; FRANK R. ABRAM, 
  GENERAL MANAGER, SECURITY SYSTEMS GROUP, PANASONIC DIGITAL 
  COMMUNICATIONS & SECURITY CO.; AND ROY N. BORDES, PRESIDENT/
   CEO, THE BORDES GROUPS, INC., AND COUNCIL VICE PRESIDENT, 
            AMERICAN SOCIETY FOR INDUSTRIAL SECURITY

    Mr. Rhodes. Mr. Chairman and members of the subcommittee, 
thank you for inviting me to participate in today's hearing on 
security technology to protect Federal facilities.
    As you stated, the terrorist attacks of September 11th on 
the World Trade Center and the Pentagon have intensified 
concerns about the physical security of our Federal buildings 
and the need to protect those who work in and visit these 
facilities. These concerns have been underscored by reports of 
long-standing vulnerabilities, including weak controls over 
building access.
    As you requested, today I will discuss commercially 
available security technologies that can be deployed to protect 
these facilities, ranging from turnstiles to smart cards to 
biometric systems. While many of these technologies can provide 
highly effective technical controls, the overall security of a 
Federal building will hinge on establishing robust risk 
management processes and implementing the three integral 
concepts of a holistic security process: protection, detection 
and reaction.
    The 1995 domestic terrorist bombing of the Alfred P. Murrah 
Federal Building in Oklahoma City, Oklahoma, led to the 
establishment of governmentwide minimum standards for security 
at all Federal facilities. Among the minimum standards for 
buildings of a higher risk level are security technologies 
including closed circuit television surveillance cameras, 
intrusion detection systems with central monitoring capability 
and metal detectors and x-ray machines to screen people and 
their belongings at entrances to Federal buildings.
    While minimum standards are necessary, no one should assume 
a false sense of security. Security is not perfect, as 
evidenced by testing. The GAO's Office of Special 
Investigations has done, in ongoing requests from Congress, 
testing the effectiveness of security at Federal buildings.
    The key here is risk management. Risk management is the 
foundation of effective security. In risk management, there are 
basically five seemingly simple questions that are rather 
complex to answer.
    First question is, what am I protecting? That is, what is 
the asset I am protecting and how am I valuing it? What would 
the impact be of its loss? Who are my adversaries? I have to 
figure out who my opponent is, do I have an adversary, does 
that adversary have the ability to attack me, and does the 
adversary have the intent to attack me. How am I vulnerable?
    This is where GAO's Office of Special Investigations work 
comes in, from our standpoint, in that we go out and test the 
security of Federal facilities to see how they are vulnerable.
    What are my priorities? Priorities are what do I want to 
protect first, second, third and last; and what can I do is 
actually a two-step question. The first part of the question of 
what I can do is, what are the countermeasures I can put in 
place to protect the environment? The second is, what can I 
afford to do?
    All of these questions have to be set up in a structure of 
protection, detection and reaction. Protection is the actual 
physical protection of the facility, talking about turnstiles 
and guards and Jersey barriers and things like that as well as 
access control. Detection is, once those systems have been 
breached, how do I know that they have been breached? What is 
going to let me know that something has gotten through the 
system without authorization? And reaction is, how is the 
organization established and how is security established in 
order to react to breach of security?
    One point I would like to make is that reaction--if 
reaction does not culminate in the use of a guard or a human 
being, the reaction has been proven to be ineffective. If 
people here fire an alarm but the fire department doesn't show 
up, that is ineffective reaction. Likewise, if someone breaks 
into a building or tries to break into a building and guards do 
not respond, that is also ineffective reaction.
    In looking at the technology itself, technology breaks down 
into three basic areas: access control, detection and intrusion 
detection. Detection in this case is detection of weapons or 
explosives or contraband of some kind.
    In the area of access control, there are biometrics. 
Biometrics are items that belong--that are on a human being 
himself or herself--a fingerprint, hand geometry, scan of the 
retina or a scan of the iris, facial recognition, trying to 
figure out the facial geometry, speaker recognition, voice 
pattern recognition or signature recognition. These are 
considered things--because they are biometric, these are things 
that someone cannot lose. They always have them with them.
    The second step in access control is an access card. First 
part of that is a magnetic swipe using something that looks 
like a credit card with a magnetic strip on it. You run it 
through a mag swipe reader and grants you access. Usually, that 
is associated with the application of a four-digit personal ID 
number.
    There are also proximity cards which have a little wireless 
communication in it. You get near the proximity reader and the 
reader will either grant you access or not.
    Then, finally, there are smart cards. Smart cards have 
embedded integrated circuits, actual computer chips in them 
that contains a wide range of information associated about the 
individual--access level. It will also give people particular 
access to rooms.
    Associated with access control, there is usually a key pad 
entry system which looks like a digital phone face, usually has 
ten numbers or nine numbers on it and a send key. You put in 
your four-digit personal identification number or however long 
the ID number is and hit enter and then a door may open.
    However, these biometric devices do need to be associated 
with an access barrier. It is not any good if I can walk by a 
proximity reader and just keep walking. There has to be 
something to stop me from getting in. These are usually 
turnstiles or can be revolving doors.
    Next area is detection. This is what most people end up 
going through at airports. You come in and you walk through a 
magnatometer, a metal detector. Metal detector will find out if 
you have any metal on you. If you have metal on you that 
reaches a certain threshold set by the turnstile or by the 
magnatometer, then they will order a secondary check.
    X-ray machines, this is probably familiar to everyone at 
airports. Also when your bag passes through an x-ray machine so 
they can look either for weapons or they can look for 
explosives or they can look for sharp objects in your bag.
    Finally, there are explosive detectors. Sometimes when I 
have gone to the airport, for example, and gone on an overnight 
trip somewhere, they have taken my bag and you will see 
sometimes they will wipe a swab on the strap of the bag and run 
into a system that checks for evidence of explosive material.
    Then, finally, there is intrusion detection, which focuses 
mainly on closed circuit television or intrusion sensors that 
track motion.
    All of these technologies are available today. Some are 
varying quality. Some, as you pointed out, Mr. Davis, can be 
extremely expensive. But no one of the technologies is going to 
solve all the access control problems or security problems, and 
technology alone is not going to be the only thing that we can 
apply to secure a facility. We have to have human beings in the 
loop who can respond. All of these must work together.
    Some of the limitations of the technology are, of course, 
technology can't compensate for human failure or ineffective 
security processes. Training of security personnel is vital. 
The training of the personnel is vital, and the retention of 
the personnel is vital.
    Very often, the government ends up being the great training 
ground for other organizations. We train security personnel in 
the military and we train security personnel through GSA or 
other government organizations only to lose them to either 
other departments and agencies in the government or we lose 
them to the private sector.
    Technology can also be overestimated. There has to be a 
healthy ``buyer beware'' in terms of the viability of the 
technology. But this is also two-way. Technology bought without 
an understanding of a department or agency's requirements for 
security is not the vendor's fault. If the department or agency 
hasn't laid out their requirements properly and they have just 
gone and bought technology when they saw what they considered 
to be an ill-defined problem, then it is not the vendor's fault 
that the technology does not work. Likewise, if they do 
establish good requirements and they haven't tested the 
equipment properly, that is also a problem.
    Sometimes a nontechnical solution may be best. Sometimes 
dogs can sniff out bombs better than technology.
    Lack of standards also impedes system integration. A lot of 
these devices are built by different companies, and therefore 
it's difficult to integrate the information together into a 
single system.
    And, as you pointed out, there are concerns by the user 
population about the personal intrusion on their privacy in the 
use of this technology. For example, just as a side comment 
before I close, fingerprint technology, even though it's 
probably the most robust biometric device is resisted by the 
majority of the population because it's association with law 
enforcement fingerprinting. So there are nonobvious resistance 
indicators to the technology.
    To close, I would just point out that there are a myriad of 
technologies available. However, if these technologies are--if 
the requirements for security are not clearly understood by the 
department or agency, then the benefits of the technology are 
overcome.
    Thank you very much, and I await any questions from the 
committee.
    Mr. Tom Davis of Virginia. Thank you very much.
    [The prepared statement of Mr. Rhodes follows:]

    [GRAPHIC] [TIFF OMITTED] T5838.003
    
    [GRAPHIC] [TIFF OMITTED] T5838.004
    
    [GRAPHIC] [TIFF OMITTED] T5838.005
    
    [GRAPHIC] [TIFF OMITTED] T5838.006
    
    [GRAPHIC] [TIFF OMITTED] T5838.007
    
    [GRAPHIC] [TIFF OMITTED] T5838.008
    
    [GRAPHIC] [TIFF OMITTED] T5838.009
    
    [GRAPHIC] [TIFF OMITTED] T5838.010
    
    [GRAPHIC] [TIFF OMITTED] T5838.011
    
    [GRAPHIC] [TIFF OMITTED] T5838.012
    
    [GRAPHIC] [TIFF OMITTED] T5838.013
    
    [GRAPHIC] [TIFF OMITTED] T5838.014
    
    [GRAPHIC] [TIFF OMITTED] T5838.015
    
    [GRAPHIC] [TIFF OMITTED] T5838.016
    
    [GRAPHIC] [TIFF OMITTED] T5838.017
    
    [GRAPHIC] [TIFF OMITTED] T5838.018
    
    [GRAPHIC] [TIFF OMITTED] T5838.019
    
    [GRAPHIC] [TIFF OMITTED] T5838.020
    
    [GRAPHIC] [TIFF OMITTED] T5838.021
    
    [GRAPHIC] [TIFF OMITTED] T5838.022
    
    [GRAPHIC] [TIFF OMITTED] T5838.023
    
    [GRAPHIC] [TIFF OMITTED] T5838.024
    
    [GRAPHIC] [TIFF OMITTED] T5838.025
    
    [GRAPHIC] [TIFF OMITTED] T5838.026
    
    [GRAPHIC] [TIFF OMITTED] T5838.027
    
    [GRAPHIC] [TIFF OMITTED] T5838.028
    
    Mr. Tom Davis of Virginia. Our mystery as to where Mr. 
Turner is has been solved. He has been on the floor arguing an 
amendment. So he has an excused absence until he gets here.
    Mr. Moravec.
    Mr. Moravec. Good afternoon, Mr. Chairman, and members of 
the subcommittee.
    I am Joe Moravec, Commissioner of the Public Buildings 
Service [PBS] at the General Services Administration [GSA]. I 
am pleased to appear before you today to provide information on 
GSA's program to secure Federal buildings that it owns or 
leases with a focus on the technologies necessary to achieve 
GSA's security objectives.
    The mission of GSA's Public Buildings Service is to provide 
a superior workplace for the Federal worker and, at the same 
time, superior value for the American taxpayer. We design, 
build, and manage about 340 million square feet of work space 
for over a million Federal associates in about 8,000 buildings 
in 1,600 American communities across the country.
    PBS's Federal Protective Service [FPS] provides security 
and law enforcement services for all of the buildings we own 
and lease. Our security philosophy is based on the premise that 
each facility presents a unique set of security and safety 
challenges. The mission of the Federal Protective Service is to 
enable Federal agencies and members of the public to conduct 
their business in a safe and secure environment.
    FPS is comprised of Police Officers, Criminal 
Investigators, Physical Security Specialists and Contract 
Guards. We work collaboratively with Federal customers across 
the Nation to ensure that effective security procedures are in 
place for the safety of all occupants in and visitors to GSA-
controlled facilities. We work to identify and reduce the 
threat to Federal property through the application of a program 
that employs law enforcement, criminal intelligence gathering 
and sophisticated countermeasures.
    I prepared detailed answers to each of the questions to 
your letter of invitation, and I would like to submit them for 
the record. Let me summarize the theme of the responses.
    Since September 11th, our security needs and response to 
threats have changed. Prior to September 11th, our greatest 
threat was perceived to be a vehicular bomb that could result, 
as in the case of Oklahoma City, in the total collapse of a 
building. September 11th made us realize that the universe of 
threats we face has expanded and the mentality of those who 
wish to do us harm is even more dangerous than we'd imagined. 
We now must be prepared not only for truck bombs but also for 
chemical and biological weapons and weapons of mass destruction 
delivered by individuals who have no regard for human lives, 
including their own.
    In response to this, we have enhanced a number of efforts 
to protect our properties and the people housed in them. First, 
foreknowledge--knowledge of an imminent threat--is the best 
security measure. We are now working with the FBI, CIA and 
State and local law enforcement agencies in sharing of 
intelligence information that enables us to better assess the 
credibility of threats.
    We have expanded our training and physical security, 
ensuring that our security professionals are trained and kept 
current in the latest technologies and have access to the 
necessary intelligence information needed to develop specific 
countermeasures tailored to each facility. Each facility in the 
tenant agency operation is analyzed individually. 
Countermeasures are now building specific.
    We have also increased our ability to assess the 
effectiveness of a range of countermeasures that include 
building design modifications, site modifications, increased 
guard services and new technologies. Our threat assessment 
methodology for each building enables us to create a set of 
countermeasures designed to reduce the threat at that building.
    We also have increased our outreach to our Federal agency 
customers and to our GSA associates. They are our eyes and ears 
in the counterterrorism campaign. We conduct awareness 
briefings, have distributed pamphlets on keeping our building 
safe and on how to respond to suspicious acts. Our customers 
and associates have become vital and vocal members of each 
Building Security Committee.
    Finally, we know that processes and technologies are only 
as good as the people who follow or use them. We must maintain 
a well-trained and experienced law enforcement work force. We 
are exploring legislative and administrative options to help 
ensure we will continue to have a well-trained and stable work 
force capable of providing the necessary level of security 
needed to protect our facilities.
    Our goal is the safety and security for everyone in GSA-
controlled space. We can only accomplish this goal through the 
use of technology, deployment of trained law enforcement 
professionals and contract guards, partnering with our fellow 
Federal, State and local law enforcement agencies and, perhaps 
most importantly, by encouraging all our associates to move to 
a higher sustainable level of alert, awareness and vigilance. 
Combining all of these will ensure that we can achieve a proper 
balance of openness and security in Federal facilities across 
the Nation.
    This concludes my prepared statement, Mr. Chairman. I have 
attached my statement and answers to issues raised by the 
subcommittee. I will be pleased to answer any questions that 
you or other members of the subcommittee may have on this 
matter.
    [The prepared statement of Mr. Moravec follows:]

    [GRAPHIC] [TIFF OMITTED] T5838.029
    
    [GRAPHIC] [TIFF OMITTED] T5838.030
    
    [GRAPHIC] [TIFF OMITTED] T5838.031
    
    [GRAPHIC] [TIFF OMITTED] T5838.032
    
    [GRAPHIC] [TIFF OMITTED] T5838.033
    
    [GRAPHIC] [TIFF OMITTED] T5838.034
    
    [GRAPHIC] [TIFF OMITTED] T5838.035
    
    [GRAPHIC] [TIFF OMITTED] T5838.036
    
    [GRAPHIC] [TIFF OMITTED] T5838.037
    
    [GRAPHIC] [TIFF OMITTED] T5838.038
    
    [GRAPHIC] [TIFF OMITTED] T5838.039
    
    [GRAPHIC] [TIFF OMITTED] T5838.040
    
    Mr. Tom Davis of Virginia. I think we will continue and 
probably can get a couple more testimonies before we go over to 
vote.
    Mr. Jester.
    Mr. Jester. Thank you, Mr. Chairman. Thank you for this 
opportunity to report to you on the Department of Defense's 
efforts to secure its federally owned and leased office 
buildings.
    As the Chief of the Defense Protective Service, I manage an 
organization responsible for providing force protection, 
security and law enforcement for the employees, facilities, 
infrastructure and other sources at the Pentagon and other DOD-
occupied buildings in the national capital region.
    Although there are considerable challenges, I am pleased to 
report that we have made tremendous progress before and after 
the September 11th terrorist attacks. Moving beyond traditional 
guard forces and electronic alarm systems, we are executing a 
comprehensive force protection program that will provide 
enhanced protection for DOD employees, property and operations 
occupying leased and owned facilities. Leased facilities do 
present unique challenges for security. However, we are making 
every effort to ensure the safety and security of DOD agencies 
in leased buildings.
    In addition to the basic technologies that have been used 
to control access and detect explosives, we are beginning to 
use existing and new technology in several areas, notably in 
our chemical, biological and radiological program.
    While technology is providing many tools to augment our 
security forces, we have not forgotten security principles such 
an emergency planning, exercises and drills and work force 
awareness. These basic measures were critical components in our 
response to the terrorist attack at the Pentagon.
    I prepared specific written responses to your questions 
submitted to me and submitted those to your staff.
    That concludes my written response. Thank you.
    Mr. Tom Davis of Virginia. Thank you very much.
    [The prepared statement of Mr. Jester follows:]

    [GRAPHIC] [TIFF OMITTED] T5838.041
    
    [GRAPHIC] [TIFF OMITTED] T5838.042
    
    [GRAPHIC] [TIFF OMITTED] T5838.043
    
    [GRAPHIC] [TIFF OMITTED] T5838.044
    
    Mr. Tom Davis of Virginia. Mr. Abram.
    Mr. Abram. Mr. Chairman and members of this subcommittee, 
thank you very much for inviting me to testify before you today 
on new surveillance technologies available to protect Federal 
buildings.
    I am Frank Abram, General Manager of the Security and 
Vision Systems Group of Panasonic Digital Communications and 
Security Co., a leading supplier of security systems to both 
the U.S. Government and private industry.
    The security industry landscape has changed dramatically 
over recent years. Technology has progressed more in the last 5 
years than it has in previous decades. Categorically, the two 
product classifications showing the most significant growth are 
video surveillance and access control. Today, I would like to 
provide you with a brief overview of some of the new 
technologies and comment on how the security industry can work 
with the U.S. Government to implement them.
    With the introduction of the first Digital Signal 
Processing cameras in the late 1980's, the performance of video 
surveillance took a quantum leap forward. Since then, video 
surveillance cameras have continued to evolve with each new 
generation.
    Perhaps the most significant development in this area has 
been the introduction of Super Dynamic II technology. SDII 
provides a video acquisition method that most closely simulates 
how the human eye detects and processes light. This technology 
provides a cost-effective solution to one of the most prevalent 
problems facing video surveillance system designers and 
installers--extreme light contrast within a scene. Today, SDII 
cameras are employed in a number of high-profile government 
facilities such as our embassies and consulates and the Federal 
Aviation Administration simply because of their light-sensing 
capabilities.
    New recording technology is also available. The 
proliferation of high-capacity hard drives has enabled video 
manufacturers to incorporate this reliable medium in a new 
generation of digital recorders specifically designed for 
security operations. In addition to their digital recording 
superiority, hard drive recorders incorporate numerous digital 
features that further enhance their utility beyond the 
traditional VCRs such as their ability to send images via the 
network.
    One of the security industry's greatest challenges has long 
been personnel authentication, since traditional forms of 
identification and access control can easily be replicated loss 
or stolen. The introduction of easily deployed biometric 
systems are alleviating these problems, because biometrics are 
virtually impossible to replicate. This is particularly true of 
one of the newest biometric technologies, iris recognition.
    Over the past year, iris recognition systems have become 
more affordable and practical for a wide range of access 
control and cyber security applications. These systems will 
provide added security with little or no inconvenience when 
entering a facility or accessing a computer terminal. With 
access control more of a concern than ever before, biometrics 
and iris recognition technology in particular can play an 
increasing role in homeland defense strategies.
    I believe budget and education are the two most common 
factors that constrain security operations by government 
facilities. Additionally, security personnel in Federal 
agencies and in general find it difficult to keep pace with 
today's rapid development of new surveillance and security 
technologies. Manufacturers of surveillance and security 
systems equipment can help alleviate these constraints by 
providing more education opportunities through the government. 
By keeping government security personnel appraised of new 
technology developments, we can foster the intelligent 
deployment of new systems technology where it is most needed.
    Another problem that has hampered the wide area of 
modernization of security in Federal buildings is the lack of 
set standards. One of the priorities for securing Federal 
buildings should be the establishment of a set of standards 
that clearly outlines the security measures to be taken. This 
will help assure minimal levels of security at each and every 
facility and bring attention to present deficits.
    The standard should also include more thorough 
specifications to assure greater levels of performance, 
compatibility and future system expansion.
    Thank you again for this opportunity to share with you my 
perspectives. I look forward to answering any questions you may 
have regarding security technologies or my comments on the way 
the Government may better secure its buildings.
    [The prepared statement of Mr. Abram follows:]

    [GRAPHIC] [TIFF OMITTED] T5838.045
    
    [GRAPHIC] [TIFF OMITTED] T5838.046
    
    [GRAPHIC] [TIFF OMITTED] T5838.047
    
    [GRAPHIC] [TIFF OMITTED] T5838.048
    
    [GRAPHIC] [TIFF OMITTED] T5838.049
    
    [GRAPHIC] [TIFF OMITTED] T5838.050
    
    [GRAPHIC] [TIFF OMITTED] T5838.051
    
    [GRAPHIC] [TIFF OMITTED] T5838.052
    
    [GRAPHIC] [TIFF OMITTED] T5838.053
    
    [GRAPHIC] [TIFF OMITTED] T5838.054
    
    Mr. Tom Davis of Virginia. Thank you. Mr. Bordes, if we can 
try to get you in, if you can do it in about 4 minutes, we can 
get all the testimony out of the way and come back for 
questions.
    Mr. Bordes. I'll try, sir. Good afternoon, Mr. Chairman, 
members of the subcommittee and distinguished guests. I would 
like to take this opportunity to thank you for allowing me to 
present this information on behalf of the private security 
industry and as a member of the American Society for Industrial 
Security.
    As a professional security consultant working in the 
private sector, I have over 25 years experience in the 
disciplines of threat analysis and countermeasures design. 
ASIS, with more than 32,000 members, is a preeminent 
international organization for security professionals. We have 
chapters in almost every country in the free world.
    There are three subjects I would like to address in today's 
presentation. The first will be how the private sector 
evaluates threat vulnerabilities and ultimately selects 
countermeasures to protect assets.
    Second, I will cover how that group works to develop the 
balance of security measures with convenience and protection of 
privacy for employees and visitors.
    Finally, I would like to present some of the new 
philosophies of security that have developed within the 
corporate world since September 11th.
    The private sector has for many years accepted the fact 
that a high percentage of security-related incidents of either 
general criminal activity or specific target action, such as 
workplace violence, can be attributed to the unauthorized 
individual gaining access to a facility. The approach to threat 
and vulnerability analysis has been to identify the layers of 
protection required to either deter or detect and neutralize a 
perpetrator prior to achievement of their objective.
    To accomplish this, basic technologies such as card access, 
biometrics, closed circuit surveillance and intrusion detection 
are combined into an integrated electronic security system. In 
determining how to protect the facilities, security assessment 
will address subjects such as local environment, facility use, 
total value of the asset, the possibility of a threat being 
successfully carried out, and the criticality level related to 
either partial or total loss of that asset.
    This approach can be applied to any scenario that ranges 
from protecting the CEO to ensuring that nuclear weapons are 
properly secured. The implementation of security measures does 
not, however, have to inflict the penalty of inconvenience or 
loss of privacy upon those working within the protected 
environment.
    The designed effort must ensure protection while at the 
same time maintaining the focus of developing user-friendly and 
nonintrusive security measures. Well-designed security programs 
should ultimately result in minimal contact with the subject 
and with all verification and surveillance being totally 
transparent to anyone other than the security team.
    As you all know, the invasion of privacy debate over the 
use of closed circuit television systems has gone on for years. 
This same argument will move to a higher plane as biometric 
template data bases become a reality. However, in the private 
sector, the trend has been for several years to develop 
surveillance teams that are reactive as opposed to passive, and 
to focus on using these same systems for security incident 
assessment as opposed to general surveillance.
    Even the American Civil Liberties Union has acknowledged 
the fact that people are more open to the use of surveillance 
systems based on the acceptance of the need for more security. 
Hence, the private sector has worked diligently with 
manufacturers and software development entities to ensure that 
data base access and abuse incidents are reduced to the lowest 
number possible by protecting access to sensitive information.
    Advances in the technologies of digital recording, as well 
as the ability to transmit signals over LAN, WAN, or GAN, has 
had a major impact on the effectiveness of security assessment. 
Today the security console officer of a global corporation can, 
through the use of proprietary network transmissions, receive 
real-time video, intrusion alarm data and access control 
transaction information from any company within the facilities 
around the world.
    Technologies currently being developed will further enhance 
security protection techniques by being able to lock onto a 
subject or an object for the purposes of tracking with a camera 
system. Should the subject go from one camera viewing area to 
another, the tracking process will roll over to the other 
camera in order to maintain surveillance.
    The use of biometric technology, such as finger and hand 
geometry, facial recognition, iris scan, retinal scan and other 
methods of providing positive identification, will have a 
definite impact on the design of access-controlled systems.
    A recent poll of systems integrators indicated that 66 
percent of their clients either had installed biometric systems 
or were considering implementing the technology within the near 
future.
    September 11th has created an attitude of acceptance on the 
part of many Americans for increased security measures. One of 
the most significant within the private sector is the 
acceptance of the need to positively identify persons entering 
controlled areas. This decision has impacted the use of 
biometric verification techniques in private and government 
security programs. In fact, in the private sector, security has 
been a top priority, with money set aside for upgrades and new 
installations.
    Additionally, facilities such as water treatment plants, 
power generation stations are now implementing security 
measures that incorporate the whole gamut of electronic 
protection devices.
    Therefore, in summary, I would submit that in the private 
sector, one will no longer hear the phrase that's never 
happened here. We have been awakened to the fact that attacks 
can be carried out against our Nation and our workplaces and 
any place we gather in large numbers, such as the current 
threat from the FBI about malls. With the increased threat 
related to the use of biological/chemical agents, suicide 
bombers and weapons of mass destruction, the development of 
security measures in both the private as well
as the Government sectors will continuously be improved upon 
and implemented to protect the people of this great Nation. 
Thank you again for allowing me time for this presentation and 
God bless America. I will now entertain questions.
    [The prepared statement of Mr. Bordes follows:]

    [GRAPHIC] [TIFF OMITTED] T5838.055
    
    [GRAPHIC] [TIFF OMITTED] T5838.056
    
    [GRAPHIC] [TIFF OMITTED] T5838.057
    
    [GRAPHIC] [TIFF OMITTED] T5838.058
    
    [GRAPHIC] [TIFF OMITTED] T5838.059
    
    Mr. Tom Davis of Virginia. Thank you very much. There is a 
series of three votes. We're going to be at the end of one 
vote, so hopefully it will move quickly. But I'll declare a 
recess. It will probably be 20 minutes or so. Feel free to move 
about and be back here in 20 minutes.
    [Recess.]
    Mr. Tom Davis of Virginia. We're ready to start the 
questioning. I'm going to start with Mrs. Davis, the gentlelady 
from Virginia.
    Mrs. Jo Ann Davis of Virginia. Thank you, Mr. Chairman. And 
thank you, gentlemen, for being here. I apologize I couldn't be 
here to hear your testimony. I had several markups at the same 
time.
    My first question is for Mr. Moravec. As the Government's 
biggest landlord, how do you work with building tenants to 
determine the security needs and the products required?
    Mr. Moravec. I'm sorry, Congresswoman, I didn't hear the 
question.
    Mrs. Jo Ann Davis of Virginia. As the Government's biggest 
landlord, how do you work with the building tenants to 
determine the security need and products required?
    Mr. Moravec. Fundamental to our security philosophy is the 
understanding that each building constitutes a very distinct 
set of security and safety needs. So it has been our philosophy 
to work with the building security committee of that building. 
Every Federal building has a building security committee, 
sometimes called an occupant emergency organization, that is 
responsible for developing, in consultation with the Federal 
Protective Service, plans for the safety and security of the 
occupants and visitors to that building. So it's very 
individualized.
    Mrs. Jo Ann Davis of Virginia [presiding]. If you'll pardon 
me for changing seats there real quick. As a followup, what 
purchasing assistance does GSA provide to Government agencies 
interested in acquiring security technologies?
    Mr. Moravec. I'll defer to Wendell Shingler.
    Mr. Shingler. Actually we do a wide variety of things. We 
provide consulting services for the most part of going into a 
Federal agency and making recommendations on how to offset 
their vulnerabilities. On the flip side of that, the Federal 
Supply Service within GSA and our folks work in consultation to 
come up with contracts that would meet the needs to provide 
those items, cameras, monitors and the like for not only us but 
the individual departments and agencies.
    Mr. Moravec. Federal Protective Service is assessing its 
own needs all the time for the buildings that are GSA-
controlled. We also, through interagency groups, for example, 
the Interagency Security Committee share information with 
security personnel at other agencies and departments of 
Government as to technologies that are emerging, technologies 
that have been proven to be especially effective. We definitely 
talk amongst ourselves within the Federal community.
    Mrs. Jo Ann Davis of Virginia. Do you feel you can do it in 
a timely manner since apparently it's going through several 
different agencies?
    Mr. Moravec. Well, it's an ongoing process. We are in 
constant dialog with each other. Within the Federal Protective 
Service we have been assessing new technologies on a somewhat 
ad hoc basis. We're now taking steps to create a standing 
committee within our organization of specialists who will be 
proactively involved in seeking out new security technologies. 
And clearly, since September 11th we're now aware of and 
defending against a much broader range of threats to Federal 
facilities. So it's very important that we be preemptive and 
proactive.
    Mrs. Jo Ann Davis of Virginia. Mr. Bordes, what has been 
the impact on demand since the September 11th terrorist 
attacks, and can the industry adequately meet the increased 
demand in a timely basis? And if not, who is stepping in to 
fill that role?
    Mr. Bordes. I was working the mic. I didn't hear the last 
half of your question.
    Mrs. Jo Ann Davis of Virginia. If you're not able to do it 
in a timely basis, who is stepping in to fill that role if the 
industry can't do it?
    Mr. Bordes. Well, the private sector is doing a lot of 
things to try to meet the threats that they now perceive after 
September 11th. The industry security has in some areas been 
able to meet that need. However, there are other technologies 
that the private sector is calling upon that probably a year 
ago the delivery date on that technology was 3 to 4 weeks, now 
that delivery date is 5 to 6 months. And it depends on the 
technology that you're addressing.
    But the private sector is really working very diligently to 
try to upgrade the security across their operation, as the 
Government is, and it's just an issue of supply and demand. The 
industry really is in some segments very, very small.
    In fact, the area of biometrics up until a couple years 
ago, each biometric was basically manufactured by one company. 
So these companies were not really geared up for to you walk in 
and say I need 1700 hand geometry readers. It would really blow 
them back.
    Mrs. Jo Ann Davis of Virginia. You said that before 
September 11th it would have been 3 to 4 weeks but now it's 5 
to 6 months. That's because there is so much more demand?
    Mr. Bordes. Because of supply and demand.
    Mrs. Jo Ann Davis of Virginia. Who would step in or is 
there anyone to step in, in that interim?
    Mr. Bordes. In some technologies, ma'am, there is nobody to 
step in.
    Mrs. Jo Ann Davis of Virginia. In some. But how about 
others?
    Mr. Bordes. In others that are companies that are gearing 
up, companies that are in closed circuit television system, 
like Panasonic and these people, they are able to immediately 
increase output and to meet the needs. But in some sectors, 
like hydraulic bollards, vehicle barriers, motorized gates, 
crash gates for embassies, airports, this type situation, 
they're just not geared up to manufacture them that quickly.
    Mrs. Jo Ann Davis of Virginia. My time is up, but I thank 
you, gentlemen.
    Mr. Turner. Thank you. I unfortunately missed your 
testimony. I was on the floor debating an amendment to the INS 
reform bill.
    I was just curious, in looking through some of the 
testimony, is there a general agreement as to which 
technologies should be employed, or are we still at the point 
where there are so many different ones out there that nobody is 
really settled in on which ones are best? And I'd welcome any 
of your comments on this.
    Mr. Moravec. I'll take a stab at that. I think there's 
general agreement in the Federal community as to what the 
appropriate technologies are and how they ought to be generally 
deployed. As I testified earlier, Congressman Turner, we look 
at each building as a separate and distinct security threat and 
try to craft a package of countermeasures that address the 
vulnerabilities that we have assessed at a particular building. 
And it's a package of things that includes deployment of 
manpower, contract guard services, specific electronic 
countermeasures like magnetometers, x-ray machines, explosion 
detection devices. So it's a combination of both technology and 
manpower deployment and operations that really constitute a 
well-rounded security program. And I think there is general 
agreement in the Federal Government. The packages vary, 
depending on the perceived threat. Buildings can be perceived 
as having a higher or lower threat. So there's quite a bit of 
diversity or at least a range in terms of the intensity, if you 
will, of the security deployment at a particular building, 
depending on what the perceived level of threat is.
    Mr. Turner. I guess I was particularly interested in the 
biometrics area because it seems to me that, No. 1, the Federal 
Government should take the lead in trying to establish some 
standard there because once the Federal Government moves 
forward with the application of a given technology, it seems 
that it probably encourages the private sector and smaller 
purchasers to choose the same. And over time it would seem to 
me important to the Nation to have some standardization. If we 
all are walking around with cards that swipe and we could get 
in several places with that card or if we're going to rely on 
retinal scan technology, then others would adopt that and we 
become more standardized and access would be more readily 
afforded to the public in general if there was some 
standardization. Am I correct in that?
    Mr. Moravec. I completely agree with you. This is an 
opportunity for the Federal Government to show leadership to 
the private sector. The grim reality is that since Oklahoma 
City, the Federal Government, including the Federal Protective 
Service, have become very knowledgeable about ways of designing 
and building and defending buildings against different kinds of 
threats. And even we are very actively reaching out to the 
private sector through groups like the American Security 
Society for Industrial Security and through different real 
estate organizations to try to share that information with 
them.
    However, the Federal Government at this point in time, 
itself not being a monolithic entity, has a variety of 
different responses with regard to identity cards. With 100 
different agencies, 100 different agencies have 100 different 
kinds of identity cards. That is part of the challenge of 
defending buildings. For us to show leadership with regard to 
access cards, whether they include biometric cards or not, or 
whether they're smart or not, the Federal Government needs to 
get together and decide on, I think, on a national government 
card.
    Mr. Turner. What would it take to accomplish that? 
Obviously we now have all these agencies, as you say, going out 
there adopting whatever system they want to put in place. What 
would it take to have some standardization accepted in our 
Federal agencies?
    Mr. Moravec. Well, I think that direction could certainly 
come from the executive branch. It could come through GSA. It 
could come through the Office of Personnel Management. It could 
come through the offices of the Homeland Security. There are a 
number of different places where that direction could come 
from.
    Mr. Turner. Thank you. Thank you, Mr. Chairman.
    Mr. Tom Davis of Virginia [presiding]. Thank you very much. 
Mr. Abram, let me ask you a question. Because of the heightened 
and immediate need for advanced security products and system 
components for our government facilities, are there any current 
constraints with the U.S. Government being able to quickly 
source the kind of equipment needed for security?
    Mr. Abram. I believe there are. And I believe the potential 
exists for even greater problems. The Buy America laws require 
the U.S. Government to source from domestic suppliers and, if 
not available, from suppliers in countries that have signed 
onto an international procurement agreement. In Asia, that 
includes only Hong Kong, Japan, Korea, and Singapore. Now 
because of globalization and economies of scale concerns, many 
of the security manufacturers, Panasonic included, are finding 
that they are moving to countries that can manufacture less 
expensive for us, countries like China and the Philippines. And 
this is a possible restraint in the Government purchasing 
product from organizations such as Panasonic.
    Recognizing this constraint at a time of increased security 
demands, the SARA, the Services Acquisition Reform Act of 2002 
that Chairman Davis introduced, provides an exemption for this 
sourcing restriction for information technology commercial 
items. Because of the importance of the homeland security, the 
proposed legislation defines information technology to include 
imaging peripherals and certain devices necessary for security 
and surveillance. It is through the SARA that we will be able 
to correct some of these problems that are going to become more 
and more evident, at least in the video surveillance area.
    Mr. Tom Davis of Virginia. Let me ask Mr. Rhodes. The 
biometric technologies that were identified within your 
presentation represented several different technologies. Which 
technologies are actually in use and which do you believe are 
the most effective for security identification verification 
purposes? Or do you think it depends?
    Mr. Rhodes. Out of all of the biometric technologies, there 
is really only one that we couldn't find in pervasive use and 
that was signature recognition. The most prevalent technology 
biometric technology is the fingerprint scan, and that's 
because it grew out of law enforcement and it's the most 
established technology, the most established procedure for 
enrolling an individual into the system, and that's reflected 
in its price as well. It's only about $4 per user if you 
already have the server in place.
    From our analysis, the biometric technology that probably 
shows the most promise is the iris scan. That technology is 
going to advance because it's the least invasive to the 
individual. As was stated in an earlier statement from 
Panasonic, as the quality of the camera for both movement and 
room light improves, you can stand farther and farther away 
from the receptor, so people don't get the feeling of having it 
invade their body. And that's probably going to always be a 
resistance to somebody like a retina scan where you have to sit 
still for quite a long time while it scans the back of your 
eye. And so in a nutshell, the fingerprint scan is the most 
pervasive and the scan for iris is the one that probably has 
the best future.
    Mr. Tom Davis of Virginia. Fingerprint scan is fast. Isn't 
it pretty efficient?
    Mr. Rhodes. Yes. In some cases you can get it down to just 
a couple of seconds. As a matter of fact, it's being used 
currently by the FAA in some of their facilities for quick 
access to some of the doors, some of the secured access 
facilities.
    Mr. Tom Davis of Virginia. Let me ask Mr. Moravec and Mr. 
Jester about the use of biometric technologies. Are we using 
that widely in Government and are we restricting the use of the 
personal information that's stored?
    Mr. Moravec. In the Federal Protective Service we are not 
at this point, to my knowledge, deploying what could accurately 
be called biometric technology with regard to access cards or 
access controls.
    Mr. Tom Davis of Virginia. How hard and difficult would it 
be to do that?
    Mr. Moravec. It would be difficult for me to assess, 
sitting here, how difficult it would be. It would clearly be--
given the scope of our portfolio, which encompasses over 8,000 
buildings and 340 million square feet, applying anything 
consistently and effectively on a base that big would certainly 
be logistically challenging.
    Mr. Tom Davis of Virginia. Right. OK.
    Mr. Jester. We're using biometrics at specific locations 
where you have a very sensitive office within a building. We're 
using iris scan, we are using hand geometry readers. There are 
limits of where we do use it. We don't use it in the entrance 
to the facility because at the Pentagon, for example, we have 
20,000 employees and everybody going through it would be a long 
line waiting to come in. But we do use it at specific 
locations.
    The U.S. Army is leading an effort within the Department of 
Defense to look at--they have a biometric officer. They're 
looking at different applications of the biometric technology 
and looking where it can be used within the Department of 
Defense. So there is a program to encourage the use of 
biometrics.
    Mr. Tom Davis of Virginia. OK. Mr. Moravec, let me ask you. 
The Federal Protective Services are responsible for protecting 
Federal buildings. Do they use the same approach to designing 
countermeasures as would be found in the private sector?
    Mr. Moravec. Yes. Yes. In fact, we have a very close 
working relationship with the American Society for Industrial 
Security, absolutely.
    Mr. Tom Davis of Virginia. Mr. Bordes, what services can 
you offer to Federal security planners who are working to 
better protect Federal facilities? What recommendations does 
GSA give to these planners?
    Mr. Bordes. I think one of the most important things on 
Federal protection, developing Federal protection of 
facilities, is to get involved in the planning process early. 
That's one of the major problems that we see as, you know, from 
reading my information, I run the GSA FPS training program for 
physical security. And that particular program, we really try 
to stress to our people to get involved early in the planning 
to make sure that they have the input to be able to address 
situations such as barriers, setback, glazing of glass, or 
hardening of facility and this type of situation.
    The people in FPS basically use the same measures that the 
private sector does. They go out, they identify the threat, 
they try to find countermeasures that will address that threat, 
and then they address the issues of how they're going to 
respond appropriately and also run the educational program. But 
one of the major problems seems to be basically the issues of 
planning. It's important that in any design, in any security 
design, whether it's private sector or whether it's Government 
or whether it's military, that the people who are doing the 
design get involved in the process early on. Because there are 
a lot of things that go into a design that if you come in at a 
late stage in the design are extremely difficult and extremely 
expensive to implement. That seems to be a problem that is 
always being confronted by people who are designing the GSA 
security programs.
    Mr. Moravec. If I could respond to that. Since Oklahoma 
City, we have obviously been designing and building buildings 
in a completely different way. We have stringent setback 
criteria. We employ anti-progressive collapse technology in 
their design. We have hardened curtained walls, ballistic 
glass. Up until September 11th, we were primarily defending 
against what happened at Oklahoma City, which was the breaching 
of perimeter security by a truck bomb and the total collapse of 
the building. I think what Mr. Bordes is saying is absolutely 
correct. It's very important that Federal Protective Service 
trained physical security people and consultants, as well as 
building managers, be involved with architects and engineers in 
the design of buildings. We make every effort to make sure they 
have a seat at the table and, of course, even more so than 
since September 11th.
    Mr. Tom Davis of Virginia. There is always a tendency for 
generals to fight the last war. So you defend against Oklahoma 
City and now we look back to September 11th, defend against 
that. I mean, we are being proactive in figuring out what else 
could go wrong.
    Mr. Moravec. We are. Especially since the anthrax episodes, 
we're looking at the location of air intakes, we are looking 
into the purchase and deployment of equipment that can detect 
toxins in the building's water or air supply and devices to 
automatically take corrective action in that event. September 
11th has really opened a whole new vista to us in terms of ways 
that people can--who wish us ill can do harm to people and to 
buildings.
    Mr. Tom Davis of Virginia. Yes. Let me ask both Mr. Jester 
and Mr. Moravec, how do you determine the proper balance 
between security and convenience and efficiency? To some 
extent, if you want to make a building entirely secure, it's 
going to be a real pain for somebody trying to get in and out 
some of the time. You can make it secure, but you also have to 
make it functional. It's a difficult balance, remembering most 
of these buildings will probably never undergo any kind of 
problem. How do you get that balance?
    Mr. Jester. I think it begins--the word planning has been 
used. Having gone through--having been about 300 feet from 
where the plane hit, a lot of lessons were learned. The key 
word is planning. And planning goes in this particular 
application, too. If we're looking for a location for a, for 
example, a DOD operation, we need to be careful on where we 
place that. We can't select the wrong building. If we put a 
very sensitive DOD operation--and we're not just concerned for 
terrorism, we're also concerned for foreign intelligence-
gathering. So it has to be some care exercised simply--it's not 
simply a selection of how many square feet that building 
happens to be, we should not be putting a building or an 
operation into a building where there's a lot of highly public 
agencies in that building, for example, Social Security. We 
should not be mixing those organizations together. But it is a 
delicate balance. So we say it begins right in the very 
beginning, put them in the right location.
    If you, for example, take agencies with high security 
requirements and lump those together in those kinds of 
buildings where it can be more secure, don't mix and match high 
secure requirements with organizations that have a high public 
contact.
    Mr. Tom Davis of Virginia. OK.
    Mr. Moravec. That's certainly beneficial. Just for the 
General Services Administration, we are determined not to build 
bunkers. We are determined to build buildings, iconic 
buildings, 100-year buildings that are emblematic of the spirit 
of the American people, that are first and foremost secure, but 
are also esthetically pleasing and hopefully an adornment to 
the communities where they're located.
    We are very cognizant of avoiding--creating a climate of 
fear at buildings which is often present when you take 
especially stringent security measures. We want, as someone put 
it, I thought very well, we want to first welcome and then 
challenge people who are coming to the building, to do both, 
but to do it in a way that is not oppressive and is not 
obtrusive. And this is particularly challenging in courthouses. 
We're building a lot of courthouses across the country now, and 
we want those buildings to be like the American judicial system 
itself, open and accessible to all. But obviously at a 
courthouse in this day and age, those buildings need to be very 
secure.
    So it is a continuing challenge and one that we spend an 
awful lot of time thinking about and working on.
    Mr. Tom Davis of Virginia. Yes. I worked here in the 1960's 
as a page and you could drive in here at night, anybody could 
come in here at night. You didn't have the metal detectors and 
everything to get in and out of the building. It worked pretty 
smoothly. But I guess the world changes and you have to change 
with it. Somehow I would like the world to change back. It 
would be a lot more efficient in terms of how we could spend or 
money.
    In the meantime, you all have a very difficult job. Every 
time something goes wrong, everybody is going to second-guess 
you. To the extent that you are spending money doing these 
kinds of things, you can't do other things.
    Mr. Moravec. Well, as has been brought out by several of 
the witnesses, it really is a package of different 
countermeasures that really need to be undertaken. I mean we 
are expanding our guard contracts, we've enhanced the training 
and testing of our different kinds of countermeasures. We have 
very close involvement these days with the FBI and the CIA and 
different joint terrorism task forces. We are engaging security 
measures in major metropolitan areas to try to design security 
countermeasures in areas that are particularly densely 
populated with Federal workers that are not obtrusive. We are 
spending a lot of time in the buildings talking to the tenants 
and to the different building security committees about what 
they can do specifically to protect themselves. We're really 
trying to help the Federal associates and people who are 
visitors to Federal buildings move themselves to a higher state 
of vigilance and wariness which is, I think, necessary in this 
day and age.
    Mr. Jester. There was a failure, I think, on September 
11th. It was probably, I would say, a failure of imagination. 
We have to in that particular field, we have to use our 
imagination and not, as you said a while ago, fight the last 
war. We have to look forward and think about what could happen.
    Years ago I think everybody in this country was shocked 
when someone went into a McDonalds in California and killed 21 
people. We were shocked by that. We were shocked later on when 
school kids were shooting each other in school.
    So in our profession we need to be looking forward and 
almost to some degree have screen writers look about what 
things could happen. I don't think anyone would imagine the 
Pentagon--we had talked about planes hitting the building 
because we are very close to the airport, as an accident or 
maybe as a small aircraft. But never did we dream of a 757 
coming into our building.
    So we need to use our imagination to think about what kinds 
of things could happen and then go back to that key element of 
having some plans and not think it won't happen on our watch. 
If we think it's not going to happen on our watch, we don't 
plan for it. So we need to do proper planning and then use all 
the technologies that are available to us. The technologies are 
great, they're fantastic tools, but to use those technologies 
as tools and be careful how we use them because we--as you 
learned, one of the biggest technologies that failed us on 
September 11th was the cell phones. We could not communicate 
throughout the entire city on cell phones. So using 
technologies, we ought to also go back to some very basic 
principles of planning and exercises and drills.
    Mr. Tom Davis of Virginia. Thank you.
    Mrs. Davis.
    Mrs. Jo Ann Davis of Virginia. Thank you, Mr. Chairman. 
These questions are probably just curious questions. But I 
think, Mr. Rhodes, you talked about the fingerprinting scan and 
the iris scan.
    Mr. Rhodes. Yes, ma'am.
    Mrs. Jo Ann Davis of Virginia. And Mr. Abram said that some 
of the technology was not available through Buy America. Would 
any of those be available through Buy America?
    Mr. Rhodes. I don't know the underlying--I think that at 
least some of the vendors on the GSA list would be available. I 
don't know that they would be available in the quantities that 
people would need. The fingerprints is very well established, 
so you'd probably be able to gear up for the procurement. But 
on the retina scan, that's still developing technology. So I 
don't know that would be--you would be able to buy it on the 
scale that you would need.
    Mrs. Jo Ann Davis of Virginia. On the iris scan--and 
somebody said they were using that now, I think you did, Mr. 
Jester. That's the colored part of your eye, right? That's the 
colored part of your eye, right?
    Mr. Jester. Yes, ma'am.
    Mrs. Jo Ann Davis of Virginia. If someone has one of those 
colored contact lenses, how does that affect it?
    Mr. Abram. I believe I can answer that. It really does not 
unless they are extremely dark, dark colored lenses, and then 
it would give you a negative access through the access control. 
The product takes--basically takes a picture of the iris, 
digitizes that picture into a 512 bit picture or 512 bit data 
image that is then used for comparison purposes. So as long as 
it is a coloring or tint in the contact lenses and a coloring 
or tint in your glasses, there is no effect or adverse effect 
from reading it. As you get much darker tints to both of those 
glasses and contacts, it will have an effect.
    Mrs. Jo Ann Davis of Virginia. Mr. Jester, the planes that 
hit the Pentagon and the Twin Towers, I'm not sure there's any 
security measures that we could have taken in either of those 
buildings for that.
    Mr. Jester. No, ma'am. I was asked by the press do we have 
guns on the roof. That will start with the airport security. It 
has to be at that point. Because we can't stop it in our 
building. We can be better prepared for that. And I think one 
of the things that we feel successful about was in the 
preceding year we had been doing drills with the employees, 
evacuation drills outside the building, as well as sheltering-
in-place drills. So--because most employees in Federal 
buildings got their last instruction on fire drills when they 
were in the third grade. So we pushed that for a year. And so 
when we activated the alarms that day, I think we had less 
problems because people had actually been prepared by having 
drills.
    Mrs. Jo Ann Davis of Virginia. Thank you, gentlemen. Thank 
you, Mr. Chairman.
    Mr. Tom Davis of Virginia. Thank you all. Before we close, 
I want to take a moment to thank everyone for attending today's 
subcommittee hearing. Thanks for bearing with us as we went 
over and voted and came back. Our special thanks to the 
witnesses, to Representative Turner, Mrs. Davis, and other 
attendees. I also want to thank my staff for organizing what I 
consider to be a very productive hearing. I'm going to enter 
into the record the briefing memo that was distributed to 
subcommittee members. We'll hold the record open for 2 weeks 
from this date for those that want to forward submissions for 
inclusion into the record.
    These proceedings are closed.
    [Whereupon, at 3:45 p.m., the subcommittee was adjourned.]

