[Senate Hearing 113-425]
[From the U.S. Government Publishing Office]


                                                        S. Hrg. 113-425

 
                         THE NAVY YARD TRAGEDY

=======================================================================

                                HEARING

                               before the

                              COMMITTEE ON

               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                          UNITED STATES SENATE

                    ONE HUNDRED THIRTEENTH CONGRESS


                             FIRST SESSION

                               __________

                    EXAMINING GOVERNMENT CLEARANCES

                         AND BACKGROUND CHECKS,

                            OCTOBER 31, 2013

 EXAMINING PHYSICAL SECURITY FOR FEDERAL FACILITIES, DECEMBER 17, 2013

                               __________

        Available via the World Wide Web: http://www.fdsys.gov/

                       Printed for the use of the

        Committee on Homeland Security and Governmental Affairs




                  U.S. GOVERNMENT PRINTING OFFICE
85-500                    WASHINGTON : 2014
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001




        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                  THOMAS R. CARPER, Delaware Chairman
CARL LEVIN, Michigan                 TOM COBURN, Oklahoma
MARK L. PRYOR, Arkansas              JOHN McCAIN, Arizona
MARY L. LANDRIEU, Louisiana          RON JOHNSON, Wisconsin
CLAIRE McCASKILL, Missouri           ROB PORTMAN, Ohio
JON TESTER, Montana                  RAND PAUL, Kentucky
MARK BEGICH, Alaska                  MICHAEL B. ENZI, Wyoming
TAMMY BALDWIN, Wisconsin             KELLY AYOTTE, New Hampshire
HEIDI HEITKAMP, North Dakota

                   Richard J. Kessler, Staff Director
               John P. Kilvington, Deputy Staff Director
         Troy H. Cribb, Chief Counsel for Governmental Affairs
       Lawrence B. Novey, Chief Counsel for Governmental Affairs
           Jason M. Yanussi, Senior Professional Staff Member
             Nicole B. Mainor, U.S. Secret Service Detailee
               Keith B. Ashdown, Minority Staff Director
           Mark K. Harris, Minority U.S. Coast Guard Detailee
                   James P. Gelfand, Minority Counsel
         Cory P. Wilson, Minority U.S. Secret Service Detailee
                     Laura W. Kilbride, Chief Clerk
                   Lauren M. Corcoran, Hearing Clerk


                            C O N T E N T S

                                 ------                                
Opening statements:
                                                                   Page
    Senator Carper 



    Senator Coburn 



    Senator Tester...............................................     4
    Senator Ayotte...............................................    26
    Senator Heitkamp.............................................    30
    Senator McCaskill............................................    32
    Senator Portman..............................................    35
Prepared statements:
    Senator Carper 



    Senator Coburn...............................................   189

                               WITNESSES
                       Thursday, October 31, 2013

Hon. Joseph G. Jordan, Administrator for Federal Procurement 
  Policy, Office of Management and Budget........................     7
Hon. Elaine D. Kaplan, Acting Director, Office of Personnel 
  Management.....................................................     9
Brian A. Prioletti, Assistant Director, Special Security 
  Directorate, National Counterintelligence Executive, Office of 
  the Director of National Intelligence..........................    11
Stephen F. Lewis, Deputy Director for Personnel, Industrial and 
  Physical Security Policy, Directorate of Security Policy & 
  Oversight, Office of Under Secretary of Defense for 
  Intelligence, U.S. Department of Defense.......................    13
Brenda S. Farrell, Director, Defense Capabilities and Management, 
  U.S. Government Accountability Office..........................    15

                     Alphabetical List of Witnesses

Farrell Brenda S.:
    Testimony....................................................    15
    Prepared statement...........................................    72
Jordan, Hon. Joseph G.:
    Testimony....................................................     7
    Prepared statement...........................................    48
Kaplan, Hon. Elaine D.:
    Testimony....................................................     9
    Prepared statement...........................................    55
Lewis, Stephen F.:
    Testimony....................................................    13
    Prepared statement...........................................    68
Prioletti, Brian A.:
    Testimony....................................................    11
    Prepared statement...........................................    61

                                APPENDIX

Statement from the Professional Services Council.................    95
Letter from Ms. Kaplan to Senator Coburn.........................   101
OPM Whitepaper...................................................   102
Responses for post-hearing questions for the Record from:
    Mr. Jordan...................................................   112
    Ms. Kaplan...................................................   116
    Mr. Prioletti................................................   123
    Mr. Lewis....................................................   129
    Ms. Farrell..................................................   134

                       Tuesday, December 17, 2013

Caitlin A. Durkovich, Assistant Secretary for Infrastructure 
  Protection, National Protection and Programs Directorate, U.S. 
  Department of Homeland Security................................   146
Leonard Eric Patterson, Director, Federal Protective Service, 
  National Protection and Programs Directorate, U.S. Department 
  of Homeland Security...........................................   148
Stephen F. Lewis, Deputy Director for Personnel, Industrial and 
  Physical Security Policy, Directorate of Security Policy and 
  Oversight, Office of Under Secretary of Defense for 
  Intelligence, U.S. Department of Defense.......................   150
Mark L. Goldstein, Director, Physical Infrastructure Issues, U.S. 
  Government Accountability Office...............................   172
Stephen D. Amitay, Executive Director, National Association of 
  Security Companies.............................................   173
David L. Wright, President, Federal Protective Service Union, 
  American Federation of Government Employees....................   175

                     Alphabetical List of Witnesses

Amitay, Stephen D.:
    Testimony....................................................   173
    Prepared statement...........................................   221
Durkovich, Caitlin A.:
    Testimony....................................................   146
    Prepared statement...........................................   192
Goldstein, Mark L.:
    Testimony....................................................   172
    Prepared statement...........................................   210
Lewis, Stephen F.:
    Testimony....................................................   150
    Prepared statement...........................................   205
Patterson, Leonard Eric:
    Testimony....................................................   148
    Prepared statement...........................................   198
Wright, David L.:
    Testimony....................................................   175
    Prepared statement...........................................   239

                                APPENDIX

DHS Active Shooter updated submitted by Senator Coburn...........   254
Responses for post-hearing questions for the Record from:
    Ms. Durkovich and Mr. Patterson..............................   256
    Mr. Lewis....................................................   316
    Mr. Goldstein................................................   326
    Mr. Amitay...................................................   330
    Mr. Wright...................................................   335

                  THE NAVY YARD TRAGEDY: EXAMINING

              GOVERNMENT CLEARANCES AND BACKGROUND CHECKS

                              ----------                              


                       THURSDAY, OCTOBER 31, 2013

                                     U.S. Senate,  
                           Committee on Homeland Security  
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 10:01 a.m., in 
room SD-342, Dirksen Senate Office Building, Hon. Thomas R. 
Carper, Chairman of the Committee, presiding.
    Present: Senators Carper, Landrieu, McCaskill, Tester, 
Heitkamp, Coburn, Portman, and Ayotte.

              OPENING STATEMENT OF CHAIRMAN CARPER

    Chairman Carper. Well, good morning, everyone. The hearing 
will come to order. Welcome, one and all.
    On Monday, September 16, a horrible tragedy unfolded at the 
Navy Yard in Washington D.C. A very troubled individual took 12 
lives in a senseless act of violence. The circumstances that 
led to this tragedy are multidimensional.
    Many of the issues raised by this tragedy--such as the 
adequacy of our gun laws and the quality of mental health 
care--are outside the purview of this Committee. But as we have 
learned more about Aaron Alexis, a number of my colleagues and 
I have been asking each other why such a troubled, unstable 
individual possessed a security clearance from the U.S. 
Government.
    Why was he originally granted a security clearance when he 
did not disclose his arrest record on his application? Why did 
the investigator responsible for looking into that arrest write 
up that Alexis had ``retaliated by deflating'' someone's tires 
instead of disclosing that Alexis had shot those tires? And we 
also wonder how such violence could have taken place at the 
Navy Yard, which is more secure than just about any workplace 
in our country.
    The Navy Yard tragedy is not the only reason that Members 
of Congress are questioning the quality of the background 
checks. The Edward Snowden case, of course, raises many of the 
same questions. So have the Wikileaks disclosures by Private 
Bradley Manning.
    Just yesterday, we learned that the Department of Justice 
(DOJ) has joined a lawsuit against a company called United 
States Investigations Services (USIS). This is the company that 
performs about 45 percent of the background investigations that 
are contracted out by the Office of Personnel Management (OPM).
    According to this lawsuit, USIS engaged in a practice that 
company insiders referred to as ``dumping.'' Some refer to it 
as ``flushing.'' Under this alleged scam, USIS would send 
investigations back to the Office of Personnel Management even 
though they had not gone through the full review process. 
Through this dumping, USIS maximized its profits.
    Many national security experts have long argued that the 
security clearance process is antiquated and in need of 
modernization, and given recent events, I think we have to ask 
whether the system is fundamentally flawed. But we should also 
be mindful that, for many years, both Congress and Federal 
agencies were concerned about the backlog of security clearance 
applications, which grew larger after September 11, 2001. We 
need to make sure that investigators do not feel pressured to 
sacrifice quality for speed.
    Many have heard me say that almost everything I do, I know 
I can do better. The same is true, I think, for all of us and 
most Federal programs. It is in that spirit Dr. Coburn and I 
have convened today's hearing. Our primary purpose is to learn 
what we are doing right in the security clearance process, do 
more of that, while also learning how we can improve it.
    We have many questions to ask, and here are some of them:
    Are we looking at the right risk factors in attempting to 
identify people who should not be trusted with a clearance, or 
who could do serious harm to our government and our country?
    What important information do background checks miss in the 
current system, which relies heavily on self-reporting by the 
individuals applying for a clearance?
    Once a clearance is granted, what events should trigger a 
reexamination of an individual's suitability to retain that 
clearance?
    What problems are created by the heavy reliance by the 
Office of Personnel Management on contractors to perform the 
background checks?
    What are the advantages of that reliance?
    And what is the relationship between background checks for 
security clearances and background checks for other types of 
privileges, such as access to governmental facilities?
    We also need to ask what impacts sequestration and years of 
strained budgets have had on the clearance process. Under the 
current system, periodic reinvestigations of individuals 
holding clearances are supposed to be done every 5 years for 
people with Top Secret clearances, and every 10 years for 
people with Secret clearances.
    However, because of funding shortfalls, employees sometimes 
continue to work in positions that allow access to classified 
information, even if the initial period of clearance has 
lapsed. For example, this summer, for 10 weeks the Department 
of Defense (DOD) suspended the periodic reviews of some 
contractor employees due to funding shortfalls.
    I would like to hear from our witnesses today about how 
often suspensions like that are happening across the Federal 
Government. I would also like to hear about what agencies are 
doing to manage risks to our security when clearances are not 
reexamined on schedule through the periodic review process.
    Today, we have been joined by officials from the four 
agencies responsible for the policies and procedures used to 
determine who is eligible to obtain security clearances and 
access to government facilities and computers. They are the 
Office of Management and Budget (OMB), the Office of Personnel 
Management, the Office of the Director of National Intelligence 
(ODNI), and the Department of Defense.
    We want these officials to talk with us this morning about 
the critical security related policies and procedures and also 
about the coordinated reviews of these processes now underway 
throughout the government in the aftermath of the Navy Yard 
tragedy and other recent incidents. We also will hear from an 
expert at the Government Accountability Office (GAO), which has 
produced a wide body of work on the security clearance process. 
Welcome.
    This hearing builds on the ongoing good work of our 
Subcommittees, which held a hearing on security clearances just 
this past June under the able leadership of Senators Tester, 
Portman, McCaskill, and Johnson. That hearing exposed the 
urgent need for additional resources for the Inspector General 
(IG) at the Office of Personnel Management to enable that IG to 
conduct important oversight of background investigations.
    In July, our Committee approved a portion of a bill 
sponsored by Senator Tester and cosponsored by Dr. Coburn, 
Senator McCaskill, Senator Portman, Senator Begich, Senator 
Johnson, Senator Nelson, and Senator Baucus to allow the 
Inspector General to tap into OPM's revolving fund for the 
purposes of performing that much needed oversight, and we 
commend Senator Tester and our colleagues, for their good work. 
The legislation passed the Senate earlier this month, and my 
hope is it will be signed into law by the President soon.
    In closing, I want to say that the vast majority of 
individuals who hold security clearances are honorable and 
trustworthy people. Many of them felt called into service after 
September 11, 2001, to help protect our country, and they 
deserve our thanks. Having said that, though, we still must 
have a system that does a better job of rooting out those with 
nefarious purposes and those who become deeply troubled and 
unstable. That system must identify those whose behavior 
signals an unacceptable risk to be entrusted with classified 
information or access to sensitive Federal facilities. I hope 
that our hearing today will help point us to a number of 
sensible solutions that--taken together--will truly improve our 
national security.
    Finally, I think it is important to note that our Committee 
continues to look at other aspects of the Navy Yard tragedy, 
including the physical security of Federal buildings, as well 
as preparedness, emergency response, and communications issues. 
So, we have much work to do to learn as much as we can from 
this tragedy and try to prevent similar ones from occurring in 
the future.
    With that, let me welcome Dr. Coburn and say that I look 
forward to his opening comments, and then we will turn to our 
witnesses. Dr. Coburn, welcome.

              OPENING STATEMENT OF SENATOR COBURN

    Senator Coburn. Well, thank you, Chairman Carper, and 
welcome to our witnesses.
    First, let me extend my deepest condolences to the 
families, co-workers, and friends of those that were lost on 
September 16. To me this is not a political issue. This is an 
issue of us failing to do our job in a proper way when it comes 
to security clearances.
    Today GAO is releasing a report that shows some 8,400 
people received security clearances while they had tax debts, 
which is a vulnerability. And the vast majority of those were 
Top Secret security clearances. So our process is obviously 
broken, not complete, and not adequate.
    Until this year, OPM did not even have the means of 
debarring persons or companies that falsified background checks 
for clearances. Worse, OPM's IG recommended debarment of 22 
individuals, have received no answer on 14 of the cases, and 
have been informed that the other 8 would not be debarred. 
Something is very wrong.
    It is unlikely that a stricter clearance process would have 
prevented a deranged individual from committing murder, but 
this event should be a catalyst for Congress to try to fix the 
way this country categorizes, handles, and grants access to 
sensitive data.
    Two problems. One, there is way too much stuff that is 
classified that does not need to be classified. And, two, there 
are way too many security clearances approved. So if you 
markedly increase the amount of material that does not need to 
be classified, you have to increase the number of people that 
need to have access to it.
    So we need to address both problems. I look forward to 
going through the comments today and with our panel of 
witnesses and get closer to the real answers, and, Chairman 
Carper, I thank you again for holding this hearing, and I 
appreciate the work of Senator Tester.
    Chairman Carper. Thank you, Dr. Coburn.
    I am going to ask Senator Tester, before we turn to the 
witnesses, to make some comments as well and, again, to 
commend----

              OPENING STATEMENT OF SENATOR TESTER

    Senator Tester. Yes, I would like to. Thank you, Chairman 
Carper, and I want to thank Dr. Coburn for his leadership on 
this issue as well.
    It was 4 months ago when we had the hearing after the 
Snowden leaks, Senator Portman and I had. In fact, Stephen 
Lewis and Brenda Farrell were part of that panel, and I want to 
thank you for being here today as well as last time.
    In my opening remarks, I said that, given the fiscal and 
security stakes involved, we had to get it right and there was 
no margin for error. The fact was, as we knew then, as we know 
today, we need to make immediate reform of the process. There 
needs to be more transparency. There needs to be more 
oversight.
    The outcome of that hearing was a bill that the Chairman 
talked about introduced by myself as well as Senators Portman, 
McCaskill, Johnson, and Coburn. A provision of that 
legislation, known as the ``SCORE Act,'' subsequently passed 
the Senate. When signed into law, it is going to bring better 
oversight to the background investigations conducted by OPM and 
its contractors.
    But there are two other provisions that are also very 
important that we need to get across the finish line that dealt 
with the issues that Senator Coburn talked about with the 
number of security clearances given and, quite frankly, another 
issue that deals with what do we do when we have a company that 
screws up and screws up with some regularity. It is too 
important. And we saw that with the attacks on September 16 
when 12 good men and women left for home, as they did most 
every other Monday morning. Within a couple of hours, no 
warning, no motive, they were killed by a man with a history of 
mental illness, a pattern of violent behavior, and a criminal 
record--a man who was cleared by our government through a 
contractor as someone who should have access to this Nation's 
most secure facilities and sensitive information.
    Look, there are real-life consequences for failures within 
our government, and we need answers, we need solutions, we need 
action, because, quite frankly, the men and women who rely on 
that action deserve no less.
    I would just say thank you, Mr. Chairman, for having this 
hearing. It would seem to me that it is critically important 
that we act as efficiently and as thoughtfully as possible to 
get this problem solved because it is obviously a problem and a 
big one.
    Chairman Carper. Thank you, and thanks for your leadership 
and your good work and that of Senator Portman and others who 
joined you in it.
    Let me now turn to our panel and introduce each of our 
distinguished witnesses.
    The first witness is the Hon. Joseph Jordan, Administrator 
of the Office of Federal Procurement Policy at the Office of 
Management and Budget. Who do you report to?
    Mr. Jordan. I report to Beth Cobert, the newly confirmed 
Deputy Director.
    Chairman Carper. We have heard of her.
    Mr. Jordan. Thank you for your----
    Chairman Carper. We got her through very quickly. I want to 
thank Dr. Coburn and others, Senator Johnson and others, and 
actually John Cornyn was very helpful in trying to expedite 
that, and we are delighted that we got her through almost in 
record time.
    Mr. Jordan. We sincerely appreciate it.
    Chairman Carper. I think Sylvia Burwell has a top-flight 
leadership team there. We expect a balanced budget in about 2 
years.
    Our first witness is Joe Jordan from OMB. Welcome. Mr. 
Jordan was confirmed as the Administrator for Federal 
Procurement Policy (FPP) in May 2012. He is responsible for 
developing and implementing government contracting policies and 
as the senior leader and formal adviser to the OMB Director, he 
will speak to OMB's role in the security clearance process. 
Again, we thank you for your testimony and for your service.
    Our next witness is Elaine Kaplan, the Acting Director of 
the Office of Personnel Management, a position she has held 
since April 2013. I understand she has been confirmed for a new 
job. Is that true? Do you want to tell us what it is?
    Ms. Kaplan. Yes. I have been confirmed to be a judge on the 
United States Court of Federal Claims.
    Chairman Carper. Did any of us vote for you?
    Ms. Kaplan. Some of you did. The others were clearly 
mistaken. [Laughter.]
    Chairman Carper. Congratulations, and thank you for doing 
double duty here in the last 6 months and taking this on. And 
to our colleagues who were good enough to find their way to 
supporting a confirmed Director, Ms. Archuleta, thank you for 
your support.
    As the Acting Director, Ms. Kaplan oversees the Office of 
Federal Investigative Services (FIS). This office is 
responsible for ensuring that the Federal Government has a 
workforce that is worthy of the public trust by investigating 
and reviewing applications for security clearances and by 
performing background checks to determine whether a person is 
suitable for employment by the Federal Government or Federal 
contractor.
    Acting Director Kaplan, thank you for your testimony, for 
your leadership all these months, and good luck in what lies 
ahead.
    Our next witness is Brian Prioletti, an Assistant Director 
in the Special Security Directorate at the Office of the 
Director of National Intelligence. Mr. Prioletti has served in 
this position since May 2013 after serving at the Central 
Intelligence Agency (CIA) from 1981 to 2013. As the Assistant 
Director of the Special Security Directorate, Mr. Prioletti is 
responsible for leading the oversight and reform efforts of the 
security clearance process on behalf of the Director of 
National Intelligence (DNI).
    We thank you for that, and we thank you for all your 
service to our country and for joining us today.
    Our next witness is Stephen Lewis, the Deputy Director for 
Personnel, Industrial and Physical Security Policy in the 
Office of the Under Secretary for Intelligence at the 
Department of Defense. The Under Secretary of Defense for 
Intelligence (USDI) is responsible for DOD's policies, 
programs, and guidance related to, among other things, 
personnel and facility security.
    Mr. Lewis, we thank you for your testimony today, and we 
are delighted to note--I mentioned to Dr. Coburn that in the 
audience today is your daughter, Sara, who for a number of 
years was my scheduler. She told me where to go every day, with 
relish, and I usually went there--not always on time. But we 
welcome both you and Sara.
    The Under Secretary for Defense Intelligence is responsible 
for DOD policies, programs, and guidance related to, among 
other things, personnel and facility security. You have that 
whole broad realm?
    Mr. Lewis. Yes, we do.
    Chairman Carper. All right. And how long have you been 
doing this?
    Mr. Lewis. Six years now.
    Chairman Carper. All right. Thank you.
    Our final witness is Brenda Farrell, the Director of 
Defense Capabilities and Management at the Government 
Accountability Office. In April 2007, Ms. Farrell was appointed 
to serve as Director in GAO's Defense Capabilities and 
Management team where she is responsible for military and 
civilian personnel issues, including personnel security 
clearance process issues. Ms. Farrell has authored several GAO 
reports critiquing governmental efforts to reform the security 
clearance process. We thank you for your testimony today and 
earlier before Senator Tester's Committee.
    Before turning it over to Mr. Jordan for his remarks, we 
had a short scrum before the hearing began in the anteroom. Ms. 
Farrell was not, I do not think, present in the anteroom, but 
what I said to our witnesses, colleagues, and guests, I said 
part of what we are trying to do here is figure out what is the 
role of government. I quoted Abraham Lincoln, who used to say, 
``The role of government is to do for the people what they 
cannot do for themselves.'' And David Osborne more recently 
said in a book called ``Reinventing Government,'' that the role 
of government is to steer the boat, not to row the boat. And 
here today we hopefully are going to figure out better what is 
the role of government, what kind of steering do we need to do, 
and who should be doing the rowing, and how do we make sure 
that we are steering better; but whoever is doing the rowing, 
whether it is the public sector, the Federal Government, or the 
private sector, they are doing a much better job than they have 
done here of late.
    Mr. Jordan, you have roughly 5 minutes to give us your 
statement. If you go way beyond that, we will rein you in, but 
stick to that and we will be just fine. Thanks so much.

 TESTIMONY OF THE HON. JOSEPH G. JORDAN,\1\ ADMINISTRATOR FOR 
  FEDERAL PROCUREMENT POLICY, OFFICE OF MANAGEMENT AND BUDGET

    Mr. Jordan. Thank you.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Jordan appears in the Appendix on 
page 48.
---------------------------------------------------------------------------
    Chairman Carper, Ranking Member Coburn, and Members of the 
Committee, I appreciate the opportunity to appear before you 
today to discuss the government's practices and procedures 
regarding security clearances, facility access, and suitability 
determinations.
    Before I begin my testimony, I wanted to first say a few 
words about the tragic events that occurred at the Washington 
Navy Yard on September 16. On behalf of the Administration and 
my colleagues here today, I want to extend our deepest 
condolences to all those affected by this tragedy. While 
nothing can bring back the loved ones who died that day, it is 
clear that collectively we need to do a better job of securing 
our military facilities and deciding who gets access to them.
    I and my fellow witnesses take this responsibility 
incredibly seriously and are deeply and personally committed to 
this effort.
    I also wanted to note that, to assist with addressing the 
full spectrum----
    Chairman Carper. Mr. Jordan, sorry to interrupt. I said 5 
minutes. You have seven. I think you were told you have 7 
minutes, so take seven.
    Mr. Jordan. OK. Thank you, Mr. Chairman.
    Chairman Carper. You can take less. [Laughter.]
    Try not to take any more.
    Mr. Jordan. I shall. I also wanted to note that, to assist 
with addressing the full spectrum of needs of all individuals 
affected by the tragedy, we have established the Washington 
Navy Yard Recovery Task Force, led by the Assistant Secretary 
of the Navy for Energy, Installations, and the Environment.
    As government officials, our highest duty is to protect the 
national security, including the confidentiality of classified 
information. Simultaneously, we have a critically important 
obligation to protect individuals performing work on behalf of 
Federal agencies from workplace violence. In recent years, with 
Congress' help, we have taken a number of important actions to 
strengthen protections of both national security information 
and the physical security of Federal facilities, such as 
improving the effectiveness and efficiency of background 
investigations and strengthening the processes by which 
agencies make national security and suitability determinations. 
We must ensure those processes for granting or revoking access 
to facilities and information systems fully mitigate risks.
    We have a multisector workforce, comprised of military, 
civilian, and contractor personnel. We have worked to ensure 
that robust vetting policies and processes are applied to all 
individuals with access to Federal facilities, networks, or 
classified information in a consistent manner. This approach 
reflects two important principles: First, the need to protect 
our national security is no less critical when the work is 
performed by contractors than when it is performed by Federal 
employees; second, the men and women who make up the contractor 
workforce are no less patriotic than their government 
counterparts, and in fact, many have had meaningful careers as 
Federal employees or in the Armed Forces.
    While we have made significant progress in the area of 
fitness and suitability, security clearance, and credentialing 
process reform, we need to do more.
    In 2004, Congress passed the Intelligence Reform and 
Terrorism Prevention Act (IRTPA), which required all agencies 
to complete 90 percent of their security clearances in an 
average of 60 days.
    As a result of actions the executive branch has taken to 
meet the goals and objectives of that act, by December 2009 
compliance was achieved. We have consistently met these goals 
every quarter since, while maintaining the standards expected 
of the clearance process, and the backlog of initial 
investigations has been eliminated.
    Importantly, executive branch reform efforts have also 
extended beyond just meeting timeliness goals. In order to 
align suitability and national security policies and practices 
and to establish enterprise information technology standards to 
improve efficiency and reciprocity, we established the 
Suitability and Security Clearance Performance Accountability 
Council (PAC). It is chaired by OMB's Deputy Director for 
Management and accountable to the President for reform goals.
    As a marker of the significant progress made, in 2011 GAO 
removed DOD's Personnel Security Clearance Program from its 
high-risk list. However, we recognize the serious nature of 
recent events and will continue to intensify our efforts to 
strengthen and improve our existing policies and processes. To 
that end, the President directed OMB to lead a 120-day 
interagency review of suitability and security processes. For 
suitability and fitness, the review will focus on whether the 
processes in place adequately identify applicants who, based 
upon their character and past conduct, may be disruptive to 
operations or even dangerous to the workplace. The focus on 
national security risk will center on determining eligibility 
and granting access that could lead to loss of classified 
information and damage to national security. Additionally, we 
will evaluate the means to collect, share, process, and store 
information that supports these decisions, while emphasizing 
transactions among and equities shared across agencies.
    As part of these efforts, we will also be considering 
opportunities to improve the application of these standards and 
procedures to contracting, which may include, as just one 
example, improved information sharing between agencies 
suspending and debarring officials and the offices responsible 
for making determinations for fitness and security clearances.
    Our first interagency meeting is scheduled for next week 
and will serve to launch our review process. Additional 
meetings will occur over the coming weeks, and we fully 
anticipate this review to be completed within the 120-day 
timeframe.
    Once again, thank you for the opportunity to testify. As I 
noted in the beginning of my testimony, there is nothing more 
important than the two goals of protecting our people and 
protecting our sensitive information. We have steadfastly 
worked in a collaborative manner to improve our processes and 
procedures to ensure the safety of both. As recent tragic 
events have highlighted, however, we must maintain a strong 
focus on continuous improvements, and we will heed the 
President's call to conduct a comprehensive review and address 
any potential gaps in the most effective and quickest manner 
possible. We look forward to working with this Committee and 
Congress as we undertake this important work.
    Chairman Carper. Mr. Jordan, thank you so much.
    Ms. Kaplan, please.

  TESTIMONY OF THE HON. ELAINE D. KAPLAN,\1\ ACTING DIRECTOR, 
                 OFFICE OF PERSONNEL MANAGEMENT

    Mr. Kaplan. Chairman Carper, Ranking Member Coburn, and 
Members of the Committee, thank you for asking me to be here 
today. The events that occurred last month at the Navy Yard 
were horrifying and heartbreaking. Twelve civilian employees, 
among them both civil servants and members of our contract 
workforce, were ruthlessly gunned down. All of these 
individuals were doing what millions of their colleagues in the 
Federal workforce across the country do every day: coming to 
work to serve the American people, put food on their tables, 
and provide for their families.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Kaplan appears in the Appendix on 
page 55.
---------------------------------------------------------------------------
    As the Acting Director of the Office of Personnel 
Management and the Federal Government's Chief Personnel 
Officer, I share your commitment and that of our President to 
identifying and addressing the root causes of this terrible 
tragedy. I also share your commitment and that of my colleagues 
seated at this table to perfecting, to the greatest extent 
humanly possible, our processes and procedures for determining 
who shall be allowed access to our Nation's secrets, granted 
the privilege of serving in a position of public trust, or 
given permission to enter Federal buildings and facilities like 
the Navy Yard.
    To those ends, since 2008 OPM, OMB, DOD, and ODNI have 
worked diligently together on a reform effort to ensure that 
there is an efficient, aligned, high-quality, and cost-
effective system for conducting background investigations and 
making determinations regarding security clearances, employee 
suitability, and contractor fitness. We have made great 
progress, as is reflected in the written testimony of the 
witnesses at this table. So as Mr. Jordan just mentioned, we 
have eliminated the backlog of security clearance 
investigations that in and of themselves posed a risk to our 
national security. We have dramatically reduced the time it 
takes to complete such investigations to meet the deadlines 
that Congress has established. We have imposed reciprocity 
requirements for greater efficiency, issued new investigative 
standards that we are now preparing to implement. We have 
enhanced and professionalized the training of investigators and 
adjudicators, and we have worked together to implement GAO's 
very helpful recommendations by designing and imminently 
deploying a new set of agreed upon metrics that we can use to 
measure and drive up the quality of our investigative products.
    At OPM we have implemented our own new quality control 
measures and have an aggressive program to hold investigators 
to the highest standards of integrity and to ensure that their 
work product is something on which Federal agencies should be 
able to rely with confidence.
    We have overhauled and improved our processes for reviewing 
the work of our investigators, increased our oversight staff, 
and are retooling our audit process. We do not tolerate fraud 
or falsification. We actively look for it, and in those few 
cases where we find it, we take immediate administrative action 
and then work, as we have, with our IG and the Department of 
Justice to pursue criminal sanctions against those who betray 
the trust that has been bestowed upon them.
    Of course, much more remains to be done. Even the highest 
quality and most comprehensive background investigation is just 
a snapshot in time. The evolution of the security clearance 
process has to include the ability to obtain and easily share 
relevant information on a more frequent or real-time basis.
    We also need to improve our capacity to receive information 
in machine-readable form and to share information across the 
Federal Government and with State and local law enforcement.
    At the President's direction and under the leadership of 
the Director of OMB, OPM has been and will continue to work 
with its colleagues on the Performance Accountability Council 
to conduct the 120-day review of the oversight, the nature and 
implementation of national security, credentialing and fitness 
standards for individuals working at Federal facilities. Our 
review will focus on steps that can be taken to strengthen 
these processes and the implementation of solutions.
    The tragic events at the Navy Yard as well as recent high-
profile security breaches highlight the need to be ever 
vigilant in ensuring that individuals entrusted with access to 
classified information, and, more generally, individuals with 
physical access to Federal facilities and information do not 
present a risk of harm to the national security or to the 
safety of our employees in our workplaces, and to the end of 
improving our processes and procedures.
    I thank you for the opportunity to testify regarding all of 
these issues, and I will be happy to answer any questions that 
you might have. Thank you.
    Chairman Carper. Ms. Kaplan, thank you for that, and for 
those encouraging words.
    Mr. Prioletti, please proceed. Again, thanks for joining 
us.

TESTIMONY OF BRIAN A. PRIOLETTI,\1\ ASSISTANT DIRECTOR, SPECIAL 
 SECURITY DIRECTORATE, NATIONAL COUNTERINTELLIGENCE EXECUTIVE, 
        OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE

    Mr. Prioletti. Good morning, Chairman Carper, Ranking 
Member Coburn, and distinguished Members of the Committee. 
Thank you for the invitation to provide information on the 
government's practices and procedures regarding security 
clearances and background investigations. My statement will 
address the role of the Director of National Intelligence, as 
Security Executive Agent, has authority and responsibility for 
oversight of the security clearance process across the 
government, areas in need of attention in the current process, 
and initiatives underway to address those areas. Before I 
followup, I would like to make the comment that we also add our 
deepest condolences to the family members for their loss and 
our commitment to work toward continuing to improve the 
security processes and access capabilities of the U.S. 
Government.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Prioletti appears in the Appendix 
on page 61.
---------------------------------------------------------------------------
    Pursuant to Executive Order (EO) 13467, the DNI, as the 
Security Executive Agent, is responsible for the development 
and oversight of effective, efficient, uniform policies and 
procedures governing the timely conduct of investigations and 
adjudications for eligibility for access to classified 
information or eligibility to hold a sensitive position. The 
DNI also serves as the final authority to designate agencies to 
conduct background investigations and determine eligibility for 
access to classified information and ensures reciprocal 
recognition of investigations and adjudication determinations 
among those agencies.
    I would like to focus on two essential components of the 
security clearance process: The background investigation and 
adjudicative determination.
    The 1997 Federal Investigative Standards (FIS), as amended 
in 2004, are the current standards used to conduct background 
checks or investigations. These checks are required prior to 
making a determination for eligibility for access to classified 
information or eligibility to occupy a sensitive position.
    The scope of the background investigation is dependent upon 
the level of the security clearance required. Regardless of the 
type of clearance involved, identified issues must be fully 
investigated and resolved prior to any adjudication. An 
adjudicative determination is based upon Adjudicative 
Guidelines issued by the White House in 2005.
    Clearance decisions are made utilizing the whole-person 
concept, which is a careful weighing of available, reliable 
information about the person, both past and present, favorable 
and unfavorable.
    Recently, two highly publicized and critical events 
involving individuals with clearances highlighted areas in need 
of attention in the current security clearance process. The 
ODNI, in collaboration with our colleagues here--OMB, OPM, DOD, 
and other Federal partners--has been leading security clearance 
reform now for several years. Although these efforts are still 
a work in progress, when mature, they will mitigate many of 
these gaps and enhance the Nation's security posture.
    Under current policies and practices, an individual's 
continued eligibility for access to classified information 
relies heavily on a periodic reinvestigation--essentially a 
background investigation and adjudication conducted every 5 
years for a Top Secret clearance and every 10 years for a 
Secret clearance. The time interval between periodic 
reinvestigations leaves the U.S. Government uninformed as to 
behavior that potentially poses a security or 
counterintelligence risk.
    Continuous Evaluation (CE), is a tool that will assist in 
closing this information gap. CE allows for ongoing reviews of 
an individual with access to classified information, or in a 
sensitive position, to ensure that that individual continues to 
meet the requirements for eligibility.
    CE, as envisioned in the reformed security clearance 
process, includes automated record checks of commercial 
databases, government databases, and other lawfully available 
information. A number of pilot studies have been initiated to 
assess the feasibility of automated record checks and the 
utility of publicly available electronic information. More 
research is required at this time to assess resource impacts 
and determine the most effective practices.
    A robust CE capability will also support and inform the 
Insider Threat Programs. We must build an enterprise-wide CE 
program that will promote the sharing of trustworthiness, 
eligibility, and risk data within and across government 
agencies to ensure that information is readily available for 
analysis and action.
    Another area in need of attention is consistency and 
quality of investigations and adjudications. The revised 
Investigative Standards, when implemented, will provide clear 
guidance on issue identification and resolution. In addition, 
the ODNI, OPM, and DOD are co-chairing a working group that is 
developing common standards and metrics to evaluate background 
investigations for quality and comprehensiveness. Furthermore, 
the ODNI has hosted a working group to refine the Adjudicative 
Guidelines, and recommendations regarding these guidelines are 
in the policy development phase.
    Another initiative supporting a more robust security 
clearance process was the development of the National Training 
Standards, which were approved in August 2012 by the DNI and 
the Director of OPM for implementation in 2014. These standards 
create uniform training criteria for background investigators, 
national security adjudicators, and suitability adjudicators.
    Additionally, OMB, ODNI, and OPM are working to revise 
Standard Form 86, the Questionnaire for National Security 
Positions, to improve the collection of accurate information 
pertinent to today's security and counterintelligence concerns.
    As a final note, per the President's direction, OMB is 
conducting a review of the security and suitability processes. 
As such, the DNI, OPM, and DOD will review the policies, 
processes, and procedures related to the initiation, 
investigation, and adjudication of background investigations 
for personnel security, suitability for employment, and fitness 
to perform on a contract.
    In closing, I want to emphasize the DNI's resolve to lead 
the initiatives discussed today and continue the collaborative 
efforts established with OMB, DOD, OPM, and our Federal 
partners. We thank you for the opportunity to update the 
Committee at this time and look forward to working with you on 
these matters.
    Chairman Carper. Mr. Prioletti, thank you for that update.
    We now look forward to hearing from Mr. Lewis.

 TESTIMONY OF STEPHEN LEWIS,\1\ DEPUTY DIRECTOR FOR PERSONNEL, 
    INDUSTRIAL AND PHYSICAL SECURITY POLICY, DIRECTORATE OF 
   SECURITY POLICY & OVERSIGHT, OFFICE OF UNDER SECRETARY OF 
      DEFENSE FOR INTELLIGENCE, U.S. DEPARTMENT OF DEFENSE

    Mr. Lewis. Good morning.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Lewis appears in the Appendix on 
page 68.
---------------------------------------------------------------------------
    Chairman Carper, Ranking Member Coburn, and distinguished 
Members of the Committee, I appreciate the opportunity to 
appear before you today to address the practices and procedures 
in the Department of Defense regarding security clearances, 
facility access, and background investigations.
    The Under Secretary of Defense for Intelligence Dr. Michael 
Vickers is the Principal Staff Assistant to the Secretary and 
Deputy Secretary for security matters. In this capacity, Dr. 
Vickers exercises his authority as the senior official for 
DOD's personnel security program and has primary responsibility 
for providing and approving guidance, oversight, and 
development for policy and procedures governing civilian, 
military, and industrial base personnel security programs 
within the DOD.
    In order to address the Department's personnel security 
policies, I believe it is important to first identify the 
national level policy framework. Executive Order 13467 
designates the Director of National Intelligence as the 
Security Executive Agent with the responsibility to develop 
uniform policies and procedures to ensure effective completion 
of investigations and determinations of eligibility, for access 
to classified information or to hold National Security 
Positions, and this includes reciprocal acceptance of those 
determinations. In addition, the Executive Order designates the 
Director of the Office of Personnel Management as the 
Suitability Executive Agent, with responsibility for developing 
and implementing uniform and consistent policies and procedures 
regarding investigations and adjudications relating to 
determinations of suitability and eligibility for logical and 
physical access to Federal Government installations and 
systems. Finally, the Executive Order creates a Performance 
Accountability Council, chaired by the Deputy Director for 
Management at OMB and including the DNI and the Director of 
OPM, with the responsibility to align suitability, security, 
and, as appropriate, contractor fitness investigative and 
adjudicative processes.
    With regard to the oversight roles within the DOD, the 
heads of DOD components are responsible for establishing and 
overseeing implementation of procedures to ensure prompt 
reporting of significant derogatory information, unfavorable 
administrative actions, and adverse actions related to 
personnel, and this needs to be provided to appropriate 
officials within their component and, as applicable, to the DOD 
Consolidated Adjudication Facility. This responsibility applies 
to military service members, DOD civilians, and contractor 
personnel.
    Under the National Industrial Security Program (NISP), 
cleared contractors are required to report adverse information 
coming to their attention regarding their cleared employees. In 
addition, the Defense Security Service (DSS) is responsible for 
conducting oversight of companies cleared to perform on 
classified contracts for DOD and 26 other Federal departments 
and agencies that use DOD industrial security services.
    The Department has worked very hard to create improvements 
that produced greater efficiencies and effectiveness in the 
phases of initiating and adjudicating background 
investigations. As a result, in 2011, the Government 
Accountability Office removed DOD's personnel security 
clearance program from the high-risk list.
    We have used multiple initiatives to review and confirm the 
quality of the investigative products we receive, the quality 
of our adjudications, and the accuracy and the completeness of 
the documentation of the adjudicative rationale which is the 
basis for these determinations. This helps to support our 
oversight as well as reciprocity. In addition, we have 
implemented a certification process for DOD personnel security 
adjudicators, and over 90 percent of these adjudicators are 
certified to rigid standards, and ultimately it is a condition 
of employment that each adjudicator will complete this 
certification process.
    In May 2012, the Deputy Secretary of Defense directed the 
consolidation of all adjudicative functions and resources, 
except for DOD Intelligence Agencies, at Fort Meade, Maryland, 
under the direction, command, and control of the Director of 
Administration and Management (DA&M). This decision was made in 
order to maximize the efficiencies realized by the collocation 
of the Centralized Adjudications Facilities (CAFs) under the 
2005 round of Base Realignment and Closure (BRAC). And 
effective October 1, the DOD CAF assumed responsibility to 
adjudicate background investigations which are the basis for 
the issuance of Common Access Cards (CACs) used for physical 
access to DOD installations and access to DOD information 
systems.
    Thank you for your time, and I look forward to answering 
your questions.
    Chairman Carper. Thank you very much.
    Brenda Farrell, It is great to see you. Welcome. Please 
proceed.

     TESTIMONY OF BRENDA S. FARRELL,\1\ DIRECTOR, DEFENSE 
  CAPABILITIES AND MANAGEMENT, U.S. GOVERNMENT ACCOUNTABILITY 
                             OFFICE

    Ms. Farrell. Thank you very much. Chairman Carper, Ranking 
Member Coburn, Members of the Committee, thank you so much for 
this opportunity to be here today to discuss the Federal 
Government's personnel security clearance process. Let me 
briefly summarize my written statement for the record and to 
some extent what has already been conveyed here today.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Farrell appears in the Appendix 
on page 72
---------------------------------------------------------------------------
    Personnel security clearances allow for access to 
classified information on a need-to-know basis. Recent events, 
such as the unauthorized disclosure of classified information, 
have shown that there is much work to be done by Federal 
agencies, as you noted, Mr. Chairman, to help ensure the 
process functions effectively and efficiently so that only 
trustworthy individuals hold security clearances.
    Over the years, GAO has conducted a body of work on 
personnel security clearance issues that gives us a unique 
historical perspective. My remarks today are based on our 
reports issued from 2008 through 2013 on DOD's personnel 
security clearance program and governmentwide reform efforts. 
My main message today is that quality--and, importantly, 
quality metrics--needs to be built into every step of the 
clearance process.
    My written statement is divided into two parts.
    The first addresses the overall security clearance process. 
Multiple executive branch agencies are responsible for 
different steps of the multiphased personnel security clearance 
process that includes: (1), determination of whether a position 
requires a clearance; (2), application submission; (3), 
investigation; (4), adjudication; and, (5), possible appeal if 
a clearance is denied or revoked.
    For example, in 2008, Executive Order 13467 designated the 
DNI as the Security Executive Agent. As such, the DNI is 
responsible for developing policies and procedures to help 
ensure the effective, efficient, and timely completion of 
background investigations and adjudications relating to 
determinations of eligibility for access to classified 
information. In turn, executive branch agencies, such as DOD 
that accounts for the vast majority of personnel security 
clearances, determine which of their positions--military, 
civilian, or contractors--require access to classified 
information and, therefore, which employees must apply for and 
undergo a clearance investigation.
    Investigators, often contractors for OPM, conduct these 
investigations for most of the government. OPM provides the 
resulting investigative report to the requesting agencies for 
their internal adjudicators to make the decision as to whether 
or not the person is eligible to hold a clearance. In 2012, we 
reported that there were issues with the first step of the 
process: Determining which positions require access to 
classified information. We reported that the DNI, as Security 
Executive Agent, had not provided agencies clearly defined 
policies and procedures to consistently determine if a position 
requires a clearance or establish guidance to require agencies 
to review and validate existing Federal civilian positions.
    We recommended that the DNI, in coordination with OPM, 
issue such guidance, and ODNI concurred with our 
recommendations. I am pleased to say that the DNI and OPM have 
actions underway to address our recommendations, and we will 
continue to monitor their actions.
    The second part of my statement addresses the extent to 
which executive branch agencies have metrics to help determine 
the quality of the security clearance process. For more than a 
decade, GAO has emphasized the need to build and monitor 
quality throughout this personnel security clearance process to 
promote oversight and positive outcomes, such as maximizing the 
likelihood that individuals who are security risks will be 
scrutinized more closely.
    For example, GAO reported in 2009 that, with respect to 
initial Top Secret clearances adjudicated in July 2008 for DOD, 
documentation was incomplete for most OPM investigations. We 
independently estimated that 87 percent of 3,500 investigative 
reports that DOD adjudicators used to make clearance 
eligibility decisions were missing some required information, 
such as verification of all of the applicant's employment. We 
also estimated that about 12 percent of the 3,500 reports did 
not contain the required subject interview.
    In 2009, we recommended that OPM measure the frequency with 
which its investigative reports met Federal investigative 
standards in order to improve the quality of investigative 
documentation. As of August 2013, OPM had not implemented this 
recommendation.
    Finally, I would like to note that we initially placed 
DOD's clearance program on our high-risk list in 2005 because 
of delays in processing clearances, and we continued that 
designation until 2011, when we removed DOD's program in large 
part due to the significant progress in reducing the amount of 
time to process a clearance and steps DOD had taken to help 
ensure the quality of the adjudication process.
    At that time we noted executive branch efforts underway to 
develop and implement metrics to measure the completeness of 
OPM's investigations provided to DOD. Unfortunately, these 
efforts have not been realized.
    The progress that was made with respect to reducing the 
amount of time to process clearances would not have been made 
possible without the committed and sustained oversight by 
Congress and the executive branch agency leadership. Further 
actions are needed now to oversee quality at every step of the 
process, including background investigations.
    Mr. Chairman, this concludes my remarks. I would be pleased 
to take questions when you are ready.
    Chairman Carper. Great. Thanks so much for your testimony. 
Thanks for your good work in this area, and to all of you for 
your work in this area.
    After I ask some questions, Dr. Coburn will be recognized, 
then Senator Tester, and then in the following order: Senator 
Ayotte, Senator Heitkamp, Senator Landrieu, Senator McCaskill, 
and Senator Portman. Some of those folks have slipped out, but 
they will come back.
    I just want to start with you, Ms. Farrell, if I could. We 
appreciate very much your formal testimony. I want to just have 
a less formal conversation. Of the things that we have heard 
from each of our witnesses, about the changes that are being 
made, the reforms that are being adopted or have been adopted, 
what should we feel especially good about?
    Ms. Farrell. I think the collaboration between DNI and OPM 
and the other agencies has improved over the years. I think 
when we started this work back in 2005 looking at timeliness 
issues, there was not a lot of collaboration and communication 
going on. I think that Executive Order 13467 that established 
the Performance Accountability Council and appointed the Deputy 
Director for Management at OMB as the Chair helped provide a 
governance structure for that collaboration to continue.
    The most notable improvement that we have seen is with the 
processing of initial personnel security clearances at the top 
secret level. There are no metrics for the processing times for 
other aspects, such as the periodic reinvestigations, and, 
again, our concern has been--and we have stated this over the 
years since 2005--that we do not want to see the processing of 
the clearances expedited at the expense of the quality of the 
investigations.
    Chairman Carper. All right. Of the work that is in 
progress, some of which we heard discussed today, would you 
just talk with us for a little bit about what are some of the 
most important aspects of that work that are in progress, and 
with a thought of how we in the legislative branch can be 
helpful, most helpful in expediting that work that is in 
progress?
    Ms. Farrell. Yes, I think the work that the agencies are 
doing to revisit the investigative standards is very important. 
This gets to the heart of what we are saying about quality. By 
quality, we mean for the background investigations in 
particular, are we obtaining the right information, the best 
available information from the right sources? Is it complete? 
Is it reliable?
    So I think revisiting the Federal Investigative Standards 
and seeing if there are new techniques or new information that 
needs to be included--and perhaps some needs to be excluded 
since these standards go back decades. But that is, I think, a 
very good focus: First determine if you are collecting the 
information that you need for the background investigations, 
and then make sure that you have metrics for the completeness 
of that information.
    Chairman Carper. The second half of my question is advice 
you might have for this oversight Committee to try to make sure 
that the work that is in progress, some of the most important 
work that is in progress, is actually accomplished. Your advice 
to us?
    Ms. Farrell. Yes. I think part of the reason that we saw 
progress with the timeliness issue was due to congressional 
oversight, as I noted in the opening and in my statement. Also 
at that time, the Intelligence Reform and Terrorism Prevention 
Act of 2004 required an annual report to Congress for interim 
steps to meet the final goal of processing clearances within a 
60-day period. The good thing was it was not something expected 
to happen overnight. Again, there were interim steps for the 
executive branch to take to meet that 60-day goal.
    That annual report reflected information on timeliness to 
help make sure that they were meeting those interim goals, and 
if they were not meeting them, what could they do to make a 
course correction in order to continue that significant 
progress?
    There was a sunset clause on that annual reporting, and we 
have not had the same type of oversight for the remainder of 
the reform efforts as we did for timeliness. So I think this 
may be an area, either through reporting or through continued 
congressional hearings, with interim steps to help meet the 
goals.
    One of the areas we have concerns is on metrics. In May 
2010, several of the executive branch leaders signed a memo to 
some congressional leaders noting metrics under development 
that they were planning to put in place, and this covered not 
only timeliness but the investigations, the adjudications, and 
reciprocity. A lot of these metrics dealt with quality of the 
process. But those metrics, as I have noted, with the exception 
of timeliness, have not been fully developed, and this is 
something that we would like to understand why not, what is the 
plan to proceed?
    Chairman Carper. All right. Thank you. I want to drill down 
a little bit, if I could, on the issue of quality control. 
Yesterday the Department of Justice announced, I believe, that 
it is joining a lawsuit brought against the United States 
Investigations Services, a company that performs about almost 
half of all investigations that are contracted out by the 
Office of Personnel Management. The case alleges that USIS sent 
back to OPM investigation reports that were not yet complete in 
order to maximize profits, a practice that I previously 
referred to as ``dumping.''
    For Ms. Kaplan, if I could, this lawsuit comes on top of 
all the questions that have been raised about the 
investigations of Aaron Alexis and Edward Snowden. Are we at a 
crisis point with the credibility and integrity of the security 
clearance process? What should give us any faith in the current 
system?
    Ms. Kaplan. I appreciate the question, and I certainly 
understand it based on the reports that have appeared. As you 
mentioned, Senator, on Tuesday afternoon, a False Claims Act 
complaint was unsealed, and it contains very serious 
allegations of contract fraud against USIS arising out of 
conduct that took place in 2010 and 2011. We have been aware of 
these allegations since the complaint was filed in July 2011. 
We have been working closely with DOJ and our IG to implement 
changes that would address the contract fraud and ensure that 
it would not continue.
    Let me explain to you what we understand the allegations to 
be.
    We understand the allegations to be that--well, the 
contractors have an obligation under the contract to conduct 
their own quality reviews of investigations. Once they finish 
their quality reviews, they send the product to OPM, and we 
conduct our own quality reviews of the investigation.
    What the allegation is here is that, in order to move cases 
more quickly, USIS did not conduct its own quality reviews. And 
that is a real problem, obviously, if the allegations are 
substantiated because it is contract fraud, because they were 
certifying that they were completing the quality reviews. It is 
also a real problem because we rely on their quality reviews in 
order for us to be able to move the investigations along more 
quickly. We like them to catch issues and fix them before they 
send the reports on to us.
    I will say, maybe it is cold comfort, but the cases that 
were, to use the phrase, ``dumped'' were cases that also were 
subject to OPM quality review. So it is not that the cases were 
never reviewed before they were passed on to the agency.
    That being said, we have done a number of things as soon as 
we became aware of the allegations. With respect to OPM, we 
have significantly increased the number of government personnel 
performing contractor oversight by increasing the number of 
people, the full-time equivalent (FTE) levels, and realigning 
our internal staff.
    We have increased onsite inspections with contractor 
review, including a comparison of their process to the 
requirements of the contract.
    We have increased the frequency of the audits of cases 
closed by the contractor.
    We have developed a new report to detect instances where 
quality reviews may not have been performed according to the 
terms of the contract, as is alleged to have occurred here.
    We have sort of conducted inspections on the average number 
of reports being reviewed and released by the contractor's 
review staff for trend analysis so we can find anomalies.
    We have removed former USIS officials allegedly involved 
with the misconduct from the OPM contract.
    And we are currently in the process of recompensing our 
support services contract, which is also held by USIS, to 
preclude a concern that there might be collusion between the 
support staff and the field investigators. And that was a 
recommendation of our Inspector General.
    Lots of things have occurred at USIS since this----
    Chairman Carper. My time has expired. I want to be 
respectful of my colleagues.
    Ms. Kaplan. OK. Sure.
    Chairman Carper. But just sum it up in one more sentence, 
and then I need to recognize Dr. Coburn. But thank you. This is 
a good response.
    Ms. Kaplan. Understood. Well, a lot of changes have been 
made at USIS. There is a new Chief Executive Officer (CEO) 
there. There is a chief compliance officer. There are new 
integrity standards. There is an internal audit committee. 
There have been a lot of changes made since the events that are 
revealed in the complaint, and that has given us some level of 
comfort and confidence that we can rely on these products, 
rely, and trust, but verify.
    Chairman Carper. Trust, but verify. Well said.
    Dr. Coburn, thank you.
    Senator Coburn. Well, thank you. Thank you for your 
testimony. I kind of see this as a multitude of problems. I 
mentioned in my opening statement we overclassify, which is a 
problem for the American people because that means it is not 
transparent. And sitting on the Intelligence Committee, I get 
to see what is secret and what is top secret, highly classified 
and compartmentalized.
    One of the other things I see is in five different 
instances we have people who are doing the investigations who 
are also doing the adjudication. So we had an absolute conflict 
of interest in terms of separating of authorities and 
responsibilities in five areas in the clearance process, five 
separate areas where we have the same person adjudicating or 
the same firm adjudicating what was cleared, what was 
investigated.
    Third, as we have noted, we have three different instances 
in our very remote history where we have obviously failed in 
terms of our clearances. Whether it is Bradley Manning or what 
happened here at the Navy Yard or what happened at the National 
Security Agency (NSA), we have a failure. And the other thing 
we have is now we know that we have 8,400 people with 
clearances that do not follow the law when it comes to paying 
their taxes, and half of them have a Top Secret clearance. The 
American people ought to be asking what in the world is going 
on.
    So my question is: We have now seen outlined who is 
ultimately responsible for it. That is the DNI. Correct?
    Mr. Prioletti. Yes, sir.
    Senator Coburn. And we have the Defense Department that is 
making improvements but still has a way to go, and we have 
failure with contractors in allegedly not doing what they are 
supposed to do. There is also another IG investigation going on 
along with that. So what is the answer?
    One of the answers has to be doing the job that we do 
better, one. No. 2, the other has to be using data that is 
available. Where is that form? This form, for 20 bucks you can 
get 90 percent of the information on the Internet that is in 
this form. Now, we pay $2,400 for Top Secret clearances. Is 
that right? That is about what we pay. It is about $2,400.
    Ms. Farrell. For Top Secret, it is more than that. It is a 
little over $4,000.
    Senator Coburn. OK, $4,000. For Secret, what do we pay?
    Ms. Farrell. About $262.
    Senator Coburn. OK. And for $20, you can find out 90 
percent of this stuff online right now. And so the question is: 
Maybe we need to step back and say, first of all, we have way 
too much stuff classified, we have way too many people who have 
to have a clearance. Second, how we are doing it is not 
utilizing data that is out there today that is readily 
available. Third, we have had a response from Director Clapper 
that they are going to start coordinating with the Internal 
Revenue Service (IRS). Well, most people would say that is kind 
of a no-brainer. That would be one of the things you would want 
to check. You have a form. It is in the form: Have you paid 
your taxes? But it looks to me like nobody ever cross-
referenced that with the IRS. Nobody ever checked to see if 
that data was accurate. And all that is a computer check.
    So I guess my question to you is--and my final point is 
this: Creating the expectation that your clearance is tentative 
on the basis of you passing some type of renewal and not 
knowing when that is going to be--the CIA used to have random 
polygraph tests. They do not even have random polygraph tests 
now. You are noticed. I can pass any polygraph test with two 
drugs in me, and you will never know it. And so the fact is we 
need to create an environment where, one, we lessen the number 
of people that need a clearance, we do a whole lot better 
clearing, and then we need to create the expectation that you 
are going to be randomly checked to see if, in fact, you still 
deserve to have that clearance. That is the system. And the 
details are difficult. I am not saying it is not difficult. But 
how we do it and how much it costs and holding contractors 
accountable for doing the very job we are paying them to do 
does not seem to be happening.
    And my question, I would just like a response from you all: 
How do we solve this? You all have laid out where we are. But 
how do we solve it? We have all these areas. This form, three 
pages of instructions, seven pages where you live, five pages 
of names, 17 pages of employment, four pages of military, 29 
pages on relationship, 21 pages on foreign activity, two pages 
on emotional health, seven pages on police records, 11 pages on 
drug and alcohol, eight pages on financial records, five pages 
on associations, and three signature pages. And I know you are 
reforming the form, but the point is what we want to do is go 
for the gold. And so not all of this, first of all, is checked 
from a quality assurance check, and No. 2 would be: Can we 
create a process that gets to the gold and not rely on a form 
as much as we can data that is already out there that the 
government already holds?
    I am amazed--are you all amazed that 8,400 people in this 
country have a tax debt that makes them vulnerable to divulging 
secret data or top secret data and they have clearances today? 
Does that bother anybody here? That puts us at risk.
    So my question is: Whoever wants to answer my broad 
commentary or at least educate me in a different direction, I 
would love to have it.
    Ms. Kaplan. If I could just make one point, and I am sure 
my colleagues will jump in. You had noted--and I think this is 
a misimpression that a lot of folks have--that the contractors 
are doing both the investigations and the adjudications, and 
that would be a really bad system. But, in fact, the 
adjudication is not done by the contractors. It is done by the 
agency that is granting the clearance. So I just wanted to 
make----
    Senator Coburn. Can they use a contractor to do it?
    Ms. Kaplan. No. That is an inherently governmental 
function. It is not something we would entrust to a contractor. 
I believe I am right about that----
    Senator Coburn. Let me ask you another question. We are 
using contractors for this clearance process. To me it would 
seem that the clearance process in and of itself is an 
inherently government function, not just the adjudication but 
the investigation. Any comments on that?
    Ms. Kaplan. Well, I am actually going to turn that over to 
Mr. Jordan.
    Mr. Jordan. Senator, the collection of information, the 
analysis is not an inherently governmental function. As 
Director Kaplan said, the decision, the adjudication is an 
inherently governmental function. That should only be performed 
by government employees. But the collection of information is 
not inherently governmental.
    And to your earlier question, this goes to the very nature 
of what we are doing in our coordinated interagency review. How 
do we get the right data in the right people's hands at the 
right time to make the right decision? So Continuous 
Evaluation, which Mr. Prioletti spoke of, is a very important 
piece. Automated records checks, to the extent that we can 
build out our capabilities there, very important. Building both 
efficiency and effectiveness, furthering both of those in the 
system. And then making sure that we are constantly looking at 
all of the processes in the end-to-end spectrum, from 
initiation through the investigation and the adjudication, and 
then on an ongoing basis to make sure that we address any gaps, 
any weaknesses as quickly as possible.
    We have about 5 million people with security clearances, 
and you noted several instances, but they are few. The issue is 
any single point of failure has such monumental negative 
consequences that we need to do everything we can to make sure 
we do not have a single one.
    Senator Coburn. Well, I have not heard anybody say 
anything--I think Senator Tester and I agree. We classify way 
too much stuff. Do you all disagree with that? And what is the 
answer to that? Because once you create something that is 
classified, the only people that can work on it are people that 
have a clearance for that classification or above. What is 
GAO's response on that?
    Ms. Farrell. That is a separate issue from the people part, 
but we have done work in the past looking at the potential 
overclassification of materials, and we do have work that just 
started looking again at the potential overclassification. 
That, though, does relate to the first step of the personnel 
security clearance process, determining if a position needs to 
have access to classified information, and that is where those 
types of tradeoffs could be made.
    There is a misperception often that security clearance 
follows the person. It does not. It follows the position, so as 
we have noted, there has been a lack of guidance in that area. 
We did work at DOD and DHS, components within both of those 
departments. We found that some components took initiative to 
revalidate existing positions, and some did it one time and had 
no plans to do it again. Some never did it.
    So from a personnel security clearance process view, that 
very first step is very important to make sure that the 
position does require access to classified information. That is 
where those types of questions could be asked: What is that 
classified information? If you overclassify, then you 
overclassify positions, then it starts the snowball effect of 
having 5 million people who have clearances now.
    Senator Coburn. I will wait for the second round. Sorry.
    Chairman Carper. That is quite all right.
    Just a quick note, if I could. I did a little bit of math. 
I hope I did this right. If there are 8,400 people out of the 
4.9 million people that have clearances, that is about 0.16 
percent that apparently owe the government some money. My hope 
is that most of them are on a repayment schedule. We do not 
know, but hopefully they are.
    Dr. Coburn says 40 percent of those are on repayment 
schedules, so that means that about 0.16 percent owe the 
government some money that are not on a repayment schedule. 
That is not good. But compared to what? Compared to the 99.9 
percent who have a clearance who do not owe the Federal 
Government anything on taxes. So----
    Senator Coburn. Would you yield for a minute?
    Chairman Carper. Sure.
    Senator Coburn. To me it raises the question. It is not 
about a percentage. It is if you are not following the law in 
terms of paying your taxes, why should you have a security 
clearance at all, whether you have a payment plan or not? You 
have not complied with what we expect every other American 
citizen to comply with, and you have a security clearance? To 
me it begs the question, you are not up to date on your taxes, 
you no longer have a clearance, period. I mean, it is creating 
the right expectations, is my thought.
    Chairman Carper. OK. Good. The other thing I would say, I 
spent 23 years of my life as an active and reserve duty naval 
flight officer. If I had a dollar for every time I heard me and 
others of my colleagues say, ``We have too much stuff 
overclassified''--this is an age-old problem. It is still a 
problem. I would readily acknowledge that. It is the kind of 
thing we have to go back again and again and again in looking 
at this stuff that we are classifying and ask the question: Do 
we really need to classify this? So that is a good question to 
ask.
    Senator Tester, you have done good work, you and Senator 
Portman there sitting next to you, and Senator McCaskill and 
others. We thank you for all that, and you are recognized.
    Senator Tester. Yes, thank you, Mr. Chairman, and I think 
even the bigger issue than the taxes paid is that taxes paid is 
pretty basic, so what else is going on out there that they are 
allowing--that are slipping through the cracks on security 
clearances? Because taxes, I mean, that is right in front of 
our face, and we are missing that.
    Mr. Chairman, to followup with Senator Coburn's comments, I 
think that we have pushed through this Committee the revolving 
fund dollars to be allowed for more transparency, more audit, 
and more accountability. The House Committee has passed that, 
but the House has not, and I would encourage you to do what you 
can do with your counterpart over in the House to make sure the 
full House takes that up, because that is critically important.
    Then there are two other pieces of that bill that Senator 
Portman, Senator McCaskill, Senator Johnson, and Senator Coburn 
are all a part of, plus some others, that deals with 
accountability and it deals with a number of clearances that 
are out there, and I think that we should push to try--I know 
there are negotiations going on, but you have to set a level of 
expectation, and I think that is what that does in part.
    I want to followup a little bit on what Chairman Carper 
talked with you, Elaine, on the DOJ suit that was filed in 
July, 2011, and we were told by OPM that there was not any 
problems with USIS. And there is a suit out there that does not 
look very good to me, and now we are finding out that OPM is 
probably going to get on board or may be going to get board or 
is getting on board. What is going on? It looks to me like, 
quite frankly, there is a real disconnect here between what the 
contractors are doing and what the expectation is for the 
contractors to do. And people are dying because of it. We are 
losing critical information because of it. I mean, the list 
goes on and on.
    So what is going on?
    Ms. Kaplan. Thanks for the question. I am not aware of 
anyone at OPM saying there was no problem with USIS. I do know 
that because of the fact that this complaint was under seal we 
were unable to talk about the complaint. And now we can talk 
about the complaint, which I think is a good thing. And I think 
what we have tried to do, as I was explaining to Senator Carper 
before, was--and this started before the complaint became 
public, and it has been over the last several years--is to 
address and to rectify the problems that are revealed in these 
allegations in this complaint, which was under seal.
    And as I mentioned, we have done many things at OPM to 
prevent this from happening again. This is contract fraud, a 
failure to do quality reviews that they were obligated to do 
under the contract. And there have been many changes made at 
USIS as well--many changes involving a whole new staff at the 
top, a compliance office, internal audit, all sorts of things 
that have given us greater confidence----
    Senator Tester. When were those changes made?
    Ms. Kaplan. Those changes have been made over the last 2 
years, since the allegations in the complaint, and we have been 
working with our IG on it and with the Justice Department, and 
so we feel that the allegations are certainly very disturbing, 
and what we have tried to do is address the underlying concerns 
without speaking publicly about them.
    Senator Tester. I am not an attorney, but they have been 
sealed, but you have known what is in the charges, you just 
cannot talk about it publicly. Is that correct?
    Ms. Kaplan. I can tell you right now--in fact, you can go 
online probably----
    Senator Tester. Yes, I do not care about now. I want to 
know about July 2011. Were you guys aware of what the charges 
were?
    Ms. Kaplan. We knew what the allegations were in the 
complaint. However, working with the Justice Department and our 
IG, we were advised, of course, not to discuss it because it 
was a matter under seal.
    Senator Tester. And that is cool. That is fine. I guess the 
real question here is that they--USIS does 60 percent of the 
background checks, right?
    Ms. Kaplan. I think it is 50.
    Senator Tester. 50 percent, which is----
    Mr. Kaplan. Yes, close enough.
    Senator Tester. There are three companies that do the 
contracting, so they are doing the lion's share of it.
    Mr. Kaplan. Yes.
    Senator Tester. Was there any oversight, additional 
oversight given as of July 1 on the work that they were doing? 
How often was it done? And, by the way, are those kind of 
metrics used now on all of them? Because, quite frankly, when 
money is involved, obviously there are some folks that do not 
give a damn about the product and they just want to make the 
money.
    Ms. Kaplan. Yes, I mean, that is a good question. What we 
have done--and it is not just oversight of USIS, because we 
have other contractors and we have Federal employees, quite 
frankly, who do the work, too. They need to be watched.
    Senator Tester. So what determines what background checks 
go to USIS and what goes to--these guys do some things 
particularly well and other things not so well? Or do you just 
dole them out like a deck of cards or what?
    Ms. Kaplan. I do not think it is like a deck of cards, and 
I actually do not know what the--I will get an answer to you on 
that question. I suspect it is based on the location of the 
investigation, but it is not as though, oh, they do the top 
secret and the Federal staff does----
    Senator Tester. I believe it was you that talked about 
quality metrics. It might have been Brenda, too. What 
determines what background checks you guys look at to see if 
they are done appropriately?
    Ms. Kaplan. We look at all of them. We look at each 
background investigation.
    Senator Tester. So you looked at Alexis' background check?
    Ms. Kaplan. Yes, we did. Well, would you like me to talk 
about the Alexis----
    Senator Tester. Well, I mean, you can, but the information 
is out there. I mean, the naval record alone should have 
brought up some red flags.
    Mr. Kaplan. Well, what we did----
    Senator Tester. And what you are saying is two folks missed 
it now. USIS missed it--well, I do not know if USIS did that 
one or not. But the contractor missed it--they did?
    Senator McCaskill. They did.
    Senator Tester. The contractor missed it and you guys 
missed it.
    Ms. Kaplan. Well, to be clear, I would have to say that 
based on our own review and I believe also ODNI's review the 
Alexis investigation, yes, we all missed something for sure. 
But we did what was required of----
    Senator Tester. Multiple somethings.
    Ms. Kaplan. Well, I want to make sure, because it is really 
important to get to the root cause of this, that we understand 
each part of this. We did the investigation in 2007, and it was 
for a Secret clearance, and there are certain protocols and 
standards that apply to a Secret clearance. It is not a Top 
Secret clearance. We conducted the investigation that was 
required by the Investigative Standards, so having gone through 
quality control both at USIS and OPM, we would have passed that 
investigation because it complied with Investigative Standards.
    Now, what we are looking at right now in the context of the 
review and what we have been looking at is, well, are the 
standards up to snuff? Should we be required to get police 
reports, for example? Should we be required to get mental 
health information even from someone who has a Secret as 
opposed to a Top Secret clearance? All these things need to be 
looked at. But it was not, in our view, a case of malfeasance 
on the part of the contractor. We believe the contractor did 
what they were supposed to do.
    Senator Tester. Senator Coburn obviously knows what you 
looked at because he had the thick file, but if you do not look 
at police reports and you do not look at criminal background--
what do you look at?
    Ms. Kaplan. No, we did look at the criminal--I will tell 
you what we looked at. The way it works is when--with this 
Secret clearance is that there is an FBI check done, and we get 
the FBI database, and the FBI reveals arrests, it frequently 
does not reveal the disposition of cases that are handled at 
the State and local level. And so the FBI record revealed that 
Mr. Alexis had been charged and arrested for what was called 
``malicious mischief.'' And under the existing standards, our 
job, or the job of the contractor in this case, was to go out 
and find out what the disposition of that charge was and to 
find out more information about the charge.
    Now, some have questioned now why OPM's investigators did 
not go get a police report. Well, the reason that a police 
report was not obtained was because , there were like 1,700 
different localities, law enforcement jurisdictions. They all 
have different rules about what they are going to supply to us. 
And in this case, we had experience with Seattle. Seattle did 
not provide police reports. And they have their own good 
reasons, I am sure.
    Senator Tester. All right.
    Mr. Kaplan. So what we were referred to by Seattle was this 
State database, the State of Washington, their court records, 
and that is where we went. And that revealed that Mr. Alexis 
was charged with malicious mischief, but the charges were not--
--
    Senator Tester. Can I--and I appreciate I am over time, but 
can I just ask you, when you guys do an oversight look, how 
many do you find a problem with?
    Ms. Kaplan. I do not have that information, but I can get 
it for you. If there is a problem--and there are all kinds of 
different problems--we try to get the contractor to fix the 
problem, for example, if it is incomplete. And then if there is 
a problem, if the adjudicator looks at our investigation and 
feels like it is inadequate, they can come back to us and ask 
us to do more work.
    Senator Tester. We could be here all day, and we probably 
should be here all day. It is important. Thank you.
    Chairman Carper. Thank you, Senator Tester.
    Senator Ayotte, welcome.

              OPENING STATEMENT OF SENATOR AYOTTE

    Senator Ayotte. Thank you, Mr. Chairman, and I want to 
thank you for holding this very important hearing.
    Let me just followup as to what Senator Tester said. As I 
understand it, in the case of Mr. Alexis, OPM did actually go 
to the Seattle Police Department to get the underlying police 
report?
    Ms. Kaplan. No.
    Senator Ayotte. They did not?
    Ms. Kaplan. No, we did not because we do a lot of these 
investigations and our understanding was that Seattle did not 
make that kind of information available. They routinely 
referred us to the State of Washington database, and that is 
where we went.
    Senator Ayotte. So we did not try to get the underlying 
police report. The decision of OPM was just that we have dealt 
with Seattle in the past, they will not give us a report?
    Ms. Kaplan. Well, our obligation is to try to find out the 
disposition or if there have been charges, and it was not as 
though we decided we are not going to make an effort here. We 
just, based upon the fact that in the past--and this occurs 
with other jurisdictions besides Seattle. They will refer us to 
another database, and, that is what they did. And we did not go 
in this particular case and say, ``Will you depart from your 
policy?'' But, just--this is, again, something that we need to 
take a really close look at and we are going to be looking at 
as part of the President's review, because it is problematic, 
certainly, that, there was this information written on a piece 
of paper somewhere that we did not have access to.
    Senator Ayotte. Yes, I find it actually incredibly shocking 
that we would not pursue a police report in any of these arrest 
situations, because the nature of the charge looking at the 
underlying police report, having been a prosecutor, can tell us 
very different information, and a prosecutor may not have the 
elements to make a particular charge, and the disposition may 
tell us nothing. But, seeing prior behavior here with Aaron 
Alexis getting a police report would have flagged a very 
different set of conduct for anyone looking at that. So I 
believe we do have to change that, we do have to get the 
underlying reports. And if that requires coming to an 
understanding with law enforcement across the country, I would 
be shocked, having worked with so many police officers, that 
they would not be willing to have an understanding with the 
Federal Government on this given what is at stake for the 
country.
    One of the things that concerned me also as I heard the 
discussion, Judge, between you and Mr. Tester was this issue of 
the USIS lawsuit. In 2011, coming before the Committee, I was 
not a Member of the Committee then, but the fact that this suit 
was sealed and as a result of consultation with Justice you did 
not feel because of the sealing of the suit that you could 
share that information. I understand you have to go to Justice 
for advice on these issues, so I am not being critical of you 
on this. But what I would be critical of is why wasn't there--
this seems to me a core issue of oversight that the Committee 
would need to know that was the subject of this sealed suit 
that now we are seeing obviously some of the consequences of 
perhaps part of this being USIS obviously with Snowden and with 
what we are seeing in other cases. And it really troubles me to 
think that this would be sealed. Was there any discussion with 
Justice about how this is a very important piece of information 
that the Committee really needs to know? Because I have a real 
problem that Justice would not have gone to the court and taken 
actions, having been a prosecutor myself, to try to unseal it, 
explain that there is a separate duty here that the Congress 
needs to be aware of information and protect the country. And I 
think this is part of a bigger issue, so I wanted to get your 
thoughts on that. And did you come subsequently and update us 
as soon as you could once this thing was unsealed?
    Ms. Kaplan. I am here today. It was just unsealed 2 days 
ago.
    Senator Ayotte. OK. Fair enough. So, in other words, it was 
sealed for 2 years.
    Ms. Kaplan. Well, and, I am not an expert in this, and 
thank you for calling me ``Judge,'' even though I am not a 
judge yet. I appreciate it. And I am not an expert in this, but 
this is, a False Claims Act case----
    Senator Ayotte. Right.
    Ms. Kaplan. They are--they have a very special treatment 
because somebody comes forward as a whistleblower, and then the 
government has to keep it under seal because the government 
wants to decide whether to intervene in the case.
    Senator Ayotte. Right.
    Mr. Kaplan. And so I think that is the reasoning behind the 
sealing. That is----
    Senator Ayotte. So understanding that there obviously are 
different rules in a False Claims case--but this is an issue 
because we have a separate responsibility, and we have to get 
to the bottom of this so that this Committee is not waiting a 
couple years later while this decisionmaking is ongoing in the 
Government when there is a critical issue with a contractor 
that needs to be addressed. I believe that this is an important 
issue that we have to get at.
    Senator Coburn. If you would yield, I think the real 
question is, now that you have this problem out there, the 
response I would say is: Why weren't we monitoring quality 
assurance on our contractors to begin with? And what have we 
done since then to monitor quality assurance on the three 
contractors that are out there doing it?
    Ms. Kaplan. That is a fair question. With respect to what 
were we doing before, I have been told that actually we were 
sort of hot on the heels of this around the time that the 
complaint was filed, because we were starting to notice that 
the quality reviews were being done either too much by one 
person or too quickly, and so we had already made inquiry with 
USIS. But obviously we did not catch it quickly enough, because 
it occurred. And so what we have done since then is we have 
focused more, as I had said before, on those reports to enable 
us to find anomalies before the problem was occurring more 
quickly, and we have beefed up the staff, the Federal staff 
that is working on those matters. And at the same time, USIS 
has made many, many significant changes in the way that they 
operate, and so there have been a lot of changes made.
    And with respect to the question about not being able to 
talk about it, in some ways it was very frustrating to us as 
well, because you are looking at----
    Senator Ayotte. I can imagine.
    Ms. Kaplan [continuing]. Things in the newspaper and you 
are unable to--but I think that you would have to ask the 
Justice Department more about it, but I think that they believe 
that this is required by law.
    Senator Ayotte. Thank you. And I think obviously that is 
something we need to work through so we are not in this 
situation in the future.
    I also wanted to ask about--I believe, Mr. Prioletti, you 
raised the issue of Continuous Evaluation, and yesterday 
Senator Collins, along with Senator McCaskill, myself, and 
Senator Heitkamp, introduced a bill that would provide--one of 
the issues I see in all of this is an issue that we rely too 
much on self-reporting, particularly after we have granted a 
clearance. And our bill is fairly straightforward in that there 
would be two random audits conducted.
    As I understand your testimony, you have talked about this 
idea in your testimony of automated record checks, yet you say 
there is more research required. I do not understand how, if we 
do not have some random checks and we are relying totally on 
self-reporting--frankly, people's lives change dramatically and 
can change in 5 years' time--that we will have a system that 
really verifies that people should maintain their clearance 
status. So I wanted to get your thoughts on that.
    Mr. Prioletti. Thank you, Senator. What I was referring to 
is we do automated record checks at this time or electronic 
record checks. All the government agencies do that at times. 
For example, when Director Kaplan referred to the police 
checks, going to the electronic record checks to get that 
information, there are ongoing processes such as that going on 
right now.
    What I was referring to with Continuous Evaluation is an 
expansion of that into more areas that include internal 
government databases as well as external, both government and 
commercial databases. Some of the specificity I cannot get into 
in today's current environment in this proceeding here. But 
what we are talking about is building the enterprise-wise--in 
other words, have an automated records check ability, a 
Continuous Evaluation, whether it be several times over a 5-
year period or whether it be more frequently than that, that 
can serve both the United States military units, can serve the 
intelligence community as well as serving the non-Title 50's.
    What we have done is we launched a CE, if I may use the 
term, Continuous Evaluation Working Group that was made up of 
Intelligence Community (IC) members, OMB had representation, 
OPM had representation, and DOD had representation. And we 
created a concept of operations that is now ready for testing 
that takes a level of checks that are high enough to satisfy 
the requirements of Top Secret Sensitive Compartmented 
Information (SCI) organizations such as the IC, but also 
reasonable for the expectations of an non-Title 50 organization 
or some of the other organizations. That is a very touchy 
balancing act to make sure that we have enough checks, but it 
is an expansion on what is currently done.
    Director Kaplan mentioned that there are national agency 
checks, police checks, and financial checks for the Secret 
level clearances. We have expanded those to cover other areas, 
some databases which include classified information and some 
that do not, as well as the commercial databases.
    The area that I think you are most concerned about is the 
social media or publicly available electronic information, and 
that is where the research is being done, Senator. We have to 
find that balance between the civil liberties and privacies of 
a U.S. citizen versus national security interests. That is 
where we are doing it. I do not have, as a representative of 
the ODNI, the luxury of going into a social media or publicly 
available database, pull information out of there, and submit 
it as being the truth. The government has a responsibility, an 
obligation to every one of its citizens to ensure that the 
information is true and accurate before we use it in the 
adjudicative process.
    Senator Ayotte. Well, I know my time is up, but I can tell 
you that obviously when our teenagers go online and get 
important information on social media and yet we are not going 
to use it to find out that someone is involved in something, I 
think that is a little hard to believe. We need to take a 
commonsense approach to this.
    So my time is up. I also think we need to have random 
checks on people instead of just relying on their own self-
reporting. Thanks.
    Chairman Carper. Senator Ayotte, thank you. Senator 
Heitkamp.

             OPENING STATEMENT OF SENATOR HEITKAMP

    Senator Heitkamp. Thank you so much, Mr. Chairman, and 
thank you, Ranking Member. I think this is such a critically 
important response and quick response to this horrible tragedy, 
and I hope that the family members take some comfort that we, 
too, share their concerns.
    I have read this report, and I can tell you honestly, as 
somebody who used to do background checks for people involved 
in gambling in North Dakota, if you were going to get paid 
minimum wage to deal Blackjack, he would not have passed that 
background check. He could not have dealt Blackjack in North 
Dakota, but yet he had a clearance that allowed him to come on 
to a Navy base and do serious human damage. And so it is really 
frustrating; we are all frustrated here with this process.
    And I completely appreciate your privacy rules, but when 
you apply for this clearance, you waive your right to privacy. 
And every parent on this panel who deals with social media 
knows if you want to know what your kid is doing, go out on 
social media. You may think that does not have the veracity of 
a court record, but I can tell you, as somebody who has looked 
at court records repeatedly doing background checks, it 
certainly does. A picture is worth a thousand words, and it is 
heartbreaking.
    And so we take this one example, and I always fear that one 
example does not prove the case, but we have multiple examples 
now of where we failed in the clearance system to actually 
ferret out people who would do damage to co-workers, murder co-
workers, but also damage to our national security. And so this 
is a very broad issue and a very important issue.
    I want to talk about self-reporting, and I want to talk 
about the consequences of not self-reporting. I was, quite 
honestly, shocked--because I am new to this Committee and new 
to looking at government security clearances--the huge number 
of people in this country who have these clearances. I mean, 
this is a big group to manage. Right? We would all agree with 
that. So obviously random checks are a critical and important 
part of this, and you see that from the bill that we 
introduced. But we need to make the self-reporting more 
effective as well.
    So I want to know, of all those millions of people who have 
these clearances, how many have ever been discharged from the 
government for failure to self-report.
    Mr. Jordan. We can get you that information. We do not have 
it with us.
    Senator Heitkamp. In your database, how would you know that 
information?
    Ms. Kaplan. Well, if, for example, someone fails to 
report--do you mean on their form they are deceptive and they--
--
    Senator Heitkamp. No. Either lying on their application or 
failure to report after a serious event that occurs after the 
clearance.
    Ms. Kaplan. We will have to get you that information, but 
the latter is certainly grounds for revoking a security 
clearance, and failing to report or being dishonest when you 
fill out your form is something that the adjudicator would take 
into consideration in deciding whether to grant a clearance in 
the first instance.
    Senator Heitkamp. Right, but if you are--with all due 
respect, if you are not checking local police records, you have 
no guarantee that when somebody checks the box and says they 
have never been arrested, they are telling the truth.
    Ms. Kaplan. No, and with respect to that, there is never a 
guarantee, but we do not just take their word for whether they 
have been arrested. I mean, we do an FBI check, and the FBI 
database, which receives reports from the States----
    Senator Heitkamp. I am familiar with it.
    Ms. Kaplan. Yes, probably more familiar than I am, frankly. 
It will spit out whether someone has been arrested, and then we 
do the followup, and it often requires work on a State-by-State 
basis or local jurisdiction to find out what the disposition 
was.
    Now, let us remember, we are talking in his case about a 
Secret clearance. If it was a Top Secret clearance, there would 
have been a more extensive investigation done, which perhaps 
would have uncovered the gun part of this and maybe other 
things. That is speculation, but this is a Secret clearance.
    Senator Heitkamp. If I can just take it one step further, 
we are talking about revoking the clearance. What about 
requiring that employment be terminated? Is that one of the 
things that you are considering and looking at going forward, 
that this person obviously--for contractors that is a tough 
call. But certainly for government employment, to me it is not 
enough to just revoke their clearance. I think that it should 
be prima facie a case that you now lose your job.
    There has to be serious consequences for not reporting. 
There has to be serious consequences for lying. And we have to 
look at the number of people who are out there who are not 
currently self-reporting, because even random checks cannot 
solve this problem. There has to be true consequences. And so I 
am interested, anyone on the panel, about how we are going to 
amp up the penalties for employees not self-reporting.
    Mr. Jordan. That is absolutely what we are looking at as 
part of our 120-day interagency review, both the piece that you 
were talking about where, are there any gaps in the self-
reporting portion versus an active reinvestigation period would 
address that in scope. What is the information that we collect 
and measured against the 13 adjudicative standards, and does it 
all flow right? That is all part of it and then the 
accountability. There are currently significant penalties for 
lying or not reporting adverse information. Yes, it includes 
revocation of your clearance. You mentioned contractors. An 
agency can suspend or debar the contracting firm. If they think 
it is just a problem with an individual, they can direct that 
that individual not work on that contract, or you could suspend 
or debar the individual. And we are looking at all of the 
accountability measures for both Federal employees and 
contractors to make sure that only the people who should have 
access to our facilities and our sensitive information do at 
any given time, not just when they are cleared.
    Senator Heitkamp. Yes, I mean, just human nature being what 
it is, if simply saying, well, there might be a consequence 
or--the point that I am getting at is a mandated: this is going 
to happen if you do not self-report. And, Mr. Contractor, we do 
not know this; it is your job to help us enforce, it is your 
job to report back to us. And if you do not, black mark on you, 
you will not be a government contractor very long.
    And so that is the level at which I have passion for this 
issue, that we should not be letting--when we give them the 
Good Housekeeping Seal of Approval, which is what this security 
clearance is, that ought to mean something. And if they breach 
it, that ought to be something that we consider very serious 
with very serious consequences.
    And so I applaud your work. I would like to know how many 
have actually been discharged or disciplined for either lying 
on applications--obviously they would not get the clearance, 
but not reporting after the fact.
    Mr. Chairman, again, thank you for the time.
    Chairman Carper. Thanks for those tough questions. Senator 
McCaskill.

             OPENING STATEMENT OF SENATOR MCCASKILL

    Senator McCaskill. I think one of the most revealing things 
this morning is the realization that while an arrest report may 
be part of a background check, there is not a requirement that 
the underlying police report be obtained. And I will tell you 
why this is a shocking revelation. Like Senator Ayotte, I am a 
former prosecutor, and the vast majority of cases that would 
reveal a mental disturbance will not have a disposition.
    The criminal justice system does a very bad job of 
adjudicating the mentally ill because with the mentally ill 
really, from a prosecutor's standpoint, if they have not hurt 
anyone, putting them in prison sometimes creates more problems 
than it solves. So most prosecutors, when they are confronted 
with a mental illness issue, like someone who says they have 
heard voices, someone where the police have been called to a 
motel room on a disturbance where someone says there are 
microwaves coming through the vents and, ``People are here to 
get me,'' they will do a police report, and most of the time 
the police department will not even try to file charges. That 
is a disturbance call that is related to someone that, in their 
minds, they do this all the time.
    Now, that is not something that--especially in a city as 
large as Seattle, Kansas City, or a city as large as St. Louis, 
that kind of disturbance call, where someone is making a racket 
because they are mentally disturbed, most police departments 
will not even take it to the prosecutor for disposition. In 
fact, we are horrific in this country with even getting that 
person to mental health services. And the vast majority of 
these shootings are not going to be around the issue of whether 
or not someone has shown violent tendencies but whether or not 
they have shown tendencies of having a mental issue.
    So the notion that we are saying, well, if a police 
department will not give us the report, we have checked the 
box, and I think if we do a gut check on this issue, we will 
realize that a lot of the work that we have been doing around 
this has been checking boxes.
    Now, I get it that we cannot go out and do one-on-one and 
pull every thread on every application for clearance, although 
if we did that, we would probably make them so expensive, we 
would be much more disciplined about deciding who gets them. 
But the notion that you are calling what you are doing quality 
control, Ms. Kaplan, is probably, I think, offensive, because I 
think there is just a lot of checking boxes going on. Was this 
report obtained? Yes.
    What I do not have confidence of is that there is, even on 
a random basis, a more thorough examination. And I am glad to 
hear you have a working group, and what I would like to see us 
do as a Committee is ask for some specific recommendations on 
who is getting clearances and are they all necessary. And all 
of this is risky. I mean, we can say that we are doing too 
many, and then we could have a bad thing happen. And then we 
would be back here saying, ``Well, why didn't they have a 
security clearance?''
    On the other hand, what we are doing now is the worst of 
all situations because we are giving the impression that all 
these millions of people who have security clearances, we have 
checked them out. We are confident that they are mentally 
stable, they are not criminals, and they obey the law. We have 
no idea if that is true. We are clueless as to whether or not 
that is true, because this process has become in a way a pro 
forma kind of process with contractors. And the reason the 
contractors were off the reservation is because they bid an 
amount and that contractor wanted to make money, so that was 
time to cut corners. You wanted to make your number? You wanted 
to make money? Well, then, you did not have to do the whole 
thing. You just turned it in and pretended like you did.
    So I agree with the Chair and the Ranking Member that this 
is time for all of us to really quit nibbling around the edges 
on this thing and let us get to the meat of the matter. Saying 
that Seattle does not give a police report, that dog does not 
hunt in this context. That just does not work.
    And, Mr. Lewis, I have a specific question for you. My 
Subcommittee has learned that we have had a bunch of felons on 
Navy installations. We have learned that the Navy was giving 
these contractors 28 temporary passes at the get-go without any 
checks on anybody. Is that true?
    Mr. Lewis. This was a subject of a DOD IG report, and the 
Navy has looked into these specific circumstances. I believe 
there were about 50 people identified who were convicted felons 
who were given access without the proper checks, and the Navy 
has taken corrective action, removing individuals who do not 
warrant access from the installation.
    In other instances given the date that--some of the felony 
convictions were quite old, the Navy made a decision to allow 
them to continue to have access.
    But the fundamental issue is there was a failure to conduct 
the required checks for installation access, and the Navy has 
taken corrective action on that.
    Senator McCaskill. And so no more temporary passes?
    Mr. Lewis. The passes would have to be based on the 
required checks, the National Criminal Investigative Check as 
well as the terrorism database check.
    Senator McCaskill. OK.
    Mr. Lewis. So that would bring up a felony conviction.
    Senator McCaskill. OK. So is there a different status for a 
certain kind of pass than for a permanent pass now? Are you 
saying that they are doing something before they do a temporary 
pass? Or are they getting the full complement of checks?
    Mr. Lewis. For installation access, there are two basic 
criteria. One is someone who is going to be on the installation 
on a temporary basis. Those individuals require a degree of 
vetting, a criminal records check and the terrorism database 
check. For individuals who are going to have ongoing access, 
there is a requirement for a national agency check with written 
inquiries and other checks, which is the minimum standard for 
that CAC issuance.
    Senator McCaskill. So we have corrected the problem that 
someone was getting temporary passes without any check.
    Mr. Lewis. Yes.
    Senator McCaskill. And is this going on in other branches, 
temporary passes with no checks?
    Mr. Lewis. We are not aware of that, but we are certainly 
engaged with the components on this particular issue.
    Senator McCaskill. OK. Well, I would like a report back 
that this is not going on in any of the other branches.
    Mr. Lewis. Yes, ma'am. We will do that.
    Senator McCaskill. Thank you. My time has expired. Thank 
you, Mr. Chairman.
    Senator Coburn. Just one followup, just for information. 
Who ever made the decision to allow that to happen, to go 
around? Were there any consequences to that individual that 
actually made the decision?
    Mr. Lewis. There is an ongoing Navy review of what occurred 
at the Navy Yard that day, to include all of the aspects that 
went into that, and that is an ongoing review.
    Senator Coburn. Could we hear back from you to this 
Committee when the review is completed as far as the 
consequences to the person who made that decision?
    Mr. Lewis. The Navy review, the overall DOD reviews, and 
other reviews that are being conducted will be brought together 
in an OMB final review of our overarching security practices, 
and I expect that to be part of the review.
    Senator Coburn. Well, my specific question is a report back 
to the Committee on it; somebody was held accountable for going 
outside the curve. That is a real problem, is accountability in 
Federal Government. It is accountability. And all I want to 
know is what are the results of holding some--did we hold 
whoever made that decision accountable?
    Chairman Carper. I would appreciate it if you could just 
close the loop at the end of the day for us, if you would 
please.
    Mr. Lewis. Yes, we will do that.
    Chairman Carper. Thank you.
    All right. Senator Portman, please. Welcome.

              OPENING STATEMENT OF SENATOR PORTMAN

    Senator Portman. Thanks, Mr. Chairman. I appreciate your 
holding the hearing, and I think it has been constructive 
because we have raised obviously a lot of troubling issues and 
had the opportunity to hear from some Senators who have a lot 
of interest and background in this.
    At the Federal Workforce Subcommittee, as you know, we have 
held some hearings, and in June we held one regarding 
background investigations, and specifically the inability of 
the OPM Inspector General to effectively audit the revolving 
fund and really the background investigation process. And that 
is why the SCORE Act was developed--Senator McCaskill is still 
here, Senator Tester, and the Chair and Ranking Member and 
others. And I am pleased that we were able to get that done. 
Just a couple weeks ago we got it off the Senate floor. It is a 
small step, but it does fix that IG issue. And I know, Brenda, 
you worked with us on that, and we want to continue to follow 
that and make sure we get that cleaned up.
    We have another hearing in a few weeks to continue looking 
at this issue and others, and Senator Tester, who again was 
here earlier, we are going to stay on this at the Subcommittee 
level.
    I am going to focus on something that I think is critical 
if we are really going to get at this issue, and I guess the 
tragic example recently at the Navy Yard is unfortunately a 
perfect example of it. But it is not a new issue. It is this 
whole issue of continuous evaluation, and, whether it is the 5-
year cycle or the 10-year cycle, this is to me the critical 
issue that we are missing. And we saw it not just with regard 
to the Navy Yard, but also with this Ricky Elder case. This is 
the specialist, Ricky Elder, who, in 2012, shot and killed his 
commanding officer at Fort Bragg and then turned the weapon on 
himself. His clearance timeline was actually reminiscent of 
Aaron Alexis'. His background investigation was done in 2006. 
Over the next 5 years after 2006, he was charged twice with 
assault, once for DUI hit-and-run, once for felony aggravated 
assault--by the way, none of which were reported in his 
personnel security chain.
    Aaron Alexis, similar: After receiving a security 
clearance, he received nonjudicial punishment for unauthorized 
absence while in jail for disorderly conduct; another 
nonjudicial punishment for being drunk and disorderly; an 
arrest for firearm discharge; multiple law enforcement 
interactions, both military and civilian, a month prior to the 
incident that would have highlighted his mental health 
problems. And none of these triggered a reevaluation of his 
access to classified material, classified facilities, none of 
those.
    I think this is--I mean, every issue that was raised here 
today is important, but if we do not get at this, this interim 
period between a clearance and--again, whether it is a 5-or 10-
year cycle--the next clearance, I think we are going to 
continue to have these tragic incidents.
    In 2005, interestingly, a year before Ricky Elder enlisted 
in the Army, 2 years before Aaron Alexis enlisted in the Navy, 
and 7 years to the day before Ricky Elder's deadly attack, the 
Department of Defense testified to this Committee--and this was 
in June 2005--about the Automated Continuous Evaluation System, 
(ACES). And you all said that you were going to continuously 
evaluate the background and suitability of security clearances. 
Mr. Prioletti, in your opening--in your written statement--I 
did not hear you say it in your statement, but in your written 
statement you noted that 3 years earlier, in 2008--3 years 
later from the 2005 testimony you gave before this Committee, 
in 2008 President Bush directed by his Executive Order that an 
individual who has been determined to be eligible for or 
currently has access to classified information shall be subject 
to Continuous Evaluation. That was an Executive Order back in 
2008.
    I know we have heard today, ``We are working on this.'' I 
heard in response to an earlier question, ``We have an 
interagency working group. We are developing a concept of 
operations.'' I wrote this down. ``We are doing research.'' 
Again, this has been going on now for a decade. If you 
testified in 2005 it was going on in 2004, it may be more than 
a decade.
    So here we are. It is 5 years after the Executive Order, 8 
years after this Committee heard about the plans, and we are 
dealing with the tragedy at the Navy Yard.
    So I do not know who would like to talk about it. Mr. 
Lewis, maybe you can talk about DOD. And, by the way, you are 
also talking about putting something in place but not for 
another 3 years. And then it would be DOD only.
    So I guess I would like to hear what is happening, and, Mr. 
Lewis, again, since DOD is taking the lead on trying to get 
this in place, I see from the technical report on the project 
that there have been some pilot projects. You have 3,600 
personnel records that have been searched. And it is working. 
Sixty-five of those 3,600 ended up having clearances suspended 
or revoked due to derogatory discoveries. Your search 
algorithms have found problems. But 3,600 people is a drop in 
the bucket when we have over 5 million people with security 
clearances.
    So, again, it has been 10 years since we were told, this 
Committee was told, and I quote: ``Beta testing results and 
lessons learned are being incorporated into an initial 
operating capability basis to be in place by the end of 2005.'' 
And here we are in 2013.
    So taxpayers have paid $11.6 million for this just in the 2 
years between 2012 and 2014. I do not know what the development 
costs are--we are trying to find out--or the costs after 2014 
to fully demonstrate its capability at DOD.
    So can you explain the reasons why this capability will 
take over a decade to field? Can you give us some sense of the 
total cost for this and what it is going to cost to field it 
over at the Department of Defense?
    Mr. Lewis. I cannot speak to the total cost. I would have 
to come back with that information. But I can give you a 
current status of how the Automated Continuous Evaluation 
System is being used. It does provide on-demand queries of a 
large number of government and commercial data sources, as well 
as an analytical capability to flag issues of concern. So that 
is an existing capability.
    As you mentioned, it was used in an Army project, and out 
of 3,300-odd individuals, a total of 100 personnel actions were 
taken as a result of information identified during those 
queries.
    In addition, the Defense Security Enterprise is developing 
a Continuous Evaluation concept demonstration which would take 
this a step further. So ACES, does a one-time snapshot-in-time 
query. This concept demonstration would have real-time updates 
so that as information became available, it would be pushed 
into the system. And the concept demonstration is currently 
scheduled to run from April to October 2014. The anticipated 
population would be 100,000 cleared military, civilian, and 
contractor personnel. And so we are anxiously looking forward 
to completing that concept demonstration.
    In the interim we are using ACES for Continuous Evaluation 
checks, again, testing the concept, getting more validation, 
looking at things like privileged users and some other groups 
of contractor employees.
    So this is an ongoing effort. We get results on a regular 
basis. And we are looking to take that to the next level in 
terms of a true Continuous Evaluation, which would give 
feedback to the system as it is developed so that if an 
individual gets arrested tomorrow, the system would push that 
back to DOD instead of waiting for DOD to make that query.
    Senator Portman. You were not here in this job 9 years ago 
when we heard that it was going to be in place by 2005. But you 
are here now, and so, one question I could ask you is: Why has 
it taken so long? And you might say, ``I do not know. I was not 
in charge.'' But you are in charge now, and you are saying that 
you are going to have this fully operational in 3 years. Is 
that correct?
    Mr. Lewis. For the Automated Continuous Evaluation System 
as it currently stands, it is an operational system. It is 
still in a research and development mode, but it is an 
operational system. The limits right now----
    Senator Portman. I mean, when I say ``operational,'' I mean 
it actually would cover more than a small percentage of the 
people who are in between their clearances. You are talking 
about taking it from 3,600 up to 100,000. How many security 
clearances do you have at DOD?
    Mr. Lewis. We have about 2.5 million people who are 
eligible and in access for classified information.
    Senator Portman. So when are we going to cover these 
people?
    Mr. Lewis. One of the things we are examining is can we 
expand the capability of the system to handle that larger 
volume, and that is a work in progress and something that we 
could report back to you on.
    Senator Portman. Do you think it is important?
    Mr. Lewis. Yes, we do. We need to address what happens 
between investigations, and----
    Senator Portman. So what are you looking for in order to 
get this done? You are going to get back to us as to what the 
costs are.
    Mr. Lewis. Yes.
    Senator Portman. Have you sought additional funding? Is 
that what you are thinking is the problem?
    Mr. Lewis. It is a question of having the right criteria in 
place to conduct the evaluations and then what we do with the 
data once it is generated from the system, how you evaluate 
that and how you take action based on that information.
    Senator Portman. My time is up, and I apologize, Mr. 
Chairman. I just think we have to have some answers on this 
because if we do not fix this problem--the initial clearances 
is incredibly important. We have talked a lot about the need to 
have arrest records and so on. But if you have this interim 
period where you are not keeping up with what is happening, and 
in the case of Aaron Alexis, I mean, it was clear as day, and 
yet there was no system to incorporate that data. And so to Mr. 
Prioletti on the intel side, I want to hear what you are doing, 
too, but we do not have time to get into it right now with this 
question, but I hope you will get back to us in writing as to 
what you are doing because we were just talking about DOD here.
    And then, finally, I hope that GAO can help us on this to 
establish some metrics, let us come up with a timeline that 
makes sense. If you are looking for additional resources or 
something, let us know. But, if it is going to take another 10 
years because we are doing more pilots and more research and so 
on, that is unacceptable.
    Thank you, Mr. Chairman.
    Chairman Carper. Thank you, Senator.
    Senator Coburn, and then I will wrap it up.
    Senator Coburn. Mr. Jordan, can you explain to me the 
difference in the field work contract and the supply services 
contract you have with USIS, one?
    And, No. 2, are contractors completing background 
investigations, then other contractors validating the 
completeness of those investigations? And are these contractors 
from the same company?
    Mr. Jordan. So I can answer the second part, but OPM is 
better suited to answer the first part since they have that 
contract. And, yes, contractors perform background 
investigations, and, yes, contractors can perform quality 
reviews on those investigations. But only government employees 
make a determination as to whether to grant a security 
clearance to someone.
    Senator Coburn. But my question is: Is it the same company 
that is validating the work of their colleagues doing the 
investigations? Is that correct?
    Mr. Jordan. I would have to defer to OPM.
    Ms. Kaplan. No. The companies that are doing the 
investigations have an obligation under the contract to also do 
a quality review. But then we do another quality review, and 
the purpose of their quality review is we would like them to 
catch errors before the file gets to us, but we do a quality 
review as well.
    Senator Coburn. So OPM is the final validator of the 
completeness of the investigation?
    Ms. Kaplan. To some extent. I mean, I think another thing 
that validates the completeness of the investigation, it gets 
sent to an adjudicator. An adjudicator may want more 
information. And so ultimately it is a collaborative effort. 
They may send something back to us. But we are the arbiter of 
whether we have provided an adequate investigative product, a 
quality investigative product.
    Senator Coburn. Is every investigation validated by you?
    Ms. Kaplan. Every investigation is reviewed for quality, 
yes.
    Senator Coburn. By OPM?
    Ms. Kaplan. By OPM.
    Senator Coburn. All right. I have one other question, and 
then I will submit the rest of my questions. There is a 
revolving fund where you charge agencies for this. It has $2 
billion in it. Has it ever been audited?
    Ms. Kaplan. I am told it has not by the Office of Inspector 
General (OIG) because they have told us they do not have the 
resources, which is why we are supporting, the administration 
is supporting their request to be able to draw from the 
revolving fund in order to give them the resources they need to 
do that.
    Senator Coburn. OK. Thank you. I will have questions for 
the record.
    Chairman Carper. OK. I suspect you will have a number of 
questions for the record. We thank you for your verbal answers 
today.
    I want to telegraph my pitch. Right now at 12 o'clock in 
the Senate, we have a new Senator being sworn in. Cory Booker 
is taking the oath of office, and we will start voting and have 
the first of several votes beginning about 10 after 12, so we 
will wrap up here probably about 12:20.
    The last question I will ask each of you is this, so you 
will have a chance to think about it. Sometimes I say when you 
see something awful that has happened and you hope that some 
good will come of it, sometimes it does and sometimes it does 
not. Few things could be much worse than losing a loved one, 
and 12 families lost loved ones in the Navy Yard, not far from 
here. They would like to know that something good is going to 
come out of something that was awful for them, and I think the 
American people feel that way as well.
    One of the last things I will ask you to do is just to 
reflect on what you said, what you have heard here today, what 
you have been asked here today, and see if you can give those 
families some assurance that out of the tragedy they have 
suffered through, some good is going to come and what that 
might be. So just know that question is coming, OK?
    Senator Coburn. I have one more question.
    Chairman Carper. Dr. Coburn.
    Senator Coburn. I just wanted to followup. I am not clear. 
When you say OPM validates, do you use a contractor to 
validate?
    Ms. Kaplan. The Federal employees who validate----
    Senator Coburn. It is all Federal----
    Mr. Kaplan. When you say ``validate,'' we do a quality 
review. It is all Federal employees. They do a quality review, 
too, but then we do one as well.
    Senator Coburn. OK. So it is all Federal employees that do 
a validation on the background information on everything that 
comes in.
    Ms. Kaplan. Yes.
    Senator Coburn. OK. Thank you.
    Chairman Carper. I want to come back, Mr. Prioletti, to--I 
think a question was maybe asked by Senator Ayotte and I think 
by Senator Heitkamp, and I want to give you a chance to respond 
to it. I think it dealt with using social media in the 
Continuous Evaluation program. Could you just give us some 
thoughts on that briefly, please?
    Mr. Prioletti. Yes, Senator, I can. What I was referring to 
there is we are seeking to provide as much of the comprehensive 
capabilities as possible in the overall background 
investigation on the individual. The more information we can 
gain, the more enlightened the decision can be on whether or 
not to grant the access to classified or access to a sensitive 
position.
    One of the obvious sources, potential sources of 
information, is social media or publicly available electronic 
information. What I referred to in terms of the research was 
the idea that we need to look at both what possible sources of 
information are out there, which ones would be of most benefit 
to provide adjudicatively relevant information for the access 
to classified information, and how do we do that in the best 
way that protects both the personal rights of the individual as 
well as the veracity and the coverage of the U.S. Government.
    Chairman Carper. OK. Thank you. I have a couple of 
questions, a series of questions, Ms. Farrell, if I could, for 
you. And before I ask the questions, let me just make a short 
statement. But when an investigator fails to discover or 
disclose crucial information during a background investigation, 
it is an obvious failure. What could be more troubling is GAO's 
report that efforts by agencies to measure and improve the 
quality of investigations have fallen short. The Office of 
Personnel Management is supposed to review the investigative 
file and make sure it meets minimum standards. The agency 
responsible for granting the security clearance also has the 
responsibility to review the file.
    Yet when GAO looked into what OPM and other Federal 
agencies were doing in 2008 to review the quality of background 
investigations, it found almost 90 percent of the investigation 
reports that DOD was using to evaluate an applicant for a 
security clearance were missing required documentation. Three 
questions:
    First, how often were agencies making a security clearance 
decision without having all of the required information? And 
what motive did agencies have for doing this? That is the first 
question.
    Ms. Farrell. The answer is we do not know because GAO 
performed this analysis of the complete documentation for DOD 
in 2006 and 2009. So we do not know outside of DOD the 
information that you are asking for, and this is the type of 
oversight that we are saying is needed.
    Chairman Carper. All right. Second question: What type of 
information is missing? Could you give us some idea?
    Mr. Farrell. Employment verification and discussions with 
the employers; social references, especially the number of 
social references in order to determine someone's character; 
completeness of the application, which should be the very first 
step, as we have noted before, that should be done before OPM 
even moves forward.
    Chairman Carper. All right. Thank you. And the third 
question: Has GAO had an opportunity to take another look at 
this issue since 2008? And if you have, has there been any 
noted improvement?
    Ms. Farrell. We have continued to monitor OPM's actions to 
implement the recommendation that we made at that time. As I 
noted, in 2010 we were very encouraged that there was agreement 
among OMB, OPM, DOD, and the DNI regarding metrics for quality 
of investigations as well as adjudications and other aspects of 
the process. There was somewhat of a plan to move forward 
beyond that. We have continued to monitor, but at this time all 
we know is that that plan has fallen apart.
    Chairman Carper. OK. Thank you.
    My next question would be for Mr. Prioletti and I think for 
Mr. Lewis. According to some news reports, the company that 
hired Alexis--it is, I think, a company called ``The 
Experts''--had phoned his hotel room in Rhode Island, I believe 
in August, saying that he was unstable and that the company was 
bringing him home.
    According to other news reports, the human resources 
director of The Experts talked to the mother of Aaron Alexis on 
August 9, and she informed the company of her son's past 
paranoid behavior and stated that he probably needed therapy. 
And I would just ask, first of all, for Mr. Prioletti, if the 
company that had hired Alexis had become aware of the 
increasingly troubled behavior, do you think that the 
contractor should have a duty to report the behavior to the 
Department of Defense? And did they report it?
    Mr. Prioletti. Senator, in this particular case that you 
have just described, in terms of a national security 
perspective, it behooves everyone to report any unusual 
activity that they see, whether it be a colleague, a co-worker, 
or a subordinate that works for you.
    Chairman Carper. And the second half of my question was: 
Did they report it?
    Mr. Prioletti. To the best of my knowledge, sir, it was 
just reported to the mother, as you described there. I am not 
positive whether or not they reported it to DOD.
    Chairman Carper. I am going to ask both you and Mr. Lewis 
to answer that question for the record. I will give Mr. Lewis a 
chance to answer it right now.
    Mr. Lewis. The contractor is required to report any 
derogatory information coming to their attention regarding a 
cleared employee. The Defense Security Service has done a 
followup review at The Experts, and they have determined that 
the company was aware of the indications of mental instability 
on Mr. Alexis' part, and that they failed to report that 
information.
    Chairman Carper. All right. Thank you.
    Mr. Lewis, stay with us in this area of questioning. What 
do you think should be the role of DOD contractors in 
monitoring the suitability of their employees to hold a 
clearance?
    Mr. Lewis. This is part and parcel of their 
responsibilities as a cleared contractor. As a prerequisite for 
getting a company cleared, they must execute a security 
agreement, and part of that security agreement is the National 
Industrial Security Program Operating Manual (NISPOM). They 
have been required to do this literally for decades. This is an 
established process, and contractors must execute that 
responsibility.
    Chairman Carper. OK. Thank you.
    I would ask you to think about a question. I have given 
that question so you had a little time to think about it. What 
can we say, what can you say to those who lost their loved 
ones, their husbands, their wives, their moms and dads, a 
brother or sister, what can we say to them that might give them 
some comfort to know that out of the horrible tragedy in their 
lives, and really our country's life, what can we say today to 
make them feel that some good is going to come out of this? Mr. 
Jordan.
    Mr. Jordan. Thank you, Mr. Chairman. I would first say that 
we owe the survivors of this tragedy and the American people a 
comprehensive and thoughtful review. What information do we 
look at? When do we review people in the suitability and 
security clearance process? How are decisions made and how can 
we improve upon all of these aspects?
    The review that I talked about will be done 
collaboratively. There are the Navy's reviews that have 
happened, Department of Defense reviews, OPM, and then the 
overarching review, which all of our agencies are involved in. 
This will not be a siloed effort. And we will act on any 
improvements as quickly as possible. Where there are gaps, we 
will close them. Where there were failures, we correct them.
    But if I was one of the families of the victims, I would 
not just want to hear about processes and procedures. I would 
probably have some concerns that there is a blue-ribbon panel 
type creation as opposed to actual improvements, that we will 
do everything we can to prevent this from happening again. So I 
would just say to them that I live near the Navy Yard. On the 
morning of September 16, my wife and my 2-year-old son were 
actually playing in a park across the street when they were 
cleared by police as the tragedy was unfolding in the Navy 
Yard. We lost a husband of a senior member of our acquisition 
community.
    So I would tell them that getting this right is personal to 
me, and we will do everything we can to improve our processes 
and everything under our power to make sure nothing like this 
happens again.
    Chairman Carper. Good. Thank you. Ms. Kaplan.
    Ms. Kaplan. Of course, I would echo what Joe said, and our 
hearts really were broken that day for the families and for the 
folks that we lost, the Federal employees and the contractors. 
And I think in addition to what Joe said, this is getting 
attention at the highest levels. The President is the one that 
ordered this review. And I am sure and I know that he feels 
very strongly in the same way that Joe just articulated that 
this was an awful loss, and we have to do whatever we can to 
prevent it from happening again.
    Chairman Carper. All right. Thank you. Mr. Prioletti.
    Mr. Prioletti. I also would like to echo the comments of 
Director Kaplan and Mr. Jordan. There are no real words to 
describe the loss both to this Nation as well as to family 
members that are sitting behind us. But I can give you a 
guaranteed commitment from not only the DNI but each one of us 
at this table that we will continue to work to find the 
solution. This is an evolutionary process. As we find gaps in 
our processes and the way we do our business, the techniques, 
the available information, we will continue to utilize those to 
come up with the best possible process to improve how we do our 
business on behalf of the U.S. Government as well as the U.S. 
citizens.
    Chairman Carper. Thank you, sir. Stephen.
    Mr. Lewis. In addition to what my fellow witnesses have had 
to say, I would just add that we need to make a commitment and 
effectively ensure that what happens between investigations is 
something that is tracked. We vet people. We entrust them with 
our classified information and access to our sensitive 
facilities. And we have an obligation to ensure that we are 
looking at people between investigations and taking appropriate 
corrective action as needed.
    Chairman Carper. Thank you. Ms. Farrell.
    Mr. Farrell. I would say it is unfortunate that the 
tragedies that we saw at the Navy Yard focuses attention on 
this process. But we have seen the dedicated leadership from 
these executive branch agencies in the past, and when they make 
their minds up to take on a problem and solve it, they do it. 
And now is the time for actions, not just review groups.
    Chairman Carper. A lot of folks in the room know that the 
Government Accountability Office, is regarded as a watchdog and 
an arm of the legislative branch of our government to be a 
watchdog for really the whole expanse of the Federal 
Government. It is a huge job. You have a lot of people that do 
it, probably not enough, I am told by Gene Dodaro, the 
Comptroller General. But we need your continued vigilance to 
help us do our job, and that is the oversight role.
    I think probably the two most quoted things that Ronald 
Reagan ever said was, one, when he said to Mr. Gorbachev, ``Mr. 
Gorbachev, tear down this wall,'' as he stood at the Berlin 
Wall, and it was torn down. He also used to say, when he was 
trying to negotiate reductions in nuclear arms with the Soviet 
Union, he would say of his friend Gorbachev, ``Trust, but 
verify.''
    All of us on the Committee, our staffs as well, trust you, 
and we trust the good will of the folks with whom you work who 
are responsible for carrying through on these reforms and to 
make sure it is not just words but there are actions to back it 
up. So we are trustful, but this Committee is going to be, in 
concert with GAO and you and your colleagues, we are going to 
be doing some verification along the way.
    Ms. Kaplan, as you go off to your next assignment, we wish 
you well. And we again appreciate the preparation time you have 
given to being with us today. Even more we appreciate the 
commitment of those who, in your case, Ms. Kaplan, will follow 
you and those with whom the rest of you serve to make sure that 
these words are words and this promise is a promise that we 
keep.
    With that having been said, this hearing is adjourned. 
Thanks so much.
    [Whereupon, at 12:17 p.m., the Committee was adjourned.]
                            A P P E N D I X

                              ----------                              

[GRAPHIC] [TIFF OMITTED] T5500.001

[GRAPHIC] [TIFF OMITTED] T5500.002

[GRAPHIC] [TIFF OMITTED] T5500.003

[GRAPHIC] [TIFF OMITTED] T5500.004

[GRAPHIC] [TIFF OMITTED] T5500.005

[GRAPHIC] [TIFF OMITTED] T5500.006

[GRAPHIC] [TIFF OMITTED] T5500.007

[GRAPHIC] [TIFF OMITTED] T5500.008

[GRAPHIC] [TIFF OMITTED] T5500.009

[GRAPHIC] [TIFF OMITTED] T5500.010

[GRAPHIC] [TIFF OMITTED] T5500.011

[GRAPHIC] [TIFF OMITTED] T5500.012

[GRAPHIC] [TIFF OMITTED] T5500.013

[GRAPHIC] [TIFF OMITTED] T5500.014

[GRAPHIC] [TIFF OMITTED] T5500.015

[GRAPHIC] [TIFF OMITTED] T5500.016

[GRAPHIC] [TIFF OMITTED] T5500.017

[GRAPHIC] [TIFF OMITTED] T5500.018

[GRAPHIC] [TIFF OMITTED] T5500.019

[GRAPHIC] [TIFF OMITTED] T5500.020

[GRAPHIC] [TIFF OMITTED] T5500.021

[GRAPHIC] [TIFF OMITTED] T5500.022

[GRAPHIC] [TIFF OMITTED] T5500.023

[GRAPHIC] [TIFF OMITTED] T5500.024

[GRAPHIC] [TIFF OMITTED] T5500.025

[GRAPHIC] [TIFF OMITTED] T5500.026

[GRAPHIC] [TIFF OMITTED] T5500.027

[GRAPHIC] [TIFF OMITTED] T5500.028

[GRAPHIC] [TIFF OMITTED] T5500.029

[GRAPHIC] [TIFF OMITTED] T5500.030

[GRAPHIC] [TIFF OMITTED] T5500.031

[GRAPHIC] [TIFF OMITTED] T5500.032

[GRAPHIC] [TIFF OMITTED] T5500.033

[GRAPHIC] [TIFF OMITTED] T5500.034

[GRAPHIC] [TIFF OMITTED] T5500.035

[GRAPHIC] [TIFF OMITTED] T5500.036

[GRAPHIC] [TIFF OMITTED] T5500.037

[GRAPHIC] [TIFF OMITTED] T5500.038

[GRAPHIC] [TIFF OMITTED] T5500.039

[GRAPHIC] [TIFF OMITTED] T5500.040

[GRAPHIC] [TIFF OMITTED] T5500.041

[GRAPHIC] [TIFF OMITTED] T5500.042

[GRAPHIC] [TIFF OMITTED] T5500.043

[GRAPHIC] [TIFF OMITTED] T5500.044

[GRAPHIC] [TIFF OMITTED] T5500.045

[GRAPHIC] [TIFF OMITTED] T5500.046

[GRAPHIC] [TIFF OMITTED] T5500.047

[GRAPHIC] [TIFF OMITTED] T5500.048

[GRAPHIC] [TIFF OMITTED] T5500.049

[GRAPHIC] [TIFF OMITTED] T5500.050

[GRAPHIC] [TIFF OMITTED] T5500.051

[GRAPHIC] [TIFF OMITTED] T5500.052

[GRAPHIC] [TIFF OMITTED] T5500.053

[GRAPHIC] [TIFF OMITTED] T5500.054

[GRAPHIC] [TIFF OMITTED] T5500.055

[GRAPHIC] [TIFF OMITTED] T5500.056

[GRAPHIC] [TIFF OMITTED] T5500.057

[GRAPHIC] [TIFF OMITTED] T5500.058

[GRAPHIC] [TIFF OMITTED] T5500.059

[GRAPHIC] [TIFF OMITTED] T5500.060

[GRAPHIC] [TIFF OMITTED] T5500.061

[GRAPHIC] [TIFF OMITTED] T5500.062

[GRAPHIC] [TIFF OMITTED] T5500.063

[GRAPHIC] [TIFF OMITTED] T5500.064

[GRAPHIC] [TIFF OMITTED] T5500.065

[GRAPHIC] [TIFF OMITTED] T5500.066

[GRAPHIC] [TIFF OMITTED] T5500.067

[GRAPHIC] [TIFF OMITTED] T5500.068

[GRAPHIC] [TIFF OMITTED] T5500.069

[GRAPHIC] [TIFF OMITTED] T5500.070

[GRAPHIC] [TIFF OMITTED] T5500.071

[GRAPHIC] [TIFF OMITTED] T5500.072

[GRAPHIC] [TIFF OMITTED] T5500.073

[GRAPHIC] [TIFF OMITTED] T5500.074

[GRAPHIC] [TIFF OMITTED] T5500.075

[GRAPHIC] [TIFF OMITTED] T5500.076

[GRAPHIC] [TIFF OMITTED] T5500.077

[GRAPHIC] [TIFF OMITTED] T5500.078

[GRAPHIC] [TIFF OMITTED] T5500.079

[GRAPHIC] [TIFF OMITTED] T5500.080

[GRAPHIC] [TIFF OMITTED] T5500.081

[GRAPHIC] [TIFF OMITTED] T5500.082

[GRAPHIC] [TIFF OMITTED] T5500.083

[GRAPHIC] [TIFF OMITTED] T5500.084

[GRAPHIC] [TIFF OMITTED] T5500.085

[GRAPHIC] [TIFF OMITTED] T5500.086

[GRAPHIC] [TIFF OMITTED] T5500.087

[GRAPHIC] [TIFF OMITTED] T5500.088

[GRAPHIC] [TIFF OMITTED] T5500.089

[GRAPHIC] [TIFF OMITTED] T5500.090

[GRAPHIC] [TIFF OMITTED] T5500.091

[GRAPHIC] [TIFF OMITTED] 


    THE NAVY YARD TRAGEDY: EXAMINING PHYSICAL SECURITY FOR FEDERAL 

                               FACILITIES

                              ----------                              


                       TUESDAY, DECEMBER 17, 2013

                                     U.S. Senate,  
                           Committee on Homeland Security  
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 10:34 a.m., in 
room SD-342, Dirksen Senate Office Building, Hon. Thomas R. 
Carper, Chairman of the Committee, presiding.
    Present: Senators Carper, Heitkamp, Coburn, and Ayotte.

              OPENING STATEMENT OF CHAIRMAN CARPER

    Chairman Carper. Good morning, Senator Heitkamp. The early 
bird.
    Senator Heitkamp. Good morning, Mr. Chairman.
    Chairman Carper. How are you doing? You sound in good voice 
today.
    Welcome, everyone. Thank you for joining us, and some of 
you, thank you for joining us again and again. It is nice to 
see you all.
    This is an important hearing. This is actually the second 
in a series of hearings that will enable us to take a closer 
look at physical security for Federal facilities.
    Three months ago, as we know, Aaron Alexis reported to the 
Washington Navy Yard with intentions to inflict pain and 
suffering on anyone in his path. We do not know now and maybe 
we never will be entirely clear why this tragedy came to pass, 
but hopefully the lessons learned from it will provide a 
foundation for preventing future tragedies like this one.
    Let us take just a moment to recount how Aaron Alexis got 
the access to the Navy Yard that allowed him to successfully 
enter the facility that fateful morning.
    In 2007, Aaron Alexis joined the U.S. Navy. As with other 
servicemembers, a background check was performed and he was 
granted a low-level security clearance. After an honorable 
discharge from the Navy in 2011, Alexis was hired by a defense 
contractor who confirmed that he possessed a valid security 
clearance.
    This marked him as a trustworthy individual. Because of 
that security clearance and that job, Alexis was provided with 
an ID card that would authorize his access to certain 
facilities, including Building 197 at the Washington Navy Yard.
    Shortly before 8 a.m., on September 16, 2013, Aaron Alexis 
drove to the front gate of the Washington Navy Yard and 
displayed his access card. He was admitted by security, parked 
his car, and walked to Building 197.
    Upon entering that building, Alexis encountered two 
additional security layers: an automated turnstile which 
required a valid access card and an armed security guard posted 
near an entrance.
    Unfortunately, these measures were designed primarily to 
prevent unauthorized access and not to screen for weapons. 
Officials probably thought that the people working there were 
trustworthy because they had security clearances and had been 
vetted.
    Eight minutes after Alexis cleared security, he began 
shooting co-workers using a shotgun that he had successfully 
concealed.
    In the wake of the shooting at the Washington Navy Yard, 
this Committee began a review of security practices and 
procedures highlighted by the attack.
    Our first oversight hearing looked at the security 
clearance processes that Federal agencies have implemented to 
determine who should have access to sensitive information or to 
facilities. At that hearing we explored ways to improve the 
process and were reminded that quality cannot be sacrificed for 
speed. The purpose of today's hearing is to review how we 
physically secure Federal facilities from attack.
    In many instances, security measures begin long before a 
person approaches the facility. Because Mr. Alexis was able to 
maintain a security clearance, he was trusted as a defense 
contractor and granted access to the Navy Yard complex. Aaron 
Alexis exploited this trust, and he hurt a lot of innocent 
people.
    In the aftermath, it is only natural that we wonder if all 
people entering a Federal facility--even employees--should be 
screened in some way. Should we, to borrow an often used phrase 
from Ronald Reagan, ``trust, but verify''?
    Workplace violence and insider threats are just some of the 
examples of the many undesirable threats facing our Federal 
facilities. There are many other potential threats that 
agencies must attempt to detect and deter. In addition to 
active shooters, agencies must develop countermeasures for 
improved explosive devices, biological weapons, and other types 
of assaults.
    Today's hearing will examine Federal agencies' efforts to 
develop and maintain effective layers of security at their 
facilities and prevent future attacks against innocent people.
    Facility security is not just about protecting the physical 
structure of a building; it is about safeguarding the millions 
of innocent people who work and visit these facilities on an 
almost daily basis. Today's hearing on facility security is 
also about honoring the memory of the 12 men and women who died 
on September 16, earlier this year by learning from that 
incident and doing all that we can to prevent a similar tragedy 
from happening in the future.
    People who work with me know that one of my guiding 
principles is, ``If it is not perfect, make it better.'' And 
our goal today is to figure out how we can do a better job 
protecting people at our Federal facilities. We can start by 
asking some fundamental questions.
    First, we need to ask: How do Federal agencies determine 
what the threats are to their specific facilities?
    As we know, not every facility is the same. Large Federal 
buildings in big cities--for example, the Alfred P. Murrah 
building in Oklahoma City--may be a target for terrorists 
because of their size and what they symbolize. However, the 
more likely threat is probably to a small Social Security 
office or maybe an Internal Revenue Service (IRS) Taxpayer 
Assistance Center because of a tired or angry citizen reacting 
badly and out of impulse.
    Second, we should ask: Are Federal agencies properly 
assessing and prioritizing these risks?
    As we all know, the world around us is constantly changing. 
So is the nature of the threats that we face. As a result, 
methods for securing our homeland should always be under 
observation and under assessment because the nature of the 
threat continues to evolve. The methods we use to secure our 
homeland must continue to evolve.
    That leads me to my final question, and that is: How do 
agencies respond to these evolving threats?
    A security measure that may work for one facility may not 
work for another. For example, not every facility might be able 
to be built 50 feet or more away from the nearest public road 
in order to protect against a vehicle-borne threat.
    I also want to know if Federal agencies are sufficiently 
sharing best practices. Is the Department of Defense (DOD) 
working with civilian agencies to share its expertise and its 
experience?
    For both military and civilian facilities, senior officials 
at a facility are responsible for determining which security 
measures should be implemented. However, civilian officials 
sitting on a local Facility Security Committee (FSC) may have 
little or no training in security matters; whereas, the 
commanding officer for a military installation may have years 
of experience and education in security matters.
    Most importantly, I want to know what actions different 
organizations have undertaken since the Navy Yard shooting to 
improve security at Federal facilities.
    Many departments and agencies bear some responsibility for 
securing Federal facilities. This includes the Department of 
Defense and the General Services Administration (GSA) and even 
the Department of Energy (DOE). It also includes the Federal 
Protective Service (FPS), a component of the Department of 
Homeland Security (DHS) that is responsible for protecting 
Federal facilities owned or leased by the General Services 
Administration.
    There is no doubt that the Federal Protective Service has a 
difficult mission. That agency employs only about 1,000 law 
enforcement officers to protect more than 9,000 civilian 
Federal facilities. Think about that. These facilities are 
spread out all across the country.
    Yet while the Federal Protective Service is responsible for 
assessing security at each of these facilities, it lacks 
complete authority to implement security measures. It may 
recommend installing metal detectors and X-ray screening 
equipment at a facility, but it is the local Facility Security 
Committee that decides whether to authorize and pay for those 
recommended security measures.
    As repeated Government Accountability Office (GAO) reports 
have highlighted, a number of internal management challenges 
have impeded the Federal Protective Service's ability to 
protect facilities. For example, the Federal Protective Service 
must complete the facility security assessments in a timely 
manner so that it can share them with the offices it protects. 
Because the Federal Protective Service has been unable to do 
that, other agencies have sought to complete their own facility 
security assessments, creating unnecessary duplication and 
waste.
    The Federal Protective Service must also do a better job of 
tracking and overseeing training for the 14,000 contract guards 
that it uses to protect facilities. The agency must ensure both 
its Federal law enforcement officers and the armed security 
guards it uses are appropriately trained, equipped, and 
prepared.
    Ensuring the training, the equipment, and the preparedness 
of Federal law enforcement officers and armed contract security 
guards is central to providing for the security of the 
facilities safeguarded by the Federal Protective Service. This 
will require, at a minimum, a greater focus on active-shooter 
scenario training. In the wake of the shootings at the Navy 
Yard and the Wheeling, West Virginia, Courthouse, we cannot 
afford to be ill prepared for this type of threat.
    While Director Eric Patterson has worked hard to improve 
the Federal Protective Service's performance, the agency has 
not always received the support it needs from Congress. I want 
to assure Director Patterson that I am committed to working 
with him to make the agency more efficient and more effective. 
We can start by focusing on the cost-saving or cost-neutral 
solutions that are much more likely to receive broad bipartisan 
support from our colleagues here in Congress.
    I hope that today's hearing will help us find better ways 
to improve security at all Federal facilities. I believe there 
is much to be learned from the Navy Yard tragedy to help us 
prevent similar incidents in the future.
    And I suspect we will be joined here later this morning by 
Dr. Coburn, who I know has a strong interest in these issues.
    Normally I do not turn to the Senator from North Dakota to 
see if she would like to make a comment or two, but you are 
welcome to, if you would like, Heidi.
    Senator Heitkamp. No. Mr. Chairman, we will go ahead and 
proceed.
    Chairman Carper. OK. I am going to just briefly introduce 
our witnesses and reintroduce others.
    I want to introduce as our first witness Caitlin--do you 
pronounce your name ``Durkovich''?
    Ms. Durkovich. Yes.
    Chairman Carper. Caitlin Durkovich, Assistant Secretary for 
Infrastructure Protection for the National Protection and 
Programs Directorate (NPPD) at the Department of Homeland 
Security, where we have a newly confirmed Secretary, Jeh 
Johnson, who was approved I think yesterday by a vote of about 
78-16. I just would say here publicly how grateful I am to our 
colleagues, Democrat and Republican, for their support, 
especially to Dr. Coburn, who was a strong supporter of Jeh's 
nomination. And I think it may take a couple of days to process 
the paperwork so that he can be sworn in and be on the payroll, 
but we need him in place, and he needs a team to lead, 
including an able Deputy Secretary of Homeland Security. I 
believe Alejandro Mayorkas, if confirmed, will be that person.
    Ms. Durkovich was appointed to her current position in May 
2012. As Assistant Secretary for Infrastructure Protection, Ms. 
Durkovich leads the Department's efforts to strengthen and 
build resilience in our Nation's critical infrastructure. As 
Chair of the Interagency Security Committee (ISC), Ms. 
Durkovich oversees its mission to develop security standards 
and best practices for civilian Federal facilities in the 
United States.
    Our next witness is Retired Brigadier General Eric 
Patterson--great to see you--Director of the Federal Protective 
Service, a component of the Department of Homeland Security's 
National Protection and Programs Directorate. Director 
Patterson was appointed to his position in September 2010. As 
Director, Mr. Patterson oversees the Service's mission to 
protect and deliver integrated law enforcement and security 
services to over 9,000 civilian Federal facilities and to 
safeguard their more than 1.4 million daily occupants and 
visitors.
    Now, I understand you served in the Air Force for over 30 
years.
    General Patterson. Yes, sir.
    Chairman Carper. Thank you for that service, too.
    Our final witness is Stephen Lewis, Deputy Director for 
Personnel, Industrial and Physical Security Policy within the 
Office of the Under Secretary of Defense for Intelligence, 
United States Department of Defense. The Under Secretary of 
Defense for Intelligence oversees DOD's policies, programs, and 
guidance related to, among other things, personnel and facility 
security. Mr. Lewis also previously appeared before our 
Committee just about a month ago at our first hearing on the 
Washington Navy Yard hearing.
    We welcome you all today, and before I ask Ms. Durkovich to 
lead off, I am going to yield to Dr. Coburn. Good morning.

              OPENING STATEMENT OF SENATOR COBURN

    Senator Coburn. I apologize for being late, both to our 
witnesses and to the Chairman. I will put my opening statement 
in the record.\1\
---------------------------------------------------------------------------
    \1\ The prepared statement of Senator Coburn appears in the 
Appendix on page 189.
---------------------------------------------------------------------------
    Chairman Carper. Fair enough. Welcome.
    Ms. Durkovich, please proceed. Your entire statement will 
be made part of the record, and you are welcome to summarize as 
you see fit. Try to stick within about 5 minutes, but if you go 
a little beyond that, that is all right.

 TESTIMONY OF CAITLIN A. DURKOVICH,\1\ ASSISTANT SECRETARY FOR 
  INFRASTRUCTURE PROTECTION, NATIONAL PROTECTION AND PROGRAMS 
       DIRECTORATE, U.S. DEPARTMENT OF HOMELAND SECURITY

    Ms. Durkovich. Thank you very much, Chairman Carper, 
Ranking Member Coburn, Senator Heitkamp, and other 
distinguished Members of the Committee. I am pleased to appear 
before you today to help honor the memory of the 12 men and 
women who died at the Navy Yard and all of those who have been 
victims of violence in the Federal workplace.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Durkovich appears in the Appendix 
on page 192.
---------------------------------------------------------------------------
    As Assistant Secretary for Infrastructure Protection (IP), 
I have had the responsibility to lead the overall coordination 
of the Nation's critical infrastructure security and resilience 
efforts. One of the most rewarding opportunities I have is to 
serve as Chair of the Interagency Security Committee, and 
oversee the development of standards, reports, guidelines, and 
best practices for facility security at nearly 400,000 civilian 
Federal facilities.
    The ISC was created by Executive Order (EO) following the 
bombing of the Alfred P. Murrah Federal Building in Oklahoma 
City on April 19, 1995. The ISC and its 53 member Federal 
departments and agencies is responsible for the creation and 
adoption of numerous standards, guidelines, and best practices 
for the protection of these nearly 400,000 non-military Federal 
facilities across the country.
    The work is based on real-world, present-day conditions and 
challenges and allows for cost savings by focusing on specific 
security needs of the agencies. ISC standards provide the 
Federal community with strategies for identifying physical 
security measures and facilities, the design and implementation 
of risk-based security policies.
    Recently the ISC issued the Risk Management Process for 
Federal Facilities Standard, a standard that defines the 
criteria and processes that those responsible for security 
should use to determine a facility's security level and 
provides an integrated, single source of facility security 
countermeasures for all non-military Federal facilities. The 
standard also provides guidance for customization of the 
countermeasures for Federal facilities and explains that risk 
may be addressed in various ways, depending on agency mission 
needs, for example, presence of a child-care center onsite and 
historical significance.
    It is most important to note that the ISC is a truly 
collaborative interagency body. Fifty-three Federal departments 
and agencies participate in the ISC and take the lead on 
bringing ideas to the table in drafting standards and best 
practices. When agencies cannot solve security-related problems 
on their own, the ISC brings chief security officers and senior 
executives together to solve continuing governmentwide security 
concerns.
    ISC membership also engages in the development of standards 
and best practices based on evolving real-world threats. Recent 
events have demonstrated the need to identify measures that can 
be taken to reduce the risk of mass casualty shootings and 
workplace violence, improve preparedness, and expand and 
strengthen ongoing efforts intended to prevent future 
incidents.
    The Department of Homeland Security aims to enhance 
preparedness through a whole-of-community approach by providing 
resources to a broad range of stakeholders on issues such as 
active-shooter awareness, countering improvised explosive 
devices (IEDs), incident response, and workplace violence. 
Working with partners in the private sector, DHS has developed 
training and other awareness materials to assist owners and 
operators of critical infrastructure to better train their 
staff and coordinate with local law enforcement for these types 
of incidents. We have hosted workshops and developed an online 
training tool targeted at preparing those who work in the 
buildings. These efforts and resources have been well received 
and are applicable to Federal facilities as well as commercial 
spaces and other government buildings.
    Cognizant of this growing threat, the ISC this spring 
formed a Federal Active Shooter Working Group. While a number 
of Federal guidance documents previously existed on active-
shooter preparedness and response, this working group was 
formed to streamline the existing ISC policy into a single 
cohesive document. To date, the working group has met five 
times and has reviewed numerous publications and guidance 
documents including training and materials developed by the 
Department for commercial facilities. It will also leverage 
lessons learned from real-world incidents, such as the Navy 
Yard shooting. It is our intention that the resulting work will 
serve as a resource for agencies to enhance preparedness for an 
active-shooter incident in a Federal facility.
    Threats to our critical infrastructure, including Federal 
facilities, are wide-ranging and constantly evolving. Not only 
are there terrorist threats, like the bombing at the Boston 
Marathon this past spring or the complex shopping mall attack 
in Nairobi in September, but hazards from weather-related 
events such as Hurricane Sandy and a cyber infrastructure 
increasingly under attack all have a direct impact on the 
security of our Federal buildings. It is impossible to 
anticipate every threat, but the Department is taking a 
holistic approach to create a more secure and resilient 
infrastructure environment to better handle these challenges, 
and the work of the ISC exemplifies these efforts.
    Ensuring our Federal facilities are secure and resilient is 
a large undertaking, but the work of our member departments and 
agencies ensures that those responsible for Federal facility 
security have the tools and resources to mitigate the threats.
    In closing, I would like to thank you for the opportunity 
to appear before you and discuss the important work of the ISC 
and how we can learn from real-world events and ensure they do 
not happen again. I look forward to answering any questions you 
may have.
    Chairman Carper. Secretary Durkovich, thank you. Thanks for 
being here. Thanks for your testimony and your work.
    General, welcome.

   TESTIMONY OF LEONARD ERIC PATTERSON,\1\ DIRECTOR, FEDERAL 
     PROTECTIVE SERVICE, NATIONAL PROTECTION AND PROGRAMS 
       DIRECTORATE, U.S. DEPARTMENT OF HOMELAND SECURITY

    General Patterson. Good morning. Thank you, Chairman 
Carper, Ranking Member Coburn, and Senator Heitkamp. My name is 
Eric Patterson, and I am the Director of the Federal Protective 
Service within the National Protection and Programs Directorate 
of the Department of Homeland Security. I am honored to testify 
before this Committee today regarding the mission and 
operations of the Federal Protective Service.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Patterson appears in the Appendix 
on page 198.
---------------------------------------------------------------------------
    FPS is charged with protecting and delivering integrated 
law enforcement and security services to over 9,000 facilities 
owned or leased by the General Services Administration and 
safeguard their more than 1.4 million daily occupants and 
visitors.
    In performing this mission, FPS directly employs over 1,000 
law enforcement officers , inspectors, and special agents who 
perform a variety of critical functions, including FPS-
contracted protective security officer oversight, facility 
security assessments, and uniformed police response.
    Our inspectors and special agents receive extensive and 
rigorous training at the Federal Law Enforcement Training 
Center (FLETC) and in the field. This training ensures that our 
law enforcement personnel are able to effectively respond to 
tens of thousands of calls for service received annually by the 
FPS and conduct thorough, comprehensive facility security 
assessments in FPS-protected facilities.
    The Facility Security Assessments (FSAs), document 
security-related risk to a given facility and provide a record 
of countermeasure recommendations designed to enable tenant 
agencies to meet Interagency Security Committee standards for 
Federal facility security. Throughout the FSA process, FPS 
works with stakeholders to identify and gather all necessary 
information for characterizing the risks unique to each 
facility. FPS then builds a consensus with tenant agencies 
regarding the type of physical countermeasures and number and 
type of guard posts staffed by FPS-contracted Protective 
Security Officers (PSOs) appropriate for each individual 
facility.
    Approximately 13,000 FPS-contracted PSOs staff guard posts 
at FPS-protected Federal facilities. PSOs are responsible for 
controlling access to Federal facilities, detecting and 
reporting criminal activities, and responding to emergency 
situations. PSOs also ensure prohibited items, such as 
firearms, explosives, knives, and other dangerous weapons, do 
not enter Federal facilities. In fact, FPS PSOs stop 
approximately 700,000 prohibited items from entering Federal 
facilities every year.
    FPS partners with private sector guard companies to ensure 
that the guards have met the certification, training, and 
qualification requirements specified in the contracts covering 
subject areas such as crime scene protection, actions to take 
in special situations such as building evacuations, safety, and 
fire prevention, and public relations.
    All PSOs must undergo background investigation checks to 
determine their fitness to begin work on behalf of the 
government and are rigorously trained. However, it is important 
to note that PSOs are not sworn law enforcement officers. 
Rather, PSOs are employees of private security companies, and 
FPS does not have the authority to deputize PSOs in a law 
enforcement capacity. An individual PSO's authority to perform 
protective services are based on State-specific laws where the 
PSO is employed.
    To ensure high performance of our contracted PSO workforce, 
FPS law enforcement personnel conduct PSO post inspections and 
integrated covert test activities to monitor vendor compliance 
and countermeasure effectiveness. Additionally, vendor 
personnel files are audited periodically to validate that PSO 
certifications and training records reflect compliance with 
contract requirements. In fiscal year (FY) 2013 alone, FPS 
conducted 54,830 PSO post inspections and over 17,000 PSO 
personnel file audits.
    The Federal Protective Service is committed to providing 
safety, security, and a sense of well-being to thousands of 
Federal employees who work and conduct business in our 
facilities each day.
    We continuously strive to further enhance, integrate, and 
transform our organization to meet the challenges of an 
evolving threat landscape and have recently made significant 
progress toward closing out outstanding the Government 
Accountability Office (GAO) recommendations pertaining to FPS 
operations. In fiscal year 2013 alone, FPS submitted 
documentation to the GAO for closure and consideration 
pertaining to 13 GAO recommendations including FPS strategies 
to enhance its human capital planning and improve tenant 
communication. Of those presented, six were successfully closed 
as implemented, and seven are pending GAO's internal review for 
closure.
    Significant progress has also recently been made toward 
closing longstanding GAO recommendations related to FPS' 
handling of PSO training and oversight. While challenges 
undoubtedly remain, FPS has successfully closed six outstanding 
recommendations directly related to this program area and is 
pending GAO's internal review process for closure consideration 
for two more.
    We have also made advances toward addressing 
recommendations relative to our risk-assessment methodology. 
Specifically, FPS designed its FSA process to meet the 
requirements of the ISC's Risk Management Process for Federal 
Facilities and, to ensure that stakeholders have an 
understanding of the threats they face, FPS has begun to 
provide a Threat Assessment Report as part of each FSA. Going 
forward, FPS will continue to work with the ISC to explore 
consequences and impacts in the context of Federal facility 
security assessments and explore the inclusion of consequences 
into the FSA process.
    In closing, I would like to acknowledge and thank the 
distinguished Members of this Committee for the opportunity to 
testify today, and I would be pleased to answer any questions 
you may have.
    Chairman Carper. Thank you, General.
    Mr. Lewis, welcome. Good to see you. Please proceed.

     TESTIMONY OF STEPHEN F. LEWIS,\1\ DEPUTY DIRECTOR FOR 
PERSONNEL, INDUSTRIAL AND PHYSICAL SECURITY POLICY, DIRECTORATE 
OF SECURITY POLICY AND OVERSIGHT, OFFICE OF UNDER SECRETARY OF 
      DEFENSE FOR INTELLIGENCE, U.S. DEPARTMENT OF DEFENSE

    Mr. Lewis. Good morning. Thank you, Chairman Carper, 
Ranking Member Coburn, and Senator Heitkamp. I appreciate the 
opportunity to be here today to address the practices and 
procedures in the Department of Defense regarding facility 
security. I am Steve Lewis, Deputy Director of the Security 
Policy and Oversight Directorate in the Office of the Under 
Secretary of Defense for Intelligence, and I am here today on 
behalf of Dr. Michael Vickers, the Under Secretary of Defense 
for Intelligence, or (USD(I)).
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Lewis appears in the Appendix on 
page 205.
---------------------------------------------------------------------------
    The USD(I) is the Principal Staff Assistant to the 
Secretary and Deputy Secretary of Defense for security matters 
and is responsible for setting overall DOD physical security 
policy. In this role, the USD(I) provides security policy 
standards for the protection of DOD personnel, installations, 
facilities, operations, and related assets.
    Within the Department, the USD(I)'s security 
responsibilities are complemented by those of the Assistant 
Secretary of Defense for Homeland Security and Americas' 
Security Affairs, who is responsible for the DOD Antiterrorism 
Program.
    In the wake of the tragic Washington Navy Yard shooting 
incident, the Secretary of Defense initiated concurrent 
internal and independent reviews to identify and recommend 
actions that address gaps or deficiencies in DOD programs, 
policies, and procedures regarding security at DOD 
installations. The reviews also cover the granting and renewing 
of security clearances for DOD employees, military service 
members, and contractor personnel.
    In order to address the Department's facility security 
policies and practices, it is first important to describe the 
requirement for military commanders, or their civilian 
equivalents, to conduct a comprehensive security evaluation of 
a facility or activity. The purpose of this evaluation is to 
determine the ability of the installation to deter, withstand, 
and recover from the full range of adversarial capabilities 
based upon a threat assessment, compliance with established 
protection standards, and risk management. Based upon the 
results of these evaluations, active and passive measures are 
tailored to safeguard and prevent unauthorized access to 
personnel, equipment, installations, and information by 
employing a layered security concept known as ``security-in-
depth.''
    The Department requires the development and maintenance of 
comprehensive plans to address a broad spectrum of natural and 
manmade scenarios. These include the development of joint 
response plans to adverse or terrorist incidents, such as 
active shooters and unauthorized access to facilities. Military 
commanders, or their civilian equivalents, using risk 
management principles, are required to conduct an annual local 
vulnerability assessment and are subject every 3 years to a 
Higher-Headquarters Assessments, such as the Joint Staff 
Integrated Vulnerability Assessment (JSIVA).
    The Department has worked very hard to foster improvements 
that produce greater efficiencies and effectiveness in facility 
security. In its continuing efforts to harmonize its facility 
security posture with other Federal departments and agencies, 
military commanders located in DOD-occupied leased facility 
space--primarily those not on a DOD installation, must utilize 
the Federal Interagency Security Committee's Risk Management 
Process for Federal Buildings. This effort includes the 
incorporation of the ISC's physical security standards in DOD 
guidance, for example, the Unified Facilities Criteria.
    DOD also participates in various interagency fora such as 
the Interagency Security Committee, along with representatives 
from the Department of Homeland Security and many other Federal 
agencies and departments. These fora enable the sharing of best 
practices, physical security standards, and cyber and terrorist 
threat information in support of our collective resolve to 
enhance the quality and effectiveness of physical security of 
Federal facilities.
    We also have various ongoing initiatives across the 
Department to enhance facility security, such as the 
development of an Identity Management Enterprise Services 
Architecture (IMESA). IMESA will provide an enterprise approach 
to the sharing of identity and physical access control 
information and complement ongoing continuous evaluation 
concept demonstration efforts. IMESA will provide real-time 
vetting of individuals requiring unescorted access to DOD 
facilities, and these will be run against DOD, Federal, State, 
and other authoritative data sources. IMESA users will be able 
to authenticate individuals' access credentials and fitness to 
enter the facility. We believe that IMESA will vastly enhance 
the security of DOD personnel and facilities worldwide.
    Thank you for your time. I am happy to take your questions.
    Chairman Carper. Thank you, Mr. Lewis. I am going to call 
on Dr. Coburn for the first questions, and then I will yield to 
Senator Heitkamp and then follow her. Dr. Coburn.
    Senator Coburn. General Patterson, go through again the GAO 
recommendations that you all have now met and when they were 
met, because my understanding was that of the 26 GAO 
recommendations between 2010 and 2012, prior to the Navy Yard 
shooting, only four of those had been acted on. Is that 
correct?
    General Patterson. No, sir. I can get you a listing of all 
of the specific recommendations.
    Senator Coburn. In your testimony, you listed several. 
Would you do that again for me?
    General Patterson. I do not think I listed them 
specifically, sir.
    Senator Coburn. You said numbers, and that is the numbers I 
want.
    General Patterson. Yes, sir, and I can get you the 
specifics behind the different recommendations. I do not have 
the recommendations before me right now. But the numbers are 
accurate.
    Senator Coburn. But there were 26 outstanding GAO 
recommendations between 2010 and 2012.
    General Patterson. I would have to find that, sir.
    Senator Coburn. And four of them had been acted on and 
accomplished based on their recommendations, and you gave a 
litany of others that you have acted on.
    General Patterson. Yes, sir. I was giving you a general 
oversight of the number that we had been----
    Senator Coburn. Yes, well, go back to your testimony and 
give that to me again, would you?
    General Patterson. Yes, sir, I sure will.
    In 2013, FPS submitted documentation to the GAO for closure 
and consideration pertaining to 13 GAO recommendations 
including FPS strategies to enhance its human capital planning 
and improve tenant communication. Of those presented, six were 
accepted and closed as implemented, and seven are pending GAO's 
internal review for closure.
    Senator Coburn. So that is half of them, of the 26.
    General Patterson. Yes, sir.
    Senator Coburn. So my question to Secretary Durkovich: Were 
you aware at the National Protection and Programs Directorate 
that there were 26 outstanding recommendations made by GAO and 
that up until the first of 13, only 4 had been acted on?
    Ms. Durkovich. Thank you for the question. Yes, I am aware 
of the various GAO recommendations that are open and that have 
been closed. Just from a more high level standpoint, the 
Department has initiated an overall effort to make sure that 
all of the open GAO recommendations that the various components 
and subcomponents work closely with GAO to address those 
recommendations and to take steps to close them. So----
    Senator Coburn. When did you all initiate that?
    Ms. Durkovich. So as recommendations are provided to us by 
GAO, we begin our work to----
    Senator Coburn. I understand that, but you just said you 
initiated a process where they would be addressed.
    Ms. Durkovich. That is a standard process within the 
Department. Again, when we receive a recommendation from the 
GAO, first of all, we have to submit a letter about whether we 
agree or disagree with the recommendation----
    Senator Coburn. Right. I understand that.
    Ms. Durkovich [continuing]. And that begins the process. I 
do not have specific oversight over the FPS recommendations. As 
the Assistant Secretary for the Office of Infrastructure 
Protection, I handle the recommendations that are specific, for 
example, to my programs, including the ISC. So we have five 
open GAO recommendations, and we work very closely to document 
what we are doing to address those recommendations and provide 
regular updates to the GAO through letters to, again, document 
what we are doing and the timeline for which we think that we 
will meet the mitigation measures or the measures that we have 
taken to address the recommendations.
    Senator Coburn. See if I have this right, because I may 
not. The Interagency Security Committee does not monitor 
agencies for compliance. Is that correct?
    Ms. Durkovich. Based on the Executive Order, departments 
and agencies shall comply with the standards that are produced 
by the Interagency----
    Senator Coburn. I understand that.
    Ms. Durkovich [continuing]. Security Committee.
    Senator Coburn. But what I am asking is they do not monitor 
the individual agencies to see if they are in compliance. There 
is an Executive Order----
    Ms. Durkovich. We do not specifically----
    Senator Coburn [continuing]. That says the agencies are 
supposed to do it, but ISC does not monitor to see that that 
happens. Is that correct?
    Ms. Durkovich. That is correct, yes.
    Senator Coburn. And it is the responsibility of each 
individual agency to make sure they comply with that.
    Ms. Durkovich. Yes. Based on the Executive Order, yes, sir.
    Senator Coburn. So let us go back to FPS for a second. How 
is it that your agency is complying with the standard set by 
the ISC?
    General Patterson. Well, sir, we do work with our Federal 
partners as we go in and do assessments. We will make 
recommendations as they are outlined by the ISC, and for a 
variety of reasons, a Federal partner may or may not be able to 
implement. It could be because of cost. It could be because of 
a variety of things that they may decide that they cannot meet 
those specific recommendations.
    However, once we do understand that they are not able to, 
we have tried to work with them to try to mitigate those 
shortfalls as much as we can. So it is not as if we walk away 
from that.
    Senator Coburn. No. I am not saying that. I am just--for 
example, active-shooter training, all right?
    General Patterson. Yes, sir.
    Senator Coburn. A large proportion of our officers that we 
either contract or have are not trained.
    General Patterson. Yes, sir, and if I may explain, there is 
a reason for that, and the reason is because historically, as I 
stated in my testimony, active-shooter response, not awareness 
but active-shooter response, has been a function of law 
enforcement, period. Our PSOs are not law enforcement 
officials. And so to put them in a position to where they are 
responding as a law enforcement officer requires at least our 
coordination with the State, and there has to be some 
contractual agreement that they will respond in that manner.
    Now, because we recognize that in some instances our PSOs 
will be the only folks in a particular position to respond in a 
prompt manner, we are now working with the National Association 
of Security Companies (NASCO), to look at how we can provide 
training to where they can apply some response. But the bottom 
line is we still want law enforcement folks to respond because 
that is where they are trained. We spend any number of hours 
with our inspectors and our agents in learning how to respond 
to an active-shooter situation, and we have not done that with 
our PSOs. So we have to find out what the happy medium is here 
so we do not put our PSOs in harm's way as well. So we need to 
find out what the right level of training would be for them in 
order for them to respond effectively.
    Senator Coburn. So we have security personnel at Federal 
buildings, but if we have an active shooter, we do not want 
them to respond; right now they are not trained in a way to 
handle that situation.
    General Patterson. Here is what they are trained in, sir: 
They are trained to protect the people and to keep people from 
coming in the building so that they do not enter harm's way. 
They are also trained to help people evacuate in a very timely 
manner. And if, in fact, they are approached or come in contact 
with a shooter, they are trained to engage.
    What they are not trained in is to go find the shooter and 
then take action.
    Senator Coburn. So they are trained to engage?
    General Patterson. They are trained to engage. Yes, sir.
    Senator Coburn. And all of them are?
    General Patterson. Yes, sir.
    Senator Coburn. OK. I am past my time. Thank you.
    Chairman Carper. Thank you. Senator Heitkamp.
    Senator Heitkamp. Thank you, Mr. Chairman.
    The first obligation of any employer is safety. I think you 
will find that in a lot of facilities across the country, 
whether they are a manufacturing plant or a processing plant of 
any type or even in a major office. It is not only good 
employee management, it actually saves a lot of money. And I 
think this Committee is deeply concerned about the safety of 
public employees in buildings, and certainly the Navy Yard is 
yet again another example where we do not live in a perfect 
world, but were there things that could have been done, that 
should have been done differently that would have either 
prevented it or limited the deaths once the shooting began?
    I want to go back to a couple kind of critical points here, 
which is even though we have Executive Orders and we have all 
of the GAO reports and all the recommendations, it is kind of 
like the words get written but no one is responsible for 
followup, no one is responsible for implementation, no one is 
responsible to the public employees to say yes, we have done 
everything that we can, we know what the path forward is that 
will enhance your safety. But we just made these 
recommendations, and we hope that whoever manages that building 
or whoever runs this agency is taking safety as seriously as 
what we do.
    And so I will tell you I am concerned listening to this 
that there does not seem to be a lot of coordination, and even 
when there is coordination, there is not a lot of followup in 
terms of making sure that these things get done.
    I want to go back to maybe what I am not understanding is 
the engagement of an active shooter. I chaired a task force 
when I was Attorney General (AG) on school safety. We made 
everyone in the building have training. Our recommendation, 
which was carried out by many schools across this country, is 
that we train on what happens if there is an active shooter. 
And the person we found out we needed to train, give the 
clearest training to, was the woman who answered the phone or 
the man who answered the phone at the reception desk. And 
obviously in most Federal buildings the first person you are 
going to encounter will be someone in uniform, General, that is 
under your jurisdiction. And so what recommendations would you 
make to change what you are currently doing in an active-
shooter situation?
    General Patterson. Yes, ma'am. As an agency we have thought 
long and hard about this. We have been working very diligently 
with our vendors to take a look at where we need to be in 
helping them and helping us to understand: how do we go forward 
and proceed forward now in the training? What training do we 
need to provide, what level of training do we need to provide 
for our PSOs?
    Senator Heitkamp. Have you considered that maybe someone 
who is law enforcement trained and authorized to engage at a 
much higher level should be on duty, not always to do the 
scanning and the screening and, the kind of day-to-day but have 
someone there who actually has a role in providing protection?
    General Patterson. Yes, ma'am, we would love to. I have 
about 600 inspectors who are law enforcement officials who are 
in a number of our buildings on a regular basis. But we have 
thousands of buildings, so I cannot put law enforcement folks 
in every building.
    We have great relationships, with State and local 
authorities that we can call on very quickly to respond if we 
have a problem. But at this point, ma'am, I do not have the 
resources that would allow us to put a law enforcement 
individual in these facilities.
    Now, there is a possibility that we could possibly deputize 
some of our contractor personnel. However, that would clearly 
be more costly, and we would have to figure out how we would do 
that.
    Senator Heitkamp. It is troubling that there does not seem 
to be a lot of kind of creative thinking on how we can use the 
resources we have more effectively to protect folks. And, Mr. 
Lewis, obviously this is a great tragedy, and I know very many 
people within your sphere are still dealing with the extent of 
this tragedy. But I would suggest that maybe the best way we 
can deal with this tragedy is assure people we have learned the 
lessons. And so can you tell me what lessons your agency has 
learned from this? I know you are undergoing this review, but 
give us a little peek into what the thinking is right now.
    Mr. Lewis. Well, since we talked a little bit about active-
shooter awareness and training, within the Department we have 
incorporated active-shooter awareness into the antiterrorism 
level one training. So that has been introduced throughout the 
DOD population.
    In addition, we have published Workplace Violence and 
Active Shooter Prevention and Response, and this was in 
response to the Fort Hood incidents. So we have measures in 
place to not only deal at an awareness level but in terms of 
response within the Department.
    Since the Washington Navy Yard tragedy, we have really 
focused on continuous evaluation of our cleared and vetted 
personnel, so not just people who have security clearances but 
also people who are eligible to have access to DOD 
installations. And you can do the best investigation possible, 
but things change in people's lives over time. And we have to 
be constantly aware of what those changes are, and we have 
established a pilot on continuous evaluation, which is going to 
do queries, automated queries of public and DOD records to look 
for issues of concern. And this is an ongoing effort. We are 
trying to expand it to include individuals who are visiting 
installations on a fairly regular basis. That was the IMESA 
initiative that I mentioned, which would, in an automated 
fashion, allow for sharing of information of concern between 
DOD facilities so that if a visitor to one DOD installation 
presented a problem there for whatever reason, that would be 
available to other DOD installations that that person may be 
going to visit.
    So that is our focus. How do we become apprised of 
information as it develops and not wait 5 years or 10 years for 
the next reinvestigation?
    Senator Heitkamp. If I can just make a comment, I think 
honestly I would like to see better coordination, and I would 
like to see better followup when GAO has a number of 
recommendations that sit around for a number of years, and we 
come and we say, ``Well, yes, we are working on it.'' That just 
is a constant source of frustration on this Committee. ``We are 
working on it,'' or, ``Yes, we are concerned about it,'' does 
not cut it anymore, especially when we are talking about safety 
of public employees and really the integrity of your missions. 
And so I would like to see maybe followup on the GAO 
recommendations, what the timeline is for actually getting 
those implemented.
    Ms. Durkovich. May I take a moment just to address the 
coordination issue?
    Chairman Carper. Sure. Go ahead.
    Ms. Durkovich. And I just want to go back to the 
Interagency Security Committee and reiterate that for over the 
last 17 years we have had the chief security officers and other 
senior executives from 53 different departments and agencies 
who participate as part of the committee and look at evolving 
threats and evolving hazards and work together to produce 
standards and best practices, whether it is on occupant 
emergency plans, whether it is on prohibited Federal items in 
Federal buildings, whether it is on the training of Federal 
Security Committees, and certainly the risk management process 
that we released this past August. It is a highly collaborative 
body, and while there is not a formal compliance mechanism, the 
fact that these 53 chief security officers come together and 
work over months to produce these standards, it then becomes 
incumbent on them to ensure that their facilities adopt them.
    We have some informal soft compliance mechanisms that we 
are looking at. There are tools that are in development to help 
us better assess how facilities are implementing our standards 
and best practices, but I want to dispel the myth that it is 
not highly collaborative.
    Certainly coming out of the Navy Yard and other incidents 
in Federal facilities, we have established an Active Shooter 
Working Group, as I mentioned in my opening statement, both 
designed to look at what happened at the Navy Yard but to 
leverage all of the work that we have done over the course of 
the last 6 years in the commercial facility space. We have 
online training, we do in-person training, and part of the goal 
here is to look at all of the various tools, documents, 
trainings that are available right now, to leverage those so we 
can bring them to the Federal workplace. I think training is a 
very important aspect of this. It is certainly something that 
Director Patterson does as part of his responsibilities. But 
there are other things, I think, that we can do to augment 
that, to answer your question, and to ensure that as we look at 
developing, whether it become a best practice or a standard, 
that we are encouraging and recommending that we exercise, that 
we test the training that we do, that we ensure that there are 
documents, that there are marketing materials available to our 
employees. But I think that there is a lot that can be done and 
that can be leveraged from the work that we have already done 
with the commercial facilities sector, and that is certainly 
the goal of our Active Shooter Working Group.
    Chairman Carper. Senator Heitkamp, we are blessed on this 
Committee to have several Members of the Committee who have 
served as Attorney General in their own States, and thank you 
for bringing that expertise to bear here.
    Secretary Durkovich, I am going to ask you to help make 
real for me and maybe for some of my colleagues this 
Interagency Security Committee. Just cut through the--not that 
you are using jargon. Just cut through the Federal verbiage and 
just say where did it come from, why did we create it. Just 
describe its mission or missions. And maybe more importantly, 
how do you think it is working? How do we measure whether it is 
working well? How do we measure success? Please, just make it 
real for us.
    Ms. Durkovich. Absolutely, and thank you for the 
opportunity to further explain it. So the Interagency Security 
Committee came about after the bombing at the Alfred P. Murrah 
Building in Oklahoma City in 1995, with the recognition really 
that we had to do a better job protecting our Federal 
facilities. Again, almost every department and agency 
participates in the Interagency Security Committee, and it is 
often the most senior physical security person within that 
department, the chief security officer.
    We take evolving threats and evolving challenges, and it is 
the chief security officers who look at the particular threat 
and decide how do we, as a Federal family, best address that 
threat and make sure that our facilities are able to mitigate 
them. So there is a formal risk management process that the 
committee has produced, and it is the standard by which we go 
about securing all Federal civilian facilities with the 
exception of DOD military installations. And it begins with 
determining what is the facility security level. So you look at 
a particular Federal facility, and based on what its function 
is--is it a headquarters office? Is it a field office? Does it 
have historical significance? For example, is the Declaration 
of Independence or the Bill of Rights contained in it? Are 
there other ancillary functions? Are there child-care 
facilities and things? That is what allows us to determine 
whether a facility is either a Level 5, which is the highest 
level, or a Level 1, which is more of your storefront office.
    Then we apply the physical security criteria. So based on 
the level and also what we call the design-basis threat 
standard, that is 31 undesirable events that we have determined 
are most attractive or most likely to happen to a Federal 
facility, and it ranges from arson to sabotage to active 
shooters and also weather-related events. But based on those 
scenarios, what are the right security measures to put in place 
at these Federal facilities?
    Now, it is a risk-based process, and as you pointed out in 
your opening statement, it is difficult at times to apply all 
of these because, as you have noted, not all buildings were 
built 100 or 150 years ago with a 15-to an 18-foot setback. We 
have to think about how you mitigate some of these 
vulnerabilities based on the real-world realities. And so we 
help provide facilities with options to include bollards, 
thinking about blast-resistant windows, but really working them 
through this risk management process. The establishment of 
facility security committees, and ensuring that the individuals 
that sit on those committees have the training that they need 
to carry out their duties is a core part of, again, what the 
Interagency Security Committee has thought about and how we--
again, when there are unique functions inside a building, how 
do we ensure that we are also protecting those functions? And, 
again, that is things like child care and other high-priority 
efforts.
    So that is really the basis for what the Interagency 
Security Committee does, and again, thinking about how we keep 
those standards fresh, how we recognize that we are living in a 
world where our adversaries are highly adaptive. So when we 
start to see emerging threats or new trends, again, we bring 
the 53 chief security officers together to come up with a 
standard to ensure that all Federal facilities at least are 
working from a certain baseline, and we are doing that with 
active shooter. We are thinking about as we start to see some 
of these small-scale complex attacks, how are we accounting for 
them? And, again, how do we ensure that we have the measures, 
the training? We have done the preparedness so that we can 
mitigate the threats.
    I do think----
    Chairman Carper. Let me just interrupt. Come back--and you 
may have said this and I missed it, but, again, how do you 
measure success? What metric are we using to measure whether or 
not the work of the Interagency Security Committee is 
successful?
    Second, talk with us about sharing, the sharing of best 
practices across the range of the Members who comprise this 
committee. Two things.
    Ms. Durkovich. Absolutely. So I will answer your first 
question by saying I do think that the Interagency Security 
Committee has been a success, and I think that if you--and we 
have done informal surveys, but if you went out and surveyed 
each of the Federal departments and agencies, you will find 
that they have implemented all of the ISC standards. If there 
is----
    Chairman Carper. And you said those standards continue to 
be updated. Is that right?
    Ms. Durkovich. And they continue to be updated. And, again, 
they are the ones who come together to help develop these 
standards. We do not have a formal mechanism for measuring what 
has been implemented. There is one ISC-approved tool that is in 
existence. We are working on approving others. But anecdotally 
I would--again, I am confident that all of the member 
departments and agencies have implemented the standards, and 
when they cannot, they are responsible for coming to us and 
telling us why they cannot and the fact that they are willing 
to bear that risk.
    Chairman Carper. Talk with us about sharing best practices 
across departments.
    Ms. Durkovich. Absolutely. Again----
    Chairman Carper. And how, if at all, this committee 
facilitates that.
    Ms. Durkovich. One of the benefits of the Interagency 
Security Committee is that you may have a chief security 
officer who represents a Level 5 facility who can come and talk 
about some of the things that they have done. Take, for 
example, a headquarters building that sits on Constitution 
Avenue. The things that they have put in place to mitigate the 
fact that they cannot have a setback, the fact that they use 
bollards, the fact that they use, again, blast-resistant 
windows. So part of, again, the very nature of the Interagency 
Security Committee is the fact that we can bring together and 
we can convene these senior-level executives to talk about best 
practices. But I think what is unique about what we are doing 
with the ISC is it is not just the sharing of Federal facility 
best practices, but the fact that for over the course of the 
last 6 years, we have been working very closely with the 
commercial facilities sector. These are buildings, these are 
stadiums, these are venues where the public passes through them 
day in and day out, where we have done active-shooter training, 
where we have thought about how do you, again, strengthen and 
provide layers of security that may not always be obvious to 
the public. How do we take those lessons learned, how do we 
take those best practices and bring them to Federal facilities 
as well?
    And so I think as part of the Active Shooter Working Group 
that we have stood up, you are going to see a mix of both what 
we are doing in the Federal sector but also the lessons 
learned, the leading practices that we have developed in the 
commercial facilities sector as well.
    Chairman Carper. OK. Thanks. Dr. Coburn.
    Senator Coburn. Just to followup, I want to put in the 
record a letter from the DHS Police Deputy Director of 
Operations Kris Cline\1\ that was released November 22, which 
is new Active Shooter Guidelines.
---------------------------------------------------------------------------
    \1\ The letter from Kris Cline appears in the Appendix on page 254.
---------------------------------------------------------------------------
    And I am somewhat confused after reading this, and I do not 
understand the engagement. If somebody is with a firearm in a 
Federal building and we have a PSO officer there, nothing here 
says that they will engage them.
    General Patterson. Yes, sir. The original objective and 
mission of the PSO was to ensure the safe egress and ingress of 
people coming into the facility. It was not to pursue an active 
shooter. That has always been the purview of and the ground for 
trained law enforcement personnel.
    As we have looked at how we might have our PSOs engage, we 
were looking at any legal obstacles that we may have to 
overcome as a result of that, as well as any State requirements 
that they may have to meet as well. So my point in talking 
about it is if an armed individual comes into that facility and 
they recognize that they are armed and they ask that individual 
to please drop their gun or drop their weapon or put the weapon 
down and they do not, then they are authorized to engage.
    If, in fact, they are clearing the building or trying to 
get people out of the building and then they run into that 
active shooter, they will engage.
    What they are not trained to do is go from room to room 
trying to find the individual.
    Senator Coburn. I understand that, but I guess my point I 
am making from this letter, that is not clear in here. This is 
the new requirements for active shooters.
    General Patterson. Yes, sir.
    Senator Coburn. That is not a clear part of this statement.
    General Patterson. Yes, sir. And since that was dated in 
November, and in early December, we had a conversation with 
most of our vendors, telephonically, to tell them that we would 
be coming out with new instructions about how they would engage 
and to be prepared for that. So, yes, sir, it is evolving.
    Senator Coburn. OK. So right now, if an event happened 
today, they would be following this, not what you testified?
    General Patterson. No, sir. They would continue to engage. 
Their first priority is the safety of the folks that are in 
that building. So they are going to keep people from coming in, 
and they are going to help folks to get out.
    Now, if they come into contact with a shooter, they will 
engage. What they will not do today is pursue the active 
shooter.
    Senator Coburn. I understand that.
    General Patterson. Yes, sir.
    Senator Coburn. What I am saying is it is not clear to me 
in terms of reading this letter that says they will engage.
    General Patterson. OK. I will have to take a look at that.
    Senator Coburn. Well, this is what you all put out November 
22, and that is the important thing.
    One other area I want to cover with you, General Patterson. 
Do we direct FPS-contracted security to do joint exercises with 
local law enforcement? In other words, a dry run--much like 
Senator Heitkamp said.
    General Patterson. Yes, sir. What we do is when we conduct 
an exercise, we conduct a lot of exercises--in fact, we conduct 
a number of active-shooter training exercises in Federal----
    Senator Coburn. You are missing my point. Do we require our 
contractors----
    General Patterson. Yes, sir. I was going to get to that.
    Senator Coburn [continuing]. To do joint training with 
local law enforcement?
    General Patterson. Well, they will do it when we do it.
    Senator Coburn. No. But I am saying, is it a requirement of 
their contract to do joint training with local law enforcement 
so that we have dry runs, so that everybody is coordinated, 
going back to what Senator Heitkamp said?
    General Patterson. Right. Yes, sir. Their exercise will be 
part of our exercise as we practice with local law enforcement.
    Senator Coburn. OK. But you are not in every one of these 
buildings, and you are not going to have an exercise in every 
one of these buildings.
    General Patterson. That is true.
    Senator Coburn. As a matter of fact, that is what the 
record shows.
    General Patterson. That is true.
    Senator Coburn. So is it not the fact that you have 
actually directed these contractors not to do joint training 
with local law enforcement?
    General Patterson. No, I would not say that we have 
directed them not to do joint training. The fact is, Senator, 
at this point we do not have anything specifically that 
addresses joint training with local law enforcement in our 
contracts. But I will have to get back with you on that. I do 
not have the contract before me, so I would have to take a 
look.
    Senator Coburn. Senator Heitkamp.
    Senator Heitkamp. I was not intending on following up, but 
I do want to kind of pick up from where Senator Coburn has 
taken the discussion, which is security is--I guess if I can 
just say it this way--best done when it is clear that this is a 
high priority. And, it concerns me that public employees and 
really the public see someone sitting at a desk, and they are 
usually uniformed, and there is an assumption that there is a 
bevy of powers that comes with that and that there is an aura 
of protection that goes with that. And if it does not include 
engagement, if it does not include having folks who are at 
least capable of some kind of immediate intervention, and if 
those roles are not clear, I think we have left the wrong 
message with a lot of people in the public.
    And so I would like to know--for many of these buildings, 
there was not any kind of electronic screening or X-ray 
machines at the Navy Yard. Correct?
    General Patterson. I do not know.
    Senator Heitkamp. You could just walk--I mean, if you 
scanned in through the turnstile and, kind of waved and signed 
in and that was it, right?
    Mr. Lewis. Yes.
    Senator Heitkamp. OK. Now, this is a building that has 
thousands of public employees. I can understand that if you are 
looking at the building that houses the public employees for 
the Farm Service Agency in Watford City, North Dakota, you 
might not want to put any kind of screening device. But for a 
building that houses and employs--where thousands of employees 
come, it seems like there might be some cost/benefit in safety 
in looking at electronic surveillance. There might be some 
cost/benefit in providing law enforcement-trained people at the 
front to engage, that we might look at those kinds of 
procedures. And I do not hear that today.
    I thought I was going to hear that we are looking, doing 
cost/benefit analysis, and it is not that my folks in Watford 
City are not important. But I do not expect you to hire a law 
enforcement-trained guard to protect the one person that works 
there. I do not expect that. But I might expect you to think 
about doing that in a building that houses thousands of people 
in a city that frequently is a target symbolically of terrorism 
or these kinds of attacks.
    I really would ask you guys to just go back and rethink 
what you are saying today about how you can enhance security 
looking beyond simply kind of continuing the process that you 
have engaged in today.
    General Patterson. Ma'am, if I could address your concerns 
just for a minute. We are actually doing due diligence in 
pursuing this matter. We are working aggressively with the 
vendors, one, to look at what authorities the States entitle 
them to relative to engagement. We are also looking within the 
Department to look at what authorities might be levied where we 
could render to these folks relative to legally from the 
Federal sector. So we, in fact, are looking at how we might 
address this moving into the future, because we realize it is a 
concern.
    One of the other things that I spend a lot of time doing is 
engaging with the Federal executive boards across the country, 
looking at what are some of the challenges that they are 
having, what are the concerns from their people in these 
facilities, and how can we provide better training, more 
training, additional training to those folks in the facility as 
to how to respond to an active shooter, because that is very 
important as well. How do we get people out of harm's way when 
they recognize that there is an event in progress?
    So I would tell you we are looking at this. We are taking 
it very seriously. It may not come across that way in some of 
the testimony that we are providing, but I can tell you that we 
are spending a lot of time with our contractors, a lot of time 
with legal, to find out what is that middle ground, what is 
that ground that we can take, because ultimately we have to 
figure out who is going to bear the cost of this. And how can 
we do this in fundamentally a smart way, an effective way, an 
efficient way, but still provide the same result or similar 
result of protecting the folks in those facilities?
    Senator Heitkamp. All right. Not to belabor this, but it 
just seems like if I were looking at this and I was sitting in 
any of your shoes, I would say I have 1,000 people that work in 
a building in a city that is a target. We do not have screening 
devices, and we do not have law enforcement-trained guards. 
Maybe we ought to rethink that as a strategy.
    Ms. Durkovich. So if I may address that, when we set the 
facility security level, as part of the recommended security 
practices, if you are a Level 3 or above, for example, we will 
at a minimum recommend that there are guards onsite at the 
facility. As you move up, so, for example, in any of the 
headquarters buildings again that you see along Constitution 
Avenue, you will find advanced screening techniques--
magnetometers, you have to run your bags through--similar to 
what happened when we walked in the building today.
    To your point, as we go down to those storefronts out in 
the States, that is where you will not see that level of 
security. But based on what your facility security level is, 
there is a standard that goes with that security, and that is 
part of what the Interagency Security Committee does, is make 
recommendations. And, again----
    Senator Heitkamp. Secretary, back to that point, you make 
recommendations, and there is no mechanism to mandate that 
those recommendations are carried out. Is that what we are 
hearing today?
    Ms. Durkovich. We do not have a formal compliance mechanism 
to monitor what has been adopted, yes.
    Senator Coburn. If I may, I just want to clarify. General, 
what I am asking you specifically on the GAO recommendations is 
the dates at which you submitted, the dates that were cleared 
on just the 2010 through 2012 GAO recommendations.
    General Patterson. 2010 to 2012.
    Senator Coburn. And then a question for Secretary 
Durkovich. Is it public knowledge what Federal buildings are 
rated what? Can I go on a website somewhere and find that out?
    Ms. Durkovich. It is not public knowledge.
    Senator Coburn. So I could not find----
    Ms. Durkovich. We can make that available to you, but it is 
not public, no, because it presents a security risk as well.
    Senator Coburn. Sure. I understand that. That is why I 
asked the question. Thank you.
    Chairman Carper. I want to stick with the matter of GAO 
recommendations. GAO does very good work. They have a lot of 
people, but they have a whole lot of work to do, and they 
frankly have not been getting the kind of resources they need 
to do all that we are asking them to do.
    Just describe for me, one or both of you--we will start 
maybe with General Patterson. Explain to us the process. GAO 
comes in. They are looking at the work that is being done, how 
it is being managed, funded, and so forth. And they make 
recommendations. Just describe the process, the give-and-take 
before they actually finalize their recommendations, please.
    General Patterson. I am sorry. Could you----
    Chairman Carper. The process, just describe for us the 
process whereby GAO comes in, examines what is being done.
    General Patterson. Right.
    Chairman Carper. Makes tentative recommendations. You have 
the opportunity, I presume, to respond to that, and then they 
finalize that.
    General Patterson. Yes, sir.
    Chairman Carper. What we do here, we use the GAO 
recommendations, especially their high-risk lists that they put 
out at the beginning of every 2 years. We almost use it as a 
to-do list for us as we do our oversight and work in 
conjunction with them. Just describe the back-and-forth that 
leads to the issuance of a recommendation. I think you said 
there were 26 of them that you mentioned?
    General Patterson. Yes, sir.
    Chairman Carper. And about 13 of them have been responded 
to.
    General Patterson. Yes.
    Chairman Carper. And about half of those 13 have been, if 
you will, accepted. I am just interested in the process.
    General Patterson. Yes, sir. Well, the process, when the 
GAO makes a recommendation, one of the first things that we do 
is we sit down with my staff to take a look at what is the 
genesis and what is the challenge here and what is the 
background on the recommendation. And then we move forward to 
look at how we are going to resolve the challenge that GAO has 
brought forward.
    What I have recognized is that some things we can handle 
and move forward pretty quickly. Other things not so, only 
because it would require extensive resources and we have to 
figure out how we do that.
    For instance, one of the challenges that we have is that we 
have 13,000 PSOs, guards, that we have oversight responsibility 
for, but we do not have the technology right now available to 
oversee them when they come to work, when they check in, and 
when they leave, to make sure that their certifications are up 
to where they need to be and so forth.
    So one of the challenges that I have set forth for my staff 
and for the agency is to come up with a technology-based system 
that will allow us to move forward with that, to figure out 
when a PSO is on post, when he swiped in, when he swiped out, 
and to ensure that he or she has the proper certifications 
because that is one of the challenges that GAO has brought 
forward, because we only have 600 law enforcement folks out 
there to do this for 13,000 guards, it presents a bit of a 
challenge.
    These 13,000 guards probably generate about 170,000 records 
that we must review over a period of time. So what we are 
looking for is an automated process to help with that. So we 
are engaged with DHS Science and Technology to help us begin to 
look for ways, and some off-the-shelf technology possibly, 
recommendations that we can begin to put into place that will 
allow us to better oversee these 13,000 guards.
    So it is challenges like that that keep us from moving 
forward as expeditiously as we would like to.
    Senator Coburn. Let me raise a question about that. You 
have 13,000 contracted guards.
    General Patterson. Yes, sir.
    Senator Coburn. And you have 600 people working directly 
for you----
    General Patterson. Yes, sir.
    Senator Coburn [continuing]. That are law enforcement 
officers.
    General Patterson. Yes, sir.
    Senator Coburn. That is less than 22 people a person.
    General Patterson. Yes, sir.
    Senator Coburn. We need an automated system to do that? 
What about random audits? How about firing a contractor who 
does not perform?
    General Patterson. We do random audits, sir. Every one of 
my regions is responsible for doing 10 percent to 20 percent 
random audits per month. Part of the challenge, though, sir, is 
that because there are so many records, we can do an audit 
today, but tomorrow or within the next month, the individual 
may lose his certification based upon expiration of time or 
having to recertify and so forth. So allowing us to automate 
our records would help us tremendously in better overseeing 
this process.
    Senator Coburn. Why should you automate it? Why shouldn't 
you force your contractors to automate it and present it to 
you?
    General Patterson. That is an option, yes, sir.
    Senator Coburn. It is not an option. It is the only common-
sense thing you would do. If you want to contract with the 
Federal Government, you will demonstrate that the people that 
you have there are certified and compliant. And then you audit 
whether or not they are telling you the truth rather than spend 
a whole bunch of money, us running all 13,000 people when they 
are really not our employees. They are contract employees for 
somebody that took a contract to guard a building. Again, it 
goes back to contracting.
    General Patterson. Yes, sir.
    Senator Coburn. Putting in the contract what you expect of 
the contractors to supply, which is certified people doing 
their jobs.
    General Patterson. And many of the contractors do have an 
automated process. However, from time to time we do find 
discrepancies in their recordkeeping.
    Senator Coburn. Good. So then you would fire that 
contractor, and that is what you put in the contract as a 
reason for you to lose the contract, and oh, by the way, we 
will have somebody else to have this contract next time.
    General Patterson. Yes, sir.
    Senator Coburn. These are not non-lucrative contracts. They 
are making money off of every hour every guard works.
    Chairman Carper. I want to----
    Senator Coburn. I ask unanimous consent that this be made 
part of the record.
    Chairman Carper. Without objection, this letter\1\ will be 
made part of the record.
---------------------------------------------------------------------------
    \1\ The letter referenced by Senator Coburn appears in the Appendix 
on page 254.
---------------------------------------------------------------------------
    Chairman Carper. I want to pivot a little bit here and just 
say as a defense contractor with a valid Department of Defense 
ID card, Aaron Alexis was allowed access to the Washington Navy 
Yard, as we know. And like many employees in other workplaces, 
he was considered a trusted employee, not screened for any 
weapons. Unfortunately, workplace violence continues to be a 
threat.
    I just want to start with you, Mr. Lewis, if I could here, 
but could each of you answer really the following two 
questions? The first question is: Do you believe that we should 
consider screening employees as well as visitors at Federal 
facilities?
    Second, is there any potential downside to screening 
employees? And I would like for each of you to answer that. Mr. 
Lewis, if you would start first.
    Mr. Lewis. Current DOD policy does not require that type of 
screening where someone goes through a metal detection device. 
But it does allow for random selection of individuals for that 
type of screening. So there are procedures in place, there is 
the option in place, and again, we rely on the judgment of the 
installation commander to make a determination as to what is 
appropriate under the local circumstances.
    The drawback to screening every employee coming through is 
the negative impact on mission accomplishment, and there are 
facilities where there are 10,000 employees coming through 
often in roughly the same window, and screening every single 
employee would be disruptive to getting the work done. And that 
is the balance, factoring in cost and mission accomplishment 
against screening every employee.
    Chairman Carper. All right. Thank you.
    Mr. Patterson.
    General Patterson. Yes, sir. I think it is something I am 
sure can be considered. We put a lot of trust in the system 
that we have. We put a lot of trust in the fact that we do 
background investigations, and once a background investigation 
is completed, we believe that the individual that has received 
that background investigation is trustworthy.
    So if we decide that we do not believe in that background 
investigation, that may be the time we start looking at a 
system where we screen all of our employees as they come in. It 
is a way to begin to mitigate, some of the risk, but, again, I 
think it would be something that we would have to think through 
very carefully.
    I know that in some of our facilities we have both. In the 
Department of Transportation (DOT), they screen everybody in 
their headquarters building. In other facilities, they only 
screen the visitors that come through. So to date, in most of 
our facilities we have not had a problem with our employees or 
with the folks who have been screened.
    If we decide that we are going to screen, then it might be 
a bit of a challenge only because it is a new process, and that 
process will require a longer processing time for our folks to 
get through. So we would have to carefully work with GSA and 
others in how we organize that flow because at 8 o'clock in the 
morning when you have literally hundreds of people entering a 
building and when they are accustomed to just moving through 
and showing their badge based upon a security clearance, it 
could create a challenge.
    Chairman Carper. All right. Secretary Durkovich, same 
question, please.
    Ms. Durkovich. So as I mentioned, the Interagency Security 
Committee has put some thought through at least how we go about 
screening visitors as they enter into our Federal facilities, 
and part of that is based again on the facility security level. 
I would agree with my colleague Director Patterson in that we 
have to have trust in the system. And at the Department of 
Homeland Security, in addition to evaluating who has 
clearances, we also ensure that employees and contractors who 
are affiliated with the Department also undergo a suitability 
determination.
    I think in order to ensure that there is not a negative 
impact on the mission, and we have to account for the fact that 
there are resource implications but opportunity costs 
associated with screening employees that, I think the system 
that we have in place works overall. And unfortunately we do 
have incidents where I think it is incumbent on us to look at 
those incidents and to make sure that we are leveraging the 
lessons learned so we make sure that it does not happen again.
    But I think that overall there is a downside to screening 
employees. As you know, sir, from your oversight of the 
Department, we all have taken on an awful lot of work to ensure 
the safety and security of the American people and that its way 
of life can thrive, and that any impediment or obstacle to 
allowing our employees to do their important job every day is 
an impact on the mission. And we have processes in place that 
allow us to ensure that we have employees who represent the 
highest standards and that we should continue to trust in that 
system as opposed to screening everyone.
    Clearly, at certain facilities we do have measures in 
place, as Director Patterson recognized. When I got to the 
Nebraska Avenue Complex (NAC) every day I have to show--not 
only swipe my badge but show my badge. There is a physical ID. 
If I am bringing a vehicle on to the premises, there are dogs 
and there are vehicle searches that happen. So there are, 
again, depending on the level of facility, different layers of 
security. But in terms of actually putting people through, no.
    Chairman Carper. OK. Thanks.
    Before I recognize Senator Ayotte for any questions she 
might like to ask, let me just ask one last quick question, and 
I will ask you to be very brief.
    Some of you have been before us before, and I like to ask 
so much of what you are expected to do and those who work for 
you are expected to do to meet your responsibilities. What can 
we do here, just maybe give me one good idea of what can we do 
in the legislative branch to better ensure that you are able to 
meet the responsibilities that have been placed on you for 
workplace protection.
    And while you are thinking about that, I will just mention 
this. Today Senator Ayotte and I and our colleagues are 
debating a budget resolution, if you will, a framework for a 
spending plan for the Federal Government for the balance of 
this fiscal year. It does a number of things. I think there are 
three things we ought to do for deficit reduction, at least 
this makes it really simple:
    No. 1, entitlement reform that saves money, saves the 
programs, does not savage old people or poor people;
    No. 2, tax reform that eliminates a number of our tax 
expenditures. We have a lot of them, some of which have met 
their purpose, have long met their purpose, and they need to be 
retired or modified. But use some of the revenues that we 
generate to reduce corporate tax rates and use some of the 
revenues for deficit reduction;
    No. 3, just look at everything we do and say across the 
Federal Government how do we get better results for less money 
for everything we do.
    Those are three things that I continue to harp on, but one 
of the things that we do with the budget resolution, if you 
will, an omnibus appropriations bill, or separate 
appropriations bills that follow, is that we move away a little 
bit from sequestration, across-the-board cuts, to allow 
agencies and departments to better say this is the way we need 
to allocate resources. Hopefully that is something that will 
enable us to look at risk, look at areas of risk, put more 
money there, and areas of less risk, because able to put less 
money there. But in terms of what we can do to help you do your 
work better, each of you just give us one good idea, and just 
be very brief.
    Ms. Durkovich. I will start, and in some ways, sir, you 
have answered my question, or you have given my response, and 
it is recognizing that in this country there are a number of 
risks that we face. It is a large country, and part of the 
conversation that we have to have as both the Department of 
Homeland Security, as an administration, as law makers, and 
with the American public is we cannot mitigate every threat. 
And so it is our understanding that those are going to have the 
most significant consequences and ensuring that we are having a 
conversation about how we go about mitigating them, that we 
have the resources, the personnel to go about doing that. So 
having the conversations that we have today and over the course 
of time is I think what is critical.
    You have already taken steps by moving away from 
sequestration. That will be helpful to us as well. But, again, 
I think that recognizing that we have to manage risk and that 
we cannot prevent every incident, and as long as we are 
adapting, that is what is key.
    Chairman Carper. OK. Thank you. General.
    General Patterson. Yes, sir. The Federal Protective Service 
is in----
    Chairman Carper. I am going to ask you to be very brief.
    General Patterson. Yes, sir FPS is--in a fairly unique 
position in that we have to work and weave our way through both 
State, local, Federal, and civilian contractor environments, 
and we do that with a very small force. Your support in helping 
us to move through and navigate through some of those areas is 
critical, because we are trying to look out and predict, what 
is coming down the road to keep our people safe, and we really 
need the support of folks like yourself and this Committee to 
help us work through some of these challenges.
    Chairman Carper. All right. Thank you.
    Mr. Lewis, same question. A very brief response, please.
    Mr. Lewis. We believe that continuing to evaluate those 
employees who have access to classified information and to our 
facilities is critical, and we need to have the resources to be 
able to conduct those evaluations, and we need to have access 
to records that are sometimes publicly available, sometimes not 
publicly available, in order to do those evaluations. And 
general support for that approach to doing business I think is 
essential.
    Chairman Carper. All right. Thanks. Thanks so much.
    Senator Ayotte, welcome. Before you arrived, I was saying 
to Senator Heitkamp who was here that we are blessed in this 
Committee to have not one, not two, not three--we used to have 
four with Jeff Chiesa--Attorney Generals, former State Attorney 
Generals on this Committee that really add a great deal of 
expertise in this particular area. So welcome.
    Senator Ayotte. Well, thank you, Mr. Chairman. I want to 
thank the witnesses for being here.
    I wanted to followup with you, Mr. Lewis, and ask you about 
how other DOD policies might affect the security clearances at 
facilities and then those who can gain access to them, in 
particular, just a thought of whether there are any DOD 
regulations that need to be reviewed or revised, for example, 
the current discharge regulations and how they are implemented.
    As I understand it, in the case of Mr. Alexis, had he been 
dishonorably discharged, that would have raised a flag, and 
that obviously would have gone right directly to his fitness to 
hold the security clearance.
    Could you help me understand, in light of this case, is 
this something that we need to think about? And one of the 
things that I am wondering about as well is the whole breakdown 
with the reach-out. Obviously that was beyond--but is there 
anything that we need to do on the mental health end here 
looking back on this? And I understand that 20/20--it is always 
20/20 when you look back at something and you can see things 
that you did not see at the time. But what I am trying to 
understand, is there anything that we need to look at 
internally on those two issues from the DOD perspective or 
anything we can do--I also serve on the Armed Services 
Committee--working jointly, the committees, that we should be 
doing?
    Mr. Lewis. I do not believe that there are issues with how 
the discharges occur, and not to get into specifics, but 
generally based on what was known at the time of the discharge, 
it was not considered to be an unusual determination as to an 
honorable discharge in that particular case.
    But the larger issue is how do we collect--how do we 
identify and collect relevant information that allows us to 
constantly adjust our perspective about cleared individuals and 
individuals who are in trusted positions? And that is really 
the challenge.
    I hate to keep blowing the same horn, but the continuous 
evaluation process of not just collecting the information but 
having the staff available to evaluate the information and take 
action on that information, to me that is the real issue here.
    Senator Ayotte. Well, I appreciate it. Then, of course, 
Senator Collins, Senator McCaskill, Senator Heitkamp, and I 
also have one where there would be random checks that I think 
is important as well, after you receive your security 
clearance. It is a pretty lengthy period right now upon which 
there is a review unless there is a reason that something is 
flagged.
    I wanted to ask also, General Patterson, what do you see as 
we look at this whole situation now with what is happening at 
the Navy Yard that you are already implementing to make sure 
that we do not find ourselves in the same situation? We can 
obviously legislate, but I know you are reviewing the whole 
situation and understanding what steps you are already taking 
in a positive fashion that you can talk about here?
    General Patterson. Yes, ma'am. Within the Federal 
Protective Service, we are working very closely with our 
Federal partners to look at processes and procedures for folks 
coming and going into Federal buildings. But we are also 
looking at our communications processes as well. One of the 
challenges during the Navy Yard was just the fact that so many 
agencies responded, just the level of communication and how do 
you do that. And so we are looking aggressively at how we do 
that, not just in the Washington, DC, area but across the 
United States, because in a crisis situation, communication 
becomes critical, and as such, good, timely communications is 
essential, hopefully, to a positive result.
    So we are looking in a variety of areas and taking lessons 
from the Navy Yard as to how we improve processes across the 
spectrum within the Federal Protective Service.
    Senator Ayotte. Thank you very much.
    I also wanted to ask you, General Patterson, is it accurate 
to say that FPS does not use a risk assessment tool consistent 
with the Interagency Security Committee's standards? I am 
trying to understand where we are with this, and I know that 
there was also a report from GAO that FPS' interim facility 
assessment tool was not consistent with the assessment 
standards because it excludes consequence from assessments. And 
I want to understand if there is a difference, why is it there? 
Is it something that we should be more uniformly putting in 
place? Or is there a reason for it?
    General Patterson. There is a reason, and we have just 
built the Modified Infrastructure Survey Tool (MIST), and that 
particular tool was developed with the Infrastructure 
Protection folks, within the Department who had developed a 
tool over a period of about 6 or 7 years. And we thought that 
this was a tool that we could modify because it brought what we 
believe are all of the areas of the ISC requirements to bear.
    Now, with our tool we look at specifically vulnerability. 
That is what the tool is structured for, to look at the 
vulnerability of a facility. Separate from the vulnerability 
piece, we also do a threat assessment. We connect with the 
Joint Terrorism Task Force (JTTF), with local law enforcement, 
with any number of agencies out there to get what we believe is 
a very in-depth, comprehensive perspective on the threat that 
we also provide to our Federal partners.
    The piece that is not part of the process is the 
consequence piece, and it is not part of that process because 
we have not figured out how to do that yet within a Federal 
facility.
    Senator Ayotte. What does that mean? Just so we understand.
    General Patterson. Well, that is one of the things we are 
working with the ISC to help us better define. When you are 
asking for a consequence within the Federal sector, what is it 
you are looking for?
    We know that when we help a Federal partner to begin to 
pull together and understand their emergency occupancy plans, 
we help them to understand and we go through the consequence 
piece, and when they are looking at establishing the facility 
security level, we are also looking at the consequence piece 
there. We have not figured out yet how to incorporate that in 
an automatic method that will allow us to provide a reasonable 
and rational meaning to consequence to, let us say, 10 tenants 
of a leased facility. We are fairly certain that folks like the 
IRS and Social Security and others have stepped through the 
consequences of losing a facility in the event something 
happened to the facility. But we have not figured out yet how 
to incorporate that into a tool, and that is something we are 
working with the ISC to figure that out.
    Senator Ayotte. OK. I appreciate your answer, and I want to 
thank all of you. We look forward to working with you on this 
important issue. Thank you.
    Chairman Carper. Thank you, Senator Ayotte.
    At this point I am going to excuse this first panel of 
witnesses and thank you again for being here. Thanks for the 
work you are doing.
    I would just say as you head back for work from here, just 
keep in mind all those people, the hundreds of families who 
lost loved ones in Oklahoma City in that bombing. Keep in mind 
those at Fort Hood who lost their loved ones. Keep in mind, if 
you will, the families of the 12 men and women who died at the 
Washington Navy Yard. And just think of them as they celebrate 
Christmas or some other holidays, the families sitting around 
the Christmas tree, their dining room table, and there is 
somebody missing.
    We need to do our dead level best every day to ensure that 
those number of empty chairs, people that are not around 
because of a tragedy like the ones I have just mentioned, keep 
them in mind, keep their families in mind and let that just 
energize our efforts going forward. This is not just about 
process. This is not just about GAO recommendations and 
complying with those recommendations. This is about saving 
people's lives and making sure they have a good life and a 
chance to share that life for a long time with their families. 
Take that with you. Thank you. [Pause.]
    To our second and final panel, welcome. We are glad you 
could join us. Let me just very briefly introduce you, and then 
we will welcome your statements and have a chance to ask some 
questions.
    Our first witness is Mark Goldstein. Mark is the Director 
of Physical Infrastructure Issues for the U.S. Government 
Accountability Office, as we mentioned earlier, is the 
investigative audit arm of the U.S. Congress. We are grateful 
for the work that you and your colleagues do. Mr. Goldstein is 
responsible for GAO's work in the area of government property, 
critical infrastructure, and telecommunications.
    At the request of this Committee and I think other 
congressional committees, GAO has conducted 12 reviews of 
Federal facility security since the Federal Protective Service 
became part of the Department of Homeland Security in 2003. GAO 
reports have focused on oversight of contract guards, facility 
risk assessments, cooperation with local law enforcement, 
planning and budgeting for security, and challenges hampering 
the protection of Federal agencies.
    Our second witness is Stephen Amitay. Is the emphasis on 
the first syllable?
    Mr. Amitay. Yes.
    Chairman Carper. Oh, good. Amitay. Stephen Amitay, 
Executive Director and General Counsel for the National 
Association of Security Companies. Mr. Amitay has led the 
association's efforts working with Congress, with Federal 
agencies, and the Government Accountability Office on programs, 
on legislation, and other issues related to facility security 
since 2006.
    Our final witness is David Wright. Mr. Wright is the 
President of the National Protection and Programs Directorate 
Union, American Federation of Government Employees. Mr. Wright 
has served in his present capacity I believe since 2006, and 
Mr. Wright is a 27-year veteran of the Federal Protective 
Service. His last 12 years he served as an Inspector, performed 
myriad responsibilities necessary to that position, from 
responding to crimes to overseeing contract guards to 
performing facility security assessments. Mr. Wright brings a 
wealth of field experience before this Committee, and he has 
worked with the agency and Congress to find solutions to many 
of the challenges that face the Federal Protective Service. We 
thank you for all of that.
    We welcome you all. You will each be invited to summarize 
your prepared statement. We would ask you to take about 5 
minutes, and your entire statement will be made part of the 
record, as I indicated to the first panel. So thank you for 
joining us today.
    Well, let me ask a question. Here is the first question: 
Were you all here for the first panel? Raise your hand. Ah, 
good. OK. That is great. Thanks. Thanks for staying for yours.
    All right. You are recognized, Mr. Goldstein.

     TESTIMONY OF MARK L. GOLDSTEIN,\1\ DIRECTOR, PHYSICAL 
  INFRASTRUCTURE ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Goldstein. Thank you, Mr. Chairman and Members of the 
Committee. Thank you for the opportunity to testify this 
morning on issues related to the Federal Protective Service and 
the protection of Federal buildings.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Goldstein appears in the Appendix 
on page 210.
---------------------------------------------------------------------------
    As part of the Department of Homeland Security, the Federal 
Protective Service is responsible for protecting Federal 
employees and visitors in approximately 9,600 Federal 
facilities under the control and custody of the General 
Services Administration. Recent incidents at Federal facilities 
demonstrate their continued vulnerability to attacks or other 
acts of violence. To help accomplish its mission, FPS conducts 
facility security assessments and has approximately 13,500 
contract security guards deployed to Federal facilities.
    My testimony this morning discusses challenges that FPS 
faces in, first, ensuring contract guards are deployed to 
Federal facilities and properly trained; and, second, 
conducting risk assessments at Federal facilities. It is based 
on GAO's work issued from 2008 through 2013 on FPS' contract 
guard and risk assessment programs and preliminary results of 
GAO's ongoing work to determine the extent to which FPS and 
select Federal agency facility risk assessment methodologies 
align with Federal risk assessment standards. Our findings are 
as follows:
    First, FPS faces challenges ensuring that contract guards 
have been properly trained and certified before being deployed 
to Federal facilities around the country. In our September 2013 
report, we found that providing active-shooter response and 
screener training is a challenge for FPS.
    For example, according to guard companies, at five guard 
companies, their contract guards have not received training in 
how to respond during incidents involving an active shooter. 
Without ensuring that all guards receive training in how to 
respond to incidents at Federal facilities involving an active 
shooter, FPS has limited assurance that its guards are prepared 
for this threat.
    Similarly, an official from one of FPS' contract guard 
companies stated that 133, about 38 percent, of its 350 guards 
have never received screener training. As a result, guards 
deployed to Federal facilities may be using X-ray and 
magnetometer equipment that they are not qualified to use, 
which raises questions about their ability to screen access 
control points at Federal facilities--one of their primary 
responsibilities.
    GAO was unable to determine the extent to which FPS' guards 
have received active-shooter response and screener training in 
part because FPS lacks a comprehensive and reliable system for 
guard oversight. FPS agreed with GAO's 2013 recommendation that 
they take steps to identify guards that have not received 
training and provide it to them.
    GAO also found that FPS continues to lack effective 
management controls to ensure its guards have met its training 
and certification requirements. For instance, although FPS 
agreed with our 2012 recommendation that it develop a 
comprehensive and reliable system for managing information on 
guards' training, certifications, and qualifications, it does 
not yet have such a system.
    Second, FPS also continues to face challenges assessing 
risk at Federal facilities. GAO reported in 2012 that FPS is 
not assessing risk at Federal facilities in a manner consistent 
with Federal standards. GAO's preliminary results from its 
ongoing work on risk assessments at Federal facilities 
indicates that it still is a challenge for FPS and several 
other Federal facilities.
    Federal standards, such as the National Infrastructure 
Protection Plan's risk management framework and ISC's risk 
assessment provisions, state that a risk assessment should 
include threat, vulnerability, and consequence assessments. 
Risk assessments help decisionmakers to identify and evaluate 
security risks and implement protective measures to mitigate 
that risk. Instead of conducting risk assessments, FPS is using 
an interim vulnerability assessment tool, referred to as the 
Modified Infrastructure Survey Tool to assess Federal 
facilities until it develops a longer-term solution. However, 
MIST does not assess the consequence--the level, duration, and 
nature of potential loss resulting from an undesirable event. 
Risk assessment experts GAO spoke with generally agreed that a 
tool that does not estimate consequences does not allow an 
agency to fully assess its risks. Thus, FPS has limited 
knowledge of risks faced at about 9,600 Federal facilities 
around the country. FPS officials stated that they did not 
include consequence information in MIST because it was not part 
of the original design. GAO will continue to monitor this issue 
and plans to issue a report on this issue early next year.
    In response to our recent reports, DHS and FPS have agreed 
with the recommendations in our 2012 and 2013 reports to 
improve FPS contract guard and the risk assessment processes.
    Mr. Chairman, this concludes my opening statement. I will 
be happy to answer questions you may have. Thank you.
    Chairman Carper. Good. Thanks so much, Mr. Goldstein.
    Mr. Amitay, please.

TESTIMONY OF STEPHEN D. AMITAY,\1\ EXECUTIVE DIRECTOR, NATIONAL 
               ASSOCIATION OF SECURITY COMPANIES

    Mr. Amitay. Chairman Carper, Senator Ayotte, my name is 
Stephen Amitay, and I am Executive Director for the National 
Association of Security Companies. NASCO is the Nation's 
largest contract security trade association whose member 
companies employ more than 300,000 security officers across the 
Nation servicing commercial and governmental clients, including 
numerous Federal agencies. NASCO works with legislators and 
officials at every level of government to put in place higher 
standards and requirements for security companies and private 
security officers.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Amitay appears in the Appendix on 
page 221.
---------------------------------------------------------------------------
    Of most relevance to today's hearing, since 2007 NASCO has 
worked with Congress, FPS, and GAO on issues and legislation 
related to the Federal Protective Service's Protective Security 
Officer Program. It was formerly called the Contract Guard 
Program. NASCO also worked with the Federal Interagency 
Security Committee on its 2013 best practices for armed 
security officers in Federal facilities.
    Not including the military services, there are 
approximately 35,000 contract security officers across the 
Federal Government, and the use of contract security is a 
proven, effective, and cost-efficient countermeasure to reduce 
risk and mitigate threats to Federal facilities.
    To further ensure security at Federal facilities, FPS and 
its security contractors need to work together to address 
issues and challenges with the PSO program that GAO has 
identified over the past several years. At the same time, 
improvements need to be made to other elements in the risk 
assessment and threat mitigation process for Federal 
facilities. These elements are governed by ISC standards; 
however, as GSA has found out and as we learned earlier today, 
often the requirements of the ISC standards are not met by 
Federal facilities.
    One critical element in this process is the decision to 
implement specific security countermeasures for each facility. 
In GSA-owned or--leased buildings, FPS is responsible for 
conducting the facility security assessment and recommending 
countermeasures. But, Mr. Chairman, as you noted in your 
opening remarks, the decision to implement those 
recommendations or, put another way, the decision to mitigate 
risk or accept risk is solely up to the Facility Security 
Committee, which is made up of representatives from facilities' 
tenant agencies.
    However, again, as GAO has found, ``tenant agency 
representatives to the FSC generally do not have any security 
knowledge or experience but are expected to make security 
decisions for their respective agencies.'' The lack of 
experienced decisionmakers on FSC is something that security 
contractors have witnessed firsthand, and it calls into 
question whether FSCs are making informed risk-based decisions 
regarding the mitigation or acceptance of risk.
    Of course, tightened budgets have also put pressure on 
tenant agencies to accept more risk. In the end, though, 
countermeasures deemed necessary for security should not be 
rejected because of either lack of understanding or an 
unwillingness to provide funding.
    NASCO supports requiring training for FSC members as well 
as DHS being able to challenge an FSC over noncompliance with 
ISC standards or decision not to implement countermeasures. 
Both these provisions were in legislation that was passed last 
Congress by this Committee.
    As to addressing the issues with FPS' PSO program that GAO 
has identified, as well as other issues with the program, while 
FPS' pace may not be as fast as GSA and security contractors 
would like, nonetheless FPS' commitment to improving the PSO 
program is unquestionable, and there has been substantial 
progress made.
    Since the appointment of Director Patterson, the degree of 
dialogue and breadth of cooperation between FPS and security 
contractors has been unparalleled, and currently FPS and 
security contractors are working on a host of initiatives to 
improve the PSO program.
    To address the lack of FPS personnel resources to provide 
critical PSO X-ray and magnetometer training, FPS is about to 
launch a pilot program developed with NASCO that will train and 
certify contractor instructors so that they can provide this 
important training. FPS is also moving to increase active-
shooter training for PSOs and, wisely, they are looking at what 
other Federal agencies are doing in this area as well as 
seeking input from security contractors.
    FPS is working with NASCO to revise and standardize the PSO 
training lesson plans and is planning to require that security 
contractor instructors be certified for all areas of PSO 
training.
    FPS is also coming out with a much needed revision of the 
Security Guard Information Manual (SGIM). The SGIM governs and 
instructs PSOs on how to act, and not following the SGIM is 
considered a contract violation. The format of this new version 
will also allow for making revisions as needed.
    One area that needs further review are the instructions 
related to a PSO's ability and authority to act and potential 
liability for acting in extreme situations such as active 
shooters. As is provided to contract security officers at some 
other Federal agencies, Congress might want to consider 
providing DHS with statutory authority to authorize PSOs to 
make arrests on Federal property.
    FPS is also working to improve PSO post orders and improve 
its management of PSO training and certification data. For this 
latter effort, NASCO strongly recommends that FPS explore 
commercially available technologies.
    In conclusion, much still needs to be done to address the 
PSO program issues raised by GAO. However, FPS has come a long 
way in the past decade with its contract security force. NASCO 
looks forward to continuing to work with FPS and Congress to 
improve the security at Federal facilities.
    Thank you.
    Chairman Carper. Mr. Amitay, thank you so much.
    Mr. Wright, you are now recognized.

TESTIMONY OF DAVID L. WRIGHT,\1\ PRESIDENT, FEDERAL PROTECTIVE 
   SERVICE UNION, AMERICAN FEDERATION OF GOVERNMENT EMPLOYEES

    Mr. Wright. Chairman Carper, Senator Ayotte, thank you for 
the opportunity to testify at this important hearing. I am 
David Wright, President of American Federation of Government 
Employees (AFGE) Local 918, which represents Federal Protective 
Service officers nationwide. I am also an inspector with the 
FPS. We are committed to the critical homeland security mission 
of securing our Nation's Federal buildings, but there are 
important issues that require resolution.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Wright appears in the Appendix on 
page 239.
---------------------------------------------------------------------------
    Federal employees and facilities are extremely vulnerable 
to attack from both criminal and terrorist threats. I want to 
assure you that my fellow FPS law enforcement officers are 
trained, equipped, and competent at responding to active-
shooter attacks, and I am appalled that bureaucracy and 
inefficiency restricted our FPS law enforcement officers, whose 
office is less than 1 mile away from the Navy Yard, from 
assisting with the pursuit of the active shooter. Basically it 
is because the Navy does not pay security fees to the FPS.
    Congressional review of physical security at Federal 
properties must be viewed in the context of the leadership 
required to accomplish the FPS mission, which, to say the 
least, remains unfocused, if not broken, at all levels. 
Physical security plays a significant role in protection of all 
occupants of Federal buildings, but the frustrating, 
inefficient, and outright wasteful bureaucratic system of 
implementing physical security countermeasures through a flawed 
facility security assessment process and implementation by 
facility security committees who have to divert their mission 
funding is eye candy and not true security. Security in the 
Dirksen Senate Office Building is not based on an individual 
Senate office's ability to pay. Why should other major Federal 
facilities be different?
    The FPS inspector workforce is constantly beleaguered by 
new and/or modified security assessment programs and individual 
conflicting management demands throughout the assessment 
process. I have lost confidence in the ability of the National 
Protection Programs Directorate to resolve this wasteful 
process.
    I understand that the Department's Science and Technology 
Directorate has offered to make the integrated rapid visual 
screening tool compliant with the ISC. It was tested by both 
the General Services Administration and officials at the 
Federal Protective Service. I think that would be a good start 
to remedying our assessment problems.
    Use of private contract security guards at major Federal 
facilities is a risk because they are basically limited to the 
arrest powers of a citizen. The proactive law enforcement 
patrol and weapons screening at this building is accomplished 
by Federal police officers who have the lawful authority to 
respond to active shooters. How can we demand less in Federal 
buildings with thousands of occupants?
    How well are the 740 or so boots-on-the-ground officers and 
agents doing--providing the critical law enforcement protection 
of Federal buildings overall quite well given the dynamic 
mission, the headquarters staff with very little field 
experience, and an inadequate field staff? How is FPS 
management doing? Not so well. Can do better? Absolutely. Any 
organization is in trouble when leaders are not held 
accountable. A recent Office of Special Counsel (OSC) public 
file disclosure reveals that a regional director violated rules 
when he arranged to buy a system from his neighbor on behalf of 
the government. The punishment of a 3-day suspension is the 
opposite of accountability. I have been told that there are 
other instances of misconduct by equal and even higher-ranking 
officials.
    After accountability is established, performance across the 
board can improve with focused professional and ethical 
management that builds on best practices in the regions. Give 
our inspectors and police officers adequate staff, tools that 
work, and direction on priorities, and we will make sure the 
job is done.
    In conclusion, the Federal employees and the public they 
serve deserve the best and most effective protection we can 
provide. They are not getting it now, and expeditious, sincere 
action by DHS and Congress is required. Once again, I thank you 
for this opportunity, and I am available for questions.
    Chairman Carper. Great. Mr. Wright, thanks very much for 
coming and for your service.
    I am going to yield to Senator Ayotte for the first 
questions of this panel. Senator Ayotte.
    Senator Ayotte. Thank you very much, Mr. Chairman. I really 
appreciate that.
    I wanted to ask Mr. Goldstein if--particularly on the GAO 
reports and what you have found, it really troubles me when we 
think about that there is no comprehensive--I believe you 
described it as strategy or oversight model, and then the fact 
that we are not sure how many people are receiving--there is 
certainly a category that are not receiving active-shooter 
training and/or screener training.
    From the GAO perspective what is your recommendation in 
terms of from the policy perspective how we can move this as 
quickly as possible to address this problem?
    Mr. Goldstein. Thank you, Senator. We have been very 
concerned that, with respect to both active-shooter training 
and training on magnetometers, FPS has not done a good enough 
job at ensuring that its contract guard workforce is able to 
get that training.
    One of the problems with the active-shooter training which 
I think people do not understand here, though, is that it is 
only a very small part of just one part of the training they 
receive anyhow. They get a kind of special training of 2 hours 
which covers special events of various kinds that might occur 
in a building. So out of the 120 hours of training that they 
receive overall, only 2 hours go to special events, and only a 
fraction of that 2 hours actually covers active-shooter 
training.
    So I think it is important to recognize that, for all 
intents and purposes, contract guards are not really getting 
active-shooter training for the most part. We are concerned 
that they do not have enough training in this area.
    The same is true for magnetometers. When GAO did its 
penetration testing of a number of Federal buildings back in 
2009 and penetrated all 10 buildings that we tried to get into 
in a variety of different cities with bomb-making materials, we 
found at that time that guards did not have the requisite 
training to be at post, and we find now several years later 
that many guards still do not have that training.
    Senator Ayotte. And these are the contract guards, correct?
    Mr. Goldstein. Yes, ma'am.
    Senator Ayotte. So let me ask Mr. Wright, with respect to 
the agencies that can pay the fee, how does your training 
differ? How did the training of the individuals that I 
understand would work--and maybe I have this wrong, but would 
work in the Federal Protective Service Union when we are 
looking at this training issue, do you know how the training 
differs?
    Mr. Wright. As Federal law enforcement officers, we 
complete our training at the Federal Law Enforcement Training 
Center----
    Senator Ayotte. So you would go through the same training 
as any Federal law enforcement officer?
    Mr. Wright. Yes.
    Senator Ayotte. OK.
    Mr. Wright. And there is a slight difference. We are 
talking contract guards. They are stationary at their post; 
whereas, our Federal Protective Service inspectors and police 
officers are mobile.
    Senator Ayotte. To the point of your testimony, if you were 
to provide the services, for example, at the Navy Yard that the 
Federal Protective Service--just so I understand, would you do 
more of a roaming capacity, is what you are saying? You would 
not do the person who stands--because the Capitol Police 
officers here, they actually stand at the magnetometer when we 
walk through, and I am just trying to understand physically 
what this would look like.
    Mr. Wright. Right, and I think that is the model that I 
would look for, is a model that works here at the Capitol and 
the Capitol buildings, that you would have Federal officers 
begin their career at the magnetometer, at the X-rays before 
they promote up and gain seniority and go out into the field.
    Senator Ayotte. And I want to understand, are there other 
agencies that, with regard to this training issue on the FPS 
contracting issue, is this something that we are facing beyond 
the Navy Yard? I mean, I assume that this contracting issue in 
terms of the training issue goes well beyond the Navy Yard 
facility. Is that true, Mr. Goldstein?
    Mr. Goldstein. The work we have done here really focuses on 
FPS, so I cannot comment more broadly. We have not looked at 
contract guard situations and what training they maybe----
    Senator Ayotte. So it would really just be focused here on 
the Navy Yard.
    Mr. Goldstein. Right, but we have found that the kind of 
training overall that FPS gives its contract guards, is similar 
to training given by DOE, by the National Aeronautics and Space 
Administration (NASA), by the Pentagon Force Protection Agency, 
State, Kennedy Center. So they are in line generally with the 
kinds of training that you would give to a contract guard at a 
Federal facility. The problem is implementing it. That is where 
we seem to see the fall-off, ensuring that the guards are 
actually getting that training.
    Senator Ayotte. So there is basically no accountability. In 
other words, we can check off the training box, but no one is 
saying this person actually has done it, that we are tracking 
them. I mean, basically in a law enforcement setting, you have 
to do a certain amount of training that you have to complete 
every year, and that is part of being in that position. That is 
not happening with this?
    Mr. Amitay. Well, excuse me. As Senator Coburn noted, those 
are contract requirements to have your protective security 
officers have the required training and certifications, and 
that would be a contract violation. So, you know----
    Senator Ayotte. So we are actually entering contracts where 
we do not have them required to train on screening and----
    Mr. Amitay. The requirements are in the contract.
    Senator Ayotte [continuing]. Active shooters?
    Mr. Amitay. With the X-ray and magnetometer training, 
that--of the 132 hours of required training for FPS protective 
security officers, the contract guards, 16 hours are provided 
by FPS, 8 of which is X-ray/mag screening. And FPS' inability 
for their personnel to be able to provide that training is an 
issue that the GAO has noted. But that is not a matter of the 
security contractors not providing the training that they are 
required to provide.
    Senator Ayotte. So we are not providing the training for 
the security contractors, but we should be reviewing these 
contracts to make sure that we are properly prioritizing what 
type of agreement we are brokering in terms of the requirements 
for background and training, shouldn't we?
    Mr. Goldstein. Yes, there are a couple of issues. One is, 
as Mr. Amitay says correctly, that the Federal Protective 
Service is not providing in many cases the training that they 
are obligated to provide under the contract.
    Senator Ayotte. Right.
    Mr. Goldstein. On the other hand, FPS is also not gaining 
the assurance that it needs that the contract guard companies 
themselves are providing the training that they are obligated 
to provide. They are not doing enough checks on the 
certifications.
    Senator Ayotte. And who is watching all this? I mean, isn't 
there supposed to be----
    Mr. Goldstein. I guess GAO----
    Senator Ayotte. But, I mean, you are watching it, but who 
within the chain of command, meaning the management of this, is 
making sure that it gets done?
    Mr. Goldstein. Each region is supposed to go through a 
process to assure themselves and do checks and do audits. Some 
regions have not done it. Some regions have not done it in a 
random fashion at all where they could really gain assurance. 
Some have done it. When we have gone in behind them and looked 
at what they have done, not only did we find our own breaches 
in many cases of guards standing post without the proper 
certifications and qualifications; we also found significant 
disparities between our review and the review that FPS had done 
as well.
    Mr. Amitay. I also think some of those disparities are 
disparities in the documentation per se, and I think there are 
instances where the guards have received the required training, 
they do have the required certifications, but there are issues 
with the documentation.
    For instance, with certain medical requirements, some 
statements of work require a licensed physician to sign off on 
those medical requirements. On others it could be a nurse 
practitioner. And GAO might come in and looking at what the 
current requirements are for licensed physicians and see that, 
oh, this PSO was signed off by a nurse practitioner; therefore, 
that is in violation.
    Senator Ayotte. Well, I know my time is up, but what we are 
talking about here, though, is the documentation on the 
training for, I assume, the most important focus here, the 
screening and active-shooter training.
    Mr. Goldstein. It was a wide variety of issues. We found 
not just the magnetometer and the active-shooter training, but 
we found 23 percent of files we reviewed contained no 
documentation for required training and certification in a 
variety of areas. This could be firearms training, or drug 
testing, and there was no indication that FPS had monitored 
firearms qualifications in 68 of the files we reviewed. So it 
is across the spectrum of the kinds of certifications guards 
need.
    Senator Ayotte. Well, my time is up, so I will thank you.
    Chairman Carper. Thank you. Thank you for those questions.
    I am going to ask two questions. The second question I am 
going to ask is when--in some sense, I like to ask when we are 
in a situation like this--a couple different panels, different 
points of view, a broad range of perspectives from which to 
testify and answer questions. I want you to each pick maybe 
one--or we will say two--go back to what you have heard one 
another saying in response to--well, it could just be your 
testimony, your response to our questions. Think back to the 
first panel, some of the things that they said, things they 
said in the testimony or in response to our questions, and just 
be thinking about takeaways for us on this side of the dais 
that you would just like to put an exclamation point behind, 
underline, and say as we go out of this room today, this 
hearing room, for God's sake, keep these couple of points in 
mind, these are really good takeaways. And that is my second 
question, so you can be thinking about that.
    The first question I have is for Mr. Goldstein, and we have 
already talked about this to some extent. I am going to come 
back and just revisit it very briefly. But in the past decade 
or so, you have overseen, I think, 12 independent reports of 
Federal facility security. You have looked at the armed guard 
programs. You have collaborated with State and local law 
enforcement in human capital planning. GAO has also conducted 
covert testing. You have talked a little bit about some of what 
is going on in Federal facilities. In other words, you actually 
tried to penetrate Federal facilities to test how secure they 
are, which is a little bit like what we do in the nuclear power 
plant world.
    Again, for the record, how would you assess Federal 
facility security today? Over 30,000 feet, how would you assess 
Federal facility security today, realizing this is on a time 
continuum, where we focus more and more on this going back to 
especially 1995 with the bombing in Oklahoma City? But how are 
we doing today? Is it getting better? Is it getting worse? Have 
we plateaued? Is it uneven?
    Mr. Goldstein. I think it is very uneven, Mr. Chairman. I 
think that, yes, there have been improvements since Oklahoma 
City and since the Twin Towers, of course. We have more focus 
on this area. We have more physical protections in many places. 
We have more intelligence as well. But some of the basic issues 
still remain unresolved, the kinds of issues that you have 
brought up and that some of your witnesses have brought up this 
morning. There is still inadequate attention to many of the 
things that are in the forefront of what we need to do in terms 
of getting into a Federal building and making sure not only 
that the people who stand on the front lines of Federal 
buildings are qualified to be there and can do the service that 
they are being paid to do, that taxpayers are paying them for; 
but more broadly that we are wisely using government resources 
in this area.
    Because we have not effectively adapted a risk management 
process to the Federal portfolio, virtually every building that 
is at a Level 3 or a Level 4 security risk is treated in the 
same fashion, and we do not prioritize across that portfolio in 
an effective way to make sure that we are effectively spending 
government resources. So I think we still have a long way to 
go, sir.
    Chairman Carper. All right. A followup question. If you 
maybe had to pick the next thing that the Federal Protective 
Service ought to be doing in order to further improve Federal 
facility security as expeditiously as possible--and I do not 
know if that is a fair question, but take a shot at it.
    Mr. Goldstein. Sure. I mean, we have talked a lot this 
morning about the two fundamental issues in our last report on 
risk assessments and on contract guards. And while they are 
moving slowly, I think they are trying to move in the right 
direction in both of those areas.
    I think the area that still bedevils the security community 
here and has come up a couple times is this three-legged stool 
between GSA, the facility Security Committees, and FPS, in 
trying to figure out the best way to get security at Federal 
buildings. Should there really be a very significant role for 
individual agencies within a specific building for people who 
do not have a lot of security background? Should they really be 
making decisions about the government's buildings?
    I do think while the ISC has developed standards to try and 
improve the level and effectiveness of the Facility Security 
Committees, that is an area that I think they still need to 
spend a lot more time in trying to figure out--is that really 
the best way that we can protect Federal buildings.
    Chairman Carper. OK. Good. Thank you very much.
    All right. Mr. Wright, I am going to ask you to respond to 
my first question. Again, a point or two that you would really 
like to say, for God's sake, if you forget everything else that 
you heard in this hearing, do not forget this. And there is 
probably more than a few things that we ought to keep in mind, 
and we will, but just one or two if you would.
    Mr. Wright. If you will indulge, the focus of this hearing 
was the Navy Yard tragedy, so just very clearly, right off the 
bat, in regards to active shooter, look at our jurisdiction and 
authority. Our guys responded to the Navy Yard. We were less 
than 2 minutes away, and we had people at the Department of 
Transportation facility right across the street ready to 
activate and use their training and equipment, and we were held 
back. So that is just real, low-level stuff.
    I need you to demand accountability. This Committee, as 
referred to by Mr. Goldstein, in 2009 after they penetrated 10 
of our buildings, our FPS Director sat here and committed to 
this Committee that he would fix the National Weapons Detection 
Training Program. To this day, that program is not complete.
    Chairman Carper. Are we making any progress?
    Mr. Wright. Uneven. It is scattered across the Nation. I 
think one of the big problems with FPS is you finally have a 
vision or at least somewhat of a vision at headquarters, and I 
guarantee you, once that vision leaves headquarters, it goes 
down to 11 different regions, I think three, four, five 
different Senior Executive Service (SES) officials, and the 
message gets lost, thereby once again reducing any semblance of 
accountability. We have 11 different regions and 11 different 
ways of doing business regardless of what our headquarters 
says.
    Chairman Carper. OK. Thank you. Mr. Amitay.
    Mr. Amitay. Yes, thank you. Going off what David just said, 
it is true that there is a vision now at headquarters. Part of 
that vision is to standardize the training, to increase the 
training, and the lines of communications with the regions do 
need to be improved. And that has always been a problem, 
though, with FPS, is the fact that it has had to deal with 11 
different regions.
    I think, though, you will see at FPS--David also mentioned 
the National Weapons Detection Training Program, which is 
basically the X-ray and magnetometer training for PSOs. That is 
a new program that will require 16 hours of initial training 
and then 8 hours of annual refresher training. Compare that to 
the current requirement of 8 hours of initial training, and 
then, essentially 8 hours that is combined with 40 hours of 
refresher training every 3 years. That is a positive 
development. The delivery of this training, though, that has 
been a problem, and it has been slow getting it out. And I 
think FPS realizes that the stretched-thin FPS inspectors 
really should not be doing training. That should not be their 
mission. And they are starting to turn this over to the--they 
want to turn it over to certified contract security 
instructors, and we think that is a great idea. That will allow 
for more cost-efficient and faster training.
    Also, in active-shooter training, definitely FPS needs to 
be doing more with that. I mean, other agencies are well ahead 
of FPS in terms of training their contract security officers to 
respond to active-shooter incidents. I have talked with several 
contractors, and they basically say that with those 
instructions and post orders, there really is some confusion 
for PSOs as to what they can do in an active-shooter situation.
    I mean obviously, as the instructions do say, when you are 
faced with an active shooter and the loss of life, you can 
engage them. But, are they able to be more aggressive in terms 
of maybe detecting an active shooter? If a person comes in, is 
being really suspicious, can they kind of get into the guy's 
face and see what he is doing?
    I have been told that at DOE the active-shooter policy for 
their contract security officers is basically do not let the 
threat continue, period.
    But I think FPS is working to improve the training, to 
bring it up to a higher quality. They are working also, as Mark 
said, to try to better monitor their certification and training 
records, and, Mark, stay on them with that, because we do think 
that there is technology out there. I sometimes cringe when 
they say, well, we are working with the Science and Technology 
Directorate to basically try to come up with a data management 
system, something that, as Mr. Coburn pointed out, the 
contractors must have and already do have. And so there should 
be greater integration in terms of a comprehensive data 
management system, so the FPS and contractors can know and GAO 
can know who exactly does have the required training and 
certifications.
    Chairman Carper. All right. Thank you.
    Mr. Goldstein, the last word.
    Mr. Goldstein. Thank you, Mr. Chairman. One quick 
clarification for Dr. Coburn's benefit. Regarding GAO's 
recommendations, there have been 26 between 2010 and 2013. By 
our records, only four are in process, and have only been in 
process for about 3 or 4 weeks when we received them, meaning 
that there are 22 still open. We will provide your staff with 
the exact information behind all those.
    Chairman Carper. Thank you. That is very interesting. Thank 
you for that clarification.
    Mr. Goldstein. Yes, sir.
    Just three brief points that have not been brought up too 
much this morning which I think are very relevant.
    The first, as Mr. Amitay has said, I think it is important 
that there be better clarity in terms of contractors' 
liabilities. We have interviewed dozens and dozens of contract 
guards over the last decade, all of whom have felt that they do 
not have clarity on what their roles and responsibilities are 
and when they can use force and when they cannot use force. And 
most have told us over the years that their companies have all 
but said, ``Don't you ever pull out your gun. Don't you ever do 
anything with it.'' So there is a lot of lack of clarity in 
this area.
    The second is the role of the inspector at the Federal 
Protective Service. It would be great if they were able, as Mr. 
Wright has said, to roam around more, to do more things, to be 
able to assure the security of the buildings they are 
responsible for. But in many cases, they are locked at their 
desks. They are doing other work. They are involved in getting 
contracts out the door. They are often still contract officers. 
The level of things that they are responsible for really 
precludes them in many instances from actually being out and 
about and being the eyes and the ears and taking care of the 
police function that they really have. So that would be the 
second.
    And then the third, finally, is I do not believe there 
really is much coordination at all based on the work we have 
done in the past with local and State police jurisdictions, so 
that when tragedy does strike that the Federal Protective 
Service has worked out in any kind of detail with local police 
jurisdictions exactly what kind of focus, what kind of 
approach, what kind of countermeasures they can take in the 
event of a tragedy. So more work needs to be done in that area 
as well.
    Thank you, sir.
    Chairman Carper. Thank you. Thank you all for being here. 
Thank you for what you do with your lives. Thank you for your 
preparation for this hearing and for your responses to our 
questions.
    Mr. Goldstein, a special thanks to everyone at GAO for the 
continued good work that you do.
    Mr. Goldstein. Thank you, sir.
    Chairman Carper. I do not have time--the weekly caucus 
lunch has begun, and I am late. So I am going to wrap it up 
here. If we had more time, one of the things I would get into 
is the issue of turnover among these contract officers. I do 
not think we really spent much time on that. I would just say 
as a closing thought, when I was Governor of Delaware, we had a 
real problem in the area of information technology, training 
folks to work in that area for us as a State employee, 
developing their skills and getting hired away by someone who 
would pay them a lot more money. And the Governor who succeeded 
me was smart enough to realize that we ought to pay and change 
up the way we rewarded and incentivized folks to work for the 
State of Delaware in that arena.
    We have a similar problem actually here in the Federal 
Government. If you look at the skill sets and the compensation 
packages and the way we attract and retain skilled folks in the 
cyber world, in the Department of Homeland Security as 
compared, say, to the National Security Agency, there is a 
difference. And Dr. Coburn and I and our staffs and our 
colleagues are working on a way to reduce that disparity so 
that DHS will not just hire people to work in cybersecurity and 
see them trained and then hired away by others. We are going to 
work on that, and it would be interesting to know what we lose. 
Their training is so important here. That is one of the things 
we keep coming back to--the quality of the training, not just 
original training but refresher training, and the quality of 
that training.
    The thought that is in the back of my mind is what is going 
on with turnover. My guess is there is a fair amount of that in 
these jobs, and so a lot of training that is done might not 
inure to the benefit of the Federal taxpayers, but to those who 
ultimately these contract officers go to work for.
    If I had more time, I would ask each of you to respond to 
that, but if you would just raise your hands, and just by 
raising your hands, is that a problem? Is that a concern that 
we should have? OK. Thanks very much.
    All right. I would just say in closing that the hearing 
record will remain open for the next 17 months---- [Laughter.]
    Chairman Carper. All right, 17 days, until January 3 at 5 
p.m. for the submission of statements and questions for the 
record. I am sure you will get some, and we would appreciate 
your responding to those.
    Again, thank you very much for being here with us today. 
Our best wishes to you and your families in this holiday 
season. Thanks very much.

    [Whereupon, at 12:57 p.m., the Committee was adjourned.]

                            A P P E N D I X

                              ----------                              

[GRAPHIC] [TIFF OMITTED] 

                                 
