[House Hearing, 117 Congress]
[From the U.S. Government Publishing Office]


    FEDERAL BUILDING SECURITY: EXAMINING THE RISK ASSESSMENT PROCESS

=======================================================================

                                HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                         OVERSIGHT, MANAGEMENT,
                           AND ACCOUNTABILITY

                                 OF THE

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED SEVENTEENTH CONGRESS

                             SECOND SESSION
                               __________

                           SEPTEMBER 22, 2022
                               __________

                           Serial No. 117-71
                               __________

       Printed for the use of the Committee on Homeland Security
                                     

                  [GRAPHIC NOT AVAILABLE IN TIFF FORMAT]
                                     

        Available via the World Wide Web: http://www.govinfo.gov
                               ___________

                    U.S. GOVERNMENT PUBLISHING OFFICE
                    
50-419 PDF               WASHINGTON : 2023   


                     COMMITTEE ON HOMELAND SECURITY

               Bennie G. Thompson, Mississippi, Chairman
Sheila Jackson Lee, Texas            John Katko, New York
James R. Langevin, Rhode Island      Michael T. McCaul, Texas
Donald M. Payne, Jr., New Jersey     Clay Higgins, Louisiana
J. Luis Correa, California           Michael Guest, Mississippi
Elissa Slotkin, Michigan             Dan Bishop, North Carolina
Emanuel Cleaver, Missouri            Jefferson Van Drew, New Jersey
Al Green, Texas                      Mariannette Miller-Meeks, Iowa
Yvette D. Clarke, New York           Diana Harshbarger, Tennessee
Eric Swalwell, California            Andrew S. Clyde, Georgia
Dina Titus, Nevada                   Carlos A. Gimenez, Florida
Bonnie Watson Coleman, New Jersey    Jake LaTurner, Kansas
Kathleen M. Rice, New York           Peter Meijer, Michigan
Val Butler Demings, Florida          Kat Cammack, Florida
Nanette Diaz Barragan, California    August Pfluger, Texas
Josh Gottheimer, New Jersey          Andrew R. Garbarino, New York
Elaine G. Luria, Virginia            Mayra Flores, Texas
Tom Malinowski, New Jersey
Ritchie Torres, New York, Vice 
    Chairman
                       Hope Goins, Staff Director
                 Daniel Kroese, Minority Staff Director
                          Natalie Nixon, Clerk
                                 ------                                

       SUBCOMMITTEE ON OVERSIGHT, MANAGEMENT, AND ACCOUNTABILITY

                  J. Luis Correa, California, Chairman
Donald M. Payne, Jr., New Jersey     Peter Meijer, Michigan, Ranking 
Dina Titus, Nevada                       Member
Ritchie Torres, New York             Dan Bishop, North Carolina
Bennie G. Thompson, Mississippi (ex  Diana Harshbarger, Tennessee
    officio)                         John Katko, New York (ex officio)
                Lisa Canini, Subcommittee Staff Director
         Eric Heighberger, Minority Subcommittee Staff Director
                    Aaron Greene, Subcommittee Clerk


                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable J. Luis Correa, a Representative in Congress From 
  the State of California, and Chairman, Subcommittee on 
  Oversight, Management, and Accountability:
  Oral Statement.................................................     1
  Prepared Statement.............................................     2
The Honorable Peter Meijer, a Representative in Congress From the 
  State of Michigan, and Ranking Member, Subcommittee on 
  Oversight, Management, and Accountability:
  Oral Statement.................................................     3
  Prepared Statement.............................................     5
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Chairman, Committee on 
  Homeland Security:
  Prepared Statement.............................................     6

                               Witnesses

Mr. Richard ``Kris'' Cline, Principal Deputy Director, Federal 
  Protective Service, U.S. Department of Homeland Security:
  Oral Statement.................................................     7
  Prepared Statement.............................................     8
Mr. Scott Breor, Associate Director of Security Programs, 
  Cybersecurity and Infrastructure Security Agency (CISA), U.S. 
  Department of Homeland Security:
  Oral Statement.................................................    12
  Prepared Statement.............................................    13
Ms. Catina B. Latham, Director of the Physical Infrastructure 
  Team (Acting), U.S. Government Accountability Office (GAO):
  Oral Statement.................................................    15
  Prepared Statement.............................................    17

                                Appendix

Questions From Chairman J. Luis Correa for Richard ``Kris'' Cline    39
Questions From Chairman J. Luis Correa for Scott Breor...........    40

 
    FEDERAL BUILDING SECURITY: EXAMINING THE RISK ASSESSMENT PROCESS

                              ----------                              


                      Thursday, September 22, 2022

             U.S. House of Representatives,
                    Committee on Homeland Security,
                    Subcommittee on Oversight, Management, 
                                        and Accountability,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 10:11 a.m., in 
room 310, Cannon House Office Building, Hon. J. Luis Correa 
(Chairman of the subcommittee) presiding.
    Present: Representatives Correa, Payne, Titus, Torres, 
Meijer, Bishop, and Harshbarger.
    Mr. Correa. Welcome to the Subcommittee on Management, 
Oversight, and Accountability. I understand our Ranking Member 
is OK with us proceeding, and he is on his way. I know there is 
a lot of contradicting messages this morning. We are supposed 
to be on the floor or in committee or both or neither.
    The Subcommittee on Oversight, Management, and 
Accountability will now come to order. Without objection, the 
Chair is authorized to declare the subcommittee in recess at 
any point.
    Good morning. I want to thank everyone for being here today 
and for joining us to discuss this most important topic of 
Federal building security. Protection to facilities, employees, 
and visitors is a very important part of the Department of 
Homeland Security's day-to-day work.
    As all of you know, tensions have risen recently in 
response to the FBI's raid on Mar-a-Lago, the passage of the 
Historic Inflation Reduction Act. We all have seen a rise in 
threats directed toward Federal employees and Federal office 
buildings.
    Just last month, an armed man attempted to, with violence, 
gain entrance to an FBI office in Cincinnati. Less well-known 
are the increasingly threatening language that has been 
directed to IRS employees and those working to preserve 
Government documents at the National Archives and Records 
Administration.
    While not typical, though as high-security facilities, 
these are the Government buildings, and the men and women who 
work there and visit them every day are now facing new security 
risks.
    With threats to Federal facilities on the rise, we look to 
the first front lines of defense, the Department of Homeland 
Security's Federal Protective Service, also known as FPS.
    FPS ensures that more than 9,500 Federally-owned and -
operated buildings across the country are safe and secure, from 
Government agency headquarters here in Washington, DC, to rural 
courthouses and field offices across the country, across the 50 
States.
    If you have ever visited a Federally-owned building, you 
have noticed thousands of FPS officers and contract guards 
providing on-site security. But FSP's--I should say FPS's--role 
extends beyond the guards posted at entrances and exits.
    FPS also helps Government agencies prepare for and prevent 
any security risks that result from a changing threat 
environment or aging infrastructures.
    FPS performs facility security assessments for all 
Federally-owned buildings and lease buildings and makes 
recommendations for improvements to ensure that buildings meet 
required security standards.
    These facility assessments and recommendations are very 
important to ensure that security protocols keep up with the 
types of threats we are seeing on a day-to-day basis.
    The suggested recommendations can range from replacing 
security cameras and alarms to updating security guidances and 
policies.
    However, despite the good coordination between FPS and 
other Government agencies, all too often, these recommendations 
go unimplemented, leaving huge gaps in our security systems.
    According to the Government Accountability Office, or GAO, 
customer agencies have described FPS's facility security 
assessments as comprehensive, timely, and useful. But they have 
rejected about 70 percent of FPS's recommendations.
    So, again, good recommendations, awesome, but 70 percent of 
the time, not heeded to.
    GAO found that a variety of factors result in the majority 
of FPS's recommendations not being implemented, including 
incomplete information and, of course, lack of proper funding.
    We can and we should do better in mitigating the risks to 
facilities, Federal employees, and citizens that visit those 
buildings.
    Today we will have the opportunity to hear more about 
interagency cooperation that goes into developing building 
security standards as well as the challenges meeting those 
standards.
    With that, I thank you again for joining us today, our 
witnesses and other guests.
    [The statement of Chairman Correa follows:]
                  Statement of Chairman J. Luis Correa
                           September 22, 2022
    The protection of Federal facilities, employees, and visitors is a 
critical part of the Department of Homeland Security's day-to-day work. 
Recently, the importance of this mission has come into stark focus. As 
tensions have risen in response to the FBI's raid on Mar-a-Lago and the 
passage of the historic Inflation Reduction Act, we have also seen a 
rise in the threats directed toward Federal employees and their office 
buildings.
    Just last month an armed man attempted to violently gain entrance 
to an FBI office in Cincinnati. But perhaps less well-known is the 
increasingly threatening language that has been directed at IRS 
employees and those working to preserve Government documents at the 
National Archives and Records Administration. While not typically 
thought of as high-security facilities, these Government office 
buildings, and the men and women who work and visit them every day, are 
now facing new security risks.
    With threats to Federal facilities on the rise, we look to the 
first line of defense, the Department of Homeland Security's Federal 
Protective Service, also known as FPS. FPS ensures that over 9,500 
Federally-owned and -operated buildings across the country are safe and 
secure, from Government agency headquarters here in Washington, DC to 
rural courthouses and field offices in all 50 States. If you have ever 
visited a Federally-owned building, you have undoubtedly passed one of 
the thousands of FPS officers and contract guards providing on-site 
security. But FPS's role extends far beyond the guards posted at 
entrances and exits.
    FPS also helps Government agencies prepare for and prevent any 
security risks that result from a changing threat environment or aging 
infrastructure. FPS regularly performs facility security assessments 
for all Federally-owned and -leased property and makes recommendations 
for improvements to ensure that buildings meet required security 
standards. These facility assessments and recommendations are 
incredibly important to ensure that security protocols keep up with the 
types of threats we're seeing today. The suggested recommendations can 
range from things like replacing security cameras and alarms to 
updating security guidance and policies. However, despite generally 
good coordination between FPS and the other Government agencies it 
seeks to protect, all too often these recommendations go unimplemented, 
leaving gaps to be exploited.
    According to the Government Accountability Office (GAO), customer 
agencies have described FPS's facility security assessments as 
``comprehensive, timely, and useful,'' but they have rejected about 70 
percent of FPS's recommendations. GAO found that a variety of factors 
result in the majority of FPS's recommendations not being implemented, 
including incomplete information and insufficient funding.
    We can and should be better to mitigate the risks to facilities, 
Federal employees, and visitors. Today we will have the opportunity to 
hear more about the interagency cooperation that goes into developing 
building security standards as well as the challenges meeting those 
standards.

    Mr. Correa. I will reserve time for our Ranking Member, Mr. 
Pete Meijer from Michigan, for an opening statement when he 
gets here.
    With that, Members are reminded that the committee will 
operate according to the guidelines laid out by the Chairman 
and Ranking Member in their February 3 colloquy regarding 
remote procedures.
    Without objection, Members not on the subcommittee shall be 
permitted to sit and question the witnesses.
    Mr. Meijer, I call on you for an opening statement, sir.
    Mr. Meijer. Thank you, Mr. Chairman, for holding this 
important hearing today on the security of Federal buildings 
across the country. I appreciate the subcommittee diving into 
this topic, and also I am grateful for our witnesses who are 
here today to shed light on this important issue.
    This subcommittee held a hearing focused on the Federal 
Protective Service's role in June 2019. I think it is important 
that we follow up on what was learned in that today.
    FPS, as an agency, has evolved over time and has 
experienced multiple transitions within the Department of 
Homeland Security.
    Formerly established by the General Services Administration 
in 1971, FPS is the primary Federal agency responsible for the 
protection of all buildings, grounds, and property owned, 
occupied, or secured by the Federal Government.
    This is obviously an enormous responsibility for an agency 
that often goes unnoticed and taken for granted. FPS employs 
1,300 Federal staff, approximately 944 of whom are law 
enforcement specialists, criminal investigators, or canine 
handlers, all of whom trained at the Federal Law Enforcement 
Training Center, or FLETC.
    In addition, FPS heavily relies on more than 15,000 
contract guard staff, called protective service officers, or 
PSOs, to conduct security screenings at more than 9,000 Federal 
buildings across the country.
    PSOs are the backbone of the FPS operation, and without the 
help of these contract guards, FPS would not be able to carry 
out its mission.
    The protection of our Federal buildings and properties is 
of utmost significance. Unfortunately, violence against the 
Government and, in turn, against Federal Government buildings, 
property, and personnel is not out of the norm and has become 
more prevalent in recent years. It is incredibly disheartening 
that we must worry about such things, but we must, and, 
therefore, our conversation today takes on added importance and 
relevance.
    With such an important mission, we need to ensure that FPS 
has the tools and authorities to operate as efficiently and 
effectively as possible.
    Of note, FPS has been on GAO's, the Government 
Accountability Office's, high-risk list since 2003, so nearly 
20 years. GAO has found that FPS is not assessing risks at 
Federal facilities in a manner consistent with standards such 
as the National Infrastructure Protection Plan's Risk 
Management Framework, as FPS had originally planned.
    This is especially worrisome because a failure by FPS could 
have catastrophic results. The focus of today's hearing on the 
security assessment process.
    FPS provides security assessments and recommendations to 
every Federal facility it protects in accordance with the 
Interagency Security Committee standards. This ISC standard, 
which is housed within CISA's infrastructure security division, 
collaboratively establishes, polices, monitors compliance, and 
enhances the security and protection of Federal facilities.
    As we hear from our witnesses today, a large majority of 
the recommendations that come out of those assessments have not 
yet been implemented which begs the obvious question of why 
not.
    As we hear, I would like to hear their perspectives from 
the witnesses on the following questions.
    No. 1, is FPS positioned correctly within DHS to be the 
most effective?
    No. 2, how does FPS work with CISA, and how collaborative 
is that relationship?
    No. 3, why do such a large majority of FPS security 
assessment recommendations go unimplemented, and in turn, is 
there a better way we can facilitate this process?
    No. 4, does FPS have the right force structure with most of 
their work force being contract support?
    No. 5, is the fee structure appropriate and effective for 
the role of FPS today?
    Mr. Chairman, I am grateful we are holding this hearing on 
this sometimes-overlooked agency within DHS. As they play an 
ever-important role, protecting our Government, we have to take 
our oversight responsibility here seriously, and I look forward 
to hearing from our witnesses to determine what actions we can 
take moving forward. Thank you and I yield back.
    [The statement of Ranking Member Meijer follows:]

                Statement of Ranking Member Peter Meijer
                           September 22, 2022
    Thank you, Mr. Chairman, for holding this important hearing today 
on the security of Federal buildings across the country. I appreciate 
the subcommittee diving into this topic and appreciate our witnesses 
for shedding light on such a critical issue. This subcommittee held a 
hearing focused on the Federal Protective Service (FPS) in June 2019, 
and I am happy that we can follow up on that hearing today.
    FPS, as an agency, has evolved over time and has experienced 
multiple transitions within the Department of Homeland Security (DHS). 
Formally established by General Services Administration in 1971, FPS is 
the primary Federal agency responsible for the protection of all 
buildings, grounds, and property owned, occupied, or secured by the 
Federal Government. This is an enormous responsibility for an agency 
that often goes unnoticed and taken for granted.
    FPS employs 1,300 Federal staff. Approximately 944 of those 
employees are law enforcement specialists, criminal investigators, and 
canine handlers--all of whom are trained at the Federal Law Enforcement 
Training Center, or FLETC. In addition, FPS heavily relies upon more 
than 15,000 contract guard staff, called Protective Security Officers, 
or PSOs, to conduct security screenings at more than 9,000 Federal 
facilities across the country. PSOs are the backbone of the FPS 
operation. Without the help of these contract guards, FPS would not be 
able to carry out its mission.
    The protection of our Federal buildings and property is of the 
utmost importance. Unfortunately, violence against the Government and, 
in turn, against Federal buildings, property, and personnel, is not out 
of the norm and has become even more prevalent in recent years. It is 
disheartening that we must worry about such things, but we must, and 
therefore our conversation today takes on added importance and 
relevance.
    With such an important mission, we need to ensure that FPS has the 
tools and authorities to operate as efficiently and effectively as 
possible. Of note, FPS has been on GAO's ``High Risk'' list since 2003. 
GAO has found that FPS, ``is not assessing risks at Federal facilities 
in a manner consistent with standards such as the National 
Infrastructure Protection Plan's risk management framework, as FPS 
originally planned.'' This is especially worrisome since a failure by 
FPS could have catastrophic results.
    The focus of today's hearing is on the security assessment process. 
FPS provides security assessments and recommendations to every Federal 
Facility it protects in accordance with the Interagency Security 
Committee (ISC) standards. The ISC, housed within CISA's infrastructure 
security division, collaboratively establishes policies, monitors 
compliance, and enhances the security and protection of Federal 
Facilities.
    As we will hear from witnesses today, a very large majority of the 
recommendations that come out of these assessments are not implemented, 
which begs the obvious question, ``why not?''
    As we hear from our witnesses today, I would like to hear their 
perspectives on the following questions:
   Is FPS positioned correctly within DHS to be the most 
        effective?
   How does FPS work with CISA, and how collaborative is that 
        relationship?
   Why do such a large majority of FPS security assessment 
        recommendations not get implemented--and in turn, is there a 
        better way to run this process?
   Does FPS have the right force structure--with most of their 
        workforce being contract support?
   And finally, is the fee structure appropriate and effective?
    Mr. Chairman, thank you again for holding this hearing today. This 
sometimes-overlooked agency within DHS plays an ever-increasing and 
important role within the Federal Government. I take our oversight 
responsibility very seriously and look forward to hearing from our 
witnesses to determine what actions we can take moving forward.

    Mr. Correa. Thank you, Mr. Meijer. Other Members are 
reminded that statements may be submitted for the record.
    [The statement of Chairman Thompson follows:]
                Statement of Chairman Bennie G. Thompson
                           September 22, 2022
    We are here today to discuss how the Department of Homeland 
Security assesses and manages the security risks of the many Federal 
buildings it is tasked with protecting. I would like to thank Chairman 
Correa and Ranking Member Meijer for holding today's hearing on this 
very timely and important topic. I would also like to thank the Federal 
Protective Service (FPS) workforce for their hard work and service to 
this country.
    During the last few years, when many employees were working at home 
during the pandemic, FPS was still on the front lines ensuring the 
safety and security of Federal employees and facilities. FPS is charged 
with protecting approximately 9,500 Federal buildings, spread across 
the country, as well as the more than 1.4 million employees, visitors, 
and customers that enter those buildings each day. Unfortunately, 
former President Donald Trump's anti-Government rhetoric has encouraged 
a dangerous surge in threatening language and actions directed toward 
Federal employees and property.
    We have seen what can happen when threats against Federal 
facilities and employees are not taken seriously. Last year a violent 
attack on the U.S. Capitol demonstrated that these threats are all too 
real, and we must be prepared to defend against them. Since that tragic 
day, we have seen several lone-wolf attacks on Federal facilities 
outside of our capital region.
    FPS's role is to investigate and respond to these threats and to 
assist Government agencies in preparing for and preventing any security 
incidents. In addition to providing security guards, FPS also delivers 
safety awareness trainings, assists with the drafting and 
implementation of facility-specific emergency plans, and regularly 
reviews all Federal facilities to identify any potential security gaps. 
These security reviews are an important resource for assessing whether 
buildings are equipped to meet the Federal security standards developed 
by the Interagency Security Committee (ISC).
    The ISC, in coordination with FPS, seeks to ensure that all Federal 
property is adequately protected in the current threat environment--an 
environment that is ever-evolving. As the nature of threats changes, so 
must the Federal Government's response. However, all too often 
roadblocks prevent agencies from implementing FPS's building security 
recommendations. Better communication is necessary to understand why 
these barriers exist and what can be done to overcome them without 
sacrificing the safety of Government workers.
    The Government Accountability Office (GAO) has made recommendations 
aimed at improving the utility of FPS's facility security assessments 
to help tenant agencies enhance the security of the buildings they 
occupy. For example, GAO has recommended that FPS improve the cost 
estimates it provides tenant agencies for recommended security 
improvements so agencies can make informed decisions about whether and 
how to implement them. But this communication must go both ways. Tenant 
agencies should also communicate with FPS when they choose not to 
implement needed security improvements and explain their reasoning. 
This cooperation is essential for FPS to effectively carry out its 
mission.
    I look forward to hearing from our witnesses today about how FPS 
and DHS more broadly can continue to improve the security of Federal 
facilities.

    Mr. Correa. Now I would like to welcome our panel of 
witnesses. First, we have Mr. Cline, the principal deputy 
director for the Federal Protective Service. Mr. Cline has 
worked with FPS for 20 years, where he coordinates Federal, 
State, and local officials, to ensure the protection of the 
buildings, grounds, and properties that are owned, occupied, or 
secured by the Federal Government.
    Mr. Cline previously served 20 years with the U.S. Army 
Military Police Corps Regimen.
    Our second witness, Mr. Scott Breor, associate director for 
security programs for the Infrastructure Security Division at 
the Cybersecurity and Infrastructure Security Agency, or CISA.
    He helps lead CISA's efforts to secure the Nation's 
critical infrastructure in coordination with Government and 
private sectors. Mr. Breor has over 30 years of military and 
senior executive experience in the U.S. Government.
    Our third witness, Ms. Catina Latham, acting director of 
the physical infrastructure team at the Government 
Accountability Office, or GAO.
    She has worked for GAO for nearly 20 years, where she 
oversees GAO's work on Federal real property management, 
including facility security and personal assets.
    Without objection, the witnesses' full statements will be 
inserted into the record, and I now ask each witness to 
summarize his or her statement in 5 minutes, beginning with 
Deputy Director Cline. Welcome, sir.

STATEMENT OF RICHARD ``KRIS'' CLINE, PRINCIPAL DEPUTY DIRECTOR, 
    FEDERAL PROTECTIVE SERVICE, U.S. DEPARTMENT OF HOMELAND 
                            SECURITY

    Mr. Cline. Good morning, Chairman Correa, Ranking Member 
Meijer, and distinguished Members of the subcommittee. I am 
honored to be here today to represent the Federal Protective 
Service, or FPS, and testify about the essential role we play 
in protecting Federal employees and facilities. Thank you for 
the opportunity to raise awareness about the criticality of our 
mission.
    FPS employs nearly 1,000 dedicated law enforcement officers 
who protect the people and property of the Federal Government. 
Our services provide protection and deter threats at thousands 
of Federal facilities across the United States and territories, 
and protects millions of Federal employees and visitors.
    Our highest priority is the safety and security of the more 
than 1.4 million employees that work in the Federal facilities 
that we protect. We could not achieve this mission without the 
dedication and focus of the men and women of the Federal 
Protective Service.
    I firmly believe they are the most dedicated and 
professional employees in the Federal Government, and it is an 
honor to represent them here today.
    Due to recent acts of violence in communities across the 
country, our Nation remains in a heightened threat environment. 
According to the latest DHS-issued National Terrorism Advisory 
System Bulletin, potential targets include Government 
facilities and personnel.
    There has been an increase in threats toward certain 
Federal departments and agencies, most notably the Federal 
Bureau of Investigation, the Internal Revenue Service, and the 
National Archives and Records Administration.
    We have increased our protection efforts at those 
facilities occupied by these agencies, and remain prepared to 
detect, prevent, and respond to criminal activities at these 
locations.
    On a given day at a single FPS-protected facility, dozens 
of our security countermeasures are in place, working together 
to protect the integrity of buildings and its occupants.
    We closely monitor for suspicious activity, while our 
countermeasure operations ensure our facilities are secure.
    Our law enforcement officers and protective security 
officers are highly trained and prepared to deter attacks, as 
recently demonstrated at the Chicago and Cincinnati FBI field 
offices.
    Those protective security officers that took action at 
those locations are typically the first line of defense, and we 
celebrate their dedication and selfless commitment as we 
recognize their efforts this week as part of the National 
Security Officer Appreciation Week.
    From Federal courthouses where high-profile trials take 
place to daycare centers in Federal facilities where we protect 
the most innocent, FPS has, time and time again, proven that we 
are a dynamic, dedicated law enforcement agency.
    Additionally, FPS directly protects 233 Congressional 
district offices that are located in 176 buildings in the FPS 
protection portfolio.
    While we have responsibility for protection efforts at 
these facilities, we work closely and have strong relationships 
with the United States Capitol Police and the House and Senate 
Sergeant at Arms staff to ensure safety of all Members.
    Established over 50 years ago, FPS has made remarkable 
progress as an organization and as the integral part of the 
Department of Homeland Security's mission to safeguard the 
American people.
    Our law enforcement officers have saved lives by 
administering life-saving medical treatment, confiscating 
dangerous weapons, diligently conducting year-long 
investigations, and even being injured in the line of duty 
protecting Federal employees and visitors.
    Our officers were among those who responded to the all-
hands law enforcement call on January 6, 2021, and helped 
secure the Capitol.
    Simply put, FPS has been extremely successful in answering 
the call to defend and protect the very institutions that allow 
our Government to function and our country to flourish.
    I sincerely appreciate the subcommittee holding this 
important hearing, and for inviting me to testify on FPS's 
important role, and I would be pleased to answer and questions 
you may have. Thank you.
    [The prepared statement of Mr. Cline follows:]
              Prepared Statement of Richard ``Kris'' Cline
                           September 22, 2022
                              introduction
    Chairman Correa, Ranking Member Meijer, and Members of the 
subcommittee. Thank you for the opportunity to testify today on behalf 
of the U.S. Department of Homeland Security's (DHS) Federal Protective 
Service (FPS) regarding FPS's critical mission to protect and secure 
U.S. Government Federal facilities.
    My name is Richard K. Cline and I serve as FPS's principal deputy 
director, a position that I have held since August 2017. In this role I 
work closely with the FPS director, Eric Patterson, to manage FPS's 
diverse and nationally-dispersed workforce and coordinate with Federal, 
State, and local public officials to ensure the protection of the 
buildings, grounds, and property that are owned, occupied, or secured 
by the Federal Government, as well as the persons on those properties. 
Prior to serving as the FPS principal deputy director, I served several 
years as FPS's deputy director for operations, a role that allowed me 
to gain familiarity and experience with FPS's operations across the 
Nation. I am pleased to be joined by the Government Accountability 
Office, with whom our agency maintains a very positive relationship, as 
well as the Cybersecurity and Infrastructure Security Agency (CISA). 
FPS works collaboratively with CISA's Interagency Security Committee 
(ISC) and leverages the great work of the ISC in many of our programs, 
including our Facility Security Assessment process, conducted through 
our ISC-certified Modified Infrastructure Survey Tool, as well as our 
ISC-certified training curricula at our national training academy at 
the Federal Law Enforcement Training Centers (FLETC).
    Last year, FPS celebrated its 50th anniversary as an agency. Since 
its inception in 1971, FPS has protected people and property in the 
Federal Government by identifying and mitigating vulnerabilities 
through risk assessments, law enforcement, intelligence analysis, and 
security countermeasures.
    FPS personnel are located in every U.S. State and territory, 
charged to protect over 9,000 Federal facilities and more than 1.4 
million people who work, visit, or conduct business at these 
facilities. Our mission serves 66 different Federal agencies each day, 
ensuring safe work environments for Federal employees performing the 
essential duties that impact the day-to-day lives of Americans. FPS 
continually adapts to meet threats, working with our Federal, State, 
and local partners to ensure complete security coverage and efficient 
communication to protect people and property. We have well-established 
procedures in place to address threats to Federal property and have 
been successful in mitigating these threats.
    While our core mission has remained the same during our 51 years, 
we have made remarkable progress in our capabilities. FPS has leveraged 
technology, training, and partnerships to detect and deter crime before 
it happens. With expertise in all aspects of policing and physical 
security, FPS is a recognized, award-winning leader in facility 
protection. We also realize that as our capabilities grow, so too do 
those of our adversaries.
    Though our organization might not be a household name, we often 
assist in some of the country's most urgent and critical responses and 
operations, from protecting Federal facilities at the U.S.-Mexico 
border to responding to active shooters and even assisting the U.S. 
Capitol Police on January 6, 2021. This level of dedication to our 
country's security comes with the highest of costs. Each day, our law 
enforcement officers risk their lives to protect and secure the 
Government of this great Nation.
    In its history, 7 sworn FPS officers and 3 Protective Security 
Officers (PSO), who are our contracted security guard force, have died 
in the performance of their duties. This serves as a stark reminder 
that the men and women who wear the FPS uniform are prepared to 
sacrifice all in service to our country and Government, and we must 
ensure they are supported in every way possible to respond to and 
prevent the threats of our Nation's people, property, and institutions.
                              fps history
    In 1790, 6 ``night watchmen'' were hired to protect Government 
buildings in the newly-designated Nation's capital that became 
Washington, DC. Over time, the network of security guards evolved and 
was known as the U.S. Special Police. In 1971, the ``Federal Protective 
Service'' was established. FPS was transferred to the Department of 
Homeland Security (DHS) on March 1, 2003, pursuant to the Homeland 
Security Act of 2002 (6 U.S.C.  101 et. seq) in recognition of the 
role that it plays in securing the homeland. FPS now resides under the 
Management Directorate in DHS Headquarters. Headquartered in 
Washington, DC, FPS is organized through three zones and 11 regions for 
mission execution.
                             fps workforce
    Our law enforcement personnel, made up of over 1,000 men and women 
stationed across the country, are physical security experts and sworn 
Federal law enforcement officers, trained with cutting-edge 
technologies and techniques that allow us to remain an effective and 
responsive force. These law enforcement officers perform a variety of 
critical functions, including conducting comprehensive security 
assessments to identify vulnerabilities at Federal facilities, 
developing and implementing protective countermeasures, providing 
uniformed police response and investigative follow-up to crimes and 
threats, and other law enforcement activities in support of our 
mission. FPS's law enforcement mission involves responding to a range 
of threats and incidents, including the recent attack at the Federal 
Bureau of Investigation facility in Cincinnati, Ohio, where our PSOs 
prevented an assailant from gaining access to the facility. FPS law 
enforcement personnel maintain regular communication with Federal, 
State, and local law enforcement entities across all regions and have 
open exchanges of information.
    Within FPS, nearly 400 mission support staff are responsible for a 
myriad of important tasks, including outreach and engagement with 
critical external stakeholders (e.g., Congress and the Federal 
Executive Boards); human capital management; finance, budgeting, and 
security officer contract oversight; and security training and law 
enforcement.
    FPS, through contracts with commercial security vendors, relies on 
approximately 15,000 PSOs to assist in the protection of Federal 
facilities. Some of FPS's PSOs service providers (i.e., contractors) 
are experiencing staffing shortages in the post-pandemic environment. 
Ultimately, each contractor is responsible for planning and 
appropriately staffing its contract with a sufficient number of PSOs, 
and FPS Contracting Officers are currently working with contractors 
experiencing staffing shortages to ensure that they will provide a 
level of staffing that will meet all contractual requirements. Despite 
the challenge of coverage, our PSOs are often the front line of FPS and 
are in daily contact with our Federal facility customers and visitors. 
They, too, put themselves at risk to accomplish our mission. FPS has 
lost three PSOs in the line of duty since 2015, all of whom were 
tragically killed protecting Federal facilities and employees.
                            fps authorities
    FPS has broad law enforcement authorities and jurisdiction to 
prevent, investigate, mitigate, and defeat threats to Federal property 
and people on Federal property. Section 1706 of the Homeland Security 
Act, 40 U.S. Code  1315, grants FPS traditional police powers, 
including the authority to enforce Federal law and to make arrests. In 
certain circumstances, FPS has the ability to enter into agreements and 
utilize other Federal, State, and local law enforcement authorities for 
purposes of protecting Federal property. For example, in the District 
of Colombia (DC), FPS has an agreement with the Metropolitian Police 
Department allowing FPS to enforce the DC penal code 300 feet from 
listed Federal facilities and expanded distances from St. Elizabeths 
campus and the Nebraska Avenue Complex.
                         fps funding structure
    FPS is completely funded by the fees it charges Federal departments 
and agencies to execute its mission and does not receive a direct 
appropriation. We have established a risk-based revenue model to align 
basic security assessments with the security work that FPS performs. 
This method employs statistical analysis of operational workload data 
at each building to understand the key drivers of FPS's security costs. 
FPS uses a three-factor model to determine that operational workload 
data. The first factor is the total volume of service calls made to FPS 
and security alarm activations from each building within the portfolio. 
The second factor is the total number of times an emergency responder 
is dispatched to incidents for each FPS-protected facility. The final 
model factor is the total quantity of PSO posts set at each facility. 
FPS uses this three-factor model to determine the basic security 
assessments for each customer agency. This approach is equitable for 
assessing basic security fees because it reflects FPS's historical 
security workload data for each building.
                             fps operations
    FPS ensures safety through five vital functions:
   Facility threat and security assessments through Facility 
        Security Assessments (FSAs);
   On-site facility and event security through FPS's 
        Countermeasures and PSO Program;
   Intelligence gathering and sharing through FPS's Government 
        Facility Sector program;
   Criminal investigation through law enforcement certified 
        Special Agents and Inspectors; and
   Incident and emergency response through deployment of law 
        enforcement and FPS's Rapid Protection Force in times of need.
    Our personnel work every single day, including during holidays and 
natural disasters. This means that every day of the year, FPS employees 
could be fulfilling any of the following duties:
   Conducting security assessments of Federal facilities to 
        identify risks;
   Designing, installing, and maintaining security 
        countermeasures to mitigate risks;
   Providing a visible law enforcement response and presence;
   Overseeing contract security guards who conduct access 
        control and security screening;
   Performing background suitability checks for FPS contract 
        personnel;
   Conducting criminal investigations, including threats to 
        Federal employees and facilities;
   Monitoring security alarms via centralized communication 
        centers;
   Integrating and sharing criminal intelligence for risk-
        informed decision making;
   Providing security during Federal Emergency Management 
        Agency Stafford Act deployments, National Special Security 
        Events and Special Event Activity Rating events;
   Leading special operations, including canine explosive 
        detection operations; and
   Training Federal employees in active shooter response, crime 
        prevention, and occupant emergency planning.
    FSAs represent a cornerstone of FPS's approach to comprehensive 
security. Our inspectors are rigorously trained to identify potential 
facility vulnerabilities. Working with security specialists, 
countermeasure experts, and FPS leadership, our inspectors provide 
these detailed reports to facility tenants as our FPS recommendations 
for adequate building security and coverage. FPS designed and 
implemented an award-winning computer program, Modified Infrastructure 
Survey Tool (MIST), to further evaluate and identify potential threats 
at FPS-secured locations. Using both the institutional knowledge of our 
inspectors with the high-performance capabilities of MIST means that 
our FSAs are a superior resource for providing our customers with the 
best possible security enhancement suggestions.
    In 2021, at the behest of Chairman Correa, the Government 
Accountability Office (GAO) conducted and released a report that 
examined our stakeholders' perspectives of FPS's performance. The 
report, which revealed that our stakeholders are largely satisfied with 
our services, provided recommendations to our FSA cost estimation 
process. Since then, FPS has implemented changes to its FSA reports to 
better detail the accuracy of cost estimates for recommended security 
measures. Additionally, we have begun providing new training and 
additional resources to our staff to enable them to develop 
countermeasure cost estimates that are more accurate and detailed.
                      fps accomplishments in 2021
    For FPS, 2021 was a landmark year that focused on: Cutting-edge 
innovations, collaborations with other law enforcement agencies, and, 
most importantly, a committed workforce which excelled and achieved 
unprecedented successes in our organization's history. Faced with the 
challenges of the global COVID-19 pandemic, FPS has never wavered in 
our mission readiness. We undertook a record number of criminal and 
threat investigations, achieved breakthroughs in countermeasure 
capabilities, and led the Federal law enforcement community in 
establishing a comprehensive public order policing policy. While a 
comprehensive list of our accomplishments is too numerous to account 
for here, below are some notable highlights:
   Last year, FPS made 1,148 arrests and citations issued under 
        its governing authorities and criminal statutes, ensuring the 
        safety of those employees and visitors of FPS-protected 
        facilities while also preserving the Constitutional rights of 
        American citizens.
   Equipped with a cadre of Special Agents, FPS opened nearly 
        400 cases and investigated 276 threats to Federal property and 
        persons thereon in 2021. Those investigations have led to at 
        least 7 convictions, 25 arrests, and 16 citations for Federal, 
        State, and municipal penal code violations, U.S. District Court 
        Notices of Violations, and criminal charges under Title 18 of 
        the U.S. Code.
   In 2021, FPS made 4,625 recommendations to add or upgrade 
        countermeasures at FPS-protected Federal facilities, including 
        assisting U.S. Marshals at U.S. Courthouses where several 
        nationally-prominent trials were held, such as the trial of two 
        men in Michigan charged with and convicted of plotting to 
        kidnap the Michigan Governor.
   Last year, FPS conducted 1,979 FSAs, to help our 
        stakeholders identify security requirements.
   FPS has had a significant role in DHS's Countering Unmanned 
        Aircraft Systems program, a cutting-edge countermeasure 
        technology that monitors the skies of FPS-protected facilities 
        for unauthorized unmanned aircraft, just one example of how FPS 
        evolves to meet emerging threats.
   FPS's 70 Explosive Detection Canine Teams provide specialty 
        services throughout the homeland, sweeping buildings, vehicles, 
        parking lots, and other structures for potential explosives. 
        Their presence not only helps locate potential explosives, but 
        also serves as a deterrent to criminals. In 2021, FPS's Canine 
        Teams made 103,512 total sweeps, including 28,258 building 
        sweeps and 75,254 vehicle sweeps.
   One of FPS's newest divisions, the Cyber-Physical Division, 
        completed 19 Cyber Security Assessments at 19 separate, large-
        scale Federal facilities, resulting in the identification and 
        remediation of 61 cyber vulnerabilities to Federal systems.
   More than a dozen FPS officers assisted the U.S. Capitol 
        Police to secure the U.S. Capitol on January 6, 2021.
   FPS developed and issued a Public Order Policing policy 
        directive--a first for the agency and the Department--that 
        clearly outlines instructions on how Law Enforcement Officers 
        should manage and respond to First Amendment-protected 
        activities and other types of crowd management events.
                               conclusion
    FPS continues to demonstrate that we are more than capable of 
deterring and responding to any and all threats toward Federal 
employees, visitors, and facilities.
    The FPS mission must be accomplished every day to ensure the 
continuity of the U.S. Government and our great country. Support from 
Congress and our stakeholders can help us progress as a law enforcement 
agency responsible for securing these sacred Governmental institutions.
    I am very proud of all that FPS has accomplished in our rich 51-
year history, and I know that our talented and committed workforce will 
always ensure we are ready to meet our mission as it continues to 
evolve.
    I would like to acknowledge and thank the distinguished Members of 
this subcommittee for allowing me the opportunity to testify today.
    I would be pleased to answer your questions.

    Mr. Correa. Thank you. I recognize Mr. Breor to summarize 
his statement for 5 minutes. Welcome, sir.

   STATEMENT OF SCOTT BREOR, ASSOCIATE DIRECTOR OF SECURITY 
  PROGRAMS, CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY 
          (CISA), U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Breor. Thank you, sir. Chairman Correa, Ranking Member 
Meijer, Members of the subcommittee, as the associate director 
for security programs within Cybersecurity and Infrastructure 
Security Agency's infrastructure security division, I 
appreciate the opportunity to appear before you today to 
discuss the Interagency Security Committee's role in the 
protection of Federal buildings and its efforts to improve 
preparedness and coordination with interagency partners.
    On October 19, 1995, 6 months after the Oklahoma City 
bombing at the Alfred P. Murrah Federal Building, President 
Clinton issued Executive Order 12977, creating the Interagency 
Security Committee, or ISC, to address the quality and 
effectiveness of physical security requirements of Federal 
facilities.
    Membership of the ISC consists of senior-level executives 
from 66 Federal departments and agencies. This collective 
security subject-matter expertise allows the ISC to develop 
top-tier risk management resources, and to coordinate 
interagency solutions to problems that cannot be solved by 
individual departments and agencies alone.
    The ISC is a collective forum that carries out its work by, 
with, and through its members with a primary governance 
framework of subcommittees and working groups. These working 
groups, which are provisional, are task-based bodies, 
established by the ISC, with clear objectives and defined 
deliverables.
    In March 2003, the role of chair transferred from the 
General Services Administration to DHS. DHS delegated this 
responsibility to CISA in light of its role to help protect and 
secure the Nation's critical infrastructure.
    CISA stewardship of the ISC ensures its work both supports 
and leverages State, local, territorial, and Tribal 
organizations, as well as the private sector, all essential 
partners as we work to ensure the continued protection of 
Federal facilities and assets across the Nation and around the 
world.
    Executive Order 12977 gave the ISC three key 
responsibilities. These include: Establish policies for 
security in and protection of Federal facilities; develop and 
evaluate security standards, and a strategy to ensure 
compliance; and take actions to enhance the quality and 
effectiveness of security and protection of Federal facilities.
    The ISC fulfills these responsibilities through multiple 
lines of effort, including the risk management process 
standard. The risk management process standard provides an 
integrated, single source, physical security countermeasures 
and guidance on countermeasure customization for all 
nonmilitary Federal facilities.
    ISC members created the risk management process standard to 
provide a common method for all Federal facility security 
stakeholders to guide risk assessments in a standardized way 
and to help facility owners identify the levels of protection 
needed to mitigate that risk.
    Further, the ISC validates member risk assessment tools and 
training programs as meeting the risk management process 
standard. This helps build individual and organizational 
capability to successfully implement ISC guidance in conducting 
these assessments.
    FPS uses a risk assessment tool that has been validated by 
the ISC, the Modified Infrastructure Survey Tool. Additionally, 
FPS's Physical Security Training Program, located at the 
Federal Law Enforcement Training Center, has similarly been 
validated by the ISC.
    This training program trains FPS personnel on how to 
conduct a risk assessment using their validated Modified 
Infrastructure Survey Tool.
    Two of the main drivers of threats to Federal facilities 
are targeted violence and terrorism. As noted in the most 
recent DHS National Terrorism Advisory System Bulletin, these 
threats are becoming more varied and complex. Combating them is 
and will remain a top priority of DHS.
    DHS is committed to using every resource available to 
prevent, detect, and mitigate threats of violence directed at 
Federal facilities.
    Thank you again for the opportunity to appear before you 
today, and for this committee's continued support of CISA and 
the Department. I look forward to continuing to work closely 
with you and other Members of Congress to keep our Federal 
facilities and those who work at and visit them safe and 
secure.
    [The prepared statement of Mr. Breor follows:]
                   Prepared Statement of Scott Breor
                           September 22, 2022
                              introduction
    Chairman Correa, Ranking Member Meijer, and Members of the 
subcommittee, my name is Scott Breor, and I am the associate director 
for security programs within the Department of Homeland Security's 
(DHS) Cybersecurity and Infrastructure Security Agency's (CISA) 
Infrastructure Security Division (ISD). I appreciate the opportunity to 
appear before you today to discuss the DHS's Interagency Security 
Committee's (ISC) role in the protection of Federal buildings and its 
efforts to improve preparedness, in coordination with interagency 
partners.
 the interagency security committee and its role in the protection of 
                           federal facilities
    The ISC was created in the wake of the April 19, 1995, bombing of 
the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma. The 
attack on that Federal facility served as a national tragedy with the 
loss of 168 lives, including 19 children. To this day, the Oklahoma 
City attack remains the deadliest domestic terrorist attack on American 
soil in our history.
    Following the Oklahoma City bombing, President Bill Clinton issued 
Executive Order (EO) 12977 to ``enhance the quality and effectiveness 
of security in and the protection of buildings and nonmilitary Federal 
facilities in the United States,'' and to create the ISC. DHS has 
chaired the ISC since March 2003, when, pursuant to EO 13286, the role 
of chair transferred from the General Services Administration (GSA) to 
DHS. DHS delegated this responsibility to CISA as a result of its role 
as the Nation's risk advisor and its task to help secure critical 
infrastructure. CISA provides the leadership, management, and 
compliance monitoring necessary to meet the requirements of EO 12977. 
CISA's stewardship of the ISC ensures its work both supports and 
leverages State, local, territorial, and Tribal organizations, as well 
as the private sector, all of whom are essential partners as we work to 
ensure the continued protection of Federal facilities and assets across 
the Nation and around the world.
role of the interagency security committee in federal facility security
    When the ISC was created in 1995, it consisted of the 21 members 
outlined in EO 12977. Today, the ISC includes 66 members. In addition 
to Executive branch agencies, the ISC includes representatives from 
outside the Executive branch such as the United States Capitol Police 
and the Administrative Office of the United States Courts. Membership 
consists of departments and agencies whose headquarters are both inside 
and outside the National Capital Region. This collective security 
subject-matter expertise allows the ISC to develop top-tier risk 
management resources and to coordinate interagency solutions to 
problems that cannot be solved by individual departments and agencies 
alone.
    The ISC is a collaborative forum that carries out its work by, 
with, and through its members within a primary governance framework of 
subcommittees and working groups. The ISC's eight standing 
subcommittees guide the development of ISC policies and strategic 
initiatives. Additionally, the ISC establishes working groups, which 
are provisional, task-based bodies with clear objectives and defined 
deliverables.
    EO 12977 gave the ISC three key responsibilities. These include:
   Establish policies for security in, and protection of, 
        Federal facilities;
   Develop and evaluate security standards and a strategy to 
        ensure compliance; and
   Take necessary actions to enhance the quality and 
        effectiveness of security and protection of Federal facilities.
    The ISC fulfills these responsibilities through multiple lines of 
effort. The first is the Risk Management Process: An Interagency 
Security Committee Standard (RMP Standard). The RMP Standard provides 
an integrated, single source of physical security countermeasures and 
guidance on countermeasure customization for all nonmilitary Federal 
facilities. ISC members created the RMP Standard to provide a common 
method for all Federal facility security stakeholders; specifically 
owning and leasing organizations, security organizations and the 
members of departments and agencies that are tenants in Federal 
facilities; to guide risk assessments of Federal facilities in a 
standardized way and to help facilities owners identify levels of 
protection needed to mitigate that risk.
    In addition to the core RMP Standard, the ISC produced and issued 
over 20 other products, including authoritative guidance on planning 
and response to an active-shooter situation, a standard for prohibited 
items at Federal facilities, and other best practices and guides. ISC 
guidance documents are distributed via department and agency member 
representatives and senior leaders within their organizations. Federal 
facility security stakeholders can also download the documents from the 
ISC web presence at CISA.gov. Each organization uses best practice 
documents and guides as a means to enhance the security of and 
protection of Federal facilities, and those who visit or occupy them. A 
sample of these products include:
   Security Convergence: Achieving Integrated Security: An 
        Interagency Security Committee Best Practice;
   Protecting Against the Threat of Unmanned Aircraft Systems 
        (UAS): An Interagency Security Committee Best Practice;
   Facility Access Control: An Interagency Security Committee 
        Best Practice;
   Violence in the Federal Workplace: A Guide for Prevention 
        and Response;
   Facility Security Plan: An Interagency Security Committee 
        Guide; and
   Planning and Response to an Active Shooter: An Interagency 
        Security Committee Policy and Best Practices Guide.
    ISC guidance is designed to be scalable and tailorable to the 
unique security environment and site-specific needs of the diverse 
membership of the ISC. Further, the ISC validates member risk 
assessment tools and training programs as meeting the RMP Standard. 
This helps build individual and organizational capability to 
successfully implement ISC guidance.
    The ISC also monitors compliance with its policies and standards at 
the organizational and facility level. This includes providing Federal 
facility stakeholders with the means to measure, report, and analyze 
compliance against a set of benchmarks using a web-based platform. The 
resulting data and analyses help departments and agencies focus their 
efforts and resources while providing feedback to the strategic 
direction of the ISC's work. Examples of areas where this valuable 
information has informed action include refining policy, developing 
training and other capacity-building efforts, and developing automated 
support tools. The results of ISC compliance findings are briefed to 
the ISC Chair, and also made available to the relevant ISC member 
departments and agencies, to ensure necessary corrective actions are 
taken to enhance compliance with ISC policies and standards.
          isc partnership with the federal protective service
    CISA, through its stewardship of the ISC, works with partners 
across Government and the private sector to ensure our Nation's Federal 
facilities are protected against the threats of today. Two of the main 
drivers of threats to Federal facilities are targeted violence and 
terrorism. As noted in the DHS National Terrorism Advisory System 
Bulletin, these threats are becoming more dynamic and complex--
combatting these threats is and will remain a top priority for DHS. 
Within DHS, our partners at the Federal Protective Service (FPS) play a 
key role on the ISC. FPS actively contributes to 7 of the ISC's 8 
standing subcommittees and all 3 operating working groups. The FPS also 
provides valuable leadership, chairing 2 of the 8 subcommittees and 1 
of the 3 working groups.
    In addition to contributing to the collective work of the ISC, FPS 
provides security for facilities under GSA's jurisdiction, custody, or 
control as well as numerous non-GSA Federal properties throughout the 
country. As part of this responsibility, FPS conducts risk assessments 
to identify risk(s) and recommended security countermeasures to 
mitigate corresponding risk(s). In conducting these assessments, FPS 
uses a risk assessment tool that has been validated by the ISC, the 
Modified Infrastructure Survey Tool. Additionally, FPS's Physical 
Security Training Program located at the Federal Law Enforcement 
Training Centers has similarly been validated by the ISC. This training 
program trains FPS personnel on how to conduct a risk assessment using 
their validated Modified Infrastructure Survey Tool (MIST).
                               conclusion
    DHS is committed to using every resource available to prevent, 
detect, and mitigate threats of violence directed at Federal 
facilities. Securing and protecting Federal facilities is both a DHS-
wide and an interagency effort.
    Thank you again for the opportunity to appear before you today, and 
for this committee's continued support of CISA, the Department, and our 
efforts. I look forward to continuing to work closely with you and 
other Members of Congress to keep our Federal facilities, and those who 
work at and visit them, safe and secure.

    Mr. Correa. Thank you for your testimony, and I now 
recognize Ms. Latham to summarize her statements in 5 minutes 
or less. Welcome.

    STATEMENT OF CATINA B. LATHAM, DIRECTOR OF THE PHYSICAL 
 INFRASTRUCTURE TEAM (ACTING), U.S. GOVERNMENT ACCOUNTABILITY 
                          OFFICE (GAO)

    Ms. Latham. Thank you. Good morning. Chairman Correa----
    Mr. Correa. Good morning.
    Ms. Latham [continuing]. Ranking Member Meijer, and Members 
of the subcommittee, thank you for the opportunity to discuss 
the Federal Protective Service's security risk assessments.
    As you have mentioned, we have designated Federal real 
property management as a high-risk area since 2003, in part, 
because of the physical security challenges at Federal 
facilities.
    My statement today will focus on our prior and on-going 
work on FPS. First, I will cover the stakeholders' views on FPS 
facility assessments and the implementation status of FPS 
security recommendations.
    Next, I will discuss the preliminary observations of FPS 
law enforcement deployments.
    First, we reported in June 2021 that stakeholders were 
generally satisfied with FPS security assessment process. 
However, many of them expressed concern with the cost estimates 
FPS provided in these reports, as they lacked important 
information that could help agencies make decisions.
    Stakeholders reported their concerns about the cost 
estimates may discourage them from implementing security 
measures intended to reduce the security threats.
    In that report, we recommended that the director of FPS 
ensure that facility security assessments document both the 
assumption and sources used to develop the cost estimates for 
each recommended security measure.
    As of August 2022, FPS had taken steps to address our 
recommendations, in part, by updating its directive and manual 
for conducting these assessments. We are now in the process of 
analyzing if FPS actions are fully responsive to our 
recommendations.
    Next, FPS data indicate that security recommendations are 
generally not implemented, as the Chairman mentioned. Our 
analysis show that between fiscal years 2017 and 2021, FPS made 
more than 25,000 security recommendations at nearly 5,000 
Federal facilities.
    Now, these recommendations range from addressing physical 
vulnerabilities to ensuring policy or guidance documents are 
current.
    Furthermore, FPS data shows it did not receive a decision 
as to whether agencies approved or rejected more than half of 
the 25,000 security recommendations.
    This data also shows an agency's approval of a 
recommendation does not necessarily mean it will be 
implemented. Of about the 6,800 of the approved 
recommendations, only about 22 percent have been implemented as 
of September 2022.
    FPS officials also noted that some recommendations stay 
open for years, as it can take time to secure the funding and 
implement some of the more costly recommended security 
measures.
    In our on-going work, we will explore and identify factors 
that influence agencies' decisions to approve or reject 
security recommendations, and we will also look at why FPS is 
not receiving information on those decisions. We expect to 
report on this work in early 2023.
    In addition to conducting facility security assessments, 
FPS provides law enforcement support to other Federal agencies. 
Preliminary observations from our on-going work shows that the 
number of days FPS has deployed law enforcement officers has 
increased since fiscal year 2020.
    These officers are deployed to augment security at FPS-
protected facilities to support other agencies' homeland 
security operations.
    FPS deployments, for example, have helped in securing 
Federal facilities during protests and housing units for 
migrants in the Southwest Border region.
    As a final point, staffing is also an important 
consideration as FPS continues to have shortages. In June 2010, 
when FPS was in the Cybersecurity and Infrastructure Security 
Agency, we reported that FPS had difficulty obtaining needed 
staff.
    FPS had not filled 21 percent of its authorized positions, 
including about 200 law enforcement positions.
    We are currently conducting work on these changes since FPS 
moved to the management directorate and how they are 
collaborating to address FPS staffing shortages. We expect to 
release an issue on this work by the end of 2022.
    Chairman Correa, Ranking Member Meijer, and Members of the 
subcommittee, this concludes my statement. I am happy to answer 
your questions.
    [The prepared statement of Ms. Latham follows:]
                 Prepared Statement of Catina B. Latham
                      Thursday, September 22, 2022
                             gao highlights
    Highlights of GAO-22-106177, a testimony before the Subcommittee on 
Oversight, Management, and Accountability, Committee on Homeland 
Security, House of Representatives.
Why GAO Did This Study
    Over 1 million Federal employees and visitors depend on FPS to 
provide security and protection at more than 9,000 facilities across 
the country. FPS assesses these facilities to identify security risks 
and then recommends security measures. In addition to this work, FPS 
provides law enforcement services on a short-term basis or in specific 
situations for individual agencies.
    This testimony focuses on: (1) Stakeholders' views about FPS's 
facility assessments and the status of its security recommendations and 
(2) preliminary observations on FPS's law enforcement deployments. This 
statement is based on past work issued in June 2021 (GAO-21-464) as 
well as on-going work on FPS's security recommendations and its move to 
DHS's Management Directorate in 2019.
    For the 2021 report, GAO held discussion groups with stakeholders 
from 27 randomly-selected FPS-protected facilities to obtain their 
views of FPS's risk assessments. In on-going work, GAO analyzed FPS 
data on security recommendations made from fiscal years 2017 through 
2021, data on law enforcement deployments in fiscal years 2020 and 
2021, and staffing data for fiscal year 2021.
    GAO previously recommended that FPS provide additional detail in 
its cost estimates for security measures. GAO is reviewing FPS's 
actions to address this recommendation. GAO will continue to assess 
these issues and make recommendations as appropriate.
  federal protective service.--many approved security recommendations 
  were not implemented and preliminary work suggests law enforcement 
                       deployments have increased
What GAO Found
    GAO reported in June 2021 that the Federal Protective Service's 
(FPS) stakeholders--tenant agency officials and building managers--held 
positive views about the content of FPS security assessment reports. In 
these reports, FPS made recommendations to address identified security 
vulnerabilities. Many of these stakeholders expressed concern that the 
cost estimates in the reports were not sufficiently detailed to inform 
their decisions on the recommendations.
    In on-going work, GAO found it was unclear if agencies were still 
in the process of deciding whether to approve most of FPS's 
recommendations or if they had accepted the security risks. FPS data 
also show an approval of a recommendation did not mean it would be 
implemented. For fiscal years 2017 through 2021, FPS made more than 
25,000 security recommendations at nearly 5,000 facilities. FPS did not 
receive a response on whether agencies planned to implement over half 
of these recommendations. Of the recommendations approved for 
implementation, about 22 percent were implemented as of September 2022. 
GAO's on-going work suggests recommendations were not implemented for 
reasons such as a lack of agency resources or tenant agency plans to 
move to a different facility.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    GAO's on-going work also suggests that FPS has increased law 
enforcement officer deployments since fiscal year 2020. FPS has 
deployed law enforcement officers to augment its protection of Federal 
facilities during protests and has an agreement to help another agency 
within the Department of Homeland Security to provide security at its 
facilities in the Southwest Border region. GAO's on-going work also 
found that FPS continues to face staffing shortages. At the end of 
fiscal year 2021, FPS had not filled 21 percent of its positions, 
including about 200 law enforcement positions. FPS officials cautioned 
that as facilities return to pre-COVID operations, these shortages 
could affect FPS's ability to carry out its responsibilities.
    Chairman Correa, Ranking Member Meijer, and Members of the 
subcommittee: Thank you for the opportunity to discuss our work on 
security services provided by the Department of Homeland Security's 
(DHS) Federal Protective Service (FPS). FPS plays an important role in 
ensuring the day-to-day security of over 1 million Federal employees 
and visitors at more than 9,000 Federal facilities. The General 
Services Administration (GSA) serves as the landlord for most of these 
facilities, with Federal agencies renting space from GSA and thus 
serving as tenants. FPS provides security and protection at these 
facilities, in part, by conducting facility security assessments to 
identify security risks and recommending security measures for agencies 
to implement to address or mitigate these risks. Agencies' 
implementation of the recommended security measures is an important 
step in protecting employees, visitors, and facilities.
    In addition to these efforts, FPS provides security as specific 
situations or events arise. This includes agreements to provide law 
enforcement on a short-term basis or in specific situations for 
individual agencies. For example, FPS has provided security at 
facilities in the Southwest Border region for U.S. Customs and Border 
Protection and at locations of hurricane disasters for the Federal 
Emergency Management Agency.
    We have designated Federal real property management as a high-risk 
area since 2003, in part because of physical security challenges at 
Federal facilities. One challenge we have identified in prior work has 
been FPS's ability to collaborate with GSA and tenant agencies--which 
we refer to as ``stakeholders.''\1\ My statement today focuses on:
---------------------------------------------------------------------------
    \1\ We designated the broader area of Federal real property 
management as a high-risk area due to the presence of unneeded and 
underutilized facilities, concerns with the reliability of real 
property data, and security challenges at Federal facilities. GAO, 
High-Risk Series: Dedicated Leadership Needed to Address Limited 
Progress in Most High-Risk Areas, GAO-21-119SP (Washington, DC: Mar. 2, 
2021).
---------------------------------------------------------------------------
   stakeholders' views on FPS's facility assessments and the 
        implementation status of its security recommendations and
   preliminary observations on FPS's law enforcement 
        deployments.
    This statement is based in part on our report issued in June 2021 
about stakeholders' perspectives on FPS's performance of key 
activities, including conducting facility security assessments. It is 
also based on our on-going work related to FPS security recommendations 
and the impact of FPS's recent move to the Management Directorate 
within DHS.\2\
---------------------------------------------------------------------------
    \2\ GAO, Federal Protective Service: Better Documented Cost 
Estimates Could Help Stakeholders Make Security Decisions, GAO-21-464 
(Washington, DC: June 8, 2021).
---------------------------------------------------------------------------
    In conducting our prior work related to FPS's security assessments, 
we held 6 discussion groups with stakeholders from 27 randomly selected 
facilities where FPS provided services. The views of these stakeholders 
are not representative, but collectively provided insight into 
stakeholders' satisfaction with how FPS was performing key activities. 
We also compared FPS's facility security assessment reports to criteria 
in GAO's Cost Estimating and Assessment Guide.\3\ In our current work, 
we obtained data from FPS's risk assessment tool on recommendations 
made during fiscal years 2017 through 2021. We analyzed the data to 
identify the types of recommendations made and the approval and 
implementation status of the recommendations. We assessed the data 
against GAO data reliability standards, including reviewing FPS 
guidance and processes for safeguarding and checking the data for 
accuracy and completeness. We determined the data were sufficiently 
reliable for the purposes of describing the type and implementation 
status of FPS recommendations.
---------------------------------------------------------------------------
    \3\ GAO, Cost Estimating and Assessment Guide: Best Practices for 
Developing and Managing Program Costs, GAO-20-195G (Washington, DC: 
March 2020).
---------------------------------------------------------------------------
    Our work to understand FPS's law enforcement deployments is on-
going. We analyzed data on the extent to which FPS law enforcement 
staff were deployed to support homeland security operations in fiscal 
year 2020 and fiscal year 2021 as well as data on the extent to which 
FPS had unstaffed positions as of the end of fiscal year 2021. 
Additionally, we interviewed officials from FPS, including 5 FPS 
Regional Directors, to understand how FPS's deployments and staff 
resources have changed since its move to the Management Directorate in 
2019.\4\
---------------------------------------------------------------------------
    \4\ We selected directors in the 5 largest regions in terms of 
FPS's authorized positions in fiscal year 2021.
---------------------------------------------------------------------------
    We conducted this work in accordance with generally accepted 
Government auditing standards. Those standards require that we plan and 
perform the audit to obtain sufficient, appropriate evidence to provide 
a reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a reasonable 
basis for our findings and conclusions based on our audit objectives.
                               background
Organizational Responsibilities
    FPS is responsible for the day-to-day protection of over a million 
people who work in or visit the over 9,000 Federal facilities across 
the country held or leased by GSA. FPS provides both physical security 
and law enforcement services at these facilities.
   Physical security activities.--FPS conducts facility 
        security assessments and recommends security measures--such as 
        security cameras, physical access control systems, and X-ray 
        screening equipment. These measures are aimed at preventing 
        security incidents. FPS also oversees Protective Security 
        Officers (i.e., contract guards) who provide services such as 
        screening visitors.\5\
---------------------------------------------------------------------------
    \5\ For the purposes of this statement, we refer to Protective 
Security Officers as ``contract guards.''
---------------------------------------------------------------------------
   Law enforcement activities.--FPS personnel respond to 
        incidents, conduct criminal investigations, and can make 
        arrests.
    In addition to protecting GSA facilities, FPS participates in 
homeland security activities such as providing law enforcement, 
security, and emergency-response services during natural disasters and 
special events.\6\ In our January 2019 report and June 2019 testimony 
on FPS's organizational placement, we reported that FPS's 
responsibilities grew beyond solely protecting GSA facilities to 
include homeland security activities when it moved from GSA to DHS's 
Immigration and Customs Enforcement in March 2003.\7\ FPS continued to 
participate in such activities in each of its subsequent organizational 
placements in DHS: the National Protection and Programs Directorate 
(which was later re-designated as the Cybersecurity and Infrastructure 
Security Agency)\8\ and the Management Directorate.\9\ FPS transitioned 
to DHS's Management Directorate--its current placement--in October 
2019.\10\
---------------------------------------------------------------------------
    \6\ FPS derives its law enforcement authority with respect to the 
protection of buildings, grounds, and property that are owned, 
occupied, or secured by the Federal Government, and the persons on the 
property, from the Secretary of Homeland Security pursuant to 40 U.S.C. 
 1315.
    \7\ FPS was transferred from GSA to DHS by the Homeland Security 
Act of 2002 (Pub. L. No. 107-296,  403, 116 Stat. 2135, 2178) and 
placed within DHS's Bureau of Immigration and Customs Enforcement.
    \8\ The fiscal year 2010 DHS appropriations act transferred FPS 
from DHS's Immigration and Customs Enforcement to DHS's National 
Protection and Programs Directorate. Pub. L. No. 111-83, 123 Stat. 
2142, 2156-57 (2009).
    \9\ In November 2018, when FPS was located in DHS's National 
Protection and Programs Directorate, the Cybersecurity and 
Infrastructure Security Agency Act of 2018 required DHS to determine 
the appropriate organizational placement for FPS. Pub. L. No. 115-278, 
 2(a), 132 Stat. 4168. In May 2019, DHS announced its decision to 
transfer FPS to DHS's Management Directorate with FPS reporting to 
DHS's Under Secretary for Management. FPS transitioned to DHS's 
Management Directorate in October 2019.
    \10\ See also GAO, Federal Protective Service's Organizational 
Placement: Considerations for Transition to the DHS Management 
Directorate, GAO-19-605T (Washington, DC: June 11, 2019) and GAO, 
Federal Protective Service: DHS Should Take Additional Steps to 
Evaluate Organizational Placement, GAO-19-122 (Washington, DC: Jan. 8, 
2019).
---------------------------------------------------------------------------
Facility Security Assessments
    As part of FPS's physical security responsibilities, one of its key 
responsibilities is to conduct facility security assessments of Federal 
facilities every 3 to 5 years to identify and evaluate potential risks 
(see fig. 1). As part of these assessments, FPS recommends security 
measures and practices to help prevent or mitigate these risks.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    The Interagency Security Committee (ISC) and Federal agencies that 
obtain space through GSA, known as tenant agencies, also have 
responsibilities associated with the facility security assessment 
process. ISC is a DHS-chaired organization that develops security 
standards for nonmilitary Federal facilities in the United States. 
Among other things, ISC establishes standards that define the minimum 
physical security requirements and associated countermeasures. Under 
Executive Order 12977, FPS is required to follow ISC standards, 
including the ISC's risk-management process standard, when conducting 
facility security assessments.\11\
---------------------------------------------------------------------------
    \11\ Executive Order 12977, 60 Fed. Reg. 54411 (Oct. 19, 1995), as 
amended by Executive Order 13286, 68 Fed. Reg. 10619 (Mar. 5, 2003), 
requires Executive Branch departments and agencies to cooperate and 
comply with ISC's policies and recommendations. See also, ISC, The Risk 
Management Process: An Interagency Security Committee Standard, 2021 
Edition (2021).
---------------------------------------------------------------------------
    ISC standards require FPS to conduct these assessments every 3 to 5 
years, depending on the security level of the facility.\12\ FPS tracks 
scheduling and completion of its assessments for all facilities at all 
risk levels using data that the inspectors enter into FPS's risk 
assessment tool (i.e., Modified Infrastructure Survey Tool or MIST). 
FPS reported that in fiscal years 2017 through 2021 its inspectors 
completed 100 percent of facility security assessments for high-risk 
facilities within the required time frame.\13\
---------------------------------------------------------------------------
    \12\ Facility security levels range from level I (lowest risk) to 
level V (highest risk) based on factors such as mission criticality and 
facility population. The security level designation determines the 
facility's baseline security measures and practices.
    \13\ DHS, Fiscal Year 2019-2021 Annual Performance Report, 
(Washington, DC: February 2020) and DHS, Congressional Budget 
Justification for Fiscal Year 2023, (Washington, DC: March 25, 2022).
---------------------------------------------------------------------------
    ISC standards also specify that tenant agencies are responsible for 
making facility-specific security decisions, either as members of a 
Facility Security Committee (FSC) or through a designated official.\14\ 
An FSC is established for buildings occupied by multiple agencies and 
includes representatives from each of the tenant agencies. Members of 
the FSC or the designated official are responsible for making facility-
specific security decisions. In multi-tenant facilities, the tenant 
agencies are responsible for funding most of the security measures 
proportionally based on the space they occupy in the facility.
---------------------------------------------------------------------------
    \14\ The Federal agency with funding authority for security 
recommendations is the decision maker for a single-tenant facility's 
security. Throughout this document, FSC is used to encompass both the 
FSC and the designated official.
---------------------------------------------------------------------------
    ISC standards calls for the FSC to consider FPS's recommendations 
and decide whether to approve or disapprove (reject) the 
recommendations. The standard also states that the FSC may accept the 
risk of not implementing a security recommendation. The standard 
specifies that the FSC chair is to notify FPS of the decision within 45 
days of receiving the assessment report. FPS records whether the FSC 
approved or rejected the recommendations from the facility security 
assessment into FPS's risk assessment tool. In addition, FPS records 
the results of the facility security assessments, including the 
identified vulnerabilities and the recommended security measures. If 
the FSC did not provide a decision to FPS within 45 days of receiving 
the FPS assessment and recommendation, FPS enters a status of ``no 
response'' into its risk assessment tool.
FPS Budget and Staff
    FPS is entirely funded by the fees it charges agencies for its 
services and does not receive a direct appropriation from the general 
fund of the Treasury. For fiscal year 2021, FPS had an annual budget--
based on revenue from the fees--of about $1.6 billion. The rates FPS 
can charge agencies for basic security services must be approved by the 
Office of Management and Budget. FPS also charges agencies fees for 
services beyond basic security.
    In May 2021, FPS reported that it employed roughly 1,300 staff 
across 11 regional offices and headquarters. This workforce consists of 
law enforcement and non-law enforcement staff. Law enforcement staff 
include inspectors and criminal investigators. Law enforcement staff 
also include the Rapid Protection Force, which is a team that FPS can 
quickly deploy to heightened security situations. Non-law enforcement 
staff provide mission support. FPS also manages and oversees 
approximately 15,000 contract guards posted at Federal facilities. The 
duties of contract guards include controlling access to facilities 
across the country; conducting screening at access points to prevent 
the entry of prohibited items, such as weapons and explosives; and 
responding to emergency situations involving facility safety and 
security.
 stakeholders were generally satisfied with fps's security assessment 
       process; yet many fps recommendations were not implemented
Stakeholders Generally Held Positive Views of FPS's Security Assessment 
        Process but Raised Concerns That Cost Estimates Lacked 
        Important Details
    In June 2021, we reported that the participants of our discussion 
groups--tenant agency officials and GSA building managers--generally 
held positive views about the content of FPS's security assessment 
reports and FPS's communication about the reports.\15\ Participants 
from all six discussion groups characterized the reports as thorough, 
comprehensive, timely, and useful. Many participants also expressed 
satisfaction with FPS's communication of the security assessment 
results. However, several building manager participants told us that 
they had not been invited to an FPS presentation of security assessment 
results. According to the FPS Facility Security Assessment Manual, FPS 
is to work with the FSC chair to schedule and hold a presentation of 
the security assessment results to the committee. The FSC chair is 
responsible for inviting members of the committee to meetings. However, 
we also reported that many stakeholders expressed concern with the cost 
estimates FPS provides in its security assessment reports.\16\ 
Participants from all three groups of building managers and one group 
of tenant agency participants said that FPS's cost estimates are not 
sufficiently detailed to inform participants' decisions on recommended 
security measures and practices.\17\ Based on the comments from our 
discussion group participants, stakeholders' concerns with cost 
estimates may discourage them from implementing security measures 
intended to reduce security risks. For example, one building manager 
participant observed that lack of details about cost estimates caused 
delays and resulted in unimplemented recommendations.
---------------------------------------------------------------------------
    \15\ GAO-21-464.
    \16\ GAO-21-464.
    \17\ No participants commented positively about cost estimates in 
FPS's security assessment reports.
---------------------------------------------------------------------------
    Given these concerns, we reviewed the most recent security 
assessment reports for the 27 buildings we selected. We found that 
selected FPS security assessment reports lacked documentation of 
important information that would help FSCs use the cost estimates to 
make decisions. According to ISC standards, FPS is required to provide 
a detailed description of work and cost estimates for each recommended 
security measure and practice.\18\ This requirement is reinforced by a 
2018 memorandum of agreement with GSA in which FPS committed to provide 
cost estimates as part of its security assessment reports. In addition, 
according to GAO's Cost Estimating and Assessment Guide, cost estimates 
should provide information about the assumptions and sources used to 
develop an estimate so that decision makers can understand the level of 
uncertainty around the estimate.
---------------------------------------------------------------------------
    \18\ ISC, The Risk Management Process: An Interagency Security 
Committee Standard 2021 Edition (2021).
---------------------------------------------------------------------------
    In our June 2021 report, we recommended that the director of FPS 
ensure that Facility Security Assessment reports document the 
assumptions and sources used to develop the cost estimate for each 
recommended security measure.\19\ As of August 2022, FPS had taken 
steps to address our recommendation in part by updating its directive 
and manual for conducting facility security assessments. We are 
assessing FPS's actions to determine if they fully address our 
recommendation.
---------------------------------------------------------------------------
    \19\ GAO-21-464.
---------------------------------------------------------------------------
FPS Data Indicate That Security Recommendations Are Generally Not 
        Implemented
    As previously discussed, FSCs are responsible for accepting a 
recommended security measure or rejecting it and thereby accepting the 
risk of not implementing it. Between fiscal years 2017 through 2021, 
FPS made more than 25,000 security recommendations at nearly 5,000 
Federal facilities. These recommendations ranged from addressing 
physical vulnerabilities to ensuring policy or guidance documents in 
the following categories (see fig. 2).
   Barriers and fencing.--physical obstacles used to restrict 
        access to facilities. Barriers are fixed or movable objects, 
        such as bollards or spike systems, that are used to mitigate or 
        reduce the impact of a vehicle ramming a building or a 
        checkpoint.
   Building envelope.--exterior surface of the building, 
        including the doors, windows, facade, and roof.
   Electronic security systems.--systems that are designed to 
        prevent theft or intrusion and protect property and life, such 
        as alarm systems and video surveillance systems.
   Entry controls.--entry and access controls to the facility 
        for employees, visitors, and vehicles, including locks, 
        screening procedures, and parking security measures.
   Illumination.--lighting of the facility, including 
        entrances, fencing, and parking.
   Security documentation and management.--documentation, 
        policies, and procedures for the management of security threats 
        and plans supporting security at the facility. Includes 
        operational and emergency plans, as well as up-to-date security 
        training.
   Security force profile.--guards and guard services located 
        at the facility.
   Utility dependency.--the facility dependency on a utility 
        service, such as electricity or water, and the presence of 
        protective or emergency measures supporting provision of those 
        services.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
        
    For the majority of FPS's recommendations, it was unclear from 
FPS's data if the FSC's were still in the process of deciding whether 
to approve the recommendations or had accepted the security risks. The 
data (discussed below) indicates that FPS did not receive notification 
of the FSCs' decisions to approve or reject more than half of the 
25,000 security recommendations within 45 days of receiving the 
recommendation as called for in the ISC standard. As a result, FPS 
recorded the status of these recommendations as ``no response,'' as 
noted earlier.
    FPS data also show an FSC's approval of a recommendation does not 
necessarily mean it will be implemented. Of the 27 percent of the 
recommendations approved by the FSCs, about 22 percent (about 1,500), 
were implemented as of September 2022 (see fig. 3).

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    Our preliminary findings from our on-going work suggest a range of 
reasons for approved recommendations not being implemented. For 
example, FPS's data indicate that a recommendation may not be 
implemented for reasons such as a lack of agency resources to implement 
it or the tenant plans to move to a different facility. FPS officials 
also noted that some recommendations stay open for years because it can 
take time to secure the funding necessary to implement more costly 
security measures. Our on-going work will identify factors that 
influence FSC decisions to approve or reject FPS security 
recommendations. We are also exploring what issues might be 
contributing to FPS not receiving a decision from the FSCs and 
contributing to approved recommendations not being implemented. We 
expect to report on this work in early 2023.
   our preliminary work shows that fps has increased law enforcement 
          deployments and continues to face staffing shortages
    In addition to conducting facility security assessments, FPS 
provides law enforcement services. Our preliminary findings from our 
on-going work show that FPS has increased its deployment of law 
enforcement officers since fiscal year 2020. FPS's deployments, for 
example, augment security at FPS-protected facilities or support other 
DHS components' homeland security operations, such as securing 
facilities at the Nation's borders or disaster locations. In fiscal 
year 2021, for example, FPS deployed law enforcement officers to 
augment security at FPS-protected facilities during protests. As 
another example, in June 2022, FPS and DHS's U.S. Customs and Border 
Protection (CBP) signed an agreement to enable FPS to detail law 
enforcement officers to, among other things, provide security at CBP 
facilities, such as at migrant housing units, in the Southwest Border 
region.\20\ FPS's deployments in fiscal years 2020 and 2021 involved 
law enforcement officers from its Rapid Protection Force and other FPS 
law enforcement officers, most of whom are assigned to FPS regional 
offices and headquarters.\21\
---------------------------------------------------------------------------
    \20\ The law enforcement support FPS provides other Federal 
agencies, and the fees FPS charges for this support, are governed by 
agreements between FPS and the other agencies.
    \21\ An FPS official involved in planning for deploying FPS law 
enforcement officers said that FPS sometimes uses contract guards to 
support homeland security operations. Contract guards check 
identification cards, perform basic patrol, and monitor camera systems.
---------------------------------------------------------------------------
    FPS officials said that FPS is more involved in other DHS 
components' homeland security operations since the agency moved from 
the Cybersecurity and Infrastructure Security Agency to the Management 
Directorate in October 2019.\22\ They said FPS is more involved because 
the acting under secretary for management has shown support for FPS's 
facility protection mission and legal authorities, and ensured that DHS 
components are aware of FPS's role. FPS officials also said that their 
increased participation in homeland security operations has improved 
the agency's credibility within DHS; they said this improved 
credibility has been one of the benefits of moving to the Management 
Directorate.
---------------------------------------------------------------------------
    \22\ In November 2018, when FPS was located in DHS's National 
Protection and Programs Directorate, the Cybersecurity and 
Infrastructure Security Agency Act of 2018 re-designated the National 
Protection and Programs Directorate as the Cybersecurity and 
Infrastructure Security Agency and required DHS to determine the 
appropriate organizational placement for FPS. See Cybersecurity and 
Infrastructure Security Agency Act of 2018, Pub. L. No. 115-278,  
2(a), 132 Stat. 4168, 4184. In May 2019, DHS announced its decision to 
transfer FPS to DHS's Management Directorate with FPS reporting to 
DHS's Under Secretary for Management. FPS transitioned to DHS's 
Management Directorate in October 2019.
---------------------------------------------------------------------------
    However, in the Management Directorate FPS has continued to face 
staffing shortages. In June 2010, when FPS was in the agency that was 
later re-designated as the Cybersecurity and Infrastructure Security 
Agency, we reported that FPS had difficulty obtaining the staffing 
needed to adequately protect Federal facilities.\23\ FPS's staffing 
difficulties have continued. At the end of fiscal year 2021, FPS 
reported that it had not filled 21 percent of its positions, including 
about 20 law enforcement positions in its Rapid Protection Force and 
about 180 additional law enforcement positions. However, two FPS 
Regional Directors we interviewed as part of our on-going work said the 
current pandemic environment of limited occupancy in Federal facilities 
has resulted in fewer incidents at facilities needing FPS's attention. 
The Directors cautioned that as facilities return to pre-COVID 
operations, FPS's staffing shortages could affect its ability to carry 
out its responsibilities.
---------------------------------------------------------------------------
    \23\ GAO, Homeland Security: Preliminary Observations on the 
Federal Protective Service's Workforce Analysis and Planning Efforts, 
GAO-10-802R (Washington, DC: June 14, 2010).
---------------------------------------------------------------------------
    We are currently conducting work on how deployments have changed 
since FPS's move to the Management Directorate and how FPS and the 
Management Directorate are addressing FPS's staffing shortages. We 
expect to issue a report on this work by the end of 2022.
    Chairman Correa, Ranking Member Meijer, and Members of the 
subcommittee, this completes my prepared statement. I would be pleased 
to respond to any questions that you may have at this time.

    Mr. Correa. Thank you very much. I want to thank all the 
witnesses, all of you, for your testimony, and I will remind 
the subcommittee that each one of us has 5 minutes to question 
the panel, and I will recognize myself for 5 minutes of 
questions.
    Your testimony, very important. Seventy percent of FPS's 
recommendations, not implemented. Ms. Latham, you cite a number 
of factors--budgets. You cited the challenges in the Southern 
Border. Is this 70 percent nonimplementation something new, or 
has this been something that has been going on for a number of 
years? Ms. Latham.
    Ms. Latham. Thank you for the question. The work that we 
are doing now, we are certainly going to look further in depth 
into how long this has been a standing issue of not being 
implemented.
    Some of the reasons, as you mentioned, that we had heard in 
our prior work was due to not having the cost estimates as I 
noted. The agencies noted that they needed these cost estimates 
to just further understand the scale of what is needed to 
address them.
    They also said that they needed the information, for 
example, if they were in a building that was older and needed--
--
    Mr. Correa. Let me interrupt you, I only have a couple 
minutes to ask these questions. But, again, is this something 
new, has this been going on for 3, 4, 5 years? A decade?
    Mr. Latham. I don't know the time period, but it is our 
understanding----
    Mr. Correa. Mr. Cline, could you help me out here?
    Mr. Cline. Absolutely, Chair Correa. It has been going on 
for a good while, sir. It is----
    Mr. Correa. I ask this because--first of all, let me say, 
thank you for the good work you do keeping us safe, our 
buildings, our citizens, our Federal employees.
    Your job is finding a needle in a haystack, yet failure is 
unacceptable. Oklahoma City bombing, 9/11, when you have 
failures, they are big. It is not you, it is us. What I am 
trying to do is figure out a road map here to help you do your 
job better.
    Seventy percent, help me out here, give me a little bit of 
a road map, a little bit of confidence. Tell me that you 
prioritize some of the things you need to do, because 70 
percent of your recommendations not going implemented is not 
something I am comfortable listening to today. Mr. Cline, 
please.
    Mr. Cline. Thank you, sir, and as the representative from 
GAO mentioned, we have corrected the cost estimates for the 
countermeasures. So that is an approach that we have corrected.
    It is very difficult to get these countermeasures 
implemented, and like we have mentioned, it is typically a lack 
of resources from the agencies to be able to implement those 
countermeasures.
    If it is a multi-tenant facility, then all the agencies in 
the facility, No. 1, have to agree to that countermeasure 
recommendation, and No. 2, they have to fund their share of 
that cost for the countermeasure recommendation.
    My counterpart at ISC, they recently established a program 
to observe the compliance by agency of the countermeasure 
recommendations. I think it might be worthwhile to have Mr. 
Breor talk to you a little bit about that, sir, and how we are 
doing that.
    Mr. Correa. Mr. Breor, in the few moments I have, please.
    Mr. Breor. Yes, sir. So under the risk management process 
which initially came out in 2013, one of the key aspects of 
that is you have a standard now compliance to that standard.
    So we are working with our interagency partners, because I 
am here representing the collective, all 66 departments and 
agencies that make up the ISC.
    At the end of that tail, it is that specific department, 
agency, that facility, that owns that risk.
    What we rolled out in 2019, a compliance system, so we are 
now receiving reports from departments and agencies with 
respect to their compliance to the risk management process 
standard, active shooter, and also prohibited items into 
Federal facilities.
    I am happy to say that this year, and going along with GAO 
best practices, we actually finished a pilot of a verification 
program. So it is one thing then to collect on a compliance, it 
is another thing to verify that compliance.
    So going forward we will be able to verify what departments 
and agencies submit into the compliance system.
    Mr. Correa. I got further questions, but we are out of 
time, so I would like to recognize the Ranking Member of the 
subcommittee, the gentleman from Michigan, Mr. Meijer, for his 
set of questions.
    Mr. Meijer. Thank you, Mr. Chairman.
    Obviously it is a difficult position you find yourselves in 
because you are making recommendations. You are, as the GAO 
noted, you are trying to get those recommendations--or when 
making those recommendations, trying to present and do so in a 
way that is going to be most conducive to them ultimately being 
adopted, while at the same time, having FPS personnel standing 
in that breach in the interim.
    I think that was drove home by the death of PSO Patrick 
Underwood on May 29, 2020, you know, during the George Floyd 
protests. An accelerationist group took advantage of that chaos 
and shot and killed PSO Underwood and wounded his partner.
    So I don't necessarily want to dwell on that one tragic 
incident, but how does FPS balance the desire to have those 
recommendations being implemented with the fact that it is FPS 
personnel, you know, who are protecting, especially on the PSO 
side, who are protecting, and potentially made vulnerable if 
those recommendations are not ultimately implemented by the 
facility owner? Mr. Cline, that is probably most appropriate to 
you.
    Mr. Cline. Thank you, sir. It puts us in a difficult 
situation when the countermeasures are not implemented. We 
balance our staffing requirements. We work with our local and 
city, county, State, Federal partners to maintain awareness of 
threats to facilities, demonstrations that may occur at those 
facilities, and we balance our deployment efforts and staffing 
efforts to those facilities based on what we hear.
    I am with you on Pat Underwood, hero. Went to his memorial 
service out in Oakland. Bad situation. We had 17 FPS officers 
at that Federal building at the time of that incident, total 
chaos. Very violent demonstration was occurring at the time, 
and like you said, bad actors took advantage of that situation.
    So for us, it is a balance on how we deploy ourselves. We 
know by facility where the highest risks are and where we need 
to put people. So, for instance, the FBI facilities around the 
country, the field offices and resident agencies are very 
secure.
    You observed that in Cincinnati during the attack. There is 
no way anyone was going to get inside that building. Our 
protective security officers sounded the alarm, and the FBI 
agents inside the building responded, and the individual fled.
    Working to get the other agencies to reach that level of 
awareness and preparedness is our issue, but like it was 
mentioned before, it primarily comes down to the funding.
    This is a multi-tenant agency in Ames, Iowa. They are 
working with their departments and agencies here in Washington, 
DC to get--and it could be--$20,000 was their portion of a 
camera--permanent camera project, and getting that $20,000 back 
to Ames, Iowa, is the difficult situation that the facility 
security committees find themselves in.
    Mr. Meijer. I want to follow up on one you said, Mr. Cline, 
but I don't want you to have to answer it.
    Ms. Latham, Mr. Cline mentioned the FBI as a tenant 
organization that is both aware of the threat that they face 
and the critical role, and also very well-equipped to 
understand and to balance that threat versus the costs of the 
countermeasures.
    Are there any--and this is why I didn't want Mr. Cline to 
have to answer it--are there any agencies, tenant agencies that 
you think are particularly less inclined to adopt 
countermeasures on the opposite end of the spectrum? If FBI is 
maybe in the better practices, who is in the worst?
    Ms. Latham. Well, I would say, in terms of your question, 
not necessarily less inclined, but the agencies, when we did 
our review that we noticed had more recommendations that were 
not addressed were your more smaller agencies, which that could 
be understandable, from some of the comments that Chief Cline 
mentioned, maybe due to some of their challenges to address 
them. But we didn't look further into that. But I would say the 
smaller agencies compared to the larger ones had more 
unaddressed recommendations.
    Mr. Meijer. Thank you.
    Mr. Cline, just wanted to get back to you real quick, a 
broader question. FPS has been transferred, as we mentioned, to 
three different parts of DHS in the last two decades. Do you 
think right now, the management directorate will be a permanent 
home for FPS, or is another home within DHS potentially more 
appropriate?
    Mr. Cline. Thank you, Ranking Member Meijer. Our transition 
to management has been wonderful. We are really taking 
advantage of the expertise of the lines of business. CFO, CRFO, 
you name it, I mean, we need to mature our business programs 
within FPS, and being under management is really helping us do 
that.
    Ultimately the decision on the placement of FPS, I think as 
we grow and mature, we would be ready to prepare ourselves to 
become a component within DHS, a stand-alone component, but 
right now, our alignment with management, specifically under 
the leadership and guidance of Acting Under Secretary for 
Management Mr. Alles, has been a good place for us right now.
    Mr. Meijer. Thank you, Mr. Cline, and with that my time is 
expired, and I yield back, Mr. Correa.
    Mr. Correa. Thank you, sir. The Chair will now recognize 
other Members of the committee for questions that they may wish 
to ask the witnesses.
    In accordance with the guidelines laid out by the Chairman 
and Ranking Member in their February 3 colloquy, I will 
recognize Members in order of seniority, alternating between 
Majority and Minority Members, and Members are also reminded to 
unmute themselves when recognized for questions.
    Now I would like to recognize Mr. Payne of New Jersey for 5 
minutes of questions. Mr. Payne, welcome.
    Mr. Payne. Thank you, Mr. Chairman, and thank you for 
having this timely hearing. Let's see.
    Deputy--Mr. Cline, according to the Government 
Accountability Office, the Federal Protective Service is facing 
a staffing shortage with approximately 21 percent of its 
positions unfilled, including about 200 law enforcement 
positions.
    How are you ensuring that FPS is still able to respond to 
threats to the Federal property, perform security assessments, 
and execute its other core missions while working with a 
reduced number of law enforcement personnel?
    Mr. Cline. Thank you for your question, Congressman Payne. 
You are correct, we are experiencing about a 21 percent 
shortfall on our staffing needs. It is a variety of reasons for 
this.
    You know, like most other businesses and agencies within 
the United States, we are all dealing with labor market 
challenges, the same as everyone else. We are also competing 
for the same people. So city, county, State, and Federal law 
enforcement agencies are all looking for that same person to 
join their agencies and become a law enforcement officer.
    We continue to work with DHS, Office of the Chief Human 
Capital Officer. Our recruiting team will be at a military base 
tomorrow to continue our recruiting efforts.
    We just started a class at the Federal Law Enforcement 
Training Center last Monday, of 24 new students, and we have 
other classes scheduled for this year. So it is a continued 
challenge for us, but our goal in fiscal year 2023 is to fill 
all of our vacancies, including our law enforcement and our 
support position vacancies.
    Mr. Payne. OK. Given what we have seen in the aftermath of 
January 6th investigations that uncovered both military and law 
enforcement personnel being involved in the insurrection, what 
is FPS doing to weed out the potential nature of these 
ideological folks amongst your ranks?
    Mr. Cline. Thank you for your question, Congressman. So 
when we recruit and hire a new officer, they go through the 
security clearance process through the DHS Office of the Chief 
Security Officer. Very rigorous process, very detailed and 
thorough analysis of the background and suitability of that 
applicant.
    Once they come on board, the Office of the Chief Security 
Officer and DHS has also stood up a program, I don't know the 
exact name of it, sir, but it is basically continuous 
monitoring.
    So if that individual that is--take me, for instance, if 
tonight I was arrested for some reason, that continuous 
monitoring program would--the Office of the Chief Security 
Officer would know about that tomorrow, and then they would 
take action on it, based on whatever that circumstance of the 
arrest was.
    So it is our goal to make sure that the people we hire are 
not involved in any DBE-type activity. We do hire a large 
number of veterans. We have 80 percent of our law enforcement 
officers are veterans today. I am a veteran just like they are.
    But the process that the Office of the Chief Security 
Officer uses to do that background investigation on the 
prospective employee and their continuous monitoring of the 
employee's activities is really helping us to make sure we weed 
out those bad actors.
    Mr. Payne. OK. I think that was a focus on new hires. What 
about officers that are already in the organization?
    Mr. Cline. Yes, sir. That is the process that the Office of 
the Chief Security Officer uses on their continuous monitoring 
program. Also with our relationships with city, county, State, 
and Federal law enforcement, as you are aware, the law 
enforcement agencies actively monitor different types of media, 
looking for individual that may be associated with domestic 
violence extremism. If we receive notification or are aware of 
a DHS or an FPS officer, then that will be turned over to our 
Office of Internal Affairs to investigate that employee's 
activity.
    Mr. Payne. Well, thank you.
    Mr. Chairman, we have to stay vigilant in this area, 
because as we know, we have done an incredible job stopping the 
foreign fighter, but it is the internal issues that we have 
with domestic terrorism that plagues our Nation today. With 
that, I yield back.
    Mr. Correa. Thank you, Mr. Payne.
    Now I recognize the gentleman from North Carolina, Mr. 
Bishop, for 5 minutes. Welcome, sir.
    Mr. Bishop. Thank you, Mr. Chairman.
    Mr. Cline, I want to focus us on something that has almost 
slipped from National consciousness, but it always struck me as 
something very strange. In Portland, Oregon, over, I think June 
and July 2020, there were 52 consecutive nights in which 
antifa, anarchists, and other radicals, I guess, carried out 
violence. A lot of it focused on the Federal courthouse in 
Portland.
    But one thing just sticks in my memory about that, is, I 
know that there were some reports at the time that officers, 
Federal officers were blinded or injured by lasers. How wide-
spread was that? Have those officers recovered fully, or have 
there been permanent injuries resulting from that?
    Mr. Cline. Thank you, Congressman Bishop. Portland was a 
very chaotic, unprecedented event that we haven't seen before. 
A number of officers within FPS, 363 officers were injured. I 
think roughly a total of 800 injuries to not only the FPS 
officers, but also the CBP and ICE officers that provided us 
assistance, primarily with the green lasers, Molotov cocktails, 
ball bearings shot with sling shots, commercial-grade 
pyrotechnics that were thrown at them.
    The FPS and DHS officers that supported that event are, in 
my eyes, they are heroes. I mean, they--their level of 
restraint, their goal was to ensure that the courthouse and the 
Federal facilities in Portland were protected, and they 
achieved that goal. They stayed inside that courthouse until 
someone was attempting to cause damage, like setting the 
building on fire before they would come out, to take action, 
and then when they did come out, they were hit with a barrage 
of violence basically.
    So all those officers have recovered from those injuries. 
We did have one--an FPS officer who did die of a heart attack 
not during the events, but as he was going to work. Then 
unfortunately, another officer within DHS did commit suicide, 
but we don't know if it was related to his activities in 
Portland, but he had served in Portland.
    Mr. Bishop. What an excellent summary of that, Mr. Cline. 
You started with the term ``unprecedented,'' and that was how 
it struck, I think, many Americans, never seen anything like 
this in the terms of the continued activity over a long period 
of time.
    One thing that was remarkable is that the Portland City 
Council voted, as I understand it, to prevent police from 
cooperating with Federal law enforcement. The mayor out there, 
Ted Wheeler, said at one point the presence of DHS officers is 
``actually leading to more violence and more vandalism.''
    He had mayors from a number of cities write the attorney 
general and the Acting DHS Secretary, saying that the 
deployment of officers to protect the facilities was an abuse 
of power.
    I know that, if I understand GAO's report on DHS's strategy 
in Portland, suggested that there was an assumption you would 
receive support from local law enforcement, but that wasn't the 
case. So GAO recommended implementing a new strategy to account 
for that.
    I hardly believe that I am reading words like that in a 
Congressional hearing or--and certainly that they would be 
true. What can you offer us about that issue? How do you intend 
to respond to the fact that mayors have supported and city 
council has supported that kind of lawlessness and refused to 
help?
    Mr. Cline. Thank you, Congressman Bishop. So throughout the 
country, we rely heavily on city, county, State law enforcement 
to assist us in the protection of our facilities.
    Typically in a large city, if there is some type of 
violence or criminal act at a Federal building, the local law 
enforcement may be the first to respond.
    The majority of Federal facilities that we protect are 
concurrent jurisdiction, meaning that the local law enforcement 
agencies have the ability to respond as well.
    Within Portland, we--the fact that the Portland Police 
Bureau, who we are very tight with, we work well together with, 
the fact that they were prohibited from assisting us is the 
exact reason why we had to deploy more officers out there to 
protect the Federal facilities.
    Typically, day to day, they will provide our assistance, 
but during that time frame, they were restricted and were not 
able to support us which caused us to deploy more people out 
there.
    Mr. Bishop. It seems to some of us that this kind of attack 
is something that can spring up in lots of places in the United 
States, that somebody is out there organizing it. Does that not 
need to be looked into by Congress to determine whether people 
have the ability to bring this kind of attack against Federal 
facilities at any time they choose?
    Mr. Cline. Congressman Bishop, I think between the summer 
of 2020, which a lot of law--not just FPS, but a lot of law 
enforcement officers and agencies were dealing with large-scale 
demonstrations, and in some cases, some violence. You all 
experienced that on January 6, we experienced it out in 
Portland.
    So, I think it is--we have done well working with our 
partner agencies in the Federal Government and city, county, 
State, shared information. We have all learned our lessons that 
we all need to work better together, sharing information, make 
sure we are aware of incidents that could pop up, and that has 
really increased over the last year.
    Mr. Bishop. Thanks for your outstanding service and 
testimony, and, Mr. Chairman, my time is expired.
    Mr. Correa. Thank you very much.
    Now I call on the gentlelady from Nevada, Ms. Titus, for 5 
minutes of questions. Welcome, ma'am.
    Ms. Titus. Well, thank you very much, Mr. Chairman. The 
previous Member of this committee was talking about Portland 
being an unprecedented event. Well, let's talk about another 
unprecedented event, and that was the storming of the Capitol 
on January the 6th.
    Now, nobody could have anticipated it would be as terrible 
as it was, but there were certainly warning signs, including 
radical commentary on the internet for several days leading up 
to the events of that day, where people tried to--well, didn't 
try, they did--storm the Capitol and tried to overturn our 
legal elections.
    It was hyperpartisan, it was neofascist, it was pro-
violent, and it was racist. Should have given us some hint, 
because this was festering on-line for several days.
    Now, we are not seeing that kind of incendiary language to 
that extent right now, but I think there are some lessons we 
can learn about how to spot potential events like this.
    So I would ask Mr. Cline, how is your agency working with 
others to keep apprised of misinformation on-line and to stay 
aware of credible threats to Federal buildings that might come 
as a result of that, or in conjunction with that?
    Does the interagency security committee factor in on-line 
threat environment when you are conducting your risk 
assessments of Federal buildings, and if you don't, why not?
    Mr. Cline. Thank you, Congresswoman Titus. As we mentioned 
before, we have dramatically increased our communication with 
our city, county, State, and Federal law enforcement partners.
    We maintain regular and active communications with our law 
enforcement partners, DHS, intelligence, and analysis, the 
fusion centers throughout the country, the Federal executive 
boards, which are the 28 Federal executive boards throughout 
the country that have a level of oversight over the Federal 
agencies in their area of operation.
    We continue to maintain awareness of threats. As you 
mentioned, sharing of information is critical to make sure that 
we are all prepared to actively respond, react to a situation 
that may be coming up.
    You mentioned January 6. On that day, our job, the Federal 
Protective Service, was to protect the Federal buildings that 
were in the area of the Ellipse and then the march that took 
place to the Capitol. That is what we were focused on.
    We did provide--the U.S. Capitol Police requested support, 
and we did provide support to the Capitol as soon as that call 
went out.
    But definitely, ma'am, the sharing of information, the 
preparation for events like this that could occur, has 
dramatically increased since January 6, and I think it is in a 
really good place now.
    Ms. Titus. Well, we certainly appreciate your help on that 
day in trying to keep all of the building, members, staff, 
press, everybody safe. So thank you for that.
    Could you talk specifically about the Protective 
Investigations Program and how your members work there or train 
there, cooperate with them?
    Mr. Cline. Absolutely, ma'am. So, so far this year, we have 
opened up 201 protective threat investigations, and we have 
made 19 arrests at this point. We anticipate we will make more 
arrests as those investigations continue. Most of these threat 
investigations, we are informed from an agency of an employee 
who received a threatening communication, whether it is an 
email, phone call, text message, whatever it may be.
    That information is provided to us, and our special agents, 
our criminal investigators will conduct the investigation, work 
with city, county, and State partners, Federal partners, to do 
the background on the bad actor, the person making the threat, 
and will make a determination coordinating with the Assistant 
U.S. Attorney, their office within that area that the threat is 
coming from, to make the determine on making the arrest. That 
is typically how that process works, ma'am.
    Ms. Titus. Well, thank you so much. You know, this 
committee really appreciates the job that you do, and 
understand how it might be hard to get people to work, to 
recruit, and also to maintain that force. So be sure you let us 
know what resources you need, if we need to provide additional 
funding or assistance in any way so you can do your job 
effectively.
    Thank you, Mr. Chairman, I will yield back.
    Mr. Correa. Thank you, Ms. Titus.
    Now I would like to recognize the gentlelady from 
Tennessee, Mrs. Harshbarger, for 5 minutes of questioning.
    Mrs. Harshbarger. Thank you, Mr. Chairman, and Ranking 
Member, and thank you to the witnesses today, and honestly, I 
want to thank law enforcement for the job they do. You don't 
get enough thank yous these days.
    The first question is for Mr. Breor. We have heard about 
FPS's process for assisting facility security, but there is 
many Federal facilities that are not under the FPS purview. My 
question is, what is ISC doing to ensure all these agencies 
have a robust security assessment process that complies with 
ISC standards?
    Mr. Breor. Thank you for the question. So this is back to 
2019 where we released the compliance system. So the 66 
departments and agencies that make up the Interagency Security 
Committee, part of their compliance reporting, and everything 
that was framed around compliance was created by them through 
our compliance subcommittee.
    So they are part of the process. Now they must report on 
what they are doing, both at the organizational level, 
headquarters, and at the facility level with respect to meeting 
the standards of the Interagency Security Committee.
    I am happy to say that at least this year, we were able to 
run through a verification pilot. So going forward now, we will 
be able to work with the departments and agencies to actually 
verify what they are submitting into the compliance system so 
we can better monitor and track their submissions.
    Mrs. Harshbarger. Yes, it is all about tracking what they 
need and measuring those outcomes.
    I have a question for Ms. Latham. Facility security has 
been on GAO's high-risk since 2003, and what are the issues 
that are keeping these facilities' security on that high-risk 
list, and what are the actions that FPS can take to address 
GAO's concerns?
    Ms. Latham. Thank you for your question. Yes, they have 
been on our high-risk list since 2003. There are two remaining 
items that need to be addressed.
    FPS currently has two systems in place that they are 
working on and have been developing over time, and these 
systems first focus on what their learning activities are for 
officers, as well as to what extent the officers have completed 
training, as well as time and attendance.
    We are looking for FPS to, No. 1, fully implement both of 
these systems, and in addition, make sure these systems are 
sort-of interoperable and sort-of coordinating together so they 
can know who meets the requirements, and more importantly, who 
should stand post and be ready.
    Mrs. Harshbarger. Absolutely. FPS is a fee-for-service 
organization. Do you believe that is the best way for them to 
operate, ma'am?
    Ms. Latham. I am sorry. The first part of your question, do 
you mind repeating?
    Mrs. Harshbarger. FPS is a fee-for-service organization, 
and with that, do you believe that is the best way for them to 
operate?
    Ms. Latham. Thank you. Well, we have certainly looked in 
sort-of components of the fee structure for FPS and just to see 
if there are any advantages or disadvantages to the structure 
that stands. We haven't done necessarily a whole review, but we 
certainly have, you know, made positive comments regarding 
that.
    Mrs. Harshbarger. OK. Those are my questions, Mr. Chairman, 
and with that, I will yield back.
    Mr. Correa. Thank you, Mrs. Harshbarger, and now I 
recognize the gentleman from New York, Mr. Torres, for 5 
minutes of questions. Welcome, sir.
    Mr. Torres. Thank you, Mr. Chair. I want to make sure I 
understand the process. So the Interagency Security Committee 
sets the physical security standards; the Federal Protective 
Service, FPS, makes security assessments and recommendations 
based on those standards; and a Federal buildings facilities 
security committee must decide whether to comply with those 
recommendations. Is that how the process works?
    Mr. Cline. That is correct, Chair--or Congressman.
    Mr. Torres. OK. Now, if I scored 30 percent on an exam, I 
would receive an F, a failing grade. Am I right to see a 
compliance rate of 30 percent as a failure? Mr. Cline.
    Mr. Cline. Sir, the 30 percent is typically a failure. 
Variety of factors involved in making those decisions and the 
funding of those.
    Mr. Torres. I am just--so if it is a failure, like rather 
than tinker at the margins, should we not fundamentally rethink 
the model of voluntary compliance? Should security assessments 
be binding?
    Mr. Cline. So the new compliance implementation that the 
Interagency Security Committee is doing, that is--I don't want 
to call it a stick, but that is making the agencies that 
oversee an office in Ames, Iowa, it is making the agencies more 
aware of what those countermeasure recommendations are, and 
making them comply with an Executive Order, basically.
    This is an Executive Order that came out in 1995, requiring 
these certain countermeasures to get the facility to the 
necessary level of protection.
    Mr. Torres. But there is no obligation to implement them, 
right? So it is ultimately a model of voluntary compliance. My 
question to you, is there any circumstance under which security 
assessments should be binding? What about the Level 5 Federal 
buildings where the security risk is highest, should it be 
binding under those circumstances?
    Mr. Cline. I think it definitely needs to have more 
influence, and I think requiring----
    Mr. Torres. Not influence, binding effect.
    Mr. Cline. Yes, requiring that it be implemented instead of 
requesting that it be implemented----
    Mr. Torres. Because if we do the same thing over and over 
again and expect a different result, that is the definition of 
insanity, as Albert Einstein said.
    You said earlier, if I understood correctly, that in order 
for countermeasures to be implemented, you need all the tenants 
to agree. So it is not simply enough to have a majority, you 
need unanimity, and there could be scores of tenants in a 
single building. Like, that just strikes me as a process that 
breeds inertia and failure. How could we possibly defend that?
    Mr. Cline. So that is the Facility Security Committee that 
we talked about earlier, agreeing, because they all have to 
fund their portion of that countermeasure. Like I mentioned, if 
it is a $10,000 perimeter camera project----
    Mr. Torres. But one could imagine a model in which a 
majority of the committee agree, and then everyone is required 
to pay their fair share. That is a much more rational system--
--
    Mr. Cline. Correct.
    Mr. Torres [continuing]. Than expecting unanimity in every 
case. That is unrealistic.
    Mr. Breor. The weight of the vote on that committee is 
based on square footage of the tenant, so that there is a way 
to weight those that have more of a presence, they have a 
stronger vote.
    Mr. Torres. So would you be in favor of substituting a 
majority requirement for a unanimity requirement?
    Mr. Breor. That is something that we can look at.
    Mr. Torres. OK. It just seems to me that that would 
facilitate compliance. What about staffing 1,000 law 
enforcement security officers who are responsible for a 
portfolio of 9,500 buildings? It would seem to me that the 
scale of your responsibilities are just proportionate to the 
scarcity of your resources. Do you have the staff you need to 
sufficiently secure 9,500 buildings? Is a thousand enough?
    Mr. Cline. Sir, so our current goal is to fill our current 
vacancies; get those done. As we have, if the threat 
environment continues to escalate as it has, and you know we 
have got----
    Mr. Torres. Well, let's assume there is no escalation. You 
have 9,500 buildings you have to protect. Let's assume you fill 
all your vacancies. It just seems to me 1,000 is a small 
number, given the size of your portfolio.
    Mr. Cline. Sir, our authorized strength for law enforcement 
is 1,131. They are placed throughout the country based on the 
number of facilities, population of the Federal employees 
there, threats. You know, their highest-risk facilities would 
have more people. We have more officers here in the District of 
Columbia than we have in Ames, Iowa, primarily, because they 
are needed here.
    Mr. Torres. But like the Capitol Police has thousands of 
officers for one complex. You have 1,000 officers for 9,500 
buildings. There seems to be a disconnect there. But my time 
has expired.
    Mr. Correa. Thank you, Mr. Torres. I wanted to--sir, I want 
to go through a second round of questions, and I wanted to 
follow up on Mr. Torres' concept here. You have got tenants. 
They are supposed to pay you their fair share.
    Ms. Latham, you said one of the big issues is money to 
implement. Like Mr. Torres says, 30 percent compliance, 70 
percent none. Do we have to mandate that other Federal agencies 
pay their fair share of what you recommend, what you prioritize 
that needs to be done to secure these buildings?
    Mr. Cline. Thank you, Mr. Chairman. There is no mandate. 
There is no law that requires it.
    Mr. Correa. We need one. If the FBI--if other Government 
agencies have X number of dollars--and you have just said you 
need to invest the following to protect the building, your 
personnel, and citizens to actually come to visit your 
buildings. This has been going on for a number of years 
noncompliance. This is unacceptable. What do we need to do to 
mandate that the financing be there, be reallocated, so to 
speak, to make sure that at least the set of priorities to 
secure these buildings is actually addressed?
    Mr. Cline. Sir, it is a critical issue for us. With Scott 
being or Mr.--my counterpart from the ISC being here and 
working directly with those departments and agencies----
    Mr. Correa. Mr. Breor.
    Mr. Breor. Yes, sir. We are seeing, since monitor and 
compliance since 2019, we are seeing an improvement each year. 
A couple of issues that do arise, and what we are working on 
now is the internal guidance within the departments and 
agencies on how to implement the ISC standards within their 
organization, and then follow on to that guidance and policy 
from the headquarters----
    Mr. Correa. I hear your words, but I am still concerned. 
You haven't alleviated my concerns because as, you know, all of 
you are out there doing a good job protecting us citizens, but 
yet now essentially the threats are turning on you, on us. I am 
trying to assess, in my mind, factually, here from your 
statements whether you are prepared to play defense as well. I 
am not getting a good vibe out of your statements today. 
Thoughts?
    Mr. Breor. I think where we are with respect to the Federal 
security committees that run the multi-tenant facilities, we 
have rolled out training, we are rolling out workshops. We now 
have regional advisors that are across the United States that 
are helping these FSCs. So I think the facilities that have 
tenants, I think there is work that needs to be done so that 
they better understand the ISC.
    Mr. Correa. I am hearing your words. I would like to get 
more of an assurance that we are going to move to better 
compliance here and the priorities or things that need to be 
done to harden these buildings to make sure that they are not 
vulnerable to these senseless attacks, you know, actually take 
place.
    None of us here, none of us here condone attacks on our 
Federal officers, Federal personnel, as well as our U.S. 
citizens.
    Let me shift real quick. Mr. Cline. Mr. Bishop talked about 
Oregon. He talked about coordination. That was an ugly 
situation. Unprecedented, your words. Something that none of us 
condone. I don't like seeing--or I disagree. I would do 
everything I can to stop our Federal officers from being 
attacked. If you talk about coordination, you extended your 
authority to CBP and ICE to help in that situation, and yet, 
the local Portland law enforcement officials didn't want to see 
that happen because of the controversy, the local elements 
there that essentially, my words, maybe inflamed the situation. 
How can we move forward to make sure there is better 
coordination here? You're at the Feds, they're at the local, 
you got to figure out this situation, a situation before it 
gets out of control. Mr. Cline, lessons learned.
    Mr. Cline. Thank you, Chairman. We have learned a number of 
lessons out of Portland. We rely heavily on city, county, State 
law enforcement to support our mission. As Mr. Torres 
mentioned, we are a small agency. You know, for us to--we don't 
want to create a Federal police force across the Nation. We 
rely heavily on our contracted protective security officers to 
protect our facilities.
    Right now, there is about 6,200 PSO posts that are staffed 
this minute; X-ray machine, magnetometer, roaming patrols, 
monitoring cameras, perimeter security that we rely heavily on.
    We made a lot of changes after Portland. Our public order 
policing doctrine, we signed that in June 2021. A new directive 
on how we approach public order. The use of force policy and 
directive is in--with the director for signature right now. 
That was coordinated with civil rights and civil liberties, the 
Office of Privacy, the Office of Policy, and we have managed to 
change the process on how we approach civil disorder.
    As far as utilizing CBP and ICE, that was necessary because 
the local law enforcement, Portland Police Bureau who we work 
hand-in-hand with day-to-day, during that instance they were 
prohibited from assisting us. The Multnomah County Sheriff's 
Office, the Portland Oregon State Police, they came in at times 
to assist, but the locals were prohibited. We don't see that 
anywhere else. We think it is done in Portland that we no 
longer have that situation.
    Mr. Correa. Thank you very much. I ran out of time, so I am 
going to have Mr. Meijer--your line of questions, sir.
    Mr. Meijer. Thank you, Mr. Chairman. I want to follow up a 
little bit on what Mr. Torres was asking about and just to 
clarify, the FSCs.
    Now, obviously, any assessment or responsibility for the 
security upgrades or countermeasure implementation are shared 
on like a pro rata basis within the tenants. But for the FSC, 
it does have to be unanimous support of all members of that to 
adopt a recommendation. Is that correct?
    Mr. Breor. The FSC, the tenant members are given a way with 
respect to their vote based on square footage.
    Mr. Meijer. Uh-huh.
    Mr. Breor. So if you had a facility with three members, and 
one of those members' square footage was 66 percent, then their 
vote would be the driving force. The other two members out of 
majority could not, you know, go against the decision to move 
forward.
    Mr. Meijer. OK. So just to build on his line of 
questioning, it is a majority of the FSC?
    Mr. Breor. Based on square footage.
    Mr. Meijer. Based on square footage. OK. Thank you, because 
I think there has been some misunderstanding about unanimity 
versus majority opinion.
    Getting back to the reasons why they are not implemented. I 
mean, in the GAO report, there is some very explicable reasons, 
right? An agency is planning to move, and so, if you are only 
going to be in a facility and the lease is running out in 2 
years, it doesn't make sense. Maybe make sufficient upgrades. I 
think the other one was, you know, obviously the implementation 
costs is--so you are going to have a range.
    Are there--but I guess kind-of building on that prior 
question, in some of those situations, it may be a facility 
that is a smaller facility and an individual stand-alone lease 
facility. I think oftentimes in our mind we have a conception 
of the main massive Federal building when you may have a Social 
Security agency outpost, and it is just renting a few, or a 
couple hundred or a couple thousand square feet in one 
facility, right? So we are talking about a blend.
    But I guess my question is, are there--to what extent on--
and I recognize this is more of a GSA question--but to what 
extent, or there may be recommendations to, if a smaller 
agency, a smaller footprint says these are not affordable or 
cost-effective upgrades for us given our logistical 
circumstances, are there ways where--you know, but they chose 
that location because it was relatively less expensive than 
maybe a higher, more secured facility was leasing on a per-
square foot basis.
    I think, Mr. Cline, you are not--I think you kind-of 
understand where I am getting at here. Obviously, FPS's is in 
more of an advisory role when offering these countermeasure 
recommendations, the cost-benefit analysis of each individual 
recommendation is going to be dependent on that agency. But 
they are also making a cost-benefit analysis in a sort-of 
separate tranche on their individual leasing side.
    Does FPS offer recommendations prior to GSA approving or 
suggesting a lease location for the agency?
    Mr. Cline. Thank you, Ranking Member. Yes, absolutely. So 
let's say an agency decides they want to move to a new location 
in Dallas, GSA will make contact with us, and we will go with 
GSA and the agency, and we will do pre-lease assessments.
    So this is to go out and look if GSA has a port--here is 
some offerings from the lessees in the city. You have got these 
many people, this much square footage. You need this kind of 
space, and then we will go out and look at it. Then we will 
kind-of narrow that down to the top three, and then GSA will 
work with the agency to establish the lease. Then we will work 
with the agency to establish the necessary level of protection 
for that facility.
    We want to get in there first before they move in. Let's 
get this established now before people are here. Let's get the 
projects in place. On a number of instances, if the agency 
says, I can't afford to do 20 cameras around my building. Then, 
well, if you can't do that, can we do at least cameras at every 
entrance, so we can see who is coming into the building, record 
some type of nefarious activity that goes on there? Let's come 
up with something. Let's don't leave it like we can't afford to 
do anything. Let's try to do something that takes sense, that 
helps us secure the facility.
    Mr. Meijer. But to be clear, prior to that lease being 
signed they understand, OK, maybe this facility that is in 
compliance already with what FPS might recommend, you know, 
that is $30 a square foot, this facility that is $25 a square 
foot, if it is, you know, if we are going only on a cost basis, 
I don't want that agency taking the lower-cost one. They may 
have to add another $10 per square foot in security 
improvements, right? So you are doing that prior to those 
leases being finalized.
    Mr. Cline. Yes, sir, absolutely. Mylar or window protection 
on the first floor of the building. A number of facilities that 
are offering to be leased to the Government have that already. 
So, if that has it there, that is one less countermeasure we 
have to implement because it is already in place.
    Mr. Meijer. Thank you. I yield back, Mr. Chairman.
    Mr. Correa. Thank you very much. Any other Members wish to 
ask questions of our witnesses? Seeing no further questions, I 
want to thank our witnesses today for your testimony and 
Members for their questions. Members of the committee may have 
additional questions for the witnesses, and we ask that you 
respond to those written questions expeditiously. The Chair 
reminds Members that the committee record will remain open for 
10 days. Without objection, this committee stands adjourned. 
Thank you.
    [Whereupon, at 11:25 a.m., the subcommittee was adjourned.]



                            A P P E N D I X

                              ----------                              

   Questions From Chairman J. Luis Correa for Richard ``Kris'' Cline
    Question 1. According to the Government Accountability Office, the 
Federal Protective Service (FPS) is currently facing a staffing 
shortage, with approximately 21 percent of positions vacant, including 
about 200 law enforcement officer positions.
    What steps is FPS taking to fill these vacant positions and when 
does it expect to fill the positions?
    Answer. The Federal Protective Service (FPS) projects on-boarding 
approximately 100 Law Enforcement (LE) officers in fiscal year 2023, 
and another 150 LE officers over fiscal years 2024 and 2025. At the 
same time, FPS is working to reduce attrition and identify additional 
opportunities to recruit and on-board personnel. In calendar year 2022, 
FPS attended 45 job fairs at 50-plus locations and, to date, has 
extended over 275 tentative job offers to prospective employees who are 
currently in various stages of pre-employment processing. Our 
recruitment activities project that FPS will continue to recruit 30 to 
50 prospective law enforcement officers per month.
    Given the current environment and FPS's critical mission, it is 
paramount that we fill these vacancies. FPS is competing with other 
Federal, State, and local law enforcement agencies, as well as the 
private sector to attract the most qualified applicants. One area where 
FPS is disadvantaged is in its efforts to fill vacancies due to the 
discrepancy in law enforcement retirement coverage for its uniformed 
law enforcement officers, compared to other services. This needs to be 
addressed to allow FPS to recruit, hire, and retain a world-class 
workforce.
    Question 2. Part of the Federal Protective Service's (FPS) core 
mission is to provide regular security assessments for Federally-owned 
and -leased property to identify and evaluate potential risks and make 
recommendations to improve protective measures. These security 
improvements can include things such as new security cameras, physical 
access control systems, and X-ray screening equipment. However, a 
recent review by the Government Accountability Office has found that 
all too often these needed improvements go unimplemented by the tenant 
agencies who lease, own, and operate Federal buildings.
    What challenges does FPS face when tenant agencies do not implement 
security recommendations and does the failure to implement these 
recommendations require FPS to provide additional resources to ensure 
that Federal property is adequately secured?
    Answer. Should the Facility Security Committee (FSC) decide to not 
accept, fund, or implement recommendations stemming from security 
assessments for Federally-owned and -leased property, FPS faces an 
increased challenge in meeting its mission. In these instances, the 
risk accepted through the risk management process is transferred to FPS 
and FPS must still work to secure Government facilities, protects 
Government employees and visitors, and ensures the safety, security, 
and continuity of Government services to the best of its ability.
    FPS maintains a regular physical presence at many high-profile/
high-risk locations throughout its protective inventory. However, based 
on the number of facilities compared with the number of law enforcement 
officers, FPS relies on technical countermeasures and contract 
Protective Security Officers (PSOs) to identify suspicious activities 
and serve as a warning system for criminal activity at most Federal 
facilities.
    When countermeasures are not implemented, or vulnerabilities are 
not mitigated, FPS utilizes the latest intelligence information to 
prioritize its limited resources to mitigate vulnerabilities by, for 
example: Increasing visible patrols at selected facilities; increasing 
the number and locations of targeted explosive detection canine sweeps; 
conducting additional tenant security awareness briefings; increasing 
the number of internal and external patrols by its PSOs (if available 
on-site); seeking additional support from local security and law 
enforcement partners; or some combination thereof.
         Questions From Chairman J. Luis Correa for Scott Breor
    Question 1a. The Interagency Security Committee (ISC) is tasked 
with tracking and responding to an ever-evolving threat environment to 
ensure that Federal facilities have protective measures in place to 
deter the most relevant security threats and respond to new 
technological advancements.
    What are the key emerging threats to Federal facilities and how is 
the ISC helping agencies prepare to address those threats?
    Answer. The key emerging threats to Federal facilities are the 
continued rise in domestic violent extremism and nefarious cyber 
events. According to the June 2022 DHS National Terrorism Advisory 
System Bulletin, the United States remains in a heightened threat 
environment and several recent attacks have highlighted the dynamic and 
complex nature of the threat environment. It is expected that the 
threat environment will become more dynamic as several high-profile 
events could be exploited to justify acts of violence against a range 
of possible targets. These targets could, among others, include 
Government facilities and personnel.
    To mitigate these threats and many others, the Interagency Security 
Committee (ISC) continues to develop and refine facility security 
standards and policies in response to emerging threats. This includes 
developing best practices and countermeasures in response to emerging 
threats. For example, the ISC's Best Practices Subcommittee published 
Protecting Against Violent Civil Disturbance: Considerations for 
Federal Facilities in response to increased domestic violent extremism 
threats. To counter the cyber threats, the ISC Risk Management Process 
standard details recommended 6 countermeasures specifically designed to 
mitigate unauthorized access, interruption of services and modification 
of services. The ISC also conducts outreach and facilitates information 
sharing to ensure organizations are aware of the latest threats and how 
to counter them. This is typically done through the development and 
publication of an annual threat report and focused and timely 
distribution of intelligence products. Last, the ISC provides training 
to build individual and organizational capacity to meet security 
standards. This is accomplished through independent study, instructor-
led training and virtual instructor-led training to ensure Federal 
facility security stakeholders can access these capacity-building 
efforts whenever and wherever they might be located.
    Question 1b. What emerging threats are agencies not currently 
focused on that they should be preparing to address?
    Answer. Departments and agencies must be prepared for a range of 
threats from the traditional, such as active shooter and vehicle 
ramming; to emerging, such as cyber and unmanned aircraft systems. In 
preparing for this array of threats, organizations must prioritize risk 
given finite resources. At the Department and agency level, the ISC is 
encouraging organizational headquarters to maintain a centralized list 
or ``risk register'' to prioritize security efforts and support annual 
budget submissions. At the facility level, the ISC provides training on 
the Risk Management Process standard. In addition to these capacity-
building efforts, the ISC validates organization risk assessment tools 
and training programs to ensure they meet ISC standards. Finally, the 
Cybersecurity and Infrastructure Security Agency's regional personnel 
work closely with the Federal Protective Service to bring the full 
capabilities of the U.S. Department of Homeland Security to bear to 
address emerging threats.

                                 [all]