[Senate Hearing 118-241]
[From the U.S. Government Publishing Office]


                                                          S. Hrg. 118-241

                    EXAMINING THE SECURITY OF FEDERAL 
                                 FACILITIES

=======================================================================

                                HEARING

                               BEFORE THE

                              COMMITTEE ON
               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE

                    ONE HUNDRED EIGHTEENTH CONGRESS


                             FIRST SESSION

                               __________

                           NOVEMBER 29, 2023

                               __________

        Available via the World Wide Web: http://www.govinfo.gov

                       Printed for the use of the
        Committee on Homeland Security and Governmental Affairs
        
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]

                               __________

                   U.S. GOVERNMENT PUBLISHING OFFICE                    
54-422 PDF                  WASHINGTON : 2024                    
          
-----------------------------------------------------------------------------------  
 
        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                   GARY C. PETERS, Michigan, Chairman
THOMAS R. CARPER, Delaware           RAND PAUL, Kentucky
MAGGIE HASSAN, New Hampshire         RON JOHNSON, Wisconsin
KYRSTEN SINEMA, Arizona              JAMES LANKFORD, Oklahoma
JACKY ROSEN, Nevada                  MITT ROMNEY, Utah
JON OSSOFF, Georgia                  RICK SCOTT, Florida
RICHARD BLUMENTHAL, Connecticut      JOSH HAWLEY, Missouri
LAPHONZA BUTLER, California          ROGER MARSHALL, Kansas

                   David M. Weinberg, Staff Director
            Lena C. Chang, Director of Governmental Affairs
              Chelsea A. Davis, Professional Staff Member
            Benjamin J. Schubert, Professional Staff Member
           William E. Henderson III, Minority Staff Director
              Christina N. Salazar, Minority Chief Counsel
                  Andrew J. Hopkins, Minority Counsel
                     Laura W. Kilbride, Chief Clerk
                   Ashley A. Gonzalez, Hearing Clerk

                            C O N T E N T S

                                 ------                                
Opening statements:
                                                                   Page
    Senator Peters...............................................     1
    Senator Hassan...............................................     9
    Senator Hawley...............................................    12
Prepared statements:
    Senator Peters...............................................    21

                               WITNESSES
                      THURSDAY, SEPTEMBER 14, 2023

Richard Cline, Director, Federal Protective Service, U.S. 
  Department of Homeland Security................................     2
David Marroni, Acting Director, Physical Infrastructure, U.S. 
  Government Accountability Office...............................     4
Scott Breor, Associate Director, Security Programs, Cybersecurity 
  and Infrastructure Agency, U.S. Department of Homeland Security     6

                     Alphabetical List of Witnesses

Breor, Scott:
    Testimony....................................................     6
    Prepared statement...........................................    41
Cline, Richard:
    Testimony....................................................     2
    Prepared statement...........................................    22
Marroni, David:
    Testimony....................................................     4
    Prepared statement...........................................    30

                                APPENDIX

Response to post-hearing questions submitted for the Record
    Mr. Cline....................................................    45
    Mr. Marroni..................................................    49
    Mr. Breor....................................................    52

 
              EXAMINING THE SECURITY OF FEDERAL FACILITIES

                              ----------                              


                      WEDNESDAY, NOVEMBER 29, 2023

                                     U.S. Senate,  
                           Committee on Homeland Security  
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 10 a.m., in room 
SD-562, Dirksen Senate Office Building, Hon. Gary Peters, Chair 
of the Committee, presiding.
    Present: Senators Peters [presiding], Hassan, Ossoff, 
Blumenthal, Johnson, Scott, Hawley, and Marshall.

             OPENING STATEMENT OF SENATOR PETERS\1\

    Chairman Peters. The Committee will come to order.
---------------------------------------------------------------------------
    \1\ The prepared statement of Senator Peters appears in the 
Appendix on page 21.
---------------------------------------------------------------------------
    There are thousands of Federal buildings across the country 
that not only serve as workplaces for Federal employees, they 
also host daily visitors who come to access important Federal 
services and help keep our government functioning efficiently. 
These facilities face a range of security threats that put both 
people and property at risk, and those threats are only 
continuing to grow. Threats related to domestic and 
international terrorism and even disinformation are rising, and 
according to the Department of Homeland Security (DHS) can 
endanger our Federal personnel and critical infrastructure.
    Today's hearing will focus on what actions are needed to 
secure the 9,000 Federal facilities overseen by DHS Federal 
Protective Service (FPS). These facilities host the bulk of our 
civilian and Federal employees and are visited by 1.4 million 
Americans each and every day.
    Currently, these Federal facilities are secured through a 
two-step process. First, the Interagency Security Committee 
(ISC), led by the Cybersecurity and Infrastructure Security 
Agency (CISA), establishes the security standards that Federal 
facilities need to meet. The Federal Protective Service then 
uses those standards to see what safety measures can be 
improved, they identify risks to our Federal facilities, and 
then make recommendations as to how to mitigate them.
    FPS conducts thousands of these assessments each and every 
year. They submit these assessments to Federal agencies, 
recommending countermeasures like security cameras, access 
control systems, and X-ray screening equipment. These tools 
make it easier to protect these facilities and the Americans 
who use them every day.
    Unfortunately, these recommendations are rarely 
implemented. From 2017 to 2021, FPS submitted over 25,000 of 
these reports. Federal agencies completely ignored roughly half 
of those. When agencies did acknowledge the recommendations, 
they only approved 27 percent of the recommended security 
measures. Factors like cost and bureaucratic hurdles often make 
it easier to maintain current systems. In other words, we are 
getting very useful information about how to improve security, 
but it is not being implemented to the extent that it should 
be.
    Today's hearing and our panel of witnesses will help us 
evaluate this problem. Our discussion today will also build on 
the Executive Order (EO) released on Monday by the White House 
which clarifies the role of the Interagency Security Committee 
and helps us update interagency rules and responsibilities to 
keep these facilities safe. We will examine the landscape of 
current threats, the ways we can improve the assessment process 
and how to make Federal agencies more responsive when they 
receive recommendations.
    If we improve this process we can make our Federal 
facilities safer and more secure, and I look forward to this 
conversation.
    It is the practice of the Homeland Security and 
Governmental Affairs Committee (HSGAC) to swear in witnesses, 
so if each of you would please rise and raise your right hands.
    Do you swear that the testimony you will give before this 
Committee will be the truth, the whole truth, and nothing but 
the truth, so help you, God?
    Mr. Cline. I do.
    Mr. Breor. I do.
    Mr. Marroni. I do.
    Chairman Peters. Thank you. You may be seated.
    Our first witness is Kris Cline. He is the Director of the 
Federal Protective Service at the Department of Homeland 
Security. In this role, he oversees the safety and security of 
more than 9,000 Federal facilities. Before joining DHS he 
served for 20 years in the U.S. Army Military Police Corps 
Regiment.
    Welcome, Director Cline. You are recognized for your 
opening statement.

  TESTIMONY OF RICHARD CLINE,\1\ DIRECTOR, FEDERAL PROTECTIVE 
         SERVICE, U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Cline. Good morning, Chairman Peters, Ranking Member 
Paul, and distinguished Members of the Committee. As Director 
of the Federal Protective Service I am honored to be here today 
to represent the outstanding men and women of our agency and 
discuss the mission of FPS and the State of Federal facility 
security.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Cline appears in the Appendix on 
page 22.
---------------------------------------------------------------------------
    FPS is a law enforcement component within DHS with nearly 
1,230 Federal employees and approximately 17,000 contracted 
protective security officers in our workforce. Of that number, 
nearly 850 are highly trained and dedicated law enforcement 
professionals who have the enormous responsibility for 
protecting the Federal Government's physical infrastructure, 
which includes employees, contractors, and members of the 
public seeking government services from incidents ranging from 
terrorist attacks to prohibiting dangerous items from entering 
the Federal facilities. Additionally, we protect 265 
congressional field offices, including 16 field offices of 
eight members of this Committee. Now more than ever, our 
mission is critical to ensuring the safety and security of the 
Federal Government.
    Over the past few years we have seen an increase in crimes 
at Federal facilities, and more importantly, threats to Federal 
civil servants. For example, earlier this year there was an 
incident at a Federal facility where the motive was to harm 
Federal employees. Our officers initially responded to a report 
of a suspicious vehicle parked in front of the building. Those 
officers immediately locked down the facilities, sheltered the 
employees in place, and coordinated closely with local law 
enforcement. The occupant of the vehicle fired a gun at 
responding officers and thankfully was taken into custody 
without injury to anyone. This is but one example of the 
important work FPS does in close coordination with our State 
and local law enforcement partners to support our law 
enforcement mission as well as criminal intelligence sharing.
    With more Federal employees returning to brick-and-mortar 
offices, we have likewise increased our presence in and around 
those facilities. These enforcement and deterrence actions are 
in addition to our mitigation efforts highlighted by conducting 
facility security assessments, including countermeasure 
recommendations, implementation of state-of-the-art alert 
systems, screening equipment, and armed protective security 
officers.
    Our contracted protective security officers augment our law 
enforcement officers (LEO) by standing post at thousands of 
facilities across the Nation every day. They conduct a variety 
of security functions, including visitor screening operations, 
perimeter security roving patrols, and control center 
operations. Just this calendar year we have prevented more than 
15,000 dangerous weapons, including more than 500 firearms, 
from entering Federal facilities.
    I also want to highlight that over the past year we have 
delivered modernized and improved de-escalation and anti-bias 
training to our law enforcement officers, together with a 
modern approach to public order policing that focuses on 
individual bad actors to better protect First Amendment rights 
and the ability of citizens to peacefully protest. Whatever 
threats our country may face, I want to assure this Committee 
that FPS continues to stand ready to protect our homeland.
    I was appointed to my role as Director almost one year ago. 
Since then, I have visited FPS offices across the country, 
spoken with hundreds of our employees, and witnessed firsthand 
the commitment they have to our mission. My number one priority 
is to hire and retain a highly skilled and diverse workforce. 
Like most law enforcement agencies across the country, however, 
we are experiencing staff challenges, with approximately one 
out of every four positions currently unfilled. To address 
these challenges we have dramatically increased our retention, 
recruitment, and hiring efforts, focusing on hiring candidates 
who bring valuable insight and experience into our 
organization.
    To retain our officers I am exploring all avenues and will 
continue to be relentless in my pursuit of equity for our 
officers. This includes a recently announced retention 
incentive that begins this next pay period for our uniformed 
officers.
    In closing, I would like to note that the President signed, 
on Monday, a new Executive Order that strengthens the work and 
role of the Interagency Security Committee. We believe the new 
Executive Order will enhance departments' and agencies' 
acceptance and implementation of security assessment 
countermeasures. Additionally, the new Executive Order names 
the Director of FPS as a primary member of the ISC, giving us a 
permanent role in using our expertise to shape risk-based, 
resource-informed decisions about government security.
    I would like to thank this Committee for expressing 
interest in FPS's role in Federal facility security, and 
allowing me the opportunity to represent FPS workforce and 
testify on the critical role we play in our nation's overall 
security. I look forward to any questions you may have, sir.
    Chairman Peters. Thank you.
    Our next witness is Dave Marroni. He is the Acting Director 
of the Government Accountability Office (GAO) Physical 
Infrastructure team. He oversees work on the Federal real 
property management and the U.S. Postal Service (USPS). He has 
previously served on GAO's Natural Resources and Environmental 
team, and before joining the GAO in 2004, he worked on the 
House Appropriations Committee.
    Mr. Marroni, great to have you here. You are recognized for 
your opening statement.

   TESTIMONY OF DAVID MARRONI,\1\ ACTING DIRECTOR, PHYSICAL 
     INFRASTRUCTURE, U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Marroni. Thank you, Chairman Peters, Ranking Member 
Paul, and Members of the Committee. I am pleased to be here 
today to discuss GAO's work on agency efforts to secure Federal 
facilities.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Marroni appears in the Appendix 
on page 30.
---------------------------------------------------------------------------
    Twenty years ago, we placed managing Federal property on 
our High Risk List, in part due to threats to Federal 
facilities. Recent incidents demonstrate that the security of 
Federal buildings remains a high risk area. Given that, it is 
critical that agencies implement appropriate countermeasures to 
address facility vulnerabilities and that there is effective 
oversight of those efforts.
    The ISC and FPS play key roles in ensuring Federal 
facilities have such countermeasures in place. In particular, 
the ISC establishes security standards and oversees agency 
compliance with those standards. FPS, for its part, uses the 
ISC standards to conduct security assessments at FPS-protected 
facilities and recommends countermeasures to help tenant 
agencies address vulnerabilities. Tenant agencies are then 
responsible for deciding whether to approve of those 
recommendations or accept the risk of not doing so.
    This past May, we completed a review of this process. What 
we found was that agencies only approved about 30 percent of 
FPS's recommendations over the past seven years, and 
implemented even less. Agency officials cited a number of 
reasons for the low implementation rate, including cost and 
budget considerations as well as the feasibility of 
implementing certain recommendations.
    We also found that agencies did not respond to more than 
half of FPS's recommendations, even though they were required 
to do so by ISC standards. Officials cited a number of reasons 
for this high non-response rate, including not having enough 
time to consider recommendations and reticence to formally 
accepting the risk of not implementing them.
    At the time of our report the ISC had taken steps to assess 
agency and facility compliance with its policies and standards. 
Specifically, in 2019, the ISC began using an annual 
questionnaire that asks agencies to self-report on whether they 
and their individual facilities comply with the standards. The 
ISC had also begun a process for verifying agencies' self-
reported compliance by selecting a subset of agencies and 
facilities to review. However, the ISC was not assessing 
whether agencies were implementing recommended countermeasures 
at their facilities or documenting their decisions to accept 
the risk of not doing so. We reported that without this 
information on the implementation status of more than half of 
FPS's recommended countermeasures the Federal Government might 
not have reasonable assurance that its facilities are secure.
    As a result, we recommended that the ISC improve its 
oversight of security measures by (1) assessing the 
implementation of FPS's recommended countermeasures, and (2) 
identifying unimplemented recommendations where agencies did 
not document their acceptance of risk.
    To its credit, the ISC agreed with the recommendations and 
has taken steps to implement them. Specifically, the ISC plans 
to update its annual questionnaire to improve its oversight of 
agencies' implementation of FPS-recommended countermeasures. In 
addition, it plans to verify that selected agencies documented 
their acceptance of risk for countermeasures they did not 
implement. These are positive steps. Completing these efforts 
may provide ISC a greater level of assurance that Federal 
facilities are meeting security standards, and may also provide 
Congress with useful information on the extent to which Federal 
facilities have addressed security vulnerabilities.
    In conclusion, the security of Federal facilities remains a 
high risk area. Having appropriate countermeasures in place is 
the first line of defense. The ISC is taking important steps to 
strengthen its oversight of agency action on such 
countermeasures. However, sustained attention from the ISC, 
FPS, tenant agencies, and Congress will be needed to best 
ensure the security of Federal facilities going forward.
    Mr. Chairman, that concludes my opening statement, and I 
will be happy to answer any questions the Committee may have.
    Chairman Peters. Thank you.
    Our final witness is Scott Breor, who is the Associate 
Director of Security Programs with the Cybersecurity and 
Infrastructure Security Agency at DHS. In this role, he helps 
lead CISA's efforts to secure our nation's critical 
infrastructure and mitigate threats to large-scale public 
events. He has over 30 years of military and government 
experience, including as a formal naval aviator and as a Senior 
Policy Advisor for the Chief of Naval Operations.
    Mr. Breor, welcome. You are now recognized for your opening 
statement.

   TESTIMONY OF SCOTT BREOR,\1\ ASSOCIATE DIRECTOR, SECURITY 
  PROGRAMS, CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY, 
              U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Breor. Good morning, Chairman Peters, Ranking Member 
Paul, and Member of the Committee. As the Associate Director 
for Security Programs within the Cybersecurity and 
Infrastructure Security Agency's Infrastructure Security 
Division I appreciate the opportunity to appear before you 
today to share the Interagency Security Committee's role in the 
security and protection of Federal facilities and its efforts 
to improve preparedness and mitigate risk in collaboration with 
interagency partners.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Breor appears in the Appendix on 
page 41.
---------------------------------------------------------------------------
    On October 19, 1995, six months after the Oklahoma City 
bombing of the Alfred P. Murrah Federal Building, President 
Clinton issued Executive Order 12977, creating the Interagency 
Security Committee, to address the quality and effectiveness of 
security for Federal facilities. Membership of the ISC consists 
of senior-level executives from 67 Federal departments and 
agencies. This collective security subject matter expertise 
allows the ISC to develop top-tier risk management resources 
and to coordinate interagency solutions to problems that cannot 
be solved by individual departments and agencies alone.
    The ISC is a collaborative forum that carries out its work 
by, with, and through its members within a primary governance 
framework of subcommittees and working groups. These working 
groups, which are provisional, are task-based bodies 
established by the ISC with clear objectives and defined 
deliverables.
    In March 2003, the role of chair transferred from General 
Services Administration (GSA) to the Department of Homeland 
Security. DHS delegated its responsibility to the Cybersecurity 
and Infrastructure Security Agency, considering its role in 
helping to protect and secure the nation's critical 
infrastructure.
    As you are aware, on Monday, November 27, President Biden 
signed a new Executive Order titled ``Interagency Security 
Committee.'' This new Executive Order supersedes Executive 
Order 12977, and reinforces the importance of the security of 
Federal facilities in the face of both persistent and emergent 
threats.
    The new Executive Order outlines the following: defines 
duties and responsibilities to better balance the ISC's role 
with the central responsibility that departments and agencies 
have for Federal facility security; specifies the requirement 
for departments and agencies to designate a senior official 
responsible for implementation and compliance with the 
Executive Order and to support facility security committees; 
increases visibility and accountability by adding the 
requirement for the ISC to submit a biennial report detailing 
compliance results to the Director of the Office of Management 
and Budget (OMB) and to the Assistant to the President for 
National Security Affairs.
    The ISC will continue to fulfill its responsibilities 
through multiple lines of effort, including the Risk Management 
Process (RMP) standard. This standard provides and integrates 
single source of security countermeasures and guidance on 
countermeasure customization for all non-military Federal 
facilities. ISC members created the Risk Management Process 
standard to provide a common method for all Federal facility 
security stakeholders to guide risk assessments in a 
standardized way and to help facility owners identify levels of 
protection needed to mitigate their risk.
    Further, the ISC validates member risk assessment tools and 
training programs as meeting the Risk Management Process 
standard. This helps build individual and organizational 
capability to successfully implement ISC guidance. In 
conducting these assessments, FPS uses a risk assessment tool 
validated by the ISC, the Modified Infrastructure Survey Tool 
(MIST). Additionally, the ISC also validated FPS's Physical 
Security Training Program located at the Federal Law 
Enforcement Training Center (FLETC). This training program 
trains FPS personnel on how to conduct a risk assessment using 
their Modified Infrastructure Survey Tool.
    Two of the main drivers of threats to Federal facilities 
are targeted violence and terrorism. These threats are becoming 
more varied and complex. Combating them is and will remain a 
top priority for DHS. DHS is committed to using every resource 
available to prevent, detect, and mitigate threats of violence 
directed at Federal facilities.
    Thank you again for the opportunity to appear before you 
today and for this Committee's continued support of the 
Cybersecurity Infrastructure Security Agency and the 
Department. As a member and representative of the ISC, I look 
forward to continuing to work closely with you and other 
members of the Senate to keep our Federal facilities and those 
who work at and visit them safe and secure.
    Chairman Peters. Thank you.
    Director Cline, in May 2023, DHS released a National 
Terrorism Advisory System (NTAS) Bulletin which warned of 
emerging threats regarding the 2024 election and domestic 
violence extremist violence (DVE). How would the implementation 
of the FPS security recommendations actually help address and 
hopefully prevent these threats? If you could be more specific 
for the Committee that would be wonderful.
    Mr. Cline. Thank you very much, Chair Peters. The security 
countermeasures that we recommend are based on the ISC 
standards, obviously, with the goal of obtaining the necessary 
level of protection to ensure that the employees are safe in 
their workplace. We also conduct a threat assessment of that 
facility to determine the local threats, national threats, 
international threats, and any threats that may be associated 
with a specific agency that is located within that facility. We 
also work with the agencies on plans to enhance that protection 
at that facility based on the NTAS levels. All of this is used 
to determine the countermeasures necessary to ensure protection 
of the employees and the facility.
    The goal of reaching that necessary level of protection, 
which is basically the minimum security standards to protect 
the facility, is necessary whether it is day-to-day operations 
or during an NTAS elevation.
    Chairman Peters. Director Cline, next question. In your 
written testimony you mentioned the, ``significant role'' that 
the Federal Protective Service plays in countering threats 
posed by unmanned aircraft systems (UAS). However, FPS 
authority to counter these unmanned aircraft systems is 
actually going to expire this coming February. Would you please 
explain why it is so important that we extend this authority 
and what you believe the consequences could be if we do not 
extend this critical authority.
    Mr. Cline. Thank you very much, sir, and we really 
appreciate the work of the Committee Members, yourself 
included, for pursuing the extension of that counter-UAS 
authority. It is critical for us to ensure the protection of 
Federal facilities.
    Today we have a counter-UAS mitigation operation in place 
at the headquarters of the Department of Homeland Security. We 
also have a mobile system we use that we deploy to Federal 
facilities during high risk events. Like high risk trials that 
may be going on around the country, we work with the Federal 
Aviation Administration (FAA) to implement the temporary flight 
restriction and then set up the counter-UAS program at that 
facility.
    We have detected about 900 drones in and around Federal 
facilities since 2019. That is a good number. Most of those are 
not targeted at Federal facilities. The ones that we have 
mitigated, normally it is on Christmas afternoon, when someone 
got a new drone for Christmas and they do not realize that they 
are flying into a temporary restricted airspace.
    But this is an emergent threat across the country. We see 
what is going on in other parts of the world with drones, and 
we think it is critical that that authority be continued and 
extended to the agencies that are mentioned in the draft 
legislation but also to continue our operation at the critical 
Federal facilities that we protect.
    Chairman Peters. Thank you.
    Mr. Marroni, in your May 2023 report, GAO found that almost 
70 percent of the countermeasures recommended by the Federal 
Protective Service to help secure buildings were not 
implemented by agencies. I think this Committee needs to hear 
what are the primary reasons why agencies, in your estimation, 
are rejecting, ignoring, or failing to implement these 
recommended countermeasures?
    Mr. Marroni. A number of reasons. On the side of not 
approving recommendations cost considerations were cited by 
many officials, budgetary considerations. Many of these 
facilities are multi-tenant agency facilities, so each of those 
agencies needs to provide funding to implement some of these 
countermeasures that can add some level of difficulty. 
Sometimes there are feasibility concerns. The recommendations 
are based on the ISC standards, but some facilities, based on 
their age or other space limitations, it may not be possible to 
implement there.
    On the other side, and even more concerning, the 55 percent 
of recommendations saw no response from the committees. 
Agencies have 45 days from receiving the recommendations to 
make a decision. Some agencies said that was too tight of a 
timeframe for more complex countermeasures. Also reluctance 
sometimes to accept risk of not implementing recommendations 
they choose not to implement. They do not want to formally note 
that.
    Then at times communication issues among the committees. 
This is a collateral duty for officials on these committees, 
and sometimes they do not have as much expertise, and so 
responding to the recommendations cannot be as high of a 
priority as it should be.
    Chairman Peters. Clearly it is a priority, so we are going 
to have to work to make that so.
    I have a question for both you, Mr. Marroni, and to you, 
Mr. Cline. I have been working on legislation that would 
require agencies to respond to the Federal Protective Service 
security recommendations within 90 days. I want both of your 
opinions. Would such a requirement improve responsiveness and 
building security, in your estimation? We will start with you, 
Mr. Marroni, first, and then Mr. Cline.
    Mr. Marroni. Yes. That is in line with our recommendations 
from earlier this year of the importance of increased oversight 
on these recommendations, particularly the ones where they are 
not responded to. ISC standards allow for agencies to accept 
risk and not implement recommendations, but they at least 
should be responding and formally accepting risk if they are 
not going to do so. So yes.
    Chairman Peters. That is a very strong yes. Mr. Cline.
    Mr. Cline. Yes, sir. I would agree with a very strong yes. 
The ISC requirement is the 45 days. We have heard from 
agencies, ``I need more time. This is very complex. I have to 
coordinate with the other agencies located in the multi-tenant 
facility.'' Ninety-day requirement coming through legislation 
would definitely strengthen the agencies' need to reply to 
those recommendations.
    Chairman Peters. Great. Thank you.
    Senator Hassan, you are recognized for your questions.

              OPENING STATEMENT OF SENATOR HASSAN

    Senator Hassan. Thanks, Senator Peters. I want to thank you 
for having this hearing, and I really want to thank the 
witnesses not only for being here today but for the work that 
you do and for the teams that you lead. I hope you will send 
our thanks back to your teams as well.
    I really have kind of a series of follow-up questions 
because my questions are quite similar to Senator Peters'. As 
he mentioned, recently the Federal Bureau of Investigation 
(FBI) Director Wray told this Committee that domestic violent 
extremism remains the most persistent terrorist threat to 
homeland security. Specifically, Director Wray highlighted the 
risk presented by small groups or lone actors who commit 
violent acts after becoming radicalized due to inflammatory and 
often false information shared on the Internet.
    Director Cline, can you drill down a bit more on the risks 
posed to government facilities by domestic violent extremists, 
how Federal inspectors evaluate these risks when they are 
conducting facility security reviews, and maybe especially when 
they are conducting these reviews on facilities that house 
multiple government agencies that may have different risk 
levels. How are you guys all handling that?
    Mr. Cline. Thank you, Senator Hassan. That is a great 
question, and it is an issue that we think about every day, 
where not only the domestic violent extremism but also the lone 
actors. A number of the agencies that we protect provide 
services to citizens of the United States, and there are times 
when those services, when someone applies for a benefit, it may 
be reduced or denied and people become upset about that. That 
is the majority of the threats we receive, either 
telephonically, emailed, some are in person, and some are 
mailed through the snail mail. We are focused on this every 
day.
    Now as far as the security countermeasure recommendations, 
it is all based on the facility security level. It is a Level 1 
through 5. The 5's are the highest risk facilities and the 1's 
are the lowest. Then the countermeasures that we are 
recommending, based on ISC standards, based on the risk 
management process, are to get them to that necessary level of 
protection. Whether it is from a DVE, from a lone actor, 
whatever it may be, it is to protect those people that are 
inside that facility.
    Senator Hassan. But when you have agencies that might, if 
they were in separate facilities, have different risk levels, 
how are they being asked to share that risk? You are protecting 
for the highest risk entity, right?
    Mr. Cline. Right. Yes, ma'am. That is a good question that 
we hear a lot from the agencies. A multi-tenant facility might 
be 5 to 10 different agencies in that facility, sometimes 20. 
Some of those agencies may be more public facing, more 
threatened than other agencies in the building. The tenants of 
the agency will tell our folks and the Facility Security 
Committee, like, ``It is their fault. That is why we are a 
Level 4, because they are here. Maybe if they would move.'' But 
that is not the process we use. We are looking at everyone in 
the building, what is the iconic value of the building, of the 
agencies that are in the building, what kind of work do they 
do, and then that is how we determine the facility security 
level in coordination with the FSC, but also the countermeasure 
recommendations that are put in place.
    Senator Hassan. I appreciate that. I also wanted to follow 
up with you, Director Cline, on the issue of reauthorizing 
DHS's authority to counter threats posed by drones or unmanned 
aerial systems. It expires in February. I agree that we need to 
extend that authority. But as threats from drones continue to 
grow I want to know whether your current authorities, assuming 
we can extend them after February, are sufficient to protect 
DHS facilities and personnel or whether you think you need any 
additional authorities to address emerging threats.
    Mr. Cline. Thank you, ma'am. That is a great question, a 
great issue that we are working with. The Preventing Emerging 
Threats Act of 2018, the authority that we are provided in 
there, along with the other DHS and Department of Justice (DOJ) 
components, is adequate for us to do our job. It allows the 
Secretary to make decisions to what assets he will cover, what 
facilities will be covered. We have a number of other 
facilities we are planning to cover in the future. Right now it 
is Saint Elizabeths, the DHS headquarters, 24 hours a day, and 
then that mobile system I mentioned that we have the ability to 
move to other places, based on the threat levels.
    But what we have currently in the legislation is adequate 
for FPS. I cannot speak on U.S. Customs and Border Protection 
(CBP), U.S. Coast Guard (USCG), or the U.S. Secret Service 
(USSS).
    Senator Hassan. Sure. OK. I appreciate that.
    Mr. Breor and Director Cline, this question goes to both of 
you, and it is really based on something that Mr. Marroni has 
testified to. Federal agencies, as we have talked about, failed 
to implement most of the 32,000 security recommendations made 
by the FPS from 2017 to 2023. Agencies failed to even respond 
to more than half of the recommendations, and according to GAO 
they implemented fewer than 1,800 of the recommendations made 
during the period.
    Is there any record of who specifically, at any agency, or 
on a Facility Security Committee determines which 
recommendations will be implemented? A kind of follow-up to 
that is who is responsible for the decision that a facility 
will accept a certain level of risk and not implement a 
recommendation?
    Mr. Breor, we will start with you.
    Mr. Breor. I begin with at the facility level, if it is a 
multi-tenant facility then it is the Facility Security 
Committee, and the chair of that typically is the one that has 
the most square footage with respect to that facility.
    At the agency level, this is where we totally embrace the 
new Executive Order that came out on Monday because it 
designates a senior official for that agency to ensure the 
implementation of the Executive Order. That is a piece in the 
governance structure that we have not had and that we have 
needed.
    With that, and the fact that that senior official is also 
going to be responsible and accountable for the Federal 
Security Committees at the local level is going to be the 
governance structure that we need to move this forward.
    Senator Hassan. Thank you. Director Cline, anything you 
would like to add?
    Mr. Cline. Thank you, ma'am. We use an assessment tool, a 
computer-based assessment tool that our inspectors use when 
they go out to do their facility security assessments, and the 
timeframe ranges anywhere from a couple of days for a small 
facility, to a month for a large facility. Those measures they 
are using in that tool are based on the physical security 
criteria for Federal facilities. That database that we have has 
all of our Federal facilities, it has the agencies there, the 
square footage, the costs of the countermeasure implementation.
    We have that information, and the details of what 
information is available we could work with your staff to 
determine what you need, and we can get it to you.
    Senator Hassan. I think what we are trying to get at, in a 
constructive way, is who makes these determinations, what does 
it mean to be the person at an agency who, ``accepts the risk'' 
because they are not implementing certain recommendations. I 
think we want to drill down on that a little bit.
    I am out of time, so I will follow up with you in writing 
about that. But thank you all, again, for your work.
    Chairman Peters. Thank you, Senator Hassan.
    Senator Hawley, you are recognized for your questions.

              OPENING STATEMENT OF SENATOR HAWLEY

    Senator Hawley. Thank you very much, Mr. Chair, and thanks 
to all of the witnesses for being here.
    Director Breor, if I could just start with you. How 
familiar are you with the case, Missouri v. Biden?
    Mr. Breor. Not really familiar. I have it in the outline, 
but----
    Senator Hawley. I am sorry. Go ahead.
    Mr. Breor. I am aware of it but I do not know in depth.
    Senator Hawley. You say you are aware of it. What are you 
aware of?
    Mr. Breor. I am aware of the context around misinformation, 
disinformation online.
    Senator Hawley. Missouri v. Biden is the United States 
District Court and then the United States Court of Appeals that 
ruled, in both cases, that the United States government 
violated the First Amendment by coercing and censoring speech 
and using the biggest corporations in the world to do it. I am 
asking you about it because a large portion of the case 
concerns CISA.
    Let me read some of the relevant portions, since you say 
you are not too familiar with it. This is from the court's 
opinion. ``CISA, working in close connection with the FBI, held 
regular industry meetings with the platforms''--that is the 
social media platforms--``concerning their moderation policies, 
pushing them to adopt CISA's proposed practices for addressing 
misinformation, disinformation, and malinformation. CISA also 
engaged in switchboarding operations, meaning that CISA 
officials acted as intermediaries for third parties by 
forwarding flagged content from them to the platforms. Like the 
Centers for Disease Control and Prevention (CDC) did for 
Coronavirus Disease 2019 (COVID-19)-related claims, CISA told 
the platforms whether certain election-related claims were true 
or false.''
    The court goes on, ``CISA violated the First Amendment. 
CISA was the primary facilitator of the FBI's interaction with 
the social media platforms and worked in close coordination 
with the FBI to push the platforms to change their policies. 
CISA also used its frequent interactions with social media 
platforms to push them to adopt more restrictive policies, and 
CISA affirmatively told them repeatedly what content was true 
or false and what needed to be taken down.''
    What the court found is--and there are voluminous findings 
here, both in the opinion and in the record--is that the 
government, acting through a series of agencies, including the 
one that you are a part of, used its power to go after 
protected First Amendment speech in a way that directly 
violates the First Amendment.
    Now you have a long record of government service. I cannot 
imagine that this is what you signed up to do. Let me just ask 
you, first, you were not in any way involved in any of the 
activities described by the court in these cases, were you?
    Mr. Breor. I work physical security for the Cybersecurity 
Infrastructure Security Agency, so I come in each and every day 
and I am focused on public gathering events, Federal facility 
security, and the sectors to ensure that they have physical 
security measures in place.
    Senator Hawley. OK, good.
    Mr. Breor. That is my focus. That is my expertise.
    Senator Hawley. You were not meeting with executives or 
counterparts in any of these social media companies, as 
described by the court.
    Mr. Breor. No.
    Senator Hawley. Good. Now let me just ask you, Do you think 
that this is consistent with CISA's mission, the use of 
coercive power to try and censor American speech, and with it, 
violates the First Amendment of the United States Constitution?
    Mr. Breor. That is not the way the agency that I work for 
operates.
    Senator Hawley. Are you saying it is not how it should 
operate, because two courts have found it is how it is 
operating. That is the problem. Would you agree with me that 
that is a problem, when Federal courts find that the First 
Amendment has been violated by a Federal agency using Federal 
power to censor Americans' speech? Would you agree, that is a 
problem?
    Mr. Breor. I do not have the expertise or knowledge to 
comment on that.
    Senator Hawley. But would you agree it is a problem when 
the First Amendment is violated? How about that?
    Mr. Breor. Yes.
    Senator Hawley. Would you agree it is a problem when the 
Federal Government violates the First Amendment?
    Mr. Breor. Yes.
    Senator Hawley. OK. When you say that it is not what the 
agency is doing, I mean, you would say that this is not--this 
sort of activity, the violation of the First Amendment, is not 
what CISA ought to be doing. Is that fair to say?
    Mr. Breor. I am saying I do not have knowledge of that.
    Senator Hawley. Here is, I guess, my point to you, Director 
Breor. I appreciate the work that you do and your long service, 
record of service to this country. I just think it is important 
that this body sends the message to every agency that was 
involved in this. It is a serious thing to violate the First 
Amendment of the United States Constitution. It is a very 
serious thing. There is nothing more foundational to our 
democracy than the freedom of speech, and what these courts 
found is the Federal Government systematically--not 
accidentally, not, oops, we went too far--systematically, over 
a period of months and years, set out to violate the First 
Amendment speech of ordinary Americans, including those in my 
home State of Missouri--and this is all on the record. In fact, 
my State brought the suit.
    That is a pretty big deal, and I am pretty upset about it. 
You are not the first person I have asked about it, and I 
promise you, you will not be the last. But I want to send a 
message, and maybe you can take this message back to your 
agency, that this is not acceptable behavior, not by a long 
shot. If the Federal Government can tell people, and can use 
the most powerful corporations in 
the world to shut down speech it does not like, on a variety of 
topics--elections, COVID, school boards, the Hunter Biden 
laptop story, I mean, pick it, there is so much censorship that 
these courts have found--we have a serious problem that goes 
right to the heart of our democracy, and that is a serious 
issue for me.
    Director Cline, let me ask you a question here, in my 
remaining few seconds. You noted in your written testimony that 
FPS protects Federal facilities at the U.S.-Mexico border. Have 
I got that right?
    Mr. Cline. Yes, sir.
    Senator Hawley. Let me ask you, given the unprecedented 
surge in illegal immigration that we are seeing, let me ask you 
two things here, time permitting. The first one is we have had 
multiple DHS whistleblowers, who are special investigators 
within DHS, come forward to my office, and I think others, and 
allege that they were pulled off of their assignments 
investigating child abuse, child trafficking, fiscal year (FY), 
they were pulled off of that and sent to the Southern Border in 
order to perform, in their words, menial tasks.
    I just want to know, have any FPS officers, to your 
knowledge, been reassigned to the Southern Border to help with 
migrant processing?
    Mr. Cline. Yes, sir. We do have a number of FPS officers 
that are supporting CBP at the Southern Border in two 
locations, and that is going on today.
    Senator Hawley. When you say ``assisting,'' assisting with 
processing?
    Mr. Cline. Not processing. Let me explain what they do. The 
Border Patrol, the goal is for us to support the Border Patrol 
so they can go back to do the work at the border. Our officers 
are transporting people to hospital appointments, to medical 
visits, to emergency rooms, that may need treatment, so the 
Border Patrol does not have to do that. They can focus on the 
border, and we are supporting them in escorting people to these 
appointments.
    Senator Hawley. If I could just ask, where are these folks 
coming from who are transporting--your agents, where are they 
being taken from if they are now running people back and forth 
to the hospital, to appointments, and so forth?
    Mr. Cline. Various locations throughout the country.
    Senator Hawley. For example?
    Mr. Cline. Boston, Chicago.
    Senator Hawley. What would they otherwise be doing in those 
locations?
    Mr. Cline. Federal facility protection.
    Senator Hawley. They are being pulled off of Federal 
facility protection in order to go to the border to take 
migrants to appointments.
    Mr. Cline. Our goal is to support the Border Patrol. They 
have supported us on a number of occasions. When they call and 
ask for help, can you provide, and it is a very small number of 
officers that we are providing to them, ``Can you provide help? 
We have a need for help'' and we are going to help them because 
they have helped us in the past.
    Senator Hawley. I think that is important testimony, 
Director Cline. I am grateful that you have given it, and 
sadly, it tracks exactly with what whistleblowers at DHS have 
told us that they are being asked to do. They are being taken 
off of their assignments and they are being asked to do exactly 
what you just described, which is to run people back and forth. 
One agent said that he was being asked to make sandwiches for 
illegal migrants.
    I have to say I think it is kind of a problem when people 
are not investigating child exploitation so that they can make 
sandwiches, and frankly, when your agents, who provide 
absolutely vital security services, are being used to run 
people back and forth to appointments. That is outrageous. That 
is absolutely outrageous. Obviously it is not your fault, but I 
am sorry that you are in that position. I just register again, 
our border is in a state of crisis, and I think this is 
unbelievable.
    Thank you for your testimony. Thanks, Mr. Chairman. I 
realize I am over time.
    Chairman Peters. Thank you, Senator Hawley.
    Mr. Breor, in your oversight of agency compliance with 
security standards you rely on agencies to fill out 
questionnaires. However, your current questionnaires do not ask 
for information on the risk that agencies take if they fail to 
respond or choose not to follow Federal Protective Service 
recommendations. Why does ISC not account for these risks?
    Mr. Breor. Thank you, sir. Currently, in the benchmark 
questionnaires that we have, at the agency level we qualify 
that as risk acceptance versus describing it as implementation 
of a countermeasure. At the facility level we actually do have 
that question, but what we have been seeing, in the compliance 
feedback that we have been doing compliance now for two years--
is that at the agency level only about 50 percent of them 
actually have the plans, policies, and protocols in place that 
then cascade down to the facility level.
    Therefore, I think the tenants at the local level are just 
having that difficulty doing what is required with respect to 
the ISC due to lack of understanding and lack of training. 
Because of that, over the last year, we have doubled down on 
training Federal Security Committee members. We have virtual 
online training, we have in-person training, and also virtual 
instructor-led training, to try to get the FSC members trained 
up to par.
    But I think, more importantly, once we get the senior 
official designated for the agencies we will be able to 
increase the compliance aspects, and not only the documentation 
of unimplemented countermeasures but also ensuring that the 
plans, policies, and protocols are in place in each of the 
agencies and departments.
    Chairman Peters. Given you are not getting this 
information, that seems problematic. I guess my follow-up 
question to you, do you think you have enough data to actually 
understand the risks that agencies are facing right now, or do 
you need more data to really do the type of assessment 
necessary to secure these facilities?
    Mr. Breor. That is exactly why we totally embrace the GAO 
recommendations and are moving forward with changing the 
questionnaire and the benchmarks in 2024, during the compliance 
run.
    Chairman Peters. But you do not have the data that you need 
right now?
    Mr. Breor. Not the full understanding of what exactly 
countermeasures are being implemented, whether it is being 
documented, and whether that is supported by the department and 
agency at that level.
    Chairman Peters. Clearly a major problem.
    Mr. Breor. Yes, sir.
    Chairman Peters. That was yes?
    Mr. Breor. Yes.
    Chairman Peters. Director Cline, given the heightened 
threat environment and the need to ensure security of Federal 
buildings and workers and the public that shows up at those 
facilities every day, does the Federal Protective Service, in 
your estimation, have enough uniformed officers to actually 
secure this portfolio?
    Mr. Cline. Thank you, sir. That is a great question. We are 
short-staffed right now, but we are still getting our mission 
done. We are using overtime dollars right now because we have 
officers staying later to protect our facilities, and it 
remains a challenge for us. We are observing some impact on our 
employee morale. I am focused on ensuring that we do not have a 
burnout factor within our law enforcement workforce. I 
mentioned previously my number one priority is to fill those 
vacancies.
    I did travel down to the Federal Law Enforcement Training 
Centers earlier this year, met with the director, and asked for 
additional seats or classes for the basic police academy at 
FLETC. We now have eight classes through this year. By the end 
of this year we should fill at least 75 percent of our vacant 
law enforcement positions.
    I do not want to tell you I need more people right now 
because I need to fill the vacant positions I have and then 
evaluate how we are doing with filling all the vacancies, and 
are fully staffed on board, and then make decisions on do we 
need more. Now that we know we have everyone on board we can 
evaluate and determine if we need more people.
    Chairman Peters. The vacancies that are there, you said you 
are increasing your training academies. Are you having 
difficulty recruiting folks to the service, or is there a long 
line of folks wanting to raise their hand and serve?
    Mr. Cline. We have had a little bit of both, Mr. Chairman. 
We are competing for the same person that every other law 
enforcement agency is competing for--city, county, State, and 
Federal. We are all competing for that young, vibrant person to 
become part of our agency.
    Right now it is a challenge to fill the seats. We are 
working kind of backwards, so we are filling the first classes 
first, and then we are working toward the other classes. We are 
reaching out to our candidates who have applied for our 
positions, to check are you available to go to school on this 
date or this date or this date.
    A number of folks that we have recruited want to go to 
specific locations, and we may be filled or we may not have 
vacancies in those locations, so we are offering them locations 
nearby. But they may want to go to one point because that is 
where they are from and that is where their family is, whatever 
the reason is they are stuck on that is where I want to go. We 
are going down that list of our people that we have in the 
pipeline, calling them and asking about the duty locations, 
here is what we have available nearby, do you want that. It is 
an all-out effort within all of our managers at FPS to fill 
these classes and to hire these people.
    I did mention that retention incentive earlier, sir, during 
my oral Statement. We have officers that are leaving to go to 
other agencies and they may have a better benefit than we do or 
they are retiring or resigning for one reason or another. I 
worked with my boss and asked for the ability to provide a 
retention incentive to keep who we have on board, to keep them 
here until we can get these other new employees through all the 
training requirements and on board.
    We have a lot coming up in the next 14 months, affecting 
Federal facility security, including some trials that are 
coming up, the Republican National Committee (RNC) and 
Democratic National Committee (DNC), the election, and then 
ultimately the inauguration, that we need to make sure we have 
plenty of people available to respond and secure these 
facilities. That is why we went with this retention incentive. 
It does take effect next pay period for our current officers 
and agents. It is for our GS-12s and below, the people that we 
are trying to retain. We think that is going to help us keep 
what we have on board while we fill the other classes and hire 
those other people.
    Chairman Peters. That retention is for everybody.
    Mr. Cline. Retention is for all of our law enforcement 
officers, GS-12 and below.
    Chairman Peters. Right, yes.
    Mr. Cline. Not for me.
    Chairman Peters. Right. But the question is the folks who 
are coming out new, because of all the challenges that you 
mentioned, the highly competitive environment for law 
enforcement, a lot of offers are out there for folks, what is 
your retention rate for the newly graduated, newly incoming 
folks? How many are there a year after training?
    Mr. Cline. A year after training, 74 percent. We do lose 
some during the training. The Federal Law Enforcement Training 
Centers have very high standards on test scores and fitness 
scores, and we do lose some people during that part.
    Chairman Peters. How much do you lose through training?
    Mr. Cline. Seven percent. That is not a huge number. Then 
we are looking at age groups. Over the last five years we have 
been really focused on hiring veterans, using that veterans 
hiring authority to quickly bring them on board, deserving of 
an opportunity to join the Federal Government, especially when 
they have served overseas in Iraq or Afghanistan, and we have 
been really hiring a lot of those folks. But they are around 40 
years old. They are a little older than the people that we are 
looking to recruit now. Because we need a new focus on those 
young and vibrant recent college graduates that have a 
different perspective on how to do things than old people like 
me. We are focused on hiring those new folks now.
    Our retention rate is 12 percent. We lose about 12 percent 
of our LEOs every year. But we think that by offering this 
retention incentive for a couple of years while we fill these 
classes will allow us to keep them on board. Some do go to 
other agencies that have a better benefit than they have within 
FPS.
    Chairman Peters. Given your challenges to be fully staffed, 
in the event that FPS officers cannot respond to a developing 
incident or there are simply not enough officers available, how 
do you cooperate with State and local law enforcement to make 
sure that you are adequately responding? Could you kind of walk 
us through as to your backup plan? When bad things happen you 
need people. Where do you get them?
    Mr. Cline. Absolutely, sir. We have great relationships 
with our city, county, and State, and Federal law enforcement 
partners throughout the country. Obviously, we do not have FPS 
officers in every city across the Nation. We primarily staff 
our officers in those major metropolitan areas where there is a 
large Federal community in that area.
    There are many instances every day where a local law 
enforcement officer will respond to an incident at a Federal 
facility because there is no FPS officer nearby. The FPS 
officer will respond, but he may be there in an hour, he may be 
there in 15 minutes, depending on how far he is commuting to 
that specific location.
    So city, county, State, and Federal law enforcement agents 
and officers are closely tied to our mission. Our authority is 
the Federal facility and the people in the facility. That 
sidewalk, that street, that city belongs to another law 
enforcement agency, and we have great partnerships with them to 
ensure our facilities are protected. That happens every day, 
that coordination effort.
    We do work with our local law enforcement agencies to 
retain some level of authority to issue citations based on the 
city law enforcement. As an example, there is no Federal crime 
for parking in a handicapped zone, but we have handicapped 
parking spaces in every facility across the country. We 
leverage the local jurisdiction's violation notice to cite 
someone for a local crime where there may not be a Federal 
crime, and the local jurisdictions provide us that authority.
    Chairman Peters. Very good.
    Mr. Marroni, Federal real property management has been on 
the GAO's High Risk List now I think for over 20 years. Could 
you explain why it remains on that list and what do we need to 
be focusing on? We have to get it off that list.
    Mr. Marroni. It has been on that list for 20 years because, 
one, there continue to be incidents which make it a high risk 
area, but two, based on our ongoing work we have continued to 
identify areas of need for improvement. Now to the agencies' 
credits, to ISC's and FPS's credit, they have constructively 
addressed many of these recommendations.
    But our next update is in 2025, and so we will be looking 
at how agencies address the remaining open recommendations, 
including the recommendations I have discussed today on 
facility security assessments. We will also have an ongoing 
review, looking at FPS's addressing of challenges, physical 
security challenges at buildings. We will be completing that in 
the fall, and we will use that to consider where things stand 
for 2025.
    Bottom line, we need to see further progress on our open 
recommendations, and we will consider that as whether to take 
this off the High Risk List.
    Chairman Peters. Great. Thank you.
    Mr. Breor, critical infrastructure like the United States 
electrical grid is certainly very vulnerable to physical as 
well as cyber trespass that can disrupt transformers and 
electric transmission lines. My question for you is can you 
explain how CISA is mitigating these threats and what measures 
it is encouraging Federal agencies, in particular, to adopt to 
help secure this critical infrastructure in our country?
    Mr. Breor. Yes, sir. As a matter of fact, a very timely 
question now that we are coming to the end of Critical 
Infrastructure Protection and Resilience Month. We work with 
all sectors to ensure that they can mitigate the threats they 
face. Recently we published a toolkit in collaboration with the 
Department of Health and Human Services (HHS) for public 
health.
    With respect to substation security, we have been working 
with the Department of Energy (DOE) for well over 10 years. All 
across the Nation we have protective security advisors who will 
support the local electricity providers to do security 
assessments at their substations. We are all familiar with what 
occurred with Metcalf back in 2013, and we totally support the 
critical infrastructure protection regulation that North 
American Electric Reliability Corporation (NERC) then followed 
that event.
    As we have seen recently, with respect to the threats, 
Metcalf was focused on the generation of electricity. We are 
now seeing it at distributionsites, and we are seeing an 
increase with respect to ballistic type attacks.
    We are working with electricity providers, with their risk 
management process, to see how best to mitigate the threats at 
those substations. There are many options, and every substation 
is very unique. We will continue to support them. As mentioned 
to public health, we are supporting water and wastewater with 
respect to their cybersecurity requirements. As you recall, 
back in March, we released the Cybersecurity Performance Goals, 
which are focused on that information technology (IT) and 
operational technology. With respect to the cyber threat, it 
speaks to many of the lifeline subsector cyber risks that they 
face.
    Chairman Peters. Great. Thank you.
    Director Cline, back to some personnel issues, we have 
talked about the vacancies and training. But I know in order to 
supplement folks you have hired a number of contract guards to 
help protect the facilities. A question. When you hire these 
contract folks how do you conduct oversight to ensure that they 
have received the necessary training to protect these Federal 
facilities that require usually additional training than you 
may get from a contract guard?
    Mr. Cline. The Protective Security Officer (PSO) Program 
has been around--I joined FPS 21 years ago and it was in place 
before I joined. These are the people that you see at our 
Federal facilities. They are conducting screening operations, 
X-ray magnetometer, they are conducting roaming patrol security 
operations around the Federal facilities. They are staffing 
facility command centers to review video surveillance system 
monitors. They are basically the first line of defense at those 
Federal buildings that you are going to enter, those highest 
risk Federal facilities. They have the PSOs at the entrances 
doing that screening operation. They also ensure that the 
Federal employees that are coming in, that they have the 
required access media or identification (ID) cards to get into 
the facility.
    We spend a lot of time doing compliance assessments and 
inspections of the PSOs every year. We do this through post 
inspections, where our inspectors will visit their assigned 
facilities and do inspections of the protective security 
officers that are assigned to that building. We also have a 
database where all of their training records are maintained, 
and we can see that on a daily basis. It also alerts us if any 
of those training requirements come out of date. We do not 
allow that protective security officer to stand post until 
their training requirements are fulfilled.
    We have 13 different training requirements that they have 
every year that they have to meet, and then also their 
suitability background investigations are almost identical to 
what most Federal law enforcement officers are. We spend a lot 
of time overseeing these contracts. We do a lot of these 
contracts throughout the country. We are visiting with them 
every day.
    Right now, at this minute, there are about 16,250 
protective security officers on duty across the country and our 
territories. We know how critical of a role they play in the 
defense of our protected facilities, and we spend a lot of time 
ensuring that their training records are maintained properly, 
that they are meeting all the requirements, and that they are 
complying with the requirements of the post orders at their 
specific facility.
    Chairman Peters. Great. Thank you, and I want to thank each 
of our witnesses for being here today. I certainly appreciate 
your contributions to this discussion and appreciate all the 
men and women who work for your respective agencies, keeping us 
safe each and every day. Protecting our Federal facilities and 
the Americans who use them every day is absolutely fundamental 
to our national security, and as Chair of this Committee I will 
work with my colleagues to find ways to ensure that agencies 
take up the recommendations of the Federal Protective Service 
and strengthen our security in those Federal buildings.
    The record for this hearing will remain open for 15 days, 
until 5 p.m. on December 14, 2023, for the submission of 
statements and questions for the record.
    This hearing is now adjourned.
    [Whereupon, at 11 a.m., the hearing was adjourned.]

                            A P P E N D I X

                              ----------                              

[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]

                                 [all]