101101010101010110110101010101001010101010101010101011010100101010
010111010110101100101010101010101010101010010101010101011010101010
Contact: CIPP02@gmu.edu
703.993.4840
Mick Kicklighter
Click here to subscribe. Visit us online Director, CIP/HS
George Mason University, School of Law
for this and other issues at
http://cip.gmu.edu
The CIP Report July 2010
by Mark P. Harvey
Infrastructure Protection Branch Chief
Risk Management Division
Federal Protective Service
feet of space and more than 650 inherently governmental focus, against physical facilities,
acres of land. The sector also covers security partners are limited to government personnel, and
the facilities owned and operated by representatives from Federal, State, governmental cyber systems. The
the more than 87,000 municipal local, or tribal government entities sector contains a number of assets
governments across the Nation, as involved in the protection of that must be open to the public
well as U.S. embassies, consulates, owned or leased facilities. FPS also to conduct their daily activities,
and military installations located represents the sector on the NIPP including such places as Social
all over the world. These facilities Federal Senior Leadership Council Security offices, Department of
face a full range of both natural and and through similar coordinating Motor Vehicle (DMV) locations,
man-made hazards. mechanisms established by other city halls, and so on. While many
CIKR sectors. government facilities require public
Sector Coordination Efforts access, others are highly secure and
Threats to the Sector restricted. These locations often
Overall GFS coordination is take advantage of multiple and
conducted through FPS Although the sector has been a layered security measures, and
Headquarters, as the focal point for leader in security and preparedness, contain highly sensitive information
SSA activities and responsibilities. significant efforts to manage risk or materials.
Coordination mechanisms are continue to be applied.
utilized within the GFS and cross- Government facilities are attractive During the past year, there have
sector to support GFS activities. and strategically important targets been several attacks aimed at
The GFS has sought to improve the for both domestic and international government facilities and
coordination of sector partners and terrorists. Their symbolism, occupants, including the plane
identify challenges that can be importance, and the value their crash at the Internal Revenue
solved effectively through their services provide make them vital Service (IRS) facility in Austin, and
combined efforts. The GFS has elements of their respective the shooting incidents at the
traditionally been a leader in communities, and protecting these Pentagon, Fort Hood, and the
securing assets, and there are many facilities remains a national priority. Federal Courthouse in Las Vegas.
valuable lessons that can be shared In addition, the size and dispersion These attacks are a reminder of the
across the sector. of government facilities and magnitude of threats faced by the
associated elements introduces the GFS because of their high-profile
Interdependencies that exist full range of natural hazards that nature.
between sectors are one reason why can potentially impact the sector.
coordination mechanisms are Because of the high-profile nature Mitigating Sector Risks
critical to sector planning and of the sector, government facilities
operational efforts. Government operate within a very dynamic risk FPS has been actively involved in
facilities are highly interconnected, environment requiring a variety of enhancing the security posture of a
both physically and through a well-coordinated protective broad scope of Federal facilities by
variety of information and measures to ensure the safety and utilizing a variety of programs and
communications technologies. security of citizens and the tools, such as Operation Shield, the
continued availability of essential National Countermeasures
A Government Coordinating government functions. Program, the Occupant Emergency
Council, chaired by FPS, is the Plan Guide, and the Risk
primary coordination point with A historical examination of Assessment and Management
representatives from the terrorist attacks in modern times Program.
government entities with the shows the GFS to be the most
responsibility for the protection of frequently attacked of all the 18
government facilities. Due to its CIKR sectors; this includes attacks (Continued on Page 4)
3
The CIP Report July 2010
In an effort to avert or obstruct management issues. In the past, event of an incident inside or
potential insider threats as part of FPS utilized several contracts and immediately surrounding a facility.
terrorist operations and criminal vendors to supply screening For example, in February 2010, a
activity in and around Federal equipment for Federal facilities. The small plane crashed into a building
facilities, FPS employs Operation new contracts, established by the occupied by the IRS in Austin,
Shield. Operation Shield NCP, allow FPS to more effectively Texas. During the FPS
systematically measures the manage screening operations for investigation of the crash, reports
effectiveness of FPS Federal facilities by utilizing one from employees in the building
countermeasures, including the central point of service to acquire, revealed that the IRS had well-
effectiveness of FPS’ Protective train, maintain, and replace written and well-rehearsed OEP
Security Officers in detecting the screening equipment on established and evacuation procedures. IRS
presence of unauthorized persons schedules. FPS has awarded five- employees had sighted and reported
and potentially disruptive or year blanket purchase agreements to the low-flying plane and initiated
dangerous activities. Operation Smiths Detection, to lease x-ray the facility’s OEP, which was
Shield is a comprehensive operation machines, and Ceia-USA, to appropriately executed. The facility
that combines physical security purchase metal detectors. was estimated to have housed as
expertise and law enforcement many as 200 individuals as the
authority into an enhanced security In emergency situations, Occupant plane approached, yet the final
team to provide a visual deterrent at Emergency Plans (OEPs) can be tenant casualty toll included one
FPS-protected facilities, with the used to minimize the potential for fatality and 13 injuries. The saving
goal of demonstrating the outcomes involving devastation and of countless lives can be credited to
preparedness and agility of FPS’ chaos. OEPs describe the actions the rehearsal and execution of an
response to the current threat that occupants should take to established OEP for the facility.
environment within our Federal ensure their safety during an
community. emergency situation, and by To assist other agencies with the
providing facility-specific response development of these plans, FPS has
FPS has conceptualized and procedures for occupants to produced an OEP Guide that can
developed the National follow, OEPs can reduce the threat be used as a reference tool and
Countermeasures Program (NCP) to personnel, property, and other template when developing an OEP
to address all FPS countermeasure assets within the facility, in the for a facility. This guide provides
guidance pertaining to the
preparation, implementation, and
maintenance of OEPs with regard
to national preparedness efforts of
the NIPP and National Response
Framework (NRF), and serves as a
step-by-step approach for
developing, implementing, and
maintaining OEPs.
security of building occupants. This (From left to right) Former FPS Director Gary Schenkel, Susan Burrill, Chief of
comprehensive tool was developed Staff Michelle Bryan, and Acting Deputy Director Richard Cline at the NextGov
to improve and standardize the way Awards. Photo courtesy of FPS.
FPS collects and manages
information at every step of the
security planning process, from the
initial collection of data, to risk
assessment, and countermeasure
implementation. RAMP was
launched in November 2009; it is a
secure, Web-enabled system that
has improved the way FPS collects,
stores, analyzes, and shares security
data on Federal facilities.
by Austin Smith
Executive Director, Interagency Security Committee
6
The CIP Report July 2010
Today’s economic and political environment has generated a tremendous premium and demand for facilities
that are both secure and sustainable. Designing and renovating facilities that are both sustainable and secure
is challenging, but with proper life-cycle planning, coordination, and good engineering, such designs are
feasible. This year’s event was the fifth annual homeland security symposium co-hosted by the Federal
Facilities Council and the Institute for Infrastructure and Information Assurance, organized to bring
together speakers from government, academia, and the private sector to identify areas of synergy, potential
conflicts, and trade-offs among security and sustainability requirements.
The agenda included several case studies highlighting methods to achieve balanced design solutions that
minimize environmental impacts and energy use as well as ensuring the health, safety, security, and comfort
of building occupants. Case studies addressed the new DHS Headquarters complex, the Pentagon
Renovation Program, and innovations associated with the design for the United States Embassy in London.
Architectural design techniques to avoid security features posing an “armed camp” appearance were
described. An important symposium theme was the role of building control systems in achieving effective
security and energy saving solutions. Speakers discussed and provided updates on government and
industrial facility design standards, requirements, and building code documents. DHS provided an overview
of their research agenda for sustainable and
secure building materials. Looking to the future,
the symposium included an overview of the
importance of educating the next generation
on designing for sustainability based
on James Madison University’s new
engineering program with a focus on
sustainability.
7
The CIP Report July 2010
While the overall theme of this not occurred. The loss of classification of Federal buildings
issue of The CIP Report pertains to significant pools of human recommended...“by the DOJ
Government Owned Facilities in intelligence (including contractors) Study.”2 On October 19, 1995,
the contexts of critical working at Federal government Executive Order 12977 created the
infrastructure protection and owned or leased facilities renders ISC, whose mission was “to
homeland security, this article takes the Nation more vulnerable to new establish policies for security in and
a slightly different look: are key attacks as well as hampering our protection of Federal facilities.”3
resources (KR) — highly essential ability to recover rapidly from
Federal human resources — subsequent attacks or natural On October 15, 2001, just 35 days
adequately protected in commercial disasters. after the terrorist attacks against
facilities where the government has New York City and Washington,
leased space for its critical work- The path to Federal Interagency DC on September 11, 2001, an
force? Digging deeper, do new and Lease Security Standards (LSS) “instructional letter,”
emerging technologies and systems started in 1995 after the Oklahoma Implementation of the ISC Security
that are major components of large City domestic terrorist attack on a Design Criteria for New Federal
buildings and facilities — Federal office building. On April Office Buildings and Major
government owned or leased 20, 1995, President Bill Clinton Modernization Projects was issued by
commercial space — raise new directed the DOJ to assess the Public Buildings Service (PBS),
security challenges and risks for vulnerabilities of Federal office an entity within the GSA.
“KRitical Feds,” especially with buildings, particularly with regards According to the letter, “for all
regard to cybersecurity? Unlike to “acts of terrorism and other existing owned and leased space,
data and information systems, forms of violence.”1 Two months PBS will adhere to the minimum
which hopefully are secured using later, on June 28, DOJ released the standards set out in the DOJ
the best knowledge and report, Vulnerability Assessment of vulnerability study.”4 It was not
technologies available, and which Federal Facilities. That same day, until April 26, 2002 that Federal
exist elsewhere in at least one the President issued an executive security standards expanded to
physical facility, human intelligence memorandum entitled Upgrading leased commercial space and
can be far more difficult to protect Security at Federal Facilities. Among construction projects. The ISC
and is unlikely to be “redundant” other things, the President ordered directive, which was effective
— that is, highly effective and that, where feasible, Federal immediately, stated that “if a
continuous knowledge sharing/ facilities be increased to “minimum Regional Office cannot recommend
transfer among seasoned security standards” recommended
government officials and staff has for a particular security (Continued on Page 9)
1
http://www.gsa.gov/gsa/cm_attachments/GSA_DOCUMENT/RSL_ISC_Security_for_Leased_Space_R20O3-
e_0Z5RDZ-i34K-pR.pdf.
2
http://www.presidency.ucsb.edu/ws/index.php?pid=51554.
3
http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=1995_register&docid=fr24oc95-145.pdf.
4
http://www.gsa.gov/gsa/cm_attachments/GSA_DOCUMENT/RSL_ISC_Security_for_Leased_Space_R20O3-
e_0Z5RDZ-i34K-pR.pdf.
8
The CIP Report July 2010
a site for new Federal construction George Mason University’s by the Building Owners and
or lease — construction project that Arlington, VA campus reveals a Managers (BOMA/Chicago) found
will achieve the 50-foot standoff large number of commercial that electricity costs are the second-
distance, an exemption must be buildings with mixed-tenant profiles highest component in operation
issued by the Commissioner of the (Federal, non-Federal, and retail of large facilities — a close second
PBS.”5 More than one year later, on traffic). only to property taxes. In a hightly
July 8, 2003, an ISC subcommittee competitive commercial buildings
published a report on leased The FPS, a law enforcement and environment, making significant
building security standards, and on security agency within DHS, reductions in this “low-hanging
February 10, 2005, the ISC provides the agents, guns, fruit” cost area confers competitive
approved the subcommittee’s and technologies to over one advantage and enhanced public
recommendations, Security million tenants and daily visitors to image. However, to implement
Standards for Leased Space.6 On GSA-owned and GSA-leased efficient green/smart technologies
April 12, 2010, as mentioned in an facilities.8 The challenge for FPS such as Advanced Metering
earlier article, the ISC released a and the security risks for Federal Infrastructure (AMI), Demand
new standard as well as a new and non-Federal occupants and Response (DR), “Nega-Watts” and
accompanying threat analysis visitors is that in a mixed-tenant net metering, “smarter” energy-
document which supersede previous environment, it is very difficult to consuming components, energy and
standards. During the next two secure a building. information technology systems are
years, the standards will be converging rapidly; utility-owned
implemented and field-tested.7 The risks and protection/security “closed” communications systems
challenges for Federal KRs and the are moving to public networks and
It is quite easy to run searches that general public have become more especially the Internet.
provide lists of Federal facilities as difficult since the leased standards Electromechanical and pneumatic
well as commercial, federally leased were introduced in 2005. “Green” controllers are rapidly giving way to
facilities within customizable energy efficient buildings and direct digital controllers for which
geographic regions. Search results “smart” energy grids are being the underlying communications
provide street coordinates and brief designed and implemented at an protocols are “IP” — Internet
descriptions of the Federal tenant(s). accelerated pace, in part as a result protocols. Large and small energy
In Washington, D.C., for example, of Federal cost-sharing for smart- consuming devices, new and old,
the number of GSA-owned versus green grids in the American are being manufactured or
GSA-leased facilities is Recovery and Reinvestment Act retrofitted with smart/green
approximately equal. However, (ARRA). Even absent money from controllers, sensors, meters, and RF
outside Washington, D.C. — the ARRA, the move to green modems, routers, etc. — much of it
including greater metropolitan parts buildings and smart energy grids is through the use of wireless
of Maryland and Virginia — the inevitable — this is largely a positive technologies.
sheer number of GSA-leased development as citizens, property
facilities is significantly greater than owners-managers, and public Thus, security risks for critical
GSA-owned. That is not surprising: officials grapple with increasing facilities, regardless of ownership,
a walk around the 15 to 20 block energy and electricity costs (despite are increasing as are the number of
radius of the Center for the recession), climate change, aging points of vulnerability.
Infrastructure Protection and electric infrastructure, and alarming
Homeland Security (CIP/HS) at workforce demographics. A study (Continued on Page 16 )
5
http://www.gsa.gov/graphics/pbs/ISC_Implementation_of_the_ISC_4-26-02.pdf.
6
This report is available at http://www.oca.gsa.gov.
7
Please see the article, The Interagency Security Committee (ISC), on page 6 for more information.
8
http://www.gsa.gov/Portal/gsa/ep/contentView.do?P=PS&contentType=GSA_OVERVIEW&contentId=11911.
9
The CIP Report July 2010
have occurred at Federal facilities training and benefits for guards. He employees and contractors, it was
within the past year where contract also argued that federalized guards considering the possibility of
security guards had either would have, on average, more federalization. According to
neutralized a deadly threat or played experience than contractors. Ervin Schenkel, NPPD is conducting a
an important role in the incident. cautioned against thinking that study which will consider
He referred specifically to the deadly federalizing guards would alone fix federalization. The study is
shootings at the Holocaust Museum the identified problems. He expected to be included in the
and the Pentagon as examples. In advocates for a wide spectrum of FY2012 budget.
fact, he somberly noted that changes, such as better pay, training,
contract security guards had died in and benefits to accompany such a Finally, David Wright spoke on
the line of duty at both of those move. behalf of the FPS union, offering an
incidents. He also stated that employee perspective on the issue.
replacing contractors with Federal Mark Goldstein spoke on behalf of He stated that he found the current
employees may double or even the GAO. He reiterated the results ratio of Federal employees to
triple the cost of filling positions. of their study and emphasized the contractors troubling and that this
In addition, he argued that troubling nature of the failures on move towards contractors stemmed
federalization would not the part of FPS. He recommended from, in his view, incorrect
significantly improve performance. a series of changes with regards to decisions FPS made in the
He pointed out that when the management of FPS’s contractor aftermath of the Oklahoma City
Transportation Security guards; however, he stopped short bombing in 1995. He argued that
Administration (TSA) screeners had of explicitly recommending Federal buildings could not be
been similarly federalized, federalization choosing instead to protected in the same manner as
assessments of this new approach recommend that FPS identify commercial facilities. Wright
demonstrated more or less the same “other options” to protect Federal contended that GSA and DHS had
rate of failure in covert tests after buildings that would be most erroneously attempted to make
the screeners have been federalized. appropriate. Federal guards journeymen and cut
He also contended that if the root costs, both of which were disastrous
cause of these problems is poor Gary Schenkel, former Director of in his opinion. He also asserted
training, then federalization would FPS, made a point of emphasizing that Federal employees would have
not help because the training is the sheer amount of facilities, a greater stake in protection than
already administered by the FPS. guards, and incidents FPS deals short-term contractors. Wright was
Amitay stated that, given the proper with on a daily basis and the unique emphatic in his support for giving
commitment of time and resources challenges it has endured while FPS and its guards more resources
to current initiatives, NASCO transitioning to a location within and federalizing guards.
believes the current deficiencies can DHS. FPS transferred into DHS
be corrected. in 2003; however, per the request of This most recent GAO report is not
the President’s Fiscal Year (FY) 2010 the first time FPS has faced external
Clark Ervin spoke as an Budget, FPS recently transitioned criticism. Last October, GAO
independent expert from the Aspen into the NPPD from U.S. released the results of an audit they
Institute. He stated that the Immigration and Customs (ICE). conducted of FPS’s overall security,
persistent concerns repeatedly Schenkel also listed some of the an audit that had begun in January
identified within FPS made initiatives FPS had recently begun 2008. While GAO reported that
federalization of security guards a and the improvements it had made FPS was making progress, GAO
necessity. He argued that because in many areas, including guard listed continuing deficiencies in the
security contractors are for-profit management. He indicated that areas of information sharing,
companies, they have an inherent while FPS could achieve its mission
incentive to save money by reducing with its current mix of Federal
(Continued on Page 16)
11
The CIP Report July 2010
Legal Insights
Budget (OMB) and the National stipulates that existing Federal laws conceivable scenario. As a result,
Security Council conferred their and statutes, as well as other agency some risks can be mitigated, while
final approval. standards developed for “special others simply must be accepted.12
facilities,” such as border stations, The economic necessity of this type
Whereas the DOJ’s Vulnerability take precedence over the ISC of trade-off engenders a resource
Assessment was developed to ensure Security Criteria. allocation problem that requires an
that security issues are addressed appropriate balance between
during the periods of planning, Despite the foregoing list of considerations of risk, available
design, and construction for existing exemptions, the combined resources, and mitigation measures.
Federal facilities, “new” Federal regulatory impact of the DOJ’s To aid itself in making the difficult
facilities, that is, those owned or Vulnerability Assessment and the ISC choices about the appropriate
leased after May 28, 2001, are Security Design Criteria is difficult to balance, GSA employs a decision
subject to the ISC Security Design overestimate: several thousand procedure known as cost-benefit
Criteria. The ISC Security Design facilities are affected where more analysis, a cornerstone of modern
Criteria do not, however, apply to than one million people work every economics and a staple of OMB
all new Federal facilities. The FMR day.10 Indeed, the ISC Security methodology.13
explicitly enumerates several types Criteria alone governs the security
of Federal facilities that are, for of (i) all new “general purpose” On its utility as a resource allocation
various reasons, outside the scope of office construction, i.e. decision procedure for responding
the ISC Security Design Criteria. construction initiated after May 28, to catastrophic risks, that is, risks of
These include airports, prisons, 2001, (ii) new or lease-construction low or unknown probability that, if
hospitals, clinics, and ports of entry, of courthouses, (iii) lease- materialized, will inflict heavy
as well as any facilities that are construction projects being losses. Judge R. Posner describes
under the jurisdiction or control of submitted to Congress for cost-benefit analysis as:
the Department of Defense.8 So- appropriations or authorization,
called “unique facilities,” those and, “where prudent appropriate,” [A]n indispensable step in rational
classified as “Level V” facilities by and (iv) major modernization decision making in this as in other
the Vulnerability Assessment, such as projects.11 areas of government regulation.
the Pentagon, U.S. Department of Effective responses to most catastrophic
State, and Central Intelligence The Cost-Benefit Logic of Security risks are likely to be extremely costly,
Agency Headquarters, are subject to Countermeasure Selection and it would be mad to adopt such
unique security standards and responses without an effort to estimate
therefore outside the scope of the No agency can justify or afford to the costs and benefits. No areas of
ISC Security Design Criteria.9 In implement every possible security government is going to deploy a system
the case of conflicting security countermeasure for every
standards, the FMR further (Continued on Page 14)
8
The Department of Defense (DoD) has implemented antiterrorism security requirements to meet its specific needs
in the Unified Facilities Criteria (2002) and Unified Facilities Guide Specification.
9
Vulnerability Assessment of Federal Facilities, Department of Justice (June 1995): Appendix C-1, Classification Table.
10
The Site Security Design Guide (2007): p. 7, available at http://www.gsa.gov/graphics/pbs/GSA_Cover_Intro_8-8-
07.pdf.
11
Federal Management Regulation: Section 102-81.25.
12
The Site Security Design Guide (2007): p. 11.
13
Cost-Benefit analysis is, for example, the principal tool employed by OMB’s Office of Information and Regulatory
Affairs (OIRA) in order to assess the efficiency of “economically significant” regulations. Every executive agency,
from the Department of Homeland Security (DHS) to the Department of Veteran’s Affairs, is compelled by OIRA
to justify the efficacy of its regulatory policies within the economic framework of cost-benefit analysis.
13
The CIP Report July 2010
of surveillance and attack for decision theorists call a loss function, Criteria ‘recommends’ that new
preventing asteroid collisions, for a mapping of consequences to buildings achieve a standoff distance
example, without a sense of what the corresponding monetary estimates from a potential point of explosions of
system is likely to cost and what the of loss. at least 50 feet. The absolute
expected benefits are likely to be minimum distance required is 20 feet.
(roughly, the costs of asteroid Conclusion: Legal Implications of However, we know from our
collisions that the system would the GSA’s Cost-Benefit exhaustive research on this subject,
prevent multiplied by the probabilities Methodology that each foot that a building is
of such collisions) relative to the costs further removed from the center of the
and benefits both of alternative Despite its advantages, cost-benefit blast, there is less damage to human
systems and of doing nothing.14 analysis is not without its problems. life and property. We also know that it
In addition to the difficulties that costs us less in bricks and mortar to
Suppose, for example, that GSA is come with estimating probabilities protect our buildings as the standoff
in the process of assessing for rare, catastrophic threats, the distance is increased…The Office of
countermeasures to mitigate the risk breakdown of a countermeasure the Chief Architect is working with
posed to a Federal office building by selection problem in terms of a set expert consultants to try to quantify
the threat of an explosion. Before of credible threats, non-monetary cost and lifesafety issues associated
any cost-benefit assessments can be consequences, and alternative with different standoff distances.15
made, a number of items must be mitigation measures is arguably
identified to ensure a well-defined more art than science. There is The challenges inherent in often
decision problem. These include room for ambiguity in the GSA’s emotionally fraught decisions about
the probabilities of credible threats of interpretation of the ISC Security what to protect are thus
explosion, the non-monetary Design Criteria. That is, the same compounded by the extremely
consequences if the threat of countermeasure selection problem expensive nature of many security
explosion materializes, as well the can be described and therefore countermeasures, as well as by the
space of competing, alternative analyzed in different ways difficulty of identifying and
countermeasures for either reducing depending on which “credible” estimating the component threats,
the probability of the threat of threats, consequences, and vulnerabilities, and consequences.
explosion or reducing the mitigation measures are emphasized The legal implications of this point
magnitude of the consequences if in the analysis. The ISC are potentially significant, since it
the threat of explosion materializes. Commissioner J. Moravec has follows that the letter of the law —
The space of non-monetary derided such ambiguity as as encapsulated in documents such
consequences includes both the “counterproductive.” In his words, as the FMR, Vulnerability
purely physical consequences, as Assessment, and ISC Security Design
well as what is known as the impact [S]ometimes too ‘wide a range’ of Criteria — underdetermines its
loss, the degree to which the Federal interpretation can be implementation. While ambiguity
government’s functions are impaired counterproductive to the intent of the in interpretation is nothing new to
if the threat of explosion criteria as we try to work with our the law, unlike interpretative gaps in
materializes. The space of non- clients to implement the objectives. the common law or statutory law,
monetary consequences then Standoff distance recommendations in there is no judicial mediation in the
admits a monetary interpretation the ISC [Security] Criteria fall into
through what economists and this category. The ISC [Security] (Continued on Page 15)
14
Posner, Richard, “Catastrophic Risks, Resource Allocation, and Homeland Security,” Journal of Homeland Security
(October 2005).
15
Moravec, Joseph F., Memorandum for Assistant Regional Administrators for Public Buildings Service (April, 2002): p.
1.
14
The CIP Report July 2010
responsibilities consisted of law colleagues internal and external to present context. Whether this is an
enforcement, intelligence gathering FPS, Ms. Burrill was able to not acceptable state-of-affairs depends
and dissemination, and physical only plan the development of on whether and to what extent
security operations during the RAMP, but lead the effort to lawmakers and government officials
Inaugural events that occurred in revitalize multiple FPS programs want to defer to the professional
and around Federal Facilities. FPS that will utilize the system. Thus, judgment of administrators within
maintained a presence of over 400 RAMP became not only a software the GSA to fill interpretive gaps
Law Enforcement and Security tool, but a comprehensive program originating in cost-benefit
Officers, and utilized its Mobile that involved software, hardware, methodology. v
Command Vehicles to conduct and process improvements to
operations. multiple high profile programs.
Since leading the development of
2010 NextGov Award RAMP, Ms. Burrill has also overseen
the development and execution of
Susan Burrill, Risk Management the national level training initiative
Division Director, FPS, was one of for over 1,000 FPS personnel to
eight winners of the 2010 NextGov learn how to utilize this new system.
Award, which is aimed at Ms. Burrill provided exemplary
recognizing government executives leadership and direction during the
who have developed new ideas and development and integration of
taken risks to improve the way RAMP into the FPS community,
government works. The individuals and continues to do so every day.
nominated for this award have
developed innovative programs, Out of more than 100 nominations,
policies, and management practices, only 19 individuals were selected as
and have brought information finalists. These finalists were
technology into the field to improve honored at a special awards
Federal government strategies and luncheon and ceremony on May 27,
guide policy decisions. 2010, at the Gov 2.0 Expo in
Washington, D.C. The eight
Ms. Burrill spearheaded the winners of the NextGov Award have
development of RAMP, a demonstrated their ability to take
revolutionary new system that will on risks and used technology to
change the way FPS protects more develop solutions. v
than 9,000 facilities nationwide.
After initially conceiving the system,
Ms. Burrill recognized the great
importance of involving all facets of
FPS in its development, and quickly
stood up several working groups to
provide input and expertise toward
the requirements for RAMP. From
these sessions, she conducted
thorough analyses of existing
policies and practices, to further
develop the concept for RAMP.
Working closely with a multitude of
15
The CIP Report July 2010
Having separate HVAC standards leased buildings now can be bypassed without the threat even being in the
building; interception, cracking, and tampering with IP-based wireless systems can cause these and other systems to
fail or shut down outside the 50-foot perimeter. “Smart” meters and AMI allows utilities and consumers to achieve
savings and conserve energy. Smart meters can, for example, be connected and disconnected remotely, and “read” in
5 to 15 second intervals instead of once monthly. But persons with ill intent could also play havoc with electricity
and natural gas flows to buildings; sophisticated, large scale attacks on AMI could also negatively affect regional
grids. Controls and sensors on back-up generators could cause these units to fail. A worst-case example is an attack
on one of the most common — and critical — component of buildings: high-pressure boilers (HPBs). Intercepting
and cracking the data that controls “smarter” HPBs could allow the boiler to reach pressures beyond design load, at
which point these boilers become extremely destructive “bombs” capable of taking out facilities and killing or
maiming persons in or proximate to the facilities. Sadly, the current building power engineering workforce does not
have the technical training and proven skills to understand and mitigate these new threats.
Moving ahead, policymakers, FPS personnel, and commercial building operators-engineers must appreciate the
benefits as well as the risks of advances in building technologies and energy delivery systems. The current leased
building security standards are inadequate to emerging and near-future threats, and our security agents and power
engineering technicians need additional education and training to take full advantage of the good while knowing
how to prevent, detect, and defeat the bad. v
coordination, risk management, and the use of technology. GAO indicated that FPS was falling short of its
protection responsibilities and substantial improvements would need to be made not only within FPS, but also
within the way FPS works with GSA, DHS, and individual building tenants. In addition, in June, GAO provided a
report to the House Committee on Appropriations’ Subcommittee on Homeland Security detailing the results of a
study into FPS’s workforce analysis and planning efforts. GAO studied FPS’s strategic planning to fill its staffing
requirements and manage its human resources. GAO found that FPS had begun determining its workforce
requirements, but had not yet finalized its planning efforts. GAO expressed concerns about FPS’s ability to fund its
human resources needs, track its staffing accurately, and measure improvements in strategic human resources
management. GAO also recommended improvements to FPS’s hiring processes.
The 2010 legislation that moved FPS to its present location within DHS was primarily the result of similar GAO
reports on FPS in 2009. There is much to be done and many Federal facilities to be protected if FPS is to continue
in its mission of securing government facilities. v
References:
“Homeland Security: Greater Attention to Key Practices Would Improve the Federal Protective Service’s Approach
to Facility Protection,” GAO 10-142 (October 2009), http://www.gao.gov/new.items/d10142.pdf.
“Homeland Security: Federal Protective Service’s Use of Contract Guard Program Requires More Oversight and
Reassessment of Use of Contract Guards,” GAO 10-341 (April 2010), http://www.gao.gov/new.items/d10341.pdf.
“Federal Protective Service: Would Federalization of Guards Improve Security at Critical Facilities?” House
Committee on Homeland Security (April 14, 2010), http://homeland.house.gov/Hearings/index.asp?ID=246.
16
The CIP Report July 2010
The Center for Infrastructure Protection and Homeland Security works in conjunction with James Madison Univerity and seeks to fully
integrate the disciplines of law, policy, and technology for enhancing the security of cyber-networks, physical systems, and economic
processes supporting the Nation’s critical infrastructure. The Center is funded by a grant from the National Institute of Standards and
Technology (NIST).
If you would like to be added to the distribution list for The CIP Report, please click on this link:
http://listserv.gmu.edu/cgi-bin/wa?SUBED1=cipp-report-l&A=1
17