1998 Congressional Hearings
Intelligence and Security



TESTIMONY OF MR. EUGENE L. WASZILY

DEPUTY ASSISTANT INSPECTOR GENERAL

FOR AUDITING

OFFICE OF INSPECTOR GENERAL

U.S. GENERAL SERVICES ADMINISTRATION

BEFORE

THE HOUSE SUBCOMMITTEE ON PUBLIC BUILDINGS

AND ECONOMIC DEVELOPMENT

COMMITTEE ON TRANSPORTATION AND INFRASTRUCTURE

JUNE 4, 1998

Good morning Mr. Chairman and members of the Subcommittee.

Thank you for the opportunity to appear before the subcommittee this morning to discuss the results of our office’s efforts to assess the General Services Administration’s (GSA) implementation of the Federal Buildings Security Countermeasures Upgrade Program. With me this morning is Mr. Joseph Mastropietro, our New York Audit Office Regional Inspector General and overall project director for this review.

The terrorist act of April 19, 1995, which destroyed the Alfred P. Murrah Federal Building, killing 168 people and injuring hundreds of others, caused President Clinton to direct the Department of Justice to assess the vulnerability of federal buildings nationwide to acts of terrorism and other forms of violence. Under the leadership of the United States Marshals Service, security experts from across government were assembled to classify federal properties into one of five security levels and define minimum security standards for each classification. Then, federal facilities were physically surveyed to identify existing security conditions and prescribe what additional measures would be needed. Overall, the study found that the typical federal facility lacked some of the features required to meet the new minimum standards.

Except for extremely high level security sites, which established their own unique security systems, GSA was given the responsibility for upgrading security countermeasures for over 5000 federal facilities. Within GSA, the Public Buildings Service (PBS) through its Office of Federal Protective Service (FPS) was given the responsibility for implementing the security countermeasures upgrade program. Program policy was developed at FPS headquarters in Washington, DC, while the responsibility for actual implementation of the security equipment systems and providing additional security personnel was assigned to the 11 PBS regional offices. Congress authorized GSA to spend $240 million to acquire and install x-ray screening devices, closed circuit television systems, lighting systems, protective barriers and other devices, as well as significantly increase the number of security guards at many federal facilities.

In spring of 1997, we began hearing of possible implementation and financial problems affecting the security upgrade program and immediately initiated our review. Later, we became aware that the Subcommittee had asked the General Accounting Office to review GSA security efforts. We arranged to coordinate the work of our respective offices.

We focused first on the GSA National Capital Region, which encompasses the Washington, DC, metropolitan area and has the largest concentration of Federal facilities and Federal employees in the country. Early in our review, we found that security equipment was being stored in a warehouse at the Washington Navy Yard. Our July, 1997 visit to the site found two large, hot and dusty warehouse rooms filled with x-ray machines, cameras, and metal detectors still in their shipping wrap. Packing documents indicated some of this equipment had been shipped to GSA as early as March 1996. Manufacturer warranties were expiring even as the products remained stored. There were no meaningful inventory records of the equipment, so we performed a physical inventory and established the stored equipment’s value at approximately $2 million. We learned that FPS had purchased some of this equipment for several Department of Defense facilities, but the items were never installed because Defense had a requirement for more sophisticated equipment. No plans had been made to find other uses for the stored equipment, yet regional officials were concurrently seeking an additional six million dollars to fund uncompleted security projects in the region. Subsequently, uses for some of the stored equipment were identified and regional officials reduced their request for additional funding.

This part of our review also produced the first evidence that the computer tracking system designed to monitor the implementation status of the security upgrade projects contained flawed information. We noted that data entries for specific security projects at federal facilities were reported as having been completed, while we knew that the equipment for these installations was being stored at the warehouse.

We next set out to physically inspect a larger sample of the region’s security upgrade projects to compare actual installations to the status information reported in the computerized tracking system. We primarily focused on those buildings requiring the highest levels of security. At 32 of the 52 buildings inspected, much of the security equipment reported as installed and operational was either missing, present but non-operational or, in storage.

At this point, we issued an alert report to senior PBS and GSA officials to notify them of the seriousness of the situation. They responded immediately to initiate corrective actions, while we expanded our audit work to assess security activities in other regions. In February of this year, another alert report conveyed that our inspections of 69 selected buildings in the Boston, Atlanta and Ft. Worth regions identified 33 instances where the tracking system inaccurately reported the status of security upgrades. While the nature and scope of the project completion deficiencies found in these three regions were not as severe as those identified in the National Capital Region, they were still considered significant shortcomings in achieving security upgrade plans. In addition, we found that one of the regions had expended $375,000, specifically allocated for security upgrades, to underwrite an unapproved construction renovation project.

Senior PBS officials took action to address the deficiencies found and also required the offending region to refund the security funds that had been used to finance the unauthorized renovation project.

Senior PBS Management then requested that our office expand the audit to fully cover the entire national security upgrade program. We did not view this as the solution. We pointed out that the audit work already performed showed that PBS was confronted with a major systemic breakdown in the control and reporting elements of the security upgrade program. We urged PBS to modify its approach to managing the program. In addition, we were already committed to do a detailed review in one more region and, further, we offered our services to work with other PBS regional managements to show them how we used existing data to identify possible inaccuracies and questionable project transactions. To date, two regions have called upon us to assist them in performing their own self-evaluations.

Throughout our review it was very clear that personnel assigned to work on the security countermeasures upgrade program understood the importance of the effort and most were working very hard to meet their objectives. In fact, their commitment had substantially improved the level of security for federal facilities nationwide from what it had been before April 1995. Given this positive environment, at first it was difficult to understand why we had encountered so many security upgrade projects that had not actually been completed. The explanation evolved as we continued to interview security personnel in the regions visited.

While we are still in the process of completing our analysis, certain factors appear to contribute to the shortcomings in the program: inadequate planning and hasty decision making; inadequate communications; inadequate program supervision and monitoring; and perhaps, too strong a desire to meet very optimistic goals.

From the start, the program was on a very fast track, with a general goal of installing as many security upgrades as possible before the first anniversary of the Oklahoma City bombing. This placed pressure on everyone to move quickly but it also caused some critical missteps.

FPS acquired several security systems prior to assessing the feasibility of installation at the intended locations. I had earlier mentioned that certain Defense Department facilities required more sophisticated equipment than had been purchased by GSA. In other instances, the purchased systems were too large to be installed in the intended locations.

A significant planning shortcoming was GSA purchasing and attempting to install equipment without first discussing security upgrade plans with building owners. About half the office space managed by GSA is rental property in commercial buildings. In several instances where projects were inaccurately reported in the tracking system as completed, landlords had refused GSA permission to install items such as x-ray machines or metal detectors in the lobbies of their commercial buildings. FPS personnel assuming they had implemented the security upgrade to the extent possible, entered the project as complete in the tracking system. Early consultation with building owners could have avoided many of the problems and permitted GSA to design workable solutions.

As mentioned earlier, actual implementation of the security upgrades was the responsibility of personnel in the regional offices. This included the FPS offices as well as other units of PBS, most significantly personnel responsible for buildings operations. In PBS, policy is established at headquarters, but senior regional officials have a high degree of autonomy in implementing programs. Most management authority flows from the region’s senior PBS official to other PBS units in the region including the regional FPS unit. Unlike most law enforcement organizations, FPS’s national director works through the senior PBS regional officials and does not have direct line authority and command over the FPS regional officials.

Given this environment, wherein FPS was undertaking one of the largest and most important assignments in its history, it would have been reasonable to expect that management employ some system of checks and balances to detect problems and provide additional support where needed. This was not the case. Field managers had responsibility to assign installation work to security specialists and report when projects were completed. There was no formal process to verify the accuracy of what was being reported. Even in those instances where warning or trouble signs began to appear, senior officials did not initiate independent reviews of the conditions until after we began issuing alert reports.

Another factor that we believe influenced inaccurate reporting was the intense pressure on managers, at all levels, to meet very optimistic implementation goals. With a staff of around 200 physical security specialists, FPS set out to accomplish over 5000 projects and have the majority completed within a year. As progress began to fall behind schedule, managers came under strong pressure to speed up implementation. Although we cannot definitively say, it is possible that managers under pressure to achieve goals would have an incentive to report projects completed prematurely, if the project implementation encountered major obstacles.

While we saw evidence of frequent communications between the various PBS and FPS management officials, it is unclear that everyone received critical information about the security program. In fact, many working level security specialists told us that key information such as how to define and when to enter into the tracking system that a project was complete never filtered down to them. As a result, many security specialists, when they had implemented as much of a security system as they could, entered into the computer system that the project was complete.

Because of the widespread inaccurate reporting of project completion information, the Office of Inspector General opened an investigation to assess whether there had been an intentional falsification of records. While the investigation continues, no material developed to date would suggest that management personnel intentionally misrepresented program results or forced others to do so. In addition to this inquiry, the Office of Investigations is looking into specific questionable procurement transactions identified by the auditors during their reviews. These investigations are continuing as well.

We are in the final phase of our current work and plan to issue another regional alert report and an overall program audit report within the next few months. While the final report will present information on the security upgrade program’s past and recommend program improvements we believe are necessary, the report will also discuss concerns we have regarding whether there are sufficient financial resources to sustain ongoing security activities and support future requirements.

We will continue to provide support and assistance to PBS managers to correct program shortcomings. Later this year, it is our intent to conduct a follow up review to assess what program changes have taken place.

In summary, our general assessment is that the security countermeasure upgrade program suffered from some serious deficiencies. The overall control and reporting processes were unreliable. Financial resources and human resources were not used to their full potential. We believe that management at all levels of PBS must share responsibility for these shortcomings. I would, however, like to stress that security in federal facilities generally is better today than it was in 1995. Despite the shortcomings identified by our work, PBS and FPS in particular have always had a strong commitment to improve security and, they have intensified that commitment. While no security system will ever be failsafe, and while some systems today are not at the levels they should be, substantial progress has been made to do more to protect the public, federal employees and facilities.

Mr. Chairman, this completes my testimony. I would be pleased to answer any questions the subcommittee may have.