http://www.fcw.com/fcw/articles/2005/0103/web-facilities-01-07-05.asp
By Dibya Sarkar
Jan. 7, 2005
Congressional auditors say a federal interagency committee in charge
of coordinating the protection of government facilities needs a
strategic plan for identifying priorities and implementing security
measures, including leveraging technology.
Such a plan would help the Interagency Security Committee (ISC) gain
greater support within the federal government, provide detailed
information on its needs, establish performance measures and propose
strategies for challenges it faces, according to a recent report
released Jan. 6 by the Government Accountability Office. [1]
Those challenges include getting officials at agencies to agree to a
governmentwide risk management process for assessing facilities,
developing a compliance process so agencies can measure progress,
educating senior-level staff about ISC and integrating physical
security initiatives for the entire federal government and
implementing change, the report states. The committee also needs more
financial resources and greater staffing, according to the report.
ISC officials have made some progress, especially in the past two
years. They include issuing some security standards and guidance for
agencies, developing a Web site for posting policies and guidance,
developing a secure Web portal for members to exchange information,
and creating standard operating procedures to improve the quality of
information sharing. But they need to do more.
The report identifies several major practices that could provide a
framework for agencies' initiatives. They include using a risk
management approach, information sharing, performance measurement and
testing, aligning assets to an agency's mission, strategic workforce
management, and using technology.
The report states that GAO officials, inspectors general, facility
security experts and agency officials agreed that security technology
is crucial. But any technology should be carefully analyzed to
determine whether the benefits outweigh the costs and effects on
privacy and convenience.
Some advanced technologies identified include smart cards and
biometrics, detection and surveillance systems, X-ray scanners, and
metal detectors. But sometimes other solutions, such as using trained
dogs, may be more effective and less costly, the report states.
"It is important to note that focusing on obtaining and implementing
the latest technology is not necessarily a key practice by itself,"
according to the report. "Instead, having an approach that allows for
cost-effectively leveraging technology to supplement and reinforce
other measures would represent an advanced security approach in this
area."
ISC was formed after the 1995 Oklahoma City bombing to develop
policies and standards, ensure compliance, oversee implementation, and
share information. In 2003, the Homeland Security Department assumed
responsibility of the committee from the General Services
Administration.
ISC was designated last year to oversee agencies' physical security
plans related to Homeland Security Presidential Directive-7, which
requires agency officials to identify critical infrastructures and
develop plans for prioritization, protection, recovery and
reconstitution of systems or resources.
According to the report, DHS officials agreed with the overall
conclusions and would implement GAO's recommendations.
[1] http://www.gao.gov/new.items/d0549.pdf
_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable -
http://www.osvdb.org/
