State Department Not Consistent in Bolstering Embassy Security

A Bahraini police officer sits in a police car at a new checkpoint near the U.S. Embassy in Manama, Bahrain, in 2013. A Bahraini police officer sits in a police car at a new checkpoint near the U.S. Embassy in Manama, Bahrain, in 2013. Hasan Jamali/AP

The State Department’s post-Benghazi efforts to reinforce physical security at overseas facilities suffer from inconsistent tracking of data and inadequate risk management, the Government Accountability Office reported Thursday.

In refurbishing embassies, consulates and warehouses in dangerous regions, the department is failing to document instances in which it grants waivers or exceptions to security standards.

“State's risk management activities do not operate as a continuous process or continually incorporate new information,” auditors wrote in the unclassified version of a classified report to leaders of the House and Senate foreign affairs committees. “State does not use all available information when establishing threat levels at posts, such as when posts find it necessary to implement measures that exceed security standards. State also lacks processes to re-evaluate the risk to interim and temporary facilities that have been in use longer than anticipated.”

In a 68-page report complete with diagrams, GAO reported on 10 site visits at high-threat locations over the past year (plus interviews with staff at six more) that revealed the absence of waiver documentation for embassy or consulate compound facilities that did not meet the requirements for hardened building exteriors, co-locations or setbacks. 

State maintains some 1,600 work facilities, which includes offices and warehouses, at 275 diplomatic posts, some of which were built before security standards implemented in 1991.

“State assesses six types of threats, such as terrorism, and assigns threat levels, which correspond to physical security standards at each overseas post,” auditors wrote. “However, GAO found several inconsistencies in terminology used to categorize properties and within the property inventory database used to track them, raising questions about the reliability of the data.”

Auditors said State’s approach left it unclear what standards apply to some types of facilities. In some cases, the department took eight years to update standards for such security tools as anti-ram perimeters, GAO said. 

GAO made 13 recommendations to improve tracking and harmonization of data to achieve greater accuracy and currency. State officials reading a draft of the report generally agreed.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.