Agency slow in applying technology to protect federal buildings, GAO says

Federal Protective Services has made visible but limited progress in improving its risk management program -- which addresses threats to agency buildings -- and in the transfer of its programs to new authorities within the Homeland Security Department, according to a pair of recent Government Accountability Office reports.

The troubled FPS, whose primarily contractor workforce is responsible for the safety of more than 1 million federal employees and members of the public who work in and visit more than 9,000 federal facilities, has struggled to integrate a new Web-based risk assessment management program called RAMP to help it set priorities in managing guards. The agency also is in the throes of transitioning from the Immigration and Customs Enforcement bureau to the National Protection and Programs Directorate.

In March, the agency was embarrassed when an undetected improvised explosive device was discovered near the McNamara Federal Building in Detroit. In July, FPS Director L. Eric Patterson told a House subcommittee that his agency's four-year effort to develop a long-recommended centralized tool for prioritizing threats to federal buildings "was not cost-effective and has not fulfilled its original goals." FPS is now considering a new contractor.

In a report on the risk assessment system, GAO said, RAMP is "over budget, behind schedule, and cannot be used to complete [facility security assessments] and reliable guard inspections as intended. RAMP's contract award amount totals $57 million, almost three times more than the $21 million original development contract amount."

The report noted, "RAMP's costs increased, in part because FPS changed the original system requirements and the contractor had to add additional resources to accommodate the changes. FPS also has experienced delays in developing and implementing RAMP, as it is almost two years behind its original July 2009 implementation date."

GAO reviewed RAMP's progress against DHS' security standards such as the National Infrastructure Protection Plan and the Interagency Security Committee's Physical Security Criteria for Federal Facilities. It concluded that FPS had not sufficiently evaluated technological changes since the contract for RAMP was awarded and has not adequately considered alternative systems.

To accelerate the process of making RAMP usable, GAO recommends that FPS take the following steps:

  • Evaluate whether it is cost-effective to finish developing RAMP; increase the use of project management best practices by managing requirements and conducting user acceptance testing.
  • Establish a process for verifying data on federal facilities and guard training and certification before entering them into RAMP.
  • Develop interim solutions for facility and guard inspections while addressing RAMP's problems.

Steve Amitay, legislative counsel for the National Association of Security Companies, many of whose members are under contract with FPS, said in an email to Government Executive, "Effective FPS management and tracking of guard records will benefit FPS, its client agencies and security contractors. FPS security contractors have considerable expertise and working experience in the management and tracking of officer training and certification records, and contractors play a critical role in supplying and maintaining FPS guard records," he said.

But security contractors were not consulted during the development of RAMP, Amitay added, "and some of problems with RAMP noted by the GAO were apparent to security contractors from the beginning. As FPS goes forward in its post-RAMP efforts to develop an effective interactive database for tracking officer records, it behooves FPS to consult and work with its security contractor partners."

David Wright, president of the American Federation of Government Employees' National Federal Protective Service Union, which has long been vocal about RAMP's shortcomings, said he would support an investigation into criminal behavior or misconduct.

"I find it disturbing -- although not surprising -- that the GAO uncovered that the contract acquisitions process was not followed at all levels," he said. "At the very least, this constitutes nonfeasance of duties, if not malfeasance."

Wright said he is optimistic about the next version of RAMP, particularly since his union and workers have been involved. "I am concerned with the staying power of individuals in the FPS hierarchy that allowed this debacle to occur in the first place."

In a separate report on the transfer of FPS out of ICE, GAO said that "since October 2009, FPS' facility protection mission and 13 of 18 mission-support functions have transferred from ICE to NPPD; however, the transition schedule for the five remaining mission-support functions has been delayed."

Functions that have been transferred include human capital and budget formulation. Those that have not include information technology services, business continuity and emergency preparedness, facilities, personnel security and equal employment opportunity.

GAO recommended a more disciplined schedule for the transition, particularly in IT services, and DHS officials agreed. "If not properly planned and effectively implemented," the auditors said, "the transition could not only hamper FPS' ability to carry out its mission, but impede its progress in addressing its long-standing challenges."

The union told Congress in 2009 that failure to provide enough money -- and transfer money from ICE to NPPD -- would make for a slow and inefficient transition, Wright said. "Our warnings were obviously not heeded, and the GAO has spelled out the consequences," he said. "As an example, the reliance on the ICE computer network and IT staff has directly contributed to the failure of RAMP."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.