United States Government Accountability Office Report to the Chairman, Committee on Natural Resources, House of Representatives September 2019 FEDERAL LAND MANAGEMENT AGENCIES Additional Actions Needed to Address Facility Security Assessment Requirements This Report Is Temporarily Restricted Pending Official Public Release. GAO-19-643 September 2019 FEDERAL LAND MANAGEMENT AGENCIES Additional Actions Needed to Address Facility Security Assessment Requirements Highlights of GAO-19-643, a report to the Chairman, Committee on Natural Resources, House of Representatives Why GAO Did This Study What GAO Found A 2014 government report predicted that the rate of violent domestic extremist incidents would increase. In recent years, some high-profile incidents have occurred on federal lands, such as the armed occupation of a FWS wildlife refuge in 2016. Federal land management agencies manage nearly 700 million acres of federal lands and have law enforcement divisions that protect their employees and secure their facilities. Data from the four federal land management agencies—the Forest Service within the U.S. Department of Agriculture and the Bureau of Land Management (BLM), Fish and Wildlife (FWS), and National Park Service (Park Service) within the Department of the Interior—showed a range of threats and assaults against agency employees in fiscal years 2013 through 2017. For example, incidents ranged from telephone threats to attempted murder against federal land management employees. However, the number of actual threats and assaults is unclear and may be higher than what is captured in available data for various reasons. For example, employees may not always report threats because they consider them a part of the job. Federal Bureau of Investigation (FBI) data for fiscal years 2013 through 2017 also showed that the FBI initiated under 100 domestic terrorism investigations into potential threats against federal land management agencies. The majority of these investigations involved BLM and individuals motivated by anti-government ideologies. GAO was asked to review how land management agencies protect their employees and secure their facilities. For the four federal land management agencies, this report examines, among other things, (1) what is known about the number of threats and assaults against their employees and (2) the extent to which agencies met federal facility security assessment requirements. GAO analyzed available government data on threats and assaults; examined agencies’ policies, procedures, and documentation on facility security assessments; compared the agencies’ methodologies against ISC requirements; and interviewed land management agency, ISC, and FBI officials. What GAO Recommends GAO is making six recommendations: that BLM, the Forest Service, and the Park Service develop a plan for completing facility security assessments and that BLM, FWS, and the Park Service take action to ensure their facility security assessment methodologies comply with ISC requirements. The agencies generally concurred with the recommendations. The four federal land management agencies have completed some but not all of the facility security assessments on their occupied federal facilities as required by the Interagency Security Committee (ISC). Officials at the four agencies said that either they do not have the resources, expertise, or training to conduct assessments agency-wide. FWS has a plan to complete its assessments, but BLM, the Forest Service, and the Park Service do not. Such a plan could help these agencies address the factors that have affected their ability to complete assessments. The ISC also requires that agencies conduct assessments using a methodology that meets, among other things, two key requirements: (1) consider all of the undesirable events (e.g., arson and vandalism) identified as possible risks to facilities, and (2) assess the threat, vulnerability, and consequence for each of these events. The Forest Service’s methodology meets these two requirements and the Park Service’s methodology partially meets the requirements, but BLM and FWS have not yet established methodologies for conducting facility security assessments. Without developing a plan for conducting all of the remaining facility security assessments and using a methodology that complies with ISC requirements, agencies may not identify the risks their facilities face or identify the countermeasures—such as security cameras or security gates—they could implement to mitigate those risks. View GAO-19-643. For more information, contact Anne-Marie Fennell at (202) 512-3841 or FennellA@gao.gov. United States Government Accountability Office Contents Letter 1 Background Available Data Show a Range of Threats and Assaults against Land Management Agency Employees, but Not All Incidents are Captured in the Data Land Management Agencies Use Various Approaches to Protect Employees, but Several Factors May Affect Their Ability to Do So Land Management Agencies Have Not Met Certain Facility Security Assessment Requirements Conclusions Recommendations for Executive Action Agency Comments and Our Evaluation 6 14 23 31 39 40 40 Appendix I Objectives, Scope, and Methodology 42 Appendix II The Interagency Security Committee’s 33 Undesirable Events, as of June 2019 48 Appendix III Comments from the U.S. Department of Agriculture 50 Appendix IV Comments from the Department of the Interior 51 Appendix V GAO Contact and Staff Acknowledgments 53 Tables Table 1: Statutes and Regulations Cited in Incidents of Threats and Assaults against Bureau of Land Management (BLM) Employees, Fiscal Years 2013 through 2017 Table 2: Statutes and Regulations Cited in Incidents of Threats and Assaults against Fish and Wildlife Service (FWS) Employees, Fiscal Years 2013 through 2017 Page i 15 16 GAO-19-643 Security Risks to Land Management Agencies Table 3: Statutes and Regulations Cited in Incidents of Threats and Assaults against Forest Service Employees, Fiscal Years 2013 through 2017 Table 4: Offenses Cited in Incidents of Threats and Assaults against National Park Service (Park Service) Employees, Fiscal Years 2013 through 2017 Table 5: Statutes and Regulations Cited in Federal Bureau of Investigation (FBI) Investigations Related to Potential Domestic Terror Threats to Federal Land Management Agencies, Initiated in Fiscal Years 2013 through 2017 Table 6: Number of Land Management Agency Field Law Enforcement Officers and Percentage Decline, Fiscal Years 2013 and 2018 Table 7: The Interagency Security Committee’s (ISC) 33 Undesirable Events, as of June 2019a 18 19 21 28 48 Figures Figure 1: Federal Lands Managed by Federal Land Management Agencies Figure 2: The Interagency Security Committee’s (ISC) Risk Management Process Figure 3: Examples of Countermeasures Implemented by Federal Land Management Agencies Figure 4: Hypothetical Example of a Risk Assessment Methodology Applied to a Federal Facility Figure 5: Examples of Fish and Wildlife Service and National Park Service Employee Uniforms Figure 6: Example of a Remote Fish and Wildlife Service Field Unit Figure 7: Number of Federal Land Management Agency Field Law Enforcement Officers Per Million Acres, as of the End of Fiscal Year 2018 Page ii 7 11 12 13 26 27 29 GAO-19-643 Security Risks to Land Management Agencies Abbreviations BLM FBI FWS IMARS ISC LEIMARS LEMIS Bureau of Land Management Federal Bureau of Investigation Fish and Wildlife Service Incident Management, Analysis, and Reporting System Interagency Security Committee Law Enforcement and Investigations Management Attainment Reporting System Law Enforcement Management Information System This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Page iii GAO-19-643 Security Risks to Land Management Agencies Letter 441 G St. N.W. Washington, DC 20548 September 25, 2019 The Honorable Raul M. Grijalva Chairman Committee on Natural Resources House of Representatives Dear Mr. Chairman: Federal lands comprise roughly one-third of the land in the United States and are largely concentrated in 12 western states. 1 The economy in several of these states is closely tied to activities related to the use of natural resources on federal lands, such as logging, mining, oil and gas development, and raising livestock, as well as recreation and tourism. Four federal land management agencies—the Forest Service in the U.S. Department of Agriculture and the Bureau of Land Management (BLM), Fish and Wildlife Service (FWS), and National Park Service (Park Service) in the Department of the Interior—are primarily responsible for managing these federal lands. As part of this effort, the agencies’ law enforcement programs employed about 2,200 field law enforcement officers, as of September 30, 2018. These officers enforce federal laws, respond to incidents of potential illegal activity, and develop and implement practices to safeguard employees and facilities. In some cases, they may also receive assistance from state and local law enforcement entities or other federal agencies, such as the Federal Bureau of Investigation (FBI) in the U.S. Department of Justice. Among other things, the FBI analyzes possible security threats and investigates cases of domestic terrorism. One domestic terrorism threat to federal land management agencies and employees involves antigovernment extremism, in part because agency employees are often the most visible representatives of the federal government in some rural western communities. 2 A 2014 Department of Homeland Security report 1 These states are Alaska, Arizona, California, Colorado, Idaho, Montana, Nevada, New Mexico, Oregon, Utah, Wyoming, and Washington. 2 According to FBI documents, a domestic terrorist is someone who commits a violent act in violation of federal criminal statutes to further his/her social or political ideology. The FBI categorizes these ideologies as racially motivated violent extremism, animal rights/environmental extremism, abortion extremism, and anti-government/anti-authority extremism. Page 1 GAO-19-643 Security Risks to Land Management Agencies predicted that the rate of violent domestic extremist incidents motivated by anti-government ideology would increase in the coming years, with a focus on several targets, including government facilities and personnel. 3 According to FBI officials, the threat from anti-government extremism in the United States grew from 2013 through 2017. The FBI noted that while making anti-government statements is not against the law, seeking to advance anti-government ideology through force or violence is illegal and may trigger the involvement of federal, state, and local law enforcement entities. For example: • In 2014, a 24-year dispute over intentional unauthorized grazing on federal lands in Nevada led to a high-profile confrontation between armed ranchers and their supporters—who were motivated by antigovernment ideologies—and federal law enforcement officials, according to BLM officials. The officers were attempting to enforce a federal court order authorizing BLM to seize and impound the trespassing cattle. • In 2015, according to BLM officials, two Oregonian mine operators who had constructed unauthorized structures on BLM lands and conducted operations beyond casual use received a Notice of Noncompliance letter from BLM. The letter was mailed and hand delivered by BLM law enforcement, who were assisted by local law enforcement. The letter directed the mine operators to either cease mining operations or file a plan of operations for mining on public lands if they wished to continue. In response, a group of militia members who were motivated by anti-government ideologies staged armed patrols to prevent BLM officials from shutting down mining operations at the site, according to BLM officials. • In 2016, a group of individuals motivated, according to FWS officials, by anti-government ideologies staged an armed occupation of the Malheur National Wildlife Refuge in rural Oregon. The individuals occupied the refuge for nearly 6 weeks, during which time federal, state, and local law enforcement engaged in a coordinated response. Damages to the land and facilities at the refuge, plus the local, state, and FWS law enforcement responses, cost over $9 million, according to local and federal officials. 3 Department of Homeland Security, Office of Intelligence Analysis, Domestic Violent Extremists Pose Increased Threat to Government Officials and Law Enforcement, IA0201-14 (July 22, 2014). Page 2 GAO-19-643 Security Risks to Land Management Agencies Following the 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City, the Interagency Security Committee (ISC), 4 chaired by the Department of Homeland Security, was established by executive order and directed to develop security standards for federal facilities. 5 One such standard, which we refer to in this report as the ISC Standard, defines the criteria and processes executive agencies and departments are to follow when assessing risks to their facilities through facility security assessments. 6 The ISC Standard also guides agencies and departments in determining which protective measures (referred to as countermeasures)—such as identification badges, blast-resistant windows, and security gates—to implement based on the results of their facility security assessments. Our past work has found that some federal agencies have not fully followed the ISC Standard, leaving agencies’ facilities and employees exposed to risk. 7 You asked us to review how the federal land management agencies protect their employees and secure their facilities. For the four federal land management agencies, this report examines: (1) what is known about the number of threats and assaults against their employees, (2) the approaches agencies used to protect their employees from threats and assaults and any factors affecting their ability to do so, and (3) the extent to which agencies met federal facility security assessment requirements. For the first objective, we obtained and analyzed data on the number of incidents of threats and assaults against these employees (including volunteers and contractors) from the four land management agencies’ law 4 The ISC’s mandate is to enhance the quality and effectiveness of security in and protection of buildings and facilities in the United States occupied by federal employees for nonmilitary activities. As of June 2019, 60 federal departments and agencies were members of the ISC. 5 Executive Order 12977, 60 Fed. Reg. 54411 (Oct. 24, 1995), as amended by Executive Order 13286, 68 Fed. Reg. 10624 (Mar. 5, 2003). Executive Order 12977 refers to buildings and facilities in the United States occupied by federal employees for nonmilitary activities as “federal facilities.” 6 Interagency Security Committee, The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard (Washington, D.C.: November 2016). As of June 2019, the November 2016 version of the ISC Standard was the most current. 7 See, for example, GAO, Federal Facility Security: Additional Actions Needed to Help Agencies Comply with Risk Assessment Methodology Standards, GAO-14-86 (Washington, D.C.: Mar. 5, 2014), and GAO, Federal Facility Security: Selected Agencies Should Improve Methods for Assessing and Monitoring Risk, GAO-18-72 (Washington, D.C.: Oct. 26, 2017). Page 3 GAO-19-643 Security Risks to Land Management Agencies enforcement databases for fiscal years 2013 through 2017. These data were the most recent available at the time we began our review. We also obtained data for this time period from the FBI on investigations into potential domestic terror threats to land management agencies. We took steps to assess the reliability of the data, including interviewing agency officials about circumstances whereby incidents of threats and assaults may not appear in the database and reviewing the data for logical inconsistencies. We determined that the data were sufficiently reliable for the purposes of our reporting objective. We note important qualifications related to each dataset throughout the report, as appropriate. Because of these qualifications, we did not analyze the data for annual trends. For the second objective, we examined requirements and policies regarding federal land management agencies’ responsibilities for protecting employees against threats and assaults. We also interviewed headquarters and selected field unit officials about the agencies’ approaches to protecting their employees from threats and assaults, as well as factors that hinder their ability to do so, and we obtained supporting documentation where available. We conducted semistructured interviews with officials during site visits to a nongeneralizable sample of 11 of the 35 regional or state offices and 14 field units across the federal land management agencies. 8 We selected sites to visit from March through July 2018 in Colorado, Nevada, Oregon, and Utah, since the majority of federal lands are located in the West and some field units in these states had been affected by actions of individuals holding antigovernment beliefs. BLM’s field structure consists of state offices that oversee field units, whereas FWS, the Forest Service, and the Park Service have regional offices that are responsible for overseeing field units. We refer broadly to all non-headquarters units, including regional, state, and field units, as “field units” throughout this report. Findings from the interviews we conducted at our site visits provide useful insights but cannot be generalized to those units we did not include in our review. We also obtained and analyzed information from each agency on the number of field law enforcement officers they had at the end of fiscal years 2013 and 2018, the most recent year for which data were available. We took steps to assess the reliability of these data and found them to be sufficiently reliable for the purposes of our reporting objective. 8 We conducted two of our semi-structured interviews by telephone. Page 4 GAO-19-643 Security Risks to Land Management Agencies For the third objective, we reviewed the ISC Standard, identified requirements that agencies are responsible for meeting, and interviewed ISC officials about these requirements. We reviewed documents on the four land management agencies’ inventories of occupied facilities and assessed whether the agencies had conducted facility security assessments on those facilities as required. 9 We interviewed headquarters and field officials about their inventories and to determine their plans, if any, for completing the remaining assessments. 10 We also examined the extent to which agencies’ facility security risk assessment methodologies complied with two key requirements in the ISC Standard. These requirements included whether the agencies’ methodologies (1) consider all 33 undesirable events identified in the ISC Standard and (2) evaluate three factors of risk—threat, vulnerability, and consequence—for each undesirable event. We analyzed the agencies’ methodologies and compared them against the requirements in the ISC Standard. We interviewed headquarters officials about their agencies’ methodologies. Appendix I provides additional details about our objectives, scope, and methodology. We conducted this performance audit from November 2017 to September 2019 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. 9 Executive Order 12977, as amended, directs executive branch departments and agencies to cooperate and comply with ISC policies and recommendations. However, ISC officials noted that the ISC Standard is intended to be applied to all facilities in the United States occupied by federal employees for nonmilitary activities. 10 Our methodology includes only the facilities for which the agencies in our review are responsible for conducting the facility security assessments. We excluded from our methodology facilities for which the responsibility for conducting the facility security assessment lies with another department or agency, such as those that are leased or owned by the General Services Administration, for which Federal Protective Service conducts the assessment. Page 5 GAO-19-643 Security Risks to Land Management Agencies Background Land Management Agency Law Enforcement Divisions Federal land management agencies have law enforcement divisions that protect their employees and secure their facilities across nearly 700 million acres of federal lands (see fig. 1). 11 To do so, the four agencies’ law enforcement divisions employ uniformed law enforcement officers who patrol federal lands, respond to illegal activities, conduct routine investigations, and, depending on the agency, may also provide expertise in assessing facilities’ security. 12 Each agency also maintains a law enforcement data system in which law enforcement officers record and track incidents of suspected illegal activity on federal lands. These systems can be used in conducting investigations, identifying trends in crime data, and assisting with decision making regarding staffing, resource allocations, and budgetary needs. 13 11 While all agencies’ law enforcement officers also have responsibilities for ensuring visitor safety, for the purposes of this report, we focus on their responsibilities for protecting employees and securing facilities. 12 Each agency has its own terminology to refer to its uniformed, field law enforcement personnel. For the purposes of this report, we use the term law enforcement officer across the four land management agencies. Each agency also has investigative special agents who conduct investigations of serious crimes, but are not responsible for responding to threats and assaults against employees. 13 BLM and the Park Service use a Department of the Interior law enforcement data system called the Incident Management Analysis and Reporting System. FWS uses the Law Enforcement Management and Information System. The Forest Service uses the Law Enforcement and Investigations Management Attainment Reporting System. Page 6 GAO-19-643 Security Risks to Land Management Agencies Figure 1: Federal Lands Managed by Federal Land Management Agencies • BLM. BLM’s Office of Law Enforcement and Security is charged with promoting the safety and security of employees and visitors, as well as environmental protection, across approximately 245 million acres of BLM lands in 12 states. At the end of fiscal year 2018, BLM had Page 7 GAO-19-643 Security Risks to Land Management Agencies 194 field law enforcement officers engaged in such duties. 14 According to agency documentation, these law enforcement officers also coordinate with state agencies and county law enforcement officers on large-scale recreational events, such as Burning Man. 15 These field law enforcement officers may also be tasked with conducting facility security assessments. 16 • FWS. FWS’s division of Refuge Law Enforcement helps ensure the safety and security of visitors, employees, government property, and wildlife and their habitats on approximately 150 million acres of land. 17 At the end of fiscal year 2018, FWS had 231 field law enforcement officers on the agency’s 567 wildlife refuges. 18 According to agency documents, FWS law enforcement officers serve as ambassadors by providing important services to the public beyond law enforcement, such as providing visitors with information and guidance regarding fishing, hunting, hiking, and wildlife viewing opportunities. These field law enforcement officers may also be tasked with conducting facility security assessments. • Forest Service. The Forest Service’s Law Enforcement and Investigations division is charged with protecting natural resources, employees, and visitors on approximately 193 million acres of National Forest System lands in 44 states. At the end of fiscal year 14 BLM’s uniformed field law enforcement officers are known as rangers. In addition to rangers, according to BLM documents, in 2018, BLM had 74 special agents who conducted criminal and civil investigations into crimes committed on public land or involving public resources. As of September 2019, Interior was proposing to move select elements of BLM’s headquarters from Washington, D.C., to Grand Junction, Colorado. However, at the time of this report, it was unclear how, if at all, such a move would affect the number or location of BLM field law enforcement officers. 15 Burning Man is an annual, 9-day gathering of approximately 70,000 people in the Nevada desert that includes artistic performances and music. 16 Interior has a separate Office of Law Enforcement and Security that provides program guidance and oversight to all of the department’s law enforcement, security, intelligence, counterintelligence, and information-sharing programs. According to BLM and FWS officials, on occasion, the Office of Law Enforcement and Security has assisted them in conducting facility security assessments on their facilities. 17 FWS also manages over 650 million acres of submerged marine national monuments. FWS’s division of Refuge Law Enforcement is responsible for enforcing laws on both land and water and conducts marine law enforcement in coordination with the U.S. Coast Guard, National Oceanic and Atmospheric Administration, and others. 18 FWS field law enforcement officers are known as Federal Wildlife Officers. In addition, FWS also has special agents who investigate the illegal import and export of animals, products, and plants and enforce the Endangered Species Act. Page 8 GAO-19-643 Security Risks to Land Management Agencies 2018, the Forest Service had 417 field law enforcement officers. Additionally, law enforcement officers may be tasked with conducting facility security assessments. • ISC’s Facility Security Assessment Requirements Park Service. The Park Service’s division of Law Enforcement, Security, and Emergency Services is charged with protecting resources, managing public use, and promoting public safety and visitor enjoyment across the agency’s 85 million acres, 418 park units, 23 national scenic and national historic trails, and 60 wild and scenic rivers. 19 At the end of fiscal year 2018, the Park Service had 1,329 field law enforcement officers stationed at 240 of the Park Service’s units. Field law enforcement officers may also be tasked with conducting facility security assessments. The ISC Standard applies to all facilities in the United States occupied by federal employees for nonmilitary purposes, including federal land management agencies’ facilities. This includes existing facilities, new construction, or major modernizations; facilities owned, to be purchased, or leased; stand-alone facilities; special-use facilities; and facilities on federal campuses. 20 Among other things, the ISC Standard requires agencies to assess the risks faced by each of their facilities. According to Department of Homeland Security officials, since 2010, executive departments and agencies responsible for protecting their own facilities have been required to conduct facility security risk assessments as part of the ISC Standard’s risk management process. 21 The ISC Standard states that risk is a measure of potential harm from an undesirable event that encompasses threat, vulnerability, and consequence. The ISC Standard then defines these terms as follows: 19 The Park Service’s field law enforcement officers are known as park rangers. The Park Service also has the U.S. Park Police—uniformed law enforcement officers who enforce laws at national treasures and symbols of democracy in the Washington, D.C., New York, and San Francisco metropolitan areas. Because of their focus on metropolitan areas, rather than remote areas, we did not include the U.S. Park Police in this report. At the end of fiscal year 2018, the Park Service also had 32 law enforcement investigators and 337 seasonal law enforcement officers. 20 The ISC Standard defines a campus as consisting of two or more federal facilities located contiguous to one another and sharing some aspect of the environment (e.g., parking) or security features (e.g., a perimeter fence). 21 Some components of ISC’s current risk management process were implemented in 1995. However, according to ISC officials, the facility security assessments we describe in this report—that is, those that evaluate the threat, vulnerability, and consequence to specific undesirable events—have been a requirement since 2010. Page 9 GAO-19-643 Security Risks to Land Management Agencies • Undesirable event: An incident, such as vandalism, active shooters, and explosive devices that has an adverse impact on the facility occupants or visitors, operation of the facility, or mission of the agency. 22 • Threat: The intention and capability of an adversary to initiate an undesirable event. • Vulnerability: A weakness in the design or operation of a facility that an adversary can exploit. • Consequence: The level, duration, and nature of the loss resulting from an undesirable event. Based on the assessed level of risk, the ISC Standard provides a method for agencies to identify which countermeasures, such as security cameras or security gates, should be implemented to protect the facility against each of the undesirable events. According to the ISC Standard, once an initial assessment is completed, facility security reassessments should be conducted at least once every 3 to 5 years, depending on the facility’s security level, to reassess whether existing countermeasures remain adequate for mitigating risks. Beginning in fiscal year 2020, the ISC will require departments and agencies to report their compliance with the requirement to conduct facility security assessments on occupied facilities. 23 Figure 2 shows the steps of the ISC Risk Management Process, and figure 3 shows some examples of facility countermeasures. 22 The ISC Standard indicates that undesirable events are intended to represent the “worst-reasonable-case scenario” for each threat. The undesirable events identified in the ISC Standard are not intended to capture the entire range of undesirable events that may affect federal facilities. As a result, the ISC Standard encourages agencies to identify and assess any other undesirable events that are applicable to their specific facilities. 23 In 2014, we recommended that the Department of Homeland Security direct the ISC to develop a mechanism to monitor and ensure its member agencies’ compliance with the requirements in the ISC Standard. In response, according to an ISC official, the ISC developed a compliance reporting system, in which agencies are to enter data on each occupied facility and the status of the facility security assessment, among other things. According to the official, the compliance reporting requirement will be implemented using a phased approach, and agencies will be required to report on at least 15 percent of their facilities by January 2020. Full implementation of the ISC compliance reporting requirement is expected by January 2025, according to the official. Page 10 GAO-19-643 Security Risks to Land Management Agencies Figure 2: The Interagency Security Committee’s (ISC) Risk Management Process Note: The ISC is chaired by the Department of Homeland Security and was established to enhance the quality and effectiveness of security in and protection of buildings and facilities in the United States occupied by federal employees for nonmilitary activities. Page 11 GAO-19-643 Security Risks to Land Management Agencies Figure 3: Examples of Countermeasures Implemented by Federal Land Management Agencies Because facility security assessments are a key component of the ISC’s risk management framework, the ISC Standard includes requirements for agencies’ risk assessment methodologies. Specifically, among other things, the ISC Standard requires that agencies use facility security assessment methodologies that (1) consider all 33 of the undesirable events identified in the ISC Standard, 24 and (2) evaluate the three factors of risk (threat, vulnerability, and consequence) to each undesirable event. During facility security assessments, ratings are assigned to the threat, 24 Examples of undesirable events include arson, active shooter, explosive devices, and vandalism, among others. See appendix II for a complete list of the ISC’s undesirable events. Page 12 GAO-19-643 Security Risks to Land Management Agencies vulnerability, and consequence of an undesirable event, and the combined ratings produce an overall measurement of risk. 25 In our hypothetical facility security assessment example shown in figure 4, each component of risk is assigned a rating of between 1 (very low) and 5 (very high) based on the facility’s conditions. These ratings are then multiplied to produce an overall estimate of risk for each undesirable event. Agencies can use this and other information resulting from a facility security assessment to make security-related decisions and direct resources to implement countermeasures to address unmitigated risk. Figure 4: Hypothetical Example of a Risk Assessment Methodology Applied to a Federal Facility The Interagency Security Committee (ISC) requires federal agencies to use a methodology that evaluates the threat, vulnerability, and consequence of relevant undesirable events to produce an overall measurement of risk. 25 The ISC Standard gives agencies the flexibility to design their own facility security assessment methodology, as long as the chosen methodology adheres to fundamental principles of sound risk assessment. According to the ISC Standard, methodologies can provide varying outputs, from numbers and percentages to qualitative ratings such as “low” or “green.” Each department or agency, then, is to determine what outputs from their respective methodologies correlate with the level of protection categories identified in the ISC Standard. Page 13 GAO-19-643 Security Risks to Land Management Agencies Notes: The ISC is chaired by the Department of Homeland Security and was established to enhance the quality and effectiveness of security in and protection of buildings and facilities in the United States occupied by federal employees for nonmilitary activities. The ISC develops security standards for federal facilities, including standards for how agencies should assess risks to their facilities through facility security assessments. The values used in the example range between 1 and 5, but an agency could choose other values, such as a range between 1 and 100 or a color scheme, to represent the same conditions. Available Data Show a Range of Threats and Assaults against Land Management Agency Employees, but Not All Incidents are Captured in the Data Available federal law enforcement data show a range of threats and assaults against the four federal land management agencies’ employees in fiscal years 2013 through 2017. 26 For example, incidents ranged from threats conveyed by telephone to attempted murder against federal land management agency employees. Additionally, FBI data on its investigations into potential domestic terror threats to land management agencies show a wide variety of statutes and regulations that may have been violated. However, not all incidents are captured in the federal land management agencies’ data because not all incidents are reported to the agencies’ law enforcement officials. Additionally, some incidents are investigated by state or local law enforcement and recorded in their data systems rather than in land management agencies’ systems. As a result, the number of actual threats and assaults is unclear and may be higher than what is represented in available data. Our analysis of data from each of the four land management agencies and the FBI showed the following: 27, 28 • BLM. BLM data for fiscal years 2013 through 2017 included 88 incidents of threats and assaults against BLM employees and cited eight different statutes or regulations. A federal law prohibiting people from assaulting, resisting, or impeding certain federal officers or employees, 18 U.S.C. § 111, was the statute most frequently cited in BLM’s data. Examples of incidents that identified this statute include 26 For the purposes of this report, employee refers to land management agency employees, volunteers, and contractors, unless otherwise noted. 27 The land management agencies’ data systems were not specifically designed for reporting threats and assaults against employees and do not include the suspect’s motivation for a crime—such as anti-government extremist ideologies. Additionally, to varying degrees, agency officials reviewed their respective data and removed incident data that appeared not to constitute actual threats or assaults to employees. For these reasons, and because we determined that not all incidents are captured in the data, we did not analyze the data for annual trends. 28 Due to differences in the way the agencies recorded and categorized incidents, the data elements presented in tables 1 through 5 vary. Page 14 GAO-19-643 Security Risks to Land Management Agencies an individual harassing a BLM law enforcement officer by repeatedly swerving and cutting off the officer on the highway, an individual making threats against a BLM employee on Facebook and YouTube, and an incident during which an employee was stabbed outside a federal building. Twenty-one of the 88 incidents occurred in fiscal year 2013, when BLM categorized incidents using uniform crime reporting codes rather than federal statutes, regulations, or state laws. 29 These incidents include, for example, an incident in which an individual attempted to murder a law enforcement officer with a firearm. Table 1 provides additional information on threats and assaults against BLM employees for fiscal years 2013 through 2017. Table 1: Statutes and Regulations Cited in Incidents of Threats and Assaults against Bureau of Land Management (BLM) Employees, Fiscal Years 2013 through 2017 Statute or regulation Description Number of incidentsa 18 U.S.C. § 111 Assaulting, resisting, or impeding certain federal officers or employees 30 43 C.F.R. § 8365.1-4(a)(4) Resisting arrest or issuance of citation by an authorized officer engaged in performance of official duties; interfering with any BLM employee or volunteer engaged in performance of official duties 19 43 C.F.R. § 8365.1-4(a)(5) Assaulting, committing a battery upon any BLM employee or volunteer engaged in the performance of official duties 8 43 C.F.R. § 423.22(a)b Assaulting, threatening, disturbing, resisting, intimidating, impeding, or interfering with any employee or agent of federal, state, or local government engaged in an official duty 4 Cal. Penal Code § 148(a)(1) Resisting, delaying, or obstructing a public peace officer 3 43 C.F.R. § 9212.1(f) Resisting or interfering with the efforts of firefighters to extinguish a fire 1 43 C.F.R. 423.22(b) Not complying with lawful order of an authorized government employee or agent for the purpose of maintaining order and controlling public access and movement during law enforcement actions and emergency or safety-related operations 1 Wyo. Stat. Ann. § 6-2-502 Aggravated assault and battery 1 c Not specified Incidents involving unspecified statutes or regulations included physical assault; threat or intimidation; and harassment and interference with duties.d 21 Source: GAO analysis of data originating from BLM’s Incident Management, Analysis, and Reporting System. GAO-19-643 a BLM data included 88 incidents of threats and assaults against employees and cited eight different statutes and regulations. Each incident cited one statute, regulation, or uniform crime reporting code. 29 Uniform crime reporting offense codes are three digits long and are typically comprised of two numerals and a letter. For example, the uniform crime reporting code for a simple assault is 13B. At the beginning of fiscal year 2014, when BLM changed from using uniform crime reporting codes to using federal statutes, regulations, and state laws, an incident involving assault would cite a specific statute associated with assault, such as 18 U.S.C. § 111. Page 15 GAO-19-643 Security Risks to Land Management Agencies According to a BLM official, it is likely that for incidents in which more than one statute or regulation was violated—such as an incident involving both a verbal threat and a physical assault—only the most severe offense may be entered into the data system. If other, less severe offenses were committed during an incident, they may not be captured in the data. b This is a Bureau of Reclamation regulation. All other C.F.R. cites in this table refer to BLM regulations. c According to an agency official, until fiscal year 2014, BLM used uniform crime reporting codes to categorize offenses. In fiscal year 2014, BLM began using federal statutes, regulations, and state laws. Therefore, the federal statute, regulation, or state law violated was not specified for the 21 incidents of threats and assaults that occurred in fiscal year 2013. d A BLM official reviewed each incident with an unknown statute or regulation and grouped it into one of the four following categories: physical assault (seven incidents); threat or intimidation (seven incidents); harassment and interference with duties (six incidents); and vague (one incident). • FWS. FWS data for fiscal years 2013 through 2017 included 66 incidents of threats and assaults against FWS employees and cited nine different statutes and regulations. A federal law prohibiting people from assaulting, resisting, or impeding certain federal officers or employees, 18 U.S.C. § 111, was the statute most frequently cited in FWS’s data and included a variety of incidents, such as a law enforcement officer who was assaulted with a tree branch during a suspected drug trafficking incident at the border. According to FWS officials, when law enforcement officers cite violations of state statutes, they enter the violation into the law enforcement data system under a generic description such as “Assault: simple, on officer,” and then manually enter the relevant state statute. Of the total FWS incidents, 26 were recorded under unspecified state statutes. These incidents included, for example, an officer who was assaulted while arresting an individual driving under the influence and an officer who received a death threat during an arrest. Table 2 provides additional information on threats and assaults against FWS employees for fiscal years 2013 through 2017. Table 2: Statutes and Regulations Cited in Incidents of Threats and Assaults against Fish and Wildlife Service (FWS) Employees, Fiscal Years 2013 through 2017 Number of incidentsa Statute or regulation Description 18 U.S.C. § § 111, 1114 Assaulting, resisting, or impeding certain federal officers or employees or killing or attempted killing of any officer or employee of the United States or of any agency in any branch of the United States government while such officer or employee is engaged in or on account of the performance of official duties, or any person assisting them 38 18 U.S.C. § § 111, 1114 Assaulting, resisting, or impeding certain federal officers or employees or killing or attempted killing of any officer or employee of the United States or of any agency in any branch of the United States government while such officer or employee is engaged in or on account of the performance of official duties, or any person assisting them 38 Page 16 GAO-19-643 Security Risks to Land Management Agencies Number of incidentsa Statute or regulation Description Unspecified state statute Terrorist act, sabotage, or hostile threats 9 Unspecified state statute Assault: simple, on officer 7 18 U.S.C. § 115 Influencing, impeding, or retaliating against a federal official by threatening or injuring a family member 4 Unspecified state statute Assault: aggravated, on officer with firearm 5 Unspecified state statute Assault: aggravated, on officer with other weapons 2 Unspecified state statute Assault: intimidation, on officer 2 16 U.S.C. § 3 Rule or regulation of the National Park Service, unspecified 1 Unspecified state statute Assault: aggravated, on officer with hands, feet, fists 1 Source: GAO analysis of FWS Refuge Law Enforcement data from the Law Enforcement Management Information System. GAO-19-643 Notes: These data represent incidents recorded in two different data systems. Data from fiscal years 2013 and 2014 were originally recorded in FWS’ Law Enforcement Information Management and Gathering System and were later migrated into FWS’s current data system—the Law Enforcement Management Information System. We assessed the data within our scope and determined that the data recorded in both systems were reliable and comparable for our reporting purposes. FWS’s data include all incidents captured under broad statutes and regulations, such as 18 U.S.C. § 111, which covers incidents of assaulting federal employees as well as incidents of resisting or impeding federal officers or employees. As a result, some of the incidents captured under these statutes and regulations may not have constituted a threat or assault to a federal employee. According to FWS officials, offenses may be recorded in the agency’s data system as violations of federal statutes or regulations or state statutes. If the latter, the violation is entered into the data system under a generic description, such as “Assault: aggravated, on officer with firearm,” and then the law enforcement officer manually enters the relevant state statute. Therefore, offenses without a federal statute or regulation represent violations of state statutes. a FWS data included 66 incidents of threats and assaults against employees and cited nine different statutes and regulations. Numbers in this column do not sum to the total number of incidents (66) because one incident cited three different statutes and another cited two. • Forest Service. Forest Service data for fiscal years 2013 through 2017 included 177 incidents of threats and assaults against Forest Service employees and cited seven different statutes or regulations. Officials said that the data provided to us generally included only the most serious offense that occurred during an incident, due to limitations on linking records in Forest Service’s data system. For example, if both a verbal threat and physical assault occurred during an incident, only the physical assault would be included in the data. Therefore, potential violations of some statutes or regulations that occurred during incidents of threats and assaults may not be recorded in the data. About half of the Forest Service incidents involved potential violations of 36 C.F.R. § 261.3(a), which includes interfering with a forest officer, among other things. Such incidents included: an individual telling a Forest Service employee that his dog would “rip her head off” if she approached his camp; threatening graffiti written on a law enforcement officer’s personal residence; and a death threat to a law enforcement officer. Table 3 provides additional information on Page 17 GAO-19-643 Security Risks to Land Management Agencies threats and assaults against Forest Service employees for fiscal years 2013 through 2017. Table 3: Statutes and Regulations Cited in Incidents of Threats and Assaults against Forest Service Employees, Fiscal Years 2013 through 2017 Number of incidentsa Statute or regulation Description 36 C.F.R. § 261.3 (a) Threatening, resisting, intimidating, or interfering with any forest officer engaged in or on account of the performance of his official duties in the protection, improvement, or administration of the national forest system 87 36 C.F.R. § 261.3 (c) Threatening, intimidating, or intentionally interfering with any Forest officer, volunteer, or human resource program enrollee while engaged in, or on account of, the performance of duties for the protection, improvement, or administration of the national forest system or other duties assigned by the Forest Service 41 18 U.S.C. § 111 Assaulting, resisting, or impeding certain federal officers or employees 38 18 U.S.C. § 115 Influencing, impeding, or retaliating against a federal official by threatening or injuring a family member 5 18 U.S.C. § 1114 Killing or attempted killing of any officer or employee of the United States or of any agency in any branch of the United States government while such officer or employee is engaged in or on account of the performance of official duties, or any person assisting them 3 18 U.S.C. § 372 Conspiring to injure or impede a federal officer 2 18 U.S.C. § 2231 Forcibly assaulting, resisting, opposing, preventing, impeding, intimidating, or interfering with any person authorized to serve or execute search warrants or to make searches and seizures 1 Source: GAO analysis of data originating from Forest Service’s Law Enforcement and Investigations Management Attainment Reporting System. GAO-19-643 Note: The Forest Service’s law enforcement data system captures data in three report categories: (1) an incident report, which records when an offense occurred but the perpetrator was unknown; (2) a warning notice, which is issued when an offense occurred but the law enforcement officer determined that the offense was inadvertent or committed due to lack of understanding or misinformation; and (3) a violation notice, which is issued for an offense that violates the U.S. Code or Forest Service regulations and for which the perpetrator was known. We combined these three types of report categories and refer to them as incidents. Forest Service officials indicated that there may be a minor amount of overlap between violation notices and incident reports. a Forest Service data included 177 incidents of threats and assaults against employees and cited seven different statutes and regulations. Numbers in this column do not sum to the total number of incidents (176) because one incident report cited two violations of statutes and regulations: 18 U.S.C. § 111 and 36 C.F.R. § 261.3(a). • Park Service. Park Service data for fiscal years 2013 through 2017 included 29 incidents of threats and assaults against Park Service employees and cited six different offense descriptions. 30 According to 30 Park Service data included employees only and did not include volunteers or contractors. Page 18 GAO-19-643 Security Risks to Land Management Agencies a Park Service official, some incident records cite a statute or regulation. However, all agency incident records include offense codes that are unique to the Park Service and are associated with the type of violation, such as assault or disorderly conduct. 31 Unlike with statutes and regulations, a perpetrator does not need to be identified for the law enforcement officer to cite an offense code. 32 Three of the six Park Service offense codes relate to assault. Incidents that cited these codes included an individual ramming an employee’s patrol vehicle and a death threat left on an employee’s personal cell phone. Table 4 provides additional information on threats and assaults against Park Service employees for fiscal years 2013 through 2017. Table 4: Offenses Cited in Incidents of Threats and Assaults against National Park Service (Park Service) Employees, Fiscal Years 2013 through 2017 Offense code descriptiona Number of incidentsb Assault: simple unlawful physical attack 12 Disorderly conduct: obscene or threatening language, display, or act 8 Assault: intimidation, including bomb threats 6 Assault: aggravated 5 Disorderly conduct: fighting 1 Traffic accident reporting violation: hit and run 1 Source: GAO analysis of data originating from Park Service’s Incident Management, Analysis, and Reporting System. GAO-19-643 Note: Park Service provided data on employees only and did not include data on volunteers or contractors. a According to a Park Service official, some but not all Park Service incident records cite a statute or regulation, while all Park Service incident records include offense codes—unique to the Park Service—that are associated with the type of violation, such as assault or disorderly conduct, and do not require that a perpetrator have been identified to be entered into the data system. As a result, we present only the offense code description in this table, since not all records cited a statute or regulation. 31 Park Service data were provided to us by offense code, since not all incidents cited a statute or regulation. 32 According to a Park Service official, the Park Service uses offense codes to capture more detailed information about an incident; to ensure that incidents are recorded regardless of whether a perpetrator was identified; and to align with FBI’s Uniform Crime Reporting Program. The FBI’s Uniform Crime Reporting Program is a nationwide, cooperative statistical effort of more than 18,000 city, university and college, county, state, tribal, and federal law enforcement agencies voluntarily reporting data on offenses to assess and monitor the nature and type of crime in the nation, according to the program’s user manual. Page 19 GAO-19-643 Security Risks to Land Management Agencies b Park Service data included 29 incidents of threats and assaults against employees and cited six different offense codes. Numbers in this column do not sum to the total number of incidents (29) because some incidents cited more than one type of offense code. • FBI. FBI data for fiscal years 2013 through 2017 show that the FBI initiated under 100 domestic terrorism investigations 33 into potential threats to federal land management agencies, and that these investigations most frequently cited eight specific statutes. 34 Investigations can either be initiated by the FBI or referred to the FBI by land management agencies. Land management agency officials said they refer only the most serious incidents to the FBI—such as the armed occupation of Malheur National Wildlife Refuge. The FBI receives information from a variety of sources, including from confidential human sources; public tips; and state, local, tribal, and federal partners. According to FBI officials, an investigation into a domestic terrorism threat may only be initiated if there is information indicating potential violent criminal activity committed in furtherance of ideology. 35 Our analysis of FBI data showed that the majority of the domestic terrorism investigations involved BLM, and the majority involved individuals motivated by anti-government ideologies. 36 Most of the domestic terrorism investigations cited more than one statute or regulation as having been potentially violated, and the severity of the threat varied. For example, some investigations involved written threats and threats conveyed by telephone to government officials. In one example, the investigation involved a subject posting a BLM law enforcement officer’s personal information on Twitter, which resulted 33 The exact number of domestic terrorism investigations initiated by the FBI into threats and assaults to land management agencies is law enforcement sensitive information. 34 According to FBI officials, all domestic terrorism investigations must be predicated on an activity intended to further a political or social goal–-wholly or in part involving force or violence—in violation of federal law. FBI officials stated that an affiliation with a domestic group or individual, or adherence to a specific ideology, does not in and of itself meet the requirements for the FBI to initiate a domestic terrorism investigation. 35 According to FBI officials, the FBI does not collect intelligence or conduct investigations based solely on constitutionally protected activity—such as individuals exercising their right to free speech. Further, every subject of a domestic terrorism investigation must have individual predication (i.e., mere association with another subject is not sufficient for predication). 36 These data cover full investigations conducted by the FBI. According to FBI documents, a full investigation may be opened if there is an “articulable factual basis” of possible criminal or national threat activity. Before opening a full investigation, the FBI may first conduct an assessment, or less comprehensive preliminary investigation, to determine whether to pursue initiating a full investigation. Page 20 GAO-19-643 Security Risks to Land Management Agencies in over 500 harassing phone calls and several death threats. Table 5 provides information on the percentage of FBI investigations citing various statutes and regulations related to threats to federal land management agencies for fiscal years 2013 through 2017. Table 5: Statutes and Regulations Cited in Federal Bureau of Investigation (FBI) Investigations Related to Potential Domestic Terror Threats to Federal Land Management Agencies, Initiated in Fiscal Years 2013 through 2017 Percentage of investigationsa Statute or regulation Description 18 U.S.C. § 111 Assaulting, resisting, or impeding certain federal officers or employees 53 18 U.S.C. § 115 Influencing, impeding, or retaliating against a federal official by threatening or injuring a family member 46 18 U.S.C. § 372 Conspiracy to impede or injure federal officer 33 18 U.S.C. § 371 Conspiracy to commit offense or to defraud the United States 40 18 U.S.C. § 2383 Inciting, assisting, or engaging in any rebellion or insurrection against the authority of the United States or the laws thereof 14 18 U.S.C. § 2384 Conspiring to overthrow, put down, or to destroy by force the government of the United States 14 18 U.S.C. § 922 Convicted person in possession of a firearm 16 b 18 U.S.C. § 924 Discharging a firearm during and in relation to a crime of violence Miscellaneous 24 miscellaneous statutes and regulations cited indicating various types of offensesc 16 70 Source: GAO analysis of FBI data originating from Sentinel data system. GAO-19-643 Notes: These data relate to full investigations initiated by the FBI. According to FBI documents, a full investigation may be opened if there is an “articulable factual basis” of possible criminal or national threat activity. Before opening a full investigation, the FBI may first conduct an assessment, or a less comprehensive preliminary investigation, to determine whether to pursue a full investigation. Most FBI domestic terrorism investigations cited more than one potentially violated statute or regulation. Some investigations in the data included potential violations of multiple subsections of the same statute (e.g. 18 U.S.C. 111(a) and 18 U.S.C. 111(b)). For ease of reporting, we identify a statute one time per investigation, even if multiple subsections of the same statute were cited for the same investigation. The description of the offense listed is for the statute and may not fully represent all of the subsections cited for a particular investigation. a The percentage of investigations citing the statute or regulation does not sum to 100 percent because most investigations cited more than one statute or regulation. b This is not a standalone offense, but rather an aggravating circumstance, conviction of which results in a minimum prison sentence of 10 years. c The 24 miscellaneous statutes and regulations violated included a wide range of offenses such as mail fraud, explosives violations, and damage of government property, among others. According to an FBI official, when a field agent initiates an investigation, all potential offenses are identified. Not all incidents of threats and assaults against land management agency employees are captured in agency law enforcement data for several reasons. These reasons include the following: Page 21 GAO-19-643 Security Risks to Land Management Agencies Threats to Employees Related to the Malheur National Wildlife Refuge Occupation The armed occupation of Fish and Wildlife Service’s (FWS) Malheur National Wildlife Refuge lasted approximately 6 weeks—from January 2 through February 11, 2016; however, according to agency officials in Harney County, Oregon, individuals holding anti-government beliefs began arriving to the area in late October 2015. Bureau of Land Management (BLM), Forest Service, and FWS officials cited specific examples of threatening incidents they observed around the time of the occupation but that employees did not necessarily report to agency law enforcement. For example: • Individuals holding anti-government beliefs followed a teenage girl wearing a BLM shirt around the local grocery store and threatened to burn her house down. • Some agency employees reported that there were trucks regularly parked outside their homes, with individuals holding antigovernment beliefs, who appeared to be monitoring them and their families. One official stated that “They were holding us hostage in our own homes.” • Some employees had shots fired over their heads while working in the field. • An individual holding anti-government beliefs yelled, “You’re going to get it!” to an agency employee. According to officials at two agencies, many employees were traumatized by the Malheur occupation and some did not return to work, including some who transferred to other agency field units. Sources: GAO photo and interviews with BLM, Forest Service, and FWS officials. GAO-19-643 • Federal land management agency employees do not report all incidents of threats. According to officials at all four agencies, employees do not always report threats to agency law enforcement. For example, some field unit employees said that in certain circumstances, they consider receiving threats a normal part of their job. Specifically, field unit employees we interviewed at three land management agencies cited incidents in which they were yelled at, for example, by hunters, permittees, or attendees of public planning meetings. While this behavior may be threatening, some employees told us it was “a part of the job,” and they did not report such incidents. In addition, some officials described being threatened while off-duty, such as by being harassed in local stores or being monitored at their home, which officials said in some cases they did not report because it was a common occurrence. Additionally, according to agency officials, threats are subject to interpretation, so employees may be reluctant to report an incident unless it involves an explicit threat of physical harm or death. • During an incident, some threats and assaults may not be recorded in agency data systems by agency law enforcement officers. BLM and Forest Service officials told us that when a single incident involves multiple offenses, the less serious offenses are unlikely to be recorded in the data system. Therefore, the entirety of what occurred during the incident may not be captured in the data system. For example, according to one BLM official we interviewed, if an incident involved a verbal threat and a physical assault, it would likely be recorded into the data system as an assault. • Some incidents are investigated by state or local law enforcement and recorded in their data systems, rather than in land management agencies’ systems. Some incidents of threats and assaults to federal employees may be investigated by state or local law enforcement entities. Specifically, during our site visits, officials from all four land management agencies stated that their employees are instructed to call 911 in the case of an emergency, such as a threat or assault, and that, generally, a local law enforcement officer—such as a county sheriff’s deputy—will respond to the call. Land management agency officials said that when state or local law enforcement respond to an incident, even those that occur on federal lands, the incident would be recorded in those entities’ data systems and may not be entered into the land management agency’s law enforcement data system. Additionally, according to agency officials at all four land management agencies, due to resource constraints, many of their field units do not have any law enforcement officers or have a limited law enforcement presence, which limits the Page 22 GAO-19-643 Security Risks to Land Management Agencies agencies’ ability to respond to and therefore record incidents of threats and assaults. For example, according to agency officials, as of October 2018, 178 of 418 Park Service units had no law enforcement presence. Furthermore, even when field units had dedicated law enforcement officers, the officers might not have been available to immediately respond to incidents, so employees might instead have contacted local law enforcement. Given these reasons, the actual number of incidents of threats and assaults is unclear and may be greater than the number reported and entered in the land management agencies’ law enforcement data systems, according to federal land management agency officials. Land Management Agencies Use Various Approaches to Protect Employees, but Several Factors May Affect Their Ability to Do So Agencies Use Various Approaches to Protect Employees, Including Building Relationships with External Law Enforcement Entities and the Public Federal land management agencies use various approaches to protect their employees from threat and assaults, including building relationships with external law enforcement entities and the public; receiving, collecting, and disseminating intelligence; and offering training to agency employees. Agency officials we interviewed cited four factors that can affect their ability to protect employees, including that employees often work in remote locations. Federal land management agencies use various approaches to protect their employees from threats and assaults. Specifically: • Agencies deploy their law enforcement officers to protect employees and resources. All four federal land management agencies have their own law enforcement divisions with law enforcement officers who are tasked with protecting employees and resources in the field. According to agency officials we interviewed, where available, agency law enforcement officers respond to incidents, including threats and assaults against employees. When necessary, agencies also deploy additional law enforcement officers to assist local officers. For example, during the armed occupation of the Malheur National Wildlife Refuge, FWS officials said the agency deployed FWS law enforcement officers from around the country to field units in western states to provide additional security for FWS employees. Similarly, according to BLM documents, BLM officers are sometimes deployed from their home field units for various reasons, such as assisting with large-scale recreational events and supporting fire investigations and natural disaster recovery. Page 23 GAO-19-643 Security Risks to Land Management Agencies • Agencies build relationships with local, state, and other federal agency law enforcement entities, as well as the public. Federal land management agencies build relationships with local, state, and other federal agency law enforcement entities to help protect employees and resources in the field and to assist with coordinating law enforcement responses, according to agency officials. These officials said such relationships are important because not all field units have a law enforcement officer, and those that do often rely on local law enforcement for assistance with incidents of threats or assaults against agency employees. For example, officials at one field unit in Nevada stated that during a high-profile court case involving the agency, the Las Vegas Metropolitan Police Department kept a patrol car outside the field unit for several days to help ensure the safety of the field unit’s employees. Agency field officials said that building relationships with the public—both visitors and local citizens—can help keep their employees safe by cultivating trust and reducing potential tension over federal land management practices. For example, officials at one field unit drafted talking points for employees in the event that visitors asked them about a high-profile incident of anti-government behavior directed at a federal land management agency. The talking points outlined the agency’s responsibilities and authorities and, according to agency officials, were aimed at dispelling misunderstandings about federal land management policies. Additionally, officials at several field units we visited stated that their law enforcement officers are focused on educating, rather than policing, visitors. • Agencies receive, collect, and disseminate intelligence information. To varying degrees, federal land management agencies receive, collect, and disseminate intelligence information, which helps them anticipate, prepare for, and react to threats against employees and facilities. For example, officials we interviewed from all four agencies said that they receive intelligence information from various sources, including Interior’s Office of Law Enforcement and Security, the Department of Homeland Security, FBI, Federal Protective Service, 37 and Joint Terrorism Task Forces. 38 Additionally, after the 37 The Federal Protective Service is within the Department of Homeland Security. Its mission is to prevent, protect, respond to, and recover from terrorism, criminal acts, and other hazards threatening the U.S. government’s critical infrastructure and services and the people who provide or receive them. Page 24 GAO-19-643 Security Risks to Land Management Agencies armed occupation of Malheur National Wildlife Refuge, FWS created a new risk and threat assessment coordination unit to collect intelligence, inform decision-making, and improve coordination with other Interior bureaus. Agency officials said they disseminate intelligence information about potential threats to their field units so that field personnel can respond appropriately to the threat—including encouraging employees to telework, directing employees to temporarily stop field work, or temporarily closing their field unit. • Agencies have developed plans and guidance to promote employee safety. Agency officials have developed a variety of written plans and guidance to promote employee safety. For example, agencies are required to develop occupant emergency plans for most occupied facilities. 39 Occupant emergency plans we obtained covered employee safety, including what to do in the event of a bomb threat or active shooter event. Additionally, some field units developed other documents that outlined actions employees are to take to remain safe, such as plans to address critical incidents or protests at their field unit. 40 • Agencies offer various types of safety training. All four federal land management agencies offer a variety of training to help protect employees and promote their safety, according to agency documents and officials. Examples of topics addressed in agencies’ training include understanding anti-government ideologies, communicating techniques for de-escalating conflicts, and responding to an active shooter event. 38 Joint Terrorism Task Forces are funded and managed by the FBI. Their goal is to prevent, preempt, deter, and investigate terrorism and related activities. They do so by following leads, gathering evidence, making arrests, providing security for special events, conducting training, collecting and sharing intelligence, and responding to threats and incidents. 39 Federal agencies are required to have an occupant emergency program that establishes procedures for safeguarding lives and property during emergencies in their respective facilities. 41 C.F.R. § 102-74.230. 40 Examples of critical incidents include active shooters and explosions. Page 25 GAO-19-643 Security Risks to Land Management Agencies Several Factors Can Affect Land Management Agencies’ Efforts to Protect Their Employees from Threats and Assaults Agency officials cited four factors that can affect agencies’ efforts to protect their employees: • Agency employees work with the public and are often easily recognizable. Agency officials said their employees are required to interact with the public as part of their official duties, which can put them at risk of being threatened or assaulted. FWS officials said they temporarily closed field units in an adjacent state during the beginning of the armed occupation of the Malheur National Wildlife Refuge to reduce the likelihood that their employees would interact with members of the public who were traveling to Malheur to participate in the occupation. FWS and Park Service officials stated that their employees are easily recognizable because they typically wear uniforms, which may put them at greater risk of being harassed or threatened by individuals who hold anti-government beliefs. (See figure 5 for examples of uniforms.) In response, on certain occasions, some agency officials direct their employees to wear street clothes instead of their uniforms. Officials we interviewed indicated that whenever they are concerned about a potential safety issue at their field unit, such as a protest, they may encourage eligible employees to telework from home instead of reporting to their work station. Figure 5: Examples of Fish and Wildlife Service and National Park Service Employee Uniforms Page 26 GAO-19-643 Security Risks to Land Management Agencies • Employees often work in remote locations to fulfill agency missions. Agency officials stated that it can be difficult to protect employees because, as part of their field work, employees may be dispersed across hundreds of miles of federal lands and may be located hours or days away from the nearest agency law enforcement officer. (See figure 6 for an example of a remote location.) As a result, some agency officials said they sometimes direct employees to postpone fieldwork if there is a known or anticipated risk of threats or assaults. In addition, according to officials, various field units have developed check-in and check-out procedures to keep track of employees when they are in the field and to help verify that they report back to the office after concluding their fieldwork. Additionally, some field units have purchased satellite communication devices that operate when cell or radio signals are not available, so that employees conducting remote field work can call for help if needed. Figure 6: Example of a Remote Fish and Wildlife Service Field Unit • The number of agency field law enforcement officers has declined. As of the end of fiscal year 2018, the overall number of field law enforcement officers at each of the four land management agencies had declined from fiscal year 2013, which agency officials noted as a factor straining their efforts to protect employees. For example, the Park Service had the lowest decrease of 7 percent, whereas the Forest Service had the greatest decrease of 22 percent. (See table 6.) Figure 7 shows the total number of acres for which federal land management agencies are responsible, the number of Page 27 GAO-19-643 Security Risks to Land Management Agencies field law enforcement officers they had as of the end of fiscal year 2018, and the ratio of officers to acres of federal land. In addition, field officials from the three Interior agencies stated that as a result of various requirements to send law enforcement officers to support border protection efforts, their law enforcement officers are occasionally absent from their field units when deployed 14 days or more to the border. 41 To help address the effects of border deployments, some agency officials told us that they seek opportunities to share law enforcement resources among field units and with other land management agencies and that they typically deploy law enforcement officers from field offices across the agency to minimize the effects on any one unit. Table 6: Number of Land Management Agency Field Law Enforcement Officers and Percentage Decline, Fiscal Years 2013 and 2018 Agency Number of field law enforcement officers as of the end of fiscal year 2013 Number of field Percentage law enforcement change officers as of the end of fiscal year 2018 Bureau of Land Managementa 213 194 -9 Fish and Wildlife Service 284 231 -19 Forest Service 534 417 -22 1,431 1,329 -7 National Park Service Source: GAO analysis of agency documents. GAO-19-643 a Due to turnover in the Bureau of Land Management Office of Law Enforcement and Security, it is unknown whether the number of field law enforcement officers represents calendar or fiscal years, according to an agency official. 41 An Interior memorandum on May 1, 2018, directed FWS and the Park Service to send law enforcement officers to assist the U.S. Border Patrol with protecting Interior-managed lands along the U.S. southern border. In fiscal year 2018, FWS deployed 106 FWS law enforcement officers for a total of 151 14-day deployments to support this effort. Similarly, in fiscal year 2018, the Park Service deployed 134 law enforcement officers to support the effort. As part of a separate effort that began in 2010, in fiscal year 2018, BLM deployed 216 law enforcement officers on 14-day deployments to Arizona, California, and New Mexico. Page 28 GAO-19-643 Security Risks to Land Management Agencies Figure 7: Number of Federal Land Management Agency Field Law Enforcement Officers Per Million Acres, as of the End of Fiscal Year 2018 a Due to turnover in the Bureau of Land Management’s Office of Law Enforcement and Security, it is unknown whether the number of field law enforcement officers represents calendar or fiscal years, according to an agency official. Additionally, the data do not include approximately 74 special agents within this office because they do not patrol public lands. b This number does not include about 51 part-time officers whose positions were phased out as of January 1, 2019. c This number does not include about 650 million acres of marine monuments, for which the Fish and Wildlife Service conducts marine law enforcement in coordination with the U.S. Coast Guard, National Oceanic and Atmospheric Administration, and others. d This number does not include 65 Forest Service investigative special agents because they do not patrol public lands. e This number does not include 32 law enforcement investigators because they do not patrol public lands, nor does it include 337 seasonal law enforcement officers. • Anti-government sentiment can be unpredictable, difficult to respond to, and disruptive. Agency officials we interviewed said that Page 29 GAO-19-643 Security Risks to Land Management Agencies the risk to employee safety posed by individuals holding antigovernment sentiments can be unpredictable and that incidents of threats and assaults against employees by such individuals are generally sporadic. For example, BLM, FWS, and Forest Service officials said it would have been difficult to predict that armed individuals would occupy FWS’s Malheur National Wildlife Refuge, since they were protesting BLM actions. BLM and FWS agency officials said they believed that the occupiers chose Malheur National Wildlife Refuge because it was an easier target. 42 In addition, some agency field unit officials told us that incidents of threats and assault from individuals holding anti-government beliefs generally occur when agency personnel are conducting normal operating activities, such as during routine traffic stops or when they are collecting park entrance fees, making them difficult to predict. Officials from one field unit also noted that while their agency wants to ensure employee safety, it is contrary to their mission to close a field unit every time there is a potential anti-government threat—such as threats made on social media. However, during the armed occupation of the Malheur National Wildlife Refuge, refuges in an adjacent state were closed out of caution, and FWS employees turned away visitors who had driven hundreds of miles to view wildlife, according to FWS officials. To help address the potential disruption posed by unpredictable antigovernment threats, some agencies and field units developed plans and guidance that prescribed various actions field units and their employees could take to help ensure employees’ safety while also counteracting the disruptive effects of threats and attacks on a facility’s operations. 42 Specifically, officials noted that unlike the nearby BLM field unit, Malheur National Wildlife Refuge was located off a main highway, on a rural road. Additionally, the refuge had on-site living quarters and a watchtower from which the occupiers could observe cars approaching from miles away. Finally, most employees were on annual leave during the end-of-year holidays. Page 30 GAO-19-643 Security Risks to Land Management Agencies Land Management Agencies Have Not Met Certain Facility Security Assessment Requirements The four federal land management agencies have completed some but not all of the facility security assessments on their occupied federal facilities as required by the ISC Standard and three do not have a plan for doing so. 43 Furthermore, the Forest Service has a facility security assessment methodology that complies with key requirements described in the ISC Standard, but BLM, FWS, and the Park Service do not. The Four Land Management Agencies Have Not Completed All Facility Security Assessments, and Three of the Four Agencies Do Not Have Plans for Doing So The ISC Standard requires that agencies complete facility security assessments on all occupied facilities and suggests that agencies establish annual objectives for conducting assessments. As suggested in the ISC Standard, to do so, agencies may need to consider several things, such as: • the number and locations of needed facility security assessments, by establishing which facilities in the agency’s inventory are occupied and grouping them into campuses, if desired; 44 • the agency’s organizational structure, to determine entities responsible for conducting the assessments; • training needs of entities responsible for conducting the assessments; • which facilities or campuses should be prioritized for assessments, if needed; and • a schedule for completing the assessments, given the agency’s available resources and priorities. The four land management agencies have not completed facility security assessments on all occupied facilities, and agency officials cited various reasons for not doing so. FWS has a plan to complete its assessments, but BLM, the Forest Service, and the Park Service do not. Specifically: 43 The ISC Standard defines a facility occupant as any person who is permanently or regularly assigned to the government facility and displays a required identification badge or pass for access. In a February 2019 ISC memorandum, the ISC noted that it did not previously provide a precise definition of what “regularly assigned” means, and that, due to varying mission requirements, agencies should have the flexibility to determine what constitutes a regularly assigned employee. According to an ISC official, agencies should clearly define in policy which facilities the agency will consider regularly occupied. 44 The ISC Standard allows for multiple facilities in a campus setting to be assessed in a single-facility security assessment. Grouping facilities into campuses will affect the total number of assessments the agency needs to complete. Page 31 GAO-19-643 Security Risks to Land Management Agencies • FWS. FWS has conducted five facility security assessments on its approximately 465 occupied facilities and has a plan for completing the remaining assessments. 45 According to FWS headquarters officials, FWS employees have limited physical security expertise to conduct facility security assessments; therefore, the agency has developed a plan to meet the ISC Standard’s requirement using contractors. Specifically, in May 2019, FWS hired a project manager to implement a new facility security assessment program and, according to agency documentation, the new program will, among other things, employ contracted assessors to conduct facility security assessments agency-wide. Agency officials said FWS will hire the assessors after the project manager and other agency officials complete preliminary tasks such as developing ISC-compliant policies and procedures, establishing the number and locations of facility security assessments needed, 46 and developing an electronic tracking system for the assessors to use while conducting assessments. 47 Once these tasks are completed—which could take up to 1 year, according to officials—FWS is to develop a schedule for assessors to complete the remaining assessments. • BLM. BLM has conducted 21 facility security assessments on its approximately 280 occupied facilities, but officials do not know when they will complete the remaining assessments and do not have a plan 45 According to FWS officials, Interior’s Office of Law Enforcement and Security completed these five facility security assessments on behalf of FWS. 46 According to FWS headquarters officials, as of June 2019, the agency developed a preliminary list of 468 facilities in its inventory that may be occupied, but the agency has not finalized the list or decided which facilities will be grouped and assessed as campuses. FWS officials noted they may also conduct facility security assessments on some structures that are unoccupied but considered higher risk—such as hazardous material storage, bridges, dams, and aqueducts—but have not determined which of these structures to assess. Officials stated that they are compiling information from various sources to create a master facility security assessment list, which they expect to complete by September 2019. Contracted assessors are to validate this information as they conduct assessments. 47 The tracking system, which is under development and expected to be completed by March 2020, will be integrated as a new physical security module in one of FWS’s existing property management databases, according to officials. Page 32 GAO-19-643 Security Risks to Land Management Agencies to do so. 48, 49 BLM headquarters officials we interviewed said that the agency is decentralized and its state offices are responsible for the security of facilities in their states, including scheduling and conducting facility security assessments. However, some BLM state and field officials we interviewed said they do not have the resources or expertise to conduct the assessments, and BLM does not offer relevant training. In June 2019, the agency issued a hiring announcement for a headquarters-level security manager. According to officials, once hired, the security manager is to establish training for field employees to conduct facility security assessments and monitor state offices’ compliance with the requirement to conduct assessments. Headquarters officials noted that state offices will remain responsible for scheduling and conducting their own assessments. However, as of June 2019, the agency had not developed a plan for how the security manager would implement agency-wide training given available resources, or ensure state offices’ compliance with the requirement to conduct assessments. • Forest Service. The Forest Service has conducted at least 135 facility security assessments on its approximately 1,135 occupied facilities, but officials do not know when they will complete the remaining assessments and do not have a plan for doing so. 50, 51 Forest Service headquarters officials we interviewed said that the agency is decentralized and its regional offices are responsible for the security of facilities in their regions, including scheduling and conducting facility security assessments. However, some regional officials we interviewed said they do not have resources or sufficient 48 According to BLM and Interior officials, Interior’s Office of Law Enforcement and Security completed 16 of the 21 facility security assessments on behalf of BLM. The other five were completed by BLM state office officials in Colorado whom Interior officials had trained to conduct facility security assessments. 49 As of June 2019, BLM headquarters had a list of 283 occupied facilities in its inventory. However, according to officials, state offices decide where to position their employees and, as a result, the occupancy status of a facility can fluctuate from year to year. 50 Forest Service maintains a spreadsheet of completed facility security assessments but, according to headquarters officials, it is not regularly updated and may be incomplete. As of June 2019, the spreadsheet contained facility security assessments completed through May 2019. 51 According to Forest Service headquarters officials, the total number of occupied facilities in the agency’s inventory is current as of June 2019, but the officials stated that they are working with field staff to validate the total. Officials also said that Forest Service regions may assess many individual facilities as part of a campus, which may affect the total number of assessments the agency needs to complete. Page 33 GAO-19-643 Security Risks to Land Management Agencies staff expertise to conduct the assessments. 52 Forest Service headquarters officials stated that they have partnered with the U.S. Department of Agriculture’s Office of Homeland Security to offer facility security assessment training to Forest Service regional employees. 53 Additionally, Forest Service headquarters officials stated that with the assistance of the U.S. Department of Agriculture’s Office of Homeland Security, they were restructuring their physical security program. Under the new structure, headquarters will oversee compliance at a national level and each region will have a team responsible for facility security assessments in their region, which agency officials said will establish lines of authority to account for the agency’s decentralized structure. However, the Forest Service headquarters official responsible for leading this effort said that, due in part to staff turnover, restructuring the physical security program has been difficult. As of June 2019, the Forest Service does not have a documented plan for how the restructured program will operate, how to ensure sufficient staff are trained to complete the assessments given available resources, or how and when regions will complete all of their assessments. • Park Service. The Park Service has conducted at least 148 facility security assessments on its approximately 1,505 occupied facilities, but officials do not know when they will complete the remaining 52 One Forest Service region completed its assessments with the assistance of Forest Service headquarters, according to headquarters officials. These headquarters officials said they prioritized this region’s facilities for assessments because of the potential for threats to employee safety. 53 In 2017, the U.S. Department of Agriculture implemented a facility security assessment training program and, according to Forest Service headquarters officials, approximately 96 Forest Service employees had attended the program as of March 2019. However, Forest Service regional offices determine whether to send employees to the training program based on employee availability and resources, among other things. Page 34 GAO-19-643 Security Risks to Land Management Agencies assessments and do not have a plan to do so. 54, 55 Park Service headquarters officials we interviewed said that the agency is decentralized and the superintendents of its 418 park units are responsible for the security of facilities within their parks, including scheduling and conducting facility security assessments. However, some park unit officials we interviewed said they do not have the resources or sufficient staff with expertise to conduct the assessments. Park Service headquarters officials stated that they have developed a program to offer facility security assessment training to park employees. 56 In February 2019, according to agency officials, the Park Service hired a security manager who will standardize the agency’s facility security assessment practices, expand facility security assessment training opportunities, and monitor parks’ compliance with the requirement to conduct assessments. Headquarters officials noted that park units will remain responsible for scheduling and conducting their own assessments. However, as of June 2019, the agency had not developed a documented plan for how to ensure sufficient staff are trained to complete the assessments given available resources, or how the security manager would ensure park units’ compliance with the requirement to conduct assessments. Not complying with the ISC Standard’s requirement to complete facility security assessments on all occupied facilities could leave federal 54 In October 2018, we recommended that the Park Service develop a means to track parks’ completion of facility security assessments. GAO, Federal Facility Security: Actions Needed to Better Address Various Emerging Threats, GAO-19-32SU (Washington, D.C.: Oct. 17, 2018). Park Service headquarters officials told us they implemented a mechanism for parks to report completed assessments, but many parks have not done so. As a result, Park Service headquarters does not have an accurate count of how many assessments parks have completed. 55 Park Service headquarters officials said in June 2019 that they finalized a list of 1,506 occupied facilities in the agency’s inventory that require facility security assessments, but the officials stated that park superintendents have more complete information on the occupancy status of facilities in their parks. Officials also noted that park superintendents may include unoccupied buildings or other assets such as antiquities and monuments in their facility security assessments. 56 In 2016, the Park Service implemented a facility security assessment training program and, according to headquarters officials, at least 187 Park Service employees have attended the training as of April 2019—the date of the most recent class at the time of our review. However, because the Park Service is decentralized, park superintendents determine whether to send employees through the training program, and the superintendents may base their decision to do so on employee availability and resources, among other things. Park Service officials also noted that the training program cannot currently accommodate everyone who wants to attend. Page 35 GAO-19-643 Security Risks to Land Management Agencies agencies exposed to risks in protecting their employees and facilities. Specifically, without conducting all of the required assessments, agencies may not identify the degree to which undesirable events can impact their facilities or identify the countermeasures they could implement to mitigate the risks of those events. Officials from BLM, the Forest Service, and the Park Service acknowledged that completing the remaining facility security assessments is important and that developing an agency-wide plan to do so may help them as they work towards compliance with this ISC Standard requirement. In the process of developing their plans, the agencies could take into consideration their organizational structure, available resources, and training needs, all of which may affect how quickly they can complete their assessments. Furthermore, developing a plan for completing facility security assessments will require agencies to identify the number and locations of their required assessments, which may help them fulfill the fiscal year 2020 ISC compliance reporting requirement. BLM, FWS, and the Park Service Do Not Have Facility Security Assessment Methodologies that Fully Comply with Two Key Requirements in the ISC Standard Three of the four federal land management agencies have not developed a facility security assessment methodology that complies with two key requirements in the ISC Standard. Specifically, according to the ISC Standard, methodologies must, among other things, (1) consider all 33 of the undesirable events identified in the Standard, such as active shooters, vandalism, and explosive devices; and (2) evaluate the three factors of risk—threat, vulnerability, and consequence—for each undesirable event. 57 According to our analysis of agency documentation and interviews with agency officials, the extent to which each agency’s facility security assessment methodology complied with the two key ISC Standard requirements we evaluated varied. As of June 2019, the Forest Service’s facility security assessment methodology met the two key ISC Standard requirements we evaluated, and the Park Service’s methodology partially 57 The ISC Standard outlines four key requirements for facility security assessment methodologies. Specifically, methodologies are to (1) consider all 33 of the undesirable events identified in the Standard; (2) evaluate the three factors of risk—threat, vulnerability, and consequence—for each undesirable event; (3) produce similar or identical results when applied by various security professionals; and (4) provide sufficient justification for deviations from the ISC-defined security baseline. We selected the first two key requirements for our analysis because we could objectively verify agencies’ compliance by reviewing and analyzing agency documentation and interviewing agency officials. Page 36 GAO-19-643 Security Risks to Land Management Agencies met the requirements. BLM and FWS did not have established facility security assessment methodologies as of June 2019. Specifically: • Forest Service. The Forest Service utilizes an ISC-compliant facility security assessment methodology developed by the U.S. Department of Agriculture. The methodology adheres to the two key ISC Standard requirements that we evaluated. 58 • Park Service. The Park Service developed a risk assessment methodology, but it only partially adheres to the two key ISC Standard requirements we evaluated. Specifically, the Park Service’s risk assessment methodology does not include a step to assess the consequences of specific undesirable events, as required by the ISC Standard. Park Service officials indicated the agency’s commitment to conducting facility security assessments using an ISC-compliant methodology and said that they plan to submit the Park Service’s risk assessment methodology to the ISC to be certified as compliant with requirements in the ISC Standard. 59, 60 A Park Service official acknowledged, however, that the agency needs to update its methodology to include a step to assess the consequences of specific undesirable events, and the official stated that the agency does not plan to submit the methodology to the ISC until those changes have been made. As of June 2019, officials did not have a timeframe for doing so. 61 • BLM. BLM officials said that, as of June 2019, the agency did not have an established methodology for conducting facility security 58 In October 2017, we reported that the U.S. Department of Agriculture’s facility security assessment methodology did not meet key ISC Standard requirements, but the Department has updated the methodology so that it complies with the ISC Standard. See GAO, Federal Facility Security: Selected Agencies Should Improve Methods for Assessing and Monitoring Risk, GAO-18-72 (Washington, D.C.: Oct. 26, 2017). 59 For a risk assessment methodology to be certified as ISC-compliant, it must, among other things, consider all undesirable events in the ISC Standard, assess risk of the undesirable events, and allow for customization of countermeasures based on the results of the risk assessment. There is a periodic recertification requirement for all certified methodologies, according to an ISC official. 60 According to our analysis, the Park Service’s methodology does not directly evaluate vulnerability to undesirable events but evaluates vulnerability in relation to threats to undesirable events. As part of the ISC methodology certification process, the ISC is to assess whether the Park Service’s method of evaluating vulnerability meets requirements. 61 The ISC’s certification process is voluntary and has been offered by the ISC to member agencies since 2013, according to an ISC official. Page 37 GAO-19-643 Security Risks to Land Management Agencies assessments. 62 Officials told us that, once hired, the new BLM security manager will develop an assessment methodology and that the agency intends to employ a methodology that complies with the ISC Standard. 63 However, BLM officials do not know when the security manager will be hired, and the agency has not documented requirements for the security manager to adhere to the ISC Standard’s requirements. • FWS. FWS officials said that, as of June 2019, the agency did not have an established methodology for conducting facility security assessments. 64, 65 Officials told us that the agency intends to employ a methodology that complies with the ISC Standard and provided a high-level description of what they expect the methodology to include. However, this description did not indicate that the agency would evaluate consequences of specific undesirable events, as required by the ISC Standard. 62 In 2016, BLM headquarters provided funding to states for countermeasure upgrades at most occupied facilities. According to agency documents, countermeasures upgraded as part of this initiative included security cameras, physical access control systems, public area modifications and public access barriers, intrusion detection systems, and duress alarms. In most cases, officials had not conducted a facility security assessment to determine whether the level of countermeasures implemented was appropriate to mitigate facility-specific risks to undesirable events. 63 As previously noted, Interior conducted most of BLM’s 21 completed facility security assessments on the agency’s behalf, and BLM officials trained to use Interior’s assessment methodology completed the remainder. According to Interior officials, the department uses an ISC-compliant facility security assessment methodology. However, according to Interior officials, because the information is considered sensitive, they do not document the steps for assessing undesirable events or measuring risk, so we were unable to confirm whether BLM’s completed assessments met the two key ISC Standard requirements. 64 As previously noted, Interior conducted all five of FWS’s completed facility security assessments on the agency’s behalf. According to Interior officials, the department uses an ISC-compliant facility security assessment methodology. However, according to Interior officials, because the information is considered sensitive, they do not document the steps for assessing undesirable events or measuring risk, so we were unable to confirm whether FWS’s completed assessments met the two key ISC Standard requirements. 65 According to FWS officials, because staff do not have the expertise to conduct facility security assessments, in 2011, the agency developed physical security survey checklists as an interim solution for assessing facilities. These checklists allowed staff to document the presence or absence of countermeasures identified in the ISC Standard. However, FWS headquarters officials acknowledged that these checklists were not an ISCcompliant risk assessment methodology since they do not consider undesirable events or measure risk, as required by the ISC Standard. Page 38 GAO-19-643 Security Risks to Land Management Agencies By not using a methodology that fully complies with the ISC Standard, agencies could face adverse effects, such as an inability to make informed resource allocation decisions for their physical security needs and providing facilities—and the facilities’ occupants—with an inappropriate or insufficient level of protection. Specifically, according to the ISC Standard, when agencies do not use methodologies that comply with risk assessment requirements in the ISC Standard, facilities may have either less protection than needed, resulting in unmitigated risks, or more protection than needed, resulting in wasted resources. Conclusions To carry out their critical missions to manage the resources on over 700 million acres of federal lands, BLM, FWS, Forest Service, and Park Service officials and facilities are often the most visible and vulnerable representatives of the federal government in remote areas and have been subject to a range of threats and assaults. One way for these agencies to address the safety risks posed by unpredictable anti-government sentiment or other threats is to follow the ISC Standard requirements for conducting facility security assessments. However, BLM, FWS, the Forest Service, and the Park Service have not conducted all required facility security assessments, and BLM, the Forest Service, and the Park Service do not have a plan for doing so. Agency officials stated that this is due, in part, to decentralized organizational structures, limited available resources, and insufficient training. Without a plan for conducting all of the remaining assessments, agencies may not identify the degree to which undesirable events can impact their facilities or identify countermeasures they could implement to mitigate the risks of those events. In addition, as of June 2019, BLM, FWS, and the Park Service do not have facility security assessment methodologies that fully comply with two key requirements in the ISC Standard—namely, to consider the 33 undesirable events identified in the Standard and to evaluate risk factors for each of these events. Without using a methodology that complies with the ISC Standard, the agencies could face adverse effects, including an inability to make informed resource allocation decisions for their physical security needs and providing facilities—and the facilities’ occupants—with an inappropriate or insufficient level of protection. Page 39 GAO-19-643 Security Risks to Land Management Agencies Recommendations for Executive Action Agency Comments and Our Evaluation We are making a total of six recommendations, including two to BLM, one to FWS, one to the Forest Service, and two to the Park Service. Specifically: • The Director of BLM should develop a plan to conduct all required facility security assessments agency-wide, taking into consideration the agency’s organizational structure, available resources, and training needs. (Recommendation 1) • The Chief of the Forest Service should develop a plan to conduct all required facility security assessments agency-wide, taking into consideration the agency’s organizational structure, available resources, and training needs. (Recommendation 2) • The Director of the Park Service should develop a plan to conduct all required facility security assessments agency-wide, taking into consideration the agency’s organizational structure, available resources, and training needs. (Recommendation 3) • The Director of the Park Service should update the agency’s facility security assessment methodology to comply with requirements in the ISC Standard, including a step to consider the consequence of each undesirable event. (Recommendation 4) • The Director of BLM should develop a facility security assessment methodology that complies with requirements in the ISC Standard to assess all undesirable events and consider all three factors of risk for each undesirable event. (Recommendation 5) • The Director of FWS should develop a facility security assessment methodology that complies with requirements in the ISC Standard to assess all undesirable events and consider all three factors of risk for each undesirable event. (Recommendation 6) We provided a draft of this report to the Departments of Agriculture, Homeland Security, Interior, and Justice for their review and comment. The Forest Service, responding on behalf of the U.S. Department of Agriculture, generally agreed with the report and our recommendation and cited its efforts to develop a plan to complete required facility security assessments. The Forest Service’s written comments are reproduced in appendix III. Interior, responding on behalf of BLM, FWS, and the Park Service, concurred with our recommendations and provided examples of actions the three agencies planned to take. Specifically, regarding our recommendation that BLM and the Park Service develop a plan to conduct facility security requirements agency-wide, BLM intends to revise its policy and develop such a plan, and the Park Service intends to Page 40 GAO-19-643 Security Risks to Land Management Agencies develop a plan that includes training and tools so that park unit staff can conduct the required assessments. Regarding our recommendation that BLM, FWS, and the Park Service develop methodologies that comply with requirements in the ISC Standard, the agencies cited various efforts to do so, including revising policies and developing new tools, training, and data system modules. Interior’s written comments are reproduced in appendix IV. The Department of Homeland Security provided a technical comment that we incorporated. The Department of Justice told us that they had no comments. As agreed with your office, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days from the report date. At that time, we will send copies to the appropriate congressional committees; the Attorney General; and the Secretaries of Agriculture, Homeland Security, and the Interior. In addition, the report will be available at no charge on the GAO website at http://www.gao.gov. If you or your staff members have any questions about this report, please contact me at (202) 512-3841 or fennella@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff members who made key contributions to this report are listed in appendix V. Sincerely yours, Anne-Marie Fennell Director, Natural Resources and Environment Page 41 GAO-19-643 Security Risks to Land Management Agencies Appendix I: Objectives, Scope, and Methodology Appendix I: Objectives, Scope, and Methodology Our objectives were to examine for the four federal land management agencies, (1) what is known about the number of threats and assaults against their employees, (2) the approaches the agencies used to protect their employees from threats and assaults and any factors affecting their ability to do so, and (3) the extent to which agencies met facility security assessment requirements. For the first objective, we obtained and analyzed data on threats and assaults against land management agency employees from the law enforcement databases of the Forest Service within the U.S. Department of Agriculture and the Bureau of Land Management (BLM), Fish and Wildlife (FWS), and National Park Service (Park Service) within the Department of the Interior for fiscal years 2013 through 2017. 1 These data were the most recent available at the time we began our review. We also obtained and analyzed data from the Federal Bureau of Investigation (FBI) regarding its investigations into potential domestic terror threats to land management agencies. 2 Each land management agency’s law enforcement division records data on threats and assaults to employees, as part of its broader mission to enforce laws that safeguard employees and protect resources. The data systems, however, were not specifically designed for reporting threats and assaults against employees, and they do not include the suspect’s motivation for a crime, such as anti-government extremist ideologies. Since each agency collects and maintains data in a different data system and has agency-specific reporting requirements for incidents, the data differ in how they were originally recorded by field law enforcement officers and how they were queried and reported by headquarters officials responding to our request for data. As such, if data were not entered, or not entered correctly, they would not have been captured in agency queries. According to agency officials at the four land management agencies, they queried their data systems to identify records of incidents that pertained to threats and assaults against employees. BLM, Forest Service, and Park Service officials then conducted record-level reviews and removed records that they determined were not threats or assaults, 1 Unless noted otherwise, these data included threats to and attacks on agency employees, volunteers, and contractors. 2 According to an FBI official we interviewed, when initiating an investigation, a field agent identifies all potential violations of statutes or regulations. Therefore, the FBI data include various offenses beyond threats and assaults against employees, such as property crimes, seditious conspiracy, explosives violations, and mail fraud. Page 42 GAO-19-643 Security Risks to Land Management Agencies Appendix I: Objectives, Scope, and Methodology contained errors, were duplicative, or did not contain sufficient information to make a conclusive determination. 3, 4 We did not systematically review the records they removed. Information about each agency’s data system and limitations related to the agency’s data are as follows: • BLM. BLM maintains its data in the Incident Management, Analysis, and Reporting System (IMARS). IMARS is used by most Interior bureaus for incident management and reporting and to prevent, detect, and investigate known and suspected criminal activity. Each bureau uses a different, customized version of IMARS. BLM officials said that beginning in fiscal year 2014, BLM began collecting data on violations of federal statutes, regulations, and state laws during incidents. Prior to that, BLM used a generic description of each offense. Officials also said that when multiple offenses occur during an incident, the less serious offenses are unlikely to be entered into the system. Therefore, some offenses that occurred during incidents of threats and assaults may be excluded from these data. • FWS. FWS maintains its data the agency’s Law Enforcement Management Information System (LEMIS). According to FWS documents, LEMIS is used to process and store investigations, intelligence, and other records. FWS officials said the agency changed data systems during our reporting time frame. Specifically, FWS originally stored fiscal year 2013 and 2014 data in the Law Enforcement-Information Management and Gathering System and imported the data into LEMIS in July 2014. We assessed the data across the two systems by comparing incidents per year and types of violations that occurred, and we found that the data were comparable. According to agency officials, they did not review the incidents before providing them to us; therefore, some incidents may not have been actual threats or assaults. 5 • Forest Service. The Forest Service maintains its data in the Law Enforcement and Investigations Management Attainment Reporting 3 Making such determinations entails professional judgement because, for example, making determinations on whether a threat or assault occurred depends on whether the official reviewing a description of an incident thought it was significant enough to constitute a threat or assault. 4 FWS officials did not conduct a record-level review of their threats and assaults data. 5 For example, some incidents included in FWS’s data were captured under broad statutes—such as 18 U.S.C. § 111, which includes resisting arrest as well as assaulting a federal employee—and FWS’s data did not distinguish what aspect of the statute was violated. Page 43 GAO-19-643 Security Risks to Land Management Agencies Appendix I: Objectives, Scope, and Methodology System (LEIMARS). Forest Service officials said LEIMARS is used to record criminal and claims activity in the national forests, which include verified violations of criminal statutes and agency policy, as well as incidents that may result in civil claims for or against the government. Incidents are recorded in LEIMARS in one of three types of law enforcement report categories: (1) an incident report, which records when an offense occurred but the perpetrator was unknown; (2) a warning notice, which is issued when an offense occurred but the law enforcement officer determined that the offense was inadvertent or committed due to lack of understanding or misinformation; and (3) a violation notice, which is issued for an offense that violates the U.S. Code or Forest Service regulations and the perpetrator was known. We present these three types of reports as incidents. A Forest Service official identified 125 incidents for which the agency could not determine whether a threat or assault to an employee occurred. We excluded these 125 incidents from our analysis. Officials told us that they only provided data on the most serious offense occurring during an incident due to limitations on linking records in the Forest Service’s data system; they also told us that there may be a minor amount of overlap between violation notices and incident reports. • Park Service. As with BLM, Park Service data is maintained in the IMARS data system. 6 According to a Park Service official, some but not all Park Service incident records cite a federal statute or regulation. However, all Park Service incident records include offense codes—which are unique to the Park Service—that are associated with the type of violation, such as assault or disorderly conduct. Unlike with the statutes and regulations, a perpetrator does not need to be identified for the law enforcement officer to cite an offense code. Therefore, the Park Service provided data to us by offense code, and we were not able to present the data by the statute or regulation that was potentially violated. We also obtained data from the FBI on investigations into potential domestic terror threats to land management agencies. FBI investigation data is maintained in the Sentinel data system, which is FBI’s case management system. FBI officials provided data from the FBI’s domestic terrorism program on three types of investigations: assessments, 6 While we included in our review threats and assaults against land management agency employees, volunteers, and contractors—broadly characterized as employees—the Park Service provided data on employees only. Page 44 GAO-19-643 Security Risks to Land Management Agencies Appendix I: Objectives, Scope, and Methodology preliminary investigations, and full investigations. We reported data on the full investigations because of the limited information available on assessments and preliminary investigations. Before providing the data to us, an FBI official reviewed the record of each domestic terrorism investigation initiated in fiscal years 2013 through 2017 to determine whether the investigation was relevant to threats to BLM, FWS, the Forest Service or the Park Service. These data represent all potential violations known at the time the FBI agent first opened the case and therefore include various potential violations beyond threats and assaults against federal employees. According to agency officials, in some cases, the FBI agent opening the case may not have been able to fully identify all relevant subsections of the statute or regulation that was potentially violated. To account for this, we report FBI’s data at the statute or regulation level. Since we relied on the professional judgement of agency officials to review and interpret incident data, we may be unable to replicate the final data selection drawn from each agency’s database, even if we retrieved the data using the same method and search criteria. We independently assessed the reliability of each agency’s data by (1) reviewing related documentation about the data system; (2) conducting manual reviews of the data for missing data, outliers, and obvious errors; (3) reviewing related internal controls; and (4) interviewing agency officials knowledgeable about the data, among other things. In our interviews, we asked agency officials about data entry practices, data system capabilities and limitations, and circumstances whereby incidents of threats and assaults might not appear in the database. Based on our review, we determined that the data were sufficiently reliable for the purposes of reporting descriptive summary information on the number of threats and assaults against federal land management employees during fiscal years 2013 through 2017. To address our second objective, we examined policies and requirements regarding federal land management agencies’ responsibilities for protecting employees against threats and assaults. We also interviewed headquarters and selected field unit officials about the agencies’ approaches to protecting their employees from threats and assaults and factors that may affect their ability to do so, and we obtained supporting documentation where available. We conducted site visits from March through July 2018 to a nongeneralizable sample of 11 of the 35 regional or state offices and 14 field units across the federal land management Page 45 GAO-19-643 Security Risks to Land Management Agencies Appendix I: Objectives, Scope, and Methodology agencies. 7 We selected sites in Colorado, Nevada, Oregon, and Utah, since the majority of federal lands are located in the West and some field units in these states had been affected by actions of individuals motivated by anti-government ideologies. 8 Specifically, we conducted site visits to five BLM field units, nine FWS field units, seven Forest Service field units, and four Park Service field units. The number of field units we interviewed varied on several factors, including how many field units regional and state offices invited to the meeting. Findings from the interviews we conducted at our site visits provide useful insights but cannot be generalized to those units we did not include in our review. Based on our site visit interviews, we identified four primary factors affecting agencies’ abilities to protect their employees from threats and assaults. We also collected information from each agency on the number of field law enforcement officers they had at the end of fiscal years 2013 and 2018, the most recent year for which data were available—to analyze any changes in resources. We took steps to assess the reliability of these data, including comparing the data to agency budget justifications and interviewing agency officials, and found them to be sufficiently reliable for the purpose of reporting the number of field law enforcement officers agencies had in fiscal years 2013 and 2018. For the third objective, we examined government-wide requirements promulgated by the Interagency Security Committee (ISC) and documented in ISC’s Risk Management Process for Federal Facilities, which we refer to in this report as the ISC Standard, and its related appendixes. 9 We interviewed ISC officials to learn more about the development of the requirements in the ISC Standard and variations, if any, in how agencies are expected to implement them. To determine whether agencies met the requirement to conduct facility security 7 BLM’s field structure consists of state offices that oversee field units, whereas FWS, the Forest Service, and the Park Service have regional offices that are responsible for overseeing field units. We conducted two of our field unit site visit semi-structured interviews by telephone. 8 We refer broadly to all non-headquarters units, including regional, state, and field units, as “field units” throughout the report. 9 Interagency Security Committee, The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard (Washington, D.C.: November 2016). The ISC Standard incorporates the following appendixes that help users conduct facility security assessments: Appendix A: The Design-Basis Threat Report; Appendix B: Countermeasures; and Appendix C: Child-Care Centers Level of Protection Template. As of June 2019, the November 2016 version of the ISC Standard was the most current. Page 46 GAO-19-643 Security Risks to Land Management Agencies Appendix I: Objectives, Scope, and Methodology assessments on all of their occupied facilities, we obtained documents on the agencies’ inventories of occupied facilities and assessed whether the agencies had conducted security assessments on those facilities. We interviewed headquarters and field officials about their inventories and their plans, if any, for completing the remaining assessments. 10 We also examined the extent to which agencies’ facility security risk assessment methodologies complied with two key requirements in the ISC Standard. These included that methodologies must: (1) consider all 33 of the undesirable events identified in the Standard and (2) evaluate the three factors of risk—threat, vulnerability, and consequence—for each undesirable event. We analyzed the agencies’ methodologies and compared them against requirements in the ISC Standard. 11, 12 We also interviewed agency officials about the methodologies. We conducted this performance audit from November 2017 to September 2019 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. 10 Our methodology includes only the facilities for which the agencies in our review are responsible for conducting the facility security assessments. We excluded from our methodology facilities for which the responsibility for conducting the facility security assessment lies with another department or agency, such as those that are leased or owned by the General Services Administration, for which Federal Protective Service conducts the assessment. 11 We selected these two key requirements to analyze because we could objectively verify agencies’ compliance by reviewing and analyzing agency documentation and interviewing agency officials. 12 The ISC Standard also establishes requirements for implementing countermeasures or accepting risk, among other things, but we did not assess agencies’ adherence to these requirements because the agencies in our review had not yet completed the required initial facility security assessments. Page 47 GAO-19-643 Security Risks to Land Management Agencies Appendix II: The Interagency Security Committee’s 33 Undesirable Events, as of June 2019 Appendix II: The Interagency Security Committee’s 33 Undesirable Events, as of June 2019 Table 7: The Interagency Security Committee’s (ISC) 33 Undesirable Events, as of June 2019a Undesirable eventb 1. Adversarial Use of Unmanned Aircraft Systems 2. Aircraft as a Weapon 3. Arson 4. Assault 5. Automobile Ramming 6. Ballistic Attack – Active Shooter 7. Ballistic Attack – Small Arms 8. Ballistic Attack – Standoff Weapons 9. Breach of Access Control Point – Covert 10. Breach of Access Control Point – Overt 11. Chemical/Biological/Radiological Release – External 12. Chemical/Biological/Radiological Release – Internal 13. Chemical/Biological/Radiological Release – Mail or Delivery 14. Chemical/Biological/Radiological Release – Water Supply 15. Civil Disturbance 16. Explosive Device – Mail or Delivery 17. Explosive Device – Person-borne External 18. Explosive Device – Person-borne Internal 19. Explosive Device – Suicide/Homicide Bomber 20. Explosive Device – Vehicle-borne 21. Hostile Surveillance 22. Insider Threat 23. Interruption of Services 24. Kidnapping 25. Modification of Services 26. Release of Onsite Hazardous Materials 27. Robbery 28. Theft 29. Unauthorized Access 30. Unauthorized Entry – Forced 31. Unauthorized Entry – Surreptitious 32. Vandalism 33. Workplace Violence Source: Interagency Security Committee, The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard (Washington, D.C.: November 2016). GAO-19-643 Page 48 GAO-19-643 Security Risks to Land Management Agencies Appendix II: The Interagency Security Committee’s 33 Undesirable Events, as of June 2019 a As of June 2019, Appendix A: The Design-Basis Threat Report (July 2018) of the ISC’s Risk Management Process for Federal Facilities: An Interagency Security Committee Standard (November 2016) contained the most current list of the ISC’s undesirable events. b We omitted descriptions of these undesirable events because the information is considered sensitive. Page 49 GAO-19-643 Security Risks to Land Management Agencies Appendix III: Comments from the U.S. Department of Agriculture Appendix III: Comments from the U.S. Department of Agriculture Page 50 GAO-19-643 Security Risks to Land Management Agencies Appendix IV: Comments from the Department of the Interior Appendix IV: Comments from the Department of the Interior Page 51 GAO-19-643 Security Risks to Land Management Agencies Appendix IV: Comments from the Department of the Interior Page 52 GAO-19-643 Security Risks to Land Management Agencies Appendix V: GAO Contact and Staff Acknowledgments Appendix V: GAO Contact and Staff Acknowledgments GAO Contact Anne-Marie Fennell, (202) 512-3841 or fennella@gao.gov. Staff Acknowledgments In addition to the individual named above, Casey L. Brown (Assistant Director), Tanya Doriss (Analyst in Charge), Charles W. Bausell, Charles A. Culverwell, John W. Delicath, Emily E. Eischen, Cindy K. Gilbert, Richard P. Johnson, Vanessa E. Obetz, Dan C. Royer, and Breanna M. Trexler made key contributions to this report. (102426) Page 53 GAO-19-643 Security Risks to Land Management Agencies GAO’s Mission The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website (https://www.gao.gov). Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to https://www.gao.gov and select “E-mail Updates.” Order by Phone The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, https://www.gao.gov/ordering.htm. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO Connect with GAO on Facebook, Flickr, Twitter, and YouTube. Subscribe to our RSS Feeds or E-mail Updates. Listen to our Podcasts. Visit GAO on the web at https://www.gao.gov. To Report Fraud, Waste, and Abuse in Federal Programs Contact FraudNet: Website: https://www.gao.gov/fraudnet/fraudnet.htm Automated answering system: (800) 424-5454 or (202) 512-7700 Congressional Relations Orice Williams Brown, Managing Director, WilliamsO@gao.gov, (202) 512-4400, U.S. Government Accountability Office, 441 G Street NW, Room 7125, Washington, DC 20548 Public Affairs Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800 U.S. Government Accountability Office, 441 G Street NW, Room 7149 Washington, DC 20548 Strategic Planning and External Liaison James-Christian Blockwood, Managing Director, spel@gao.gov, (202) 512-4707 U.S. Government Accountability Office, 441 G Street NW, Room 7814, Washington, DC 20548 Please Print on Recycled Paper.