DIPLOMATIC SECURITY ABROAD: BACKGROUND AND SELECTED ANALYSES

DIPLOMATIC SECURITY ABROAD: BACKGROUND AND SELECTED ANALYSES

Library of Congress Cataloging-in-Publication Data

Contents

Preface

Chapter 1: Securing U.S. Diplomatic Facilities and Personnel Abroad: Background and Policy Issues(

Summary

Introduction

Host Nation Responsibility Under the Vienna Conventions

U.S. Responsibilities and Posture

Assessing the Threat

Physical Security at U.S. Diplomatic Facilities

Embassy Security Construction

Incident Response

Temporary U.S. Personnel and/or Citizen Evacuation

Changing the Status of a Foreign Post

Accountability Review Boards

The Attack in Benghazi, Libya,

on September 11, 2012

Embassy Security and the Benghazi Attack70

Accountability Review Board in the Wake of the Benghazi Attack

Department of State Actions in Response to the Benghazi Attack

Embassy Security Funding

Funding Data and Recent-Year Funding Observations

Funding Issues for Congress

End Notes

Chapter 2: Diplomatic and Embassy Security Funding Before and After the Benghazi Attacks(

Summary

Introduction

Background on State Department’s Budget

and Diplomatic/Embassy Security Funding

Diplomatic/Embassy Security Funding Data

Administration Requests, House-Proposed,

Senate-Proposed, and Enacted Diplomatic/Embassy Security Funding

Security Funding for the Benghazi Facility

Appendix. State Department Funds for

Diplomatic/Embassy Security, FY2008-FY2015

End Notes

Chapter 3: Diplomatic Security: Overseas Facilities May Face Greater Risks Due to Gaps in Security-Related Activities, Standards, and Policies*

Why GAO Did This Study

What GAO Recommends

What GAO Found

Abbreviations

Background

Attacks against U.S. Diplomatic Missions Resulted in Legal and Policy Changes

State Bureaus and Offices Responsible for Physical Security of U.S. Diplomatic Facilities Abroad, Numbers of Facilities, and Funding for Physical Security of Facilities

State Conducts a Range of Activities to

Manage Risks to Overseas Facilities; However, Gaps Exist in Categorizing Facilities and Ensuring Data Reliability

State Manages Risk to Overseas Facilities through Several Activities and Has Recently Taken Steps to Improve These Activities

OBO Tracks Overseas Facilities in a Property Inventory Database

DS Assesses Threat Levels at Posts Overseas

A DS-Led Interagency Board Establishes Physical Security Standards for Diplomatic Work Facilities

DS and the OIG Periodically Assess Facility Vulnerabilities

DS Assesses and Ranks Facilities According to Levels of Risk to Help OBO Set Construction Priorities

State Has Taken Several Actions to Enhance Its Risk Management Activities since the September 2012 Attacks

Problems with Categorizing Facilities and Ensuring Data Reliability May Impact State’s Tracking and Ranking of Facilities

DS and OBO Do Not Have a Shared Understanding on When to Categorize Warehouses as Office Facilities

State Lacks Standard Terminology for Different Facility Categories

OBO’s Property Inventory Database and DS’s Risk Matrix Have Data Reliability Problems

State Has Established Physical Security Standards for Most Types of Facilities, but Several Lack Standards, and Some Standards

Are Problematic

Although State Has Developed Security Standards for Most Types of Facilities, It Lacks OSPB Standards for Several Others

State’s Process for Updating Its Physical Security Standards Is Not Always Timely

Inconsistencies within Security-Related Guidance Documents May Lead to Confusion and Inconsistent Application of Some Security Standards

State Does Not Systematically Reassess Standards against Evolving Threats and Risks

State Mitigates Vulnerabilities for

Work Facilities That Do Not Meet Security Standards, but Its Waivers and Exceptions Process Has Weaknesses

When Facilities Do Not Meet Standards, State Mitigates Security Vulnerabilities through Various Construction Programs and Its Waivers and Exceptions Process

OBO and DS Address Some Security Vulnerabilities through Construction Programs

When Security Vulnerabilities Are Identified, a Post Must Obtain Waivers or Exceptions That Define Agreed-Upon Mitigation Steps

Many Overseas Work Facilities Do Not Meet the Most Rigorous Security Standards Set for Newly Constructed or Newly Acquired Facilities

Waivers and Exceptions Are Not Systematically Tracked, Requested, or Reviewed, and Requests Are Not Always Timely, Correct, or Fully Implemented

DS Does Not Systematically Track or Re-evaluate Waivers and Exceptions

DS Does Not Systematically Request Waivers and Exceptions

Certain Waivers and Exceptions Were Not Requested in a Timely Manner, Contained Inaccuracies, or Were Not Fully Implemented

State Follows Some Risk Management Principles but Lacks an Adequate Risk Management Policy for the Physical Security of Work Facilities

DS Established Principles for a Risk Management Policy,

but the Policy Has Not been Fully Developed or Implemented

State’s Risk Management Activities Do Not Operate as a Continuous Process and Do Not Continually Incorporate New Information

State’s Ongoing Risk Management Activities Do Not Operate as a Continuous Process to Incorporate Relevant Data

State’s Risk Management Activities Lack a Feedback Loop that Continually Incorporates New Information

Conclusion

Recommendations for Executive Action

Agency Comments

Appendix I. Objectives, Scope, and Methodology

End Notes

Index

Blank Page