The Interagency Security Committee -- What You May Not Know

In 1995, a domestic terrorist detonated a rental truck filled with a potent, home-made bomb built from fertilizer and other easily available chemicals, killing 168 people, including 19 children, and wounding hundreds more. Successful attacks on that scale are rare in the U.S., although the threat remains. As recently as last year, the Federal Bureau of Investigations (FBI) arrested an individual with anti-government views in an undercover operation after the individual allegedly attempted to detonate a car bomb in downtown Oklahoma City.

To mitigate the risks from threats such as these, the Interagency Security Committee (ISC) was established by Presidential Executive Order (E.O.) 12977 six months after the 1995 bombing. Today, the ISC is a robust, 60-agency organization that applies the full complement of federal knowledge and capability to the challenge of securing all federal facilities and the people who work at and visit them.

Brian Harrell, the Assistant Director of the Infrastructure Security Division (ISD) within the newly created Cybersecurity and Infrastructure Security Agency (CISA), chairs this important governmental function. As Chair, he convenes the ISC’s joint efforts each quarter, and oversees continuing interagency efforts to provide defensible, risk-based and resource-informed policies and standards that enhance the quality and effectiveness of security and protection of federal buildings and facilities in the United States.

“I have devoted my career to security, and I am excited and honored to head the ISC as part of my new role as CISA’s first Assistant Director for Infrastructure Security,” said Harrell. “The ISC offers tremendous resources to security leadership across the public and private sectors, and I am making it a priority to ensure that my peers across industry and government are aware of, and take advantage of, these resources.”

The ISC reflects the power of a collective defense. Members include the most knowledgeable and experienced security professionals from across the government. This group is responsible for hundreds of thousands of facilities and works collaboratively to produce guidance for all Departments and Agencies. No one organization could hope to harness the sum of talent that comes together voluntarily in the ISC for the betterment of all. Membership covers the traditional disciplines of physical security, law enforcement, intelligence, along with technical experts like blast engineers, as well as specialists in building control systems, cybersecurity and emerging threat domains such as counter-UAS. The ISC leverages this collective body of knowledge to develop top-tier risk management resources.

The ISC employs a comprehensive risk-based approach by categorizing facilities into one of five security levels based on a number of variables, some of which include the type of mission the facility performs and the threat. Each year, the ISC reassesses the threats by systematically analyzing subjects ranging from traditional hazards like crime, to kinetic attacks and emerging threats such as vehicle ramming and cybersecurity. Countermeasures to mitigate the risks from these threats are updated on the same schedule. Depending on a facility’s security level, the ICS mandates that organizations work with their security providers to conduct a risk assessment every three or five years to check for vulnerabilities. The ISC goes one step further by certifying risk assessment tools as compliant with its guidance.

The ISC produces tailorable and scalable guidance, policies and standards. The federal government and the ISC membership are extremely diverse, and ISC products have to work for the intelligence community on one hand, as well as public facing facilities and tourist attractions on the other. Guidance has to account for a variety of security environments from remote Alaska to New York City. It also has to consider the difference in threats that each unique security environment faces. The ISC has to accomplish its mission under the restrictions that the government operates in, to include physical constraints, historical buildings, and funding—which is why a key focus is to empower security to compete on its merits with other priorities on resources. The Government Accountability Office (GAO) has recognized the ISC’s risk management process as a “gold standard” for federal facilities, and states, localities and even the private sector have adopted many aspects of the ISC’s approach. To learn more about the ISC; its policies, standards and best practices; and to find online training, visit their website at https://www.dhs.gov/interagency-security-committee.

Daryle Hernandez serves as the Director of the Interagency Security Committee (ISC) located in the Infrastructure Security Division within the Cybersecurity and Infrastructure Security Agency (CISA). In this role, he is responsible for implementing Presidential Executive Order 12977 to enhance the quality and effectiveness of security in, and the protection of buildings and non-military Federal facilities in the United States. He does this with and through the chief security officers and other senior executives from 60 Federal departments and agencies that make up the ISC membership. Prior to his arrival to IP, Mr. Hernandez was an interagency senior advisor with a FEMA National Incident Management Assistance Team where he deployed in support of incident response operations in Guam and South Carolina. Hernandez is an experienced protection and security professional with more than 25 years of organizational leadership. His formal education includes a Master’s degree in Political Science from Rutgers University and a Master’s degree in Strategic Studies from the Army War College.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.