In July, at Mt. Rushmore in South Dakota, Greenpeace activists unfurled a huge banner next to the carved stone face of Abraham Lincoln, calling for more-aggressive action to fight climate change.

Mt. Rushmore in July 2009, defaced by Greenpeace activists calling for more-aggressive action to fight climate change.

The activists hiked unnoticed to a ridge just above the six-story-tall stone heads, then rappelled over the side with the banner using existing anchors that the National Park Service uses during periodic cleanings.

The incident illustrates the ease with which security at some national icons can be breached. The banner could just as easily been acid or paint. The Government Accountability Office proclaimed in September that U.S. national parks are not as secure as they might be, because the National Park Service has yet to fully implement security planning across the entire park system.

Concerns persist since Sept. 11 that terrorists may attack again by targeting national icons such as the Statue of Liberty or St. Louis’ Gateway Arch, or by harming those who visit popular sites, such as the Grand Canyon and the Gettysburg battlefield. Attacks on these assets could have a devastating psychological and economic impact.

NPS is responsible for protecting close to 400 separate park units. Its 620-member police force guards such national treasures as the Statue of Liberty, the Washington Monument and San Francisco's Presidio.

In its report, the GAO maintained that individual parks do not share security and policing information with one another. While NPS has information-sharing and coordination arrangements with external organizations at the national, regional, icon and park levels, it lacks comparable arrangements for internal security communications. As a result, the report said, “officials at icons and parks are not equipped to share information with one another on common security problems and solutions.”

GAO noted that there is no NPS-wide Web portal for sharing security information internally, an approach other organizations have established. Thus, while officials at the Gateway Arch, for instance, say they’ve collaborated with other federal agencies, such as the Transportation Security Administration, to form a federal screeners group to share best practices and learn about new technologies, NPS is limited in its ability to leverage these lessons throughout its own organization, an activity a shared Web portal could enable.

The GAO said NPS has also not conducted a thorough risk management review and does not make the best cost-effective use of information technology.

Furthermore, NPS has not established security performance measures and lacks an analysis tool that could be used to evaluate program effectiveness and inform an overall risk management strategy. Thus, icons and parks have little information on the status and performance of security that they can use to manage daily activities or that NPS management can use to manage security throughout the organization.

“Without guidance from the Park Service, officials at the nation’s 400 parks and icons often rely upon trial and error to decide how to secure their facilities,” the report concludes. “This disjointed approach increases potential for wasteful spending, duplication of effort, and security gaps.”