Security at U.S. diplomatic posts is falling short, and Benghazi is only the most visible example.

A new report on “Diplomatic Security” by the Government Accountability Office — GAO-14-655 — demonstrates the problem is systemic, leaving U.S. personnel serving overseas at unnecessary risk. At a time of rising security threats from metastasizing Al Qaeda spinoffs and other terrorist groups, this problem must be addressed immediately at the State Department.

According to the report, State conducts a range of activities to manage risk at overseas work facilities, including the setting of security standards. But GAO found State lacked a fully developed risk management policy to coordinate these activities. It is unclear what standards apply to some facilities, and in others, it took eight years for standards to be identified.

The report identified other deficiencies, including:

  • Overseas Buildings Operations tracks facilities in a database. The report found that its data had reliability issues.
  • The Office of Diplomatic Security and Overseas Security Policy Board establish security standards, but those standards are not consistent.
  • Diplomatic Security and the State Department Office of Inspector General assess vulnerabilities but not always accurately.
  • Diplomatic Security assesses and ranks facilities by level of risk, but its data can be unreliable.
  • The State Department approves waivers for security protocols but not always according to the rules and regulations.

These are serious indictments, but they unfortunately ring true. Consider the actions of former Secretary of State Hillary Clinton. From her first testimony before the Senate in January 2013, Clinton maintained embassy security was not her job and that she never even saw Ambassador Christopher Stephens’ appeals for additional security in Benghazi. Clinton told ABC’s Diane Sawyer on June 17 that she did not “go through all 270 posts,” nor thought she should have

And yet, attorney Victoria Toensing, in a searing op-ed in the Wall Street Journal, June 17, titled “Doesn’t Hillary Clinton Know the Law,” argued that Clinton was by law personally accountable for the security of U.S. diplomatic personnel.

The law in question is the “Secure Embassy Construction and Counterterrorism Act of 1999” or SECCA. It was adopted following the Kenya and Tanzania terrorist bombings on Aug. 7, 1998 and enshrined the recommendations of the ARB that followed the bombings.

According to “SECCA,” the Secretary of State can waive statutory requirements for all U.S. diplomatic offices to be gathered in one compound and to be set back 100 feet from the road if security is otherwise deemed sufficient. The Benghazi consular facility failed on both counts and would have required a waiver personally issued by Clinton, a responsibility the Secretary of State “may not delegate.” Did Clinton sign a waiver when she tasked Stephens with opening the consulate in Benghazi? The House Select Committee on Benghazi will need to know.