Aviation Security

Efforts to Measure Effectiveness and Strengthen Security Programs Gao ID: GAO-04-285T November 20, 2003

Commercial aviation has been a long-standing target for terrorists. Since the tragic attacts of September 11, 2001, substantial changes have been made to enhance security--including the creation of the Transportation Security Administration (TSA) and the federalization of the passenger screener workforce. However, despite these changes, vulnerabilities in aviation security continue to exist. Accordingly, GAO was asked to describe TSA's efforts to (1) measure the effectiveness of its aviation security initiatives, (2) strengthen its passenger screening program, and (3) address additional challenges in further enhancing aviation security.

TSA has implemented numerous initiatives designed to enhance aviation security, but has collected limited information on the effectiveness of these initiatives in protecting commercial aircraft. Our recent work on passenger screening found that little testing or other data exist that measure the performance of screeners in detecting threat objects. However, TSA is taking steps to collect additional data, including developing a 5-year performance plan detailing numerous performance measures, as well as fielding the Threat Image Projection system and increasing screener testing. In addition to collecting performance data, TSA could further strengthen passenger screening by fully deploying recurrent and supervisory training programs, determining the appropriate levels of screeners at the nation's airports, and improving oversight of the contract screener pilot program. Although TSA has developed and deployed basic and remedial training programs, it has not fully developed or deployed recurrent or supervisory training programs. In addition, TSA acknowledged that its initial staffing efforts created imbalances at the nation's airports, and that it has taken limited action to assess the performance of the pilot airports using private, versus federal, screeners. TSA is undertaking a number of actions to address these concerns, including strengthening its training program and awarding contracts to assess its staffing model and the performance of the contract pilot airports. TSA faces a number of other challenges as it continues to enhance aviation security. Significant challenges include implementing the Computer-Assisted Passenger Prescreening System (CAPPS II), as well as strengthening baggage screening, airport perimeter and access controls, and air cargo and general aviation security. In implementing CAPPS II, TSA must ensure it addresses concerns surrounding travelers' privacy rights, the accuracy of databases used by CAPPS II, and obtaining international cooperation needed for the system to be fully operational. Additional challenges include integrating explosive detection systems into airport's in-line baggage handling systems, identifying cost-effective perimeter security technologies, effectively targeting air cargo for screening, and improving security at general aviation airports. Further, TSA faces challenges in funding increased aviation security measures and ensuring that these costs are controlled.

GAO-04-285T, Aviation Security: Efforts to Measure Effectiveness and Strengthen Security Programs This is the accessible text file for GAO report number GAO-04-285T entitled 'Aviation Security: Efforts to Measure Effectiveness and Strengthen Security Programs' which was released on November 20, 2003. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Testimony: Before the Committee on Government Reform, House of Representatives: United States General Accounting Office: GAO: For Release on Delivery Expected at 10:00 a.m. EST: Thursday, November 20, 2003: Aviation Security: Efforts to Measure Effectiveness and Strengthen Security Programs: Statement of Cathleen A. Berrick, Director, Homeland Security and Justice: GAO-04-285T: GAO Highlights: Highlights of GAO-04-285T, a report to the Committee on Government Reform, House of Representatives Why GAO Did This Study: Commercial aviation has been a long-standing target for terrorists. Since the tragic attacts of September 11, 2001, substantial changes have been made to enhance security”including the creation of the Transportation Security Administration (TSA) and the federalization of the passenger screener workforce. However, despite these changes, vulnerabilities in aviation security continue to exist. Accordingly, GAO was asked to describe TSA‘s efforts to (1) measure the effectiveness of its aviation security initiatives, (2) strengthen its passenger screening program, and (3) address additional challenges in further enhancing aviation security. What GAO Found: TSA has implemented numerous initiatives designed to enhance aviation security, but has collected limited information on the effectiveness of these initiatives in protecting commercial aircraft. Our recent work on passenger screening found that little testing or other data exist that measure the performance of screeners in detecting threat objects. However, TSA is taking steps to collect additional data, including developing a 5-year performance plan detailing numerous performance measures, as well as fielding the Threat Image Projection system and increasing screener testing. In addition to collecting performance data, TSA could further strengthen passenger screening by fully deploying recurrent and supervisory training programs, determining the appropriate levels of screeners at the nation‘s airports, and improving oversight of the contract screener pilot program. Although TSA has developed and deployed basic and remedial training programs, it has not fully developed or deployed recurrent or supervisory training programs. In addition, TSA acknowledged that its initial staffing efforts created imbalances at the nation‘s airports, and that it has taken limited action to assess the performance of the pilot airports using private, versus federal, screeners. TSA is undertaking a number of actions to address these concerns, including strengthening its training program and awarding contracts to assess its staffing model and the performance of the contract pilot airports. TSA faces a number of other challenges as it continues to enhance aviation security. Significant challenges include implementing the Computer-Assisted Passenger Prescreening System (CAPPS II), as well as strengthening baggage screening, airport perimeter and access controls, and air cargo and general aviation security. In implementing CAPPS II, TSA must ensure it addresses concerns surrounding travelers‘ privacy rights, the accuracy of databases used by CAPPS II, and obtaining international cooperation needed for the system to be fully operational. Additional challenges include integrating explosive detection systems into airport‘s in-line baggage handling systems, identifying cost-effective perimeter security technologies, effectively targeting air cargo for screening, and improving security at general aviation airports. Further, TSA faces challenges in funding increased aviation security measures and ensuring that these costs are controlled. What GAO Recommends: In prior reports and testimonies, GAO has made numerous recommendations to strengthen aviation security. We also have ongoing reviews assessing many of the issues addressed in this testimony and will issue separate reports on these areas at a later date. www.gao.gov/cgi-bin/getrpt?GAO-04-285T. To view the full product, including the scope and methodology, click on the link above. For more information, contact Cathleen A. Berrick at (202) 512-8777 or Berrickc@gao.gov. [End of section] Mr. Chairman and Members of the Committee: Thank you for inviting me to participate in today's hearing to discuss our recent work on the Transportation Security Administration's (TSA) efforts to assess its performance and strengthen its security programs, to include passenger screening. Securing commercial aviation is a daunting task--with hundreds of airports, thousands of aircraft, and tens of thousands of flights daily carrying millions of passengers and pieces of baggage and cargo. Since the attacks of September 11, 2001, billions of dollars have been spent, and a wide variety of programs and initiatives have been implemented to enhance aviation security. However, recent reviews and covert testing conducted by GAO and the Department of Homeland Security's Office of Inspector General, as well as recent media reports, indicate that weaknesses and vulnerabilities in commercial aviation continue to exist. For example, the incident involving a college student who placed box cutters, clay resembling plastic explosives, and bleach on commercial aircraft show that aviation security can still be compromised. My testimony today highlights three key areas that TSA must focus on to enhance aviation security. These areas include (1) measuring the effectiveness of TSA's aviation security initiatives that have already been implemented, (2) strengthening its passenger screening program, and (3) addressing key programmatic and management challenges to further enhance aviation security. My testimony is based on our prior work, reviews of TSA documentation, and interviews with TSA officials. In summary: Although TSA has implemented numerous programs and initiatives to enhance aviation security, it has collected limited information on the effectiveness of these programs and initiatives. Our recent work on TSA's passenger screening program showed that although TSA has made enhancements in passenger screening, it has collected limited data on screeners' ability to detect threat objects. The Aviation and Transportation Security Act (ATSA), which was established with the primary goal of strengthening aviation security, requires that TSA establish acceptable levels of performance for security initiatives and develop annual performance plans and reports to measure and document the effectiveness of those initiatives.[Footnote 1] Although TSA has developed an annual performance plan and report as required by ATSA, to date these tools have focused on TSA's progress in meeting deadlines to implement programs and initiatives mandated by ATSA rather than on the effectiveness of these programs and initiatives. TSA has recognized that it has collected limited performance data on its security initiatives, and is taking steps to collect additional data, including developing a 5-year performance plan, and increasing passenger screener testing. Our recent work on TSA's passenger screening program showed that the program can be strengthened in the areas of training, staffing, and the contract screener pilot program.[Footnote 2] Although TSA has developed and deployed basic and remedial training programs, it has not fully developed or deployed recurrent or supervisory training programs to ensure that screeners are effectively trained and supervised. In addition, TSA has acknowledged that its initial screener staffing levels created imbalances at the nation's airports--a situation that it is attempting to address. TSA also has not yet determined how to evaluate and measure the performance of its contract screening pilot program. Since we issued our preliminary report on TSA's passenger screening program in September 2003, TSA has taken a number of actions to address these concerns, including enhancing its recurrent and supervisory training programs, and awarding a contract to assess the contract screening pilot program. However, TSA has recognized that assessing the performance of the pilot airports will be difficult because of a lack of performance data. TSA faces a number of other challenges as it continues to address threats to our nation's aviation system. Significant challenges include implementing various aviation security programs, such as the Computer- Assisted Passenger Prescreening System[Footnote 3] (CAPPS II), and addressing broader security concerns related to the security of air cargo and general aviation.[Footnote 4] TSA also faces challenges in managing the costs of aviation security and in strategically managing its workforce of about 60,000 people, most of whom are deployed at airports to detect weapons and explosives. TSA has been addressing these and other challenges through a variety of efforts. We have work in progress that is examining TSA's efforts in addressing many of these challenges. Background: The security of the U.S. commercial aviation system has been a long- standing concern. As demonstrated by the 1988 bombing of a U.S. airliner over Lockerbie, Scotland, and the 1995 plot to blow up 12 U.S. aircraft in the Pacific region discovered by Philippine authorities, U.S. commercial aircraft have long been a target for terrorist attacks. Over the years, numerous initiatives have been undertaken to improve aviation security. However, as we and others have documented in numerous reports and studies, weaknesses continue to exist. It was because of these weaknesses that terrorists were able to hijack four commercial aircraft on September 11, 2001, with tragic results. In an effort to strengthen the security of commercial aviation, the President signed into law the Aviation and Transportation Security Act (ATSA) on November 19, 2001. ATSA created TSA as an agency within the Department of Transportation with the responsibility for securing all modes of transportation, including aviation. ATSA mandated specific improvements to aviation security and established deadlines for completing many of these initiatives. Consequently, TSA's main focus during its first year of operation was on meeting these deadlines, particularly federalizing the screener workforce at commercial airports nationwide by November 19, 2002, while at the same time establishing a new federal organization from the ground up. On March 1, 2003, pursuant to the Homeland Security Act, TSA was transferred from the Department of Transportation to the new Department of Homeland Security.[Footnote 5] Virtually all aviation security responsibilities now reside with TSA. One of the most substantial of these is passenger screening. Passenger screening involves the use of metal detectors, X-ray machines, explosive trace detection machines, and physical searches to examine passengers and their baggage to identify threat objects. Passenger screening has historically been an area of concern. As we reported in 1987, and again in 2000, passenger screeners who conducted these examinations have had difficultly in detecting weapons and other dangerous objects. At the time we issued these reports, air carriers were responsible for performing passenger screening. With the passage of ATSA, this responsibility has now become the responsibility of TSA. TSA is also responsible for ensuring the security of air cargo, limiting access to restricted areas of airports to authorized personnel, securing airport perimeters, and conducting background checks for airport personnel, among other responsibilities. Limited Information Exists on the Effectiveness of Aviation Security Initiatives: TSA has implemented numerous initiatives designed to enhance aviation security, but it has collected limited information on the effectiveness of these initiatives, particularly its passenger screening program. ATSA requires that TSA establish acceptable levels of performance and develop annual performance plans and reports to measure and document the effectiveness of its security initiatives.[Footnote 6] Although TSA has developed these performance tools as required by ATSA, the tools currently focus on TSA's progress toward meeting ATSA deadlines, rather than on the effectiveness of its programs and initiatives. Although TSA has collected limited data on the effectiveness of its initiatives, it is taking several steps to collect objective data to assess its performance. Evaluation of Program Effectiveness: Although there are a number of methods that TSA can use to measure the effectiveness of its passenger screening program, none are being fully utilized. As we reported in September 2003,[Footnote 7] the primary source of information collected on screeners' ability to detect threat objects is covert testing conducted by TSA's Office of Internal Affairs and Program Review. However, TSA does not consider the results of these covert tests as a measure of performance, but rather a "snapshot" of a screener's ability to detect threat objects at a particular point in time and as a system-wide performance indicator. At the time we issued our report, the Office of Internal Affairs and Program Review had conducted 733 covert tests of passenger screeners at 92 airports. As a result, only a small percentage of TSA's passenger screeners had been subject to a covert test. In addition to conducting covert tests at screening checkpoints, TSA conducts tests to determine whether the current Computer-Assisted Passenger Screening System is working as designed; threat objects are detected during the screening of checked baggage; and access to restricted areas of the airport is limited only to authorized personnel.[Footnote 8] While the Office of Internal Affairs and Program Review has conducted about 2,000 access tests, it has conducted only 168 Computer-Assisted Passenger Screening System and checked baggage tests. Based on an anticipated increase in staff from about 100 in fiscal year 2003 to 200 in fiscal year 2004, the Office of Internal Affairs and Program Review plans to conduct twice as many covert tests next year.[Footnote 9] Another key source of data on screener performance in detecting threat objects is the Threat Image Projection (TIP) system, which places images of threat objects on the X-ray screen during actual operations and records whether screeners identify the threat object.[Footnote 10] The Federal Aviation Administration began deploying TIP in late 1999 to continually measure screener performance and to train screeners in becoming more adept at detecting hard-to-spot threat objects. However, TIP was shut down immediately following the September 11 terrorist attacks because of concerns that it would result in screening delays and panic, as screeners might have thought that they were actually viewing a threat object. Although TSA officials recognized that TIP is a key tool in measuring, maintaining, and enhancing screener performance, they only recently began reactivating TIP on a wide-scale basis because of competing priorities, a lack of training, and a lack of resources needed to deploy TIP activation teams. As TIP becomes operational at each airport, TSA headquarters and federal security directors[Footnote 11] will have the capability to query and analyze performance data in a number of ways, including by individual screeners, checkpoints, terminals, and airports. TIP is expected to be fully deployed and operational by April 2004. When fully deployed, the annual screener recertification test results will provide another source of data on screener performance. ATSA requires that TSA collect performance information on each screener through conducting an annual proficiency review to ensure he or she continues to meet all qualifications and standards required to perform the screening function. Although TSA began deploying federal screeners to airports in April 2002, TSA only recently began implementing the annual recertification program and does not expect to complete testing at all airports until March 2004. The recertification testing is comprised of three components: (1) image recognition; (2) knowledge of standard operating procedures; and (3) practical demonstration of skills, to be administered by a contractor. TSA officials consider 28,000 screeners as having completed the first two components because they successfully passed competency tests TSA administered at many airports as part of a screener workforce reduction effort. However, these competency tests did not include the third component of TSA's planned annual screener recertification program--the practical demonstration of skills. TSA officials awarded a contract for this component of the annual proficiency reviews in September 2003. TSA's Performance Management Information System for passenger and baggage screening operations is also designed to collect performance data, but currently it contains limited information on screener performance in detecting threat objects. The Performance Management Information System collects a wide variety of metrics on workload, staffing, and equipment and is used to identify some performance indicators, such as the level of absenteeism, the average time for equipment repairs, and the status of TSA's efforts to meet goals for 100 percent electronic baggage screening.[Footnote 12] However, the system does not contain any performance metrics related to the effectiveness of passenger screening. TSA is planning to integrate performance information from various systems into the Performance Management Information System to assist the agency in making strategic decisions. TSA further plans to continuously enhance the system as it learns what data are needed to best manage the agency. In addition to making improvements to the Performance Management Information System, TSA is currently developing performance indexes for both individual screeners and the screening system as a whole. The screener performance index will be based on data such as the results of training and recertification tests, and the index for the screening system will be based on information such as TIP results. TSA has not yet fully established its methodology for developing the indexes, but it expects to have them developed by the end of fiscal year 2004. Performance Evaluation Tools under Development: TSA has recognized the need to strengthen the assessment of its performance, and it has initiated efforts to develop and implement strategic and performance plans to clarify goals, establish performance measures, and evaluate the performance of its security initiatives. Strategic plans are the starting point for an agency's planning and performance measurement efforts. Strategic plans include a comprehensive mission statement based on the agency's statutory requirements, a set of outcome-related strategic goals, and a description of how the agency intends to achieve these goals. The Government Performance and Results Act (GPRA)[Footnote 13] establishes a framework for strategic plans that requires agencies to: * clearly establish results-oriented performance goals in strategic and annual performance plans for which they will be held accountable, * measure progress toward achieving those goals, * determine the strategies and resources needed to effectively accomplish the goals, * use performance information to make programmatic decisions necessary to improve performance, and: * formally communicate results in performance reports. Although the Department of Homeland Security plans to issue one strategic plan for the department, it plans to incorporate strategic planning efforts from each of its component agencies. TSA recently completed a draft of its input into the Department of Homeland Security's strategic plan. TSA officials stated that the draft is designed to ensure their security initiatives are aligned with the agency's goals and objectives and that these initiatives represent the most efficient use of their resources. TSA officials submitted the draft plan to stakeholders in September 2003 for their review and comment. The Department of Homeland Security plans to issue its strategic plan by the end of the year.[Footnote 14] In addition to developing a strategic plan, TSA is developing a performance plan to help it evaluate the current effectiveness and levels of improvement in its programs, based on established performance measures. TSA submitted to the Congress a short-term performance plan in May 2003, as required by ATSA, that included performance goals and objectives. The plan also included an initial set of 32 performance measures, including the percentage of bags screened by explosive detection systems and the percentage of screeners in compliance with training standards. However, these measures were primarily output-based (measuring whether specific activities were achieved) and did not measure the effectiveness of TSA's security initiatives. TSA officials acknowledge that the goals and measures included in the report were narrowly focused and that in moving forward additional performance- based measures are needed. In addition to developing a short-term performance plan, ATSA also requires that TSA develop a 5-year performance plan and annual performance report, including an evaluation of the extent to which its goals and objectives were met. TSA is currently developing performance goals and measures as part of its annual planning process and will collect baseline data throughout fiscal year 2004 to serve as a foundation for its performance targets. TSA also plans to increase its focus on measuring the effectiveness of various aspects of the aviation security system in its 5-year performance plan. According to TSA's current draft strategic plan, which outlines its overall goals and strategies for fiscal years 2003 through 2008, its efforts to measure the effectiveness of the aviation security system will include: * random and scheduled reviews of the efficiency and effectiveness of security processes; * oversight of compliance with security standards and approved programs through a combination of inspections, testing, interviews, and record reviews--to include TIP; * measurement of performance against standards to ensure expected standards are met to drive process improvements; and: * collection and communication of performance data using a state-of- the-art data collection and reporting system. In our January 2003 report on TSA's actions and plans to build a results-oriented culture, we recommended next steps that TSA should take to strengthen its strategic planning efforts.[Footnote 15] These steps include establishing security performance goals and measures for all modes of transportation that involves stakeholders, and applying practices that have been shown to provide useful information in agency performance plans. We also identified practices that TSA can apply to ensure the usefulness of its required 5-year performance plan to TSA managers, the Congress, and other decision makers or interested parties. Table 1 outlines the practices we identified for TSA. Table 1: Summary of Opportunities to Help Ensure Useful Annual Plans and Applied Practices: Opportunities to help ensure useful annual plans: Articulate a results orientation; Applied practices: 1. Create a set of performance goals and measures that addresses important dimensions of program performance and balances competing priorities; 2. Use intermediate goals and measures to show progress or contribution to intended results; 3. Include explanatory information on the goals and measures; 4. Develop performance goals to address mission-critical management problems; 5. Show baseline and trend data for past performance; 6. Identify projected target levels of performance for multiyear goals; 7. Link the goals of component organizations to departmental strategic goals. Opportunities to help ensure useful annual plans: Coordinate cross- cutting programs; Applied practices: 8. Identify programs that contribute to the same or similar results; 9. Set complementary performance goals to show how differing program strategies are mutually reinforcing and establish common or complementary performance measures, as appropriate; 10. Describe--briefly or refer to a separate document- -planned coordination strategies. Opportunities to help ensure useful annual plans: Show how strategies will be used to achieve goals; Applied practices: 11. Link strategies and programs to specific performance goals and describe how they will contribute to the achievement of those goals; 12. Describe strategies to leverage or mitigate the effects of external factors on the accomplishment of performance goals; 13. Discuss strategies to resolve mission-critical management problems; 14. Discuss--briefly or refer to a separate plan--plans to ensure that mission-critical processes and information systems function properly and are secure. Opportunities to help ensure useful annual plans: Show performance consequences of budget and other resource decisions; Applied practices: 15. Show how budgetary resources relate to the achievement of performance goals; 16. Discuss--briefly and refer to the agency capital plan--how proposed capital assets (specifically information technology investments) will contribute to achieving performance goals; 17. Discuss--briefly or refer to a separate plan--how the agency will use its human capital. Opportunities to help ensure useful annual plans: Build the capacity to gather and use performance information; Applied practices: 18. Identify internal and external sources of data; 19. Describe efforts to verify and validate performance data; 20. Identify actions to compensate for unavailable or low-quality data; 21. Discuss implications of data limitations for assessing performance. Source: GAO. [End of table] TSA agreed with our recommendations and plans to incorporate these principles into its 5-year performance plan and annual performance report. TSA plans to complete its 5-year performance plan and annual performance report by February 2004, as required by GPRA. The Congress has also recognized the need for TSA to measure the effectiveness of its security initiatives and, as part of the Federal Aviation Administration's (FAA) reauthorization act--Vision 100: Century of Aviation Reauthorization Act--is currently considering a provision that would require the Secretary of the Department of Homeland Security to conduct a study of the effectiveness of the aviation security system. Challenges in Strengthening TSA's Passenger Screening Program: In addition to collecting performance data on the effectiveness of its passenger screening program, TSA can strengthen other areas of the program to help improve screeners' ability to detect threat objects. In our September 2003 report that discussed our preliminary observations on TSA's passenger screening program, we noted that TSA can strengthen recurrent and supervisory training, staffing of screeners, and oversight of its contract screener pilot program. Since that report was issued, TSA has identified a number of actions it has taken or plans to take to address these concerns. We will be reviewing TSA's efforts to address these challenges as part of our ongoing review of this program. Recurrent and Supervisory Training Programs Not Fully Developed: In fulfilling its passenger screening mandate, TSA must ensure that screeners are adequately trained and sufficiently skilled in identifying threat or dangerous objects at screening checkpoints. To help accomplish this, TSA has developed and deployed basic and remedial screener training programs. Basic screener training consists of 40 hours of classroom instruction and 60 hours of on-the-job training that screeners must successfully complete prior to making independent screening decisions. Additionally, TSA requires remedial training for any screener who fails an operational test and prohibits screeners from performing the screening function related to the test they failed until they successfully complete remedial training. TSA screening supervisors may also require remedial training for screeners they observe needing strengthening of their skills. Although TSA has deployed basic and remedial training programs, it has not fully developed or deployed recurrent or supervisory training programs to ensure that screeners are effectively trained and supervised. Recurrent training--the ongoing training of screeners on a frequent basis--is critical in maintaining and enhancing screener skills. Although TSA has not fully developed a recurrent training program, it is in the process of deploying six recurrent training modules and is pilot testing an Online Learning Management System for recurrent training comprised of about 360 components. TSA officials said that budget limitations had delayed implementation of the recurrent training modules and the online learning system. Similarly, TSA has not fully developed or deployed a supervisory training program, even though it describes its screening supervisors as the key to a strong defense in detecting threat objects. However, TSA is taking steps in developing such a program, including working with the U.S. Department of Agriculture's Graduate School to tailor its off- the-shelf supervisory course to meet the specific training needs of TSA's screening supervisors. TSA reported that it is sending supervisors to the U.S. Department of Agriculture off-the-shelf supervisory course until the customized course is fielded in 2004. TSA also plans to establish a technical supervisor training component for recurrent training. TSA Continues to Work to Identify Appropriate Staffing Levels at Airports: To conduct passenger and baggage screening functions at the nation's airports, TSA hired about 56,000 screeners. Initially, screener staff levels for all airports was developed by TSA headquarters without active input from the agency's federal security directors who are responsible for overseeing security at each of the nation's commercial airports. This has led to staffing imbalances, and concern by federal security directors that they had limited authority to respond to airport-specific staffing needs, such as reacting to fluctuations in daily and seasonal passenger flow. TSA officials acknowledged that their initial staffing efforts created imbalances in the screener workforce, and reported that as they work to further reduce the screener workforce,[Footnote 16] they will solicit input from the Federal Security Directors as well as airport and air carrier officials. TSA has also taken steps such as authorizing the hiring of part-time screeners at over 200 airports--the first of whom began working in September 2003. To better address airport-specific staffing needs and accomplish workforce reduction goals, TSA developed its current screener staffing levels using a computer-based modeling process that took into account the number of screening checkpoints and lanes at an airport; originating passengers; the number of airport workers requiring screening; projected air carrier service increases and decreases during the year; and hours needed to accommodate screener training, leave, and breaks. TSA recently hired an outside consultant to conduct a study of screener staffing levels at various airports. TSA officials stated that they will continue to review the staffing allocation process through the modeling efforts to assess air carrier and airport growth patterns, and adjustments will be made as appropriate. We will continue to review TSA's staffing efforts as part of our ongoing review. Assessment of Contract Screening Pilot Program: Consistent with ATSA, TSA implemented a pilot program using contract screeners at five commercial airports. The purpose of the 2-year pilot program is to determine the feasibility of using private screening companies rather than federal screeners. TSA initially required private screening companies to adhere to all of the procedures and protocols used by federal screeners. As a result, these airports had limited flexibility in running screening operations. However, TSA recently provided the contractors with some flexibility, such as allowing them to determine and maintain their own staffing levels and to make independent hiring decisions. ATSA gives all airport operators the option of applying to change from using federal screeners to using private screeners beginning in November 2004. TSA has not yet determined how to evaluate and measure the performance of the pilot program airports or determine the feasibility of using contract screening companies. TSA recently awarded a contract to BearingPoint, Inc., to compare the performance of pilot screening with federal screening, including the overall strengths and weaknesses of both systems, and determine the reasons for any differences.[Footnote 17] The evaluation is scheduled to be completed by March 31, 2004.[Footnote 18] TSA has acknowledged that designing an effective evaluation of the screeners at the pilot airports will be challenging because key operational areas, including training, assessment, compensation, and equipment, have to a large extent been held constant across all airports, and therefore are not within the control of the private screening companies.[Footnote 19] In its request for proposal for the pilot airport evaluation, TSA identified several data sources for the evaluation, including the Performance Management Information System and the Office of Internal Affairs and Program Review's covert testing of passenger screeners. However, as we recently reported, data from these systems in measuring the effectiveness of screening operations is limited. As a result, it will be a challenge for TSA to effectively compare the performance of the contract pilot airports with that of airports using federal screeners. In conjunction with this evaluation, TSA will need to plan for the possible transition of airports from a federal system to a private screening company. Numerous airport operators have expressed an interest in obtaining more information to assist in their decision regarding using private screeners. Specifically, airport operators stated that they would like to determine who would bear responsibility for funding the screening contract, airport liability in the event of an incident linked to a screener failure, how well the current pilot program airports are performing, performance standards to which contract screeners would be held, and TSA's role in overseeing contracted screening. If airports are permitted to opt out of using federal screeners, this could have a significant impact on TSA's role in overseeing the screening function as well as the number of federal screeners needed. TSA Faces Additional Programmatic and Management Challenges: In addition to the challenges it faces in conducting its passenger screening program and assessing program effectiveness, TSA faces a number of other programmatic and management challenges in strengthening aviation security. These challenges include implementing the new Computer-Assisted Passenger Prescreening System; strengthening baggage screening, airport perimeter and access controls, air cargo, and general aviation security; managing the costs of aviation security initiatives; and managing human capital. TSA has been addressing these challenges through a variety of efforts. We have work in progress that is examining TSA's efforts in most of these areas, and we will be reporting on TSA's progress in the future. Computer-Assisted Passenger Prescreening System (CAPPS II): TSA is developing a new Computer-Assisted Passenger Prescreening System, or CAPPS II. This system is intended to replace the current Computer-Assisted Passenger Screening program, which was developed in the mid-1990s by the Federal Aviation Administration to enable air carriers to identify passengers requiring additional security attention. The current system is maintained as a part of the airlines' reservation systems and, operating under federal guidelines, uses a number of behavioral characteristics to select passengers for additional screening. In the wake of the September 11, 2001, terrorist attacks, a number of weaknesses in the current prescreening program were exposed. For example, although the characteristics used to identify passengers for additional screening are classified, several have become public knowledge through the press or on the Internet. Although enhancements have been made to address some of these weaknesses, the behavioral traits used in the system may not reflect current intelligence information. It is also difficult to quickly modify the system to respond to real-time changes in threats. Additionally, because the current system operates independently within each air carrier reservation system, changes to each air carrier's system to modify the prescreening system can be costly and time-consuming. In contrast, CAPPS II is planned to be a government-run program that will provide real-time risk assessment for all airline passengers. Unlike the current system, TSA is designing CAPPS II to identify and compare personal information with commercially available data to confirm a passenger's identity. The system will then run the identifying information against government databases and generate a "risk" score for the passenger. The risk score will determine the level of screening that the passenger will undergo before boarding. TSA currently estimates that initial implementation of CAPPS II will occur during the fall of 2004, with full implementation expected by the fall of 2005. TSA faces a number of challenges that could impede its ability to implement CAPPS II. Among the most significant are the following: * concerns about travelers' privacy rights and the safeguards established to protect passenger data; * the accuracy of the databases being used by the CAPPS II system and whether inaccuracies could generate a high number of false positives and erroneously prevent or delay passengers from boarding their flights; * the length of time that data will be retained by TSA; * the availability of a redress process through which passengers could get erroneous information corrected; * concerns that identify theft, in which someone steals relevant data and impersonates another individual to obtain that person's low risk score, may not be detected and thereby negate the security benefits of the system; and: * obtaining the international cooperation needed for CAPPS II to be fully effective, as some countries consider the passenger information required by CAPPS II as a potential violation of their privacy laws. We are currently assessing these and other challenges in the development and implementation of the CAPPS II system and expect to issue a final report on our work in early 2004. Checked Baggage Screening: Checked baggage represents a significant security concern, as explosive devices in baggage can, and have, been placed in aircraft holds. ATSA required screening of all checked baggage on commercial aircraft by December 31, 2002, using explosive detection systems to electronically scan baggage for explosives. According to TSA, electronic screening can be accomplished by bulk explosives detection systems (EDS)[Footnote 20] or explosives trace detection (ETD) systems.[Footnote 21] However, TSA faced challenges in meeting the mandated implementation date. First, the production capabilities of EDS manufacturers were insufficient to produce the number of units needed. Additionally, according to TSA, it was not possible to undertake all of the airport modifications necessary to accommodate the EDS equipment in each airport's baggage- handling area. In order to ensure that all checked baggage is screened, TSA established a program that uses alternative measures, including explosives-sniffing dogs, positive passenger bag match,[Footnote 22] and physical hand searches at airports where sufficient EDS or ETD technology was not available. Section 425 of the Homeland Security Act allowed the Under Secretary for Transportation Security to grant airports unable to meet the December 31, 2002, 100 percent screening deadline an extension until December 31, 2003. Although TSA has made progress in implementing EDS technology at more airports, it has reported that it will not meet the revised mandate for 100 percent electronic screening of all checked baggage. Specifically, as of October 2003, TSA reported that it will not meet the deadline for electronic screening by December 31, 2003, at five airports. Airport representatives with whom we spoke expressed concern that there has not been enough time to produce, install, and integrate all of the systems required to meet the deadline. In addition to fielding the EDS systems at airports, difficulties exist in integrating these systems into airport baggage-handling systems. For those airports that have installed EDS equipment, many have been located in airport lobbies as stand-alone systems. The chief drawback of stand-alone systems is that because of their size and weight there is a limit to the number of units that can be placed in airport lobbies, and numerous screeners are required to handle the checked bags because each bag must be physically conveyed to the EDS machines and then moved back to the conveyor system for transport to the baggage- handling room in the air terminal. Some airports are in the process of integrating the EDS equipment inline with the conveyor belts that transport baggage from the ticket counter to the baggage-handling area. However, the reconfiguring of airports for in-line checked baggage screening can be extensive and costly.[Footnote 23] TSA has reported that in-line EDS equipment installation costs range from $1 million to $3 million per piece of equipment. In February 2003, we identified letters of intent[Footnote 24] as a funding option that has been successfully used to leverage private sources of funding.[Footnote 25] TSA has since written letters of intent covering seven airports promising multiyear financial support totaling over $770 million for in-line integration of EDS equipment.[Footnote 26] Further, TSA officials have stated that they have identified 25 to 35 airports as candidates for further letters of intent pending Congressional authorization of funding. We are examining TSA's baggage screening program, including its issuance of letters of intent, in an ongoing assignment. Perimeter and Access Controls: Prior to September 2001, work performed by GAO and others highlighted the vulnerabilities in controls for limiting access to secure airport areas. In one report, we noted that GAO special agents were able to use fictitious law enforcement badges and credentials to gain access to secure areas, bypass security checkpoints, and walk unescorted to aircraft departure gates.[Footnote 27] The agents, who had been issued tickets and boarding passes, could have carried weapons, explosives, or other dangerous objects onto aircraft. Concerns over the adequacy of the vetting process for airport workers who have unescorted access to secure airport areas have also arisen, in part as a result of federal agency airport security sweeps that uncovered hundreds of instances in which airport workers lied about their criminal history, or immigration status, or provided false or inaccurate Social Security numbers on their application for security clearances to obtain employment. ATSA contains provisions to improve perimeter access security at the nation's airports and strengthen background checks for employees working in secure airport areas, and TSA has made some progress in this area. For example, federal mandates were issued to strengthen airport perimeter security by limiting the number of airport access points, and they require random screening of individuals, vehicles, and property before entry at the remaining perimeter access points. Further, TSA made criminal history checks mandatory for employees with access to secure or sterile airport areas. To date, criminal history checks have been conducted on approximately 1 million of these employees. TSA also has plans to develop a pilot airport security program and is reviewing security technologies in the areas of biometrics access control identification systems (i.e., fingerprints or iris scans), anti- piggybacking technologies (to prevent more than one employee from entering a secure area at a time), and video monitoring systems for perimeter security. TSA solicited commercial airport participation in the program. It is currently reviewing information from interested airports and plans to select 20 airports for the program. Although progress has been made, challenges remain with perimeter security and access controls at commercial airports. Specifically, ATSA contains numerous requirements for strengthening perimeter security and access controls, some of which contained deadlines, which TSA is working to meet. In addition, a significant concern is the possibility of terrorists using shoulder-fired portable missiles from locations near the airport. We reported in June 2003 that airport operators have increased their patrols of airport perimeters since September 2001, but industry officials stated that they do not have enough resources to completely protect against missile attacks.[Footnote 28] A number of technologies could be used to secure and monitor airport perimeters, including barriers, motion sensors, and closed-circuit television. Airport representatives have cautioned that as security enhancements are made to airport perimeters, it will be important for TSA to coordinate with the Federal Aviation Administration and the airport operators to ensure that any enhancements do not pose safety risks for aircraft. To further examine these threats and challenges, we have ongoing work assessing TSA's progress in meeting ATSA provisions related to improving perimeter security, access controls, and background checks for airport employees and other individuals with access to secure areas of the airport, as well as the nature and extent of the threat from shoulder-fired missiles. Air Cargo Security: As we and the Department of Transportation's Inspector General have reported, vulnerabilities exist in ensuring the security of cargo carried aboard commercial passenger and all-cargo aircraft. TSA has reported that an estimated 12.5 million tons of cargo are transported each year--9.7 million tons on all-cargo planes and 2.8 million tons on passenger planes. Potential security risks are associated with the transport of air cargo--including the introduction of undetected explosive and incendiary devices in cargo placed aboard aircraft. To reduce these risks, ATSA requires that all cargo carried aboard commercial passenger aircraft be screened and that TSA have a system in place as soon as practicable to screen, inspect, or otherwise ensure the security of cargo on all-cargo aircraft. Despite these requirements, it has been reported that less than 5 percent of cargo placed on passenger airplanes is physically screened.[Footnote 29] TSA's primary approach to ensuring air cargo security and safety is to ensure compliance with the "known shipper" program--which allows shippers that have established business histories with air carriers or freight forwarders to ship cargo on planes. However, we and the Department of Transportation's Inspector General have identified weaknesses in the known shipper program and in TSA's procedures for approving freight forwarders, such as possible tampering with freight at various handoff points before it is loaded into an aircraft.[Footnote 30] Since September 2001, TSA has taken a number of actions to enhance cargo security, such as implementing a database of known shippers in October 2002. The database is the first phase in developing a cargo profiling system similar to the Computer-Assisted Passenger Prescreening System. However, in December 2002, we reported that additional operational and technological measures, such as checking the identity of individuals making cargo deliveries, have the potential to improve air cargo security in the near term.[Footnote 31] We further reported that TSA lacks a comprehensive plan with long-term goals and performance targets for cargo security, time frames for completing security improvements, and risk-based criteria for prioritizing actions to achieve those goals. Accordingly, we recommended that TSA develop a comprehensive plan for air cargo security that incorporates a risk management approach, includes a list of security priorities, and sets deadlines for completing actions. TSA agreed with this recommendation and expects to develop such a plan by the end of 2003. It will be important that this plan include a timetable for implementation to help ensure that vulnerabilities in this area are reduced. General Aviation Security: Since September 2001, TSA has taken limited action to improve general aviation security, leaving general aviation far more open and potentially vulnerable than commercial aviation. General aviation is vulnerable because general aviation pilots and passengers are not screened before takeoff and the contents of general aviation planes are not screened at any point. General aviation includes more than 200,000 privately owned airplanes, which are located in every state at more than 19,000 airports.[Footnote 32] More than 550 of these airports also provide commercial service. In the last 5 years, about 70 aircraft have been stolen from general aviation airports, indicating a potential weakness that could be exploited by terrorists. This vulnerability was demonstrated in January 2002, when a teenage flight student stole and crashed a single-engine airplane into a Tampa, Florida skyscraper. Moreover, general aviation aircraft could be used in other types of terrorist acts. It was reported that the September 11th hijackers researched the use of crop dusters to spread biological or chemical agents. We reported in September 2003 that TSA had chartered a working group on general aviation within the existing Aviation Security Advisory Committee.[Footnote 33] The working group consists of industry stakeholders and is designed to identify and recommend actions to close potential security gaps in general aviation. On October 1, 2003, the working group issued a report that included a number of recommendations for general aviation airport operators' voluntary use in evaluating airports' security requirements. These recommendations are both broad in scope and generic in their application, with the intent that every general aviation airport and landing facility operators may use them to evaluate that facility's physical security, procedures, infrastructure, and resources. TSA is taking some additional action to strengthen security at general aviation airports, including developing a risk-based self-assessment tool for general aviation airports to use in identifying security concerns. We have ongoing work that is examining general aviation security in further detail. Aviation Security Funding: TSA faces two key funding and accountability challenges in securing the commercial aviation system: (1) paying for increased aviation security, and (2) ensuring that these costs are controlled. These challenges are particularly critical due to the government incurring large and increasing deficits. The rapid rise in needed funding for aviation security enhancements further exacerbates budget challenges. The costs associated with aviation security are huge. The Department of Homeland Security appropriation includes $3.7 billion for aviation security for fiscal year 2004. The passenger and baggage screening functions alone account for most of this funding, with about $1.8 billion appropriated for passenger screening and $1.3 billion for baggage screening. ATSA created passenger and air carrier security fees to pay for the costs of aviation security, but the fees have not generated enough money to do so. The Department of Transportation's Inspector General reported that the security fees are estimated to generate only about $1.7 billion during fiscal year 2004. A major funding challenge is paying for the purchase and installation of the remaining explosives detection systems, including integration into airport baggage-handling systems. Integrating the equipment with the baggage-handling systems is expected to be costly because it will require major facility modifications. For example, modifications needed to integrate the equipment at Boston's Logan International Airport are estimated to cost $146 million. Modifications for Dallas/Fort Worth International Airport are estimated to cost $193 million. According to TSA and the Department of Transportation's Inspector General, the cost of integrating the equipment nationwide could be $3 billion. A key question that must be addressed is how to pay for these installation costs. The Federal Aviation Administration's Airport Improvement Program (AIP) and passenger facility charges have been eligible sources for funding this work.[Footnote 34] During fiscal year 2002, AIP grant funds totaling $561 million were used for terminal modifications to enhance security. However, using these funds for security reduced the funding available for other airport development and rehabilitation projects. To provide financial assistance to airports for security-related capital investments, such as the installation of explosives detection equipment, proposed aviation reauthorization legislation would establish an aviation security capital fund that would authorize $2 billion over the next 4 years. In February 2003, we identified letters of intent as a funding option that has been successfully used to leverage private sources of funding.[Footnote 35] TSA has since signed letters of intent covering seven airports--Boston Logan, Dallas/Fort Worth, Denver, Los Angeles, McCarran (Las Vegas), Ontario (California), and Seattle/Tacoma international airports. Under the agreements, TSA will pay 75 percent of the cost of integrating the explosives detection equipment into the baggage-handling systems. The payments will stretch out over 3 to 4 years. TSA officials have identified more airports that would be candidates for similar agreements. Another challenge is ensuring continued investment in transportation research and development. For fiscal year 2003, TSA was appropriated about $110 million for research and development, of which $75 million was designated for the next-generation explosives detection systems. However, TSA proposed to reprogram $61.2 million of these funds to be used for other purposes, leaving about $12.7 million to be spent on research and development in that year. This proposed reprogramming could limit TSA's ability to sustain and strengthen aviation security by continuing to invest in research and development for more effective equipment to screen passengers, their carry-on and checked baggage, and cargo. In ongoing work, we are examining the nature and scope of research and development work by TSA and the Department of Homeland Security, including their strategy for accelerating the development of transportation security technologies. Human Capital Management: As it organizes itself to protect the nation's transportation system, TSA faces the challenge of strategically managing its workforce of about 60,000 people--more than 80 percent of whom are passenger and baggage screeners. Additionally, over the next several years, TSA faces the challenge of sizing and managing this workforce as efficiency is improved with new security-enhancing technologies, processes, and procedures. For example, as explosives detection systems are integrated with baggage-handling systems, the use of more labor-intensive screening methods, such as trace detection techniques and manual bag searches, can be reduced. Other planned security enhancements, such as CAPPS II and a registered traveler program, also have the potential to make screening more efficient. Further, if airports opt out of the federal screener program and use their own or contract employees to provide screening instead of TSA screeners, a significant impact on TSA staffing could occur. To assist agencies in managing their human capital more strategically, we have developed a model that identifies cornerstones and related critical success factors that agencies should apply and steps they can take.[Footnote 36] Our model is designed to help agency leaders effectively lead and manage their people and integrate human capital considerations into daily decision making and the program results they seek to achieve. In January 2003, we reported that TSA was addressing some critical human capital success factors by using a wide range of tools available for hiring, and beginning to link individual performance to organizational goals.[Footnote 37] However, concerns remain about the size and training of that workforce, the adequacy of the initial background checks for screeners, and TSA's progress in setting up a performance management system. TSA is currently developing a human capital strategy, which it expects to be completed by the end of this year. TSA has proposed cutting the screener workforce by an additional 3,000 during fiscal year 2004. This planned reduction has raised concerns about passenger delays at airports and has led TSA to begin hiring part-time screeners to make more flexible and efficient use of its workforce. In addition, TSA used an abbreviated background check process to hire and deploy enough screeners to meet ATSA's screening deadlines during 2002. After obtaining additional background information, TSA terminated the employment of some of these screeners. TSA reported 1,208 terminations as of May 31, 2003, that it ascribed to a variety of reasons, including criminal offenses and failures to pass alcohol and drug tests. Furthermore, the national media have reported allegations of operational and management control problems that emerged with the expansion of the Federal Air Marshal Service, including inadequate background checks and training, uneven scheduling, and inadequate policies and procedures. We reported in January 2003 that TSA had taken the initial steps in establishing a performance management system linked to organizational goals. Such a system will be critical for TSA to motivate and manage staff, ensure the quality of screeners' performance, and, ultimately, restore public confidence in air travel. In ongoing work, we are examining the effectiveness of TSA's efforts to train, equip, and supervise passenger screeners, and we are assessing the effects of expansion on the Federal Air Marshal Service.[Footnote 38] Concluding Observations: TSA faces many challenges in strengthening its passenger screening and other security programs. To best address these challenges, it needs the information and tools necessary to ensure that its efforts are effective, are appropriately focused, and are achieving expected results. Without knowledge on the effectiveness of its programs, TSA and the public have little assurance regarding the level of security provided, and whether TSA is using its resources to maximize security benefits. As TSA implements new security initiatives and addresses associated challenges, measuring program effectiveness will help it best focus on the areas of greatest need. We are encouraged that TSA is undertaking efforts to develop the information and tools needed to measure its performance. Mr. Chairman, this concludes my statement. I would be pleased to answer any questions that you or other members of the Committee may have. Contact Information: For further information on this testimony, please contact Cathleen A. Berrick at (202) 512-8777. Individuals making key contributions to this testimony include Mike Bollinger, Lisa Brown, Jack Schulze, and Maria Strudwick. [End of section] Related GAO Products: Aviation Security: Efforts to Measure Effectiveness and Address Challenges. GAO-04-232T. Washington, D.C.: November 5, 2003. Airport Passenger Screening: Preliminary Observations on Progress Made and Challenges Remaining. GAO-03-1173. Washington, D.C.: September 24, 2003. Aviation Security: Progress since September 11, 2001, and the Challenges Ahead. GAO-03-1150T. Washington, D.C.: September 9, 2003: Transportation Security: Federal Action Needed to Help Address Security Challenges. GAO-03-843. Washington, D.C.: June 30, 2003. Transportation Security: Post-September 11th Initiatives and Long-Term Challenges. GAO-03-616T. Washington, D.C.: April 1, 2003. Aviation Security: Measures Needed to Improve Security of Pilot Certification Process. GAO-03-248NI. Washington, D.C.: February 3, 2003. (NOT FOR PUBLIC DISSEMINATION): Aviation Security: Vulnerabilities and Potential Improvements for the Air Cargo System. GAO-03-286NI. Washington, D.C.: December 20, 2002. (NOT FOR PUBLIC DISSEMINATION): Aviation Security: Vulnerabilities and Potential Improvements for the Air Cargo System. GAO-03-344. Washington, D.C.: December 20, 2002. Aviation Security: Vulnerability of Commercial Aviation to Attacks by Terrorists Using Dangerous Goods. GAO-03-30C. Washington, D.C.: December 3, 2002: Aviation Security: Registered Traveler Program Policy and Implementation Issues. GAO-03-253. Washington, D.C.: November 22, 2002. Aviation Security: Transportation Security Administration Faces Immediate and Long-Term Challenges. GAO-03-971T. Washington, D.C.: July 25, 2002. Aviation Security: Information Concerning the Arming of Commercial Pilots. GAO-02-822R. Washington, D.C.: June 28, 2002. Aviation Security: Deployment and Capabilities of Explosive Detection Equipment. GAO-02-713C. Washington, D.C.: June 20, 2002. (CLASSIFIED): Aviation Security: Information on Vulnerabilities in the Nation's Air Transportation System. GAO-01-1164T. Washington, D.C.: September 26, 2001. (NOT FOR PUBLIC DISSEMINATION): Aviation Security: Information on the Nation's Air Transportation System Vulnerabilities. GAO-01-1174T. Washington, D.C.: September 26, 2001. (NOT FOR PUBLIC DISSEMINATION): Aviation Security: Vulnerabilities in, and Alternatives for, Preboard Screening Security Operations. GAO-01-1171T. Washington, D.C.: September 25, 2001. Aviation Security: Weaknesses in Airport Security and Options for Assigning Screening Responsibilities. GAO-01-1165T. Washington, D.C.: September 21, 2001. Aviation Security: Terrorist Acts Demonstrate Urgent Need to Improve Security at the Nation's Airports. GAO-01-1162T. Washington, D.C.: September 20, 2001. Aviation Security: Terrorist Acts Illustrate Severe Weaknesses in Aviation Security. GAO-01-1166T. Washington, D.C.: September 20, 2001. Responses of Federal Agencies and Airports We Surveyed about Access Security Improvements. GAO-01-1069R. Washington, D.C.: August 31, 2001. Responses of Federal Agencies and Airports We Surveyed about Access Security Improvements. GAO-01-1068R. Washington, D.C.: August 31, 2001. (RESTRICTED): FAA Computer Security: Recommendations to Address Continuing Weaknesses. GAO-01-171. Washington, D.C.: December 6, 2000. Aviation Security: Additional Controls Needed to Address Weaknesses in Carriage of Weapons Regulations. GAO/RCED-00-181. Washington, D.C.: September 29, 2000. FAA Computer Security: Actions Needed to Address Critical Weaknesses That Jeopardize Aviation Operations. GAO/T-AIMD-00-330. Washington, D.C.: September 27, 2000. FAA Computer Security: Concerns Remain Due to Personnel and Other Continuing Weaknesses. GAO/AIMD-00-252. Washington, D.C.: August 16, 2000. Aviation Security: Long-Standing Problems Impair Airport Screeners' Performance. GAO/RCED-00-75. Washington, D.C.: June 28, 2000. Aviation Security: Screeners Continue to Have Serious Problems Detecting Dangerous Objects. GAO/RCED-00-159. Washington, D.C.: June 22, 2000. (NOT FOR PUBLIC DISSEMINATION): Security: Breaches at Federal Agencies and Airports. GAO-OSI-00-10. Washington, D.C.: May 25, 2000. FOOTNOTES [1] P.L. 107-71. [2] ATSA required TSA to implement a pilot program using contract screeners at five commercial airports. The purpose of the 2-year pilot program is to determine the feasibility of using private screening companies rather than federal screeners. [3] CAPPS II is a system intended to perform a risk assessment of all airline passengers to identify those requiring additional security attention. [4] General aviation consists of all civil aircraft and excludes commercial and military aircraft. [5] P.L. 107-296. [6] An annual performance plan is to provide the direct linkage between the strategic goals outlined in the agency's strategic plan and the day-to-day activities of managers and staff. Additionally, annual performance plans are to include performance goals for an agency's program activities as listed in the budget, a summary of the necessary resources that will be used to measure performance, and a discussion of how the performance information will be verified. An annual performance report is to review and discuss an agency's performance compared with the performance goals it established in its annual performance plan. [7] U.S. General Accounting Office, Airport Passenger Screening: Preliminary Observations on Progress Made and Challenges Remaining, GAO-03-1173 (Washington, D.C.: Sept. 24, 2003). [8] The original Computer Assisted Passenger Screening System is a stand-alone application residing in an air carrier's reservation system that analyzes certain behavioral patterns to score and calculate each passenger's need for additional screening. [9] Currently, the Office of Internal Affairs and Program Review has 7 team leaders assigned full-time to covert testing, and plans to have a total of 14 full-time team leaders by the end of fiscal year 2004. The team leaders draw from the remaining staff within the office, such as auditors and analysts, to perform the testing. According to TSA officials, overall, 95 percent of the staff in the Office of Internal Affairs and Program Review participates in covert testing as a collateral responsibility. [10] TIP is designed to test screeners' detection capabilities by projecting threat images, including guns and explosives, into bags as they are screened. Screeners are responsible for positively identifying the threat image and calling for the bag to be searched. Once prompted, TIP identifies to the screener whether the threat is real and then records the screener's performance in a database that could be analyzed for performance trends. [11] Federal security directors oversee security at each of the nation's commercial airports. [12] The Performance Management Information System also contains metrics on human resources, sizing, checkpoint, feedback, and incidents. [13] The Government Performance and Results Act of 1993 shifts the focus of government operations from process to results by establishing a foundation for examining agency mission, performance goals and objectives, and results. Under the act, agencies are to prepare 5-year strategic plans that set the general direction for their efforts, and annual performance plans that establish connections between the long- term strategic goals outlined in the strategic plans and the day-to-day activities of managers and staff. Finally, the act requires that each agency report annually on the extent to which it is meeting its annual performance goals and the actions needed to achieve or modify those goals that have not been met. [14] TSA is also developing a National Transportation Security System Plan, a draft of which is currently under review within TSA. TSA plans to promote consistent and mutually supporting intermodal planning in cooperation with administrators and in collaboration with key stakeholders from all modes of transportation. TSA designed the plan for use by agencies, owners, and operators of the transportation system to guide them as they develop their individual security plans. Accordingly, the National Transportation System Security Plan will include national modal plans to capture and tailor transportation security requirements for each mode of transportation, with particular emphasis on intermodal connections. Each modal plan will focus on security for people (workforce and passengers), cargo (baggage and shipments), infrastructure (vehicles, facilities, and right of ways), and response preparedness. [15] U.S. General Accounting Office, Transportation Security Administration: Actions and Plans to Build a Results-Oriented Culture, GAO-03-190 (Washington, D.C.: Jan. 17, 2003). [16] TSA's screener workforce totaled 55,600 on March 31, 2003. The agency cut 3,000 positions for a screener workforce of 52,600 by June 1, 2003. An additional 3,000 positions were cut for a workforce of 49,600 full-time equivalents (FTE) by September 30, 2003, the end of the fiscal year. TSA officials predicted that the screener staffing level will be down to 45,000 by the end of fiscal year 2004. Beginning with the enactment of the 2002 Supplemental Appropriations Act for Further Recovery from and Response to Terrorist Attacks on the United States, Public Law 107-206 (August 2, 2002), and in subsequent appropriations acts, there have been restrictions on TSA impacting staffing levels. The current fiscal year 2004 Department of Homeland Security Appropriations Act, Public Law 108-90, contains a provision requiring that none of the funds in the act be used to recruit or hire personnel into TSA, which would cause the agency to exceed a screener staffing level of 45,000 full-time equivalents. [17] According to the August 8, 2003, request for quotation for the evaluation of the contract screening pilot program, BearingPoint must include informed performance comparisons, both quantitative and qualitative, of private versus federal screeners overall and within different sizes and categories of airports. [18] Based on the time frames established in the request for quotation, BearingPoint, Inc. is required to develop a project plan and evaluation model no later than December 12, 2003. [19] TSA's request for proposal for the pilot program evaluation notes that there are a significant number of operational and managerial elements at the discretion of the private screening companies that should be considered in the evaluation, including supervision, overhead, materials, recruiting, and scheduling. [20] Explosives detection systems use probing radiation to examine objects inside baggage and identify the characteristic signatures of threat explosives. EDS equipment operates in an automated mode. [21] Explosive trace detection works by detecting vapors and residues of explosives. Human operators collect samples by rubbing bags with swabs, which are chemically analyzed to identify any traces of explosive materials. [22] Positive passenger bag match is an alternative method of screening checked baggage, which requires that the passenger be on the same aircraft as the checked baggage. [23] In-line screening involves incorporating EDS machines into airport baggage handling systems to improve throughput of baggage and to streamline airport operations. [24] A letter of intent represents a nonbinding commitment from an agency to provide multiyear funding to an entity beyond the current authorization period. Thus, that letter allows an airport to proceed with a project without waiting for future federal funds because the airport and investors know that allowable costs are likely to be reimbursed. [25] U.S. General Accounting Office, Airport Finance: Past Funding Levels May Not Be Sufficient to Cover Airports' Planned Capital Development, GAO-03-497T (Washington, D.C.: Feb. 25, 2003). [26] The seven airports include Denver International Airport, Las Vegas McCarran International Airport, Los Angeles International Airport, Ontario International Airport, Seattle/Tacoma International Airport, Dallas/Fort Worth International Airport, and Boston Logan International Airport. The purpose is to help defray the costs of installing permanent explosive detection systems that are integrated with airports' checked baggage conveyor systems. [27] U.S. General Accounting Office, Security: Breaches at Federal Agencies and Airports, GAO/T-OSI-00-10 (Washington, D.C.: May 25, 2000). [28] U.S. General Accounting Office, Transportation Security: Federal Action Needed to Help Address Security Challenges, GAO-03-843 (Washington, D.C.: June 30, 2003). [29] Congressional Research Service, Air Cargo Security, September 11, 2003. [30] U.S. General Accounting Office, Aviation Security: Vulnerabilities and Potential Improvements for the Air Cargo System, GAO-03-344 (Washington, D.C.: Dec. 20, 2002). [31] U.S. General Accounting Office, Aviation Security: Progress since September 11, 2001, and the Challenges Ahead, GAO-03-1150T (Washington, D.C.: September 9, 2003). [32] Of the 19,000 general aviation airports, 5,400 are publicly owned. TSA is currently focusing its efforts on these publicly owned airports. TSA is still unclear about its role in inspecting privately owned general aviation airports. [33] GAO-03-1150T. [34] The Airport Improvement Program trust fund is used to fund capital improvements to airports, including some security enhancements, such as terminal modifications to accommodate explosive detection equipment. [35] GAO-03-497T. [36] U.S. General Accounting Office, A Model of Strategic Human Capital Management, GAO-02-373SP (Washington, D.C.: March 2002). [37] U.S. General Accounting Office, Major Management Challenges and Program Risks: Department of Transportation, GAO-03-108 (Washington, D.C.: January 2003). [38] The Federal Air Marshal Service has been transferred out of TSA and into the Department of Homeland Security's Bureau of Immigration and Customs Enforcement.