Transportation Security
Systematic Planning Needed to Optimize Resources Gao ID: GAO-05-357T February 15, 2005Critical transportation systems crisscross the nation and extend beyond our borders to move millions of passengers and tons of freight each day, making them both attractive targets to terrorists and difficult to secure. Securing these systems is further complicated by the need to balance security with the expeditious flow of people and goods through these systems. The Transportation Security Administration (TSA) faces the daunting challenge of determining how to allocate its finite resources to manage risks while addressing threats and enhancing security across all transportation modes. To assist the Congress and TSA in focusing resources on the areas of greatest need, we were asked to describe Department of Homeland Security (DHS) and TSA efforts in managing risks and allocating resources across aviation and surface transportation modes, and in integrating screening, credentialing, and research and development (R&D) efforts to achieve efficiencies.
TSA has undertaken numerous initiatives to strengthen transportation security, particularly in aviation, and its efforts should be commended. For example, since September 11, 2001, TSA has installed explosive detection systems at most of the nation's commercial airports to provide the capability to screen all checked baggage for explosives; expanded screener training and developed performance measures and indicators for the screening systems; and evaluated the security of airport perimeters and access controls and provided funding for security equipment. While these efforts are commendable, we found that TSA has not consistently implemented a risk management approach or conducted the systematic analysis needed to inform its decision-making processes and to prioritize security improvements. Our work has shown that a risk management approach can help inform decision makers in allocating finite resources to the areas of greatest need. For example, we found that since initially deploying equipment to screen checked baggage for explosive at airports in response to congressional mandates, TSA has not conducted the systematic planning needed to optimize the deployment and integration of this equipment. Limited analysis of nine airports showed that the integration of this equipment in-line with airport baggage conveyor systems--rather than continuing to maintain the equipment in a stand-alone mode--could result in significant savings for the federal government. We also found that TSA's efforts to implement a comprehensive risk management approach for its air cargo and rail security programs are ongoing. The President's fiscal year 2006 budget request proposes two key DHS organizational changes designed to leverage resources and increase the efficiency and effectiveness of various screening, credentialing, and R&D programs. While we applaud DHS's efforts, it will be important for DHS to address several program challenges as the integration moves forward because restructuring alone will not resolve all existing challenges or ensure the successful integration and achievement of DHS's goals. These challenges including developing regulations identifying eligibility requirements for the Transportation Workers Identification Credential, establishing goals with measurable objectives in research and development strategic plans, and using risk assessments to select and prioritize research and development efforts.
GAO-05-357T, Transportation Security: Systematic Planning Needed to Optimize Resources
This is the accessible text file for GAO report number GAO-05-357T
entitled 'Transportation Security: Systematic Planning Needed to
Optimize Resources' which was released on February 15, 2005.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Testimony:
Before the Committee on Commerce, Science, and Transportation, United
States Senate:
United States Government Accountability Office:
GAO:
For Release on Delivery Expected at 10:00 a.m. EST:
Tuesday, February 15, 2005:
TRANSPORTATION SECURITY:
Systematic Planning Needed to Optimize Resources:
Statement of Cathleen A. Berrick, Director, Homeland Security and
Justice:
GAO-05-357T:
GAO Highlights:
Highlights of GAO-05-357T, a testimony before the Committee on
Commerce, Science, and Transportation, United States Senate:
Why GAO Did This Study:
Critical transportation systems crisscross the nation and extend beyond
our borders to move millions of passengers and tons of freight each
day, making them both attractive targets to terrorists and difficult to
secure. Securing these systems is further complicated by the need to
balance security with the expeditious flow of people and goods through
these systems. The Transportation Security Administration (TSA) faces
the daunting challenge of determining how to allocate its finite
resources to manage risks while addressing threats and enhancing
security across all transportation modes. To assist the Congress and
TSA in focusing resources on the areas of greatest need, we were asked
to describe Department of Homeland Security (DHS) and TSA efforts in
managing risks and allocating resources across aviation and surface
transportation modes, and in integrating screening, credentialing, and
research and development (R&D) efforts to achieve efficiencies.
What GAO Found:
TSA has undertaken numerous initiatives to strengthen transportation
security, particularly in aviation, and its efforts should be
commended. For example, since September 11, 2001, TSA has installed
explosive detection systems at most of the nation‘s commercial airports
to provide the capability to screen all checked baggage for explosives;
expanded screener training and developed performance measures and
indicators for the screening systems; and evaluated the security of
airport perimeters and access controls and provided funding for
security equipment. While these efforts are commendable, we found that
TSA has not consistently implemented a risk management approach or
conducted the systematic analysis needed to inform its decision-making
processes and to prioritize security improvements. Our work has shown
that a risk management approach can help inform decision makers in
allocating finite resources to the areas of greatest need. For example,
we found that since initially deploying equipment to screen checked
baggage for explosive at airports in response to congressional
mandates, TSA has not conducted the systematic planning needed to
optimize the deployment and integration of this equipment. Limited
analysis of nine airports showed that the integration of this
equipment in-line with airport baggage conveyor systems”rather than
continuing to maintain the equipment in a stand-alone mode”could result
in significant savings for the federal government. We also found that
TSA‘s efforts to implement a comprehensive risk management approach
for its air cargo and rail security programs are ongoing.
The President‘s fiscal year 2006 budget request proposes two key DHS
organizational changes designed to leverage resources and increase the
efficiency and effectiveness of various screening, credentialing, and
R&D programs. While we applaud DHS‘s efforts, it will be important for
DHS to address several program challenges as the integration moves
forward because restructuring alone will not resolve all existing
challenges or ensure the successful integration and achievement of
DHS‘s goals. These challenges including developing regulations
identifying eligibility requirements for the Transportation Workers
Identification Credential, establishing goals with measurable
objectives in research and development strategic plans, and using risk
assessments to select and prioritize research and development efforts.
What GAO Recommends:
In prior reports, GAO has made numerous recommendations designed to
strengthen transportation security. GAO also has several ongoing
reviews related to the issues addressed in this testimony, and will
issue separate reports related to these areas at later dates, with
additional recommendations as appropriate.
www.gao.gov/cgi-bin/getrpt?GAO-05-357T.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Cathleen A. Berrick at
(202) 512-3404 or berrickc@gao.gov.
[End of section]
Mr. Chairman and Members of the Committee:
I appreciate the opportunity to participate in today's hearing to
discuss the security of our nation's transportation system and the
numerous initiatives under way and planned intended to strengthen
security. Following the terrorist attacks of September 11, 2001, much
attention was focused on securing our commercial aviation system. Since
that time, emphasis on other modes of transportation has grown as
vulnerabilities are identified and highlighted, such as attempts to
introduce weapons of mass destruction into the United States through
ports, or to launch chemical attacks on mass transit systems. Critical
transportation systems crisscross the nation and extend beyond our
borders to move millions of passengers and tons of freight each day,
making them both attractive targets and difficult to secure. Securing
these systems is further complicated by their nature and scope, the
number of stakeholders involved, and the need to balance security with
the expeditious flow of people and goods through these systems. The
Department of Homeland Security (DHS) and the Transportation Security
Administration (TSA) face the daunting challenge of determining how to
allocate their finite resources to manage risks while addressing
threats and enhancing security across all transportation modes.
My testimony today describes DHS and TSA efforts in managing risks and
allocating resources across aviation and surface transportation modes,
and in integrating screening, credentialing, and research and
development (R&D) efforts to achieve efficiencies. My comments are
based on issued GAO reports and testimonies addressing the security of
U.S. aviation and surface transportation systems, and our review of the
President's budget request for fiscal year 2006. Appendix I contains a
list of related GAO products released since September 11, 2001.
Summary:
DHS and TSA have undertaken numerous initiatives to strengthen
transportation security, particularly in aviation, and their efforts
should be commended. Since September 11th, for example, in addition to
hiring and deploying a workforce of over 40,000 airport passenger and
baggage screeners, TSA has:
* Installed equipment at most of the nation's more than 400 commercial
airports to provide the capability to screen all checked baggage using
explosive detection systems, as mandated by Congress.
* Taken numerous steps to expand training available to the screener
workforce and to develop performance measures to assess screener
performance.
* Outlined a threat-based, risk-management approach for securing the
air cargo transportation system.
* Taken actions to evaluate and enhance the security of airport
perimeters and the controls that limit access into secured airport
areas.
* Partnered with federal agencies and state governments and the general
aviation industry in securing general aviation operations.
* Implemented a Screening Partnership Program through which commercial
airports can apply to TSA to use private rather than federal passenger
and baggage screeners.
* Issued security regulations for passenger rail assets, and begun to
conduct criticality assessments of stations, tunnels, and bridges.
DHS has also proposed, in its fiscal year 2006 budget request, two key
changes in its organizational structure that are designed to achieve
synergy and avoid duplication of effort. These changes include creating
an Office of Screening Coordination and Operations within the Border
and Transportation Security Directorate that would combine several
ongoing, terrorist-related screening initiatives, and consolidating
its R&D efforts--currently spread across four DHS component agencies
including TSA--inside its Science and Technology Directorate.
While these are commendable efforts, we also found that TSA had not
always implemented a risk management approach, or conducted the
systematic analysis needed, to inform its decision-making processes and
to prioritize its security improvements. While we recognize that fully
integrating a risk management approach is challenging for any
organization, our work has shown that such an approach can help inform
decision makers in allocating finite resources to the areas of greatest
need. For example, we found that since the initial deployment of
equipment to screen checked baggage for explosives at commercial
airports in response to congressional mandates, TSA has not conducted
the systematic planning needed to optimize the deployment and
integration of this equipment. Limited analysis has shown that the
integration of this equipment in-line with airport baggage conveyor
systems--rather than maintaining the systems in a stand-alone mode--
could result in significant savings for the federal government for the
nine airports assessed. We also found that TSA must take a number of
actions before a comprehensive risk management approach can be applied
to securing air cargo. These actions include establishing complete
databases of known shippers, addressing the potential ease with which
shippers may become "known," and identifying and testing security
technologies in order to develop and implement a system to screen 100
percent of high risk cargo. We also found that a risk-based approach is
being adopted for rail security.
In addition, while we applaud DHS's efforts to achieve efficiencies
through leveraging resources and technology and improving internal
coordination through proposed organizational changes, it will be
important for DHS to address several challenges that have been
identified with respect to these programs as the integration moves
forward. Restructuring alone will not resolve all existing challenges
or ensure the successful integration and achievement of DHS's goals.
The challenges we identified include developing regulations identifying
eligibility requirements for the Transportation Workers Identification
Credential, and instituting a comprehensive plan for managing the
project. DHS will also need to include goals with measurable objectives
in its R&D strategic plans, prepare and use risk assessments to select
and prioritize R&D projects, and coordinate with R&D stakeholders.
Background:
The nation's transportation system is a vast, interconnected network of
diverse modes. Key modes of transportation include aviation; highways;
motor carrier (trucking); motor coach (intercity bus); maritime;
pipeline; rail (passenger and freight); and transit (buses, subways,
ferry boats, and light rail). The nation's transportation systems are
inherently open environments, designed to move people and commerce
quickly to their destinations. For example, the nation's transportation
system moves over 30 million tons of freight and provides approximately
1.1 billion passenger trips each day. The diversity and size of the
transportation system make it vital to our economy and national
security.
TSA is responsible for the security of all modes of transportation, as
outlined in the Aviation and Transportation Security Act (ATSA) (Pub.
L. No. 107-71). Following the passage of ATSA, TSA began addressing two
major challenges--procuring and installing explosives detection
systems (EDS) and explosive trace detection (ETD) systems to screen
checked baggage for explosives,[Footnote 1] and hiring and deploying
federal screeners to screen passengers and their baggage at commercial
airports nationwide. TSA is also tasked with managing security risks to
surface transportation systems. These systems include 9 billion
passenger trips per year on the nation's mass transit systems, over
161,000 miles of interstate and national highways and their integrated
bridges and tunnels, and nearly 800,000 shipments of hazardous
materials.
Risk Management Approach:
Given the vast transportation network, quick and easy access for
passengers and cargo must be maintained while identifying the best
possible strategies for security. The President's fiscal year 2006
budget request recognizes the need for TSA to identify, prioritize, and
manage risks, and mitigate the impact of potential incidents, to help
ensure that the best strategies are pursued. Consistent with this goal,
GAO has advocated the need to implement--at TSA and throughout the
federal government--a risk management approach for prioritizing efforts
and focusing resources. A risk management approach entails a continuous
process of managing risk through a series of actions, including setting
strategic goals and objectives, assessing risk, evaluating
alternatives, selecting initiatives to undertake, and implementing and
monitoring those initiatives.
Assessing risk, a critical component of a risk management approach,
involves three key elements--threats, vulnerabilities, and
criticality--that provide input into the decision-making process. A
threat assessment identifies and evaluates potential threats on the
basis of factors such as capabilities, intentions, and past activities.
A vulnerability assessment identifies weaknesses that may be exploited
by identified threats and suggests options to address those weaknesses.
A criticality assessment evaluates and prioritizes assets and functions
in terms of specific criteria, such as their importance to public
safety and the economy, as a basis for identifying which structures or
processes are relatively more important to protect from attack.
Information from these three assessments can lead to a risk
characterization, such as high, medium, or low, and provides input for
prioritizing security initiatives.[Footnote 2] Figure 1 depicts a risk
management cycle.
Figure 1: Risk Management Cycle:
[See PDF for image]
[End of figure]
President's Budget Request for Fiscal Year 2006:
In addressing security needs and challenges for all transportation
modes, the President's fiscal year 2006 budget request categorizes TSA
activities into three main areas: (1) Aviation Security, (2) Surface
Transportation Security, and (3) Transportation Security
Support.[Footnote 3] Each of these areas is summarized in detail below
and the total funds requested are presented in in table 1 that follows
the summary.
Aviation security includes two distinct decision units: screening
workforce and equipment, and aviation direction and enforcement.
Screening workforce and equipment includes funding to support passenger
and baggage screener activities such as screener salaries and training,
and the purchase and installation of screening equipment. Aviation
direction and enforcement includes regulation compliance for air cargo,
airports, and airlines through inspections and other efforts, and
airport technology activities and administrative support. The budget
requests about $5 billion for the aviation security appropriation for
fiscal year 2006. These funds will support the current federalized and
privatized screener workforce, provide training and other support for
both passenger and baggage screening, and continue other aviation
security regulation and enforcement activities. Increases were
requested for, among other things, the screener workforce, checkpoint
explosive detection technology, and high-speed information technology
connectivity. The budget request further identified the mandatory $250
million appropriation of the Aviation Security Capital Fund to assist
in the purchase, installation, and/or integration of EDS and ETD
systems. At these levels, TSA expects to maintain current security and
wait time performance at over 430 commercial airports.
Surface transportation security includes resources for TSA's security
operations in all non-aviation modes of transportation. Such operations
include developing standards and regulations to protect the
transportation infrastructure; conducting inspections to monitor and
enforce compliance with standards and regulations; designing and
implementing vulnerability assessment models for all surface
transportation modes; and facilitating information sharing with
transportation stakeholders. The budget requests $32 million for
surface transportation security in fiscal year 2006. These funds will
be used to maintain TSA's various surface transportation security
initiatives, including surface transportation inspectors added during
fiscal year 2005.
Transportation security support includes funding for the operational
needs of TSA's airport and field personnel and infrastructure. This
area also supports TSA headquarters and the Transportation Security
Intelligence Service. Although R&D funds are also included in this
appropriation, the President's fiscal year 2006 budget request proposes
that these funds be transferred to the DHS Science and Technology
Directorate. The budget requests $545 million for transportation
security support for fiscal year 2006. These funds will be used to help
ensure that TSA screeners and other operational employees have
sufficient intelligence information, information technology,
management direction, administrative services, and other key support to
accomplish the agency's mission.
Table 1: President's Fiscal Year 2006 Budget Request for TSA:
(dollars in thousands);
Aviation Security[C];
FY 2004 enacted[A]: $3,724,114;
FY 2005 enacted: $4,578,523;
FY 2006: pres. budget: $4,984,784;
FY 2006 +/-FY 2005: $406,261.
Surface Transportation Security[C, D];
FY 2004 enacted[A]: 261,449;
FY 2005 enacted: 115,000;
FY 2006: pres. budget: 32,000;
FY 2006 +/-FY 2005: -83,000.
Transportation Security Support[B, D];
FY 2004 enacted[A]: 592,480;
FY 2005 enacted: 711,852;
FY 2006: pres. budget: 545,008;
FY 2006 +/-FY 2005: -166,844.
Total;
FY 2004 enacted[A]: $4,578,043;
FY 2005 enacted: $5,405,375;
FY 2006: pres. budget: $5,561,792;
FY 2006 +/-FY 2005: $156,417.
Source: DHS.
[A] Fiscal year 2004 shows a .59 percent across-the-board enacted
rescission of $13.657 million pursuant to P.L. 108-199. Fee-funded
activities were exempt from rescission. Rescission was applied using
Office of Management Budget discretionary fee estimates of $2,276.947
million.
[B] Fiscal year 2005 reflects transfer of $173 million in grants to
Office of State and Local Government Coordination and Preparedness.
[C] Fiscal year 2006 reflects proposed transfer of Secure Flight ($34.9
million), Crew Vetting ($10 million), Credentialing Startup ($10
million), Transportation Worker Identification Credential ($50
million), Registered Traveler ($15 million), HAZMAT ($17 million), and
Alien Flight School ($5 million) to the proposed new Office of
Screening Coordination and Operations which is within the DHS Border
and Transportation Security Directorate.
[D] Fiscal year 2006 reflects proposed research and development
consolidation transferring 60 full-time equivalents and $109.040
million to the DHS Science and Technology Directorate.
[End of table]
TSA Has Taken Steps to Strengthen Aviation and Surface Transportation
Security, but Better Planning Is Needed:
TSA has taken numerous steps to strengthen aviation and surface
transportation security and should be commended for its efforts.
However, better planning is needed to help ensure that these
initiatives are focused on the areas of greatest need to assist TSA in
achieving efficiencies and enhancing security. For example, since
September 11, for example, TSA has (1) installed EDS and ETD systems at
most of the nation's commercial airports to provide the capability to
screen all checked baggage using explosive detection systems, (2)
expanded screener training and developed performance measures and
indicators for the screening systems, (3) developed an air cargo
strategic plan, and (4) evaluated the security of airport perimeters
and access controls and provided funds for security equipment. Despite
these efforts, however, we have consistently found--because of
circumstances beyond TSA's control and a lack of planning--that TSA has
not conducted the systematic analysis needed to inform its decision-
making processes and to prioritize security enhancements. For example,
we found that TSA has not always conducted needed assessments of
threats, vulnerabilities, and criticality in allocating its resources,
and has not fully assessed alternatives that could be pursued to
achieve efficiencies and potentially enhance security. Such planning
could guide TSA in moving forward in its allocation of transportation
security funding and assist it in making wise investment decisions
while enhancing the security of all transportation modes.
Systematic Planning Needed to Optimize the Deployment of Checked
Baggage Screening Systems:
In February 2005, we reported that TSA had installed EDS and ETD
systems at most of the nation's more than 400 commercial airports to
provide the capability to screen all checked baggage using explosive
detection systems, as mandated by Congress.[Footnote 4] Despite these
efforts, however, we found that in moving forward, TSA had not
conducted the systematic planning needed to optimize the deployment of
these systems--in particular determining at which airports EDS machines
should be integrated in-line with airport baggage conveyor systems to
achieve efficiencies. Such planning is important for TSA to be able to
ensure that it is efficiently allocating its limited resources to
maximize the effectiveness of its checked baggage screening operations
and is achieving desired results.
From its creation in November 2001 through September 2004, TSA
obligated[Footnote 5] about $2.5 billion (93 percent) of the
approximately $2.7 billion it had budgeted for fiscal years 2002
through 2004 for procuring and installing explosive detection
equipment--predominantly to screen checked baggage for explosives--and
making associated airport modifications to accommodate the equipment.
Specifically, TSA procured and placed about 1,200 EDS machines and
about 6,000 ETD machines at over 400 airports, and modified airports
for the installation of this equipment. Given the congressional mandate
to screen all checked baggage using explosive detection systems by
December 31, 2002, later extended to December 31, 2003, TSA worked with
a contractor to quickly deploy EDS and ETD equipment to the nation's
airports. This response resulted in TSA placing stand-alone ETD and the
minivan-sized EDS machines--usually in airport lobbies--that were not
integrated in-line with airport baggage conveyor systems. Some of these
interim lobby solutions resulted in operational inefficiencies,
including requiring a greater number of screeners, as compared with
using EDS machines in-line with baggage conveyor systems. Also,
screening solely with ETD machines is more labor intensive and less
efficient than screening using the EDS process. TSA officials stated
that they used EDS machines in a stand-alone mode and ETD machines as
an interim solution in order to meet the congressional deadline for
screening all checked baggage for explosives. Officials further stated
that they employed these interim solutions because of the significant
costs required to install in-line systems and the need to reconfigure
many airports' baggage conveyor systems to accommodate the equipment.
While in-line EDS baggage screening systems have a number of potential
benefits, including streamlining airport and TSA operations and
reducing screenings costs, these systems are capital-intensive because
they often require significant airport modifications, including
terminal reconfigurations, new conveyor belt systems, and electrical
upgrades.
Since the initial deployment of EDS and ETD equipment, TSA has not
conducted a systematic analysis of cost savings and other benefits that
could be achieved from the installation of in-line baggage screening
systems. However, TSA has estimated--through its limited retrospective
analysis for the nine airports that received letter of intent (LOI)
funding agreements[Footnote 6]--that in-line baggage screening systems
at these airports could save the federal government $1.3 billion over 7
years compared with stand-alone EDS systems.[Footnote 7] TSA further
estimated that it could recover its initial investment in the in-line
systems at these airports in a little over 1 year. One factor that
significantly affected estimated savings was the number of screeners
required to conduct screening when using in-line baggage screening
systems. According to TSA's analysis, in-line EDS systems would reduce
by 78 percent the number of TSA baggage screeners and supervisors
required to screen checked baggage at these nine airports, from 6,645
to 1,477. This analysis indicates the potential for cost savings
through the installation of in-line EDS systems at other airports and
provides insights about other key factors likely to influence potential
savings. These factors include how much an airport's facilities would
have to be modified to accommodate the in-line configuration; TSA's
costs to buy, install, and network the EDS machines; and subsequent
maintenance costs.
TSA and airport operators are relying on LOIs as their principal method
for funding the modification of airport facilities to incorporate in-
line baggage screening systems. The fiscal year 2003 Consolidated
Appropriations Resolution approved the use of LOIs as a vehicle to
leverage federal government and industry funding to support facility
modification costs for installing in-line EDS baggage screening
systems. When an LOI is established to provide multiyear funding for a
project, the airport operator is responsible for providing--up front--
the total funding needed to complete the project. Work proceeds with
the understanding that TSA will, if sufficient funding is appropriated,
reimburse the airport operator for a percentage of the facility
modification costs, with the airport funding the remainder of the
costs. The LOI does not constitute a binding commitment for federal
funds.
Although airport officials we interviewed stated that they will require
federal funding to install in-line systems--and TSA officials stated
that additional airports would benefit from in-line systems to achieve
efficiencies and for other reasons--TSA officials stated that they do
not have sufficient resources in their budget to fund additional LOIs
beyond the eight LOIs that have already been issued as of January 2005.
These eight LOIs will support the installation of in-line baggage
screening systems at nine airports for a total cost to the federal
government of $957.1 million over 4 years. The Vision 100--Century of
Aviation Reauthorization Act--among other things, provided for the
creation of the Aviation Security Capital Fund to help pay for placing
EDS machines in line with airport baggage handling systems. The
President's fiscal year 2006 budget request for TSA provides
approximately $240.5 million for the continued funding of the eight
existing LOIs and provides no funds for new LOI agreements for in-line
system integration activities.
We reported that with the objective of initially fielding EDS and ETD
equipment largely accomplished, TSA needs to shift its focus from
equipping airports with interim screening solutions to systematically
planning for the more optimal deployment of checked baggage screening
systems. Part of such planning should include analyzing which airports
should receive federal support for in-line baggage screening systems
based on cost savings and other benefits that could be achieved from
more effective and efficient baggage screening operations. Also, for
airports where in-line systems may not be economically justified, a
cost-effectiveness analysis could be used to determine the benefits of
additional stand-alone EDS machines to screen checked baggage in place
of more labor-intensive ETD machines currently used at more than 300
commercial airports.
To assist TSA in planning for the optimal deployment of checked baggage
screening systems, we recommended that TSA systematically evaluate
baggage screening needs at airports, including the costs and benefits
of installing in-line baggage screening systems at airports that do not
yet have in-line systems installed. DHS agreed with our recommendation,
stating that TSA has initiated an analysis of deploying in-line checked
baggage screening systems and is in the process of formulating criteria
to identify those airports that would benefit from an in-line system.
DHS also stated that TSA has begun conducting an analysis of the
airports that rely heavily on ETD machines as the primary checked
baggage screening technology to identify those airports that would
benefit from augmenting ETDs with stand-alone EDS equipment.
TSA Is Taking Steps to Enhance Screener Training and Measure Screener
Performance:
Since we first reported on TSA's passenger screening program in
September 2003, TSA has taken a number of steps to expand training
available to the screener workforce and to develop performance measures
to assess screener performance. With regard to screener training, the
President's fiscal year 2006 budget requests $91 million to fully
implement TSA's passenger and baggage screener training programs and
related workforce development programs at the expected fiscal year 2006
screener workforce level. However, as we reported this time last year,
insufficient screener staffing and, at many airports, a lack of high-
speed Internet/intranet connectivity have made it difficult for all
screeners to receive required training and have access to all courses
offered.[Footnote 8] Specifically, we reported that Federal Security
Directors[Footnote 9] at 5 of the 15 category X airports we visited--
during our reviews of passenger and baggage screening--stated that it
was difficult, if not impossible, to comply with TSA's recurrent
training requirement of 3 hours each week, averaged over a 3-month
period.[Footnote 10] The directors stated that because of staffing
shortages, they were unable to let screeners take required training
because it would affect the director's ability to provide adequate
screener coverage.
In May 2004, TSA announced a revised allocation of the 45,000 full-time
equivalent screeners among the nation's airports in order to provide
more appropriate screener coverage. TSA based the allocation on various
factors, including forecasted air travel, hours of operation, baggage
screening and checkpoint configurations, types of screening equipment
deployed, and actual operating experience. In addition, TSA
headquarters officials stated that TSA is factoring training
requirements into workplace planning efforts, including a new staffing
model currently under development.[Footnote 11] However, it is too soon
to determine whether the staffing model will address TSA's ability to
provide required training while maintaining adequate coverage for
screening operations.[Footnote 12] The President's request of about
$2.7 billion for the screener workforce in fiscal year 2006 represents
an increase of about $245 million over last year's enacted budget, but
maintains the screener staffing level at the congressionally mandated
ceiling of 45,000 full-time equivalent screeners.
The lack of high-speed Internet/intranet connectivity at airport
training facilities has also limited screener access to TSA training
tools. TSA established its Online Learning Center to provide passenger
and baggage screeners with online, high-speed access to training
courses. However, effective use of the Online Learning Center requires
high-speed Internet/intranet access, which TSA has not been able to
provide to all airports. In February 2004, we reported that TSA had
provided connectivity to 71 airport locations, including training sites
with 927 fully connected training computers, and expected to install
high-speed connectivity at up to 81 additional airports by the end of
fiscal year 2004.[Footnote 13] However, TSA suspended installation of
high-speed connectivity at airports in April 2004 when funding was
exhausted. Currently, TSA reports that it has provided high-speed
connectivity to 120 airports with 1,822 fully connected training
computers. TSA plans to continue to distribute new training products
using other delivery channels, such as written training materials and
CD-ROMs. However, we reported that until TSA provides high-speed
connectivity at every airport, screeners at airports without high-speed
connectivity will not have access to the full menu of courses available
through the Online Learning Center.
The budget request for fiscal year 2006 includes $174 million to
complete the installation of high-speed connectivity at the nation's
commercial airports. The budget request stated that without these
funds, 379 out of 600 (63 percent) of the field sites, including
airports, will continue to communicate and provide security-related
information over dial-up Internet connections, causing delays and
access problems. We believe that the installation of high-speed
connectivity at the nation's airports will significantly increase
screener access to available training, thereby assisting TSA in
strengthening its screening operations. For example, the budget request
stated that without these funds, screeners would not have access to
training programs such as "Threat of the Day," which allows screeners
to stay abreast of the most current security threats.
In addition to training, developing performance measures for TSA's
screening program is necessary to assess achievements and make
decisions about where to direct performance improvement efforts. In
April 2004, we reported that while TSA was taking steps to measure
screener performance, it had not collected sufficient data to assess
how well screeners performed--particularly with regard to baggage
screeners--and had not determined what steps to take to strengthen
screener performance.[Footnote 14] Since then, TSA has gathered
additional performance data and has established performance measures
and targets for the screening system. We have an ongoing review
assessing TSA's efforts in strengthening screener training and
measuring performance. This review will address TSA's efforts in
developing performance measures to assist in the prioritization of
security improvements.
TSA Efforts to Implement a Risk Management Approach for Securing Air
Cargo Are Ongoing:
TSA's Air Cargo Strategic Plan, completed in November 2003, outlines a
threat-based, risk management approach for securing the air cargo
transportation system. Specifically, the plan identifies priority
actions based on risk, cost, and deadlines. The plan also calls for
coordinated efforts in four strategic areas--enhancing shipper and
supply chain security, identifying elevated risk cargo through
prescreening, identifying technology for performing targeted air cargo
inspections, and securing all-cargo aircraft through appropriate
facility security measures. In November 2004, TSA published a proposed
rule that would implement many of the provisions of the Air Cargo
Strategic Plan for enhancing air cargo security.
The President's fiscal year 2006 budget requests $40 million for
ensuring the security of air cargo. The $40 million request will
support the 200 authorized air cargo inspectors and associated air
cargo screening operations initiated during fiscal year 2005. In
addition, the request will support the continued development of
required programs, training and development of requirements for
Indirect Air Carriers,[Footnote 15] and improvements and maintenance of
the Known Shipper[Footnote 16] and Indirect Air Carrier Program
Databases. TSA will also field test the Air Cargo Freight Assessment
Program, which will incorporate the Known Shipper and Indirect Air
Carrier Program Databases.
TSA's proposed rule for air cargo security describes a number of
actions that must be taken before a comprehensive risk management
approach can be applied to securing cargo. One of the key components of
TSA's risk-based approach for securing air cargo is the development and
implementation of a system to screen 100 percent of high-risk cargo.
This program, known as the Freight Assessment System, is based on
several key components. First, the system will use data on known
shippers and indirect air carriers who deliver cargo to air carriers
for transport. It is important that this data be complete, accurate,
and current, so that shippers about whom relevant security information
is known can be distinguished from those shippers about whom there is
inadequate security information. Second, the system must incorporate
criteria for profiling cargo so that it can identify high-risk cargo
that must undergo physical screening. Third, effective technology must
be deployed to screen cargo identified as high-risk.
TSA is still in the early stages of developing the Freight Assessment
System and needs to resolve several issues that could affect the
system's development. First, the principal source of data for
prescreening is through the use of its Known Shipper Program. However,
carriers who collect this information are not currently required to
submit data on known shippers for inclusion in TSA's centralized
database. In May 2004, a TSA official testified that the known shipper
database contained only about one-third of all known shippers. There
are also concerns about the relative ease of obtaining known shipper
status, and the ability for someone to pose as a known shipper by
falsifying or counterfeiting shipping documents used to identify the
source as a known shipper. Second, the TSA working group charged with
proposing criteria for profiling cargo has not yet reported its
recommendations to TSA. Any field testing of the Freight Assessment
System will require complete and verified data on known shippers, as
well as criteria for evaluating risk. Finally, TSA is in the early
stages of identifying and testing air cargo security technologies. For
example, it has not yet developed plans outlining when these tests will
be completed, or determined whether technologies proven to be effective
will be deployed.
In addition, TSA's proposed air cargo security rule estimates the costs
of implementing the agency's proposals for enhancing air cargo security
at $837 million over a 10-year period. However, industry stakeholders
have raised concerns over TSA's projected cost estimates, in part
because of the number of air cargo workers the stakeholders estimate to
be affected by some of the proposed measures. For example, several
stakeholders commented that TSA's cost estimate for conducting the
proposed security threat assessments of air cargo workers was low, and
that TSA underestimated the number of air cargo workers that would have
to undergo an assessment. In addition, air cargo industry stakeholders
expressed concerned that they would incur approximately 97 percent of
the projected cost of the air cargo security procedures described in
the proposed rule. We have an ongoing review evaluating TSA's efforts
to implement a risk-based approach to securing air cargo, including TSA
efforts to target high-risk cargo, and efforts to identify and test
screening technologies.
TSA Has Taken Actions to Strengthen the Security of Commercial Airport
Perimeters and Access Controls, but More Work Is Needed:
In June 2004, we reported that TSA had taken a variety of actions to
evaluate the security of airport perimeters and the controls that limit
access into secured airport areas, but had not yet determined how the
results of these evaluations could be used to make systemwide
improvements.[Footnote 17] Specifically, TSA has conducted regulatory
compliance inspections, covert (undercover) testing of selected
security procedures, and vulnerability assessments at selected
airports. These evaluations--though not yet complete--have identified
perimeter and access control security concerns. For example, TSA
identified instances where airport operators failed to comply with
existing security requirements, including access control-related
regulations. In addition, TSA identified threats to perimeter and
access control security at each of the airports where vulnerability
assessments were conducted during 2003. In January 2004, TSA
temporarily suspended its assessment efforts to conduct higher-priority
vulnerability assessments dealing with shoulder-fired missiles.
Although TSA plans to begin conducting joint vulnerability assessments
with the Federal Bureau of Investigation, it has not yet determined how
it will allocate existing resources between its own independent airport
assessments and the new joint assessments, or developed a schedule for
conducting future vulnerability assessments. Further, TSA has not yet
determined how to use the results of its inspections, in conjunction
with covert testing and vulnerability assessments results, to enhance
the overall security of the commercial airport system.
TSA has also helped some airports enhance perimeter and access control
security by providing funds for security equipment, such as electronic
surveillance systems. TSA has further initiated efforts to evaluate the
effectiveness of security-related technologies, such as biometric
identification systems. By December 2003, responsibility for funding
most airport security projects had shifted from the Federal Aviation
Administration to TSA. As a result, TSA is developing new policies to
determine how to review, approve, and prioritize security project
funding. However, we reported that TSA has not yet begun to gather data
on airport operators' historical funding of security projects and
current needs to aid the agency in setting funding priorities.
Regarding reducing the potential security risk posed by airport
workers, we found that, at the time of our review, TSA had not fully
addressed all related requirements mandated by ATSA. For example, TSA
required fingerprint-based criminal history records checks and security
awareness training for most, but not all, airport workers called for in
the act. We also found that TSA had not addressed the act's provision
that requires airport vendors with direct access to the airfield and
aircraft to develop security programs to address security measures
specific to vendor employees. TSA said that expanding requirements for
background checks and security awareness training for additional
workers and establishing requirements for vendor security programs
would be costly to implement.
On the basis of our work, we recommended, and DHS generally agreed,
that TSA better justify future decisions on how best to proceed with
security evaluations, fund and implement security improvements--
including new security technologies--and implement additional measures
to reduce the potential security risks posed by airport workers. In
July 2004, TSA made several improvements in these areas, through the
issuance of a series of security directives, including requiring
enhanced background checks and improved access controls for airport
employees who work in restricted airport areas.
Continued Partnerships and Risk Assessments Are Needed for Securing
General Aviation:
The federal and state governments and general aviation industry all
play roles in securing general aviation operations. While the federal
government provides guidance, enforces regulatory requirements, and
provides some funding, the bulk of the responsibility for assessing and
enhancing security falls on airport operators. In November 2004, we
reported that although TSA has issued a limited threat assessment of
general aviation, and the Federal Bureau of Investigation has said that
terrorists have considered using general aviation to conduct attacks, a
systematic assessment of threats has not been conducted.[Footnote 18]
In addition, we reported that TSA had conducted vulnerability
assessments at a small number of general aviation airports, but agency
officials stated that conducting these assessments is costly and,
therefore, impractical to do for the 19,000 general aviation airports
nationwide.
TSA intends to implement a risk management approach to better assess
threats and vulnerabilities of general aviation aircraft and airports
and, as part of this approach, is developing an online vulnerability
self-assessment tool to be completed by individual airport managers.
However, we found limitations in the use of the self-assessment tool.
Further, at the time of our review, these efforts had not been
completed, and TSA had not yet developed a plan with specific
milestones for implementing the tools and assessments. Without such a
plan, it will be difficult for TSA to determine the proper allocation
of its resources to the areas of greatest need and to monitor the
progress of its efforts.
TSA has also partnered with industry associations to develop security
guidelines that enable general aviation airport managers to assess
their own vulnerabilities to terrorist attack, and works through
industry associations to communicate threat information. However,
industry and state aviation officials we spoke with stated that
security advisories distributed by TSA were general in nature and were
not consistently received. In part this is understandable because,
among other things, TSA relies on other federal agencies for threat
information. However, we have found that applying risk communication
principles--relaying only timely, specific, and actionable
information, to the extent possible--provides organizations like TSA
with the best opportunity to achieve desired results.
We also found that TSA and the Federal Aviation Administration have
taken a number of steps to address security risks to general aviation
through regulation and guidance but still face challenges in their
efforts to further enhance security. For example, TSA developed
regulations governing background checks for foreign candidates for U.S.
flight training schools and issued security guidelines for general
aviation airports. However, we found limitations in the process used to
conduct compliance inspections of flight training schools.
Because of the importance of securing general aviation operations and
to help address associated challenges, we recommended, and DHS
generally agreed, that TSA take actions to better assess the
possibility of terrorists' misuse of general aviation aircraft, better
communicate terrorist threat information, and help mitigate security
risks to general aviation operations.
TSA Established a Screening Partnership Program but Needs to Finalize
Performance Measures:
In November 2004, we reported on our preliminary observations of TSA's
efforts to establish and implement a Screening Partnership Program, a
program through which commercial airports can apply to TSA to use
private rather than federal passenger and baggage screeners.[Footnote
19] Beginning on November 19, 2004, TSA was required by law to begin
allowing commercial airports to apply to use private contractors to
screen passengers and checked baggage. A federal workforce has
performed this function since November 2002, in response to a
congressional mandate that the federal government take over screening
services from air carriers after the terrorist attacks of September 11,
2001. A 2-year pilot program at five airports testing the effectiveness
of private sector screening in a post-September 11 environment was
concluded on November 18, 2004.
In assessing TSA's efforts to implement a Screening Partnership
Program, we found that TSA had completed or was developing key policies
and procedures addressing program implementation and oversight, and was
taking steps to communicate with stakeholders by developing
informational guidance and soliciting information and suggestions.
However, we found that some airport operators, private screening
contractors, and aviation industry representatives identified the need
for additional information regarding flexibilities airports and
contractors would have to manage the program, liability in the event of
a terrorist attack, and costs related to program participation.
We also reported that consistent with risk management principles, TSA
was developing performance measures to assess the performance of
airports participating in the Screening Partnership Program and
individual contractors performing the screening services. However, we
found that specific performance measures had not yet been finalized and
were not scheduled to be completed until mid-2005. TSA officials stated
that once developed, performance measures for the Screening Partnership
Program will be based on measures already developed by an independent
consulting firm for the five airports that participated in the pilot
screening program. These measures include how well screeners detect
test threat objects, such as guns and knives, during screening
operations. TSA also reported that it plans to develop performance
measures evaluating how well private screening contractors comply with
the terms of their contracts, which they intend to become part of a
quality assurance plan. GAO has consistently supported program
evaluation--including the development and use of performance measures
to measure program outcomes--as an important tool in assessing whether
programs are achieving intended goals.
The President's budget request for fiscal year 2006 includes about
$161million for the five private contract screening airports. The
administration expects contract screening operations to expand beyond
the five airports currently using private screening contractors through
2006. To date, one additional airport beyond the five that participated
in the pilot program has applied to use private screening contractors.
Beginning in May 2005, TSA will begin awarding contracts to private
screening contractors. We are continuing to assess TSA's development
and implementation of the Screening Partnership Program, to include its
development of performance measures to assess screener performance.
TSA Has Begun to Increase Focus on Passenger and Transit Rail Security:
We have reported on the security of passenger and transit rail in the
past, most recently during testimony before this committee in March
2004.[Footnote 20] At that time, we stated that following the September
11 terrorist attacks, passenger and freight rail providers implemented
new security measures or increased the frequency or intensity of
existing activities, including performing risk assessments, conducting
emergency drills, and developing security plans. We also reported that-
-because of a focus on commercial aviation security--TSA initially
devoted limited attention to passenger and transit rail security. Since
that time, TSA has begun to focus more attention on rail security needs
and is in the process of assessing critical passenger rail assets--such
as stations, tunnels, and bridges. The Federal Transit Administration
also plays a role in rail security, including providing grants for
emergency drills and conducting security assessments at the largest
transit agencies. The fiscal year 2006 budget requests includes $8
million for rail security to support funding requirements for 100
surface transportation inspectors that will focus primarily on rail
security. The budget request identified that the remaining $24 million
of the surface transportation budget will support operational funding
requirements, the development and implementation of performance-based
standard and regulations, vulnerability assessments for critical
assets, and security awareness training and exercises.
We are currently reviewing TSA's efforts to strengthen passenger rail
and transit security, including determining to what extent threats and
vulnerabilities to rail systems have been assessed, what actions have
been taken to strengthen security, and the applicability of foreign
rail security practices to the U.S. rail system.Our review, among other
things, will determine the extent to which federal rail security
efforts are consistent with risk management principles to ensure that
finite resources are allocated where they are needed most, and that
security efforts are being coordinated to help avoid duplication and
support integration. Our review will also identify any challenges
involved with implementing measures to improve rail security, including
practices used by foreign rail systems.
DHS Proposal to Integrate Common Functions Is Commendable, but Existing
Challenges Will Need to Be Addressed:
DHS's fiscal year 2006 budget request proposes two key changes in DHS's
organizational structure that are designed to achieve synergy and avoid
duplication of effort. First, DHS proposes to create an Office of
Screening Coordination and Operations within the Border and
Transportation Security Directorate that would coordinate a
comprehensive approach to several ongoing terrorist-related screening
initiatives--in immigration; law enforcement; intelligence;
counterintelligence; and protection of the border, transportation
systems, and critical infrastructure.[Footnote 21] Specifically, the
Office of Screening Coordination and Operations would consolidate nine
screening activities, including six that are currently housed within a
single TSA office. DHS expects this consolidation to save
administrative overhead costs, thereby enabling the department to use
those savings toward accomplishing the missions of the programs. In
total, DHS is requesting about $847 million for the Office of Screening
Coordination and Operations. Table 2 provides the budget request for
the 6 screening activities that currently reside within TSA.[Footnote
22]
Table 2: Fiscal Year 2006 Budget Request for TSA Activities DHS Has
Proposed to Transfer to the Office of Screening Coordination and
Operations:
Program: Secure Flight (including crew vetting);
FY 2006 budget request ($000): $94,294.
Program: Credentialing Startup;
FY 2006 budget request ($000): $20,000.
Program: Discretionary Fee Funded: Transportation Worker
Identification Credential;
FY 2006 budget request ($000): $244,722.
Program: Discretionary Fee Funded: Registered Traveler;
FY 2006 budget request ($000): $22,500.
Program: Discretionary Fee Funded: HAZMAT;
FY 2006 budget request ($000): $44,165.
Program: Mandatory Fee Funded: Alien Flight School Checks;
FY 2006 budget request ($000): $10,000.
Program: Total;
FY 2006 budget request ($000): $435,681.
Source: DHS.
[End of table]
DHS identified 11 goals in creating the Office of Screening
Coordination and Operations:
* enable consistent, effective, and efficient day-to-day operations
through the application of standards and use of common services;
* assist in the development of policy for DHS-wide screening and
credentialing programs;
* create an integrated business strategy for DHS screening and
credentialing programs that enhances security, facilitates travel, and
safeguards privacy;
* reduce redundancy and close mission and technological gaps;
* manage investments of screening and credentialing programs to ensure
efficient use of assets;
* remove technological barriers to sharing screening information within
DHS;
* enable consistent status reporting of major screening and
credentialing programs;
* ensure consistent acquisition/contracting and program management
processes/disciplines are applied;
* establish a central clearinghouse to administer registered traveler
programs and worker credentialing programs;
* deliver clear and consistent messages to domestic and foreign
travelers and workers for increased compliance; and:
* work with other federal agencies to improve and coordinate screening
standards.
Second, DHS is proposing to consolidate its R&D efforts inside its
Science and Technology Directorate.[Footnote 23] This office will house
the current R&D activities that are currently spread across four DHS
component agencies--TSA, U.S. Coast Guard, Customs and Border Patrol,
and Information Analysis and Infrastructure Protection Directorates.
The existing TSA R&D program consists of research and development
(Transportation Security Laboratory),[Footnote 24] next-generation
explosive detection systems, and air cargo research, and received a
total of $178 million in fiscal year 2005 appropriations.[Footnote 25]
By consolidating these and other R&D programs under a single office,
DHS is seeking to maximize the efficiency and effectiveness of its R&D
efforts to allow the components to focus on their operational missions
and eliminate duplicate management infrastructure. DHS's fiscal year
2006 budget request includes $1.4 billion for R&D.
We applaud DHS's efforts to achieve efficiencies and cost savings,
leverage resources and technology, and improve internal coordination
and operations. As DHS works toward consolidating screening functions
and initiatives within the Office of Screening Coordination and
Operations, and the R&D functions within the Science and Technology
Directorate, it will be important for DHS to define the
interrelationships and commonalities among these programs, explicitly
define roles and responsibilities, and identify data needs.
Additionally, DHS will need to address the existing challenges that
have been identified regarding the programs these offices will absorb.
While these organizational changes should assist DHS in providing a
solid foundation from which to manage and oversee its screening,
credentialing, and R&D efforts, restructuring alone will not resolve
all existing challenges or ensure the successful integration and
achievement of DHS's goals. We have recently reported on challenges DHS
and TSA are facing with regard to some of these programs, including
Secure Flight, the Transportation Worker Identification Credential, and
research and development activities. The sections below describe the
challenges we identified.
TSA Is in Early Stages of Testing and Implementing the Secure Flight
Passenger Prescreening System:
One challenge the proposed Office of Screening Coordination and
Operations will face immediately is the continued development of a
system to prescreen domestic airline passengers. The prescreening of
passengers--that is, determining whether airline passengers pose a
security risk before they reach the passenger screening checkpoint--is
used to focus security attention on those passengers representing the
greatest potential threat. Since the late 1990s, passenger prescreening
has been conducted using the Computer-Assisted Passenger Prescreening
System (CAPPS I). This system, operated by air carriers, compares
passenger information against CAPPS I rules as well as a government-
supplied watch list that contains the names of known or suspected
terrorists.[Footnote 26]
In the wake of September 11, concerns were raised over the
effectiveness of CAPPS I. In 2002, TSA began developing a second-
generation computer-assisted passenger prescreening system, known as
CAPPS II, which was intended to provide a more effective and efficient
way to prescreen airline passengers. However, the development of CAPPS
II faced a number of significant delays and challenges. As we reported
in February 2004, key activities in the development of CAPPS II were
delayed, complete plans identifying system functionality were not
established, and TSA was behind schedule in testing and developing
initial increments of the system.[Footnote 27] Further, we found that
TSA had not yet fully addressed seven of the eight issues identified by
Congress as key areas of interest, such as privacy concerns, passenger
redress, and system oversight. We further reported that TSA faced
challenges in obtaining the international cooperation needed to obtain
passenger data, managing the expansion of the program's mission beyond
its original purpose, and ensuring that identify theft--in which an
individual poses as and uses information of another individual--cannot
be used to negate the security benefits of the system.
Moreover, in July 2004, the 9/11 Commission advised that improvements
to the passenger prescreening system are required, noting that the
watch lists used by the air carriers for the current prescreening
system, CAPPS I, do not include all terrorists or terrorism suspects
because of concerns about sharing intelligence information with private
firms and foreign countries.[Footnote 28] The 9/11 Commission stated
that passenger prescreening should be performed by TSA and should use
the larger consolidated watch list data maintained by the federal
government. As a result of these problems and challenges, as well as
widespread concerns with CAPPS II by Congress, the public, and other
key stakeholders, DHS terminated the CAPPS II program and in August
2004 announced that it would develop a new passenger prescreening
program called Secure Flight.
Under Secure Flight, TSA will take over, from commercial airlines, the
responsibility for checking passenger information against terrorist
watch lists and the CAPPS I rules. TSA expects that Secure Flight, once
implemented, will provide a number of benefits over the current
airline-operated system. For example, TSA expects that Secure Flight
will be more effective than CAPPS I in identifying terrorists because
it will utilize an expanded watch list with more information than is
currently available to air carriers. TSA also believes Secure Flight
will reduce the number of passengers mistakenly identified as being on
a terrorist watch list as compared with the current system. TSA is
currently testing the ability of Secure Flight to perform watch list
matching and applying CAPPS I rules.[Footnote 29] TSA expects that this
phase of testing will be completed later this month. In addition, TSA
plans to test the feasibility of using commercial data to improve the
ability of Secure Flight to more accurately verify passenger identity.
TSA expects to complete commercial data testing in early April
2005.[Footnote 30] On the basis of these test results, TSA plans to
make policy decisions regarding the use of commercial data as part of
Secure Flight. TSA also plans subsequently to test additional
functionality and the operations of Secure Flight before
implementation, regardless of whether it incorporates the use of
commercial data as part of Secure Flight. At the conclusion of testing,
TSA expects to implement Secure Flight with one or two air carriers in
August 2005.
Although TSA reported that it spent approximately $100 million on the
development of CAPPS II, TSA considers much of that cost to be
applicable to Secure Flight. This is because Secure Flight will
leverage certain capabilities that had been developed for the CAPPS II
program, such as the system infrastructure used to match passenger
information against terrorist watch lists. However, in developing
Secure Flight, TSA modified the CAPPS II infrastructure to remove
certain features that were not authorized for Secure Flight. For fiscal
year 2005, TSA was allocated $35 million for the development of Secure
Flight. The President's fiscal year 2006 budget request includes
approximately $94 million for Secure Flight development and
implementation as well as crew vetting.[Footnote 31] This represents an
increase of approximately $46 million for Secure Flight and
approximately $3 million for crew vetting. These funds are intended to
support continued testing, information systems, connectivity to
airlines, and daily operations.
As mandated by the fiscal year 2005 Homeland Security Appropriations
Act (Public Law 108-334, Section 522), as well as in response to
congressional requests, we are currently conducting a review of the
Secure Flight program.[Footnote 32] Our review will highlight four key
areas: (1) the status of Secure Flight's development and
implementation, (2) any challenges to the system's effective
implementation and operation, (3) processes in place for system
oversight and program management, and (4) efforts to minimize the
impact of Secure Flight on passengers and to protect passenger rights.
As part of this review, we will examine the future costs associated
with the development and implementation of Secure Flight. We will also
determine if TSA has addressed the weaknesses identified in our
February 2004 report on CAPPS II. We will issue a report discussing the
results of our review by March 28, 2005.
TSA Faces Planning Challenges in Moving Forward with the Transportation
Worker Identification Credential:
The Office of Screening Coordination and Operations will also need to
address the challenges TSA has faced in developing a Transportation
Worker Identification Credential (TWIC). The TWIC program is intended
to improve security by establishing an integrated, credential-based,
identity management program for higher risk transportation workers
requiring unescorted access to secure areas of the nation's
transportation system. TSA expects that the Office of Screening
Coordination and Operations will leverage separate screening processes
within TWIC, such as in establishing watchlist checks on transportation
workers and establishing access interoperability with transportation
companies, and apply those practices to other screening activities.
In December 2004, we reported on TSA's efforts to issue a worker
identification card that uses biometrics, such as fingerprints, to
control access to secure areas of ports or ships.[Footnote 33] We found
that three main factors caused TSA to miss its initial August 2004
target date for issuing maritime worker identification cards: (1) TSA
officials had difficulty obtaining timely approval of the prototype
test from DHS because of competition for executive-level attention and
agency resources, (2) extra time was required to work with DHS and
Office of Management Budget officials to identify additional data to be
collected for cost-benefit and alternative analyses, and (3) additional
work was required to assess the capabilities of various card
technologies to determine which technology was most appropriate for
controlling access in seaports. Because of program delays, some port
facilities, recognizing an immediate need to enhance access control
systems, are proceeding with plans for local or regional identification
cards that may require additional investment in order to make them
compatible with the TWIC system. Accordingly, delays in the program may
affect enhancements to port security and complicate stakeholder's
efforts in making wise investment decisions regarding security
infrastructure.
We also identified additional challenges that DHS will face as it moves
forward with developing and operating the TWIC program, such as
developing regulations that identify eligibility requirements for the
card and instituting a comprehensive plan for managing the project. A
documented comprehensive project plan will assist DHS in achieving
mutual understanding, commitment, and performance of individuals,
groups, and organizations that must execute or support the plan.
Without such a plan--which is an established industry best practice for
project planning and management--the program's schedule and performance
is placed at higher risk. For example, additional delays could occur
unless involved parties agree on efforts guiding the remainder of the
project, stakeholder responsibilities, and associated deadlines.
Additionally, without a plan to guide the cost-benefit and alternatives
analyses--another industry best practice--risk is increased that DHS
may not sufficiently analyze the feasibility of various approaches to
issuing the card, an analysis needed to make informed decisions
regarding the program.[Footnote 34] On the basis of our work, we
recommended, and DHS generally agreed, that TSA employ industry best
practices for project planning and management by developing a
comprehensive project plan for managing the program and specific
detailed plans for risk mitigation and cost-benefit and alternatives
analyses. As DHS moves forward in developing TWIC, it will be important
that it incorporates these best practices to help address the
challenges it faces in developing and implementing a maritime worker
identification card.
DHS's fiscal year 2006 budget request includes about $245 million for
TWIC. This amount is to cover the costs of personnel, contractors,
equipment maintenance, software and license updates, background checks,
fingerprint processing, and adjudication of results. DHS estimated that
the $245 million will enable it to distribute roughly 2 million TWICs
to transportation security workers needing access to high-risk areas of
the transportation system by the end of fiscal year 2006. Additionally,
DHS is seeking authority to recover these costs in their entirety
through fees charged to the applicants.
TSA is also exploring the cost-effectiveness of two other program
alternatives: (1) a federal approach: a program wholly designed,
financed, and managed by the federal government, and (2) a
decentralized approach: a program requiring ports and port facilities
to design, finance, and manage programs to issue identification cards.
In February 2005, TSA officials stated that they do not expect to make
a decision on which of the three alternatives to implement--the
federal, decentralized, or TWIC program--until later in 2005. Officials
stated that whichever approach is selected will be known as TWIC and
will meet legislative requirements.
Further Planning, Risk Assessment, and Coordination Needed to Focus R&D
Efforts:
As DHS moves forward in integrating its R&D functions into a single
office--a commendable goal--it will be important for the department to
resolve the existing challenges facing its various R&D programs.
Researching and developing technologies to detect, prevent, and
mitigate terrorist threats is vital to enhancing the security of the
nation's transportation system. In September 2004, we reported that TSA
and DHS have made some progress in managing transportation security R&D
programs according to applicable laws and R&D best practices.[Footnote
35] However, we found that their efforts were incomplete in several
areas, including preparing strategic plans for R&D efforts that contain
measurable objectives, preparing and using risk assessments to select
and prioritize R&D projects, and coordinating with stakeholders. We
also found that TSA and DHS delayed several key R&D projects and lacked
both estimated deployment dates for the vast majority of their R&D
projects and adequate databases to effectively manage their R&D
portfolios.
The Homeland Security Act requires DHS, through its Science and
Technology Directorate, to prepare a strategic plan that identifies
goals and includes annual measurable objectives for coordinating the
federal government's civilian efforts in developing countermeasures to
terrorist threats. Similarly, the National Academy of Sciences has
stated that research programs should be described in strategic and
performance plans and evaluated in performance reports. We are
encouraged that TSA and DHS have prepared strategic plans for their
agencies, and that TSA has prepared a strategic plan for its R&D
program. However, we found that these plans do not contain measurable
objectives for tracking the progress of R&D efforts. We recommended
that TSA and DHS complete strategic plans containing measurable
objectives for their transportation security R&D programs. According to
DHS officials, the department is preparing a separate strategic plan
for its R&D program that will include more specific goals and
measurable objectives. DHS also stated that the Science and Technology
Directorate's strategic planning process will include (1) determining
strategic goals for the next 5 years, threats, and vulnerabilities, and
(2) developing a list of prioritized projects for fiscal years 2005
through 2010.
In consolidating its R&D functions, it will also be important for DHS
to use risk management principles in making R&D funding decisions, as
required by ATSA.[Footnote 36] Although both TSA and DHS have
established processes to select and prioritize R&D projects that
include risk management principles, they have not yet completed
vulnerability and criticality assessments, which we have identified as
key elements of a risk management approach, for all modes of
transportation.[Footnote 37] In the absence of completed risk
assessments, TSA and DHS officials report basing funding decisions on
other factors--such as available threat intelligence, expert judgment,
and information about past terrorist incidents. TSA officials further
stated that TSA's Chief Technology Officer receives daily intelligence
briefings and that the agency uses threat information to select R&D
projects to pursue. However, officials stated that they do not use
formal threat assessments to make R&D decisions. In addition, the DHS
Inspector General reported in March 2004 that although many senior
officials agreed that DHS's Science and Technology and the Information
Analysis and Infrastructure Protection Directorates should closely
coordinate, staff below them were not actively involved in sharing
terrorist threat information or using the information to form the basis
for selecting new homeland security technologies. On the basis of our
work, we recommended, and DHS generally agreed, that TSA and DHS use
the results of risk assessments to help select and prioritize their R&D
efforts.
In moving forward with the proposed integration of R&D functions, DHS
will also need to enhance its efforts to coordinate with other federal
agencies with respect to transportation security R&D, and reach out to
industry stakeholders. ATSA and the Homeland Security Act require DHS
to coordinate its efforts with those of other government agencies, in
part to reduce duplication and identify unmet needs. Similarly, R&D
best practices identify the importance of stakeholder coordination in
identifying R&D needs. For TSA and DHS to select the best technologies
to enhance transportation security, it is important that they have a
clear understanding of the R&D projects currently being conducted, both
internally and externally. During our review, we found limited evidence
of coordination between TSA and DHS, or between these agencies and
other federal agencies, such as the Department of Transportation.
Without such coordination, DHS raises the risk that its R&D resources
will not be effectively leveraged and that duplication may occur.
Further, most transportation industry association officials we
interviewed stated that TSA and DHS had not coordinated with them to
obtain information on their security R&D needs. We recommended, and
officials generally agreed, that TSA should develop a process with the
Department of Transportation to coordinate transportation security R&D,
such as a memorandum of agreement identifying roles and
responsibilities, and share this information with transportation
stakeholders.
DHS will also need to address several additional challenges while
moving forward in consolidating its R&D functions into a single office,
including managing delays in key R&D projects, better estimating
deployment dates, and conducting better tracking of its R&D portfolio.
During our review, we found that progress on some R&D projects was
delayed in fiscal year 2003 when TSA transferred about $61 million,
more than half of its $110 million R&D appropriation, to support
operational needs, such as personnel cost for screeners. As a result,
TSA delayed several key R&D projects related to checked baggage
screening, checkpoint screening, and air cargo security. For example,
TSA delayed the development of a device to detect weapons, liquid
explosives, and flammables in containers found in carry-on baggage or
passengers' effects, as well as the development and testing of a walk-
through portal for detecting traces of explosives on passengers. We
also found that although many of TSA's projects were in later phases of
development, the agency had not estimated deployment dates for 133 of
the 146 projects that it funded in fiscal years 2003 and 2004. While we
recognize that deployment dates are not always predictable, we
generally believe that R&D program managers should estimate deployment
dates for projects that are beyond the basic research phase because
deployment dates can serve as goals that the managers can use to plan,
budget, and track the progress of projects. We also found that TSA and
DHS did not have adequate databases to monitor and manage the spending
of the hundreds of millions of dollars that Congress had appropriated
for R&D. For example, for the 146 projects that it funded in 2003 and
2004, TSA was not able to provide us information on anticipated
deployment dates for 91 percent, the current phase of development for
49 percent, and the amounts obligated and budgeted for 8 percent that
were appropriated tens of millions of dollars in both fiscal years 2003
and 2004. We recommended that TSA and DHS develop a database to provide
accurate, complete, current, and readily accessible project information
for monitoring and managing their R&D portfolios, and a vehicle for
communicating R&D need with the transportation industry. In September
2004, DHS stated that TSA had developed a system to track R&D projects'
goals and milestones, acquisition, funding, testing, and deployment
information.
Concluding Observations:
DHS and TSA have undertaken numerous initiatives to strengthen
transportation security, particularly in aviation, and their efforts
should be commended. Meeting the congressional mandates to screen
passengers and checked baggage alone was a tremendous challenge--yet
TSA successfully hired and deployed a federal screening workforce of
over 40,000 and deployed equipment to screen checked baggage for
explosives at over 400 commercial airports nationwide. In our previous
work addressing transportation security, we identified future actions
that TSA should take to enhance security within and across all modes of
transportation. Throughout the course of this work, one theme
consistently surfaced--the need for TSA to fully utilize and integrate
a risk management approach into its decision making processes. Our work
has shown--in homeland security and in other areas--that a
comprehensive risk management approach can help inform decision makers
in allocating finite resources to the areas of greatest need. We are
encouraged that the President's fiscal year 2006 budget request
discusses TSA's plans to implement a risk management approach in
focusing its resources related to transportation security. However, we
recognize that fully integrating a risk management approach into
decision making processes is challenging for any organization. Further,
in order to fully apply this approach, TSA must also address the
challenges we have identified in our work related to program planning,
risk assessments, and implementation and monitoring. Without rigorous
planning and prioritization, and knowledge of the effectiveness of
their transportation security programs, DHS and TSA cannot be sure that
they are focusing their resources on the areas of greatest need, are
addressing the most critical security requirements, and are ensuring
the most efficient utilization of its resources.
Mr. Chairman, this concludes my statement. I would be pleased to answer
any questions that you or other members of the Committee may have.
Contact Information:
For further information on this testimony, please contact Cathleen A.
Berrick at (202) 512-3404. Individuals making key contributions to this
testimony included David Alexander, Chan My J Battcher, Seto J.
Bagdoyan, J. Michael Bollinger, Lisa Brown, Kevin Copping, Christine
Fossett, John Hansen, Adam Hoffman, Christopher M. Jones, Christopher
Keisling, Noel Lance, Thomas Lombardi, Lisa Shibata, and Maria
Strudwick.
[End of section]
Related GAO Products Released Since September 11, 2001:
Aviation Security: Preliminary Observations on TSA's Progress to Use
Private Passenger and Baggage Screening Services, GAO-05-126.
Washington, D.C.: November 19, 2004.
General Aviation Security: Increased Oversight Is Needed, but Continued
Partnership with the Private Sector Is Critical to Long-Term Success,
GAO-05-144. Washington, D.C.: November 10, 2004.
Maritime Security: Substantial Work Remains to Translate New Planning
Requirements into Effective Port Security. GAO-04-838. Washington,
D.C.: June 30, 2004.
Aviation Security: Further Steps Needed to Strengthen the Security of
Commercial Airport Perimeters and Access Controls. GAO-04-728.
Washington, D.C.: June 4, 2004.
Transportation Security Administration: High-Level Attention Needed to
Strengthen Acquisition Function. GAO-04-544. Washington, D.C.: May 28,
2004.
Aviation Security: Private Screening Contractors Have Little
Flexibility to Implement Innovative Approaches. GAO-04-505T.
Washington, D.C.: April 22, 2004.
Homeland Security: Summary of Challenges Faced in Targeting Oceangoing
Cargo Containers for Inspection. GAO-04-557T. March 31, 2004.
Aviation Security: Improvement Still Needed in Federal Aviation
Security Efforts. GAO-04-592T. Washington, D.C.: March 30, 2004.
Rail Security: Some Actions Taken to Enhance Passenger and Freight Rail
Security, but Significant Challenges Remain. GAO-04-598T. Washington,
D.C.: March 23, 2004.
Aviation Security: Challenges Delay Implementation of Computer-
Assisted Passenger Prescreening System.GAO-04-504T. Washington, D.C.:
March 17, 2004.
Aviation Security: Computer-Assisted Passenger Prescreening System
Faces Significant Implementation Challenges. GAO-04-385. Washington,
D.C.: February 13, 2004.
Aviation Security: Challenges Exist in Stabilizing and Enhancing
Passenger and Baggage Screening Operations. GAO-04-440T. Washington,
D.C.: February 12, 2004.
Homeland Security: Preliminary Observations on Efforts to Target
Security Inspections of Cargo Containers. GAO-04-325T. Washington,
D.C.: December 16, 2003.
Aviation Security: Efforts to Measure Effectiveness and Strengthen
Security Programs. GAO-04-285T. Washington, D.C.: November 20, 2003.
Aviation Security: Efforts to Measure Effectiveness and Address
Challenges. GAO-04-232T. Washington, D.C.: November 5, 2003.
Airport Passenger Screening: Preliminary Observations on Progress Made
and Challenges Remaining. GAO-03-1173. Washington, D.C.: September 24,
2003.
Maritime Security: Progress Made in Implementing Maritime
Transportation Security Act, but Concerns Remain. GAO-03-1155T.
Washington, D.C.: September 9, 2003.
Aviation Security: Progress Since September 11, 2001, and the
Challenges Ahead. GAO-03-1150T Washington, D.C.: September 9, 2003.
Transportation Security: Federal Action Needed to Enhance Security
Efforts. GAO-03-1154T. Washington, D.C.: September 9, 2003. , September
9, 2003):
Transportation Security: Federal Action Needed to Help Address Security
Challenges. GAO-03-843. Washington, D.C.: June 30, 2003.
Rail Safety and Security: Some Actions Already Taken to Enhance Rail
Security, but Risk-based Plan Needed. GAO-03-435. Washington, D.C.:
April 30, 2003.
Federal Aviation Administration: Reauthorization Provides
Opportunities to Address Key Agency Challenges. GAO-03-653T.
Washington, D.C.: April 10, 2003.
Transportation Security: Post-September 11th Initiatives and Long-term
Challenges. GAO-03-616T. Washington, D.C.: April 1, 2003.
Transportation Security Administration: Actions and Plan to Build a
Results-Oriented Culture. GAO-03-190 Washington, D.C.: January 17,
2003.
Aviation Safety: Undeclared Air Shipments of Dangerous Goods and DOT's
Enforcement Approach. GAO-03-22. Washington, D.C.: January 10, 2003.
Aviation Security: Vulnerabilities and Potential Improvements for the
Air Cargo System. GAO-03-344. Washington, D.C.: December 20, 2002.
Mass Transit: Federal Action Could Help Transit Agencies Address
Security Challenges. GAO-03-263. Washington, D.C.: December 13, 2002.
Aviation Security: Registered Traveler Program Policy and
Implementation Issues. GAO-03-253. Washington, D.C.: November 22,
2002.
Combating Terrorism: Actions Needed to Improve Force Protection for DOD
Deployments through Domestic Seaports. GAO-03-15. Washington, D.C.:
October 22, 2002.
Airport Finance: Using Airport Grant Funds for Security Projects Has
Affected Some Development Projects. GAO-03-27. Washington, D.C.:
October 15, 2002.
Mass Transit: Challenges in Securing Transit Systems. GAO-02-1075T.
Washington, D.C.: September 18, 2002.
Port Security: Nation Faces Formidable Challenges in Making New
Initiatives Successful. GAO-02-993T. Washington, D.C.: August 5, 2002.
Aviation Security: Transportation Security Administration Faces
Immediate and Long-Term Challenges. GAO-02-971T. Washington, D.C.:
July 25, 2002.
Aviation Security: Information Concerning the Arming of Commercial
Pilots. GAO-02-822R. Washington, D.C.: June 28, 2002.
Aviation Security: Vulnerabilities in, and Alternatives for, Preboard
Screening Security Operations. GAO-01-1171T. Washington, D.C.:
September 25, 2001.
Aviation Security: Weaknesses in Airport Security and Options for
Assigning Screening Responsibilities. GAO-01-1165T. Washington, D.C.:
September 21, 2001.
Homeland Security: A Framework for Addressing the Nation's
Efforts. GAO-01-1158T. Washington, D.C.: September 21, 2001.
Aviation Security: Terrorist Acts Demonstrate Urgent Need to Improve
Security at the Nation's Airports. GAO-01-1162T. Washington, D.C.:
September 20, 2001.
Aviation Security: Terrorist Acts Illustrate Severe Weaknesses in
Aviation Security. GAO-01-1166T. Washington, D.C.: September 20, 2001.
FOOTNOTES
[1] EDS operates in an automated mode and use probing radiation to
examine objects inside baggage and identify the characteristic
signatures of threat explosives. ETD works by detecting vapors and
residues of explosives. ETD requires human operators to collect samples
by rubbing bags with swabs, which are chemically analyzed to identify
any traces of explosive materials. References to "explosive detection
systems" include both EDS and ETD systems.
[2] GAO, Homeland Security: A Risk Management Approach Can Guide
Preparedness Efforts, GAO-02-208T (Washington, D.C.: October 31, 2001;
and Combating Terrorism: Threat and Risk Assessments Can Help
Prioritize and Target Program Investments, GAO/NSIAD-98-74
(Washington, D. C.: April 9, 1998).
[3] U.S. Department of Homeland Security, Performance Budget Overview
Fiscal Year 2006, Congressional Budget Justification (Washington, D.C.:
February 2005); and Homeland Security Budget-in-Brief, Fiscal Year 2006
(Washington, D.C.: February 2005).
[4] See GAO, Aviation Security: Systematic Planning Needed to Optimize
the Deployment of Checked Baggage Screening Systems, GAO-05-302SU
(Washington, D.C.: February 4, 2005).
[5] Obligations are amounts of orders placed or contracts awarded
during a given period that will require payment during the same or a
future period. An administrative commitment is an administrative
reservation of funds in anticipation of their obligation.
[6] In 2003, Congress authorized TSA to issue LOIs--a cost-sharing
mechanism between TSA and the airports--to support funding the
installation of in-line EDS baggage screening systems.
[7] This refers to the net present value saved over 7 years if received
up front.
[8] GAO, Aviation Security: Challenges Exist in Stabilizing and
Enhancing Passenger and Baggage Screening Operations, GAO-04-440T
(Washington, D.C.: Feb. 12, 2004).
[9] Federal Security Directors are responsible for providing day-to-day
operational direction for federal security at airports. The Federal
Security Director is the ranking TSA authority responsible for the
leadership and coordination of TSA security activities at the airport.
[10] TSA classifies the over 450 commercial airports in the United
States into one of five security risk categories (X, I, II, III, IV,
and V) based on various factors, such as the total number of takeoffs
and landings annually, the extent to which passengers are screened at
the airport, and other special security considerations. In general,
category X airports have the largest number of passenger boardings, and
category IV airports have the smallest.
[11] In May 2003, TSA hired a contractor to develop a staffing model
for its screening workforce. TSA officials reported that the model was
completed in June 2004, and all airports now have the capability to use
the contractors' standalone software. TSA expects to install the
software on its intranet by the end of February 2005, thereby providing
headquarters with access to the staffing models used at airports.
[12] The Intelligence Reform and Terrorism Prevention Act of 2004
(Pub.L. No. 108-458) requires TSA to develop standards for determining
aviation security staffing at commercial airports no later than 90 days
after its enactment--December 14, 2004. It also directs GAO to conduct
an analysis of these standards, which we will initiate once the
standards are developed.
[13] TSA defines a fully connected training computer as one that has
the network image installed and is connected to the TSA broadband
network.
[14] See GAO, Aviation Security: Private Screening Contractors Have
Little Flexibility to Implement Innovative Approaches, GAO-04-505T
(Washington, D.C.: April 22, 2004).
[15] An indirect air carrier is an entity, such as a freight forwarder,
that engages indirectly in the air transportation of property on
passenger aircraft.
[16] Known shippers are entities that have routine business dealings
with freight forwarders or air carriers and are thus considered trusted
shippers, in contrast to unknown shippers who have conducted limited or
no prior business with a freight forwarder or air carrier.
[17] GAO, Aviation Security: Further Steps Needed to Strengthen the
Security of Commercial Airport Perimeter and Access Controls, GAO-04-
728 (Washington, D.C.: June 2004).
[18] GAO, General Aviation Security: Increased Oversight Is Needed, but
Continued Partnership with the Private Sector Is Critical to Long-Term
Success GAO-05-144, (Washington, D.C.: Nov. 10, 2004).
[19] GAO, Aviation Security: Preliminary Observations on TSA's Progress
to Allow Airports to Use Private Passenger and Baggage Screening
Services, GAO-05-126 (Washington, D.C.: Nov. 19, 2004).
[20] GAO, Rail Security: Some Actions Taken to Enhance Passenger and
Freight Rail Security, but Significant Challenges Remain, GAO-04-598T
(Washington, D.C.: March 23, 2004.)
[21] The mission of the Office of Screening Coordination and Operations
would be to enhance terrorist-related screening through comprehensive,
coordinated procedures that detect, identify, track, and interdict
people, cargo and conveyances, and other entities and objects that pose
a threat to homeland security.
[22] DHS's fiscal year 2006 request for the proposed Office of
Screening Coordination and Operations also includes about $390 million
for US-VISIT; $7 million for Free and Secure Trade, and $14 million for
NEXUS/Secure Electronic Network Rapid Inspection, which are currently
part of DHS's Office of Customs and Border Patrol.
[23] The Homeland Security Act of 2002 states that DHS is responsible
for coordinating and integrating all research, development,
demonstration, testing, and evaluation activities of the Department.
Pub.L. No. 107-296, § 302(12).
[24] TSA's Transportation Security Laboratory performs research and
development related to civil transportation security.
[25] The budget proposal consolidates the bulk of TSA's research and
development programs into the Science and Technology Directorate,
resulting in a transfer of $109 million. TSA will retain $23 million
for operational research and development activities in FY 2006.
[26] CAPPS I rules are behavioral characteristics associated with the
way an airline ticket is purchased.
[27] GAO, Aviation Security: Computer-Assisted Passenger Prescreening
System Faces Significant Implementation Challenges, GAO-04-385
(Washington, D.C.: February 12, 2004).
[28] The 9/11 Commission Report: Final Report of the National
Commission on Terrorist Attacks Upon the United States (Washington,
D.C.: July 2004).
[29] In order to obtain data for testing, TSA issued an order in
November 2004 requiring domestic airlines to provide passenger records
for the month of June 2004.
[30] We have ongoing work assessing TSA's testing of commercial data
and expect to issue a report later this month.
[31] The proposal to create the new Office of Screening Coordination
and Operations would combine two screening programs that will use the
same system infrastructure--Secure Flight and crew vetting. The crew
vetting program matches names of aircraft pilots and flight and cabin
crew against terrorist watch lists. Currently, these programs are run
by the Office of Transportation Vetting and Credentialing.
[32] This review is separate from our ongoing work assessing TSA's
commercial data testing efforts.
[33] GAO, Port Security: Better Planning Needed to Develop and Operate
Maritime Worker Identification Card Program, GAO-05-106 (Washington,
D.C.: Dec. 10, 2004).
[34] Best practices indicate that plans for activities such as cost-
benefit and alternatives analyses should be developed to help
facilitate data collection and analysis. These plans typically
describe, among other things, the data to be collected, the source of
these data, and how the data will be analyzed. Such plans are important
to guide needed data analysis as well as prevent unnecessary data
collection, which can be costly.
[35] GAO, Transportation Security R&D: TSA and DHS Are Researching and
Developing Technologies, but Need to Improve R&D Management, GAO-04-890
(Washington, D.C.: Sept. 30, 2004).
[36] Pub.L. No. 107-71, § 112(b)(1)(B). Additionally, under the
Homeland Security Act, DHS is required to establish R&D priorities for
detecting, preventing, protecting against, and responding to terrorist
attacks (Pub.L. No. 107-296, § 302(5)(B)), and to prepare comprehensive
assessments of the vulnerabilities of the nation's key resources and
critical infrastructure sectors, one of which is transportation (Pub.L.
107-296, § 201(d)(2)).
[37] GAO, Homeland Security: Key Elements of a Risk Management
Approach, GAO-02-150T (Washington, D.C.: Oct. 12, 2001).
