Aviation Security

DHS Has Made Progress in Securing the Commercial Aviation System, but Key Challenges Remain Gao ID: GAO-08-139T October 16, 2007

Within the Department of Homeland Security (DHS), the Transportation Security Administration's (TSA) mission is to protect the nation's transportation network. Since its inception in 2001, TSA has developed and implemented a variety of programs and procedures to secure commercial aviation. GAO examined (1) the progress DHS and TSA have made in securing the nation's commercial aviation system, and (2) challenges that have impeded the Department's efforts to implement its mission and management functions. This testimony is based on issued GAO reports and testimonies addressing the security of the nation's commercial aviation system, including a recently issued report (GAO-07-454) that highlights the progress DHS has made in implementing its mission and management functions.

In August 2007, GAO reported that DHS had made moderate progress in securing the commercial aviation system, but that more work remains. Specifically, DHS generally achieved 17 of the 24 performance expectations that GAO identified in the area of aviation security but had generally not achieved 7 of them. DHS and TSA have made progress in many areas related to securing commercial aviation. For example, to meet congressional mandates to screen airline passengers and 100 percent of checked baggage, TSA initially hired and deployed a federal workforce of over 50,000 passenger and checked baggage screeners and installed equipment at the nation's more than 400 commercial airports to provide the capability to screen all checked baggage using explosive detection systems. TSA has since turned its attention to, among other things, strengthening passenger prescreening; more efficiently allocating, deploying, and managing the transportation security officer (TSO)------formerly known as screener------workforce; strengthening screening procedures; developing and deploying more effective and efficient screening technologies; and improving domestic air cargo security. While these efforts have helped strengthen the security of the commercial aviation system, DHS and TSA still face a number of key challenges in further securing this system. For example, TSA has faced difficulties in developing and implementing its advanced passenger prescreening system, known as Secure Flight, and has not yet completed development efforts. In addition, DHS's efforts to enhance perimeter security at airports may not be sufficient to provide for effective security. TSA has also initiated efforts to evaluate the effectiveness of security-related technologies, such as biometric identification systems, but has not developed a plan for implementing new technologies to meet the security needs of individual airports. TSA has also not yet effectively deployed checkpoint technologies to address key existing vulnerabilities, and has not yet developed and implemented technologies needed to screen air cargo. GAO also reported that a number of issues have impeded DHS's efforts in implementing its mission and management functions, including not always implementing effective strategic planning or fully adopting and applying a risk management approach with respect to commercial aviation security.

GAO-08-139T, Aviation Security: DHS Has Made Progress in Securing the Commercial Aviation System, but Key Challenges Remain This is the accessible text file for GAO report number GAO-09-139T entitled 'Aviation Security: DHS Has Made Progress in Securing the Commercial Aviation System, but Key Challenges Remain' which was released on October 16, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Testimony Before the Subcommittee on Transportation Security and Infrastructure Protection, House Committee on Homeland Security: For Release on Delivery: Expected at 2:00 p.m. EDT: Tuesday, October 16, 2007: Aviation Security: DHS Has Made Progress in Securing the Commercial Aviation System, but Key Challenges Remain: Statement of Cathleen A. Berrick: Director: Homeland Security and Justice Issues: GAO-08-139T: GAO Highlights: Highlights of GAO-08-139T, a testimony to the Subcommittee on Transportation Security and Infrastructure Protection, House Committee on Homeland Security. Why GAO Did This Study: Within the Department of Homeland Security (DHS), the Transportation Security Administration‘s (TSA) mission is to protect the nation‘s transportation network. Since its inception in 2001, TSA has developed and implemented a variety of programs and procedures to secure commercial aviation. GAO examined (1) the progress DHS and TSA have made in securing the nation‘s commercial aviation system, and (2) challenges that have impeded the Department‘s efforts to implement its mission and management functions. This testimony is based on issued GAO reports and testimonies addressing the security of the nation‘s commercial aviation system, including a recently issued report (GAO-07- 454) that highlights the progress DHS has made in implementing its mission and management functions. What GAO Found: In August 2007, GAO reported that DHS had made moderate progress in securing the commercial aviation system, but that more work remains. Specifically, DHS generally achieved 17 of the 24 performance expectations that GAO identified in the area of aviation security but had generally not achieved 7 of them. DHS and TSA have made progress in many areas related to securing commercial aviation. For example, to meet congressional mandates to screen airline passengers and 100 percent of checked baggage, TSA initially hired and deployed a federal workforce of over 50,000 passenger and checked baggage screeners and installed equipment at the nation‘s more than 400 commercial airports to provide the capability to screen all checked baggage using explosive detection systems. TSA has since turned its attention to, among other things, strengthening passenger prescreening; more efficiently allocating, deploying, and managing the transportation security officer (TSO)--formerly known as screener--workforce; strengthening screening procedures; developing and deploying more effective and efficient screening technologies; and improving domestic air cargo security. While these efforts have helped strengthen the security of the commercial aviation system, DHS and TSA still face a number of key challenges in further securing this system. For example, TSA has faced difficulties in developing and implementing its advanced passenger prescreening system, known as Secure Flight, and has not yet completed development efforts. In addition, DHS‘s efforts to enhance perimeter security at airports may not be sufficient to provide for effective security. TSA has also initiated efforts to evaluate the effectiveness of security-related technologies, such as biometric identification systems, but has not developed a plan for implementing new technologies to meet the security needs of individual airports. TSA has also not yet effectively deployed checkpoint technologies to address key existing vulnerabilities, and has not yet developed and implemented technologies needed to screen air cargo. GAO also reported that a number of issues have impeded DHS‘s efforts in implementing its mission and management functions, including not always implementing effective strategic planning or fully adopting and applying a risk management approach with respect to commercial aviation security. What GAO Recommends: In prior reports, GAO made a number of recommendations to DHS and TSA to strengthen their efforts to secure the commercial aviation system. DHS and TSA generally agreed with the recommendations and have taken steps to implement some of them. To view the full product, including the scope and methodology, click on [hyperlink, http://www.GAO-08-139T]. For more information, contact Cathleen Berrick at (202) 512-3404 or berrickc@gao.gov. [End of section] Madam Chair and Members of the Subcommittee: I appreciate the opportunity to participate in today‘s hearing to discuss the Department of Homeland Security‘s (DHS) progress and challenges in securing our nation‘s aviation system. The Transportation Security Administration (TSA), originally established as an agency within the Department of Transportation in 2001 but now a component within DHS, is charged with securing the transportation network while also ensuring the free movement of people and commerce. TSA has primary responsibility for security in all modes of transportation and since its inception has developed and implemented a variety of programs and procedures to secure the commercial aviation system. Other DHS components, federal agencies, state and local governments, and the private sector also play a role in aviation security. For example, the U.S. Customs and Border Protection (CBP) has responsibility for conducting passenger prescreening”in general, the matching of passenger information against terrorist watch lists prior to an aircraft‘s departure”for international flights operating to or from the United States, as well as inspecting inbound air cargo upon its arrival in the United States. In accordance with TSA requirements, airport authorities are responsible for implementing measures to secure access to restricted airport areas as well as airport perimeters, while air carriers are responsible for inspecting air cargo, among other things. My testimony today will focus on: (1) the progress TSA and other DHS components have made in securing the nation‘s commercial aviation system and (2) challenges that have impeded DHS‘s (and, as they relate to transportation security, TSA) efforts to implement its mission and management functions. My comments are based on issued GAO reports and testimonies addressing the security of the nation‘s aviation system, including an August 2007 report that highlights the progress DHS has made in implementing its mission and management functions. [Footnote 1] In this report, we reviewed the extent to which DHS has taken actions to achieve performance expectations in each of its mission and management areas that we identified from legislation, Homeland Security Presidential Directives, and DHS strategic planning documents. Based primarily on our past work, we made a determination regarding whether DHS generally achieved or generally did not achieve the key elements of each performance expectation. An assessment of ’generally achieved“ indicates that DHS has taken sufficient actions to satisfy most elements of the expectation; however, an assessment of ’generally achieved“ does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, an assessment of ’generally not achieved“ indicates that DHS has not yet taken actions to satisfy most elements of the performance expectation. In determining the department‘s overall level of progress in achieving performance expectations in each of its mission and management areas, we concluded whether the department had made limited, modest, moderate, or substantial progress. [Footnote 2] These assessments of progress do not reflect, nor are they intended to reflect, the extent to which actions by DHS and its components have made the nation more secure. We conducted our work in accordance with generally accepted government auditing standards. Summary: Within DHS, TSA is the agency with primary responsibility for securing the transportation sector and has undertaken a number of initiatives to strengthen the security of the nation‘s commercial aviation system. In large part, these efforts have been driven by legislative mandates designed to strengthen the security of commercial aviation following the September 11, 2001, terrorist attacks. In August 2007, we reported that DHS had made moderate progress in securing the aviation transportation network, but that more work remains. [Footnote 3] Specifically, of the 24 performance expectations we identified for DHS in the area of aviation security, we reported that it has generally achieved 17 of these expectations and has generally not achieved 7 expectations. DHS, primarily through TSA, has made progress in many areas related to securing commercial aviation, and their efforts should be commended. Meeting statutory mandates to screen airline passengers and 100 percent of checked baggage alone was a tremendous challenge. To do this, TSA initially hired and deployed a federal workforce of over 50,000 passenger and checked baggage screeners, and installed equipment at the nation‘s more than 400 commercial airports to provide the capability to screen all checked baggage using explosive detection systems, as mandated by law. TSA has since turned its attention to, among other things, strengthening passenger prescreening”in general, the matching of passenger information against terrorist watch lists prior to an aircraft‘s departure; more efficiently allocating, deploying, and managing the transportation security officer (TSO)”formerly known as screener”workforce; strengthening screening procedures; developing and deploying more effective and efficient screening technologies; and improving domestic air cargo security. In addition to TSA, CBP has also taken steps to strengthen passenger prescreening for passengers on international flights operating to or from the United States, as well as inspecting inbound air cargo upon its arrival in the United States. DHS‘s Science and Technology (S&T) Directorate has also taken actions to research and develop aviation security technologies. While these efforts have helped to strengthen the security of the commercial aviation system, DHS still faces a number of key challenges that need to be addressed to meet expectations set out for them by the Congress, the Administration, and the Department itself. For example, TSA has faced challenges in developing and implementing its passenger prescreening system, known as Secure Flight, and has not yet completed development efforts. As planned, this program would initially assume from air carriers the responsibility for matching information on airline passengers traveling domestically against terrorists watch lists. In addition, while TSA has taken actions to enhance perimeter security at airports, these actions may not be sufficient to provide for effective security. TSA has also begun efforts to evaluate the effectiveness of security-related technologies, such as biometric identification systems. However, TSA has not developed a plan for implementing new technologies to meet the security needs of individual airports and the commercial airport system as a whole. Further, TSA has not yet deployed checkpoint technologies to address key existing vulnerabilities, and has not yet developed and implemented technologies needed to screen air cargo. A variety of cross-cutting issues have affected DHS‘s and, as they relate to transportation security, TSA‘s efforts in implementing its mission and management functions. These key issues include agency transformation, strategic planning and results management, risk management, information sharing, and stakeholder coordination. In working towards transforming the department into an effective and efficient organization, DHS and its components have not always been transparent, which has affected our ability to perform our oversight responsibilities in a timely manner. They have also not always implemented effective strategic planning efforts, fully developed performance measures, or put into place structures to help ensure that they are managing for results. In addition, DHS and its components can more fully adopt and apply a risk management approach in implementing its security mission and core management functions. [Footnote 4] They could also better share information with federal, state, and local governments and private sector entities, and more fully coordinate its activities with key stakeholders. Background: The Aviation and Transportation Security Act (ATSA), enacted in November 2001, created TSA and gave it responsibility for securing all modes of transportation. [Footnote 5] TSA‘s aviation security mission includes strengthening the security of airport perimeters and restricted airport areas; hiring and training a screening workforce; prescreening passengers against terrorist watch lists; and screening passengers, baggage, and cargo at the over 400 commercial airports nation-wide, among other responsibilities. While TSA has operational responsibility for physically screening passengers and their baggage, TSA exercises regulatory, or oversight, responsibility for the security of airports and air cargo. Specifically, airports, air carriers, and other entities are required to implement security measures in accordance with TSA-issued security requirements, against which TSA evaluates their compliance efforts. Background TSA also oversees air carriers‘ efforts to prescreen passengers”in general, the matching of passenger information against terrorist watch lists”prior to an aircraft‘s departure. TSA plans to take over operational responsibility for this function with the implementation of its Secure Flight program initially for passengers traveling domestically. CBP has responsibility for conducting passenger prescreening for airline passengers on international flights departing from and bound for the United States, [Footnote 6] while DHS‘s Science and Technology Directorate is responsible for researching and developing technologies to secure the transportation sector. DHS Has Made Progress in Securing the Nation‘s Commercial Aviation System, but More Work Remains: DHS, primarily through the efforts of TSA, has undertaken numerous initiatives since its inception to strengthen the security of the nation‘s commercial aviation system. In large part, these efforts have been affected by legislative mandates designed to strengthen the security of commercial aviation following the September 11, 2001 terrorist attacks. These efforts have also been affected by events external to the department, including the alleged August 2006 terrorist plot to blow up commercial aircraft bound from London to the United States. For example, TSA has undertaken efforts to hire, train, and deploy a screening workforce; and screen passengers, baggage, and cargo. Although TSA has taken important actions to strengthen aviation security, the agency has faced difficulties in implementing an advanced, government-run passenger prescreening program for domestic flights, and in developing and implementing technology to screen passengers at security checkpoints and cargo placed on aircraft, among other areas. As shown in table 1, we identified 24 performance expectations for DHS in the area of aviation security, and found that overall, DHS has made moderate progress in meeting these expectations. Specifically, we found that DHS has generally achieved 17 performance expectations and has generally not achieved 7 performance expectations. We identified these performance expectations through reviews of key legislation, Homeland Security Presidential Directives, and DHS strategic planning documents. Table 1: Performance Expectations and Progress Made in Aviation Security: Performance expectation: Aviation security strategic approach: Implement a strategic approach for aviation security functions; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Airport perimeter security and access controls: Establish standards and procedures for effective airport perimeter security; Assessment: Generally achieved; [Empty]; Assessment: Generally not achieved; [Check]; Assessment: No assessment made; [Empty]. Performance expectation: Airport perimeter security and access controls: Establish standards and procedures to effectively control access to airport secured areas; Assessment: Generally achieved; [Empty]; Assessment: Generally not achieved; [Check]; Assessment: No assessment made; [Empty]. Performance expectation: Airport perimeter security and access controls: Establish procedures for implementing biometric identifier systems for airport secured areas access control; Assessment: Generally achieved; [Empty]; Assessment: Generally not achieved; [Check]; Assessment: No assessment made; [Empty]. Performance expectation: Airport perimeter security and access controls: Ensure the screening of airport employees against terrorist watch lists; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Aviation security workforce: Hire and deploy a federal screening workforce; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Aviation security workforce: Develop standards for determining aviation security staffing at airports; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Aviation security workforce: Establish standards for training and testing the performance of airport screener staff; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Aviation security workforce: Establish a program and requirements to allow eligible airports to use a private screening workforce; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Aviation security workforce: Train and deploy federal air marshals on high-risk flights; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Aviation security workforce: Establish standards for training flight and cabin crews; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Aviation security workforce: Establish a program to allow authorized flight deck officers to use firearms to defend against any terrorist or criminal acts; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Passenger prescreening: Establish policies and procedures to ensure that individuals known to pose, or suspected of posing, a risk or threat to security are identified and subjected to appropriate action; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Passenger prescreening: Develop and implement an advanced prescreening system to allow DHS to compare domestic passenger information to the Selectee List and No Fly List; Assessment: Generally achieved; [Empty]; Assessment: Generally not achieved; [Check]; Assessment: No assessment made; [Empty]. Performance expectation: Passenger prescreening: Develop and implement an international passenger prescreening process to compare passenger information to terrorist watch lists before aircraft departure; Assessment: Generally achieved; [Empty]; Assessment: Generally not achieved; [Check]; Assessment: No assessment made; [Empty]. Performance expectation: Checkpoint screening: Develop and implement processes and procedures for physically screening passengers at airport checkpoints; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Checkpoint screening: Develop and test checkpoint technologies to address vulnerabilities; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Checkpoint screening: Deploy checkpoint technologies to address vulnerabilities; Assessment: Generally achieved; [Empty]; Assessment: Generally not achieved; [Check]; Assessment: No assessment made; [Empty]. Performance expectation: Checked Baggage screening: Deploy explosive detection systems (EDS) and explosive trace detection (ETD) systems to screen checked baggage for explosives; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Checked Baggage screening: Develop a plan to deploy in-line baggage screening equipment at airports; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Checked Baggage screening: Pursue the deployment and use of in-line baggage screening equipment at airports; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Air cargo security: Develop a plan for air cargo security; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Air cargo security: Develop and implement procedures to screen air cargo; Assessment: Generally achieved; [Check]; Assessment: Generally not achieved; [Empty]; Assessment: No assessment made; [Empty]. Performance expectation: Air cargo security: Develop and implement technologies to screen air cargo; Assessment: Generally achieved; [Empty]; Assessment: Generally not achieved; [Check]; Assessment: No assessment made; [Empty]. Performance expectation: Total; Assessment: Generally achieved; 17; Assessment: Generally not achieved; 7; Assessment: No assessment made; 0. Source: GAO analysis. [End of table] Aviation Security Strategic Approach. We concluded that DHS has generally achieved this performance expectation. In our past work, we reported that TSA identified and implemented a wide range of initiatives to strengthen the security of key components of the commercial aviation system. These components are interconnected and each is critical to the overall security of commercial aviation. [Footnote 7] More recently, in March 2007, TSA released its National Strategy on Aviation Security and six supporting plans that provided more detailed strategic planning guidance in the areas of systems security; operational threat response; systems recovery; domain surveillance; and intelligence integration and domestic and international outreach. According to TSA officials, an Interagency Implementation Working Group was established under TSA leadership in January 2007 to initiate implementation efforts for the 112 actions outlined in the supporting plans. Airport Perimeter Security and Access Controls. We concluded that DHS has generally achieved one, and has generally not achieved three, of the performance expectations in this area. For example, TSA has taken action to ensure the screening of airport employees against terrorist watch lists by requiring airport operators to compare applicants‘ names against the No Fly and Selectee Lists. [Footnote 8] However, in June 2004, we reported that although TSA had begun evaluating commercial airport perimeter and access control security through regulatory compliance inspections, covert testing of selected access procedures, and vulnerability assessments at selected airports, TSA had not determined how the results of these evaluations could be used to make improvements to the nation‘s airport system as a whole. We further reported that although TSA had begun evaluating the controls that limit access into secured airport areas, it had not completed actions to ensure that all airport workers in these areas were vetted prior to being hired and trained. [Footnote 9] More recently, in March 2007, the DHS Office of Inspector General, based on the results of its access control testing at 14 domestic airports across the nation, made various recommendations to enhance the overall effectiveness of controls that limit access to airport secured areas. [Footnote 10] In March through July 2007, DHS provided us with updated information on procedures, plans, and other efforts it had implemented to secure airport perimeters and strengthen access controls, including a description of its Aviation Direct Access Screening Program. This program provides for TSOs to randomly screen airport and airline employees and employees‘ property and vehicles as they enter the secured areas of airports for the presence of explosives, incendiaries, weapons, and other items of interest as well as improper airport identification. However, DHS did not provide us with evidence that these actions provide for effective airport perimeter security, nor information on how the actions addressed all relevant requirements established by law and in our prior recommendations. Regarding procedures for implementing biometric identification systems, we reported that TSA had not developed a plan for implementing new technologies to meet the security needs of individual airports and the commercial airport system as a whole. [Footnote 11] In December 2004 and September 2006, we reported on the status of the development and testing of the Transportation Worker Identification Credential program (TWIC) [Footnote 12] – DHS‘s effort to develop biometric access control systems to verify the identity of individuals accessing secure transportation areas. Our 2004 report identified challenges that TSA faced in developing regulations and a comprehensive plan for managing the program, as well as several factors that caused TSA to miss initial deadlines for issuing TWIC cards. In our September 2006 report, we identified the challenges that TSA encountered during TWIC program testing, and several problems related to contract planning and oversight. Specifically, we reported that DHS and industry stakeholders faced difficult challenges in ensuring that biometric access control technologies will work effectively in the maritime environment where the Transportation Worker Identification Credential program is being initially tested. In October 2007, we testified that TSA had made progress in implementing the program and addressing our recommendations regarding contract planning and oversight and coordination with stakeholders. For example, TSA reported that it added staff with program and contract management expertise to help oversee the contract and developed plans for conducting public outreach and education efforts. [Footnote 13] However, DHS has not yet determined how and when it will implement a biometric identification system for access controls at commercials airports. We have initiated ongoing work to further assess DHS‘s efforts to establish procedures for implementing biometric identifier systems for airport secured areas access control. Aviation Security Workforce. We concluded that DHS has generally achieved all 7 performance expectations in this area. For example, TSA has hired and deployed a federal screening workforce at over 400 commercial airports nationwide, and has developed standards for determining TSO staffing levels at airports. TSA also established numerous programs to train and test the performance of its TSO workforce, although we reported that improvements in these efforts can be made. Among other efforts, in December 2005, TSA reported completing enhanced explosives detection training for over 18,000 TSOs, and increased its use of covert testing to assess vulnerabilities of existing screening systems. TSA also established the Screening Partnership Program which allows eligible airports to apply to TSA to use a private screening workforce. In addition, TSA has trained and deployed federal air marshals on high-risk flights; established standards for training flight and cabin crews; and established a Federal Flight Deck Officer program to select, train, and allow authorized flight deck officers to use firearms to defend against any terrorist or criminal acts. Related to flight and cabin crew training, TSA revised its guidance and standards to include additional training elements required by law and improve the organization and clarity of the training. TSA also increased its efforts to measure the performance of its TSO workforce through recertification testing and other measures. Passenger Prescreening. We reported that DHS has generally achieved one, and has not generally achieved two, of the performance expectations in this area. For example, TSA established policies and procedures to ensure that individuals known to pose, or suspected of posing, a risk or threat to security are identified and subjected to appropriate action. Specifically, TSA requires that air carriers check all passengers against the Selectee List, which identifies individuals that represent a higher than normal security risk and therefore require additional security screening, and the No Fly List, which identifies individuals who are not allowed to fly. [Footnote 14] However, TSA has faced a number of challenges in developing and implementing an advanced prescreening system, known as Secure Flight, which will allow TSA to take over the matching of passenger information against the No Fly and Selectee lists from air carriers, as required by law. [Footnote 15] In 2006, we reported that TSA had not conducted critical activities in accordance with best practices for large-scale information technology programs and had not followed a disciplined life cycle approach in developing Secure Flight. [Footnote 16] In March 2007, DHS reported that as a result of its rebaselining efforts, more effective government controls were developed to implement Secure Flight and that TSA was following a more disciplined development process. DHS further reported that it plans to begin parallel operations with the first group of domestic air carriers during fiscal year 2009 and to take over full responsibility for watch list matching in fiscal year 2010. We are continuing to assess TSA‘s efforts in developing and implementing the Secure Flight program. We have also reported that DHS has not yet implemented enhancements to its passenger prescreening process for passengers on international flights departing from and bound for the United States. [Footnote 17] Although CBP recently issued a final rule that will require air carriers to provide passenger information to CBP prior to a flight‘s departure so that CBP can compare passenger information to the terrorist watch lists before a flight takes off, this requirement is not scheduled to take effect until February 2008. In addition, while DHS plans to align its international and domestic passenger prescreening programs under TSA, full implementation of an integrated system will not occur for several years. Checkpoint Screening. We reported that DHS has generally achieved two, and has not generally achieved one, of the performance expectations in this area. For example, we reported that TSA has developed processes and procedures for screening passengers at security checkpoints and has worked to balance security needs with efficiency and customer service considerations. [Footnote 18] More specifically, in April 2007, we reported that modifications to standard operating procedures were proposed based on the professional judgment of TSA senior-level officials and program-level staff, as well as threat information and the results of covert testing. However, we found that TSA‘s data collection and analyses could be improved to help TSA determine whether proposed procedures that are operationally tested would achieve their intended purpose. We also reported that DHS and its component agencies have taken steps to improve the screening of passengers to address new and emerging threats. For example, TSA established two recent initiatives intended to strengthen the passenger checkpoint screening process: (1) the Screening Passenger by Observation Technique program, which is a behavior observation and analysis program designed to provide TSA with a nonintrusive means of identifying potentially high- risk individuals; and the (2) Travel Document Checker program which replaces current travel document checkers with TSOs who have access to sensitive security information on the threats facing the aviation industry and check for fraudulent documents. However, we found that while TSA has developed and tested checkpoint technologies to address vulnerabilities that may be exploited by identified threats such as improvised explosive devices, it has not yet effectively deployed such technologies. In July 2006, TSA reported that it installed 97 explosives trace portal machines”which use puffs of air to dislodge and detect trace amounts of explosives on persons”at 37 airports. However, DHS identified problems with these machines and has halted their deployment. TSA is also developing backscatter technology, which identifies explosives, plastics and metals, giving them shape and form and allowing them to be visually interpreted. [Footnote 19] However, limited progress has been made in fielding this technology at passenger screening checkpoints. The Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Commission Act), enacted in August 2007, restates and amends a requirement that DHS issue a strategic plan for deploying explosive detection equipment at airport checkpoints and requires DHS to expedite research and develop efforts to protect passenger aircraft from explosives devices. [Footnote 20] We are currently reviewing DHS and TSA‘s efforts to develop, test and deploy airport checkpoint technologies. [Footnote 21] Checked Baggage Screening. We concluded that DHS has generally achieved all three performance expectations in this area. Specifically, from November 2001 through June 2006, TSA procured and installed about 1,600 Explosive Detection Systems (EDS) and about 7,200 Explosive Trace Detection (ETD) machines to screen checked baggage for explosives at over 400 commercial airports. [Footnote 22] In response to mandates to field the equipment quickly and to account for limitations in airport design, TSA generally placed this equipment in a stand-alone mode”usually in airport lobbies”to conduct the primary screening of checked baggage for explosives. [Footnote 23] Based in part on our previous recommendations, TSA later developed a plan to integrate EDS and ETD machines in-line with airport baggage conveyor systems. The installation of in-line systems can result in considerable savings to TSA through the reduction of TSOs needed to operate the equipment, as well as increased security. Despite delays in the widespread deployment of in-line systems due to the high upfront capital investment required, TSA is pursuing the installation of these systems and is seeking creative financing solutions to fund their deployment. In March 2007, DHS reported that it is working with airport and air carrier stakeholders to improve checked baggage screening solutions to enhance security and free up lobby space at airports. The installation of in- line baggage screening systems continues to be an issue of congressional concern. For example, the 9/11 Commission Act reiterates a requirement that DHS submit a cost-sharing study along with a plan and schedule for implementing provisions of the study, and requires TSA to establish a prioritization schedule for airport improvement projects such as the installation of in-line baggage screening systems. [Footnote 24] Air Cargo Security. We reported that TSA has generally achieved two, and has not generally achieved one, of the performance expectations in this area. Specifically, TSA has developed a strategic plan for domestic air cargo security and has taken actions to use risk management principles to guide investment decisions related to air cargo bound for the United States from a foreign country, referred to as inbound air cargo, but these actions are not yet complete. For example, TSA plans to assess inbound air cargo vulnerabilities and critical assets”two crucial elements of a risk-based management approach”but has not yet established a methodology or time frame for how and when these assessments will be completed. [Footnote 25] TSA has also developed and implemented procedures to screen domestic and inbound air cargo. We reported in October 2005 that TSA had significantly increased the number of domestic air cargo inspections conducted of air carrier and indirect air carrier compliance with security requirements. However, we also reported that TSA exempted certain cargo from random inspection because it did not view the exempted cargo as posing a significant security risk, although air cargo stakeholders noted that such exemptions may create potential security risks and vulnerabilities since shippers may know how to package their cargo to avoid inspection. [Footnote 26] In part based on a recommendation we made, TSA is evaluating existing exemptions to determine whether they pose a security risk, and has removed some exemptions that were previously allowed. The 9/11 Commission Act requires, no later than 3 years after its enactment, that DHS have a system in place to screen 100 percent of cargo transported on passenger aircraft. [Footnote 27] Although TSA has taken action to develop plans for securing air cargo and establishing and implementing procedures to screen air cargo, DHS has not yet developed and implemented screening technologies. DHS is pursuing multiple technologies to automate the detection of explosives in the types and quantities that would cause catastrophic damage to an aircraft in flight. However, TSA acknowledged that full development of these technologies may take 5 to 7 years. In April 2007, we reported that TSA and DHS‘s S&T Directorate were in the early stages of evaluating and piloting available aviation security technologies to determine their applicability to the domestic air cargo environment. We further reported that although TSA anticipates completing its pilot tests by 2008, it has not yet established time frames for when it might implement these methods or technologies for the inbound air cargo system. [Footnote 28] Cross-cutting Issues Have Hindered DHS‘s Efforts in Implementing Its Mission and Management Functions: Our work has identified homeland security challenges that cut across DHS‘s mission and core management functions. These issues have impeded the department‘s progress since its inception and will continue as DHS moves forward. While it is important that DHS continue to work to strengthen each of its mission and core management functions, to include aviation security, it is equally important that these key issues be addressed from a comprehensive, department-wide perspective to help ensure that the department has the structure and processes in place to effectively address the threats and vulnerabilities that face the nation. These issues include: (1) transforming and integrating DHS‘s management functions; (2) establishing baseline performance goals and measures and engaging in effective strategic planning efforts; (3) applying and strengthening a risk management approach for implementing missions and making resource allocation decisions; (4) sharing information with key stakeholders; and (5) coordinating and partnering with federal, state and local, and private sector agencies. We have made numerous recommendations to DHS to strengthen these efforts, and the department has made progress in implementing some of these recommendations. DHS has faced a variety of difficulties in its efforts to transform into a fully functioning department. We designated DHS‘s implementation and transformation as high-risk in part because failure to effectively address this challenge could have serious consequences for our security and economy. DHS continues to face challenges in key areas, including acquisition, financial, human capital, and information technology management. This array of management and programmatic challenges continues to limit DHS‘s ability to effectively and efficiently carry out its mission. In addition, transparency plays an important role in helping to ensure effective and efficient transformation efforts. We have reported that DHS has not made its management or operational decisions transparent enough so that Congress can be sure it is effectively, efficiently, and economically using the billions of dollars in funding it receives annually. More specifically, in April 2007, we testified that we have encountered access issues during numerous engagements at DHS, including significant delays in obtaining requested documents that have affected our ability to do our work in a timely manner. [Footnote 29] The Secretary of DHS and the Under Secretary for Management have stated their desire to work with us to resolve access issues and to provide greater transparency. It will be important for DHS and its components to become more transparent and minimize recurring delays in providing access to information on its programs and operations so that Congress, GAO, and others can independently assess its efforts. In addition, DHS has not always implemented effective strategic planning efforts and has not yet fully developed performance measures or put into place structures to help ensure that the agency is managing for results. We have identified strategic planning as one of the critical success factors for new organizations, and reported that both DHS‘s and TSA‘s efforts in this area have been mixed. For example, with regards to TSA‘s efforts to secure air cargo, we reported that TSA completed an Air Cargo Strategic Plan in November 2003 that outlined a threat-based risk management approach to securing the nation‘s domestic air cargo system, and that this plan identified strategic objectives and priority actions for enhancing air cargo security based on risk, cost, and deadlines. However, we reported that TSA had not developed a similar strategy for addressing the security of inbound air cargo”cargo transported into the United States from foreign countries, including how best to partner with CBP and international air cargo stakeholders. In another example, we reported that TSA had not yet developed outcome- based performance measures for its foreign airport assessment and air carrier inspection programs, such as the percentage of security deficiencies that were addressed as a result of TSA‘s on-site assistance and recommendations, to identify any aspects of these programs that may need attention. We recommended that DHS direct TSA and CBP to develop a risk-based strategy, including specific goals and objectives, for securing air cargo; [Footnote 30] and develop outcome- based performance measures for its foreign airport assessment and air carrier inspection programs. [Footnote 31] DHS generally concurred with GAO‘s recommendations. DHS has also not fully adopted and applied a risk management approach in implementing its mission and core management functions. Risk management has been widely supported by the President and Congress as an approach for allocating resources to the highest priority homeland security investments, and the Secretary of Homeland Security and the Assistant Secretary for Transportation Security have made it a centerpiece of DHS and TSA policy. Several DHS component agencies and TSA have worked towards integrating risk-based decision making into their security efforts, but we reported that these efforts can be strengthened. For example, TSA has incorporated certain risk management principles into securing air cargo, but has not completed assessments of air cargo vulnerabilities or critical assets”two crucial elements of a risk-based approach without which TSA may not be able to appropriately focus its resources on the most critical security needs. TSA has also incorporated risk-based decision making when making modifications to airport checkpoint screening procedures, to include modifying procedures based on intelligence information and vulnerabilities identified through covert testing at airport checkpoints. However, in April 2007 we reported that TSA‘s analyses that supported screening procedural changes could be strengthened. For example, TSA officials decided to allow passengers to carry small scissors and tools onto aircraft based on their review of threat information”which indicated that these items do not pose a high risk to the aviation system”so that TSOs could concentrate on higher threat items.32 However, TSA officials did not conduct the analysis necessary to help them determine whether this screening change would affect TSO‘s ability to focus on higher-risk threats. [Footnote 33] We have further reported that opportunities exist to enhance the effectiveness of information sharing among federal agencies, state and local governments, and private sector entities. In August 2003, we reported that efforts to improve intelligence and information sharing need to be strengthened, and in 2005, we designated information sharing for homeland security as high-risk. [ Footnote 34] In January 2005, we reported that the nation still lacked an implemented set of government- wide policies and processes for sharing terrorism-information, but DHS has issued a strategy on how it will put in place the overall framework, policies, and architecture for sharing information with all critical partners”actions that we and others have recommended. [Footnote 35] DHS has taken some steps to implement its information sharing responsibilities. States and localities are also creating their own information ’fusion“ centers, some with DHS support. With respect to aviation security, the importance of information sharing was recently highlighted in the 9/11 Commission Act, which requires DHS to establish a plan to promote the sharing of transportation security information among DHS and federal, state and local agencies, tribal governments, and appropriate private entities. [Footnote 36] The Act also requires that DHS provide timely threat information to carriers and operators that are preparing and submitting a vulnerability assessment and security plan, including an assessment of the most likely methods that could be used by terrorists to exploit weaknesses in their security. [Footnote 37] In addition to providing federal leadership with respect to homeland security, DHS also plays a large role in coordinating the activities of key stakeholders, but has faced challenges in this regard. To secure the nation, DHS must form effective and sustained partnerships between legacy component agencies and a range of other entities, including other federal agencies, state and local governments, the private and nonprofit sectors, and international partners. We have reported that successful partnering and coordination involves collaborating and consulting with stakeholders to develop and agree on goals, strategies, and roles to achieve a common purpose; identify resource needs; establish a means to operate across agency boundaries, such as compatible procedures, measures, data, and systems; and agree upon and document mechanisms to monitor, evaluate, and report to the public on the results of joint efforts. [Footnote 38] We have found that the appropriate homeland security roles and responsibilities within and between the levels of government, and with the private sector, are evolving and need to be clarified. For example, we reported that opportunities exists for TSA to work with foreign governments and industry to identify best practices for securing air cargo, and recommended that TSA systematically compile and analyze information on practices used abroad to identify those that may strengthen the department‘s overall security efforts. [Footnote 39] Further, regarding efforts to respond to in-flight security threats, which”depending on the nature of the threat”could involve 15 federal agencies and agency components, we recommended that DHS and other departments document and share their respective coordination and communication strategies and response procedures. [Footnote 40] Concluding Observations: The magnitude of DHS‘s and more specifically TSA‘s responsibilities in securing the nation‘s commercial aviation system is significant, and we commend the department on the work it has done and is currently doing to secure this network. Nevertheless, given the dominant role that TSA plays in securing the homeland, it is critical that its programs and initiatives operate as efficiently and effectively as possible. In the almost 6 years since its creation, TSA has had to undertake its critical mission while also establishing and forming a new agency. At the same time, a variety of factors, including threats to and attacks on aviation systems around the world, as well as new legislative requirements, has led the agency to reassess its priorities and reallocate resources to address key events, and to respond to emerging threats. Although TSA has made considerable progress in addressing key aspects of commercial aviation security, more work remains in the areas of checkpoint and air cargo technology, airport security, and passenger prescreening. As DHS and TSA and other components move forward, it will be important for the department to work to address the challenges that have affected its operations thus far, including developing results- oriented goals and measures to assess performance; developing and implementing a risk-based approach to guide resource decisions; and establishing effective frameworks and mechanisms for sharing information and coordinating with homeland security partners. A well- managed, high-performing TSA is essential to meeting the significant challenge of securing the transportation network. As TSA continues to evolve, implement its programs, and integrate its functions, we will continue to review its progress and performance and provide information to Congress and the public on its efforts. Madam Chair, this concludes my statement. I would be pleased to answer any questions that you or other members of the Subcommittee may have at this time. GAO Contact and Staff Acknowledgments: For further information on this testimony, please contact Cathleen Berrick at (202) 512- 3404 or at berrickc@gao.gov. Individuals making key contributions to this testimony include Steve D. Morris, Assistant Director, Gary Malavenda, Susan Langley, and Linda Miller. [End of section] Footnotes: [1] GAO, Department of Homeland Security: Progress Report on Implementation of Mission and Management Functions, GAO-07-454 (Washington, D.C.: August 2007); GAO, Department of Homeland Security: Progress Report on Implementation of Mission and Management Functions, GAO-07-1081T (Washington, D.C.: September 2007); and GAO, Department of Homeland Security: Progress Report on Implementation of Mission and Management Functions, GAO-07-1240T (Washington, D.C.: September 2007). [2] Limited progress: DHS has taken actions to generally achieve 25 percent or less of the identified performance expectations. Modest progress: DHS has taken actions to generally achieve more than 25 percent but 50 percent or less of the identified performance expectations. Moderate progress: DHS has taken actions to generally achieve more than 50 percent but 75 percent or less of the identified performance expectations. Substantial progress: DHS has taken actions to generally achieve more than 75 percent of the identified performance expectations. [3] GAO-07-454. [4] A risk management approach entails a continuous process of managing risk through a series of actions, including setting strategic goals and objectives, assessing risk, evaluating alternatives, selecting initiatives to undertake, and implementing and monitoring those initiatives. [5] Pub. L. No. 107-71, 115 Stat. 597 (2001). [6] Currently, air carriers departing the United States are required to transmit passenger manifest information to CBP no later than 15 minutes prior to departure but, for flights bound for the United States, air carriers are not required to transmit the information until 15 minutes after the flight‘s departure (in general, after the aircraft is in flight). See 19 C.F.R. �� 122.49a, 122.75a. In a final rule published in the Federal Register on August 23, 2007, CBP established a requirement for all air carriers to either transmit the passenger manifest information to CBP no later than 30 minutes prior to the securing of the aircraft doors (that is, prior to the flight being airborne), or transmit manifest information on an individual basis as each passenger checks in for the flight up to but no later than the securing of the aircraft. See 72 Fed. Reg. 48,320 (Aug. 23, 2007). This requirement is to take effect on February 19, 2008. [7] For more information, see GAO, Aviation Security: Enhancements Made in Passenger and Checked Baggage Screening, but Challenges Remain, GAO- 06-371T (Washington, D.C: April 2006). [8] For more information, see GAO, Aviation Security: Transportation Security Administration Has Made Progress in Managing a Federal Security Workforce and Ensuring Security at U.S. Airports, but Challenges Remain, GAO-06-597T, (Washington, D.C.: April 2006) and GAO, Aviation Security: Further Steps Needed to Strengthen the Security of Commercial Airport Perimeters and Access Controls, GAO-04-728 (Washington, D.C.: June 2004). [9] GAO-06-597T and GAO-04-728. [10] Department of Homeland Security Office of Inspector General, Audit of Access to Airport Secured Areas (Unclassified Summary), OIG-07-35 (Washington, D.C.: March 2007). [11] GAO-06-597T and GAO-04-728. [12] GAO, Port Security: Better Planning Needed to Develop and Operate Maritime Worker Identification Card Program, GAO-05-106 (Washington, D.C.: December 2004), and Transportation Security: DHS Should Address Key Challenges before Implementing the Transportation Worker Identification Credential Program, GAO-06-982 (Washington, D.C.: September 2006). [13] GAO, Maritime Security: The Safe Port Act and Efforts to Secure Our Nation's Seaports, GAO-08-86T (Washington, D.C. October 4, 2007). [14] In accordance with TSA-issued security requirements, passengers on the No Fly List are denied boarding passes and are not permitted to fly unless cleared by law enforcement officers. Similarly, passengers who are on the Selectee List are issued boarding passes, and they and their baggage undergo additional security measures. [15] See 49 U.S.C. � 44903(j)(2)(C). [16] GAO, Aviation Security: Management Challenges Remain for the Transportation Security Administration‘s Secure Flight Program, GAO-06- 864T (Washington, D.C.: June 2006). [17] GAO, Aviation Security: Progress Made in Systematic Planning to Guide Key Investment Decisions, but More Work Remains, GAO-07-448T (Washington, D.C.: February 2007) and GAO, Aviation Security: Efforts to Strengthen International Passenger Prescreening Are Under Way, but Planning and Implementation Issues Remain, GAO-07-346 (Washington, D.C.: May 2007). [18] For more information, see GAO, Aviation Security: Risk, Experience, and Customer Concerns Drive Changes to Airline Passenger Screening Procedures, but Evaluation and Documentation of Proposed Changes Could Be Improved, GAO-07-634 (Washington, D.C.: May 2007); GAO, Aviation Security: TSA‘s Change to Its Prohibited Items List Has Not Resulted in Any Reported Security Incidents, but the Impact of the Change on Screening Operations Is Inconclusive, GAO-07-623R (Washington, D.C.: April 2007); GAO, Airport Passenger Screening: Preliminary Observations on Progress Made and Challenges Remaining, GAO- 03-1173 (Washington, D.C.: September 2003); and GAO, Aviation Security: Enhancements Made in Passenger and Checked Baggage Screening, but Challenges Remain, GAO-06-371T (Washington, D.C.: April 2006). [19] GAO-06-371T. [20] See Pub. L. No. 110-53, ��1607, 1610, 121 Stat. 266, 483-85 (2007). [21] For more information, see GAO-06-371T. [22] Explosive detection systems (EDS) use specialized X-rays to detect characteristics of explosives that may be contained in baggage as it moves along a conveyor belt. Explosive trace detection (ETD) works by detecting vapors and residues of explosives. Human operators collect samples by rubbing swabs along the interior and exterior of an object that TSOs determine to be suspicious, and place the swabs in the ETD machine, which then chemically analyzes the swabs to identify any traces of explosive materials. [23] For more information, see GAO, Aviation Security: TSA Oversight of Checked Baggage Screening Procedures Could Be Strengthened, GAO-06-869 (Washington, D.C.: July 2006), GAO-06-371T, and GAO-07-448T. [24] See Pub. L. No. 110-53, � 1603-04, 121 Stat. at 480-81. [25] For more information, see GAO, Aviation Security: Federal Action Needed to Strengthen Domestic Air Cargo Security, GAO-06-76, (Washington, D.C.: October 2005) and GAO, Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and Could Be Strengthened, GAO-07-660 (Washington, D.C.: April 2007). [26] GAO-06-76. [27] See Pub. L. No. 110-53, � 1602, 121 Stat. at 477-79.This provision defines screening as a physical examination or non-intrusive method of assessing whether cargo poses a threat to transportation security that includes the use of technology, procedures, personnel, or other methods to provide a level of security commensurate with the level of security for the screening of passenger checked baggage. Methods such as solely performing a review of information about the contents of cargo or verifying the identity of a shipper of the cargo, including whether a known shipper is registered in TSA‘s known shipper database, do not constitute screening under this provision. [28] GAO-07-660. [29] GAO, Department of Homeland Security: Observations on GAO Access to Information on Programs and Activities, GAO-07-700T, (Washington, D.C.: April 2007). [30] GAO-07-660. [31] GAO, Aviation Security: Foreign Airport Assessments and Air Carrier Inspections Help Enhance Security, but Oversight of These Efforts Can Be Strengthened, GAO-07-729 (Washington, D.C.: May 11, 2007). [32] GAO, Aviation Security: Risk, Experience, and Customer Concerns, GAO-07-634 (Washington, D.C.: May 2007). [33] GAO, Aviation Security: Risk, Experience, and Customer Concerns Drive Changes to Airline Passenger Screening Procedures, but Evaluation and Documentation of Proposed Changes Could Be Improved, GAO-07-634 (Washington, D.C.: April 16, 2007). [34] GAO, Homeland Security: Efforts to Improve Information Sharing Need to Be Strengthened, GAO-03-760 (Washington, D.C.: August 2003) and GAO, High-Risk Series: An Update GAO-05-207 (Washington, D.C.: January 2005). [35] GAO-07-454. [36] See Pub. L. No. 110-53, � 1203, 121 Stat. at 383-86. [37] See Pub. L. No. 110-53, �� 1512(d)(2), 1531(d)(2), 121 Stat. at 430, 455. [38] GAO, Homeland Security: Management and Programmatic Challenges Facing the Department of Homeland Security, GAO-07-833T (Washington, D.C.: May 2007) [39] GAO-07-660 [40] GAO,Aviation Security: Federal Coordination for Responding to In- flight Security Threats Has Matured, but Procedures Can Be Strengthened, GAO-07-891R (Washington, D.C.: July 31, 2007). [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "Subscribe to Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office: 441 G Street NW, Room LM: Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Gloria Jarmon, Managing Director, JarmonG@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Susan Becker, Acting Manager, BeckerS@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: