Transportation Security
Efforts to Strengthen Aviation and Surface Transportation Security are Under Way, but Challenges Remain Gao ID: GAO-08-140T October 16, 2007Within the Department of Homeland Security (DHS), the Transportation Security Administration's (TSA) mission is to protect the nation's transportation network. Since its inception in 2001, TSA has developed and implemented a variety of programs and procedures to secure commercial aviation and surface modes of transportation, including passenger and freight rail, mass transit, highways, commercial vehicles, and pipelines. Other DHS components, federal agencies, state and local governments, and the private sector also play a role in transportation security. GAO examined (1) the progress DHS and TSA have made in securing the nation's aviation and surface transportation systems, and (2) challenges that have impeded the department's efforts to implement its mission and management functions. This testimony is based on issued GAO reports and testimonies addressing the security of the nation's aviation and surface transportation systems, including a recently issued report (GAO-07-454) that highlights the progress DHS has made in implementing its mission and management functions.
In August 2007, GAO reported that DHS had made moderate progress in securing the aviation and surface transportation networks, but that more work remains. Specifically, of the 24 performance expectations GAO identified in the area of aviation security, GAO reported that DHS had generally achieved 17 of these expectations and had generally not achieved 7 expectations. With regard to the security of surface modes of transportation, GAO reported that DHS generally achieved three performance expectations and had generally not achieved two others. DHS and TSA have made progress in many areas related to securing commercial aviation. For example, TSA has undertaken efforts to strengthen airport security; provide and train a screening workforce; prescreen passengers against terrorist watch lists; and screen passengers, baggage, and cargo. With regard to surface transportation modes, TSA has taken steps to develop a strategic approach for securing mass transit, passenger and freight rail, commercial vehicles, highways, and pipelines; establish security standards for certain transportation modes; and conduct threat, criticality, and vulnerability assessments of surface transportation assets, particularly passenger and freight rail. TSA also hired and deployed compliance inspectors and conducted inspections of passenger and freight rail systems. While these efforts have helped to strengthen the security of the transportation network, DHS and TSA still face a number of key challenges in further securing these systems. For example, regarding commercial aviation, TSA has faced difficulties in developing and implementing its advanced passenger prescreening system, known as Secure Flight, and has not yet completed development efforts. In addition, TSA's efforts to enhance perimeter security at airports may not be sufficient to provide for effective security. TSA has also initiated efforts to evaluate the effectiveness of security-related technologies, such as biometric identification systems, but has not developed a plan for implementing new technologies to meet the security needs of individual airports. TSA has also not yet effectively deployed checkpoint technologies to address key existing vulnerabilities, and has not yet developed and implemented technologies needed to screen air cargo. Further, while TSA has initiated efforts to develop security standards for surface transportation modes, these efforts have been limited to passenger and freight rail, and have not addressed commercial vehicles or highway infrastructure, including bridges and tunnels. GAO also reported that a number of issues have impeded DHS's efforts in implementing its mission and management functions, including not always implementing effective strategic planning, or fully adopting and applying a risk management approach with respect to transportation security.
GAO-08-140T, Transportation Security: Efforts to Strengthen Aviation and Surface Transportation Security are Under Way, but Challenges Remain
This is the accessible text file for GAO report number GAO-08-140T
entitled 'Transportation Security: Efforts to Strengthen Aviation and
Surface Transportation Security are Under Way, but Challenges Remain'
which was released on October 16, 2007.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Testimony before the Committee on Commerce, Science, and
Transportation, U. S. Senate:
United States Government Accountability Office:
GAO:
For Release on Delivery Expected at 10:00 a.m. EDT:
Tuesday, October 16, 2007:
Transportation Security:
Efforts to Strengthen Aviation and Surface Transportation Security are
Under Way, but Challenges Remain:
Statement of Cathleen A. Berrick, Director:
Homeland Security and Justice Issues:
GAO-08-140T:
GAO Highlights:
Highlights of GAO-08-140T, testimony before the U.S. Senate Committee
on Commerce, Science and Transportation.
Why GAO Did This Study:
Within the Department of Homeland Security (DHS), the Transportation
Security Administration‘s (TSA) mission is to protect the nation‘s
transportation network. Since its inception in 2001, TSA has developed
and implemented a variety of programs and procedures to secure
commercial aviation and surface modes of transportation, including
passenger and freight rail, mass transit, highways, commercial
vehicles, and pipelines. Other DHS components, federal agencies, state
and local governments, and the private sector also play a role in
transportation security. GAO examined (1) the progress DHS and TSA have
made in securing the nation‘s aviation and surface transportation
systems, and (2) challenges that have impeded the department‘s efforts
to implement its mission and management functions. This testimony is
based on issued GAO reports and testimonies addressing the security of
the nation‘s aviation and surface transportation systems, including a
recently issued report (GAO-07-454) that highlights the progress DHS
has made in implementing its mission and management functions.
What GAO Found:
In August 2007, GAO reported that DHS had made moderate progress in
securing the aviation and surface transportation networks, but that
more work remains. Specifically, of the 24 performance expectations GAO
identified in the area of aviation security, GAO reported that DHS had
generally achieved 17 of these expectations and had generally not
achieved 7 expectations. With regard to the security of surface modes
of transportation, GAO reported that DHS generally achieved three
performance expectations and had generally not achieved two others. DHS
and TSA have made progress in many areas related to securing commercial
aviation. For example, TSA has undertaken efforts to strengthen airport
security; provide and train a screening workforce; prescreen passengers
against terrorist watch lists; and screen passengers, baggage, and
cargo. With regard to surface transportation modes, TSA has taken steps
to develop a strategic approach for securing mass transit, passenger
and freight rail, commercial vehicles, highways, and pipelines;
establish security standards for certain transportation modes; and
conduct threat, criticality, and vulnerability assessments of surface
transportation assets, particularly passenger and freight rail. TSA
also hired and deployed compliance inspectors and conducted inspections
of passenger and freight rail systems.
While these efforts have helped to strengthen the security of the
transportation network, DHS and TSA still face a number of key
challenges in further securing these systems. For example, regarding
commercial aviation, TSA has faced difficulties in developing and
implementing its advanced passenger prescreening system, known as
Secure Flight, and has not yet completed development efforts. In
addition, TSA‘s efforts to enhance perimeter security at airports may
not be sufficient to provide for effective security. TSA has also
initiated efforts to evaluate the effectiveness of security-related
technologies, such as biometric identification systems, but has not
developed a plan for implementing new technologies to meet the security
needs of individual airports. TSA has also not yet effectively deployed
checkpoint technologies to address key existing vulnerabilities, and
has not yet developed and implemented technologies needed to screen air
cargo. Further, while TSA has initiated efforts to develop security
standards for surface transportation modes, these efforts have been
limited to passenger and freight rail, and have not addressed
commercial vehicles or highway infrastructure, including bridges and
tunnels. GAO also reported that a number of issues have impeded DHS‘s
efforts in implementing its mission and management functions, including
not always implementing effective strategic planning, or fully adopting
and applying a risk management approach with respect to transportation
security.
What GAO Recommends:
In prior reports, GAO made a number of recommendations to DHS and TSA
to strengthen their efforts to secure the transportation network. DHS
and TSA generally agreed with the recommendations and have taken steps
to implement some of them.
To view the full product, including the scope and methodology, click on
[hyperlink, http://www.GAO-08-140T.] For more information, contact
Cathleen Berrick at (202) 512-3404 or berrickc@gao.govv.
[End of section]
Mr. Chairman and Members of the Committee:
I appreciate the opportunity to participate in today's hearing to
discuss the Department of Homeland Security's (DHS) progress and
challenges in securing our nation's transportation systems. The
Transportation Security Administration (TSA), originally established as
an agency within the Department of Transportation in 2001 but now a
component within DHS, is charged with securing the transportation
network while also ensuring the free movement of people and commerce.
TSA has primary responsibility for security in all modes of
transportation and since its inception has developed and implemented a
variety of programs and procedures to secure commercial aviation and
surface modes of transportation, including passenger and freight rail,
mass transit, highways, commercial vehicles, and pipelines. Other DHS
components, federal agencies, state and local governments, and the
private sector also play a role in transportation security. For
example, with respect to commercial aviation, the U.S. Customs and
Border Protection (CBP) has responsibility for conducting passenger
prescreening--in general, the matching of passenger information against
terrorist watch lists prior an aircraft's departure --for international
flights operating to or from the United States, as well as inspecting
inbound air cargo upon its arrival in the United States. In addition,
responsibility for securing rail and other surface modes of
transportation is shared among federal, state, and local governments
and the private sector.
My testimony today will focus on: 1) the progress TSA, and other DHS
components have made in securing the nation's aviation and surface
transportation systems, and 2) challenges which have impeded DHS's
(and, as they relate to transportation security, TSA) efforts to
implement its mission and management functions. My comments are based
on issued GAO reports and testimonies addressing the security of the
nation's aviation and surface transportation systems, including an
August 2007 report that highlights the progress DHS has made in
implementing its mission and management functions.[Footnote 1] In this
report, we reviewed the extent to which DHS has taken actions to
achieve performance expectations in each of its mission and management
areas that we identified from legislation, Homeland Security
Presidential Directives, and DHS strategic planning documents. Based
primarily on our past work, we made a determination regarding whether
DHS generally achieved or generally did not achieve the key elements of
each performance expectation. An assessment of "generally achieved"
indicates that DHS has taken sufficient actions to satisfy most
elements of the expectation; however, an assessment of "generally
achieved" does not signify that no further action is required of DHS or
that functions covered by the expectation cannot be further improved or
enhanced. Conversely, an assessment of "generally not achieved"
indicates that DHS has not yet taken actions to satisfy most elements
of the performance expectation. In determining the department's overall
level of progress in achieving performance expectations in each of its
mission and management areas, we concluded whether the department had
made limited, modest, moderate, or substantial progress.[Footnote 2]
These assessments of progress do not reflect, nor are they intended to
reflect, the extent to which actions by DHS and its components have
made the nation more secure. We conducted our work in accordance with
generally accepted government auditing standards.
Summary:
Within DHS, TSA is the agency with primary responsibility for securing
the transportation sector and has undertaken a number of initiatives to
strengthen the security of the nation's commercial aviation and surface
transportation systems. In large part, these efforts have been driven
by legislative mandates designed to strengthen the security of
commercial aviation following the September 11, 2001, terrorist
attacks. In August 2007, we reported that DHS had made moderate
progress in securing the aviation and surface transportation networks,
but that more work remains.[Footnote 3] Specifically, of the 24
performance expectations we identified for DHS in the area of aviation
security, we reported that it has generally achieved 17 of these
expectations and has generally not achieved 7 expectations. With regard
to the security of surface modes of transportation, we reported that
DHS generally achieved three performance expectations and has generally
not achieved two others.
DHS, primarily through TSA, has made progress in many areas related to
securing commercial aviation and surface modes of transportation, and
their efforts should be commended. Meeting statutory mandates to screen
airline passengers and 100 percent of checked baggage alone was a
tremendous challenge. To do this, TSA initially hired and deployed a
federal workforce of over 50,000 passenger and checked baggage
screeners, and installed equipment at the nation's more than 400
commercial airports to provide the capability to screen all checked
baggage using explosive detection systems, as mandated by law. TSA has
since turned its attention to, among other things, strengthening
passenger prescreening--in general, the matching of passenger
information against terrorist watch lists prior to an aircraft's
departure; more efficiently allocating, deploying, and managing the
transportation security officer (TSO)--formerly known as screener--
workforce; strengthening screening procedures; developing and deploying
more effective and efficient screening technologies; and improving
domestic air cargo security. In addition to TSA, CBP has also taken
steps to strengthen passenger prescreening for passengers on
international flights operating to or from the United States, as well
as inspecting inbound air cargo upon its arrival in the United States.
DHS's Science and Technology (S&T) Directorate has also taken actions
to research and develop aviation security technologies. With regard to
surface transportation modes, TSA has taken steps to develop a
strategic approach for securing mass transit, passenger and freight
rail, commercial vehicles, highways, and pipelines; establish security
standards for certain transportation modes; and conduct threat,
criticality, and vulnerability assessments of surface transportation
assets, particularly passenger and freight rail. TSA also hired and
deployed compliance inspectors and conducted inspections of passenger
and freight rail systems. DHS also developed and administered grant
programs for various surface transportation modes.
While these efforts have helped to strengthen the security of the
transportation network, DHS still faces a number of key challenges that
need to be addressed to meet expectations set out for them by Congress,
the Administration, and the Department itself. For example, regarding
commercial aviation, TSA has faced challenges in developing and
implementing its passenger prescreening system, known as Secure Flight,
and has not yet completed development efforts. As planned, this program
would initially assume from air carriers the responsibility for
matching information on airline passengers traveling domestically
against terrorists watch lists. In addition, while TSA has taken
actions to enhance perimeter security at airports, these actions may
not be sufficient to provide for effective security. TSA has also begun
efforts to evaluate the effectiveness of security-related technologies,
such as biometric identification systems. However, TSA has not
developed a plan for implementing such new technologies to meet the
security needs of individual airports and the commercial airport system
as a whole. Further, TSA has not yet deployed checkpoint technologies
to address key existing vulnerabilities, and has not yet developed and
implemented technologies needed to screen air cargo. With regard to
surface transportation security, while TSA has initiated efforts to
develop security standards for surface transportation modes, these
efforts have been limited to passenger and freight rail, and have not
addressed commercial vehicle or highway infrastructure, including
bridges and tunnels. TSA has yet to provide a rationale or explanation
for why standards may not be needed for these modes. Moreover, although
TSA has made progress in conducting compliance inspections of some
surface transportation systems, inspectors' roles and missions have not
been fully defined.
A variety of cross-cutting issues have affected DHS's and, as they
relate to transportation security, TSA's efforts in implementing its
mission and management functions. These key issues include agency
transformation, strategic planning and results management, risk
management, information sharing, and stakeholder coordination. In
working towards transforming the department into an effective and
efficient organization, DHS and its components have not always been
transparent which has affected our ability to perform our oversight
responsibilities in a timely manner. They have also not always
implemented effective strategic planning efforts, fully developed
performance measures, or put into place structures to help ensure that
they are managing for results. In addition, DHS and its components can
more fully adopt and apply a risk management approach in implementing
its security mission and core management functions.[Footnote 4] They
could also better share information with federal agencies, state and
local governments and private sector entities, and more fully
coordinate their activities with key stakeholders.
Background:
The Aviation and Transportation Security Act (ATSA), enacted in
November 2001, created TSA and gave it responsibility for securing all
modes of transportation. [Footnote 5] TSA's aviation security mission
includes strengthening the security of airport perimeters and
restricted airport areas; hiring and training a screening workforce;
prescreening passengers against terrorist watch lists; and screening
passengers, baggage, and cargo at the over 400 commercial airports
nation-wide, among other responsibilities. While TSA has operational
responsibility for physically screening passengers and their baggage,
TSA exercises regulatory, or oversight, responsibility for the security
of airports and air cargo. Specifically, airports, air carriers, and
other entities are required to implement security measures in
accordance with TSA-issued security requirements, against which TSA
evaluates their compliance efforts.
TSA also oversees air carriers' efforts to prescreen passengers--in
general, the matching of passenger information against terrorist watch
lists prior to an aircraft's departure --and plans to take over
operational responsibility for this function with the implementation of
its Secure Flight program initially for passengers traveling
domestically. CBP also has responsibility for prescreening airline
passengers on international flights departing from and bound for the
United States,[Footnote 6] while DHS's Science and Technology
Directorate is responsible for researching and developing technologies
to secure the transportation sector.
TSA shares responsibility for securing surface transportation modes
with federal, state, and local governments and the private sector.
TSA's security mission includes establishing security standards and
conducting assessments and inspections of surface transportation modes,
including passenger and freight rail; mass transit; highways and
commercial vehicles; and pipelines. The Federal Emergency Management
Agency's Grant Programs Directorate provides grant funding to surface
transportation operators and state and local governments, and in
conjunction with certain grants the National Protection and Programs
Directorate conducts risk assessments of surface transportation
facilities. Within the Department of Transportation (DOT), the Federal
Transit Administration (FTA) and Federal Railroad Administration (FRA)
have responsibilities for establishing standards for passenger rail
safety and security. In addition, public and private sector
transportation operators are responsible for implementing security
measures for their systems. For example, the primary responsibility for
securing passenger rail systems rests with the passenger rail
operators. Passenger rail operators, which can be public or private
entities, are responsible for administering and managing passenger rail
activities and services, including security.
DHS Has Made Progress in Securing the Nation's Aviation and Surface
Transportation Systems, but More Work Remains:
DHS, primarily through the efforts of TSA, has undertaken numerous
initiatives to strengthen the security of the nation's aviation and
surface transportation systems. In large part, these efforts have been
guided by legislative mandates designed to strengthen the security of
commercial aviation following the September 11, 2001 terrorist attacks.
These efforts have also been affected by events external to the
department, including the alleged August 2006 terrorist plot to blow up
commercial aircraft bound from London to the United States, and the
2004 Madrid and 2005 London train bombings. While progress has been
made in many areas with respect to securing the transportation network,
we found that the department can strengthen its efforts in some key
areas outlined by the Congress, the Administration, and the department
itself. Specifically, regarding commercial aviation, we reported that
DHS has generally achieved 17 performance expectations in this area,
and has generally not achieved 7 expectations. Regarding the security
of surface transportation modes, we reported that DHS has generally
achieved three performance expectations and has generally not achieved
two others. We identified these performance expectations through
reviews of key legislation, Homeland Security Presidential Directives,
and DHS strategic planning documents.
Aviation Security:
Since its inception, TSA has focused much of its efforts on aviation
security and has developed and implemented a variety of programs and
procedures to secure commercial aviation. For example, TSA has
undertaken efforts to hire, train and deploy a screening workforce; and
screen passengers, baggage, and cargo. Although TSA has taken important
actions to strengthen aviation security, the agency has faced
difficulties in implementing an advanced, government-run passenger
prescreening program for domestic flights, and in developing and
implementing technology to screen passengers at security checkpoints
and cargo placed on aircraft, among other areas. As shown in table 1,
we identified 24 performance expectations for DHS in the area of
aviation security, and found that overall, DHS has made moderate
progress in meeting these expectations. Specifically, we found that DHS
has generally achieved 17 performance expectations and has generally
not achieved 7 performance expectations.
Table 1: Performance Expectations and Progress Made in Aviation
Security:
Performance Expectation: Aviation security strategic approach:
Implement a strategic approach for aviation security functions;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Airport perimeter security and access
controls: Establish standards and procedures for effective airport
perimeter security;
Assessment: Generally achieved: [Empty];
Assessment: Generally not achieved: [Check];
Assessment: No assessment made: [Empty].
Performance expectation: Airport perimeter security and access
controls: Establish standards and procedures to effectively control
access to airport secured areas;
Assessment: Generally achieved: [Empty];
Assessment: Generally not achieved: [Check];
Assessment: No assessment made: [Empty].
Performance expectation: Airport perimeter security and access
controls: Establish procedures for implementing biometric identifier
systems for airport secured areas access control;
Assessment: Generally achieved: [Empty];
Assessment: Generally not achieved: [Check];
Assessment: No assessment made: [Empty].
Performance expectation: Airport perimeter security and access
controls: Ensure the screening of airport employees against terrorist
watch lists;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Aviation security workforce: Hire and deploy a
federal screening workforce;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Aviation security workforce: Develop standards
for determining aviation security staffing at airports;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Aviation security workforce: Establish
standards for training and testing the performance of airport screener
staff;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Aviation security workforce: Establish a
program and requirements to allow eligible airports to use a private
screening workforce;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Aviation security workforce: Train and deploy
federal air marshals on high-risk flights;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Aviation security workforce: Establish
standards for training flight and cabin crews;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Aviation security workforce: Establish a
Program to allow authorized flight deck officers to use firearms to
defend against any terrorist or criminal acts.
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Passenger screening: Establish policies and
procedures to ensure that individuals known to pose, or suspected of
posing, a risk or threat to security are identified and subjected to
appropriate action;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Passenger screening: Develop and implement an
advanced prescreening system to allow DHS to compare domestic passenger
information to the Selectee List and No Fly List;
Assessment: Generally achieved: [Empty];
Assessment: Generally not achieved: [Check];
Assessment: No assessment made: [Empty].
Performance expectation: Checkpoint screening: Develop and implement
processes and procedures for physically screening passengers at airport
checkpoints;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Checkpoint screening: Develop and test
checkpoint technologies to address vulnerabilities;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Checkpoint screening: Deploy checkpoint
technologies to address vulnerabilities;
Assessment: Generally achieved: [Empty];
Assessment: Generally not achieved: [Check];
Assessment: No assessment made: [Empty].
Performance expectation: Checked Baggage screening: Deploy explosive
detection systems (EDS) and explosive trace detection (ETD) systems to
screen checked baggage for explosives;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: ;
Assessment: No assessment made: .
Performance expectation: Checked Baggage screening: Develop a plan to
deploy in-line baggage screening equipment at airports;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Checked Baggage screening: Pursue the
deployment and use of in-line baggage screening equipment at airports;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Air Cargo security: Develop a plan for air
cargo security;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Air Cargo security: Develop and implement
procedures to screen air cargo;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Performance expectation: Air Cargo security: Develop and implement
technologies to screen air cargo;
Assessment: Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
Assessment: No assessment made: [Empty].
Total;
Assessment: Generally achieved: 17;
Assessment: Generally not achieved: 7;
Assessment: No assessment made: 0.
Source: GAO analysis.
[End of table]
Aviation Security Strategic Approach. We concluded that DHS has
generally achieved this performance expectation. In our past work, we
reported that TSA identified and implemented a wide range of
initiatives to strengthen the security of key components of the
commercial aviation system. These components are interconnected and
each is critical to the overall security of commercial
aviation.[Footnote 7][Footnote 8] More recently, in March 2007, TSA
released its National Strategy on Aviation Security and six supporting
plans that provided more detailed strategic planning guidance in the
areas of systems security; operational threat response; systems
recovery; domain surveillance; and intelligence integration and
domestic and international outreach. According to TSA officials, an
Interagency Implementation Working Group was established under TSA
leadership in January 2007 to initiate implementation efforts for the
112 actions outlined in the supporting plans.
Airport Perimeter Security and Access Controls. We concluded that DHS
has generally achieved one, and has generally not achieved three, of
the performance expectations in this area. For example, TSA has taken
action to ensure the screening of airport employees against terrorist
watch lists by requiring airport operators to compare applicants' names
against the No Fly and Selectee Lists. However, in June 2004, we
reported that although TSA had begun evaluating commercial airport
perimeter and access control security through regulatory compliance
inspections, covert testing of selected access procedures, and
vulnerability assessments at selected airports, TSA had not determined
how the results of these evaluations could be used to make improvements
to the nation's airport system as a whole. We further reported that
although TSA had begun evaluating the controls that limit access into
secured airport areas, it had not completed actions to ensure that all
airport workers in these areas were vetted prior to being hired and
trained.[Footnote 9]More recently, in March 2007, the DHS Office of
Inspector General, based on the results of its access control testing
at 14 domestic airports across the nation, made various recommendations
to enhance the overall effectiveness of controls that limit access to
airport secured areas.[Footnote 10] In March through July 2007, DHS
provided us with updated information on procedures, plans, and other
efforts it had implemented to secure airport perimeters and strengthen
access controls, including a description of its Aviation Direct Access
Screening Program. This program provides for TSOs to randomly screen
airport and airline employees and employees' property and vehicles as
they enter the secured areas of airports for the presence of
explosives, incendiaries, weapons, and other items of interest as well
as improper airport identification. However, DHS did not provide us
with evidence that these actions provide for effective airport
perimeter security, nor information on how the actions addressed all
relevant requirements established by law and in our prior
recommendations.
Regarding procedures for implementing biometric identification systems,
we reported that TSA had not developed a plan for implementing new
technologies to meet the security needs of individual airports and the
commercial airport system as a whole.[Footnote 11] In December 2004 and
September 2006, we reported on the status of the development and
testing of the Transportation Worker Identification Credential program
(TWIC)[Footnote 12] --DHS's effort to develop biometric access control
systems to verify the identity of individuals accessing secure
transportation areas. Our 2004 report identified challenges that TSA
faced in developing regulations and a comprehensive plan for managing
the program, as well as several factors that caused TSA to miss initial
deadlines for issuing TWIC cards. In our September 2006 report, we
identified the challenges that TSA encountered during TWIC program
testing, and several problems related to contract planning and
oversight. Specifically, we reported that DHS and industry stakeholders
faced difficult challenges in ensuring that biometric access control
technologies will work effectively in the maritime environment where
the Transportation Worker Identification Credential program is being
initially tested. In October 2007, we testified that TSA had made
progress in implementing the program and addressing our recommendations
regarding contract planning and oversight and coordination with
stakeholders. For example, TSA reported that it added staff with
program and contract management expertise to help oversee the contract
and developed plans for conducting public outreach and education
efforts.[Footnote 13] However, DHS has not yet determined how and when
it will implement a biometric identification system for access controls
at commercials airports. We have initiated ongoing work to further
assess DHS's efforts to establish procedures for implementing biometric
identifier systems for airport secured areas access control.
Aviation Security Workforce. We concluded that DHS has generally
achieved all 7 performance expectations in this area. For example, TSA
has hired and deployed a federal screening workforce at over 400
commercial airports nationwide, and has developed standards for
determining TSO staffing levels at airports. TSA also established
numerous programs to train and test the performance of its TSO
workforce, although we reported that improvements in these efforts can
be made. Among other efforts, in December 2005, TSA reported completing
enhanced explosives detection training for over 18,000 TSOs, and
increased its use of covert testing to assess vulnerabilities of
existing screening systems. TSA also established the Screening
Partnership Program which allows eligible airports to apply to TSA to
use a private screening workforce. In addition, TSA has trained and
deployed federal air marshals on high-risk flights; established
standards for training flight and cabin crews; and established a
Federal Flight Deck Officer program to select, train, and allow
authorized flight deck officers to use firearms to defend against any
terrorist or criminal acts. Related to flight and cabin crew training,
TSA revised its guidance and standards to include additional training
elements required by law and improve the organization and clarity of
the training. TSA also increased its efforts to measure the performance
of its TSO workforce through recertification testing and other
measures.
Passenger Prescreening. We reported that DHS has generally achieved
one, and has not generally achieved two, of the performance
expectations in this area. For example, TSA established policies and
procedures to ensure that individuals known to pose, or suspected of
posing, a risk or threat to security are identified and subjected to
appropriate action. Specifically, TSA requires that air carriers check
all passengers against the Selectee List, which identifies individuals
that represent a higher than normal security risk and therefore require
additional security screening, and the No Fly List, which identifies
individuals who are not allowed to fly.[Footnote 14] However, TSA has
faced a number of challenges in developing and implementing an advanced
prescreening system, known as Secure Flight, which will allow TSA to
take over the matching of passenger information against the No Fly and
Selectee lists from air carriers, as required by law[Footnote 15]. In
2006, we reported that TSA had not conducted critical activities in
accordance with best practices for large-scale information technology
programs and had not followed a disciplined life cycle approach in
developing Secure Flight.[Footnote 16]In March 2007, DHS reported that
as a result of its rebaselining efforts, more effective government
controls were developed to implement Secure Flight and that TSA was
following a more disciplined development process. DHS further reported
that it plans to begin parallel operations with the first group of
domestic air carriers during fiscal year 2009 and to take over full
responsibility for watch list matching in fiscal year 2010. We are
continuing to assess TSA's efforts in developing and implementing the
Secure Flight program. We have also reported that DHS has not yet
implemented enhancements to its passenger prescreening process for
passengers on international flights departing from and bound for the
United States.[Footnote 17] Although CBP recently issued a final rule
that will require air carriers to provide passenger information to CBP
prior to a flight's departure so that CBP can compare passenger
information to the terrorist watch lists before a flight takes off,
this requirement is not scheduled to take effect until February 2008.
In addition, while DHS plans to align its international and domestic
passenger prescreening programs under TSA, full implementation of an
integrated system will not occur for several years.
Checkpoint Screening. We reported that DHS has generally achieved two,
and has not generally achieved one, of the performance expectations in
this area. For example, we reported that TSA has developed processes
and procedures for screening passengers at security checkpoints and has
worked to balance security needs with efficiency and customer service
considerations.[Footnote 18] More specifically, in April 2007, we
reported that modifications to standard operating procedures were
proposed based on the professional judgment of TSA senior-level
officials and program-level staff, as well as threat information and
the results of covert testing. However, we found that TSA's data
collection and analyses could be improved to help TSA determine whether
proposed procedures that are operationally tested would achieve their
intended purpose. We also reported that DHS and its component agencies
have taken steps to improve the screening of passengers to address new
and emerging threats. For example, TSA established two recent
initiatives intended to strengthen the passenger checkpoint screening
process: (1) the Screening Passenger by Observation Technique program,
which is a behavior observation and analysis program designed to
provide TSA with a nonintrusive means of identifying potentially high-
risk individuals; and the (2) Travel Document Checker program which
replaces current travel document checkers with TSOs who have access to
sensitive security information on the threats facing the aviation
industry and check for fraudulent documents. However, we found that
while TSA has developed and tested checkpoint technologies to address
vulnerabilities that may be exploited by identified threats such as
improvised explosive devices, it has not yet effectively deployed such
technologies. In July 2006, TSA reported that it installed 97
explosives trace portal machines--which use puffs of air to dislodge
and detect trace amounts of explosives on persons--at 37 airports.
However, DHS identified problems with these machines and has halted
their deployment. TSA is also developing backscatter technology, which
identifies explosives, plastics and metals, giving them shape and form
and allowing them to be visually interpreted.[Footnote 19] However,
limited progress has been made in fielding this technology at passenger
screening checkpoints. The Implementing Recommendations of the 9/11
Commission Act of 2007 (9/11 Commission Act), enacted in August 2007,
restates and amends a requirement that DHS issue a strategic plan for
deploying explosive detection equipment at airport checkpoints and
requires DHS to expedite research and develop efforts to protect
passenger aircraft from explosives devices.[Footnote 20] We are
currently reviewing DHS and TSA's efforts to develop, test and deploy
airport checkpoint technologies.[Footnote 21]
Checked Baggage Screening. We concluded that DHS has generally achieved
all three performance expectations in this area. Specifically, from
November 2001 through June 2006, TSA procured and installed about 1,600
Explosive Detection Systems (EDS) and about 7,200 Explosive Trace
Detection (ETD) machines to screen checked baggage for explosives at
over 400 commercial airports.[Footnote 22] In response to mandates to
field the equipment quickly and to account for limitations in airport
design, TSA generally placed this equipment in a stand-alone mode--
usually in airport lobbies--to conduct the primary screening of checked
baggage for explosives[Footnote 23]. Based in part on our previous
recommendations, TSA later developed a plan to integrate EDS and ETD
machines in-line with airport baggage conveyor systems. The
installation of in-line systems can result in considerable savings to
TSA through the reduction of TSOs needed to operate the equipment, as
well as increased security. Despite delays in the widespread deployment
of in-line systems due to the high upfront capital investment required,
TSA is pursuing the installation of these systems and is seeking
creative financing solutions to fund their deployment. In March 2007,
DHS reported that it is working with airport and air carrier
stakeholders to improve checked baggage screening solutions to enhance
security and free up lobby space at airports. The installation of in-
line baggage screening systems continues to be an issue of
congressional concern. For example, the 9/11 Commission Act reiterates
a requirement that DHS submit a cost-sharing study along with a plan
and schedule for implementing provisions of the study, and requires TSA
to establish a prioritization schedule for airport improvement projects
such as the installation of in-line baggage screening systems[Footnote
24].
Air Cargo Security. We reported that TSA has generally achieved two,
and has not generally achieved one, of the performance expectations in
this area. Specifically, TSA has developed a strategic plan for
domestic air cargo security and has taken actions to use risk
management principles to guide investment decisions related to air
cargo bound for the United States from a foreign country, referred to
as inbound air cargo, but these actions are not yet complete. For
example, TSA plans to assess inbound air cargo vulnerabilities and
critical assets--two crucial elements of a risk-based management
approach--but has not yet established a methodology or time frame for
how and when these assessments will be completed. [Footnote 25] TSA has
also developed and implemented procedures to screen domestic and
inbound air cargo. We reported in October 2005 that TSA had
significantly increased the number of domestic air cargo inspections
conducted of air carrier and indirect air carrier compliance with
security requirements. However, we also reported that TSA exempted
certain cargo from random inspection because it did not view the
exempted cargo as posing a significant security risk, although air
cargo stakeholders noted that such exemptions may create potential
security risks and vulnerabilities since shippers may know how to
package their cargo to avoid inspection.[Footnote 26] In part based on
a recommendation we made, TSA is evaluating existing exemptions to
determine whether they pose a security risk, and has removed some
exemptions that were previously allowed. The 9/11 Commission Act
requires, no later than 3 years after its enactment, that DHS have a
system in place to screen 100 percent of cargo transported on passenger
aircraft.[Footnote 27] Although TSA has taken action to develop plans
for securing air cargo and establishing and implementing procedures to
screen air cargo, DHS has not yet developed and implemented screening
technologies. DHS is pursuing multiple technologies to automate the
detection of explosives in the types and quantities that would cause
catastrophic damage to an aircraft in flight. However, TSA acknowledged
that full development of these technologies may take 5 to 7 years. In
April 2007, we reported that TSA and DHS's S&T Directorate were in the
early stages of evaluating and piloting available aviation security
technologies to determine their applicability to the domestic air cargo
environment. We further reported that although TSA anticipates
completing its pilot tests by 2008, it has not yet established time
frames for when it might implement these methods or technologies for
the inbound air cargo system. [Footnote 28]
Surface Transportation Security:
Although TSA has devoted the vast majority of its resources to securing
commercial aviation and to meeting related statutory requirements, it
has more recently increased its focus on the security of surface modes
of transportation. However, these efforts are still largely in the
early stages. International events such as the March 2004 Madrid and
July 2005 London train bombings, have, in part, contributed to this
increased focus. Specifically, TSA and other DHS components have
developed an approach for securing surface modes of transportation,
have taken steps to conduct risk assessments of surface transportation
assets; and have administered related grant programs. However, TSA has
not issued standards for securing all surface transportation modes, and
is still defining what its regulatory role will be. Moreover, although
TSA has made progress in conducting compliance inspections of some
surface transportation systems, inspectors' roles and missions have not
been fully defined. As shown in table 2, we identified five performance
expectations for DHS in the area of surface transportation security and
found that, overall, DHS primarily through the efforts of TSA has made
moderate progress in meeting these expectations. Specifically, we found
that DHS has generally achieved three performance expectations and has
generally not achieved two performance expectations.
Table 2: Performance Expectations and Progress Made in Surface
Transportation Security:
Performance expectation: Develop and adopt a strategic approach for
implementing surface transportation security functions;
Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
No assessment made: [Empty].
Performance expectation: Conduct threat, criticality, and vulnerability
assessments of surface transportation assets;
Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
No assessment made: [Empty].
Performance expectation: Issue standards for securing surface
transportation modes;
Generally achieved: [Empty];
Assessment: Generally not achieved: [Check];
No assessment made: [Empty].
Performance expectation: Conduct compliance inspections for surface
transportation systems;
Generally achieved: [Empty];
Assessment: Generally not achieved: [Check];
No assessment made: [Empty].
Performance expectation: Administer grant programs for surface
transportation security;
Generally achieved: [Check];
Assessment: Generally not achieved: [Empty];
No assessment made: [Empty].
Performance expectation: Total;
Generally achieved: 3;
Assessment: Generally not achieved: 2;
No assessment made: 0.
[End of table]
Source: GAO analysis.
Strategic Approach for Implementing Security Functions. We concluded
that DHS has generally achieved this performance expectation. In May
2007, DHS issued the sector-specific plan for transportation systems
and supporting annexes for surface transportation modes, and reported
taking actions to adopt the strategic approach outlined by the plan.
The Transportation Systems Sector-Specific Plan and its supporting
modal implementation plans and appendixes establish a strategic
approach for securing surface transportation modes based on the
National Infrastructure Protection Plan and Executive Order 13416,
Strengthening Surface Transportation Security. The Transportation
Systems Sector-Specific Plan describes the security framework that is
intended to enable sector stakeholders to make effective and
appropriate risk-based security and resource allocation decisions.
During the course of our work assessing freight rail, commercial
vehicles, and highway infrastructure security, we identified that TSA
has begun to implement some of the security initiatives outlined in the
sector-specific plan and supporting modal plans. While DHS has issued a
strategy for securing all transportation modes, and has demonstrated
that it has begun to take actions to implement the goals and objectives
outlined in the strategy, we have not yet analyzed the overall quality
of the plan or supporting modal annexes, the extent to which efforts
outlined in the plan and annexes have been implemented, or the
effectiveness of identified security initiatives. In addition, we
recognize that the acceptance of DHS's approach by federal, state and
local, and private sector stakeholders is crucial to its successful
implementation. We also have not assessed the extent to which the plan
and supporting modal annexes were coordinated with or adopted by these
stakeholders. We will continue to assess DHS's efforts to implement its
strategy for securing surface transportation modes as part of our
ongoing reviews of mass transit, passenger and freight rail, commercial
vehicle, and highway infrastructure security.
Threat, Criticality and Vulnerability Assessments. We reported that DHS
has generally achieved this performance expectation. TSA has taken
actions to conduct threat, criticality, and vulnerability assessments
of surface transportation assets, particularly for mass transit,
passenger rail, and freight rail, but we have not yet reviewed the
quality of many of these assessments. TSA uses threat assessments and
information as part of its surface transportation security efforts. For
example, TSA has conducted threat assessments of mass transit,
passenger rail, and freight rail transportation modes. TSA has also
conducted assessments of the vulnerabilities associated with surface
transportation assets, to varying degrees, for most surface modes of
transportation. For freight rail, for example, we found that TSA has
conducted vulnerability assessments of High Threat Urban Area rail
corridors where toxic inhalation hazard shipments are transported.
However, TSA's vulnerability assessment efforts are still ongoing and
in some instances, are in the early stages, particularly for commercial
vehicles and highway infrastructure. With regard to criticality
assessments, DHS has conducted such assessments for some surface
transportation modes. For example, TSA has conducted Corporate Security
Reviews with 38 state Department of Transportation highway programs. In
addition, the National Protection and Programs Directorate's Office of
Infrastructure Protection conducts highway infrastructure assessments
that look at critical highway infrastructure assets. We testified in
January 2007 that TSA had reported completing an overall threat
assessment for mass transit and passenger and freight rail modes, and
had conducted criticality assessments of nearly 700 passenger rail
stations. In addition, we further reported that the Grant Programs
Directorate developed and implemented a risk assessment tool to help
passenger rail operators better respond to terrorist attacks and
prioritize security measures. We will continue to review threat,
criticality and vulnerability assessments conducted by TSA and other
DHS components for surface modes of transportation during our ongoing
work assessing mass transit, passenger and freight rail, highway
infrastructure, and commercial vehicle security.[Footnote 29]
Issuance of Security Standards. We found that DHS has generally not
achieved this performance expectation. TSA has taken actions to develop
and issue security standards for mass transit, passenger rail, and
freight rail modes. However, TSA did not provide us with evidence of
its efforts to develop and issue security standards for all surface
transportation modes, or provided a rationale or explanation why
standards may not be needed for other modes. Specifically, TSA has
developed and issued security directives, security action items--
recommended measures for passenger rail and mass transit operators to
implement in their security programs to improve both security and
emergency preparedness, and a proposed rule in December 2006 on
passenger and freight rail security requirements.[Footnote 30] In April
2007, DHS reported that TSA uses field activities to assess compliance
with security directives and implementation of noncompulsory security
standards and protective measures with the objective of a broad-based
enhancement of passenger rail and rail transit security. TSA also
reported that in its December 2006 notice of proposed rulemaking on new
security measures for freight rail carriers, it proposed requirements
designed to ensure 100 percent positive handoff of toxic inhalation
hazard shipments that enter high threat urban areas, as well as
security protocols for custody transfers of toxic inhalation hazard
rail cars in high-threat urban areas. TSA also reported that its High
Threat Urban Area rail corridor assessments supported the development
of the Recommended Security Action Items for the Rail Transportation of
Toxic Inhalation Materials issued by DHS and the Department of
Transportation in June 2006.
Compliance Inspections. We concluded that DHS has generally not
achieved this performance expectation. TSA has made progress in
conducting compliance inspections, particularly in hiring and deploying
inspectors, but inspectors' roles and missions have not yet been fully
defined. TSA officials have reported that the agency has hired 100
surface transportation inspectors whose stated mission is to, among
other duties, monitor and enforce compliance with TSA's rail security
directives. However, some mass transit and passenger rail operators
have expressed confusion and concern about the role of TSA inspectors
and the potential that these inspections could duplicate other federal
and state rail inspections. In March and April 2007, with respect to
freight rail, TSA reported visiting terminal and railroad yards to
measure implementation of 7 of 24 DHS recommended security action items
for the transportation of toxic inhalation hazard materials. Through
its Surface Transportation Security Inspection program, TSA reported
that its inspectors conduct inspections of key facilities for rail and
transit systems to assess transit systems' implementation of core
transit security fundamentals and comprehensive security action items;
conduct examinations of stakeholder operations, including compliance
with security directives; identify security gaps; and develop effective
practices. Although TSA has deployed inspectors to conduct compliance
inspections and carry out other security activities in the mass
transit, passenger rail, and freight rail modes, TSA did not provide us
with evidence that it has conducted compliance inspections for other
surface transportation modes or information on whether the department
believes compliance inspections are needed for other modes.
The 9/11 Commission Act authorizes funds to be appropriated for TSA to
employ additional surface transportation inspectors and requires that
surface transportation inspectors have relevant transportation
experience and appropriate security and inspection
qualifications.[Footnote 31] The Act also requires DHS to consult
periodically with surface transportation entities on the inspectors'
duties, responsibilities, authorities, and mission. We will continue to
assess TSA's inspection efforts during our ongoing work.[Footnote 32]
Grant Programs. We reported that DHS generally achieved this
performance expectation. More specifically, DHS has developed and
administered grant programs for various surface transportation modes.
However, some industry stakeholders have raised concerns regarding
DHS's current grant process, such as time delays and other barriers in
the provision of grant funding. We have not yet assessed DHS's
provision of grant funding or the extent to which DHS monitors the use
of the funds. In March 2007, we reported that the DHS Office of Grants
and Training, now called the Grant Programs Directorate, has used
various programs to fund passenger rail security since 2003.[Footnote
33] Through the Urban Area Security Initiative grant program, the Grant
Programs Directorate has provided grants to urban areas to help enhance
their overall security and preparedness level to prevent, respond to,
and recover from acts of terrorism. The Grant Programs Directorate used
fiscal year 2005, 2006, and 2007 appropriations to build on the work
under way through the Urban Area Security Initiative program, and
create and administer new programs focused specifically on
transportation security, including the Transit Security Grant Program
and the Intercity Passenger Rail Security Grant Program. The 9/11
Commission Act requires DHS to establish grant programs for security
improvements in the public transportation, passenger and freight rail,
and over-the-road bus modes and requires DHS to take certain actions in
implementing the grant programs.[Footnote 34] For example, the Act
requires that DHS determine the requirements for grant recipients and
establish the priorities for which grant funding may be used, and it
requires that DHS and DOT determine the most effective and efficient
way to distribute grant funds, authorizing DHS to transfer funds to DOT
for the purpose of disbursement. We will be assessing grants
distributed for mass transit and passenger rail as part of our ongoing
work.[Footnote 35]
Cross-cutting Issues Have Hindered DHS's Efforts in Implementing Its
Mission and Management Functions:
Our work has identified homeland security challenges that cut across
DHS's mission and core management functions. These issues have impeded
the department's progress since its inception and will continue as DHS
moves forward. While it is important that DHS continue to work to
strengthen each of its mission and core management functions, to
include transportation security, it is equally important that these key
issues be addressed from a comprehensive, department wide perspective
to help ensure that the department has the structure and processes in
place to effectively address the threats and vulnerabilities that face
the nation. These issues include: (1) transforming and integrating
DHS's management functions; (2) establishing baseline performance goals
and measures and engaging in effective strategic planning efforts; (3)
applying and strengthening a risk management approach for implementing
missions and making resource allocation decisions; (4) sharing
information with key stakeholders; and (5) coordinating and partnering
with federal, state and local, and private sector agencies. We have
made numerous recommendations to DHS and its components to strengthen
these efforts, and the department has made progress in implementing
some of these recommendations.
DHS has faced a variety of difficulties in its efforts to transform
into a fully functioning department. We designated DHS's implementation
and transformation as high-risk in part because failure to effectively
address this challenge could have serious consequences for our security
and economy. DHS continues to face challenges in key areas including
acquisition, financial, human capital, and information technology
management. This array of management and programmatic challenges
continues to limit DHS' ability to effectively and efficiently carry
out its mission. In addition, transparency plays an important role in
helping to ensure effective and efficient transformation efforts. We
have reported that DHS has not made its management or operational
decisions transparent enough so that Congress can be sure it is
effectively, efficiently, and economically using the billions of
dollars in funding it receives annually. More specifically, in April
2007, we testified that we have encountered access issues during
numerous engagements at DHS, including significant delays in obtaining
requested documents that have affected our ability to do our work in a
timely manner.[Footnote 36] The Secretary of DHS and the Under
Secretary for Management have stated their desire to work with us to
resolve access issues and to provide greater transparency. It will be
important for DHS and its components to become more transparent and
minimize recurring delays in providing access to information on its
programs and operations so that Congress, GAO, and others can
independently assess its efforts.
In addition, DHS has not always implemented effective strategic
planning efforts and has not yet fully developed performance measures
or put into place structures to help ensure that the agency is managing
for results. We have identified strategic planning as one of the
critical success factors for new organizations, and reported that DHS
as well as TSA and other component efforts in this area have been
mixed. For example, with regards to TSA's efforts to secure air cargo,
we reported that TSA completed an Air Cargo Strategic Plan in November
2003 that outlined a threat-based risk management approach to securing
the nation's domestic air cargo system, and that this plan identified
strategic objectives and priority actions for enhancing air cargo
security based on risk, cost, and deadlines. However, we reported that
TSA had not developed a similar strategy for addressing the security of
inbound air cargo--cargo transported into the United States from
foreign countries, including how best to partner with CBP and
international air cargo stakeholders. In another example, we reported
that TSA had not yet developed outcome-based performance measures for
its foreign airport assessment and air carrier inspection programs,
such as the percentage of security deficiencies that were addressed as
a result of TSA's on-site assistance and recommendations, to identify
any aspects of these programs that may need attention. We recommended
that DHS direct TSA and CBP to develop a risk-based strategy, including
specific goals and objectives, for securing air cargo;[Footnote 37] and
develop outcome-based performance measures for its foreign airport
assessment and air carrier inspection programs.[Footnote 38] DHS
generally concurred with GAO's recommendations.
DHS has also not fully adopted and applied a risk management approach
in implementing its mission and core management functions. Risk
management has been widely supported by the President and Congress as
an approach for allocating resources to the highest priority homeland
security investments, and the Secretary of Homeland Security and the
Assistant Secretary for Transportation Security have made it a
centerpiece of DHS and TSA policy. Several DHS component agencies and
TSA have worked towards integrating risk-based decision making into
their security efforts, but we reported that these efforts can be
strengthened. For example, TSA has incorporated certain risk management
principles into securing air cargo, but has not completed assessments
of air cargo vulnerabilities or critical assets--two crucial elements
of a risk-based approach without which TSA may not be able to
appropriately focus its resources on the most critical security needs.
TSA has also incorporated risk-based decision making when making
modifications to airport checkpoint screening procedures, to include
modifying procedures based on intelligence information and
vulnerabilities identified through covert testing at airport
checkpoints. However, in April 2007 we reported that TSA's analyses
that supported screening procedural changes could be strengthened. For
example, TSA officials based their decision to revise the prohibited
items list to allow passengers to carry small scissors and tools onto
aircraft based on their review of threat information--which indicated
that these items do not pose a high risk to the aviation system--so
that TSOs could concentrate on higher threat items.[Footnote 39]
However, TSA officials did not conduct the analysis necessary to help
them determine whether this screening change would affect TSO's ability
to focus on higher-risk threats.[Footnote 40]
We have further reported that opportunities exist to enhance the
effectiveness of information sharing among federal agencies, state and
local governments, and private sector entities. In August 2003, we
reported that efforts to improve intelligence and information sharing
need to be strengthened, and in 2005, we designated information sharing
for homeland security as high-risk.[Footnote 41] In January 2005, we
reported that the nation still lacked an implemented set of government-
wide policies and processes for sharing terrorism-related information,
but DHS has issued a strategy on how it will put in place the overall
framework, policies, and architecture for sharing information with all
critical partners--actions that we and others have
recommended.[Footnote 42] DHS has taken some steps to implement its
information sharing responsibilities. States and localities are also
creating their own information "fusion" centers, some with DHS support.
With respect to transportation security, the importance of information
sharing was recently highlighted in the 9/11 Commission Act which
requires DHS to establish a plan to promote the sharing of
transportation security information among DHS and federal, state and
local agencies, tribal governments, and appropriate private
entities.[Footnote 43] he Act also requires that DHS provide timely
threat information to carriers and operators that are preparing and
submitting a vulnerability assessment and security plan, including an
assessment of the most likely methods that could be used by terrorists
to exploit weaknesses in their security.[Footnote 44]
In addition to providing federal leadership with respect to homeland
security, DHS also plays a large role in coordinating the activities of
key stakeholders, but has faced challenges in this regard. To secure
the nation, DHS must form effective and sustained partnerships between
legacy component agencies and a range of other entities, including
other federal agencies, state and local governments, the private and
nonprofit sectors, and international partners. We have reported that
successful partnering and coordination involves collaborating and
consulting with stakeholders to develop and agree on goals, strategies,
and roles to achieve a common purpose; identify resource needs;
establish a means to operate across agency boundaries, such as
compatible procedures, measures, data, and systems; and agree upon and
document mechanisms to monitor, evaluate, and report to the public on
the results of joint efforts.[Footnote 45] We have found that the
appropriate homeland security roles and responsibilities within and
between the levels of government, and with the private sector, are
evolving and need to be clarified. For example, we reported that
opportunities exists for TSA to work with foreign governments and
industry to identify best practices for securing passenger rail, and
air cargo, and recommended that TSA systematically compile and analyze
information on practices used abroad to identify those that may
strengthen the department's overall security efforts.[Footnote 46]
Further, regarding efforts to respond to in-flight security threats,
which depending on the nature of the threat could involve more than 15
federal agencies and agency components, we recommended that DHS and
other departments document and share their respective coordination and
communication strategies and response procedures.[Footnote 47] In
September 2005, we reported that TSA did not effectively involve
private sector stakeholders in its decision making process for
developing security standards for passenger rail assets.[Footnote 48]
We recommended that DHS develop security standards that reflect
industry best practices and can be measured, monitored, and enforced by
TSA rail inspectors and, if appropriate, rail asset owners. DHS agreed
with these recommendations. In addition, the 9/11 Commission Act
includes provisions designed to improve coordination with stakeholders.
For example, the Act requires DHS and the Department of Transportation
to develop an annex to the Memorandum of Understanding between the two
departments governing the specific roles, responsibilities, resources,
and commitments in addressing motor carrier transportation security
matters, including the processes the departments will follow to promote
communications and efficiency, and avoid duplication of
effort.[Footnote 49] The Act also requires DHS in consultation with the
Department of Transportation to establish a program to provide
appropriate information that DHS has gathered or developed on the
performance, use, and testing of technologies that may be used to
enhance surface transportation security to surface transportation
entities.[Footnote 50]
Concluding Observations:
The magnitude of DHS's and more specifically TSA's responsibilities in
securing the nation's transportation system is significant, and we
commend the department on the work it has done and is currently doing
to secure this network. Nevertheless, given the dominant role that TSA
plays in securing the homeland, it is critical that its programs and
initiatives operate as efficiently and effectively as possible. In the
almost 6 years since its creation, TSA has had to undertake its
critical mission while also establishing and forming a new agency. At
the same time, a variety of factors, including threats to and attacks
on transportation systems around the world, as well as new legislative
requirements, have led the agency to reassess its priorities and
reallocate resources to address key events, and to respond to emerging
threats. Although TSA has made considerable progress in addressing key
aspects of commercial aviation security, more work remains in the areas
of checkpoint and air cargo technology, airport security, and passenger
prescreening. Further, although TSA has more recently taken actions in
a number of areas to help secure surface modes of transportation, its
efforts are still largely in the early stage, and the nature of its
regulatory role, and relationship with transportation operators, is
still being defined. As DHS , TSA, and other components move forward,
it will be important for the department to work to address the
challenges that have affected its operations thus far, including
developing results-oriented goals and measures to assess performance;
developing and implementing a risk-based approach to guide resource
decisions; and establishing effective frameworks and mechanisms for
sharing information and coordinating with homeland security partners. A
well-managed, high-performing department is essential to meeting the
significant challenge of securing the transportation network. As DHS,
TSA, and other components continue to evolve, implement their programs,
and integrate their functions, we will continue to review their
progress and performance and provide information to Congress and the
public on these efforts.
Mr. Chairman this concludes my statement. I would be pleased to answer
any questions that you or other members of the committee may have at
this time.
GAO Contact and Staff Acknowledgments:
For further information on this testimony, please contact Cathleen
Berrick at (202) 512-3404 or at berrickc@gao.gov. Individuals making
key contributions to this testimony include Steve D. Morris, Assistant
Director, Gary Malavenda, Susan Langley, and Linda Miller.
Footnotes:
[1] GAO, Department of Homeland Security: Progress Report on
Implementation of Mission and Management Functions, GAO-07-454
(Washington, D.C.: August 2007); GAO, Department of Homeland Security:
Progress Report on Implementation of Mission and Management Functions,
GAO-07-1081T (Washington, D.C.: September 2007); and GAO, Department of
Homeland Security: Progress Report on Implementation of Mission and
Management Functions, GAO-07-1240T (Washington, D.C.: September 2007).
[2] Limited progress: DHS has taken actions to generally achieve 25
percent or less of the identified performance expectations. Modest
progress: DHS has taken actions to generally achieve more than 25
percent but 50 percent or less of the identified performance
expectations. Moderate progress: DHS has taken actions to generally
achieve more than 50 percent but 75 percent or less of the identified
performance expectations. Substantial progress: DHS has taken actions
to generally achieve more than 75 percent of the identified performance
expectations.
[3] GAO-07-454.
[4] A risk management approach entails a continuous process of managing
risk through a series of actions, including setting strategic goals and
objectives, assessing risk, evaluating alternatives, selecting
initiatives to undertake, and implementing and monitoring those
initiatives.
[5] Pub. L. No. 107-71, 115 Stat. 597 (2001).
[6] Currently, air carriers departing the United States are required to
transmit passenger manifest information to CBP no later than 15 minutes
prior to departure but, for flights bound for the United States, air
carriers are not required to transmit the information until 15 minutes
after the flight's departure (in general, after the aircraft is in
flight). See 19 C.F.R. §§ 122.49a, 122.75a. In a final rule published
in the Federal Register on August 23, 2007, CBP established a
requirement for all air carriers to either transmit the passenger
manifest information to CBP no later than 30 minutes prior to the
securing of the aircraft doors (that is, prior to the flight being
airborne), or transmit manifest information on an individual basis as
each passenger checks in for the flight up to but no later than the
securing of the aircraft. See 72 Fed. Reg. 48,320 (Aug. 23, 2007). This
requirement is to take effect on February 19, 2008.
[7] For more information, see GAO, Aviation Security: Enhancements Made
in Passenger and Checked Baggage Screening, but Challenges Remain, GAO-
06-371T (Washington, D.C: April 2006).
[8] For more information, see GAO, Aviation Security: Transportation
Security Administration Has Made Progress in Managing a Federal
Security Workforce and Ensuring Security at U.S. Airports, but
Challenges Remain, GAO-06-597T , (Washington, D.C.: April 2006) and
GAO, Aviation Security: Further Steps Needed to Strengthen the Security
of Commercial Airport Perimeters and Access Controls, GAO-04-728
(Washington, D.C.: June 2004).
[9] GAO-06-597T and GAO-04-728.
[10] Department of Homeland Security Office of Inspector General, Audit
of Access to Airport Secured Areas (Unclassified Summary), OIG-07-35
(Washington, D.C.: March 2007).
[11] GAO-06-597T and GAO-04-728.
[12] GAO, Port Security: Better Planning Needed to Develop and Operate
Maritime Worker Identification Card Program, GAO-05-106(Washington,
D.C.: December 2004), and Transportation Security: DHS Should Address
Key Challenges before Implementing the Transportation Worker
Identification Credential Program, GAO-06-982 (Washington, D.C.:
September 2006).
[13] GAO, Port Security: Better Planning Needed to Develop and Operate
Maritime Worker Identification Card Program, GAO-05-106 (Washington,
D.C.: December 2004), and Transportation Security: DHS Should Address
Key Challenges before Implementing the Transportation Worker
Identification Credential Program, GAO-06-982 (Washington, D.C.:
September 2006).
[14] In accordance with TSA-issued security requirements, passengers on
the No Fly List are denied boarding passes and are not permitted to fly
unless cleared by law enforcement officers. Similarly, passengers who
are on the Selectee List are issued boarding passes, and they and their
baggage undergo additional security measures.
[15] See 49 U.S.C. § 44903(j)(2)(C).
[16] GAO, Aviation Security: Management Challenges Remain for the
Transportation Security Administration's Secure Flight Program, GAO-06-
864T (Washington, D.C.: June 2006).
[17] GAO, Aviation Security: Progress Made in Systematic Planning to
Guide Key Investment Decisions, but More Work Remains, GAO-07-448T
(Washington, D.C.: February 2007) and GAO, Aviation Security: Efforts
to Strengthen International Passenger Prescreening Are Under Way, but
Planning and Implementation Issues Remain, GAO-07-346 (Washington,
D.C.: May 2007).
[18] For more information, see GAO, Aviation Security: Risk,
Experience, and Customer Concerns Drive Changes to Airline Passenger
Screening Procedures, but Evaluation and Documentation of Proposed
Changes Could Be Improved, GAO-07-634 (Washington, D.C.: May 2007);
GAO, Aviation Security: TSA's Change to Its Prohibited Items List Has
Not Resulted in Any Reported Security Incidents, but the Impact of the
Change on Screening Operations Is Inconclusive, GAO-07-623R
(Washington, D.C.: April 2007); GAO, Airport Passenger Screening:
Preliminary Observations on Progress Made and Challenges Remaining, GAO-
03-1173 (Washington, D.C.: September 2003); and GAO, Aviation Security:
Enhancements Made in Passenger and Checked Baggage Screening, but
Challenges Remain, GAO-06-371T (Washington, D.C.: April 2006).
[19] GAO-06-371T.
[20] See Pub. L. No. 110-53, §§1607, 1610, 121 Stat. 266, 483-85
(2007).
[21] For more information, see GAO-06-371T.
[22] Explosive detection systems (EDS) use specialized X-rays to detect
characteristics of explosives that may be contained in baggage as it
moves along a conveyor belt. Explosive trace detection (ETD) works by
detecting vapors and residues of explosives. Human operators collect
samples by rubbing swabs along the interior and exterior of an object
that TSOs determine to be suspicious, and place the swabs in the ETD
machine, which then chemically analyzes the swabs to identify any
traces of explosive materials.
[23] For more information, see GAO, Aviation Security: TSA Oversight of
Checked Baggage Screening Procedures Could Be Strengthened, GAO-06-869
(Washington, D.C.: July 2006), GAO-06-371T, and GAO-07-448T
[24] See Pub. L. No. 110-88. 1603-04, 121 Stat. at 480-81.
[25] For more information, see GAO, Aviation Security: Federal Action
Needed to Strengthen Domestic Air Cargo Security, GAO-06-76,
(Washington, D.C.: October 2005) and GAO, Aviation Security: Federal
Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and
Could Be Strengthened, GAO-07-660 (Washington, D.C.: April 2007).
[26] GAO-06-76.
[27] See Pub. L. No. 110-53, § 1602, 121 Stat. at 477-79.This provision
defines screening as a physical examination or non-intrusive method of
assessing whether cargo poses a threat to transportation security that
includes the use of technology, procedures, personnel, or other methods
to provide a level of security commensurate with the level of security
for the screening of passenger checked baggage. Methods such as solely
performing a review of information about the contents of cargo or
verifying the identity of a shipper of the cargo, including whether a
known shipper is registered in TSA's known shipper database, do not
constitute screening under this provision.
[28] GAO-07-660.
[29] For more information, see GAO-06-181T; GAO, Passenger Rail
Security: Enhanced Federal Leadership Needed to Prioritize and Guide
Security Efforts, GAO-07-225T (Washington, D.C.: January 2007); and GAO-
06-181T.
[30] See 71 Fed. Reg. 76,852 (Dec. 21, 2006).
[31] See Pub. L. No. 110-53, § 1304, 121 Stat. at 393-94.
[32] For more information, see GAO-07-225T; GAO-06-181T; and GAO,
Passenger Rail Security: Enhanced Federal Leadership Needed to
Prioritize and Guide Security Efforts, GAO-05-851 (Washington, D.C.:
October 2005).
[33] GAO, Passenger Rail Security: Federal Strategy and Enhanced
Coordination Needed to Prioritize and Guide Security Efforts GAO-07-
583T (Washington, D.C.: March 2007).
[34] See Pub. L. No. 110-53, §§ 1406, 1513, 1532, 121 Stat. at 405-08,
433-35, 457-60.
[35] For more information, see GAO-06-181T and GAO-07-583T.
[36] GAO, Department of Homeland Security: Observations on GAO Access
to Information on Programs and Activities, GAO-07-700T, (Washington,
D.C.: April 2007).
[37] GAO-07-660.
[38] GAO, Aviation Security: Foreign Airport Assessments and Air
Carrier Inspections Help Enhance Security, but Oversight of These
Efforts Can Be Strengthened, GAO-07-729 (Washington, D.C.: May 11,
2007).
[39] GAO, Aviation Security: Risk, Experience, and Customer Concerns,
GAO-07-634 (Washington, D.C.: May 2007).
[40] GAO, Aviation Security: Risk, Experience, and Customer Concerns
Drive Changes to Airline Passenger Screening Procedures, but Evaluation
and Documentation of Proposed Changes Could Be Improved, GAO-07-634
(Washington, D.C.: April 16, 2007).
[41] GAO, Homeland Security: Efforts to Improve Information Sharing
Need to Be Strengthened, GAO-03-760. Washington, D.C.: August 2003, and
GAO, HIGH- RISK SERIES: An Update GAO-05-207 (Washington, D.C.: January
2005).
[42] GAO-07-454.
[43] See Pub. L. No. 110-53, § 1203, 121 Stat. at 383-86.
[44] See Pub. L. No. 110-53, §§ 1512(d)(2), 1531(d)(2), 121 Stat. at
430, 455.
[45] GAO-07-660.
[46] GAO-07-660 and GAO-05-851.
[47] GAO, Aviation Security: Federal Coordination for Responding to In-
flight Security Threats Has Matured, but Procedures Can Be
Strengthened, GAO-07-891R (Washington, D.C.: July 31, 2007).
[48] GAO-05-851.
[49] See Pub. L. No. 110-53, § 1541, 121 Stat. at 469.
[50] See Pub. L. No. 110-53, § 1305, 121 Stat. at 394-95.
GAO's Mission:
The Government Accountability Office, the audit, evaluation, and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office:
441 G Street NW, Room LM:
Washington, DC 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Gloria Jarmon, Managing Director, JarmonG@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, DC 20548:
Public Affairs:
Susan Becker, Acting Manager, BeckerS@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, DC 20548:
