Aviation Security
Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and Could Be Strengthened Gao ID: GAO-07-660 April 30, 2007The Department of Homeland Security (DHS) has primary responsibility for securing air cargo transported into the United States from another country, referred to as inbound air cargo, and preventing implements of terrorism from entering the country. GAO examined (1) what actions DHS has taken to secure inbound air cargo, and how, if at all, these efforts could be strengthened; and (2) what practices the air cargo industry and foreign governments have adopted that could enhance DHS's efforts to strengthen inbound air cargo security, and to what extent DHS has worked with foreign governments to enhance their air cargo security efforts. To conduct this study, GAO reviewed relevant DHS documents, interviewed DHS officials, and conducted site visits to seven countries in Europe and Asia.
Within DHS, the Transportation Security Administration (TSA) and U.S. Customs and Border Protection (CBP) have taken a number of actions designed to secure inbound air cargo, but these efforts are still largely in the early stages and could be strengthened. For instance, TSA completed a risk-based strategic plan to address domestic air cargo security, but has not developed a similar strategy for addressing inbound air cargo security, including how best to partner with CBP and international air cargo stakeholders. In addition, while TSA has identified the primary threats to inbound air cargo, it has not yet assessed inbound air cargo vulnerabilities and critical assets. Moreover, TSA's air cargo security rule incorporated a number of provisions aimed at enhancing the security of inbound air cargo. This final rule also acknowledges that TSA amended its security directives and programs to triple the percentage of cargo inspected on domestic and foreign passenger aircraft. However, TSA continues to exempt certain types of inbound air cargo transported on passenger air carriers from inspection. Further, TSA inspects domestic and foreign passenger air carriers with service to the United States to assess whether they are complying with air cargo security requirements, but currently does not conduct compliance inspections of all air carriers transporting inbound air cargo. Moreover, TSA has not developed performance goals and measures to determine to what extent air carriers are complying with security requirements. In addition, CBP recently began targeting inbound air cargo transported on passenger and all-cargo aircraft that may pose a security risk and inspecting such cargo once it arrives in the United States. TSA and CBP, however, do not have a systematic process in place to share information that could be used to strengthen the department's efforts in securing inbound air cargo, such as the results of TSA air carrier compliance inspections and foreign airport assessments. The air cargo industry and foreign governments have implemented various security practices that could provide opportunities for strengthening DHS's overall air cargo security program. TSA officials acknowledged that compiling and analyzing security practices implemented by foreign air cargo stakeholders and foreign governments may provide opportunities to enhance U.S. air cargo security, and have begun an initial review of practices in select foreign countries. TSA has also begun working with foreign governments to coordinate security practices to enhance security and improve oversight, referred to as harmonization, but these efforts may be challenging to implement. For example, some foreign countries do not share the United States' view regarding air cargo security threats and risks, which may make the harmonization of air cargo security practices difficult to achieve.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-07-660, Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and Could Be Strengthened
This is the accessible text file for GAO report number GAO-07-660
entitled 'Aviation Security: Federal Efforts to Secure U.S.-Bound Air
Cargo in the Early Stages and Could Be Strengthened' which was released
on May 4, 2007.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to Congressional Requesters:
United States Government Accountability Office:
GAO:
April 2007:
Aviation Security:
Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages
and Could Be Strengthened:
GAO-07-660:
GAO Highlights:
Highlights of GAO-07-660, a report to congressional requesters
Why GAO Did This Study:
The Department of Homeland Security (DHS) has primary responsibility
for securing air cargo transported into the United States from another
country, referred to as inbound air cargo, and preventing implements of
terrorism from entering the country. GAO examined (1) what actions DHS
has taken to secure inbound air cargo, and how, if at all, these
efforts could be strengthened; and (2) what practices the air cargo
industry and foreign governments have adopted that could enhance DHS‘s
efforts to strengthen inbound air cargo security, and to what extent
DHS has worked with foreign governments to enhance their air cargo
security efforts. To conduct this study, GAO reviewed relevant DHS
documents, interviewed DHS officials, and conducted site visits to
seven countries in Europe and Asia.
What GAO Found:
Within DHS, the Transportation Security Administration (TSA) and U.S.
Customs and Border Protection (CBP) have taken a number of actions
designed to secure inbound air cargo, but these efforts are still
largely in the early stages and could be strengthened. For instance,
TSA completed a risk-based strategic plan to address domestic air cargo
security, but has not developed a similar strategy for addressing
inbound air cargo security, including how best to partner with CBP and
international air cargo stakeholders. In addition, while TSA has
identified the primary threats to inbound air cargo, it has not yet
assessed inbound air cargo vulnerabilities and critical assets.
Moreover, TSA‘s air cargo security rule incorporated a number of
provisions aimed at enhancing the security of inbound air cargo. This
final rule also acknowledges that TSA amended its security directives
and programs to triple the percentage of cargo inspected on domestic
and foreign passenger aircraft. However, TSA continues to exempt
certain types of inbound air cargo transported on passenger air
carriers from inspection. Further, TSA inspects domestic and foreign
passenger air carriers with service to the United States to assess
whether they are complying with air cargo security requirements, but
currently does not conduct compliance inspections of all air carriers
transporting inbound air cargo. Moreover, TSA has not developed
performance goals and measures to determine to what extent air carriers
are complying with security requirements. In addition, CBP recently
began targeting inbound air cargo transported on passenger and all-
cargo aircraft that may pose a security risk and inspecting such cargo
once it arrives in the United States. TSA and CBP, however, do not have
a systematic process in place to share information that could be used
to strengthen the department‘s efforts in securing inbound air cargo,
such as the results of TSA air carrier compliance inspections and
foreign airport assessments.
The air cargo industry and foreign governments have implemented various
security practices that could provide opportunities for strengthening
DHS‘s overall air cargo security program. TSA officials acknowledged
that compiling and analyzing security practices implemented by foreign
air cargo stakeholders and foreign governments may provide
opportunities to enhance U.S. air cargo security, and have begun an
initial review of practices in select foreign countries. TSA has also
begun working with foreign governments to coordinate security practices
to enhance security and improve oversight, referred to as
harmonization, but these efforts may be challenging to implement. For
example, some foreign countries do not share the United States‘ view
regarding air cargo security threats and risks, which may make the
harmonization of air cargo security practices difficult to achieve.
What GAO Recommends:
GAO recommends that DHS develop a risk-based inbound air cargo security
strategy; develop a systematic process to improve interagency
communication; and analyze air cargo security practices used by air
cargo industry stakeholders and foreign governments to determine their
applicability to the United States. DHS generally concurred with GAO‘s
recommendations. However, we have concerns that DHS‘s plans may not
fully address our recommendations.
[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-660].
To view the full product, including the scope and methodology, click on
the link above.
For more information, contact Cathleen Berrick at (202) 512-3404 or
berrickc@gao.gov.
[End of section]
Contents:
Letter:
Results in Brief:
Background:
DHS Has Taken Initial Steps to Secure Inbound Air Cargo, and
Opportunities Exist to Strengthen These Efforts:
Foreign Air Cargo Security Practices and International Harmonization
Efforts Have Potential to Enhance Air Cargo Security, but May Be
Challenging to Implement:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendix I: Objectives, Scope, and Methodology:
Appendix II: TSA's Efforts to Assess Air Carrier Compliance with
Inbound Air Cargo Security Requirements:
Appendix III: TSA's Assessments of Foreign Airport Security Procedures:
Appendix IV: Description of GAO's Risk Management Framework:
Appendix V: DHS and TSA Air Cargo Security Technology Pilot Tests:
Appendix VI: Actions Taken by Select Domestic Air Carriers with
Operations Overseas and Foreign Air Cargo Industry Stakeholders to
Secure Air Cargo:
Appendix VII: Actions We Identified That Select Foreign Governments Are
Taking to Secure Air Cargo:
Appendix VIII: Comments from the Department of Homeland Security:
Appendix IX: GAO Contact and Staff Acknowledgments:
Table:
Table 1: Elements of a Typical Homeland Security Risk Assessment:
Figures:
Figure 1: Flow of Air Cargo Transported to the United States:
Figure 2: Type of X-ray Technology Used by Some Foreign Air Carriers to
Inspect Air Cargo Bound for the United States:
Figure 3: CBP Officers Using Nonintrusive Technology to Inspect Inbound
Air Cargo:
Figure 4: Inspections of Air Carrier Cargo Procedures Conducted from
January 2004 to December 2005:
Figure 5: Air Cargo Security Violations Found during Inbound Passenger
Air Carrier Inspections at Foreign Airports for the Period July 2003 to
February 2006:
Figure 6: Risk Management Cycle:
Abbreviations:
ACISP: All-Cargo International Security Program:
AOSSP: Aircraft Operator Standard Security Program:
ATS: Automated Targeting System:
ATSA: Aviation and Transportation Security Act:
CBP: Customs and Border Protection:
CBSA: Canadian Border Services Agency:
C-TPAT: Customs-Trade Partnership Against Terrorism:
DHS: Department of Homeland Security:
EDS: explosive detection system:
ETD: explosive trace detection:
FACAOSSP: Full All-Cargo Aircraft Operator Standard Security Program:
GPRA: Government Performance and Results Act:
HSPD: Homeland Security Presidential Directive:
IAC: indirect air carrier:
IATA: International Air Transport Association:
ICAO: International Civil Aviation Organization:
MSP: Model Security Program:
NIPP: National Infrastructure Protection Plan:
PARIS: Performance and Results Information System:
PFNA: pulsed fast neutron analysis:
RASCO: Remote Air Sampling for Canine Olfaction:
RFID: radio frequency identification:
S&T: Directorate of Science and Technology:
SIDA: secure identification display area:
TSA: Transportation Security Administration:
TSIS: Transportation Security Intelligence Service:
VACIS: vehicle and cargo inspection system:
WCO: World Customs Organization:
WMD: weapon of mass destruction:
United States Government Accountability Office:
Washington, DC 20548:
April 30, 2007:
Congressional Requesters:
Recent instances of human stowaways hiding in cargo holds on
international flights bound for the United States, and cargo smuggling
and theft at foreign cargo facilities, have heightened concern over the
security of air cargo by revealing vulnerabilities that could be
exploited by terrorists. According to Department of Homeland Security
(DHS) officials and air cargo industry stakeholders, terrorists could
exploit such vulnerabilities to introduce an explosive device in cargo
transported onboard a passenger aircraft, hijack an all-cargo aircraft
and use it as a missile, or smuggle a weapon of mass destruction (WMD)
in cargo transported on either type of aircraft.[Footnote 1] While DHS
reports that it has no specific intelligence indicating terrorist plans
to exploit air cargo vulnerabilities, DHS's National Strategy for
Transportation Security identifies cargo aircraft operations and high-
volume cargo facilities as aviation assets at significant risk of
terrorist attack.[Footnote 2]
In response to the terrorist attacks of September 11, 2001, the
Aviation and Transportation Security Act was enacted in November 2001,
which created the Transportation Security Administration (TSA) and
required it to provide for the screening of all passengers and
property, including cargo, U.S. mail, and carry-on and checked baggage
that is transported onboard passenger aircraft.[Footnote 3] It also
required that a system be put into place as soon as practicable to
screen, inspect, or otherwise ensure the security of cargo transported
on all-cargo aircraft.[Footnote 4] The act applies to air cargo
transported into the United States from foreign countries onboard
passenger and all-cargo aircraft, as well as cargo transported
domestically and out of the United States to a foreign location on
these aircraft.
Within DHS, two agencies have responsibilities related to the security
of air cargo bound for the United States from a foreign country,
referred to as inbound air cargo.[Footnote 5] TSA has primary
responsibility for securing U.S.-bound flights from destruction or
hijacking, and as a result, is primarily concerned with preventing the
illicit loading of explosives or stowaways onto aircraft prior to
departure for the United States. TSA enforces statutory and regulatory
requirements on passenger and all-cargo air carriers to secure air
cargo bound for the United States. Both domestic air carriers and
foreign air carriers with service to the United States are responsible
for implementing security requirements, such as inspecting a portion of
air cargo transported to the United States, in accordance with the
applicable laws, TSA regulations, security directives, emergency
amendments, and security programs. DHS's U.S. Customs and Border
Protection (CBP) has primary responsibility for preventing terrorists
and implements of terrorism from entering the United States.
Specifically, CBP screens and inspects international air cargo upon its
arrival in the United States to ensure that cargo entering the country
complies with applicable laws and does not pose a security
risk.[Footnote 6] CBP's efforts include analyzing information on cargo
shipments to identify high-risk air cargo arriving in the United States
that may contain terrorists or weapons of mass destruction, commonly
known as targeting, and physically inspecting this cargo upon its
arrival.[Footnote 7] According to DHS and industry estimates, only a
small percentage of the air cargo that is bound for the United States
from a foreign country is inspected by passenger and all-cargo air
carriers prior to an aircraft's departure for the United States, and a
very small percentage of international air cargo is inspected by CBP
officers upon its arrival in the United States.[Footnote 8] Congress
has allocated at least $255 million from fiscal years 2005 through 2007
for the purpose of enhancing the security of air cargo, through such
actions as the development and testing of new and existing inspection
technologies. Further, several laws have required TSA to take
additional steps to secure domestic, outbound, and inbound air cargo.
For example, the Department of Homeland Security Appropriations Act of
2005 required the Secretary to amend security directives and programs
to, at a minimum, triple the percentage of cargo inspected on passenger
aircraft.[Footnote 9] In addition, the Intelligence Reform and
Terrorism Prevention Act of 2004 required, among other things, that TSA
develop technology to better identify, track, and screen air cargo, and
issue a final rule to enhance and improve the security of air cargo
transported on both passenger and all-cargo aircraft.[Footnote 10]
In October 2005, we reported on TSA's efforts to secure domestic air
cargo, or cargo transported on passenger and all-cargo aircraft within
the United States.[Footnote 11] We reported that while TSA had taken a
number of actions intended to strengthen air cargo security, such as
establishing a centralized database on people and businesses that
routinely ship air cargo within the United States, and implementing
requirements for the random inspection of air cargo, factors existed
that potentially limited their effectiveness. For example, TSA exempted
certain types of air cargo from inspection, potentially creating
security weaknesses. We also reported that TSA's plans for enhancing
air cargo security posed financial, operational and technological
challenges to both the agency and to air cargo industry stakeholders.
In addition, we reported that while TSA had taken initial steps toward
applying a risk-based approach to address air cargo security, it had
not yet established a methodology and schedule for completing
assessments of air cargo vulnerabilities and critical assets. Moreover,
we reported on the potential challenges the agency and air cargo
industry stakeholders may face in implementing measures to strengthen
air cargo security. We made several recommendations to assist TSA in
developing a comprehensive risk-based approach for securing the
domestic air cargo transportation system. TSA agreed with our
recommendations and informed us that it is taking steps to address some
of these recommendations. For example, in October 2006, TSA revised
some of the inspection exemptions for domestic and outbound air cargo
transported on passenger air carriers, consistent with our
recommendation. TSA also issued an air cargo security rule in May 2006
that included a number of provisions aimed at enhancing the security of
inbound air cargo.
This report provides the results of our examination of the efforts of
DHS, through TSA and CBP, to secure inbound air cargo, and represents
the second phase of our congressionally requested work addressing air
cargo security.[Footnote 12] To help Congress evaluate the status of
DHS's efforts to secure inbound air cargo, we answered the following
questions: (1) Within DHS, what actions have TSA and CBP taken to
secure inbound air cargo, and how, if at all, could these efforts be
strengthened? (2) What practices have the air cargo industry and select
foreign governments adopted that could potentially be used to enhance
TSA's efforts to strengthen inbound air cargo security, and to what
extent have TSA and CBP worked with foreign governments to enhance
their air cargo security efforts?
To determine what actions DHS, through TSA and CBP, has taken to secure
inbound air cargo, and how, if at all, these efforts could be
strengthened, we reviewed relevant documents such as TSA's air cargo
strategic plan, air carrier security programs, and related TSA guidance
to determine the requirements placed on air carriers for ensuring
inbound air cargo security.[Footnote 13] We interviewed officials from
DHS, TSA, and CBP regarding their efforts to develop a strategy for
securing inbound air cargo and conduct assessments of the
vulnerabilities and critical assets associated with this area of
aviation security and compared these efforts with GAO's risk management
framework. In addition, we interviewed TSA and CBP officials to obtain
information on their current and planned efforts to secure inbound air
cargo. We also reviewed the results of TSA's compliance inspections to
determine the agency's progress in evaluating air carriers' compliance
with air cargo security requirements, and we reviewed the results of
foreign airport assessments to identify any deficiencies found related
to international air cargo standards. We discussed the reliability of
TSA's compliance inspection data for the period July 2003 to February
2006 with TSA officials and concluded that they were sufficiently
reliable for the purposes of this review. We conducted site visits to
three U.S. airports, which collectively receive about 50 percent of the
total amount of air cargo transported into the United States, to
observe inbound air cargo security operations and CBP efforts to
inspect inbound air cargo. We selected these airports based on several
factors, including airport size, the volume of air cargo transported to
these airports from foreign locations, and geographical dispersion.
Because we selected a nonprobability sample of airports, the results
from these visits cannot be generalized to other U.S. airports.
Further, we conducted site visits to seven countries in Europe and Asia
to observe air cargo security processes and technologies, observe air
cargo facilities, and obtain information on air cargo security
practices implemented by foreign governments and industry stakeholders
to identify those practices that could potentially enhance the
department's efforts to secure air cargo.[Footnote 14] We selected
these countries based on several factors, including TSA threat
rankings, airports located within these countries that process high
volumes of air cargo, and discussions with U.S. and foreign government
officials and air cargo industry representatives regarding air cargo
security practices that may have application to TSA's efforts to secure
air cargo. Moreover, we observed air cargo security practices at 8
foreign airports, 4 of which rank among the world's 10 busiest cargo
airports in terms of volumes of cargo transported. We also obtained
information on the air cargo security requirements implemented by 10
additional foreign countries from foreign government officials and
publicly available documents. We selected these countries based on
geographical dispersion as well as additional stakeholder input on
countries implementing air cargo security practices that differ from
those in the United States. To obtain information on air cargo industry
and foreign government actions to secure air cargo, and TSA's and CBP's
efforts to coordinate their security practices to enhance security and
increase efficiency, referred to as harmonization, we interviewed
foreign and domestic air carrier (passenger and all-cargo) officials
from those air carriers that transport the largest volume of air cargo.
Specifically, we spoke with officials representing 7 of the top 10 air
cargo carriers based on volume of cargo transported. We also
interviewed representatives of foreign freight forwarders foreign and
domestic airport authorities, air cargo industry associations, and U.S.
and foreign governments.[Footnote 15] More detailed information on our
scope and methodology is contained in appendix I.
We conducted our work from October 2005 through February 2007 in
accordance with generally accepted government auditing standards.
Results in Brief:
The two DHS components with responsibilities related to air cargo
security, TSA and CBP, have taken initial steps to enhance the security
of inbound air cargo. However, the agencies are only beginning to
implement inbound air cargo security programs,and opportunities exist
to strengthen these efforts. TSA and CBP have taken some preliminary
steps to use risk management principles to guide their investment
decisions related to inbound air cargo, as advocated by DHS, but most
of these efforts are in the planning stages. For instance, TSA
completed a risk-based strategic plan to address domestic air cargo
security, but has not developed a similar strategy for addressing
inbound air cargo security, including how best to partner with CBP and
international air cargo stakeholders. Further, TSA has identified the
primary threats associated with inbound air cargo, but has not yet
assessed which areas of inbound air cargo are most vulnerable to attack
and which inbound air cargo assets are deemed most critical to protect.
TSA plans to assess inbound air cargo vulnerabilities and critical
assets--two crucial elements of a risk-based management approach--but
has not yet established a methodology or time frame for how and when
these assessments will be completed. Without such assessments, TSA may
not be able to appropriately focus its resources on the most critical
security needs.
Another action TSA has taken is the issuance of its May 2006 air cargo
security rule, which includes a number of provisions aimed at enhancing
the security of inbound air cargo. For example, the final rule
acknowledges that TSA amended its security directives and programs to
triple the percentage of cargo inspected on domestic and foreign
passenger aircraft. To implement the requirements contained in the air
cargo security rule, TSA drafted revisions to its existing security
programs for domestic and foreign passenger air carriers and created
new security programs for domestic and foreign all-cargo carriers.
However, TSA requirements continue to allow inspection exemptions for
certain types of inbound air cargo transported on passenger air
carriers.[Footnote 16] This risk is further heightened because TSA has
limited information on the background and security risk posed by
foreign shippers whose cargo may fall within these exemptions. TSA
officials stated that the agency is holding discussions with industry
stakeholders to determine whether additional revisions to current air
cargo inspection exemptions are needed. TSA also inspects domestic and
foreign passenger air carriers with service to the United States to
assess whether the air carriers are complying with air cargo security
requirements, such as inspecting a certain percentage of air cargo.
TSA, however, does not currently inspect all air carriers transporting
cargo into the United States. While TSA's compliance inspections
provide useful information, the agency has not developed an inspection
plan that includes performance goals and measures to determine to what
extent air carriers are complying with security requirements.
In addition, while CBP was previously targeting inbound air cargo on
passenger and all-cargo aircraft for illicit items such as drugs and
contraband, CBP has only recently begun targeting inbound air cargo
transported on passenger and all-cargo aircraft that may pose a
security risk and inspecting such cargo once it arrives in the United
States. Further, TSA and CBP have taken steps to coordinate their
efforts to safeguard air cargo transported into the United States to
include sharing information on TSA's technology development programs,
among other efforts. However, TSA and CBP do not have a systematic
process in place to share information that could be used to strengthen
their efforts, such as the results of TSA air carrier compliance
inspections, assessments of foreign airports, and air carrier
inspections of inbound air cargo. Without a systematic process to share
relevant air cargo security information, TSA and CBP could be missing
opportunities to more effectively secure inbound air cargo.
Foreign governments that regulate airports with high volumes of cargo,
and domestic and foreign air carriers that transport large volumes of
cargo, employ various air cargo security practices that might have the
potential to strengthen TSA's efforts to secure inbound air cargo. Some
of these practices may also help strengthen the security of domestic
air cargo. We identified four categories of security practices required
or employed by foreign governments and foreign air carriers, as well as
domestic air carriers implementing practices required by host
governments, that are currently not used in the United States. TSA
officials acknowledged that the agency has not systematically analyzed
these foreign practices to determine whether they would help strengthen
the domestic and U.S.-bound air cargo supply chains or the costs
associated with implementing such practices. For example, air carriers
in some foreign counties inspect air cargo for potential WMDs prior to
its loading on a U.S.-bound flight, which neither TSA nor CBP
requires.[Footnote 17] TSA officials acknowledged that compiling and
analyzing information on air cargo security practices implemented by
foreign air carriers and foreign governments may provide opportunities
to enhance the department's air cargo security program, and they have
begun an initial review of practices in select countries. However,
officials also cited challenges to applying these practices in the
United States and the inbound air cargo supply chain. For example, TSA
officials stated that increasing the percentage of cargo inspections
and utilizing various inspection technologies may not be applicable to
the United States because the volume of air cargo processed in the
United States is much larger than in most countries. While we recognize
that differences in cargo volumes and inspection capabilities exist and
could affect the feasibility and cost of implementing certain practices
to secure domestic and inbound air cargo, we believe that
systematically identifying and evaluating the feasibility and costs
associated with promising foreign air cargo security practices has the
potential to benefit TSA's efforts to secure domestic and inbound air
cargo. TSA has also begun working with foreign governments to
coordinate their security practices to enhance security and increase
efficiency, referred to as harmonization. For example, TSA officials
worked with foreign governments to develop internationally agreed upon
standards for securing air cargo. However, challenges to harmonizing
security practices may limit the effectiveness of these efforts. For
instance, some countries may be hesitant to expend additional resources
that may be necessary to implement common security standards that
exceed their current security requirements. In addition, some foreign
governments may have different views than TSA regarding the threats and
risks associated with air cargo and where their resources should be
directed.
To better ensure the security of inbound air cargo, we are recommending
that DHS direct TSA and CBP to take several actions. These include more
fully developing a risk-based strategy to address inbound air cargo
security, including establishing goals and objectives for securing
inbound air cargo and establishing a methodology and time frames for
completing assessments of inbound air cargo vulnerabilities and
critical assets that can be used to help prioritize the actions
necessary to enhance security; establishing a time frame for completing
an assessment of whether existing inspection exemptions for inbound air
cargo pose an unacceptable security vulnerability, and taking steps, if
necessary, to address identified vulnerabilities; developing
performance goals and measures to evaluate foreign and domestic air
carrier compliance with inbound air cargo security requirements;
developing a systematic process for ensuring communication between TSA
and CBP regarding their efforts to secure inbound air cargo; and
compiling and analyzing information on air cargo security practices
implemented by domestic and foreign air cargo industry stakeholders and
foreign governments to identify those that could be used to strengthen
DHS's overall air cargo security program.
We provided a draft of this report to DHS for review. DHS, in its
written comments, generally concurred with the report and
recommendations. However, we have concerns that the actions DHS intends
to take may not fully address our recommendations. The full text of
DHS's comments is included in appendix VIII.
Background:
The transportation of air cargo between global trading partners
provides the world economy with critical goods and components. Air
cargo valued at almost $400 billion entered the United States in fiscal
year 2004. According to TSA, approximately 200 U.S. and foreign air
carriers currently transport cargo into the United States from foreign
countries. During calendar year 2005, almost 9.4 billion pounds of
cargo was shipped by air into the United States. About 40 percent of
this amount, or 4 billion pounds, traveled onboard passenger aircraft.
Typically, about one-half of the hulls of each passenger aircraft
transporting cargo are filled with cargo.
Air cargo includes freight and express packages that range in size from
small to very large, and in type from perishables to machinery, and can
include items such as electronic equipment, automobile parts, clothing,
medical supplies, other dry goods, fresh cut flowers, fresh seafood,
fresh produce, tropical fish, and human remains. Cargo can be shipped
in various forms, including large containers known as unit loading
devices that allow many packages to be consolidated into one container
that can be loaded on an aircraft, wooden crates, assembled pallets, or
individually wrapped/boxed pieces, known as break bulk cargo.
Participants in the international air cargo shipping process include
shippers, such as individuals and manufacturers; freight forwarders or
regulated agents, who consolidate shipments and deliver them to air
carriers; air cargo handling agents, who process and load cargo onto
aircraft on behalf of air carriers; and passenger and all-cargo
carriers that store, load, and transport air cargo.[Footnote 18]
International air cargo may have been transported via ship, train, or
truck prior to its loading onboard an aircraft. Shippers typically send
cargo by air in one of two ways. Figure 1 depicts the two primary ways
in which a shipper may send cargo by air to the United States.
Figure 1: Flow of Air Cargo Transported to the United States:
[See PDF for image]
Source: GAO (analysis(; MapArt (map); ArtExplosion and GAO (art).
[End of figure]
A shipper may take its packages to a freight forwarder, or regulated
agent, which consolidates cargo from many shippers and delivers it to
air carriers. The freight forwarder usually has cargo facilities at or
near airports and uses trucks to deliver bulk freight to air carriers-
-either to a cargo facility or to a small-package receiving area at the
ticket counter. A shipper may also send freight by directly packaging
and delivering it to an air carrier's ticket counter or sorting center
where either the air carrier or a cargo handling agent will sort and
load cargo onto the aircraft. The shipper may also have cargo picked up
and delivered by an all-cargo carrier, or choose to take cargo directly
to a carriers' retail facility for delivery. As noted in figure 1, the
inspections of air cargo can take place at several different points
throughout the supply chain. For example, inspections can take place at
freight forwarders or regulated agent's consolidation facility, or at
the air carrier's sorting center.
TSA and CBP Responsibilities for Ensuring the Security of Inbound Air
Cargo:
TSA's Responsibilities Related to Securing Inbound Air Cargo:
The Aviation and Transportation Security Act (ATSA) charged TSA with
the responsibility for ensuring the security of the nation's
transportation systems, including the transportation of cargo by air
into the United States.[Footnote 19] In fulfilling this responsibility,
TSA (1) enforces security requirements established by law and
implemented through regulations, security directives, TSA-approved
security programs, and emergency amendments, covering domestic and
foreign passenger and all-cargo carriers that transport cargo into the
United States; (2) conducts inspections to assess air carriers'
compliance with established requirements and procedures; (3) conducts
assessments at foreign airports to assess compliance with international
aviation security standards, including those related to air cargo; and
(4) conducts research and development of air cargo security
technologies.[Footnote 20]
Air carriers (passenger and all-cargo) are responsible for implementing
TSA security requirements, predominantly through a TSA-approved
security program that describes the security policies, procedures, and
systems the air carrier will implement and maintain in order to comply
with TSA security requirements.[Footnote 21] These requirements include
measures related to the acceptance, handling, and inspection of cargo;
training of employees in security and cargo inspection procedures;
testing employee proficiency in cargo inspection; and access to cargo
areas and aircraft. If threat information or events indicate that
additional security measures are needed to secure the aviation sector,
TSA may issue revised or new security requirements in the form of
security directives or emergency amendments applicable to domestic or
foreign air carriers. The air carriers must implement the requirements
set forth in the security directives or emergency amendments in
addition to those requirements already imposed and enforced by TSA.
Under TSA regulations, the responsibility for inspecting air cargo is
assigned to air carriers. TSA requirements, described in air carrier
security programs, security directives, and emergency amendments, allow
air carriers to use several methods and technologies to inspect
domestic and inbound air cargo. These include manual physical searches
and comparisons between airway bills and cargo contents to ensure that
the contents of the cargo shipment matches the cargo identified in
documents filed by the shipper, as well as using approved technology,
such as X-ray systems, explosive trace detection systems, decompression
chambers, explosive detection systems, and TSA explosives detection
canine teams.[Footnote 22] (For an example of X-ray technology used by
air carriers to inspect air cargo prior to its transportation to the
United States, see fig. 2). TSA currently requires passenger air
carriers to randomly inspect a specific percentage of non exempt air
cargo pieces listed on each airway bill.[Footnote 23] Under TSA's
inbound air cargo inspection requirements, passenger air carriers can
exempt certain cargo from inspection.[Footnote 24] TSA does not
regulate foreign freight forwarders, or individuals or businesses that
have their cargo shipped by air to the United States.
Figure 2: Type of X-ray Technology Used by Some Foreign Air Carriers to
Inspect Air Cargo Bound for the United States:
[See PDF for image]
Source: GAO.
[End of figure]
To assess whether air carriers properly implement TSA inbound air cargo
security regulations, the agency conducts regulatory compliance
inspections of foreign and domestic air carriers at foreign airports.
Currently, TSA conducts compliance inspections of domestic and foreign
passenger carriers transporting cargo into the United States, but does
not perform such inspections of all air carriers transporting inbound
air cargo. TSA inspects air cargo procedures as part of its broader
international aviation security inspections program, which also
includes reviews of regulations such as aircraft and passenger
security. Compliance inspections can include reviews of documentation,
interviews of air carrier personnel, and direct observations of air
cargo operations.[Footnote 25] Air carriers are subject to inspection
in several areas of cargo security, including accepting cargo from
unknown shippers, access to cargo, and security training and testing.
Appendix II contains a detailed description of TSA's efforts to assess
air carrier compliance with inbound air cargo security requirements.
In addition, TSA assesses the effectiveness of the security measures
maintained at foreign airports that serve U.S. air carriers, from which
foreign air carriers serve the United States, or that pose a high risk
of introducing danger to international air travel.[Footnote 26] To
conduct its assessments, TSA must consult with appropriate foreign
officials to establish a schedule to visit each of these foreign
airports. TSA assessments evaluate the security policies and procedures
in place at a foreign airport to ensure that the procedures meet
baseline international aviation security standards, including air cargo
security standards. For further information on TSA's foreign airport
assessments including the results of its assessment conducted during
fiscal year 2005, see appendix III.
CBP's Responsibilities Related to Inbound Air Cargo Security:
CBP determines the admissibility of cargo entering the United States
and is authorized to inspect inbound air cargo for security purposes.
Specifically, CBP requires air carriers to submit cargo manifest
information prior to the aircraft's arrival in the United
States.[Footnote 27] CBP also has authority to negotiate with foreign
nations to place CBP officers abroad to inspect persons and merchandise
prior to their arrival in, or subsequent to their exit from, the United
States, but has not yet negotiated arrangements with foreign host
nations to station CBP officers overseas for the purpose of inspecting
high-risk air cargo shipments.[Footnote 28] At U.S. airports, CBP
officers may conduct searches of persons, vehicles, baggage, cargo, and
merchandise entering or departing the United States.[Footnote 29] Since
September 11, 2001, CBP's priority mission has focused on keeping
terrorists and their weapons from entering the United States.[Footnote
30] To carry out this responsibility, CBP employs several systems and
programs. CBP's Automated Targeting System (ATS) is a model that
combines manifest and entry declaration information into shipment
transactions and uses historical, specific enforcement, and other data
to help target cargo shipments for inspection.[Footnote 31] ATS also
has targeting rules that assign a risk score to each arriving shipment
based in part on manifest information, as well as other shipment
information, and potential threat or vulnerability information, which
CBP staff use to make decisions on the extent of inspection to be
conducted once the cargo enters the United States.[Footnote 32] To
support its targeting system, CBP requires air carriers to submit cargo
manifest information prior to the flight arriving in the United
States.[Footnote 33] CBP officers use the ATS risk scores to help them
make decisions regarding the extent of inspection to be conducted once
the cargo arrives in the United States.[Footnote 34] Shipments
identified by CBP as high risk through its ATS targeting system are to
undergo mandatory security inspections. CBP officers may also inspect
air cargo if they determine that a particular shipment is suspicious or
somehow poses a threat.[Footnote 35]
CBP uses a variety of non intrusive technologies and methods to inspect
some air cargo once it arrives in the United States. For example, CBP
officers carry personal handheld radiation detectors, as well as
handheld radioactive isotope identification devices which can
distinguish between different types of radiological material, such as
that used in medicine or industry from weapons-grade material. Other
technologies and methods CBP uses to inspect inbound air cargo include
mobile X-ray machines contained in vans, pallet X-ray systems, mobile
vehicle and cargo inspection systems (VACIS), and canine
teams.[Footnote 36] The results of the nonintrusive inspections
determine the need for additional measures, which could include
physical inspections conducted by CBP officers. Figure 3 shows an
example of CBP officers using nonintrusive technology to inspect
inbound air cargo upon its arrival in the United States.
Figure 3: CBP Officers Using Nonintrusive Technology to Inspect Inbound
Air Cargo:
[See PDF for image]
Source: GAO.
Mobile X-ray machines.
[End of figure]
To strengthen the security of the inbound cargo supply chain, the U.S.
Customs Service (now CBP) initiated the voluntary Customs-Trade
Partnership Against Terrorism (C-TPAT) program in November 2001. This
program provides companies that implement CBP-defined security
practices a reduced likelihood that their cargo will be inspected once
it arrives in the United States.[Footnote 37] To become a member of C-
TPAT, companies must first submit signed C-TPAT agreements affirming
their desire to participate in the voluntary program. Companies must
also provide CBP with security profiles that describe the current
security procedures they have in place, such as pre-employment
screening, periodic background reviews, and employee training on
security awareness and procedures. CBP reviews a company's application
to identify any weaknesses in the company's security procedures and
work with the company to resolve these weaknesses. Once any weaknesses
are addressed, CBP signs an agreement stating that the company is
considered to be a certified C-TPAT member, eligible for program
benefits.[Footnote 38]
After certification, CBP has a process for validating that C-TPAT
members have implemented security measures. During the validation
process, CBP staff meet with company representatives to verify supply
chain security measures. The validation process includes visits to the
company's U.S. and foreign sites, if any. Upon completion of the
validation process, CBP reports back to the company on any identified
areas that need improvement and suggested corrective actions, as well
as a determination of whether program benefits are still warranted for
the company. According to CBP officials, they use a risk-based approach
for identifying the priority in which C-TPAT participants should be
validated.[Footnote 39]
International Air Cargo Security Standards and Recommended Practices:
The International Civil Aviation Organization (ICAO) is a specialized
agency of the United Nations in charge of coordinating and regulating
international air transportation. ICAO was established by the
Convention on International Civil Aviation (also known as the Chicago
Convention) in 1944 and is composed of over 180 member nations with
aviation service capabilities. In 1974, ICAO established aviation
security standards and recommended practices to ensure a baseline level
of security. These standards are aimed at preventing suspicious
objects, weapons, explosives, or other dangerous devices from being
placed on board passenger aircraft either through concealment, in
otherwise legitimate shipments, or through gaining access to air cargo
shipments via cargo-handling areas. The standards call for member
nations to implement measures to ensure the protection of air cargo
being moved within an airport and intended for transport on an
aircraft, and to ensure that aircraft operators do not accept cargo on
passenger flights unless application of security controls has been
confirmed and accounted for by a regulated agent or that such cargo has
been subjected to appropriate security controls. ICAO standards also
provide that except for reasons of aviation security, member states
should not require the physical inspection of all air cargo that is
imported or exported. In general, member states should apply risk
management principles (such as targeting higher-risk cargo) to
determine which goods should be examined and the extent of that
examination. While compliance with these standards is voluntary, all
180 ICAO members, including the United States, have committed to
incorporating these standards into their national air cargo security
programs.[Footnote 40]
The International Air Transport Association (IATA) represents about 260
air carriers constituting 94 percent of international scheduled air
traffic. Building upon ICAO's standards, IATA issued voluntary
recommended practices and guidelines to help ensure that global air
cargo security measures are uniform and operationally manageable. For
example, IATA published a manual that, among other things, encourages
air carriers to implement measures and procedures to prevent explosives
or other dangerous devices from being accepted for transport by air,
conduct pre-employment checks on individuals involved in the handling
or inspection of air cargo, and ensure the security of all shipments
accepted from persons other than known shippers[Footnote 41] or
regulated agents through physical inspection or some type of screening
process. IATA also developed guidelines to assist air carriers in
developing security policies by providing detailed suggestions for
accepting, handling, inspecting, storing, and transporting air cargo.
The World Customs Organization (WCO) consists of 166 member nations,
representing 99 percent of global trade, including cargo transported by
air. In June 2005, WCO established its Framework of Standards to Secure
and Facilitate Global Trade that, among other things, sets forth
principles and voluntary minimum security standards to be adopted by
its members. The framework provides guidance for developing methods to
target and inspect high-risk cargo, establishes time frames for the
submission of information on cargo shipments, and identifies inspection
technology that could be used to inspect high-risk cargo.
Applying a Risk-Managed Approach for Securing Inbound Air Cargo:
Risk management is a tool for informing policy makers' decisions about
assessing risks, allocating resources, and taking actions under
conditions of uncertainty. In recent years, the President, through
Homeland Security Presidential Directives (HSPD), and Congress, more
recently through the Intelligence Reform and Terrorism Prevention Act
of 2004, required federal agencies with homeland security
responsibilities to apply risk-based principles to inform their
decision making regarding allocating limited resources and prioritizing
security activities. The National Commission on Terrorist Attacks Upon
the United States (also known as the 9/11 Commission), recommended that
the U.S. government identify and evaluate the transportation assets
that need to be protected, set risk-based priorities for defending
them, select the most practical and cost-effective ways of doing so,
and then develop a plan, budget, and funding to implement the
effort.[Footnote 42] In addition, DHS issued the National Strategy for
Transportation Security in 2005 that describes the policies DHS will
apply when managing risks to the security of the U.S. transportation
system.[Footnote 43] We have previously reported that a risk management
approach can help to prioritize and focus the programs designed to
combat terrorism. As applied in the homeland security context, risk
management can help officials make decisions about resource allocations
and associated trade-offs in preparing defenses against acts of
terrorism and other threats. We have recommended that TSA apply a
comprehensive risk-based approach for securing the domestic air cargo
transportation system.[Footnote 44]
The Homeland Security Act of 2002 also directed the department's
Directorate of Information Analysis and Infrastructure Protection to
use risk management principles in coordinating the nation's critical
infrastructure protection efforts.[Footnote 45] This includes
integrating relevant information, and analysis and vulnerability
assessments to identify priorities for protective and support measures
by the department, other federal agencies, state and local government
agencies and authorities, the private sector, and other entities.
Homeland Security Presidential Directive 7 and the Intelligence Reform
and Terrorism Prevention Act of 2004 further define and establish
critical infrastructure protection responsibilities for DHS and those
federal agencies given responsibility for particular industry sectors,
such as transportation. In June 2006, DHS issued the National
Infrastructure Protection Plan (NIPP), which named TSA as the primary
federal agency responsible for coordinating critical infrastructure
protection efforts within the transportation sector, which includes all
modes of transportation.[Footnote 46] The NIPP requires federal
agencies to work with the private sector to develop plans that, among
other things, identify and prioritize critical assets for their
respective sectors. In accordance with the NIPP, TSA must conduct and
facilitate risk assessments in order to identify, prioritize, and
coordinate the protection of critical transportation systems
infrastructure, as well as develop risk-based priorities for the
transportation sector. TSA officials reported that work is now under
way on specific plans for each mode of transportation, but as of
January 2007, they were not completed.
To provide guidance to agency decision makers, we have created a risk
management framework, which is intended to be a starting point for
applying risk-based principles. Our risk management framework entails a
continuous process of managing risk through a series of actions,
including setting strategic goals and objectives, assessing risk,
evaluating alternatives, selecting initiatives to undertake, and
implementing and monitoring those initiatives. DHS's NIPP describes a
risk management process that closely mirrors our risk management
framework.
Setting strategic goals, objectives, and constraints is a key first
step in applying risk management principles and helps to ensure that
management decisions are focused on achieving a purpose. These
decisions should take place in the context of an agency's strategic
plan that includes goals and objectives that are clear and concise.
These goals and objectives should identify resource issues and other
factors to achieving the goals. Further, the goals and objectives of an
agency should link to a department's overall strategic plan. The
ability to achieve strategic goals depends, in part, on how well an
agency manages risk. The agency's strategic plan should address risk-
related issues that are central to the agency's overall mission.
Risk assessment, an important element of a risk-based approach, helps
decision makers identify and evaluate potential risks so that
countermeasures can be designed and implemented to prevent or mitigate
the effects of the risks. Risk assessment is a qualitative and/or
quantitative determination of the likelihood of an adverse event
occurring and the severity, or impact, of its consequences. Risk
assessment in a homeland security application often involves assessing
three key elements--threat, vulnerability, and criticality or
consequence. A threat assessment identifies and evaluates potential
threats on the basis of factors such as capabilities, intentions, and
past activities. A vulnerability assessment identifies weaknesses that
may be exploited by identified threats and suggests options to address
those weaknesses. A criticality or consequence assessment evaluates and
prioritizes assets and functions in terms of specific criteria, such as
their importance to public safety and the economy, as a basis for
identifying which structures or processes are relatively more important
to protect from attack. Information from these three assessments
contributes to an overall risk assessment that may characterize risks
on a scale such as high, medium, or low and provides input for
evaluating alternatives and management prioritization of security
initiatives. The risk assessment element in the overall risk management
cycle may be the largest change from standard management steps and can
be important to informing the remaining steps of the cycle. For further
details on our risk management framework, see appendix IV.
DHS Has Taken Initial Steps to Secure Inbound Air Cargo, and
Opportunities Exist to Strengthen These Efforts:
The two components within DHS responsible for air cargo security, TSA
and CBP, have initiated efforts to better secure inbound air cargo, but
these efforts are in the early stages and could be enhanced. While TSA
and CBP have taken some preliminary steps to use risk management
principles to guide their decisions related to inbound air cargo
security, most of TSA's and CBP's efforts to enhance inbound air cargo
security are still largely in the planning stages. For instance, TSA
has completed a strategic plan to address domestic air cargo security
and has identified the primary threats associated with inbound air
cargo. However, the agency has not identified goals and objectives for
addressing inbound air cargo security, such as how it will coordinate
with CBP to ensure that all relevant areas of inbound air cargo
security are addressed. Further, TSA has not assessed which areas of
inbound air cargo are most vulnerable to attack and which assets are
deemed most critical to protect. Another action TSA has taken is the
publication of its final air cargo security rule in May 2006 that
included a number of provisions aimed at enhancing the security of
inbound air cargo. However, TSA's inbound air cargo inspection
requirements continue to allow for a number of exemptions for cargo
transported on passenger air carriers, which could be exploited to
transport an explosive device. In addition, TSA conducts compliance
inspections of domestic and foreign passenger air carriers transporting
cargo into the United States, but the agency has not developed an
inspection plan that would establish goals and measures for its
inspection program to evaluate air carriers' performance against
expected results. Also within DHS, CBP has recently initiated efforts
to mitigate the threat of a WMD entering the United States by targeting
inbound air cargo transported on passenger and all-cargo aircraft that
may pose a security risk and inspecting such cargo once it arrives in
the United States. CBP also manages the C-TPAT program, which
encourages those businesses involved in the transportation of cargo
into the United States to enhance their security practices. However,
CBP is still in the early stages of developing specific security
criteria for air carriers participating in the program. In addition,
DHS is in the early stages of researching, developing, and testing
technologies to enhance the security of air cargo, but has not yet
assessed the results or determined whether these technologies will be
deployed abroad. Finally, TSA and CBP have taken steps to coordinate
their responsibilities to safeguard air cargo transported into the
United States, but the two agencies do not have a systematic process in
place to share information that could be used to strengthen their
efforts to secure inbound air cargo.
TSA and CBP Have Taken Preliminary Steps to Incorporate Risk Management
Principles into Their Decision Making to Secure Inbound Air Cargo, but
Most Efforts Are in the Planning Stages:
Within DHS, TSA and CBP have begun incorporating risk management
principles into their inbound air cargo security programs, but these
efforts are in the early stages and more work remains to be done.
Applying a risk management framework to decision making is one tool to
help provide assurance that programs designed to combat terrorism are
properly prioritized and focused. Thus, risk management, as applied in
the homeland security context, can help decision makers to more
effectively and efficiently prepare defenses against acts of terrorism
and other threats. Risk management principles can be incorporated on a
number of different levels within an agency's operations. For example,
CBP's ATS system uses information from various sources to assign risk
scores to cargo, as part of its risk-managed approach to cargo
security. Another example of a risk management activity is considering
risk when allocating resources. TSA has underscored the importance of
implementing a risk-based approach that protects against known threats,
but that is also sufficiently flexible to direct resources to mitigate
new and emerging threats. According to TSA, the ideal risk model would
be one that could be used throughout the transportation sector and
applicable to different threat scenarios.
As part of TSA's risk-based approach, the agency issued an Air Cargo
Strategic Plan in November 2003 that focused on securing the domestic
air cargo supply chain and transportation system. However, this plan
does not describe how the agency plans to secure inbound air
cargo.[Footnote 47] TSA's Air Cargo Strategic Plan describes an
approach for screening or reviewing information on all domestic air
cargo shipments to determine their level of relative risk, ensuring
that 100 percent of cargo identified as posing an elevated risk is
physically inspected, and pursuing technological solutions to
physically inspect air cargo. This approach to target elevated risk
domestic air cargo for inspection, however, is not yet in place. In
developing its Air Cargo Strategic Plan, TSA coordinated with air cargo
industry stakeholders representing passenger and all-cargo carriers, as
well as with CBP to assist in developing a system for targeting
domestic air cargo.[Footnote 48] TSA's Air Cargo Strategic Plan,
however, does not include goals and objectives for addressing inbound
air cargo security, which presents different security challenges than
domestic air cargo.[Footnote 49]
According to CBP, the agency has begun a comprehensive review of its
current air cargo security strategy, including how C-TPAT as well as
relevant TSA programs can be incorporated into this strategy. As part
of its risk management efforts, CBP developed a strategic plan covering
fiscal years 2007-2011 focusing on securing the nation's borders at
ports of entry, including airports. This plan includes a discussion on
how CBP will use risk-based principles to guide decisions related to
securing inbound air cargo. For example, to achieve CBP's strategic
objective of screening all goods entering the United States by air, CBP
plans to develop an approach to increase the percentage of goods for
which it receives advance information. By increasing the amount of
information available, CBP can better identify low-risk goods and move
them quickly through the port of entry, while focusing its resources on
inspecting cargo that represents higher risks.
As TSA develops a strategy for inbound air cargo, it will be important
to work with CBP to ensure that the two agencies coordinate their
respective responsibilities for securing inbound air cargo and leverage
available information to ensure vulnerabilities are addressed. For
example, during discussions with TSA and CBP officials, we determined
that, due in part to a lack of coordination between the two agencies,
neither agency was addressing an area that both considered a potential
threat to air cargo security. Although TSA and CBP have not stated
whether this issue results in a vulnerability to the cargo's transport
to the United States, some air cargo industry stakeholders with whom we
spoke told us it represents a security vulnerability.[Footnote 50]
TSA officials acknowledged that it is important to partner with CBP,
foreign governments, and international air cargo stakeholders in
developing a strategy for securing inbound air cargo. TSA officials
stated that they plan to revise their existing domestic air cargo
strategic plan and will consider incorporating a strategy for
addressing inbound air cargo security at that time. However, as of
January 2007, agency officials had not set a time frame for when TSA
will complete this revision, and the extent to which this plan will
address inbound air cargo is unclear. CBP officials stated that their
input could contribute to any strategy developed by TSA, and that CBP
is in the initial stages of developing its own air cargo strategic
plan, scheduled for completion by the end of 2007.
In addition to developing a strategic plan, a risk management framework
in the homeland security context should include risk assessments, which
typically involve three key elements--threats, vulnerabilities, and
criticality or consequence (for more information on our risk management
framework, see app. IV). Information from these three assessments
provides input for setting priorities, evaluating alternatives,
allocating resources, and monitoring security initiatives. TSA has
completed an assessment of air cargo threats, but has not assessed air
cargo vulnerabilities or critical assets.
In September 2005, TSA's Transportation Security Intelligence Service
(TSIS) completed an overall threat assessment for air cargo, which
identified general and specific threats related to both domestic and
inbound air cargo.[Footnote 51] According to TSA, the primary threats
to inbound air cargo focus on the introduction of an explosive device
in cargo loaded on a passenger aircraft, and the hijacking of an all-
cargo aircraft resulting in its use as a weapon to inflict mass
destruction.[Footnote 52] As stated previously, TSA, CBP, and industry
stakeholders have also identified the introduction and transport of a
WMD or its component parts as a potential threat.[Footnote 53] TSA has
characterized the threats to inbound air cargo as high and has
identified air cargo as a primary aviation target for terrorists in the
short term. However, TSA has not evaluated the relative security risk
presented by inbound air cargo compared to other areas of aviation
security, such as passengers and checked baggage.[Footnote 54]
While TSA has acknowledged that the vulnerabilities to inbound air
cargo would likely be similar to those of domestic air cargo, TSA has
not conducted a vulnerability assessment, nor has it identified
vulnerabilities specific to inbound air cargo.[Footnote 55] TSA
officials stated that the agency is first planning to conduct an
assessment of domestic air cargo vulnerabilities before initiating an
assessment of inbound air cargo vulnerabilities. TSA does not plan to
complete its assessment of domestic air cargo vulnerabilities until
late in 2007, thus potentially delaying the start of an assessment of
the inbound air cargo vulnerabilities until 2008. According to TSA
officials, limited resources and competing priorities have delayed
agency efforts to conduct an assessment of inbound air cargo security
vulnerabilities. Nevertheless, TSA officials acknowledge that
vulnerabilities to inbound air cargo exist and that these
vulnerabilities are in some cases similar to those facing the domestic
air cargo supply chain.[Footnote 56]
TSA officials stated that conducting vulnerability assessments for
inbound air cargo will be difficult because these assessments require
an understanding of the inbound air cargo supply chain, and while the
agency has some information on the supply chains of several foreign
countries, it does not have access to that information for many others.
Although agency officials reported that they have taken initial steps
toward developing a methodology for assessing inbound air cargo
security vulnerabilities, they have not established a time frame for
completing the methodology or determined when the vulnerability
assessments will be conducted. TSA officials acknowledged that
conducting assessments to identify vulnerabilities associated with
inbound air cargo, and analyzing the results of such assessments, could
help to strengthen the agency's efforts to secure inbound air cargo by
providing information that could be used to develop measures to address
identified vulnerabilities. Air cargo industry stakeholders we spoke
with, including those representing domestic and foreign air carriers,
agreed that TSA-led vulnerability assessments could help to identify
air cargo security weaknesses and develop measures to mitigate these
weaknesses.
TSA also has not developed a methodology or schedule for completing an
assessment to identify those inbound air cargo assets deemed most
critical to protect, or whose destruction would cause the most severe
damage to the United States. TSA officials stated that inbound air
cargo assets mirror domestic air cargo assets, and could include
workers, facilities, and aircraft. According to TSA, factors that could
be used to define critical inbound air cargo assets include the number
of fatalities resulting from a terrorist attack on a domestic or
foreign cargo facility or aircraft; the economic or political
importance of the asset; and consequences that an attack would have on
the public's confidence in the U.S. government's ability to maintain
order, among other things. According to TSA officials, the agency will
conduct an assessment of critical inbound air cargo assets once it has
completed its vulnerability and criticality assessments for domestic
air cargo expected in 2007.
The need for an assessment of critical transportation infrastructure,
which could include inbound air cargo assets, has been identified by
various sources, including DHS's NIPP and National Strategy for
Transportation Security, and a number of Presidential Directives. The
9/11 Commission also recommended that the U.S. government identify and
evaluate the transportation assets that need to be protected, set risk-
based priorities for defending them, select the most practical and cost-
effective ways of doing so, and develop a plan, budget, and funding to
implement the effort. TSA officials we spoke with acknowledged that
such assessments could better enable the agency to prioritize its
efforts by focusing on high-priority or high-value inbound air cargo
assets, and by targeting resources to address the most critical inbound
air cargo security risks. Moreover, TSA officials agreed that analyzing
the results of a criticality assessment could provide the basis for
taking immediate protective actions depending on the threat
environment, and guiding future agency decisions related to securing
the inbound air cargo transportation system.
TSA Revised its Security Programs to Require Air Carriers Transporting
Cargo into the United States to Implement Additional Air Cargo Security
Measures, but the Programs Do Not Address Some Areas of Inbound Air
Cargo Security:
In May 2006, TSA issued a final rule that revised some of the
requirements air carriers need to follow to ensure air cargo security.
While TSA's air cargo security rule is focused primarily on domestic
air cargo, it also includes more stringent security requirements for
passenger and all-cargo carriers transporting cargo into the United
States.[Footnote 57] For example, TSA created a new mandatory security
regime for domestic and foreign all-cargo air carrier operations. The
final rule also acknowledges that TSA amended its security directives
and programs to triple the percentage of cargo inspected on domestic
and foreign passenger aircraft.[Footnote 58] TSA currently requires
foreign and domestic all-cargo carriers to inspect a different
percentage of nonexempt items prior to the cargo's loading.[Footnote
59]
While the air cargo security rule establishes general requirements air
carriers must follow to secure inbound air cargo, TSA is currently
drafting and revising security programs to incorporate applicable
elements of the rule and with which air carriers will need to comply.
These security programs will address inbound, outbound, and domestic
air cargo operations. TSA regulations require that each air carrier,
foreign or domestic, adopt a security program that incorporates
applicable security requirements and that is approved by TSA. Once TSA
finalizes revisions to the security programs--which for domestic
passenger air carriers is known as the Aircraft Operator Standard
Security Program (AOSSP) and for foreign passenger air carriers is
known as the Model Security.
Program (MSP)--TSA will require air carriers to amend their security
programs to reflect TSA's new requirements.[Footnote 60] TSA also
drafted new security programs for domestic all-cargo carriers, referred
to as the Full All-Cargo Aircraft Operator Standard Security Program
(FACAOSSP), and for foreign all-cargo carriers, referred to as the All-
Cargo International Security Program (ACISP).[Footnote 61] As of
January 2007, TSA had yet to issue the final security programs. Air
carriers will be required to be in full compliance with the revised and
new security programs on a date to be established by the agency.
However, TSA officials could not provide a time frame for when these
programs would be finalized, nor has the date that air carriers will be
required to be in compliance with the new and revised security programs
been announced.[Footnote 62]
After TSA issued its final air cargo security rule and released its
draft security programs for comment, the agency held eight listening
sessions in five cities to provide industry an opportunity to share its
views on the proposed requirements before the final security programs
are issued. At these listening sessions, some air carriers were pleased
that TSA had taken action to strengthen air cargo security. Other air
carriers, however, expressed concerns regarding the cost and
feasibility of implementing TSA's air cargo security requirements
contained in the agency's draft security programs.[Footnote 63] Air
carriers present at these listening sessions also stated that given the
operational changes they would need to make to implement TSA's new air
cargo security requirements, TSA should provide air carriers sufficient
time to fully comply with the new and revised security programs.
Although passenger air carriers expressed concern regarding the
implementation of measures contained in the final rule and draft
security programs, most of their comments relate to domestic air cargo
security. Domestic and foreign all-cargo carriers cited several
challenges related to TSA's draft security programs for all-cargo
carriers. These included:
* new requirements for inspecting 100 percent of certain nonexempt
inbound air cargo viewed as unnecessary, burdensome to implement, and
costly;
* proposed revisions to existing inspection exemptions based on weight
and packaging viewed as negatively affecting delivery of specific cargo
shipments;
* application of new inspection and other requirements viewed as not
consistent with identified threats to the air cargo industry;
* difficultly determining which TSA requirements apply to all-cargo
carriers versus which apply to cargo transferred from an all-cargo
aircraft to a passenger aircraft; and:
* a proposed requirement to train carrier personnel to screen
individuals and their property transported on an all-cargo flight
viewed as unwarranted because very few individuals other than crew
members fly on these aircraft.
Among other things, the draft security programs for foreign and
domestic passenger carriers would require the physical inspection of
air cargo shipments, including manual searches and the use of
technology, in addition to other methods currently in use. The primary
concern expressed by all-cargo carriers about the draft security
programs focus on air cargo inspection requirements. Specifically, some
all-cargo carriers did not understand TSA's rationale for requiring
them to inspect 100 percent of certain types of nonexempt cargo and
noted that this would require them to inspect three times more cargo
than passenger carriers are required to inspect. According to some all-
cargo carriers, TSA has not adequately explained any additional risk to
all-cargo carriers that would justify the new inspection requirements.
TSA officials stated that the agency will review the comments submitted
by industry stakeholders regarding the new and revised security
programs prior to issuing the final security programs.
Inspection Exemptions Pose a Potential Vulnerability for Air Cargo
Transported into the United States:
In our October 2005 report, we noted that TSA's inspection requirements
allowed carriers to exempt certain types of air cargo from
inspection.[Footnote 64] These exemptions may leave the air cargo
transportation system vulnerable to terrorist attack. We reported that
a terrorist could place an explosive device in an exempt piece of
cargo, which would not be detected prior to its loading onto aircraft
because such cargo is not subject to inspection. We recommended that
TSA assess the rationale for the exemptions, determine whether these
exemptions pose vulnerabilities, and determine whether adjustments were
needed.[Footnote 65] According to TSA officials, the agency originally
chose to exempt certain cargo from the inspection requirements because
it did not view the exempted cargo as posing a significant security
risk and because the time required to inspect certain cargo could
adversely affect the flow of commerce.
TSA recognized, however, that some of the inspection exemptions could
pose a potential vulnerability, and convened an internal cargo policy
working group in February 2006 to examine air cargo policies and
regulations that apply to inbound, outbound, and domestic air cargo,
including inspection exemptions, to identify requirements that may
allow for unacceptable security gaps. In March 2006, the working group
made several recommendations to TSA related to the inspection
exemptions for cargo transported on passenger aircraft. The working
group's recommendations included more stringent inspection requirements
for passenger carriers. In October 2006, TSA issued a security
directive and emergency amendment to domestic and foreign passenger air
carriers operating within and from the United States that implemented
elements of the recommendations of the internal working group. However,
these new requirements do not cover all air carriers.[Footnote 66]
In addition to the actions TSA took to address the working group's
recommendations, the agency is also considering limiting some of the
inspection exemptions for all-cargo carriers, and has drafted security
programs for foreign and domestic all-cargo carriers aimed at
strengthening the security of inbound, outbound, and domestic air
cargo. The draft programs for all-cargo carriers would require all-
cargo carriers to inspect 100 percent of certain nonexempt air
cargo.[Footnote 67] TSA officials stated that prior to issuing the
final security programs, the agency will consider comments by all-cargo
carriers on this proposed requirement.
Under TSA's revisions to the inspection exemptions for passenger air
carriers transporting cargo from and within the United States, and
TSA's proposed changes to the inspection exemptions contained in the
draft security programs for all-cargo carriers, certain types of air
cargo will remain exempt from inspection.[Footnote 68] These remaining
exemptions for both all-cargo and passenger air carriers transporting
cargo into the United States continue to represent potential
vulnerabilities to the air cargo transportation system.[Footnote 69]
According to TSA officials, the agency has not established a time frame
for completing its assessment of whether existing inspection exemptions
pose an unacceptable security vulnerability.
Some all-cargo carriers expressed concern over TSA's proposal to
eliminate the inspection exemption for certain types of cargo, and
recommended that this proposal be reconsidered.[Footnote 70] TSA
officials stated that the proposed revisions to the inspection
requirements are aimed at increasing the overall security of air cargo
transported on all-cargo aircraft. According to TSA officials, the
agency is still evaluating industry's comments to the proposed security
programs, including those related to removing the inspection exemption
for certain types of cargo transported on all-cargo carriers. TSA
officials noted that the agency is also holding discussions with the
air cargo industry to determine whether or not the current inspection
exemptions leave the air cargo transportation system vulnerable to
attack and what impact further revisions to the inspection exemptions
would have on air carriers' operations.[Footnote 71] According to TSA
officials, while ongoing discussions with industry are focused on the
domestic air cargo transportation system, any decisions made as a
result of these discussions could affect inbound air cargo. TSA
officials added that while industry stakeholder concerns are
considered, decisions regarding what requirements will be issued will
be based on the agency's assessment of air cargo risks and security
needs.
TSA Developed a Program to Assess Passenger Air Carrier Compliance with
Inbound Air Cargo Security Requirements, but This Program Could Be
Strengthened by Developing an Inspection Plan That Includes Performance
Goals and Measures:
TSA currently inspects domestic and foreign passenger air carriers
transporting cargo into the United States to assess their compliance
with TSA inbound air cargo security requirements. The agency, however,
does not perform compliance inspections of all air carriers
transporting cargo into the United States.[Footnote 72]
Between July 2003 and February 2006, TSA conducted about 1,000
inspections of domestic and foreign passenger air carriers that
included a review of air cargo security procedures.[Footnote 73] TSA's
inbound air cargo security inspections differ from its domestic air
cargo security inspections in that the agency does not have an
inspection plan that focuses solely on air cargo security regulations.
Instead, TSA inspectors evaluate inbound cargo security procedures as a
part of its international aviation security inspection program, which
also includes reviews of areas such as aircraft, passenger, and baggage
security. TSA's five international field offices are responsible for
scheduling and conducting the international air carrier
inspections.[Footnote 74] TSA inspections may include areas of cargo
security, such as cargo acceptance procedures, security testing and
training, and ensuring that foreign air carriers implement a cargo
security plan that is consistent with TSA standards.
According to TSA records, inspectors have found instances where
passenger air carriers were not complying with inbound air cargo
security procedures. For example, TSA found that some passenger air
carriers were accepting cargo from unknown shippers, not physically
screening cargo in accordance with TSA regulations, and failing to
search empty cargo holds on an aircraft to prevent unauthorized access
prior to loading and unloading. If not corrected, these problems could
create vulnerabilities in the security of inbound air cargo. For
information on TSA's inspections conducted, including inspection
results from July 2003 to February 2006, see appendix II.
TSA has a domestic aviation security inspection plan that, among other
things, describes how the agency will ensure that air carriers that use
domestic airports are complying with TSA security requirements,
including those that apply to passengers, baggage, and air cargo.
However, TSA has not developed a similar inspection plan for
international aviation security. As a result, there is no inspection
plan that would establish performance goals and measures that provide a
clear picture of the intended objectives and performance of its
inspections of passenger and all-cargo carriers that transport cargo
into the United States. The Government Performance and Results Act of
1993 (GPRA), among other things, requires agencies to prepare an annual
performance plan for their programs and directs executive agencies to
articulate goals and strategies for achieving those goals.[Footnote 75]
These plans should include performance goals and measures to determine
the extent to which agencies are achieving their intended results.
TSA's annual domestic inspection plan describes how the agency will
ensure air carrier compliance with federal aviation security
requirements, including those related to air cargo security. The
domestic inspection plan includes goals, such as the number of air
cargo inspections of air carriers each inspector is to conduct for the
year. TSA officials stated that the agency applied risk management
principles that considered threat factors, local security issues, and
input from law enforcement to target key vulnerabilities and critical
assets to develop its domestic inspection plan goals. According to TSA,
its plan for conducting domestic cargo inspections also takes into
account how to use the agency's limited inspection resources most
effectively.
Within the context of TSA's international inspections program, an
inspection plan should describe the agency's approach for conducting
compliance inspections of air carriers that transport cargo into the
United States. This plan should include performance goals and measures
to gauge air carriers' compliance with inbound air cargo security
requirements. Developing such indicators is also recommended by our
standards for internal control in order for agencies to compare and
analyze actual performance data against established goals.[Footnote 76]
For example, we reported that successful organizations try to link
performance goals and measures to the organization's strategic goals
and, to the extent possible, have performance goals that will show
annual progress toward achieving their long-term strategic
goals.[Footnote 77] With regard to TSA's inspection plan, a goal could
be to ensure that passenger and all-cargo air carriers transporting
cargo to the United States are meeting an acceptable level of
compliance with air cargo security requirements. Another goal could be
to assess all-cargo carriers transporting inbound air cargo within a
specified time frame based on the identified risk posed by these
carriers to the United States. In addition, we reported that a
successful agency focuses its goals on the results it expects the
program to achieve. For example, TSA could measure the achievement of a
compliance inspection goal by establishing the number and type of
inspections the agency wants to conduct, and determining appropriate
measures to gauge air carrier compliance with air cargo security
requirements.
TSA officials stated that the agency uses its foreign airport
assessment schedule as its plan for determining where it will conduct
compliance inspections of passenger air carriers during each fiscal
year. Officials added that they select passenger air carriers for
inspection based on factors such as the results of previous
inspections, when the air carrier was last inspected, and the
availability of inspection resources. While TSA's schedule for
completing airport assessment is an important step in focusing TSA's
international compliance inspection efforts, this schedule does not
include goals or measures for evaluating passenger carrier compliance
with TSA's inbound air cargo security requirements. Further, the
schedule does not include inspections of all-cargo carriers. Without an
inspection plan, TSA may not be able to clearly show the relationship
between its inspections efforts and its longer-term goals to secure
inbound air cargo. Moreover, without establishing performance goals and
measures, TSA is limited in its ability to assess the agency's
performance and the performance of the air carriers it regulates
against expected outcomes. While we understand that TSA has competing
demands and must address numerous areas of aviation security with
limited resources, developing a risk-based plan would help the agency
better plan for and articulate how it intends to address inbound air
cargo security inspections using its limited resources. Further,
developing goals and measures to benchmark its performance would
demonstrate the effectiveness of its inbound air cargo security efforts
and help TSA determine the extent to which the inspections are
contributing to the agency's overall aviation security goals and
objectives.
TSA Implemented a Risk-Based Scheduling System to Assess Certain
Foreign Airports' Security Measures, but Not All Foreign Airports Have
Been Assessed:
TSA is authorized by U.S. law to assess the effectiveness of security
measures maintained at foreign airports that serve U.S. air carriers or
from which foreign air carriers serve the United States, or that pose a
high risk of introducing danger to international air travel.[Footnote
78] TSA staff located at five international field offices conduct these
assessments. During an assessment, TSA inspectors are to evaluate the
security policies and procedures in place at a foreign airport to
determine whether procedures meet ICAO aviation security standards and
recommended practices. TSA consults with foreign government officials
to schedule these assessments. According to TSA officials, however,
some foreign governments are sensitive to permitting the United States
to come into their country and assess their airport security and may
put conditions on the assessments, such as limiting the number of days
that TSA has to conduct its assessments. TSA supplements its limited
international inspection resources by using inspectors that are
assigned to conduct aviation security inspections inside the United
States to help international aviation security inspectors conduct
foreign airport assessments. In October 2006, TSA implemented a risk-
based methodology to prioritize which foreign airports to assess based
on an analysis of the risk of an attack at an airport as determined by
credible threat information, the vulnerability of the airport's
security based on previous airport assessments, and the number of
flights coming to the United States from a foreign airport.[Footnote
79] TSA officials stated that this approach will allow the agency to
focus its limited resources on airports that pose the most significant
risk to the United States and aviation security.[Footnote 80]
TSA officials stated that the agency has not performed assessments of
all foreign airports with service to the United States, in part because
of political sensitivities associated with foreign airport assessments
and because limited international oversight resources may affect
whether TSA assesses additional airports. Therefore, TSA cannot
determine whether cargo transported from foreign airports at which it
has not performed an airport assessment poses a security risk.
CBP Has Begun Efforts to Address the Security of Inbound Air Cargo, but
These Efforts Can Be Expanded:
To prevent WMD and other elements of terrorism from unlawfully entering
the United States, CBP uses its automated targeting system, referred to
as ATS, and other information to identify cargo that may pose a
relatively high security risk, so it can undergo inspection once the
cargo arrives in the United States. In July 2006, CBP began using ATS
to target inbound air cargo on passenger and all-cargo aircraft that
may pose a security risk.[Footnote 81] As discussed previously, ATS
uses weighted rules or criteria that assign a risk score to each
arriving shipment based on a variety of factors. This includes the
submission of cargo manifest information required by CBP either at an
aircraft's time of departure for the United States or no later than 4
hours prior to arrival, as specified in regulation.[Footnote 82]
Inbound air cargo transported by passenger and all-cargo air carriers
that is targeted for security reasons by ATS is inspected by CBP
personnel stationed at airports in the United States.[Footnote 83] CBP
officials stated that the extent to which a cargo shipment is inspected
depends on the risk score it receives, as well as the type of commodity
that is shipped.[Footnote 84]
CBP's targeting policy describes the roles and responsibilities of CBP
personnel involved in targeting air cargo transported on passenger and
all-cargo air carriers that may pose a security risk and inspecting
such cargo once it enters the United States.[Footnote 85] CBP's
targeting policy also includes details on the risk scores given to
shipments that require inspection by CBP personnel.[Footnote 86] The
policy also describes what an inspection of high-risk air cargo should
include, such as the use of X-rays; inspection with radiation detection
technology, such as personal handheld radiation detectors; and physical
inspection. CBP has also established performance goals related to its
efforts to target and inspect air cargo transported into the United
States on passenger and all-cargo aircraft. Specifically, these
performance goals relate to (1) targeting, controlling, inspecting, and
interdicting high-risk air cargo shipments that may pose a threat to
the national security of the United States, including instruments of
terror or any commodity with a link to terrorism, narcotics, and other
contraband, and agriculture risks, and (2) the accountability and
reconciliation of all identified high-risk air cargo shipments. To
gauge its effectiveness of meeting these goals, CBP recently drafted
performance measures in conjunction with its targeting policy.
According to CBP, many of the measures are new and will first be tested
at selected airports to assess their feasibility, utility, and
relevancy. These performance measures include the number of shipments
identified by CBP as having direct ties to terrorism, the number of
shipments that have been identified for further examination based on an
anomaly in a nonintrusive inspection, the number of shipments that CBP
holds, and the type of inspection findings. CBP did not provide us with
a time frame for when these performance measures would be fully
implemented.
Our previous reports identified challenges that CBP faced when
targeting oceangoing cargo shipped in containers for
inspection.[Footnote 87] Specifically, we reported that CBP did not
have a comprehensive, integrated process for analyzing inspection
results of oceangoing cargo and incorporating these results into its
targeting system. We also identified limitations with the information
CBP used to target oceangoing cargo, such as vague or incomplete cargo
manifests. We concluded that without complete and accurate information
on shipments, it was difficult for CBP's targeting system to accurately
assess the risk of shipments and to conduct thorough targeting. We also
found that CBP did not yet have a system in place to report sufficient
details of the results of security inspections nationwide that could
allow management to analyze those inspections and systematically adjust
its targeting system. We noted that without a more comprehensive
feedback system, the effectiveness of CBP's targeting system could be
limited. CBP officials acknowledged that the problems identified with
ATS's effectiveness in targeting oceangoing cargo would also apply to
CBP's efforts to target inbound air cargo. For example, CBP uses cargo
manifests as a data source to identify high-risk cargo shipments, but
according to some air carrier representatives, the information
contained in these manifests is not always complete or accurate. CBP's
new effort to target and inspect inbound air cargo transported on
passenger carriers that may pose a security risk provides CBP an
opportunity to strengthen its targeting activities by addressing the
issues with its targeting system that we previously identified.
DHS's strategy for addressing the threat of nuclear and radiological
terrorism includes deploying radiation detection equipment at U.S.
ports of entry, including airports. CBP plans to deploy radiation
portal monitors at international airports by September 2009 in order to
inspect 100 percent of inbound cargo for radiation.[Footnote 88] We
have previously reported that currently deployed radiation portal
monitors have limitations and that CBP is behind schedule in deploying
radiation portal monitors at U.S. ports of entry, including
airports.[Footnote 89] Specifically, we reported that the portal
monitors are limited by the type of radioactive materials they are able
to detect and they cannot differentiate naturally occurring
radiological material from radiological threat material. We also
reported that meeting DHS's goal to deploy over 3,000 radiation portal
monitors at U.S. ports of entry, including U.S. airports, by September
2009 was unlikely. As of December 2005, CBP had deployed 57 radiation
portal monitors at U.S. facilities that receive international mail and
express consignment courier facilities in the United States, but had
not yet deployed monitors at U.S. airports that receive inbound air
cargo.[Footnote 90] CBP officials cited a lack of resources as the
primary reason for not being able to purchase and deploy more monitors,
including those at U.S. international airports. Until CBP fully deploys
radiation portal monitors at international airports that receive
inbound air cargo, CBP's efforts to effectively inspect air cargo once
it enters into the United States for radiological weapons or the
materials to build such a weapon may be limited.
Another effort CBP has under way to secure the security of inbound air
cargo is the voluntary C-TPAT program. This program is aimed at
strengthening the international supply chain and U.S. border security.
In exchange for implementing security policies and procedures, such as
pre-employment screening, periodic background reviews, and employee
training on security awareness and procedures, CBP provides C-TPAT
participants, including foreign and domestic air carriers, with a
reduced likelihood that their cargo will be inspected once it arrives
in the United States. According to CBP, while there are more than 6,000
participants in the C-TPAT program, as of June 2006, only 31 of the
approximately 200 foreign and domestic air carriers that transport
cargo into the United States, and only 52 of the potentially thousands
of freight forwarders that consolidate cargo departing by air for the
United States, are participating in the program.
Some foreign air carriers and foreign freight forwarders we spoke with
stated that although CBP has made them aware of C-TPAT benefits, they
have not applied for program membership because they do not see the
value of participating in C-TPAT. Specifically, these air carriers and
freight forwarders noted that participation in C-TPAT does not ensure
quicker delivery times of their shipments and therefore does not
benefit them. According to CBP officials, while C-TPAT offers
participants a wide range of benefits, such as a reduced number of
inspections and priority processing for inspections, CBP cannot compel
air carriers to participate in the program because the C-TPAT program
is voluntary. CBP has, however, identified expanding the number C-TPAT
participants, including air carriers, as one of its objectives in CBP's
fiscal years 2007-2011 Strategic Plan for Securing America's Borders at
Ports of Entry.
At present, the requirements to become a member of C-TPAT are more
broadly written for air carriers and freight forwarders than they are
for importers, sea carriers, and highway carriers because CBP has not
yet finalized specific security criteria for air carriers and freight
forwarders participating in the program. According to CBP officials,
they have drafted specific security criteria for air carriers. However,
the finalization of the air carrier criteria has been placed on hold,
as CBP is in the process of conducting a comprehensive review of its
current air cargo strategy, including how CBP will incorporate C-TPAT.
DHS Is in the Early Stages of Testing Technologies to Strengthen Air
Cargo Security:
DHS has taken some steps to incorporate new technologies into
strengthening the security of air cargo, which will affect both
domestic and inbound air cargo. However, TSA and DHS's Science and
Technology (S&T) Directorate are in the early stages of evaluating
available aviation security technologies to determine their
applicability to the domestic air cargo environment. TSA and S&T are
seeking to identify and develop technologies that can effectively
inspect and secure air cargo with minimal impact on the flow of
commerce. DHS officials added that once the department has determined
which technologies it will approve for use on domestic air cargo, they
will consider the use of these technologies for enhancing the security
of inbound air cargo shipments. According to TSA officials, there is no
single technology capable of efficiently and effectively inspecting all
types of air cargo for the full range of potential terrorist threats,
including explosives and WMDs. As such, TSA, together with S&T, is
conducting a number of pilot programs that are testing a variety of
different technologies that may be used separately or in combination to
inspect and secure air cargo. These pilot programs seek to enhance the
security of air cargo by improving the effectiveness of air cargo
inspections through increased detection rates and reduced false alarm
rates, while addressing the two primary threats to air cargo identified
by TSA--hijackers on an all-cargo aircraft and explosives on passenger
aircraft.[Footnote 91]
DHS's pilot programs are testing a number of currently employed
technologies used in other areas of aviation and transportation
security, as well as new technologies. These pilot programs include:
* an air cargo explosives detection pilot program implemented at three
airports, testing the use of explosive detection systems, explosive
trace detectors, standard X-ray machines, canine teams, technologies
that can locate a stowaway through detection of a heartbeat or
increased carbon dioxide levels in cargo, and manual inspections of air
cargo;[Footnote 92]
* an explosive detection system (EDS) pilot program, which is testing
the use of computer-aided tomography to compare the densities of
objects to locate explosives in air cargo and to determine the long-
term feasibility of using EDS equipment as a total screening process
for break bulk air cargo;[Footnote 93]
* an air cargo security seals pilot, which is exploring the viability
of potential security countermeasures, such as tamper-evident security
seals, for use with certain classifications of exempt cargo;
* the use of hardened unit loading devices, which are containers made
of blast-resistant materials that could withstand an explosion on board
the aircraft; and:
* the use of pulsed fast neutron analysis (PFNA) which allows for the
identification of the chemical signatures of contraband, explosives,
and other threat objects (see appendix V for more detailed information
on DHS's and TSA's air cargo security pilot tests).
TSA anticipates completing its pilot tests by 2008, but has not yet
established time frames for when it might implement these methods or
technologies for the inbound air cargo system. As noted, some of the
technologies being pilot-tested are currently employed or certified for
use in other areas of aviation security, to include air cargo.
According to DHS and TSA officials, further testing and analysis will
be necessary to make determinations about the capabilities and costs of
these technologies when employed for inspecting inbound air cargo at
foreign locations.
TSA and CBP Have Taken Some Steps to Coordinate Efforts Related to
Inbound Air Cargo Security, but Do Not Have Processes in Place to
Communicate Important Information:
Pursuant to Homeland Security Presidential Directive 7, TSA is
responsible for coordinating with relevant federal agencies, such as
CBP, to secure the nation's transportation sector, including the air
cargo system.[Footnote 94] TSA and CBP have taken a number of steps to
coordinate their respective efforts to safeguard air cargo transported
into the United States. For example, CBP shared its experience in
targeting international cargo shipments with TSA to help the agency
develop a system to target elevated-risk domestic air cargo shipments
for inspection.[Footnote 95] Moreover, in 2003, interagency working
groups were established to share information on TSA's technology
development programs and CBP's air cargo targeting activities, among
other things. In addition, TSA and CBP officials at the three U.S.
airports we visited told us that both agencies discuss aviation
security issues, including inbound air cargo, during weekly or monthly
meetings with airport representatives and other aviation industry
stakeholders. These officials also stated that TSA and CBP staff
located at U.S. airports participate in operational planning and
compliance inspection activities, and that these task forces and
inspection activities may include inbound air cargo security issues.
While these collaborative efforts are important, the two agencies do
not have a systematic process in place to ensure that they are
communicating information on air cargo security programs and
requirements, such as the results of compliance oversight and targeting
activities that could be used to enhance the security of inbound air
cargo. Both collect information that each other could use. For example,
if TSA's compliance inspection results indicated that certain air
carriers were in violation of TSA air cargo inspection requirements,
CBP could use this information to assess the risk of inbound air cargo
shipments from these particular air carriers. Moreover, if air carrier
inspections revealed routine problems with certain types of shipments
or certain shippers, CBP could use this information to apply greater
scrutiny to those types of shipments or shippers. Likewise, if TSA's
foreign airport assessments identify airports that are not meeting
international security standards, CBP could use this information to
improve its inbound air cargo targeting efforts. TSA also requires air
carriers transporting cargo into the United States to randomly inspect
a certain percentage of inbound cargo and compile information on these
inspections. These inspection results could indicate which shipments
were inspected, the outcome of those inspections, and the location at
which the inspections took place. Similarly, CBP collects information
that could be useful to TSA's efforts to secure inbound air cargo. For
example, information gathered from CBP's inbound air cargo targeting
and inspection activities could be used by TSA to help focus its
compliance oversight efforts on those air carriers whose shipments have
been identified by CBP as posing an elevated security risk. In
addition, the results of CBP officers' inspection of inbound air cargo
could be used by TSA to make risk-based decisions regarding the types
of cargo air carriers should be required to inspect, based on its
contents and points of origin, prior to its departure to the United
States.
Without a systematic process to communicate relevant air cargo security
information, TSA and CBP are limited in their ability to most
effectively secure inbound air cargo. TSA and CBP officials agreed that
a process to improve information sharing could provide opportunities
for enhancing their respective efforts to secure inbound air cargo.
Specifically, CBP officials stated that information on the results of
TSA's compliance inspections of air carriers and assessments of foreign
airport security, as well as the results of air carrier inspections of
air cargo prior to its transport to the United States, could
potentially help CBP in targeting high-risk inbound air cargo shipments
for inspection upon its arrival in the United States. TSA officials
also stated that having access to the results of CBP's inbound air
cargo targeting and inspection activities could be used to potentially
strengthen existing TSA air cargo security requirements. Although both
agencies agree that sharing relevant air cargo information could help
to more effectively secure inbound air cargo, neither TSA or CBP has
plans to establish a process to share information on the other's air
cargo security programs and requirements and the results of compliance
oversight and targeting activities that could be used to enhance the
security of inbound air cargo.
Foreign Air Cargo Security Practices and International Harmonization
Efforts Have Potential to Enhance Air Cargo Security, but May Be
Challenging to Implement:
While some of the security practices employed by foreign governments
that regulate airports with high volumes of cargo and domestic and
foreign air carriers that transport large volumes of cargo are similar
to those required by TSA, we identified some security practices that
are currently not used by TSA that could have potential for
strengthening the security of inbound and domestic air cargo supply
chains.[Footnote 96] Although TSA has initiated a review of select
countries' air cargo security practices, the agency has not
systematically compiled and analyzed information on actions taken by
foreign countries and foreign and domestic air carriers to determine
whether the benefits that these practices could potentially have in
strengthening the security of the U.S. and inbound air cargo supply
chain are worth the cost. In addition, DHS has begun working with
foreign governments to develop uniform air cargo security standards and
to mutually recognize each other's security standards, referred to as
harmonization. However, challenges to harmonizing security practices
may limit the overall impact of TSA's efforts.
Foreign Governments and Air Cargo Industry Stakeholders Have Taken Some
Actions That Might Provide Opportunities to Strengthen U.S. Domestic
and Inbound Air Cargo Security, but TSA Has Not Systematically Compiled
and Analyzed This Information:
TSA, foreign governments, and foreign and domestic industry
stakeholders employ some similar air cargo security practices, such as
inspecting a specific percentage of air cargo or the use of specific
technologies to inspect air cargo. However, 18 of the 22 industry
stakeholders and 9 of the 11 countries we compiled information on
reported that they have implemented security practices that differ in
some way from those required by TSA to ensure the security of air cargo
they transport both within their own countries and into the United
States. Some of these practices could potentially be used to mitigate
terrorist threats and strengthen TSA efforts to secure inbound air
cargo when employed in conjunction with current TSA security practices.
While we observed a range of security practices used by foreign
countries, we identified four categories of security practices
implemented by foreign governments and foreign and domestic air
carriers that could potentially enhance the agencies' efforts to secure
air cargo. These practices include (1) the use of air cargo inspection
technologies and methods, (2) the percentage of air cargo inspected,
(3) physical security and access control methods for air cargo
facilities, and (4) procedures for validating known shippers.[Footnote
97] We focused on these practices based on input from air cargo
industry stakeholders. We did not compare the effectiveness or cost of
foreign practices with current TSA requirements and practices. Rather,
we determined whether the use of these security practices differed from
existing TSA efforts to secure domestic and inbound air cargo and could
have the potential to augment the department's current efforts to
secure domestic and inbound air cargo. For additional information on
actions taken by domestic and foreign air carriers with operations
overseas and air cargo industry stakeholders to secure air cargo, see
the table in appendix VI. Additional information about the actions
taken by foreign governments to secure air cargo is included in the
table in appendix VII.
Air Cargo Inspection Technologies and Methods:
Three of the 17 air carriers and 1 of the 7 countries we visited
require the use of large X-ray machines to inspect entire pallets of
cargo transported on passenger aircraft.[Footnote 98] These machines
allow for cargo on pallets to undergo X-ray inspection without
requiring the pallet to be broken down and reconfigured. Government
officials from the country that uses large X-ray machines stated that
this technology allows for the expedited inspection of high volumes of
large cargo items, without impeding the flow of commerce. CBP also uses
this technology to inspect inbound air cargo once it enters the United
States. While DHS's S&T and TSA have recently begun to research large X-
ray technology, TSA officials stated that the agency has not
established time frames for developing and testing X-ray technology
capable of inspecting large pallets of cargo transported domestically
or at a foreign location prior to its transport to the United States.
Without further consideration of the use of large X-ray technology,
which may have been enhanced over the past 8 years, TSA may be limited
in its ability to make such determinations regarding its effectiveness
in the post-September 11 air cargo environment.
In addition, three domestic all-cargo carriers with operations overseas
have independently chosen to employ radiation detection technologies to
inspect air cargo for potential WMD and other radiological items prior
to the cargo being transported on an all-cargo aircraft. Specifically,
one all-cargo air carrier determined that the introduction of a WMD
onto aircraft poses a significant threat. As a result, this carrier
inspects cargo shipments using radiation detection portals and handheld
radiation detectors. According to TSA officials, the agency does not
currently require air carriers to conduct inspections of air cargo to
detect WMD prior to its transport into the United States because the
agency considers mitigating the threat of WMD to be the responsibility
of CBP.
Further, two European countries are currently using canines in a
different manner than TSA to inspect air cargo for explosives.
Specifically, these countries are using the Remote Air Sampling for
Canine Olfaction (RASCO) technique, which involves the use of highly
trained dogs to sniff air samples collected from air cargo or trucks
through a specially designed filter. The dogs sniff a series of air
samples to determine whether or not there is a trace of explosives and
indicate a positive detection by sitting beside the sample. According
to foreign government officials representing two of the countries that
use this technique, tests to determine the effectiveness of this
practice have shown that RASCO has a very high rate of effectiveness in
detecting traces of explosives in cargo. According to foreign
government officials, this inspection method can be used on cargo that
is difficult to inspect using other methods, due to size, density, or
clutter, and does not require the breakdown of large cargo pallets.
Further, officials stated that the dogs used in RASCO do not tire as
easily as dogs involved in searching cargo warehouses, and can
therefore be used for a longer period of time.[Footnote 99] Both TSA
and CBP have certified canine teams for use in detecting explosives in
baggage and currently use dogs for air cargo inspection. These canine
teams are currently used to search narrow and wide-body aircraft,
vehicles, terminals, warehouses, and luggage in the airport
environment. According to TSA officials, while the results of previous
agency tests of RASCO raised questions about its effectiveness, they
continue to work with their international counterparts to obtain
information on the feasibility of using RASCO to inspect air cargo. TSA
officials stated that the agency has not yet determined whether RASCO
is sufficiently effective at finding explosive in quantities that could
cause catastrophic damage to an aircraft and whether this technique
will be approved for use in the United States.
Percentage of Air Cargo Inspected:
The majority of the countries we visited and the majority of air
carriers we spoke with have taken several actions to increase the
percentage of air cargo that is inspected as well as using threat
information to target certain cargo for inspection prior to transport.
For example, 6 of the 17 foreign and domestic air carriers we met with
are either required by their host government or have independently
chosen to inspect a higher percentage of air cargo shipments, with X-
ray technology or other inspection methods, than is currently required
by TSA.[Footnote 100] Air carrier officials stated that the decision to
inspect a higher percentage of air cargo is based on several
considerations, including concerns about the terrorist threat to
passenger aircraft, as well as concerns regarding the security of the
air cargo supply chain in their host country. In addition, in 4 of the
7 countries we visited, air cargo inspections are conducted earlier in
the supply chain prior to the cargo's consolidation and delivery to
airports. Specifically, the governments in these 4 countries permit
inspections to be conducted by regulated agents who meet certain
government requirements, such as maintaining an approved security
program.[Footnote 101] Foreign government officials we spoke with
stated that this practice contributed to the security of air cargo
because it increased the total amount of cargo inspected and
facilitated the inspection of cargo earlier in the supply chain.
Finally, the majority of air carriers we spoke with have independently
chosen to use available threat information to determine how much
scrutiny and what methods to apply to certain cargo prior to its
transport on aircraft. Specifically, 9 of the 17 passenger and all-
cargo air carriers we interviewed target their air cargo inspection
efforts based on analyses of available threat information, among other
factors that could affect air cargo security.
TSA recently increased the amount of cargo air carriers are required to
inspect and initiated efforts to require freight forwarders to inspect
domestic air cargo earlier in the supply chain. The agency, however,
has not evaluated the procedures foreign countries and air carriers use
to inspect a higher percentage of air cargo without affecting the flow
of commerce to determine whether the cost of using these procedures
would be worth the potential benefits of enhanced security. Moreover,
unlike the majority of foreign and domestic air carriers we
interviewed, TSA does not adjust the percentage of air cargo air
carriers are required to inspect based on threat information related to
specific locations. While TSA requires passenger air carriers to
implement additional security requirements for inspecting checked
baggage and passengers for flights departing from high-risk locations,
the agency has not implemented additional requirements for air cargo
departing from these same locations. Agency officials stated that new
air cargo security requirements, contained in the agency's air cargo
security rule, are adequate to safeguard all air cargo transported into
the United States, including cargo transported from high-risk
locations. TSA officials added that the agency would consider
implementing additional air cargo security requirements for high-risk
locations if intelligence information became available that identified
air cargo transported from these locations as posing a high risk to the
United States. CBP, however, currently considers information on high-
risk locations to identify cargo that should undergo inspection upon
its arrival in the United States. In October 2006, TSA issued an
emergency amendment requiring indirect air carriers, under certain
conditions, to inspect a certain percentage of air cargo prior to its
consolidation. While TSA's efforts to require freight forwarders to
inspect domestic air cargo earlier in the supply chain have the
potential for enhancing domestic air cargo security, we have previously
identified problems with TSA's oversight of freight forwarders to
ensure they are complying with air cargo security regulations.[Footnote
102]
Physical Security and Access Controls for Air Cargo Facilities:
In addition to inspecting air cargo prior to its transport on aircraft,
we identified additional security practices implemented by air carriers
and foreign governments to physically secure air cargo and air cargo
facilities. For example, two foreign governments require that all air
cargo be stored in a secured terminal facility located within a
restricted area of the airport to prohibit tampering to the cargo prior
to its loading onto an aircraft. At some airports with restricted
areas, individuals accessing these areas must first undergo physical
screening through the use of walk-through metal detectors or biometric
identification systems. For instance, one all-cargo air carrier uses a
biometric hand-scanning identification system to grant employees access
to air cargo storage facilities. In addition, 10 of the 17 air carriers
we interviewed are subject to audits of the access controls at air
cargo facilities to assess security vulnerabilities at such a facility.
If the test results in a breach of security, all cargo contained within
the breached facility must be inspected before it is permitted to be
loaded onto a passenger or all-cargo aircraft. TSA acknowledged the
importance of enhancing the security of air cargo and air cargo
facilities, and included provisions in the agency's air cargo security
rule for applying or expanding the secure identification display area
(SIDA) requirements at U.S. airports to include areas where cargo is
loaded and unloaded.[Footnote 103] However, TSA has no plans to require
additional air cargo access control measures.
Procedures for Validating Known Shippers:
Two of the 7 countries we visited employ stringent programs for
validating known shippers that differ from the program used in the
United States. For example, 1 country we visited requires its known
shippers or those shippers that have met certain criteria and have an
established shipping history, referred to as known consignors in the
country, to be validated by government-approved contractors. Prior to
implementing this requirement, the country's consignor program allowed
regulated agents and airlines to assess and validate their own
consignors with whom they did business. However, according to
government officials, the previous program was ineffective because it
allowed for breaches in the security of the air cargo supply chain,
such as the implementation of weak security programs by shippers and
conflicts of interest among air carriers and their customers.[Footnote
104] We previously reported on the limitations of TSA's current known
shipper program, such as the relative ease of TSA's requirements for
becoming a known shipper.[Footnote 105] Under this foreign country's
new program, validations of known consignors are conducted by
independent third parties that have been selected, trained, and
accredited by the government. The government maintains the authority to
remove a validator from an approved list, accompany a validator on a
site visit, or conduct unscheduled spot visits to known consignor
sites.
To become known in this particular country, the consignor can choose
from a list of over 100 validators to schedule a validation inspection.
The validation process is conducted using a checklist of security
requirements that includes the physical security measures in place at
the site, staff recruitment, personnel background checking and security
checks, access control to the site, air cargo packing procedures, and
storage of secure cargo, among other things.[Footnote 106] After the
initial validation inspection, consignors must be reassessed every 12
months to retain their known status. During the first round of
assessments conducted, 70 percent of existing known customers failed to
become known consignors because of the stricter security requirements
in place under the new scheme. Since the new validation program
requires program participants to implement stricter security practices
for securing air cargo before it is delivered to the air carrier, it
helps to ensure that cargo coming from known consignors has been
adequately safeguarded.
While TSA's air cargo security rule contains provisions for enhancing
the agency's known shipper program, such as making air carrier and
indirect air carrier participation in the agency's centralized database
mandatory, it did not modify TSA's current process for validating known
shippers, which remains the responsibility of indirect air carriers and
air carriers.[Footnote 107] Accordingly, passenger, all-cargo, and
indirect air carriers will continue to be responsible for entering
shipper information into TSA's central known shipper database, which
may allow for potential conflicts of interest because air carriers who
conduct business with shippers will also continue to have the authority
to validate these same shipping customers. TSA officials stated that
the agency will continue to rely on its mandatory centralized known
shipper database that allows air carriers and indirect air carriers to
validate shippers as known until it develops a system that would enable
TSA to validate known shippers. According to TSA officials, however,
the agency is not considering implementing a program that relies on an
independent third party to validate shippers because high
administrative costs, combined with the large number of shippers
located within the United States, may make it difficult to implement a
third-party validation program. Foreign government officials stated
that using third parties to validate shippers has enhanced the
countries' air cargo security by reducing the number of shippers that
are considered known and by introducing more security controls at an
earlier point in the supply chain. Although the implementation of a
third-party validation program may be challenging in the United States,
without further analysis of such a program, TSA may be missing an
opportunity to determine the extent to which all or parts of a similar
scheme could be incorporated into the agency's current air cargo
security practices.
TSA Is Exploring the Applicability of Some Foreign Air Cargo Security
Practices to the United States, but the Agency Has Not Systematically
Compiled and Analyzed These Practices to Assess Their Viability:
We previously reported that in order to identify innovative security
practices that could help further mitigate terrorism-related risk to
transportation sector assets--especially as part of a broader risk
management approach discussed earlier--it is important to assess the
feasibility as well as the costs and benefits of implementing security
practices currently used by foreign countries.[Footnote 108] However,
DHS has not taken systematic steps to compile or analyze information
that could contribute to the security of both domestic and inbound air
cargo. In response to a recommendation made by DHS's Science and
Technology Directorate, TSA has taken initial steps to learn more about
foreign air cargo security technologies and practices that could be
applied in the United States.[Footnote 109] For example, according to
TSA officials, the agency collects information on the security measures
implemented by countries from which air carriers transport air cargo
into the United States. In addition, the United States has agreements
with several countries that allow TSA to visit and compile information
on their aviation security efforts, including those related to air
cargo. Likewise, officials from these countries are allowed to visit
the United States to learn about DHS's aviation security measures.
TSA officials acknowledge that further examination of how foreign air
cargo security practices may be applied in the United States could
yield opportunities to strengthen the department's overall air cargo
security program. While TSA has obtained some information on foreign
air cargo security efforts, TSA officials acknowledged that the agency
has not systematically compiled and analyzed information on foreign air
cargo security practices to determine those, if any, that could be used
to strengthen the agency's efforts to secure air cargo. TSA officials
stated that while some foreign air cargo security practices may hold
promise for use in the United States, the agency and the air cargo
industry face challenges in implementing some of these practices
because the U.S. air cargo transportation system involves multiple
stakeholders and is responsible for transporting large amounts of cargo
on both passenger and all-cargo aircraft. While large amounts of air
cargo are transported to and from U.S. airports on a daily basis, we
identified air cargo security practices implemented at foreign airports
that also process large volumes of air cargo shipments that may have
application to securing domestic and inbound air cargo operations. For
example, we observed the security practices at 8 foreign airports, 4 of
which rank among the world's 10 busiest cargo airports. In addition,
some of the security practices we identified are being implemented by
air carriers that transport large volumes of air cargo. Specifically,
we spoke with air carrier officials representing 7 of the world's 10
largest air cargo carriers.
DHS Is Working with Foreign Governments and Air Cargo Stakeholders to
Harmonize Air Cargo Security Efforts, but Inherent Challenges May
Affect Their Progress:
In addition to taking initial steps to collect information on foreign
air cargo security practices, DHS has also begun efforts to work with
foreign governments to develop uniform air cargo security standards and
to mutually recognize each other's air cargo security practices--
referred to as harmonization. Harmonization has security as well as
efficiency benefits, including better use of resources and more
effective information sharing. However, working with foreign
governments to achieve harmonization may be challenging because these
efforts are voluntary. Additionally, many countries around the world
may lack the resources or infrastructure needed to develop an air cargo
security program as developed as that of the United States.
TSA and CBP Are Working with Foreign Governments to Develop Uniform
Standards:
One way TSA is working with foreign governments is by collaborating on
the drafting of international air cargo security standards. For
example, according to TSA officials, agency representatives worked with
foreign counterparts to develop Amendment 11 to ICAO's Annex 17, issued
in June 2006, which sets forth new standards and recommended practices
related to air cargo security. In addition, TSA is working with the
European Union to develop a database containing information on shippers
and freight forwarders that will be shared between the United States
and European Union member states. As of January 2007, TSA was
negotiating with the European Union on (1) how information in the
databases will be shared, (2) what information will be shared, and (3)
how the shared information will be used by each entity. Currently, the
European Union database can transmit data to the TSA system as part of
the development and testing of the European Union system. However,
TSA's system will not be able to transmit data to the European Union's
database until TSA's new known shipper and indirect air carrier
databases are online, which TSA expects to occur sometime in late 2007.
CBP has also engaged in efforts to develop uniform air cargo security
standards with select foreign countries. Specifically, CBP undertook a
study with the Canadian Border Services Agency (CBSA) to identify
similar air cargo security practices being carried out by CBP and CBSA
and areas in need of improvement. The study made recommendations to
enhance both agencies' efforts to secure air cargo that included
specific steps the agencies can take to harmonize security measures.
For example, the study recommended that CBP and CBSA explore
harmonizing air cargo targeting and inspection protocols, including the
use of detection technology. The study also recommended that the two
agencies share knowledge of emerging technologies. CBP's fiscal years
2007-2011 Strategic Plan for Securing the Nation's Borders at Ports of
Entry recognizes the need to partner with foreign governments to share
relevant information in an effort to improve cargo security, including
cargo transported by air.
According to foreign government and international air cargo industry
representatives, the development of uniform air cargo security
requirements and measures could provide security benefits by
eliminating ineffective requirements and practices and focusing on
automated or nonintrusive inspection technologies that could be
universally employed to reduce the potential for human error. The cargo
security mission of the International Air Transport Association,
according to the association's cargo security strategy 2006/2007, is to
simplify cargo security by developing an integrated approach that
involves all key supply chain stakeholder groups, and which is
proportionate to the threat, effective, harmonized, and sustainable.
The World Customs Organization's Framework of Standards to Secure and
Facilitate Global Trade has also called for aviation and customs
security requirements to be harmonized into one integrated solution, to
the extent possible.
Foreign air carrier officials we spoke with also stated that developing
uniform air cargo security standards related to performing background
checks on air cargo workers, training air cargo workers, and
controlling access to air cargo facilities would increase security
levels in these areas. These officials added that uniform air cargo
security requirements could facilitate industry compliance with
security requirements. Further, foreign air carrier representatives and
foreign government officials discussed the need to harmonize the terms
used in the air cargo environment. For example, TSA uses the term
"indirect air carriers" when referring to certified freight forwarders,
whereas most other countries refer to these entities as "regulated
agents." In addition, TSA uses the term "known shipper" to refer to
certified shippers, while most other nations use the term "known
consignor" when referring to these same entities. Harmonized
terminology would provide air cargo industry stakeholders clarification
on which security requirements apply to them.
Foreign and U.S. air cargo industry representatives and foreign
government officials added that there is currently too much variation
among countries regarding what type of air cargo must be inspected,
what types of cargo are exempt from inspection, which entities should
conduct the inspections, and what methods or technologies should be
used to inspect air cargo. These representatives and officials stated
that a harmonized inspection process would reduce duplicative efforts
to inspect cargo shipments in order to meet different countries'
security requirements. According to industry officials, having to
implement duplicative security requirements, particularly those related
to air cargo inspections, can impede the flow of commerce, expose air
cargo shipments to theft, and damage high-value items. For example,
representatives from a U.S. air carrier stated that in one Asian
country, government employees inspect 100 percent of outbound air cargo
transported on a passenger air carrier. However, to meet U.S.
requirements, TSA requires passenger air carriers transporting air
cargo into the United States to inspect a certain percentage of
nonexempt cargo shipments, which would have already been inspected by
the foreign government. Air carrier representatives stated that meeting
TSA inspection requirements is problematic in certain foreign countries
because air carriers are not permitted to re-inspect air cargo
shipments that have already been inspected by foreign government
employees and deemed secure. These conflicts and duplication of effort
could be avoided through mutually acceptable uniform air cargo security
standards developed jointly between the United States and foreign
countries. However, we recognize that because foreign countries'
requirements are so varied, and the threats to certain foreign airports
are less than to others, TSA would have to consider accepting other
countries' inspection requirements on a case-by-case basis to determine
the viability of such an option. According to TSA officials, developing
stronger uniform international standards would improve the security of
inbound air cargo and assist TSA in performing its mission. For
example, TSA officials stated that the harmonization of air cargo
security standards would provide a level of security to those entities
not currently regulated by the agency, such as foreign freight
forwarders and shippers.
TSA and CBP Are Partnering with Foreign Governments to Begin Mutual
Recognition of Air Cargo Security Requirements:
TSA has taken additional steps to begin mutual recognition of foreign
air cargo security requirements in an effort to enhance the security of
inbound air cargo. For example, TSA officials stated that the agency
approved amendments to air carriers' security programs in November 2001
permitting those carriers operating out of the United Kingdom, France,
Switzerland, Israel, and Australia to implement the air cargo security
requirements of these foreign countries, in lieu of TSA's. TSA
officials stated that these five countries were selected based on
agency officials' recommendations and a review of the countries'
security programs to determine if country requirements and practices
met or exceeded TSA requirements.[Footnote 110] In contrast, those air
carriers operating out of a foreign country other than the five
previously identified must implement their host government's
requirements in addition to TSA's. Officials added that in order for
these countries' air cargo security programs to remain recognized by
TSA, they must have met or exceeded TSA's air cargo security
requirements, including new requirements set forth in the air cargo
security rule. TSA officials further stated that they do not currently
have plans to review other countries' air cargo security measures and
that such reviews would be predicated on a host countries' request.
In addition, air carriers may seek TSA's approval of amendments to
their security programs that would enable the air carrier to implement
alternative air cargo security measures that satisfy TSA's minimum
security requirements while maintaining compliance with the security
requirements of the host government. According to TSA officials, the
agency will approve these alternative measures as long as TSA deems
that they meet ICAO's standards and TSA's minimum requirements. For
example, officials noted that some foreign governments allow cargo from
unknown shippers to be transported on passenger aircraft after that
cargo is inspected. Although this measure differs from the requirements
in place in the United States that do not permit cargo from unknown
shippers to be transported on passenger aircraft, TSA officials stated
that the ICAO standards are being met and air carriers operating out of
such countries are permitted to transport cargo into the United States.
Foreign government officials, embassy officials, and foreign industry
members with whom we met also stated that to lessen the burden on
airports and air carriers, TSA should consider accepting the results of
ICAO or European assessments of airports with passenger air carrier
service to the United States, and air carrier compliance inspections
conducted by the European Union in lieu of conducting their own
assessments and inspections. According to foreign government officials,
in addition to TSA air carrier inspections and foreign airport
assessments, air carriers located at foreign locations and airports
around the world are subject to inspections by ICAO, as well as their
host country. The European Union has also recently begun to conduct its
own assessments of the security of airports located within its member
states. Officials from one country told us that TSA should consider
accepting the results of European Union assessments in light of the
progress the European Union has made in developing its oversight
program.
Foreign government officials also expressed concern over TSA's
inspections of foreign air carriers, saying that TSA lacks the
authority under host government or international laws to assess foreign
air carriers' compliance with TSA's security requirements that exceed
ICAO's standards. Notwithstanding this view, TSA is authorized under
U.S. law to ensure that all air carriers, foreign and domestic,
operating to, from, or within the United States maintain the security
measures included in their TSA-approved security programs and any
applicable security directives or emergency amendments issued by
TSA.[Footnote 111] Although TSA security requirements support the ICAO
standards and recommended practices, TSA may subject air carriers
operating to, from, or within the United States to any requirements
necessary and assess compliance with such requirements, as the
interests of aviation and national security dictate.[Footnote 112]
TSA officials acknowledged that they have discussed the possibility of
using European Union airport assessment results to either prioritize
the frequency of TSA's assessments or to conduct more focused TSA
assessments at European Union airports. According to TSA officials, the
agency may also be able to use host government or third-party
assessments to determine the aviation security measures to focus on
during TSA's own airport assessments in foreign countries. TSA is also
considering reducing the number of assessments conducted at airports
that are known to have effective security measures in place and focus
inspector resources on airports that are known to have less effective
security measures in place. In addition, TSA is considering having a
TSA inspector shadow a European Union inspection team for 1 or 2 days
to validate the results of European Union assessments. Another option
would be for TSA and the European Union to leverage their resources by
conducting joint airport assessments. According to a European Union
official, however, member states recently met to discuss sharing
European Union assessment results with TSA. Specifically, member states
determined that until the European Union and TSA agree on how they will
share sensitive security information with each other and how they will
conduct joint assessments of each other's airports, that at this time
they will not share the results of European Union airport assessments
with TSA. The European Union official further stated that member states
will not share their European Union airport assessment results with TSA
unless TSA reciprocates. The official added that member states may
share the results of airport assessments conducted by their own
internal auditing entities with TSA, but it would be illegal for member
states to share their European Union assessment results with TSA.
TSA is also working closely with the European Union to develop mutually
acceptable air cargo security measures. For example, in March 2005 a
bilateral meeting on air cargo security was held between the European
Union and the United States. An objective of this meeting was to share
information on the air cargo security policies being developed by both,
which, in turn, may encourage mutual acceptance. The development of the
European Union/United States joint air cargo database was a focus of
this meeting. The meeting also provided the European Union an
opportunity to comment on TSA's notice of proposed rule making on air
cargo security before the rule was finalized.
Challenges to DHS's Harmonization Efforts May Affect Progress:
Despite DHS's efforts to harmonize international air cargo security
practices, a number of key obstacles, many of which are outside of
DHS's control, may impede their progress. For example, because
international aviation organizations, such as ICAO, have limited
enforcement authority, they can only encourage, but generally not
require, countries to implement air cargo security standards or
mutually accept other countries' security measures. In addition, the
implementation of uniform air cargo security standards may require the
expenditure of limited resources. For example, according to European
Union and air cargo industry officials, those countries with air cargo
security programs that are less advanced than those of the European
Union and the United States may not have the resources or
infrastructure necessary to enhance their air cargo security programs.
In addition, some foreign governments do not share DHS's view regarding
the threats and risk associated with air cargo. For example, CBP has
identified the introduction of terrorist weapons, including a WMD, as
the primary threat to cargo entering the United States. Government
officials from one country we met with, however, stated that they do
not view the introduction of a WMD as a significant threat to air cargo
security. Officials from another country stated that, unlike DHS, they
do not consider stowaways as a primary threat to air cargo, while an
official from a third country noted that it does not differentiate
between the threats to passenger air carriers and those to all-cargo
carriers. In addition, while TSA prohibits cargo from unknown shippers
from being transported on passenger aircraft, the European Union and
one Asian country we obtained information from allows cargo from
unknown shippers to be transported on passenger aircraft after the
cargo is inspected. These countries also inspect 100 percent of cargo
from unknown shippers that is transported on all-cargo aircraft, while
TSA requires all-cargo air carriers to randomly inspect a portion of
the air cargo they transport. These differing approaches to air cargo
security may make the harmonization of inspection requirements
difficult to achieve.
Further, TSA faces legal challenges in mutually accepting the results
of other entities' airport assessments. According to TSA officials, the
agency interprets its statutory mandate to conduct assessments of
foreign airports to mean that TSA must physically observe security
operations at a foreign airport. This interpretation, according to TSA,
precludes TSA from relying solely on third-party or host government
assessments. If the Secretary of DHS, on the basis of the results of a
TSA assessment, determines that a foreign airport does not maintain and
carry out effective security measures, the Secretary must take further
action. Such actions include, among others, notifying appropriate
authorities of the foreign government of deficiencies identified,
providing public notice that the airport does not maintain and carry
out effective security measures, or suspending service between the
United States and the airport if it is determined a condition exists
that threatens the safety or security of the passengers, aircraft, or
crew, and such action is in the public interest.[Footnote 113] TSA
officials noted that unlike DHS, ICAO has limited enforcement
capabilities. However, TSA officials stated that the agency is taking
steps to further emphasize reciprocity with other governments by
encouraging them to assess airports within the United States.[Footnote
114] Such an effort could help facilitate the agency's foreign airport
assessments and air carrier inspections.
TSA officials also stated that although they are working with the
European Union to develop a process to share airport assessment and
inspection results, the agency currently does not have an agreement
with either the European Union or ICAO to share assessment results. TSA
officials added that even if they obtain access to these results, TSA
is still legally required to conduct its own assessments of airports at
which air carriers have operations into the United States and will
continue with inspections of air carriers that transport cargo into the
United States. Information on the results of other governments' airport
assessments and air carrier inspections could help TSA focus its
oversight resources on those countries and carriers that may pose a
greater risk to the United States. In addition, foreign government and
embassy officials noted that it will be difficult to harmonize air
cargo security standards and requirements until the international
community develops an approach for sharing sensitive information, such
as security requirements. Developing a process for sharing sensitive
information could help the United States and other countries improve
their understanding of each others' security measures and identify
overlapping or contradicting security requirements.
Conclusions:
While DHS has made significant strides in strengthening aviation
security, it is still in the early stages of developing a comprehensive
approach to ensuring inbound air cargo security. Until TSA and CBP take
additional actions to assess the risks posed by inbound air cargo and
implement appropriate risk-based security measures, U.S.-bound aircraft
transporting cargo will continue to be vulnerable to terrorist attack.
In October 2005, we recommended that TSA take a number of actions
designed to strengthen the security of the nation's domestic air cargo
transportation system. Similar actions, if effectively implemented,
could also strengthen the department's overall efforts to enhance the
security of inbound air cargo, both before the cargo has departed a
foreign nation and once it has arrived in the United States. We are
encouraged by TSA's initial efforts to use a risk-based approach to
guide its investment decisions related to inbound air cargo security
while at the same time addressing other pressing aviation and
transportation security priorities. However, risk management efforts
should begin with a strategy that includes specific goals and
objectives, which TSA has not yet identified. Likewise, TSA's efforts
to prioritize inbound air cargo assets and guide decisions about
protecting them could be strengthened by establishing a methodology and
time frames for completing risk assessments of inbound air cargo and
determining how to use the results to target security programs and
investments. Further, while TSA has drafted new requirements for
securing inbound air cargo, without reexamining the rationale for
existing inspection exemptions specific to air cargo transported into
the United States on passenger aircraft and making any needed
adjustments to these exemptions, there will continue to be a
vulnerability that could be exploited by terrorists. Moreover, without
developing an inspection plan that includes performance goals and
measures to gauge air carrier compliance with air cargo security
requirements, TSA cannot readily identify those air carriers that are
achieving an acceptable level of compliance and focus the agency's
inspection resources on those air carriers with higher levels of
noncompliance that may pose a greater risk.
Coordination and communication between TSA and CBP is also important to
ensuring that gaps do not exist in the security of inbound air cargo.
Without effectively sharing information, TSA's and CBP's inbound air
cargo security activities may be less efficient and effective. While
TSA and CBP have separate missions within DHS, their responsibilities
for the security of air cargo are complementary. A strategy that
clearly defines TSA's and CBP's roles and responsibilities with regard
to securing inbound air cargo could help ensure that all areas of
inbound air cargo security are being addressed. TSA and CBP also lack a
systematic process to share relevant air cargo security information,
such as the results of air carrier compliance inspections and foreign
airport assessments that could enhance both agencies' efforts to secure
air cargo. Such a process could provide opportunities for enhancing
TSA's and CBP's respective efforts to secure inbound air cargo.
TSA's efforts to coordinate with foreign governments and air cargo
stakeholders are an important step toward developing enhanced and
mutually agreeable international air cargo security standards. While
TSA has taken steps to obtain information on foreign air cargo security
practices, further examination of how these practices may be applied in
the United States could yield opportunities to strengthen the
department's overall air cargo security program. Doing so could also
enable the United States to leverage the experiences and knowledge of
foreign governments and international air cargo industry stakeholders
and help identify additional innovative practices to secure air cargo
against a terrorist attack in this country.
Recommendations for Executive Action:
To help ensure that the Transportation Security Administration and
Customs and Border Protection take a comprehensive approach to securing
air cargo transported into the United States, in the restricted version
of this report we recommended that the Secretary of Homeland Security
direct the Assistant Secretary for the Transportation Security
Administration and the Commissioner of U.S. Customs and Border
Protection to take the following two actions:
(1) Develop a risk-based strategy, either as part of the existing air
cargo strategic plan or as a separate plan, to address inbound air
cargo security, including specific goals and objectives for securing
this area of aviation security. This strategy should clearly define
TSA's and CBP's responsibilities for securing inbound air cargo, as
well as how the agencies should coordinate their efforts to ensure that
all relevant areas of inbound air cargo security are being addressed,
particularly as they relate to mitigating the threat posed by weapons
of mass destruction.
(2) Develop a systematic process for sharing information between TSA
and CBP that could be used to strengthen the department's efforts to
enhance the overall security of inbound air cargo, including, but not
limited to, information on the results of TSA inspections of air
carrier compliance with TSA inbound air cargo security requirements and
TSA assessments of foreign airports' compliance with international air
cargo security standards.
To help strengthen the Transportation Security Administration's inbound
air cargo security efforts, we recommend that the Secretary of Homeland
Security direct the Assistant Secretary for the Transportation Security
Administration to take the following four actions:
(3) establish a methodology and time frame for completing assessments
of inbound air cargo vulnerabilities and critical assets, and use these
assessments as a basis for prioritizing the actions necessary to
enhance the security of inbound air cargo;
(4) establish a time frame for completing the assessment of whether
existing inspection exemptions for inbound air cargo pose an
unacceptable vulnerability to the security of air cargo, and take
steps, if necessary, to address identified vulnerabilities;
(5) develop and implement an inspection plan that includes performance
goals and measures to evaluate foreign and domestic air carrier
compliance with inbound air cargo security requirements; and:
(6) in collaboration with foreign governments and the U.S. air cargo
industry, systematically compile and analyze information on air cargo
security practices used abroad to identify those that may strengthen
the department's overall air cargo security program, including
assessing whether the benefits that these practices could provide in
strengthening the security of the U.S. and inbound air cargo supply
chain are cost-effective, without impeding the flow of commerce.
Agency Comments and Our Evaluation:
We provided a draft of this report to DHS for review and comments. On
April 19, 2007, we received written comments on the draft report, which
are reproduced in full in appendix VIII. DHS generally concurred with
the report and recommendations.
With regard to our recommendation to develop a risk-based strategy to
address inbound air cargo security which clearly defines TSA's and
CBP's responsibilities for securing inbound air cargo, particularly as
they relate to mitigating the threat posed by weapons of mass
destruction, DHS stated that CBP is in the preliminary stages of
developing its Air Cargo Security Strategic Plan. According to DHS, the
draft plan includes goals and objectives, such as capturing accurate
advance information to effectively screen air cargo shipments;
accounting for and reconciling all high-risk air cargo shipments
arriving from foreign destinations; developing and enhancing
partnerships to strengthen air cargo security while continuing to
facilitate the movement of legitimate trade; and controlling,
inspecting and interdicting all air cargo that may pose a threat to
national security of the United States. DHS also stated that CBP is
coordinating with TSA in the refinement of CBP's Air Cargo Security
Strategic Plan. Current efforts include discussions with TSA management
and the review of relevant information in the classified TSA air cargo
threat assessment. DHS further stated that CBP plans to collaborate
with TSA during the vetting stage of CBP's Air Cargo Strategic Plan to
ensure coordination of efforts and seamless implementation. Further,
DHS stated that TSA plans to revise its existing Air Cargo Strategic
Plan in fiscal year 2007, and will consider including a strategy for
addressing inbound air cargo transported on passenger and all-cargo
aircraft. DHS stated that TSA will identify and include specific goals
and objectives for securing this area of aviation security and will
work with CBP to share best practices in mitigating threats posed by
weapons of mass destruction. While DHS has recognized the need for CBP
and TSA to work together to address inbound air cargo security threats,
DHS has not indicated whether the Air Cargo Strategic Plan CBP is
developing or TSA's revised Air Cargo Strategic Plan will provide a
risk-based strategy for how the agencies will coordinate their
respective efforts to ensure the security of air cargo transported into
the United States, particularly as they relate to mitigating the threat
posed by weapons of mass destruction. Taking such action would be
necessary to fully address our recommendation.
Concerning our recommendation to develop a systematic process for
sharing information between TSA and CBP that could be used to
strengthen the department's efforts to enhance the overall security of
inbound air cargo, DHS stated that CBP and TSA plan to meet monthly to
continue working on ensuring air cargo security and to determine
whether they can work more collaboratively to ensure air cargo
security. DHS stated that these meetings will also focus on its air
cargo security strategy, including proposed DHS definitions for the
terms "screen," "scan" and "inspection." DHS also noted that TSA and
CBP have previously collaborated on air cargo security initiatives and
efforts through their ongoing participation in the Aviation Security
Advisory Committee Air Cargo Working Group, and CBP has shared
information on its Automated Targeting System with TSA staff who are
developing a Freight Assessment System to target elevated risk domestic
cargo. DHS further stated that TSA recognizes that CBP's Customs-Trade
Partnership Against Terrorism program may include some information that
could help TSA in its efforts to strengthen the security requirements
for individuals and businesses that ship air cargo domestically. While
CBP's and TSA's efforts to collaborate on their air cargo security
activities are worthwhile, it is also important that TSA and CBP
develop a system to share information--such as the results of TSA
inspections of air carrier compliance with TSA inbound air cargo
security requirements and TSA assessments of foreign airports'
compliance with international air cargo security standards--that could
be used to strengthen the department's efforts to secure inbound air
cargo. Ensuring that TSA and CBP incorporate systematic information
sharing into their ongoing coordination efforts would more fully
address our recommendation.
Regarding our recommendation to establish a methodology and time frame
for completing assessments of inbound air cargo vulnerabilities and
critical assets, and use these assessments as a basis for prioritizing
the actions necessary to enhance the security of inbound air cargo, TSA
acknowledged that assessments of inbound air cargo vulnerabilities and
critical assets can assist in the prioritization of programs and
initiatives developed to enhance air cargo security. While TSA stated
that it has taken steps to develop a methodology and a framework to
complete vulnerability assessments of the domestic air cargo supply
chain, TSA does not plan to begin work on assessments of
vulnerabilities of the inbound air cargo supply chain until after the
domestic assessments are completed. TSA stated that it will pursue
partnerships with foreign countries to assess the security
vulnerabilities associated with U.S.-bound air cargo. TSA's efforts to
complete a vulnerability assessment for domestic air cargo are an
important step in applying a risk management approach to securing air
cargo. However, TSA did not provide a time frame for completing the
domestic vulnerability assessments and therefore could not provide a
schedule for when it will conduct an assessment of inbound air cargo
security vulnerabilities. Moreover, TSA has not determined whether it
will conduct a criticality assessment of inbound air cargo assets or
indicated how it plans to use information resulting from these
assessments of inbound air cargo to prioritize the agency's efforts to
enhance the security of inbound air cargo. Taking these steps would be
necessary to fully address our recommendation.
With regard to our recommendation to establish a time frame for
completing the assessment of whether existing inspection exemptions for
inbound air cargo pose an unacceptable security vulnerability, and
taking steps, if necessary, to address identified vulnerabilities, TSA
acknowledged that air cargo inspection exemptions represent a security
risk and described several actions it had taken to revise the air cargo
inspection exemptions. For example, TSA stated that in October 2006,
the agency issued a series of security enhancements in the form of a
security directive, removing air cargo inspection exemptions. While
TSA's actions are an important step in addressing a recommendation we
made in our October 2005 report on domestic air cargo security, TSA's
recent security directive does not remove all inspection exemptions for
air cargo. Specifically, TSA's action only applies to air cargo
transported from and within the United States and not to air cargo
transported into the United States from a foreign country, and only
applies to air cargo transported on passenger air carriers, not all-
cargo carriers. Until TSA assesses whether existing inspection
exemptions for cargo transported on passenger and all-cargo aircraft
into the United States pose an unacceptable vulnerability, and takes
any necessary steps to address the identified vulnerabilities, TSA
cannot be assured that the agency's inbound air cargo inspection
requirements for air carriers provide a reasonable level of security.
Taking this important step is necessary to fully address our
recommendation.
Concerning our recommendation to develop and implement an inspection
plan that includes performance goals and measures to evaluate foreign
and domestic air carrier compliance with inbound air cargo security
requirements, TSA stated that it recognizes the importance of
evaluating air carrier compliance using performance measures and goals.
TSA also stated that its international and domestic field offices
establish comprehensive inspection schedules for field staff to visit
air carriers based on risk factors, inspection histories, and security
determinations. In addition, TSA noted that it is hiring 10 dedicated
international air cargo inspectors, who will be deployed to four
international field offices to inspect all-cargo operations at last
points of departure to the United States on an annual basis to ensure
that they are in compliance with relevant all-cargo security programs
and applicable security directives or emergency amendments. TSA stated
that it will also track the progress on these inspections utilizing the
tracking system developed for its Foreign Airport Assessment Program.
Hiring additional inspectors to conduct compliance inspections of all-
cargo carriers that transport cargo into the United States is an
important step for enhancing the agency's oversight of such carriers.
However, TSA has not indicated whether it will develop an inspection
plan that includes performance goals and measures to evaluate foreign
and domestic air carrier compliance with inbound air cargo security
requirements. Developing such a plan will be important to fulfilling
the agency's oversight responsibilities and is a necessary action in
addressing our recommendation.
Regarding our recommendation to collaborate with foreign governments
and the U.S. air cargo industry and compile and analyze information on
air cargo security practices used abroad to identify those that may
strengthen the department's overall air cargo security program, TSA
stated that it recognizes the importance of collaborating with foreign
governments and U.S. industry to identify best practices and lessons
learned for enhancing air cargo security. Specifically, TSA stated that
it has taken numerous steps to increase collaboration with foreign
governments and industry, including developing relations with United
Kingdom and Irish officials to better understand their air cargo
security practices and programs. TSA also noted that it actively
coordinates with Canadian transportation security officials to share
lessons learned and improve air cargo security between the two
countries. Moreover, TSA stated that it is continuing to build
relationships with foreign governments, including European Union
members and southeast Asian nations. TSA also stated that it is
collaborating with U.S. industry through the Aviation Security Advisory
Committee Air Cargo Working Group to partner with air cargo supply
chain stakeholders on new initiatives and existing programs and pilot
programs. TSA's efforts to collaborate with foreign governments and
industry are important steps toward improving inbound air cargo
security. However, TSA has not indicated whether it plans to compile or
analyze information on air cargo security practices used abroad to
identify those that may strengthen the department's overall air cargo
security program, including assessing whether the benefits that these
practices could provide in strengthening the security of the U.S. and
inbound air cargo supply chain are cost-effective, without impeding the
flow of commerce. Taking such actions would be necessary to fully
address the intent of this recommendation.
DHS also offered technical comments and clarifications, which we have
considered and incorporated where appropriate.
As agreed with your offices, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 30 days
after its issue date. At that time, we will provide copies of this
report to the Secretary of Homeland Security, the Assistant Secretary
of the Transportation Security Administration, the Commissioner of U.S.
Customs and Border Protection, and interested congressional committees.
If you have any further questions about this report, please contact me
at (202) 512-3404 or berrickc@gao.gov. Key contributors to this report
are listed in appendix IX.
Signed by:
Cathleen A. Berrick:
Director:
Homeland Security and Justice Issues:
Congressional Requesters:
The Honorable Bennie G. Thompson:
Chairman:
The Honorable Peter T. King:
Ranking Minority Member:
Committee on Homeland Security:
House of Representatives:
The Honorable Loretta Sanchez:
Chairwoman:
Subcommittee on Border, Maritime and Global Counterterrorism:
Committee on Homeland Security:
House of Representatives:
The Honorable Tom Davis:
Ranking Minority Member:
Committee on Oversight and Government Reform:
House of Representatives:
The Honorable Daniel E. Lungren:
Ranking Minority Member:
Subcommittee on Transportation Security and Infrastructure Protection:
Committee on Homeland Security:
House of Representatives:
The Honorable Christopher Shays:
Ranking Minority Member:
Subcommittee on National Security and Foreign Affairs:
Committee on Oversight and Government Reform:
House of Representatives:
The Honorable Edward J. Markey:
House of Representatives:
[End of section]
Appendix I: Objectives, Scope, and Methodology:
This report addresses the following questions: (1) What actions has the
Department of Homeland Security (DHS) taken to secure inbound air
cargo, and how, if at all, could these efforts be strengthened? (2)
What practices have the air cargo industry and select foreign countries
adopted that could potentially be used to enhance DHS's efforts to
strengthen air cargo security, and to what extent have the
Transportation Security Administration (TSA) and the U.S. Customs and
Border Protection (CBP) worked with foreign government stakeholders to
enhance its air cargo security efforts?
To determine what actions DHS has taken to secure inbound air cargo,
and how, if at all, these efforts could be strengthened, we reviewed
TSA's domestic air cargo strategic plan, proposed and final air cargo
security rules, air cargo-related security directives and emergency
amendments, aircraft operator security programs, and related guidance
to determine the requirements placed on air carriers for ensuring
inbound air cargo security.[Footnote 115] We also interviewed TSA and
CBP officials to obtain information on their current and planned
efforts to secure inbound air cargo. Further, we reviewed CBP's
programs and performance measures related to targeting and inspecting
air cargo once it reaches the United States. Specifically, we reviewed
CBP's Customs and Trade Partnership Against Terrorism (C-TPAT) program
and its Automated Targeting System (ATS) related to air cargo to obtain
information on CBP's efforts to secure, target, and inspect inbound air
cargo. We analyzed TSA foreign airport assessment reports conducted
during fiscal year 2005, compliance inspection data from July 2003 to
February 2006, and performance measures to determine the agency's
progress in evaluating air carriers' compliance with existing air cargo
security requirements. We also discussed the reliability of TSA's
compliance inspection data for the period July 2003 to February 2006
with TSA officials. Although our initial reliability testing indicated
that there were some inconsistencies in the data provided by TSA, we
were able to resolve most of the discrepancies and concluded that the
data were sufficiently reliable for the purposes of this review. For
example, we found spelling variations in the inspections for the same
air carrier, which we identified and made uniform in the dataset. We
found that some records contained duplicate information. We removed
these records based on a comparison of information such as the
inspection record number, the date of the inspection, the specific
requirement the TSA inspector assessed, and the determination of the
air carriers' compliance with the requirement. We also found some
inspections in the dataset that had occurred at U.S. airports. We
identified these by the airport name and removed them from the data. To
identify DHS's plans for enhancing inbound air cargo security, we
reviewed DHS Science and Technology Directorate, TSA, and CBP documents
to identify pilot programs for inspection technology, including program
funding levels, time frames, results, and implementation plans. We
discussed how, if at all, DHS efforts could be strengthened to secure
inbound air cargo with TSA and CBP officials and air cargo industry
stakeholders.
To identify any challenges DHS and its components may face in
strengthening inbound air cargo security, we interviewed TSA and CBP
officials about how they coordinate and share information on their
respective inbound air cargo security efforts. We obtained information
on DHS's, TSA's, and CBP's efforts to apply risk management principles
to inform their decisions related to securing inbound air cargo and
compared these actions against our risk management framework. Our
complete risk management framework includes a specific set of risk
management activities: setting strategic goals and objectives,
assessing risk (threat, vulnerabilities, and criticality), evaluating
alternatives, selecting initiatives to undertake, and implementing and
monitoring those initiatives. This report examines the two risk
management efforts TSA has focused on thus far related to inbound air
cargo security--setting strategic goals and objectives and assessing
risk. With regard to establishing strategic goals and objectives, we
reviewed DHS's Strategic Plan, National Infrastructure Protection Plan,
and National Strategy for Transportation Security. We also reviewed
TSA's strategic plan and TSA's air cargo strategic plan to determine
DHS's strategy for addressing the security of inbound air cargo.
Regarding risk assessments, we interviewed DHS officials to discuss the
department's plans to conduct assessments of the vulnerabilities and
critical assets associated with inbound air cargo. In addition, we
interviewed TSA and CBP officials, foreign government officials, and
air cargo industry stakeholders to identify efforts to develop
international air cargo security standards, and DHS's efforts to work
with foreign governments to develop uniform air cargo security
standards that would apply to participant countries, including a
structure for mutually recognizing and accepting other countries' air
cargo security practices.
To identify actions the air cargo industry and select foreign countries
have taken to secure air cargo and whether such actions have the
potential to be used to strengthen air cargo security in the United
States, we interviewed foreign and domestic air carrier (passenger and
all-cargo) officials, foreign freight forwarder representatives,
airport authorities, air cargo industry associations, and DHS and
foreign government officials. We also conducted site visits to 3 U.S.
airports to observe inbound air cargo security operations and industry
and CBP efforts to inspect inbound air cargo using nonintrusive
inspection technologies, including radiation detection
systems.[Footnote 116] We selected these airports based on several
factors, including airport size, the volume of air cargo transported to
these airports from foreign locations, geographical dispersion, the
presence of CBP officers, and TSA international field office
officials.[Footnote 117] Because we selected a nonprobability sample of
airports, the results from these visits cannot be generalized to other
U.S. airports. Further, we conducted site visits to 7 countries in
Europe and Asia to observe air cargo facilities on and off airport
grounds, observe air cargo security processes and technologies, and
obtain information on air cargo security measures implemented by
foreign governments and industry stakeholders.[Footnote 118] During our
international site visits, we also met with officials from the European
Union and TSA's international field offices. We selected these
countries based on several factors, including geographical dispersion;
TSA threat rankings; and discussions with DHS, State Department, and
foreign government officials and air cargo industry representatives and
experts regarding air cargo security practices that may have
application to DHS's efforts to secure air cargo. We also considered
information on 4 additional countries whose air cargo security
practices differ from those used in the United States.[Footnote 119]
According to TSA and air cargo industry stakeholders, these countries
have implemented stringent air cargo security programs. Specifically,
we observed security practices at 8 foreign airports, 4 of which rank
among the world's 10 busiest cargo airports. We also obtained
information on the air cargo security requirements implemented by 4
additional foreign countries. In addition, some of the security
practices we identified are being implemented by air carriers that
transport large volumes of air cargo. Specifically, we spoke with air
carrier officials representing 7of the world's 10 largest air cargo
carriers. We also discussed the feasibility of applying foreign air
cargo security measures in the United States with TSA officials. We did
not, however, evaluate the effectiveness of the foreign measures we
identified during this review. We also discussed efforts to develop,
harmonize, and mutually recognize international air cargo security
standards with TSA, foreign government, and air cargo industry
officials.
TSA's and CBP's roles and responsibilities for securing air cargo
transported from the United States to a foreign location were not
included in the scope of this review. TSA's requirements for outbound
air cargo are similar to those governing the security of air cargo
transported within the United States. For a review of TSA's practices
related to securing domestic air cargo, GAO-05-446SU.
We conducted our work from October 2005 through February 2007 in
accordance with generally accepted government auditing standards.
[End of section]
Appendix II: TSA's Efforts to Assess Air Carrier Compliance with
Inbound Air Cargo Security Requirements:
TSA's inspections at foreign airports are conducted by aviation
inspectors who are responsible for reviewing aviation security measures
of foreign and domestic passenger air carriers to determine their
compliance with a variety of TSA aviation security requirements,
including those related to inbound air cargo. These inspectors are
responsible for conducting foreign airport assessments as well as
domestic and foreign air carrier inspections at foreign airports.
According to international field office officials, the agency usually
conducts inspections and foreign airport assessments during the same
visit to an airport. The agency also trains and utilizes domestic
aviation security inspectors to conduct inspections under the
supervision of the international field offices to supplement its
international inspection resources.
TSA uses its automated Performance and Results Information System
(PARIS) to compile the results of its aviation inspections and the
actions taken when violations are identified. As shown in figure 4, our
analysis of PARIS inspection records determined that between July 2003
and February 2006, TSA conducted 1,020 international compliance
inspections of domestic and foreign carriers that included a review of
one or more areas of cargo security. TSA data also show that inspectors
conducted 747 inspections at 452 separate domestic air carrier stations
and 273 inspections at 177 separate foreign air carrier
stations.[Footnote 120]
Figure 4: Inspections of Air Carrier Cargo Procedures Conducted from
January 2004 to December 2005:
[See PDF for image]
Source: GAO analysis of TSA's data.
Note: TSA provided us information on the number of inspections
conducted from July 2003 to February 2006. DHS determined that details
on the number of inspections conducted on air carrier cargo procedures
are Sensitive Security Information. Details on the number of
inspections are provided in the restricted version of this report, GAO-
07-337SU.
[End of figure]
TSA has taken initial steps to compile information on the violations
found during its inspections of inbound air carrier cargo security
requirements. For example, from July 2003 to February 2006, TSA
inspectors identified 57 air cargo security violations committed by
foreign and domestic passenger air carriers at foreign airports in
several areas of air cargo security responsibility. Specifically, as
shown in figure 5, these violations covered areas such as cargo
acceptance procedures, cargo screening procedures, and air carrier
cargo hold search procedures.
Figure 5: Air Cargo Security Violations Found during Inbound Passenger
Air Carrier Inspections at Foreign Airports for the Period July 2003 to
February 2006:
[See PDF for image]
Source: GAO analysis of TSA's PARIS database.
Note: TSA provided us information on the number of violations found
during inspections conducted from July 2003 to February 2006. DHS
determined that details on the number of each type of violation found
are Sensitive Security Information. Details on the number of each type
of violation are provided in the restricted version of this report, GAO-
07-337SU.
[End of figure]
[End of section]
Appendix III: TSA's Assessments of Foreign Airport Security Procedures:
During fiscal year 2005, TSA conducted 128 foreign airport assessments
at the approximately 260 airports that service passenger air carriers
departing for the United States.[Footnote 121] As part of the foreign
airport assessment process, TSA develops a report that identifies
recommendations for the airport to improve its airport security to meet
ICAO standards, which include air cargo security standards. Of the 128
assessments TSA conducted during fiscal year 2005, the agency made 28
recommendations to improve air cargo security. As of October 2005, 2
cargo security recommendations were adopted by the airports and 26
recommendations remained to be addressed. Examples of TSA
recommendations include developing a national cargo security program to
establish government authorities and air cargo industry
responsibilities for securing air cargo, among other things.
When TSA inspectors identify a deficiency that requires immediate
action, they work with the airport and government officials to resolve
the deficiency. If TSA inspectors determine that effective security is
still not being maintained, the law prescribes steps and actions
available for encouraging compliance with the standards used in TSA's
assessment.[Footnote 122] Such actions include, among other things,
notifying appropriate authorities of the foreign government of
deficiencies identified, providing public notice that the airport does
not maintain and carry out effective security measures, or suspending
service between the United States and the airport if it is determined a
condition exists that threatens the safety or security of the
passengers, aircraft, or crew, and such action is in the public
interest.[Footnote 123] The agency has not issued a travel advisory or
suspended service solely for air cargo security deficiencies at an
airport since its inception.
[End of section]
Appendix IV: Description of GAO's Risk Management Framework:
GAO's risk management framework is intended to be a starting point for
risk management activities and will likely evolve as processes mature
and lessons are learned. A risk management approach entails a
continuous process of managing risk through a series of actions,
including setting strategic goals and objectives, assessing risk,
evaluating alternatives, selecting initiatives to undertake, and
implementing and monitoring those initiatives. Figure 6 depicts a risk
management cycle.
Figure 6: Risk Management Cycle:
[See PDF for image]
Source: GAO.
[End of figure]
Risk assessment, a critical element of a risk management approach,
helps decision makers identify and evaluate potential risks so that
countermeasures can be designed and implemented to prevent or mitigate
the effects of the risks. The risk assessment element in the overall
risk management cycle may be the largest change from standard
management steps and is central to informing the remaining steps of the
cycle. Table 1 describes the elements of a risk assessment.
Table 1: Elements of a Typical Homeland Security Risk Assessment:
Threat assessment: "Threat" is defined as a potential intent to cause
harm or damage to an asset (e.g., natural environment, people, man-made
infrastructures, and activities and operations). Threat assessments
consist of the identification of adverse events that can potentially
affect an entity. Threats might be present at the global, national, or
local level and their sources include terrorists and criminal
enterprises. Specific threat information may indicate vulnerabilities
that are subject to attack or following the completion of a risk
management process, may, for instance, indicate that resources should
be temporarily deployed to protect cargo in a particular region of the
country or a specific airport. Even if updated frequently, a threat
assessment might not adequately capture some emerging threats.
Vulnerability assessment: "Vulnerability" is defined as the inherent
state (either physical, technical, or operational) of an asset that can
be exploited by an adversary to cause harm or damage. Vulnerability
assessments identify these inherent states and the extent of their
susceptibility to exploitation, relative to the existence of any
countermeasures. A vulnerability assessment is generally conducted by a
team of experts skilled in such areas as engineering, intelligence,
security, information systems, finance, and other disciplines.
Criticality/Consequence assessment: "Criticality" is defined as an
asset's relative importance given that an event occurs. Criticality or
similar consequence assessments identify and evaluate an entity's
assets based on a variety of factors, including the importance of its
mission or function, the extent to which people are at risk, or the
significance of a structure or system in terms of, for example,
national security, economic activity, or public safety. Criticality or
consequence assessments are important because they provide, in
combination with threat and vulnerability assessments, information for
later stages of the risk management process.
Source: GAO.
[End of table]
Another element of our risk management approach--alternatives
evaluation--considers what actions may be needed to address identified
risks, the associated costs of taking these actions, and any resulting
benefits. This information can be provided to agency management to
assist in the selection of alternative actions best suited to the
unique needs of the organization. An additional step in the risk
management approach is the implementation and monitoring of actions
taken to address the risks, including evaluating the extent to which
risk was mitigated by these actions. Once the agency has implemented
the actions to address risks, it should develop criteria for and
continually monitor the performance of these actions to ensure that
they are effective and also reflect evolving risk.
[End of section]
Appendix V: DHS and TSA Air Cargo Security Technology Pilot Tests:
According to DHS officials, the department's ongoing pilot programs
seek to enhance the physical security of air cargo and improve the
effectiveness of air cargo inspections by increasing detection rates
and reducing false alarm rates. DHS officials stated that its air cargo
technology pilot programs focus on securing domestic air cargo, and
while these pilot methods have yet to be implemented, the results of
these tests could be applied to securing inbound air cargo against
similar threats. These technology pilots focus on addressing the two
primary threats to air cargo identified by TSA--hijackers on an all-
cargo aircraft and explosives on passenger aircraft--but do not include
tests to identify weapons of mass destruction. DHS's pilot programs are
described below.
Air Cargo Explosives Detection Pilot Program:
Of the amounts appropriated to DHS in fiscal year 2006, $30 million was
allocated to the Science and Technology (S&T) Directorate to conduct
three cargo screening pilot programs.[Footnote 124] DHS's S&T, working
in conjunction with TSA, selected San Francisco International Airport,
Seattle-Tacoma International Airport, and Cincinnati/Northern Kentucky
International Airport as the sites for the pilot and commenced cargo
inspection operations at all three airports in September 2006. The
pilots will test different concepts of operation at each of the
airports. At San Francisco International Airport, the program will test
the use of approved inspection technologies, including explosive
detection systems, such as CTX 9000, explosive trace detectors,
standard X-ray machines, canine teams, and manual inspections of air
cargo, in attempts to determine the technological and operational
issues involved in explosives detection. The pilot at San Francisco
International Airport will further examine how the use of these
existing checked baggage inspection technologies at a higher rate than
is currently required by TSA will affect air cargo personnel and
operations on, for example, throughput.[Footnote 125] The pilot at
Seattle-Tacoma International Airport will use canines and stowaway
detection technologies, for example, technologies that can locate a
stowaway through detection of increased carbon dioxide levels in cargo,
to detect threats in freighter air cargo,[Footnote 126] while the
Cincinnati/Northern Kentucky International Airport pilot program will
test existing passenger infrastructure for inspecting air cargo,
including explosive detection systems (EDS) technology. The projected
benefits of these pilots include the following: increases in the amount
of cargo inspected, increases in detection reliability without
adversely affecting commerce, and a better understanding of the
necessary procedures and costs associated with greater cargo security.
Pilot Program Evaluating Explosives Detection System Technology:
EDS is a form of X-ray technology that can be highly automated to
screen several hundred bags an hour. EDS machines, in contrast to
explosive trace detection technology, are much larger, up to the size
of a minivan and cost in excess of $1 million. EDS technology uses
computer tomography to scan objects and compare their density to the
density of known objects in order to locate explosives.[Footnote 127]
According to TSA, EDS provides an equivalent level of security as
explosive trace detection (ETD) technology. However EDS provides a
higher level of efficiency.
TSA's EDS Cargo Pilot Program is currently in the third phase of a
three-phased program testing the use and effectiveness of explosive
detection systems at 12 participating sites.[Footnote 128] While the
Air Cargo Explosives Detection Pilot Program will test a range of
explosives detection technologies, the EDS pilot focuses specifically
on EDS technology for its use in the air cargo environment. Phase I,
referred to as Developmental Test and Evaluation, was conducted using
live explosives to test the detection capability and technical
performance of the systems screening simulated break bulk air cargo.
Phase II, referred to as Operational Utility Evaluation, was conducted
in cargo facilities to test the system's effectiveness in the air cargo
environment, in addition to determining the operational alarm and false
alarm rates of the technology. Phase III of TSA's testing is referred
to as the Extended Field Test and is designed as a longer-term
evaluation of available EDS technologies in the air cargo environment.
According to TSA officials, the extended time frame of Phase III (a
minimum of 1 year) will allow TSA to evaluate the reliability,
maintainability, and availability of the EDS technology, in addition to
establishing operational parameters and procedures within a realistic
operational environment.
Air Cargo Security Seals Pilot Program:
TSA officials stated that the agency is exploring the viability of
potential security countermeasures, such as tamper-evident security
seals, for use with certain classifications of exempt cargo.
Traditionally used in the maritime environment, container seals include
a number of tamper-evident technologies that range from tamper-evident
tape to more advanced technologies used to secure air cargo on
aircraft. Tamper-evident tape can identify cargo that requires further
screening and inspection to safeguard against the introduction of
explosives and incendiary devices. Indicative seals are made of plastic
and show signs of tampering. Ranging in price from 5 to 20 cents, they
provide the cheapest solution to air cargo security. Barrier seals,
which cost between 50 cents and $2 or more, are stronger seals that are
generally used on more sensitive cargo because they require bolt
cutters to remove. The most advanced seal technology allows shipping
companies to track a container through the entire shipping process
through a radio frequency identification (RFID) tag that is embedded in
the seal. Average RFID seals can range in cost from $1 to $10, with the
most sophisticated models costing upward of $100. Security seals could
be used in combination with known shipper protocols to insure that
known shippers provide security in their packaging facilities and deter
tampering during shipping and handling.
In 2003, the Congressional Research Service reported that the utility
of electronic seals in air cargo operations has been questioned by some
experts because currently available electronic seals have a limited
transmission range that may make detecting and identifying seals
difficult. In 2006, GAO reported that container seals provide limited
value in detecting tampering with cargo containers.[Footnote 129]
However, according to TSA officials, such countermeasures could provide
an additional layer of security and warrant further examination. In
January 2006, the agency issued a public request for information
regarding security seals. Although the agency has since acquired
information on seals from five vendors, officials stated that efforts
to begin the pilot program have been delayed due to funding issues,
among other things. TSA officials stated that the agency plans to
implement the pilot at four airports by the first quarter of 2007.
These airports include Portland International Airport, John F. Kennedy
International Airport, Chicago O'Hare International Airport, and Ronald
Reagan Washington National Airport.
Hardened Unit Load Devices/Hardened Cargo Containers:
While the Federal Aviation Administration, TSA, and DHS have been
involved in testing hardened unit load devices since the mid-1990s,
testing of these devices has increased since the 9/11 Commission
recommended that all U.S. airliners deploy at least one hardened cargo
container in the hold of every passenger aircraft to carry suspect
passenger baggage or air cargo.[Footnote 130] Hardened unit load
devices are blast-resistant containers capable of transporting
passenger baggage or air cargo within the lower deck cargo holds of
wide-body aircraft. These containers are required to withstand an
explosive blast up to a certain magnitude while maintaining the
integrity of the container and aircraft structure. The container must
also be capable of extinguishing any fire that results from the
detonation of an incendiary device.
In accordance with the Intelligence Reform and Terrorism Prevention Act
of 2004, TSA began a pilot program in June 2005 to conduct airline
operational testing of the ability of hardened or blast-resistant
containers to minimize the potential effects, including explosion or
fire, of a detonation caused by an explosive device smuggled into the
belly of an aircraft.[Footnote 131] TSA officials stated that the start
up of the pilot program was slow because one of the two participating
vendors dropped out of the program and because there were few available
domestic wide-body flights in which to conduct the tests. TSA officials
added that the agency has since made progress in conducting the pilot
and is collecting test data. TSA officials stated that the agency
expects to conclude the data collection phase of the program by summer
2007 and make policy decisions regarding the possible implementation of
hardened unit loading devices by December 2007. In addition, TSA has
been working with vendors and airlines to develop and test a hardened
unit load device that would satisfy industry's request for a lighter,
less cost-prohibitive model while still providing the necessary level
of security to the aircraft.
Pulsed Fast Neutron Analysis Testing:
TSA officials reported that the agency's efforts to test pulsed fast
neutron analysis (PFNA) are currently in the proof-of-concept design
stage, which is focusing on the development of the technology. PFNA
technology allows for bulk inspection of containerized air cargo by
measuring the reaction to injected neutrons and identifying elemental
chemical signatures of contraband, explosives, and other threat
objects. The agency plans to complete the proof-of-concept phase of
testing by March 2007, at which point TSA and DHS will evaluate the
technology on its technical, environmental, operational, and
performance specifications. Testing of this technology will then
proceed to the Development Testing and Evaluation phase. Agency
officials project that the next two phases, Development Testing and
Evaluation and Operational Testing and Evaluation, will take another 2
to 3 years (after the completion of the proof-of-concept design phase)
to fully determine the operational readiness and maturity of the
technology. Agency officials were unable to provide us with a time
frame for when PFNA would be operational at the George Bush
Intercontinental Airport.
[End of section]
Appendix VI: Actions Taken by Select Domestic Air Carriers with
Operations Overseas and Foreign Air Cargo Industry Stakeholders to
Secure Air Cargo:
Area of Action: Cargo Inspection: Methods and Focus;
Passenger Air Carriers: Inspect a higher percentage of cargo placed on
passenger aircraft than is required by TSA or host government;
100 percent of air cargo loaded onto passenger aircraft bound for the
United States required to undergo inspection;
Large palletized cargo is broken down in order to pass cargo through X-
ray machines;
Canines used to sniff air samples taken from cargo shipments;
Limited or no air cargo inspection exemptions;
Large X-ray machines used to inspect entire pallets of cargo bound for
passenger craft;
Additional targeted inspections are conducted based on analysis of
available threat information, among other things;
All-Cargo Air Carriers: 100 percent inspection performed on:
express cargo on passenger aircraft bound for the United States;
air cargo from unknown (cash paying) customers;
air cargo shipped in or out of locations deemed high-risk by the air
carrier is inspected via X-ray;
air cargo bound for passenger flights to the United States are
inspected via X-ray;
Color-coded threat assessment system indicates when air cargo should be
inspected and when other procedures should apply. The color assigned
(red, amber, or green) is based on the cargo's point of origin,
destination, and other relevant intelligence information;
Radiation detection technology is used to inspect cargo transported to
the United States and differentiate between legitimate and illegitimate
sources of radiation;
Canines used to sniff air samples from cargo shipments;
Freight Forwarders: Freight forwarders, also known as regulated agents,
are validated by the government and are responsible for conducting
inspections;
Canines and decompression chambers are used to inspect cargo that
cannot be X- rayed;
Customers are charged a fee when use of decompression chamber is
required.
Area of Action: Identification of Known Shippers/ Cosigners;
Passenger Air Carriers: [Empty];
All-Cargo Air Carriers: [Empty];
Freight Forwarders: Work with known cosigners to prepare for annual
audits; new identification numbers are given post-audit to ensure
security of cosigner identity.
Area of Action: Employee Security;
Passenger Air Carriers: Air cargo workers undergo additional and
stringent background checks, including criminal and employment history
checks;
Program provides monetary incentives to employees in order to increase
employee awareness of access controls, including rewards for reporting
suspicious individuals;
All personnel are trained to identify and handle security risks;
quarterly training is provided to security personnel on a range of
issues, including security updates and the use of new technology;
All-Cargo Air Carriers: [Empty];
Freight Forwarders: Database tracks training completed by employees;
employees are not permitted to enter facility if training lapses or
requirements are not met;
Managers are required to remain knowledgeable on security policies and
regulations in destination countries.
Area of Action: Compiling and Disseminating Air Cargo Data;
Passenger Air Carriers: Threat information is derived from
public/private intelligence. This information includes data on the
sociopolitical/economic conditions of countries;
Independent risk assessments are conducted based on internal testing to
identify cargo security weaknesses;
Representatives from the air carrier industry meet to identify best
practices in aviation security;
All-Cargo Air Carriers: Annual audits of carrier facilities are
conducted using an online questionnaire; facilities undergo a
certification process that is linked to the audits;
Security incident database tracks worldwide security issues;
Freight Forwarders: Manifest information is provided to CBP earlier
than is required by CBP.
Area of Action: Physical Security and Access Controls;
Passenger Air Carriers: Truck drivers entering carrier facilities to
deliver air cargo are escorted by an airline representative at all
times;
Security guards control access to freighters at every stop made by the
aircraft;
Secured cart system transports cargo within cargo storage facility;
Pallets are locked and sealed in a completely enclosed chain-like
container after they are built to prevent the possibility of tampering;
Biometric badge required to gain access to secured areas;
All-Cargo Air Carriers: All employees/visitors are required to pass
through a metal detector before entering/exiting cargo facility;
Assessments are conducted of security conditions in foreign
destinations where staff are located; armed security personnel are
assigned to those locations deemed high risk;
High-tech camera and surveillance system monitor all-cargo areas 24
hours a day;
Biometric identification system that scans the hand to grant access air
carrier facilities and cargo areas;
Strategic placement of air cargo in the aircraft to secure the cockpit
and minimize the potential for a hijacking by a stowaway;
Freight Forwarders: Monthly internal audits of cargo facilities,
including testing of access controls to identify security weaknesses;
Seals and plastic straps are applied to all cargo crates, containers,
and boxes to prevent tampering;
Cargo is consolidated whenever possible into larger units and sealed
with steel banding to limit the possibility of tampering;
Only authorized company employees are permitted to pick up, pack, and
transport cargo to cargo facilities and the airport;
Fingerprints and photographs of all truck drivers that transport cargo
are taken, kept on file, and used to authorize access.
Area of Action: Cargo Acceptance;
Passenger Air Carriers: Refusal of all express cargo brought directly
to the ticketing or check-in counter by an unknown shipper;
Palletized cargo is refused unless airline security personnel are
present when pallet is built;
All-Cargo Air Carriers: Thorough security review is conducted of
potential customers prior to acceptance of their business or cargo;
Freight Forwarders: Refusal of improperly documented that could pose a
potential security threat;
Refusal of express cargo brought directly to the counter;
Refuse all inbound and outbound cargo from unknown shippers.
Area of Action: Air Cargo Technology Testing;
Passenger Air Carriers: Examining use of inspection technology capable
of detecting traces of explosives;
All-Cargo Air Carriers: Pilot testing the use of bees to detect
explosive traces in air cargo shipments;
Freight Forwarders: [Empty].
Source: GAO analysis of industry efforts to secure air cargo that
differ from those implemented in the United States.
[End of table]
[End of section]
Appendix VII: Actions We Identified That Select Foreign Governments Are
Taking to Secure Air Cargo:
Actions Taken by Select Foreign Governments to Secure Air Cargo.
Cargo Inspection;
Methods and Technology;
* Twenty-four hour holding period used as form of inspection;
* Random selection of inspection methods to avoid detection of
inspection patterns;
* Canines used to sniff air samples from air cargo shipments-Remote Air
Sampling for Canine Olfaction (RASCO);
Performing Entity;
* Government, airport, or freight forwarder representatives are
responsible for inspecting air cargo;
* Military police conduct air cargo inspections;
Inspection Focus;
* One hundred percent of unknown cargo loaded on either passenger or
all-cargo aircraft is physically inspected;
* No differentiation between cargo placed on passenger aircraft versus
all-cargo aircraft in regards to type or degree of inspection;
* Unknown cargo that undergoes inspection becomes known and is
permitted on passenger aircraft;
* No, or limited number of, air cargo inspections exemptions;
* Palletized cargo from unknown shippers, broken up, inspected, and re-
palletized before being loaded unto aircraft.
Regulated Agents and Shippers;
* Process to become a regulated agent is strict and costly;
decertification for unsatisfactory performance;
* Third-party validation required to become a known shipper/consignor;
annual third-party compliance inspections conducted of known shippers/
cosigners;
Regulated agents are validated by aviation authority prior to
regulating and auditing shippers and conducting inspections of air
cargo.
Employee Security;
* Air cargo handlers and workers attend government- certified schools
to receive mandatory training in air cargo security awareness and
quality control;
* Air cargo workers undergo background checks that include a criminal
history records check before being granted access to cargo facilities;
Air cargo workers must be of native descent to be hired.
Screening Air Cargo Data;
* Developing multicountry database containing information on all known
consignors and regulated agents to facilitate the exchange of
information among countries.
Physical Security and Access Controls;
To Aircraft and Cargo;
* Security personnel accompany and surround aircraft upon landing to
guard aircraft and its contents, including cargo;
* Cargo is stored in secured terminal facility, located within a
"restricted" area of the airport;
* All individuals accessing cargo facilities are required to pass
through a walk-through metal detector;
To Cargo Facilities;
* Biometric technologies used to control access to cargo facilities;
* Government personnel conduct testing and attempt to gain access to
cargo warehouses/facilities; if successful, all cargo in the breached
facility is considered unknown and must be inspected before being
loaded unto aircraft.
Technology Certification and Funding;
* Government and airport authority subsidize the costs of purchasing X-
ray equipment to inspect air cargo.
Source: GAO analysis of foreign government efforts to secure air cargo
that differ from those implemented in the United States.
[End of table]
[End of section]
Appendix VIII: Comments from the Department of Homeland Security:
U.S. Department of Homeland Security:
Washington, DC 20528:
April 19, 2007:
Ms. Cathleen A. Berrick:
Director:
Homeland Security and Justice Issues:
U.S. Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Dear Ms. Berrick:
Thank you for the opportunity to review and comment on the Government
Accountability Office's (GAO's) draft report GAO-07-660 entitled,
Aviation Security: Federal Efforts to Secure U.S. Bound Air Cargo Are
in the Early Stages and Could be Strengthened.
We appreciate the analysis GAO has done over the past 16 months to
reflect on our program development and for recognizing our progress in
strengthening the Nation's air cargo security. The Department of
Homeland Security (DHS) generally concurs with the report and
recommendations.
The threat of a terrorist exploiting vulnerability within the air cargo
supply chain is real. Addressing this threat is a high priority for
DHS, and the activities taken to improve significantly procedures and
the security layers for air cargo the last two years highlight that
commitment. At the same time, the movement of cargo via air, onboard
both passenger and all-cargo aircraft, represents a critical component
of global and domestic supply chains. Accordingly, the manner and
extent to which DHS secures the air cargo domain continues to evolve,
and the balance between security and the flow of commerce is critical
in this evolution. The complexity of the foreign air cargo environment
requires thoughtful analysis of alternatives and subsequent trade-offs
among a wide array of security options. This requires a threat based
risk management approach that balances the twin goals of enhancing air
cargo security without unduly impeding the flow of commerce.
The current air cargo security program has reached a number of
significant milestones to improve the security of cargo traveling on
passenger aircraft. In May 2006, the Transportation Security
Administration (TSA) issued an air cargo security rule and subsequently
drafted revisions to existing security programs for domestic and
foreign passenger air carriers and for indirect air carriers. Because
the Aviation and Transportation Security Act (ATSA) set specific
milestones for screening cargo and baggage carried aboard passenger
aircraft, TSA focused first on passenger aircraft.
Nevertheless, TSA has begun to move out aggressively in creating new
security programs for domestic and foreign all-cargo carriers. TSA also
created new security programs for domestic and foreign all-cargo
carriers. TSA has increased its screening requirements and tightened
the rules governing shipments believed to be of elevated risk. Finally,
TSA has eliminated exemptions from screening so that now all cargo is
subject to some form of screening or detailed authentication procedure.
To continue the significant progress we have made in air cargo, TSA is
committed to prioritizing its foreign air cargo security efforts using
a risk-based management approach. Both government and industry
recognize that foreign inbound air cargo vulnerabilities must be
addressed to effectively combat current threats.
TSA is committed to working with our trading partners and air cargo
industry stakeholders to enhance foreign inbound air cargo security. In
October 2006, TSA issued a series of security enhancements through
Security Directives (SDs) and Emergency Amendments (EAs) which
eliminated the air cargo screening exemptions to operations within the
United States. All cargo that was once considered exempt from screening
is now subject to some method of screening or detailed authentication
procedure. TSA will continue to work with the International Civil
Aviation Organization (ICAO) members to raise security standards.
With regard to ensuring compliance, TSA is in the process of hiring 10
International Cargo Inspectors, who will eventually be deployed to four
international field offices. These new Cargo Inspectors will inspect
all-cargo operations at last points of departure to the United States
to ensure that they are in compliance with relevant TSA all-cargo
security programs and applicable SDs or EAs.
TSA continues to collaborate with Customs and Border Protection (CBP)
through a number of efforts. CBP is a member of the TSA-led Aviation
Security Advisory Committee (ASAC) Air Cargo Working Group. CBP is
assisting TSA in exploring the feasibility of implementing a voluntary
government-business initiative built on cooperative relationships that
strengthen and improve security throughout the air cargo supply chain.
CBP's Customs-Trade Partnership against Terrorism (C-TPAT) is an
excellent template for development of TSA government-business
initiatives. TSA worked closely with CBP to incorporate lessons learned
under the development of CBP's Automated Commercial Environment and
Automated Targeting System (ATS) in order to avoid duplication of
effort during development of the Freight Assessment System (FAS). This
will allow TSA to better identify air cargo that poses an elevated
security risk and enable TSA to target additional resources for
screening.
Your recommendations will help DHS develop a comprehensive risk-based
approach for securing the foreign air cargo transportation system. We
generally concur with your recommendations and have already taken steps
to address some of them.
The draft report's first two recommendations are directed to both CBP
and TSA. Their composite response is as follows:
Recommendation 1: Develop a risk-based strategy, either as part of the
existing air cargo strategic plan or as a separate plan, to address
inbound air cargo security, including specific goals and objectives for
securing this area of aviation security. This strategy should clearly
define TSA's and CBP's responsibilities for securing inbound air cargo,
as well as how the agencies should coordinate their efforts to ensure
that all relevant areas of inbound air cargo security are being
addressed, particularly as they relate to mitigating the threat posed
by weapons of mass destruction.
Response: CBP is in the preliminary stages of developing its Air Cargo
Security Strategic Plan. In 2006, CBP conducted surveys and on-site
visits to assess current CBP air cargo enforcement operations.
Additionally, in January 2007 a two-week workshop was conducted with
CBP subject matter experts to facilitate the development of the
strategic plan in accordance with GAO requirements (GAO-04-408T). As a
result, CBP has developed a draft plan, which includes goals and
objectives. The following is a general outline of the stated goals in
the draft plan:
* Goal l - Advanced Knowledge: Capture accurate advance information to
effectively screen air cargo shipments.
* Goal 2 - Effective Risk Management: Accountability and reconciliation
of all "high-risk" air cargo shipments arriving from foreign
destinations.
* Goal 3 - Enriched Partnerships: Develop and enhance partnerships to
strengthen air cargo security while continuing to facilitate the
movement of legitimate trade.
* Goal 4 - Enhance Enforcement Capabilities: Control, inspect and
interdict all air cargo that may pose a threat to national security of
the United States.
To date, the draft plan is under development. CBP is coordinating with
TSA in the refinement of the Air Cargo Security Strategic Plan. Current
efforts include discussions with TSA management and the review of
relevant information in the classified TSA air cargo threat assessment.
Lastly, collaboration is anticipated during the vetting stage of the
strategic plan to ensure coordination of efforts and seamless
implementation.
TSA plans to revise its Air Cargo Strategic Plan in the third quarter
of FY 2007, and will consider including a strategy for addressing in-
bound air cargo from all-cargo aircrafts. TSA will leverage its
information sharing efforts with CBP, including monthly air cargo
meetings, Aviation Security Advisory Committee (ASAC) Air Cargo Working
Group partnership, and CBP's sharing of its Air Cargo Security
Strategic Plan to develop a risk-based strategic plan for in-bound air
cargo security.
Recommendation 2: Develop a systematic process for sharing information
between TSA and CBP that could be used to strengthen the department's
efforts to enhance the overall security of inbound air cargo,
including, but not limited to, information on the results of TSA
inspections of air carrier compliance with TSA inbound air cargo
security requirements and TSA assessments of foreign airports'
compliance with international air cargo security standards.
Response: CBP and TSA plan to meet monthly on these issues. An initial
introductory meeting was conducted on Jan 17, 2007 at TSA HQ. CBP
management met with TSA's new General Manager for Cargo Transportation,
and discussed each others role in the air cargo security arena and how
CBP and TSA could work more collaboratively in the future. This meeting
was followed up on February 2, 2007 in which representatives from DHS,
TSA and CBP met to discuss air cargo security strategy.
Topics of discussion included:
* Proposed DHS definition of terms for screen, scan & inspection:
* Advanced cargo manifest information prior to arrival:
* Steps that TSA and CBP could take to work more collaboratively in the
domestic and international air cargo arenas:
* GAO's findings - international air cargo audit:
* TSA's certified shipper vetting criteria and process:
* TSA's Freight Assessment System (FAS):
* CBP's Customs Trade Partnership Against Terrorism (C-TPAT) Program:
* CBP's Automated Targeting System:
CBP and TSA plan to hold these monthly meetings to maintain
communication, momentum and to continue the positive steps of working
together in the air cargo security environment. However, the two
components have previously been collaborating on air cargo security
initiatives and efforts through their ongoing participation in the
Aviation Security Advisory Committee Air Cargo Working Group. Also,
another specific area for collaboration has been CBP's Automated
Targeting System and TSA's Freight Assessment System (FAS). CBP and TSA
have been sharing lessons learned, and providing input into the
development of these systems for three years. Additionally, TSA and CBP
have recently been collaborating on the development of TSA's Certified
Shipper (CS) program. TSA recognizes that CBP's C-TPAT program may
include some elements similar to the proposed CS program, and will
continue to partner with CBP to include those elements and lessons
learned in the development of the program.
With respect to those recommendations that were directed solely to TSA:
Recommendation 3: Establish a methodology and time frame for completing
assessments of inbound air cargo vulnerabilities and critical assets,
and use these assessments as a basis for prioritizing the actions
necessary to enhance the security of inbound air cargo.
Response: TSA recognizes that assessments of inbound air cargo
vulnerabilities and critical assets can assist in the prioritization of
programs and initiatives developed to enhance air cargo security. TSA
has taken the initial steps to develop a methodology and a framework to
address this issue in partnership with a working group of aviation
security stakeholders.
One specific program designed to complete these assessments is the Air
Cargo Vulnerability Assessment, which is currently underway at three
U.S. airports. The scope of these assessments is to identify weaknesses
in the domestic air cargo supply chain. Functional security
requirements will be developed to mitigate any weaknesses identified
through the program. After the completion of these assessments TSA will
pursue partnership opportunities with foreign countries to assess
inbound cargo.
Similarly, TSA has dedicated International Aviation Security Inspectors
(I-ASIs), who perform inspections of international carriers to ensure
compliance with TSA cargo regulations, at many domestic and foreign
airports. TSA recognizes this vulnerability to air cargo security and
is hiring 10 International Cargo Inspectors to inspect all-cargo
operations at last point of departure to the United States.
Recommendation 4: Establish a time frame for completing the assessment
of whether existing inspection exemptions for inbound air cargo pose an
unacceptable vulnerability to the security of air cargo, and take
steps, if necessary, to address identified vulnerabilities.
Response: TSA recognizes that screening exemptions for air cargo pose a
risk to the security of air cargo and will work as quickly as
practicable to complete the vulnerability assessment. Toward that end,
TSA has already taken a number of steps. For example, in October 2006,
TSA issued a series of security enhancements in the form of a Security
Directive (SDI 544-06-04A) removing air cargo screening exemptions for
flights departing from and operating within the United States. For such
flights, all cargo that was once considered exempt from screening is
now subject to some form of screening or detailed authentication
procedure. TSA will continue to work with ICAO members in conducting a
vulnerability assessment and subsequently raising international
security standards.
Recommendation 5: Develop and implement an inspection plan that
includes performance goals and measures to evaluate foreign and
domestic air carrier compliance with inbound air cargo security
requirements.
Response: TSA recognizes the importance of evaluating air carrier
compliance using performance measures and goals. TSA inspectors embark
on rigorous inspection procedures on air carriers all over the world,
including a focus on carriers with perceived risk and non-compliant
histories. TSA international and domestic field offices establish
comprehensive inspection schedules for field staff to visit air
carriers based on risk factors, inspection histories, and security
determinations.
TSA establishes schedules to inspect air carriers based on several
factors including the perception of the risk posed by the air carrier
based on a risk-based methodology.
Additionally, TSA is hiring 10 International Cargo Inspectors, which
will be deployed to four international field offices. These new Cargo
Inspectors will inspect all-cargo operations at last points of
departure to the United States to ensure that they are in compliance
with relevant all-cargo security programs and applicable SDs or EAs. To
assess international all-cargo carrier's compliance to TSA security
requirements, TSA will conduct annual inspections of all-cargo carriers
operating at last points of departure to the United States. TSA will
track the progress on these inspections utilizing the tracking system
developed for the Foreign Airport Assessment Program.
Recommendation 6: In collaboration with foreign governments and the
U.S. air cargo industry, compile and analyze information on air cargo
security practices used abroad to identify those that may strengthen
the department's overall air cargo security program, including
assessing whether the benefits that these practices could provide in
strengthening the security of the United States and inbound air cargo
supply chain are cost-effective, without impeding the flow of commerce.
Response: TSA recognizes the importance of collaborating with foreign
governments and U.S. industry stakeholders to identify best practices
and lessons learned for enhancing air cargo security. Specifically, TSA
has taken significant steps to increase collaboration with foreign
governments and industry, including extensive consultations with United
Kingdom and Irish aviation officials to better understand their air
cargo security practices, particularly their Known Consignor programs.
Further, as part of the US/EU Transportation Security Cooperation
Group, there is an air cargo workstream initiative to harmonize
security measures to the extent possible. This collaboration will help
TSA develop the Certified Shipper (CS) program, which will assist in
its 3-year strategy to achieve 100 percent screening of cargo on
passenger aircraft.
TSA also actively participates in the U.S./Canada Transportation
Security Cooperative Group to share lessons learned and improve air
cargo security between the two countries.
Additionally, TSA is continuing to build relationships with foreign
government associations, including:
* Building relationships with European Union countries through multiple
collaborative meetings both here at TSA and overseas; and:
* Forming partnerships with Association of Southeast Asian Nations
(ASEAN) countries through a visit and presentation to an ASEAN aviation
security conference.
The security of the nation's air cargo system and TSA benefit greatly
from our collaboration with U.S. industry. Specifically, TSA convenes
and facilitates the Aviation Security Advisory Committee (ASAC) Air
Cargo Working Group to partner with important air cargo supply chain
stakeholders on new initiatives and existing programs and pilots.
Additionally, TSA meets regularly with representatives from the
International Air Transport Association (a trade association that
represents and serves the airline industry world-wide) to discuss
ongoing and emerging air cargo security initiatives.
The Department has already begun making progress implementing GAO's
recommendations. This progress demonstrates our commitment to continual
improvement to ensure the security of the traveling public.
Thank you again for the opportunity to comment on this draft report and
we look forward to working with you on future homeland security issues.
Sincerely,
Signed by:
Steven J. Pecinovsky:
Director:
Departmental GAO/OIG Liaison Office:
[End of section]
Appendix IX: GAO Contact and Staff Acknowledgments:
GAO Contact:
Cathleen A. Berrick, (202) 512-3404:
Acknowledgments:
In addition to the contact named above, John C. Hansen, Assistant
Director; Susan Baker; Charles W. Bausell; Katherine Davis; Jennifer
Harman; Richard Hung; Cathy Hurley; Tom Lombardi; Jeremy Manion; Linda
Miller; Steve D. Morris; and Meg Ullengren made key contributions to
this report.
FOOTNOTES
[1] A weapon of mass destruction could include nuclear, biological,
chemical, or radiological devices. For the purposes of this report, the
term "weapon of mass destruction" also encompasses weapons of mass
effect or scenarios that could result in a great loss of life and
destruction.
[2] DHS and Department of Transportation, National Strategy for
Transportation Security, 2005. Other aviation assets identified as
being at significant risk of terrorist attack include passenger
aircraft operations, major and midsized airport facilities, general
aviation aircraft operations and airports/airfields near major urban
areas, and critical national airspace system infrastructure. DHS is
required to update its National Strategy for Transportation Security,
and planned to update it for submission to Congress by the end of 2006,
and every 2 years thereafter. However as of February 2007 it had not
been updated.
[3] Aviation and Transportation Security Act, Pub. L. No. 107-71, 115
Stat. 597 (2001). See 49 U.S.C. §§ 114(a), 44901(a).
[4] The terms "inspecting" and "screening" have been used
interchangeably by TSA to denote some level of examination of a person
or good, which can entail a number of different actions, including
manual physical inspections to ensure that cargo does not contain
weapons, explosives, or stowaways, or inspections using nonintrusive
technologies that do not require the cargo to be opened in order to be
inspected. For the purposes of this report, the term "screening" is
used when referring to TSA or CBP efforts to apply a filter to analyze
cargo related information to identify cargo shipment characteristics or
anomalies for security risks. Moreover, for the purposes of this
report, we use the term "inspection" to refer only to air carrier, TSA,
or CBP efforts to examine air cargo through physical searches and the
use of nonintrusive technologies.
[5] Cargo transported by air within the United States is referred to as
domestic air cargo, and cargo transported by air from the United States
to a foreign location is referred to as outbound air cargo.
[6] CBP aids in the enforcement of law and regulations of non-DHS
agencies. For example, CBP regulates the entry of sugar into the United
States. (see 7 U.S.C. §§ 3601-04, pertaining to the U.S. Department of
Agriculture), assists in the enforcement of the Bank Secrecy Act (see
12 U.S.C. §§ 1951-59, pertaining to the U.S. Department of the
Treasury), and aids in the enforcement of regulations related to safety
standards for the transportation of hazardous materials (see 49 U.S.C.
§§ 5101-28, pertaining to the U.S. Department of Transportation).
[7] In this report, the term "targeting" refers to the use of
information obtained from the screening process to identify high-risk
air cargo shipments for inspection.
[8] DHS determined that the exact percentage of air cargo physically
screened or inspected is Sensitive Security Information.
[9] See Pub. L. No. 108-334, § 513, 118 Stat. 1298, 1317 (2004).
[10] See Pub. L. No. 108-458, §§ 4051-54, 118 Stat. 3638, 3728-29
(2004).
[11] GAO, Aviation Security: Federal Action Needed to Strengthen
Domestic Air Cargo Security, GAO-06-76 (Washington, D.C.: October
2005).
[12] The security of cargo transported from the United States to other
countries, referred to as outbound air cargo, is subject to similar
security requirements and procedures that apply to domestic air cargo.
Because these security measures were addressed in our October 2005
report (GAO-06-76), they are not included in this report except in our
discussion of how foreign air cargo security measures could be
considered for strengthening domestic air cargo.
[13] "Air carriers" refers to both foreign and U.S.-based passenger air
carriers whose aircraft have been configured to accommodate both
passengers and cargo, and all-cargo carriers whose aircraft transport
only cargo.
[14] For the purposes of this report, the term "air cargo security
practices" collectively refers to requirements, standards, processes,
and measures aimed at securing air cargo.
[15] A freight forwarder is an entity that consolidates air cargo
shipments and delivers them to air carriers.
[16] DHS determined that details on the types of inbound air cargo
transported on passenger and all-cargo aircraft exempt from TSA
inspection requirements are considered Sensitive Security Information.
A description of these exemptions is provided in the restricted version
of this report, GAO-07-337SU.
[17] DHS determined that other examples of air carriers' efforts to
secure air cargo are Sensitive Security Information. Information on
these examples is provided in the restricted version of this report,
GAO-07-337SU.
[18] The International Civil Aviation Organization defines a regulated
agent as an agent, freight forwarder, or any other entity that conducts
business with an aircraft operator and provides security controls that
are accepted or required by the appropriate government authority with
respect to cargo or mail.
[19] Other federal entities involved in securing or safeguarding air
cargo include the Department of Homeland Security-U.S. Customs and
Border Protection, the United States Postal Service, the Department of
Commerce, the Department of Transportation, and the Department of the
Treasury.
[20] Foreign air carriers landing or taking off in the United States
must adopt and use a TSA-approved security program that requires
adherence to the identical security measures required of U.S. air
carriers serving the same airports. See 49 U.S.C. § 44906. TSA
regulations provide that a foreign air carrier security program will
only be deemed acceptable if it provides passengers a level of
protection similar to the level of protection provided by U.S. air
carriers serving the same airports. See 49 C.F.R. § 1546.103(a)(1). For
example, a foreign air carrier must prohibit cargo from being loaded on
board its aircraft unless handled in accordance with the foreign air
carrier's TSA-approved security program.
[21] As of January 2007, TSA security programs include the (1) Aircraft
Operator Standard Security Program, which applies to domestic passenger
air carriers; (2) Indirect Air Carrier Standard Security Program, which
applies to domestic indirect air carriers; (3) Domestic Security
Integration Program, a voluntary program that applies to domestic all-
cargo carriers; (4) Twelve-Five Program, which applies to certain
operators of aircraft weighing more than 12,500 pounds in scheduled or
charter service that carry passengers, cargo, or both; (5) Model
Security Program, which applies to foreign passenger air carriers; and
(6) All-Cargo International Security Procedures, which applies to each
foreign air carrier engaged in the transportation of cargo to, from,
within, or overflying the United States in all-cargo aircraft with a
maximum certified takeoff weight of more than 12,500 pounds. TSA
drafted new security programs for foreign and U.S. all-cargo carriers
with operations to, from, and within the United States. TSA expects to
finalize these programs in early 2007.
[22] Explosive trace detection (ETD) equipment requires human operators
to collect samples of items to be inspected with swabs, which are
chemically analyzed to identify any traces of explosive material.
Explosive detection systems use probing radiation to examine objects
inside baggage and identify the characteristic signatures of threat
explosives. Certified explosive detection canine teams have been
evaluated by TSA and shown to effectively detect explosive devices.
Decompression chambers simulate the pressures acting on aircraft by
simulating flight conditions, which cause explosives that are attached
to barometric fuses to detonate.
[23] DHS determined that details on the percentage of air cargo
required to be randomly inspected are considered Sensitive Security
Information. Information on the percentage of air cargo randomly
inspected is provided in the restricted version of this report, GAO-07-
337SU.
[24] DHS determined that details on the types of inbound air cargo
transported on passenger and all-cargo aircraft exempt from TSA
inspection requirements are considered Sensitive Security Information.
A description of these exemptions is provided in the restricted version
of this report, GAO-07-337SU.
[25] Unlike its domestic air cargo inspection program, TSA's inbound
air cargo security program does not include a covert testing component
to identify air cargo security weaknesses. TSA officials stated that
foreign governments do not allow the agency to conduct such tests.
[26] 49 U.S.C. § 44907(a)(1). TSA assumed responsibility for conducting
foreign airport assessments from the Secretary of Transportation (as
delegated to the Federal Aviation Administration) in accordance with
the Aviation and Transportation Security Act, enacted in November 2001.
See 49 U.S.C. § 114(d). TSA conducts these assessments utilizing a
standard for analysis based, at least, on the standards and appropriate
recommended practices of Annex 17 to the Convention on International
Civil Aviation. § 44907(a)(2). The Secretary of Homeland Security
determines whether an airport maintains and carries out effective
security measures using the results of TSA's assessments. See §
44907(c).
[27] See 19 C.F.R. § 122.48a (implementing a provision of the Trade Act
of 2002, Pub. L. No. 107-210, § 343, 116 Stat. 933, 981-83, as amended,
requiring the electronic submission of inbound cargo information prior
to arrival in the United States).
[28] See 19 U.S.C. § 1629.
[29] See 19 U.S.C. §§ 482, 1467, 1499, 1581, and 1582.
[30] Historically, CBP has been responsible for interdicting and
seizing contraband and illegal drugs. CBP targets and inspects cargo on
behalf of 16 other federal agencies, including the U.S. Dept. of
Agriculture, the Food and Drug Administration, Bureau of Alcohol,
Tobacco, Firearms and Explosives, and the Drug Enforcement Agency.
[31] CBP defines an inspection as a physical examination and/or the
imaging of cargo using non-intrusive inspection technology to identify
contraband and terrorist-related items.
[32] DHS determined that details on the type of shipment information
used by ATS to assign a risk score to air cargo shipments are
considered Sensitive Security Information. A description of the
shipment information used by ATS is discussed in the restricted version
of this report, GAO-07-337SU.
[33] Pursuant to the Trade Act of 2002, as amended, CBP established
time frames in which air carriers are required to electronically submit
air cargo manifest information. See 19 C.F.R. § 122.48a(b). Air
carriers departing from any foreign location in the Americas, including
Mexico, Central America, and areas of South America north of the
equator, must submit manifest information no later than the time of
flight departure (the time at which wheels are up on the aircraft and
the aircraft is en route directly to the United States.) In the case of
air carriers departing from any other foreign location, CBP requires
that manifest information be submitted 4 hours prior to the flight's
arrival in the United States.
[34] Officers who are members of CBP's Anti-terrorism Contraband
Enforcement Teams specialize in targeting and examining inbound air
cargo shipments to identify potential contraband and terrorist-related
items.
[35] CBP also conducts inspections based on specific, usually
classified, intelligence that points to a specific threat and directs
field officers in specific airports to take certain actions. The
results of field officer efforts may be analyzed and shared with the
intelligence community. These inspections are not part of CBP's routine
efforts to address ongoing air cargo threats associated with the
smuggling of contraband or WMD.
[36] The pallet VACIS unit consists of a self-contained gamma ray
imaging system designed to quickly image pallets or pallet-sized
containers. A mobile VACIS, similar to pallet VACIS unit consists of a
truck-mounted, gamma ray imaging system that produces a radiographic
image used to evaluate the contents of trucks, containers, cargo, and
passenger vehicles in order to determine the possible presence of
contraband.
[37] The SAFE Port Act, enacted in October 2006, specifically
authorized the Secretary of Homeland Security, acting through the
Commissioner of CBP, to establish the C-TPAT program in accordance with
requirements set forth in the law. Security and Accountability for
Every (SAFE) Port Act of 2006, Pub. L. No. 109-347, §§ 211-223, 120
Stat. 1884, 1909-15.
[38] In May 2005, CBP began using a three-tiered approach in providing
C-TPAT participants with benefits. Under this approach, air carriers'
benefits, including a reduction in their risk score, increase based on
(1) whether the carriers are certified,(2) whether they are validated,
and (3) whether they are implementing security requirements that exceed
minimum guidelines.
[39] DHS determined that details on the information CBP uses to
prioritize which C-TPAT participants should be validated are Sensitive
Security Information. A description of this information is included in
the restricted version of this report, GAO-07-337SU.
[40] Although adopting these standards is voluntary, in the sense that
each contracting state signs onto the convention of its own accord, a
state may face consequences for not adopting and following the ICAO
standards. For example, if a state does not amend its own regulations
or practices in light of amendments to the ICAO standards, all other
states will be notified of the difference existing between the
international standards and the corresponding national practice of the
state. Similarly, TSA is authorized under U.S. law to conduct foreign
airport assessments using, at least, the ICAO standards and appropriate
recommended practices to determine if the airport maintains and carries
out effective security measures, and to take appropriate actions in the
event the airport does not maintain effective security measures. See 49
U.S.C. § 44907.
[41] A known shipper is an individual or business with an established
history of shipping cargo on passenger carriers.
[42] National Commission on Terrorist Attacks upon the United States,
The 9/11 Commission Report: Final Report of the National Commission on
Terrorist Attacks upon the United States (Washington, D.C.: 2004). The
9/11 Commission was an independent, bipartisan commission established
in late 2002, to prepare a complete account of the circumstances
surrounding the September 11 terrorist attacks, including preparedness
for and the immediate response to the attacks. The commission was also
mandated to provide recommendations designed to guard against future
attacks.
[43] The Intelligence Reform and Terrorism Prevention Act of 2004
requires the Secretary of Homeland Security to develop, prepare,
implement, and update, as needed a National Strategy for Transportation
Security and transportation modal security plans. See Pub. L. No. 108-
458, § 4001, 118 Stat. 3638, 3710-12 (codified at 49 U.S.C. §§ 114(t),
44904(c)-(d)).
[44] GAO-06-76.
[45] In 2006, DHS reorganized the Information Analysis and
Infrastructure Protection Directorate and moved its functions to the
Office of Intelligence and Analysis and Office of Infrastructure
Protection.
[46] DHS designated TSA as the lead agency for addressing HSPD-7 as it
relates to securing the nation's transportation sector. The Department
of Transportation also has a collaborative role for addressing HSPD-7.
[47] U.S. Department of Homeland Security, TSA's Air Cargo Strategic
Plan, November 2003.
[48] According to CBP officials, CBP provided TSA with information on
CBP's targeting efforts and systems to assist TSA in the development of
a system to target domestic air cargo for inspection. However,
according to CBP officials, TSA has not sought further assistance from
CBP on developing a targeting system for domestic air cargo.
[49] DHS determined that examples of the specific challenges TSA may
face in addressing inbound air cargo security are considered Sensitive
Security Information. A description of the specific challenges TSA may
face is included in the restricted version of this report, GAO-07-
337SU. In July 2006, DHS issued its goals and priorities to be achieved
prior to January 2009. The department identified protecting air cargo
transported on passenger aircraft as one of its top priorities, and
called for the implementation of a system to protect against hidden
explosives devices in air cargo transported on passenger aircraft by
the end of 2007. Although the goals and priorities do not specify
whether they apply to domestic, inbound, or outbound air cargo, TSA
officials stated that they apply only to domestic air cargo.
[50] DHS determined that details on the potential vulnerability are
considered sensitive security information. Information on the potential
vulnerabilities is discussed in the restricted version of this report,
GAO-07-337SU.
[51] TSA's Office of Intelligence, formerly known as TSIS, does not
independently gather intelligence information but rather produces
threat assessments using available intelligence from sources such as
DHS's Directorate of Intelligence and Analysis, the Federal Bureau of
Investigation, and the Central Intelligence Agency. The details of
TSA's threat assessment are classified.
[52] DHS defines "threat" as the capabilities (demonstrated and
theoretically feasible) of terrorist organizations/affiliates to
attack/damage/destroy critical infrastructure such as transportation
assets, coupled with the intentions (both demonstrated and articulated
publicly) to actually perpetrate these attacks.
[53] According to CBP, mitigating the threat of a WMD entering the
United States via any transportation mode is its priority mission.
According to CBP officials, CBP will not conduct its own air cargo
specific threat assessment, but rather rely on TSA's air cargo threat
assessments and information obtained from the Central Intelligence
Agency.
[54] In April 2005, TSA briefed a congressional committee on the
threats to the nation's entire transportation sector, including
aviation. The briefing included a threat matrix that ranked the risk
associated with the different transportation modes and showed threats
to air cargo that were consistent with previous TSA threat assessments.
[55] At a departmental level, DHS does not have any efforts under way
specifically aimed at assessing the vulnerabilities of inbound air
cargo. However, agency officials stated that the Office of
Infrastructure Protection, an office within DHS charged with
coordinating national critical infrastructure protection efforts, is
coordinating with TSA on conducting risk assessments associated with
U.S. airports.
[56] DHS determined that examples of inbound air cargo security
vulnerabilities are Sensitive Security Information. Examples of inbound
air cargo security vulnerabilities are discussed in the restricted
version of this report, GAO-07-337SU. In our October 2005 report on
domestic air cargo security, we cited air cargo system vulnerabilities
related to the adequacy of background investigations for persons
handling cargo, the possible tampering with cargo during land transport
to the airport or at the cargo handling facilities of air carriers and
freight forwarders, and the illegal shipments of hazardous materials.
See GAO-06-76.
[57] TSA's rule sets forth domestic air cargo security requirements,
such as requiring airports to expand the secure identification display
area (SIDA)at airports to include areas where cargo is loaded and
unloaded, and conduct security threat assessments on individuals with
access to air cargo to assess any terrorist threats from those
individuals.
[58] TSA amended this requirement in response to the DHS Appropriations
Act, 2005, in July 2005. Pub. L. No. 108-334, § 513, 118 Stat. 1298,
1317 (2004).
[59] DHS determined that details on the percentage of inbound air cargo
transported on passenger and all-cargo aircraft required to be
inspected is Sensitive Security Information. Information on the
percentage of inbound air cargo required to be inspected is included in
the restricted version of this report, GAO-07-337SU.
[60] The AOSSP and MSP also contain new security requirements for
carriers transporting cargo within the United States and from the
United States to a foreign location.
[61] Previously, distinct security programs did not exist for domestic
and foreign all-cargo carriers. All-cargo carriers, however, were
required to implement security measures contained in TSA security
directives and emergency amendments. Some of the proposed requirements
in the proposed all-cargo security programs are already implemented by
all-cargo carriers.
[62] DHS determined that details on the draft requirements contained in
security programs for passenger and all-cargo carriers that relate to
inbound air cargo security are Sensitive Security Information. The
draft requirements are discussed in the restricted version of this
report, GAO-07-337SU.
[63] According to TSA, the increased cost estimates contained in the
final rule were largely due to tripling the percentage of cargo
passenger air carriers are required to inspect, which was required by
the DHS Appropriations Act of 2005.
[64] The inspection exemptions apply to inbound, outbound, and domestic
air cargo. See GAO-06-76.
[65] GAO-06-76.
[66] DHS determined that details on the specific policy changes TSA
made as a result of the working group are considered Sensitive Security
Information. A description of these policy changes is provided in the
restricted version of this report, GAO-07-337SU.
[67] DHS determined that details on the requirements contained in the
draft security programs for all-cargo carriers are Sensitive Security
Information. A description of these requirements is provided in the
restricted version of this report, GAO-07-337SU.
[68] DHS determined that the specific types of cargo exempted are
considered Sensitive Security Information. A description of these
policy changes is provided in the restricted version of this report,
GAO-07-337SU.
[69] DHS determined that details on specific vulnerabilities associated
with inbound air cargo inspection exemptions are Sensitive Security
Information. A description of the vulnerabilities is provided in the
restricted version of this report, GAO-07-337SU.
[70] DHS determined that details on the specific concerns expressed by
all-cargo air carriers are Sensitive Security Information. A
description of these concerns is included in the restricted version of
this report, GAO-07-337SU.
[71] In an October 20, 2005, meeting with a wide range of industry
stakeholders, TSA announced its intent to review current policies and
processes. During a follow-on meeting held November 9, 2005, with
corporate security representatives from most of the major passenger air
carriers, TSA continued that dialogue and specifically addressed the
need to reevaluate the rationale for existing inspection exemptions.
[72] DHS determined that the specific actions TSA is taking to address
this issue are considered Sensitive Security Information. These actions
are discussed in the restricted version of this report, GAO-07-337SU.
[73] TSA compliance inspections are fundamentally different from air
carriers' inspections of air cargo. TSA inspections are designed to
ensure air carrier compliance with air cargo security requirements,
while air carrier inspections focus on ensuring that air cargo does not
contain an improvised explosive device or human stowaway.
[74] International field office officials stated that these inspections
may occur in conjunction with a foreign airport assessment.
[75] The Government Performance and Results Act of 1993, Pub. L. No.
103-62, 107 Stat. 285, as amended, focuses the federal government on
providing objective, results-oriented information to improve the
efficiency and effectiveness of federal programs, among other things.
Under GPRA, developing performance goals and measures is a component of
results-oriented management. See 31 U.S.C. § 1115.
[76] GAO, Internal Control Management and Evaluation Tool, GAO-01-1008G
(Washington, D.C.: August 2001).
[77] GAO, The Results Act: An Evaluator's Guide to Assessing Agency
Annual Performance Plans, GAO/GGD-10.1.20 (Washington, D.C.: April
1998).
[78] See 49 U.S.C. § 44907(a)(1). TSA may conduct assessments at
intervals it considers necessary to ensure that airports maintain and
carry out effective security measures based, at least, on the standards
and recommended practices of ICAO Annex 17. See § 44907(a)(2).
[79] Prior to October 2006, TSA scheduled assessments by categorizing
airports into two groups. Airports that historically had met or
exceeded international security standards were assessed once every 3
years, while airports that did not regularly meet international
standards or had not been previously assessed were visited annually.
[80] We are currently conducting an evaluation of TSA's foreign airport
assessment program and air carrier compliance inspection program, and
are scheduled to publish a Sensitive Security Information report in
April 2007.
[81] In addition to cargo identified through ATS, CBP also performs
random inspections of cargo through its compliance measurement program.
According to CBP officials, these inspections are conducted on a
stratified sample, using data contained in ATS. CBP officials noted
that the results of the random inspections are compared with the
results of ATS inspections to improve future targeting efforts.
[82] See 19 C.F.R. § 122.48a.
[83] CBP is currently not using ATS, but rather the proprietary systems
of express consignment couriers, such as UPS and Fed Ex, to target
inbound air cargo these carriers transport. According to CBP officials,
CBP officers are provided access to the proprietary systems and inspect
high-risk shipments identified through these systems. CBP is in the
process of developing policies and procedures to screen information on
cargo transported on express consignment couriers through ATS.
[84] CBP officials added that the knowledge and experience of the CBP
officer conducting the inspection factors in on the extent to which a
cargo shipment is inspected. Specifically, the extent to which a cargo
shipment is inspected depends on what the officer needs to see to feel
comfortable that the cargo shipment does not pose a threat.
[85] According to CBP officials, its targeting policy does not apply to
express consignment couriers that sometimes make a stop at an
intermediate airport in the United States, prior to its final arrival
at an all-cargo carrier's hub facility, such as Memphis for FedEx or
Louisville for UPS. According to CBP, air carrier hubs are adequately
staffed to conduct air cargo inspections, while intermediate airports
have limited inspection resources. CBP officials acknowledge the
importance of developing a targeting policy that specifically applies
to express consignment couriers and plans to issue such a policy
sometime during 2007.
[86] CBP's policy also states that any shipment determined to be
related to terrorism or terrorist activities, regardless of score,
should be examined at the first airport of arrival. Factors that may
contribute to this determination include, but are not limited to,
national intelligence, a validated exact terrorism match, FBI terrorist
information, and alerts from a foreign country intelligence service or
similar factors.
[87] GAO, Cargo Container Inspections: Further Improvements to the
Automated Targeting System Are Needed, GAO-06-809SU (Washington, D.C.:
August 2006), Cargo Container Inspections: Preliminary Observations on
the Status of Efforts to Improve the Automated Targeting System, GAO-
06-591T (Washington, D.C.: March, 30, 2006), Homeland Security:
Challenges Remain in the Targeting of Oceangoing Cargo Containers for
Inspection, GAO-04-352NI (Washington, D.C.: Feb. 20, 2004), and
Container Security: A Flexible Staffing Model and Minimum Equipment
Requirements Would Improve Overseas Targeting and Inspection Efforts,
GAO-05-557 (Washington, D.C.: April 2005).
[88] The first four phases of CBP deployment of radiation portal
monitors include (1) international mail and express courier facilities,
(2) major northern border crossings, (3) major seaports, and (4)
southwestern border crossings.
[89] GAO, Combating Nuclear Smuggling: DHS Has Made Progress Deploying
Radiation Detection Equipment at U.S. Ports of Entry, but Concerns
Remain, GAO-06-389 (Washington, D.C.: March 2006).
[90] The 57 radiation portal monitors do not include those monitors
deployed at Fed Ex and UPS, both of whom inspect air cargo at their
overseas facilities as agreed in a memorandum of understanding with
CBP.
[91] The current technology pilots do not include tests to identify
chemical or biological weapons.
[92] The Conference Report accompanying the Department of Homeland
Security Appropriations Act, 2006, Pub. L. No. 109-90, 119 Stat. 2064
(2005), directed $30 million to the Science and Technology Directorate
to conduct three cargo screening pilot programs testing different
concepts of operations. See H.R. Conf. Rep. No. 109-241, at 53 (2005).
[93] Computer-aided tomography is a method of producing a three-
dimensional image of the internal structures of an object from a large
series of two-dimensional X-ray images taken around a single axis of
rotation.
[94] Homeland Security Presidential Directive 7 (HSPD-7), issued in
December 2003, defines critical infrastructure protection
responsibilities for DHS, sector-specific agencies (those federal
agencies given responsibility for transportation, energy,
telecommunications, and so forth), and other departments and agencies.
HSPD-7 specifically directed the Department of Transportation and DHS
to collaborate on all matters relating to transportation security and
transportation infrastructure protection. DHS subsequently designated
TSA as the lead agency for addressing HSPD-7 as it relates to securing
the nation's transportation sector.
[95] According to CBP officials, CBP is not currently assisting TSA
with the development of a system to target domestic air cargo for
inspection.
[96] Specifically, these include security practices at 8 foreign
airports, 4 of which rank among the world's 10 busiest cargo airports,
and security practices implemented by 7 of the world's 10 largest air
cargo carriers.
[97] TSA uses the term "known shipper" to refer to shippers of cargo
that have met certain criteria established by the agency and have an
established shipping history with an air carrier or indirect air
carrier. These entities are also referred to as known consignors in
other countries.
[98] These figures may be higher than reported because some countries
we visited and air carriers we met with were not specific about the
type of X-ray technology they employ.
[99] Unlike for RASCO, canines used to physically search cargo storage
facilities and aircraft can typically work for about 30-minute
intervals at a time before needing to rest.
[100] Officials from one foreign passenger air carrier stated that,
because of unique security concerns, their personnel are required to
inspect 100 percent of air cargo transported on their aircraft. These
officials also acknowledged that they are able to inspect 100 percent
of air cargo because of the small volume of cargo transported in this
country and the small amount of passenger flights.
[101] According to European Union Regulation 2320, a regulated agent is
an agent, freight forwarder, or other entity that conducts business
with an air carrier and provides security controls that are accepted or
required by the appropriate authority in respect of cargo, courier, and
express parcels or mail. In the United States, "indirect air carrier"
(IAC) is the term used to refer to freight forwarders validated by TSA.
[102] GAO-06-76.
[103] An airport's SIDA is not to be accessed by passengers and
typically encompasses areas near terminal buildings, baggage loading
areas, and other areas that are close to parked aircraft and airports
facilities, including air traffic control towers and runways used for
landing, take off, or surface maneuvering. SIDA security requirements
include security awareness training for all workers with access to
area, measures to detect and respond to unauthorized presence in the
SIDA area, and access controls that meet performance standards (for
example, proximity cards and personal identification number).
[104] Under this foreign country's previous validation program,
shippers could become known if they were validated by a certified
regulated agent and underwent site and operations inspections at least
once a year. The cargo from these customers was then considered
"secure" or "known." In 2003, the country's government introduced a new
program that removed the responsibility for assessing consignors from
regulated agents and airlines. Validations have since been carried out
by independent, government-appointed validators.
[105] GAO-06-76.
[106] Recruitment procedures must include a reference check of at least
5 years, or until the end of full-time education, without gaps.
[107] Additional information on TSA's Known Shipper program and
database is contained in our report on domestic air cargo security (GAO-
06-76).
[108] GAO, Passenger Rail Security: Enhanced Federal Leadership Needed
to Prioritize and Guide Security Efforts, GAO-05-851 (Washington, D.C.:
September 2005), and GAO, Aviation Security: Further Steps Needed to
Strengthen the Security of Commercial Airport Perimeters and Access
Controls, GAO-04-728 (Washington, D.C.: June 2004).
[109] DHS, Science and Technology Directorate, "Systems Engineering
Study of Civil Aviation Security-Phase I," April 7, 2005.
[110] TSA officials stated that as of October 2006, the agency had
completed its reexamination of the air cargo security requirements of
these five countries and confirmed that security procedures were in
place to meet the requirements.
[111] See 49 U.S.C. §§ 44903, 44906; see also 49 C.F.R. §§ 1544.3,
1546.3.
[112] See 49 U.S.C. § 44906.
[113] See 49 U.S.C. § 44907(c)-(e).
[114] According to TSA officials, the concept of reciprocity has been a
part of TSA's airport assessment program since its inception.
[115] "Air carriers" refers to both foreign and U.S.-based passenger
air carriers whose aircraft have been configured to accommodate both
passengers and cargo and all-cargo carriers whose aircraft transport
only cargo.
[116] TSA classifies over 400 commercial airports in the United States
into one of five categories (X, I, II, III, and IV) based on various
factors, such as the total number of takeoffs and landings annually and
other special security considerations.
[117] DHS determined that information on the specific domestic airports
we visited is Sensitive Security Information. The domestic airports we
visited are listed in the restricted version of this report, GAO-07-
337SU.
[118] DHS determined that information on the specific international
airports we visited is sensitive security information. The
international airports we visited are listed in the restricted version
of this report, GAO-07-337SU.
[119] DHS determined that the names of specific countries on whose air
cargo security practices and requirements we collected information are
Sensitive Security Information. These countries are identified in the
restricted version of this report, GAO-07-337SU.
[120] "Air carrier station" refers to those locations at an airport
where an air carrier conducts its operations.
[121] See 49 U.S.C. § 44907 (authorizing TSA to conduct foreign airport
assessments).
[122] TSA conducts assessments to determine the extent to which a
foreign airport effectively maintains and carries out security measures
using a standard of analysis based at least on the standards and
appropriate recommended practices contained in ICAO Annex 17. 49 U.S.C.
§ 44907(a)(2).
[123] See 49 U.S.C. § 44907(c)-(f).
[124] H.R. Conf. Rep. No. 109-241, at 53 (2005) (accompanying H.R.
5441, enacted as the Department of Homeland Security Appropriations
Act, 2006, Pub. L. No. 109-90, 110 Stat. 2064 (2005)).
[125] "Throughput" means the amount of cargo screened during a given
period of time, for example, per hour.
[126] The Seattle-Tacoma International Airport pilot requires
technology for stowaway detection that has not been operationally
tested and evaluated in that environment. According to DHS officials,
this technology was being acquired as of May 2006.
[127] Computer tomography generates a three-dimensional image of the
internals of an object from a large series of two-dimensional X-ray
images taken around a single axis of rotation.
[128] Five air carriers have agreed to participate in TSA's EDS Cargo
Pilot Program.
[129] GAO, Technology Assessment: Securing the Transport of Cargo
Containers, GAO-06-68SU, (Washington: DC: January 2006).
[130] Previous research and development efforts examining blast-
resistant containers were conducted by the Federal Aviation
Administration. For more than 10 years the agency examined the
airworthiness, ground handling, and blast resistance of hardened
containers.
[131] See Pub. L. No 108-458, § 4051, 118 Stat. 3638, 3728 (2004),
authorizing $2 million for the Assistant Secretary of Homeland Security
(Transportation Security Administration) to carry out this pilot
program.
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site.
To have GAO e-mail you a list of newly posted products every afternoon,
go to www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125
Washington, D.C. 20548:
Public Affairs:
Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548:
