Transportation Security
Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation and Surface Transportation Security Programs, but More Work Remains Gao ID: GAO-08-487T May 13, 2008Since its inception, the Transportation Security Administration (TSA) has focused much of its efforts on aviation security, and has developed and implemented a variety of programs and procedures to secure commercial aviation. More recently, TSA has taken actions to secure the nation's surface transportation modes. TSA funding for aviation security has totaled about $26 billion since fiscal year 2004, and for surface transportation security activities, about $175 million since fiscal year 2005. This testimony focuses on TSA's efforts to secure the commercial aviation system-- through passenger screening, air cargo, and watch-list matching programs--and the nation's surface transportation modes. It also addresses challenges remaining in these areas. GAO's comments are based on GAO products issued from February 2004 through April 2008 including selected updates obtained in February through April 2008.
DHS and TSA have undertaken numerous initiatives to strengthen the security of the nation's transportation system, including actions to address many recommendations made by GAO. With respect to aviation security, TSA has focused its efforts on, among other things, more efficiently allocating, deploying, and managing the Transportation Security Officer (TSO) workforce--formerly known as screeners; strengthening screening procedures; developing and deploying more effective and efficient screening technologies; strengthening domestic air cargo security; and developing a government operated watch-list matching program, known as Secure Flight. For example, in response to GAO's recommendation, TSA developed a plan to periodically review assumptions in its Staffing Allocation Model, and took steps to strengthen its evaluation of proposed procedural changes. TSA has also explored new passenger checkpoint screening technologies to better detect explosives and other threats, and has taken steps to strengthen air cargo security, including conducting compliance inspections of air carriers. Finally, TSA has instilled more discipline and rigor into Secure Flight's systems development, including preparing key documentation and strengthening privacy protections. With regard to surface transportation security, TSA has, among other things, taken steps to develop a strategic approach for securing mass transit, passenger and freight rail, commercial vehicles, and highways; established security standards for certain transportation modes; and conducted threat, criticality, and vulnerability assessments of surface transportation assets, particularly related to passenger and freight rail. While these efforts should be commended, GAO has identified several areas that should be addressed to further strengthen transportation security. For example, TSA has made limited progress in developing and deploying checkpoint technologies due to planning and management challenges. In addition, TSA has not revised screening exemptions for air cargo transported into the United States that may leave the air cargo system unacceptably vulnerable. GAO further identified that TSA experienced some program management challenges in the development of Secure Flight, including developing cost and schedule estimates consistent with best practices; fully implementing the program's risk management plan; developing a comprehensive testing strategy; and ensuring that information security requirements are fully implemented. In addition, DHS and TSA lack performance measures to fully evaluate the effectiveness of current processes for passengers who apply for redress due to inconveniences experienced during the check-in and screening process. GAO recently made recommendations to address these issues. Additionally, although TSA has recently taken actions in a number of areas to help secure surface modes of transportation, particularly passenger and freight rail, the agency has not fully defined its role with respect to securing other transportation modes, such as commercial vehicles and highway infrastructure. We are continuing to assess TSA's efforts to secure surface modes of transportation as part of our ongoing work and will report on our results later this year.
GAO-08-487T, Transportation Security: Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation and Surface Transportation Security Programs, but More Work Remains
This is the accessible text file for GAO report number GAO-08-487T
entitled 'Transportation Security: Transportation Security
Administration Has Strengthened Planning to Guide Investments in Key
Aviation and Surface Transportation Security Programs, but More Work
Remains' which was released on May 13, 2008.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Testimony before the Committee on Commerce, Science, and
Transportation, U.S. Senate:
United States Government Accountability Office:
GAO:
For Release on Delivery:
Expected at 10:00 a.m. EST:
Tuesday, May 13, 2008:
Transportation Security:
Transportation Security Administration Has Strengthened Planning to
Guide Investments in Key Aviation and Surface Transportation Security
Programs, but More Work Remains:
Statement of Cathleen A. Berrick:
Director, Homeland Security and Justice Issues:
GAO-08-487T:
GAO Highlights:
Highlights of GAO-08-487T, a testimony before the U.S. Senate Committee
on Commerce, Science, and Transportation.
Why GAO Did This Study:
Since its inception, the Transportation Security Administration (TSA)
has focused much of its efforts on aviation security, and has developed
and implemented a variety of programs and procedures to secure
commercial aviation. More recently, TSA has taken actions to secure the
nation‘s surface transportation modes. TSA funding for aviation
security has totaled about $26 billion since fiscal year 2004, and for
surface transportation security activities, about $175 million since
fiscal year 2005. This testimony focuses on TSA's efforts to secure the
commercial aviation system--through passenger screening, air cargo, and
watch-list matching programs--and the nation's surface transportation
modes. It also addresses challenges remaining in these areas. GAO's
comments are based on GAO products issued from February 2004 through
April 2008 including selected updates obtained in February through
April 2008.
What GAO Found:
DHS and TSA have undertaken numerous initiatives to strengthen the
security of the nation‘s transportation system, including actions to
address many recommendations made by GAO. With respect to aviation
security, TSA has focused its efforts on, among other things, more
efficiently allocating, deploying, and managing the Transportation
Security Officer (TSO) workforce”formerly known as screeners;
strengthening screening procedures; developing and deploying more
effective and efficient screening technologies; strengthening domestic
air cargo security; and developing a government operated watch-list
matching program, known as Secure Flight. For example, in response to
GAO‘s recommendation, TSA developed a plan to periodically review
assumptions in its Staffing Allocation Model, and took steps to
strengthen its evaluation of proposed procedural changes. TSA has also
explored new passenger checkpoint screening technologies to better
detect explosives and other threats, and has taken steps to strengthen
air cargo security, including conducting compliance inspections of air
carriers. Finally, TSA has instilled more discipline and rigor into
Secure Flight‘s systems development, including preparing key
documentation and strengthening privacy protections. With regard to
surface transportation security, TSA has, among other things, taken
steps to develop a strategic approach for securing mass transit,
passenger and freight rail, commercial vehicles, and highways;
established security standards for certain transportation modes; and
conducted threat, criticality, and vulnerability assessments of surface
transportation assets, particularly related to passenger and freight
rail.
While these efforts should be commended, GAO has identified several
areas that should be addressed to further strengthen transportation
security. For example, TSA has made limited progress in developing and
deploying checkpoint technologies due to planning and management
challenges. In addition, TSA has not revised screening exemptions for
air cargo transported into the United States that may leave the air
cargo system unacceptably vulnerable. GAO further identified that TSA
experienced some program management challenges in the development of
Secure Flight, including developing cost and schedule estimates
consistent with best practices; fully implementing the program‘s risk
management plan; developing a comprehensive testing strategy; and
ensuring that information security requirements are fully implemented.
In addition, DHS and TSA lack performance measures to fully evaluate
the effectiveness of current processes for passengers who apply for
redress due to inconveniences experienced during the check-in and
screening process. GAO recently made recommendations to address these
issues. Additionally, although TSA has recently taken actions in a
number of areas to help secure surface modes of transportation,
particularly passenger and freight rail, the agency has not fully
defined its role with respect to securing other transportation modes,
such as commercial vehicles and highway infrastructure. We are
continuing to assess TSA‘s efforts to secure surface modes of
transportation as part of our ongoing work and will report on our
results later this year.
What GAO Recommends:
GAO has made recommendations to the Department of Homeland Security
(DHS) in prior reports and testimony to strengthen screening
operations, air cargo security, and the implementation of the Secure
Flight program. DHS generally concurred with our recommendations and
has taken action to implement a number of them.
To view the full product, including the scope and methodology, click on
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-487T]. For more
information, contact Cathleen Berrick at (202) 512-3404 or
berrickc@gao.gov.
[End of section]
Mr. Chairman and Members of the Committee:
I appreciate the opportunity to participate in today's hearing to
discuss the security of our nation's transportation system. The
Transportation Security Administration (TSA) was established in 2001
with the mission to protect the transportation network while also
ensuring the free movement of people and commerce. Since its inception,
TSA has focused much of its efforts on aviation security, and has
developed and implemented a variety of programs and procedures to
secure commercial aviation. To implement these efforts, TSA funding for
aviation security has totaled about $26 billion since fiscal year 2004.
Other parties also play a role in securing commercial aviation,
including air carriers that are responsible for screening air cargo,
among other things, and the Department of Homeland Security's (DHS)
Science and Technology Directorate (S&T), which is responsible for the
research and development of aviation security technologies. TSA is also
responsible for securing surface modes of transportation, including
passenger and freight rail, mass transit, highways, commercial
vehicles, and pipelines, in partnership with other federal entities,
state and local governments, and the private sector. In carrying out
its broader homeland security responsibilities, DHS faces the daunting
challenge of determining how to allocate its finite resources within
the transportation system and across all sectors to address threats and
strengthen security.
My testimony today focuses on TSA's efforts to ensure the security of
the following key areas of commercial aviation, which represents about
$4.5 billion of the President's budget request for TSA for fiscal year
2009: 1) screening operations, including transportation security
officer (TSO) and private screener allocations, and checkpoint
screening technologies; 2) air cargo; and, 3) passenger watch-list
matching. My testimony also addresses TSA's efforts to ensure the
security of the nation's surface transportation systems. In particular,
I will address the numerous efforts TSA has taken or plans to take to
strengthen security in these areas and the challenges that remain.
My comments are based on GAO reports and testimonies issued from
February 2004 through April 2008 addressing the security of the
nation's commercial aviation and surface transportation systems,
including the status of TSA's development of the Secure Flight
program[Footnote 1] conducted in response to the Implementing
Recommendations of the 9/11 Commission Act of 2007.[Footnote 2]
Selected updates to this work were conducted in February through April
2008. We conducted these performance audits in accordance with
generally accepted government auditing standards. Those standards
require that we plan and perform the audit to obtain sufficient,
appropriate evidence to provide a reasonable basis for our findings and
conclusions based on our audit objectives. We believe that the evidence
obtained provides a reasonable basis for our findings and conclusions
based on our audit objectives.
Summary:
DHS and TSA have undertaken numerous initiatives to strengthen the
security of the nation's commercial aviation system and surface
transportation modes as well as to more effectively guide program
investments, including taking steps to address many of our prior
recommendations. Specifically, DHS and TSA have, among other things,
developed and implemented a Staffing Allocation Model to determine TSO
staffing levels at airports that reflect current operating conditions,
and provided TSOs (formerly known as screeners) with additional
training intended to enhance the detection of threat objects,
particularly improvised explosive devices. TSA also proposed and
implemented modifications to passenger checkpoint screening procedures
based on risk (threat and vulnerability) information, while considering
efficiency and customer service needs. TSA also explored new passenger
checkpoint screening technologies to enhance the detection of
explosives and other threats. Further, TSA took steps to strengthen air
cargo security, such as conducting vulnerability assessments at several
domestic airports, revising screening exemptions for domestic air
cargo, and conducting inspections of air carriers to ensure that they
are complying with existing security requirements. Finally, TSA has
instilled more discipline and rigor into Secure Flight's development
and implementation, including preparing key systems development
documentation and strengthening privacy protections. With regard to
surface transportation security, TSA has taken steps to develop a
strategic approach for securing mass transit, passenger and freight
rail, commercial vehicles, and highways; establish security standards
for certain transportation modes; and conduct threat, criticality, and
vulnerability assessments of surface transportation assets,
particularly passenger and freight rail. TSA also hired and deployed
compliance inspectors and conducted inspections of passenger and
freight rail systems, and DHS developed and administered grant programs
for various surface transportation modes.
While these efforts should be commended, we have reported on several
areas in which TSA could do more to strengthen transportation security.
For example, in our previous work, we reported that some assumptions
used in TSA's Staffing Allocation Model did not accurately reflect
airport operating conditions. We recommended that TSA establish a
formal, documented plan for reviewing all of the model assumptions on a
periodic basis. TSA agreed with our recommendation and, in December
2007, developed a Staffing Allocation Model Rates and Assumption
Validation Plan that the agency will use to review and validate model
assumptions. In addition, we reported that TSA could improve its
process for evaluating the effectiveness of proposed changes to
passenger screening procedures before implementing them nationwide. DHS
generally agreed with our findings and recommendations, and TSA has
taken some steps to implement them. We also testified that limited
progress has been made in developing and deploying checkpoint
technologies due to planning and management challenges. With respect to
air cargo, we reported that TSA has not yet developed an inspection
plan that includes performance goals and measures to determine the
extent to which air carriers transporting cargo into the United States
are complying with security requirements. Moreover, while TSA has made
considerable progress in the development and implementation of Secure
Flight, it has not fully addressed program management issues related to
developing cost and schedule estimates consistent with best practices,
fully implementing its risk management plan, developing a comprehensive
testing strategy, and ensuring that information security requirements
are fully implemented. With regard to surface transportation security,
TSA has initiated efforts to develop security standards for passenger
and freight rail, but has not yet determined its regulatory role with
respect to other surface modes of transportation. Moreover, although
TSA has made progress in conducting compliance inspections of some
surface transportation systems, inspectors' roles and missions have not
been fully defined.
In addition to the recommendations discussed above, we have made other
recommendations to strengthen passenger screening operations, air cargo
security, and the implementation of the Secure Flight program. DHS and
TSA generally agreed with our recommendations and have taken action to
implement a number of them.
Background:
The Aviation and Transportation Security Act (ATSA), enacted in
November 2001, created TSA and gave it responsibility for securing all
modes of transportation.[Footnote 3] As part of this responsibility,
TSA oversees security operations at the nation's more than 400
commercial airports, including establishing requirements for passenger
and checked baggage screening and ensuring the security of air cargo
transported to, from, and within the United States. TSA has operational
responsibility for conducting passenger and checked baggage screening
at most airports, and has regulatory, or oversight, responsibility, for
air carriers who conduct air cargo screening. While TSA took over
responsibility for passenger checkpoint and baggage screening, air
carriers have continued to conduct passenger watch-list matching in
accordance with TSA requirements, which includes the process of
matching passenger information against federal watch-list data before
flights depart. TSA is currently developing a program to take over this
responsibility from air carriers for passengers on domestic flights,
and plans to assume from the U.S. Customs and Border Protection (CBP)
the pre-departure name-matching function for passengers on
international flights traveling to or from the United States.
According to DHS's budget execution reports and TSA's congressional
budget justifications, TSA received appropriations for aviation
security that total about $26 billion since fiscal year 2004.[Footnote
4] During fiscal year 2004--the first year for which data were
available--TSA received about $3.9 billion for aviation security
programs, and during fiscal year 2008, received about $6.1 billion. The
President's budget request for fiscal year 2009 includes about $6.0
billion to continue TSA's aviation security activities. This total
includes about $5.3 billion specifically designated for aviation
security and about $0.76 billion for aviation-security related
programs, such as Secure Flight, and mandatory fee accounts, such as
the Aviation Security Capital Fund. Figure 1 identifies reported
aviation security funding for fiscal years 2004 through 2008.
Figure 1: TSA's Reported Aviation Security Funding for Fiscal Years
2004 through 2008 (as reported by TSA, dollars in billions):
[See PDF for image]
This figure is a stacked bar graph depicting the following data:
Fiscal year: 2004[A];
Designated funding for aviation security: $3.7 billion;
Funding for programs, projects and activities (PPAs) related to
aviation security[C]: $0.2 billion.
Fiscal year: 2005[A];
Designated funding for aviation security: $4.3 billion;
Funding for programs, projects and activities (PPAs) related to
aviation security[C]: $0.4 billion.
Fiscal year: 2006[B];
Designated funding for aviation security: $4.6 billion;
Funding for programs, projects and activities (PPAs) related to
aviation security[C]: $1.0 billion.
Fiscal year: 2007[B];
Designated funding for aviation security: $4.8 billion;
Funding for programs, projects and activities (PPAs) related to
aviation security[C]: $0.8 billion.
Fiscal year: 2008[B];
Designated funding for aviation security: $4.8 billion;
Funding for programs, projects and activities (PPAs) related to
aviation security[C]: $1.3 billion.
Source: GAO analysis of TSA budget execution reports for fiscal years
2004 to 2007 and TSA‘s Congressional Budget Justification for
fiscal year 2009.
Note: We used the September 30th budget execution reports for our
analysis of TSA funding for fiscal years 2004 through 2006. For fiscal
years 2007 and 2008, we used TSA's fiscal year 2009 congressional
budget justification. According to the budget execution reports and
congressional budget justification, figures presented include all
rescissions and supplemental funding for the fiscal years.
[A] Fiscal years 2004 and 2005 include approximately $330 million in
research and development funding for aviation security. Beginning in
fiscal year 2006, research and development funding was consolidated
within DHS S&T. Therefore, this funding, as reflected in TSA's budget
documentation, is not included as part of TSA's appropriation from
fiscal year 2006 forward.
[B] Fiscal years 2006, 2007, and 2008 include approximately $680
million, $720 million, and $770 million respectively, in funding for
the Federal Air Marshals Service, which was transferred back to TSA
from U.S. Immigration and Customs Enforcement in October 2005. Federal
Air Marshal Service funding is included within totals for related
aviation security programs, projects, and activities for fiscal years
2006, 2007, and 2008.
[C] Funding for aviation security-related programs, projects, and
activities is reported separately. However, TSA designated funds from
other programs, projects, and activities to aviation security as well,
which represents the unshaded areas.
[End of figure]
TSA is also responsible for securing surface modes of transportation,
including passenger and freight rail, mass transit, highways,
commercial vehicles, and pipelines, in partnership with other federal
entities, state and local governments, and the private sector.
According to TSA congressional budget justifications, TSA received
appropriations for surface transportation security that totaled about
$175 million since fiscal year 2005. During fiscal year 2005--the first
year for which data were available--TSA received about $36 million for
surface transportation security programs. TSA further received $52
million during fiscal year 2006, $41 million during fiscal year 2007,
and $47 million during fiscal year 2008 for securing surface modes of
transportation. The President's budget request for fiscal year 2009
includes about $37 million, about $10 million less than last year's
appropriation, to continue TSA's surface transportation security
activities, including conducting compliance inspections, developing
best practices and standards, assessing security vulnerabilities,
establishing baseline data against which to evaluate minimum-security
standards, and providing domain awareness training.
Airline Passenger and Checked Baggage Screening:
One of the most significant changes mandated by ATSA was the shift from
the use of private-sector screeners to perform airport screening
operations to the use of federal screeners (now referred to as TSOs).
Prior to ATSA, passenger and checked baggage screening had been
performed by private screening companies under contract to airlines.
ATSA established TSA and required it to create a federal workforce to
assume the job of conducting passenger and checked baggage screening at
commercial airports. The federal screener workforce was put into place,
as required, by November 2002.[Footnote 5]
Passenger screening is a process by which personnel authorized by TSA
inspect individuals and property to deter and prevent the carriage of
any unauthorized explosive, incendiary, weapon, or other dangerous item
into a sterile area or onboard an aircraft.[Footnote 6] Passenger
screening personnel must inspect individuals for prohibited items at
designated screening locations. The four passenger screening functions
are X-ray screening of property, walk-through metal detector screening
of individuals, hand-wand or pat-down screening of individuals, and
physical search of property and trace detection for explosives.
Typically, passengers are only subjected to X-ray screening of their
carry-on items and screening by the walk-through metal detector.
Passengers whose carry-on baggage alarms the X-ray machine, who alarm
the walk-through metal detector, or who are designated as selectees--
that is, passengers selected by the Computer Assisted Passenger Pre-
Screening System (CAPPS) or other TSA-approved processes to designate
passengers for additional screening--are screened by hand-wand or pat-
down and have their carry-on items either screened for explosives
traces or physically searched[Footnote 7].:
Checked baggage screening is a process by which authorized security
screening personnel inspect checked baggage to deter, detect, and
prevent the carriage of any unauthorized explosive, incendiary, or
weapon onboard an aircraft. Checked baggage screening is accomplished
through the use of explosive detection systems[Footnote 8] or explosive
trace detection systems,[Footnote 9] and through the use of approved
alternative means, such as manual searches and canine teams when the
explosive detection or explosive trace detection systems are
unavailable.
The passenger and checked baggage screening systems are composed of
three elements: the people (TSOs) responsible for conducting the
screening of airline passengers and their carry-on items and checked
baggage, the technology used during the screening process, and the
procedures TSOs are to follow to conduct screening. Collectively, these
elements help to determine the effectiveness and efficiency of
passenger and checked baggage screening operations.
Air Cargo Security:
Air cargo ranges in size from one pound to several tons, and in type
from perishables to machinery, and can include items such as electronic
equipment, automobile parts, clothing, medical supplies, other dry
goods, fresh cut flowers, fresh seafood, fresh produce, tropical fish,
and human remains. Cargo can be shipped in various forms, including
large containers known as unit loading devices that allow many packages
to be consolidated into one container that can be loaded onto an
aircraft, wooden crates, assembled pallets, or individually wrapped/
boxed pieces, known as break bulk cargo.
TSA's responsibilities for securing air cargo include, among other
things, establishing security rules and regulations governing domestic
and foreign passenger air carriers that transport cargo, domestic and
foreign all-cargo carriers that transport cargo, and domestic indirect
air carriers. TSA is also responsible for overseeing the implementation
of air cargo security requirements by air carriers and indirect air
carriers through compliance inspections, and, in coordination with
DHS's S&T Director, for conducting research and development of air
cargo security technologies. Air carriers (passenger and all-cargo) are
responsible for implementing TSA security requirements, predominantly
through a TSA-approved security program that describes the security
policies, procedures, and systems the air carrier will implement and
maintain in order to comply with TSA security requirements. Air
carriers must also abide by security requirements issued by TSA through
security directives or emergency amendments to air carrier security
programs.
Air carriers use several methods and technologies to screen domestic
and inbound air cargo.[Footnote 10] These include manual physical
searches and comparisons between airway bills and cargo contents to
ensure that the contents of the cargo shipment matches the cargo
identified in documents filed by the shipper, as well as using approved
technology, such as X-ray systems, explosive trace detection systems,
decompression chambers, explosive detection systems, and certified
explosive detection canine teams.[Footnote 11] Under TSA's security
requirements for domestic and inbound air cargo, passenger air carriers
are currently required to randomly screen a specific percentage of non
exempt air cargo pieces listed on each airway bill. All-cargo carriers
are required to screen 100 percent of air cargo that exceeds a specific
weight threshold. As of October 2006, domestic indirect air carriers
are also required, under certain conditions, to screen a certain
percentage of air cargo prior to its consolidation. TSA, however, does
not regulate foreign freight forwarders, or individuals or businesses
that have their cargo shipped by air to the United States. Under the
Implementing Recommendations of the 9/11 Commission Act of 2007, DHS is
required to implement a system to screen 50 percent of air cargo
transported on passenger aircraft by February 2009, and 100 percent of
such cargo by August 2010.[Footnote 12]
Airline Passenger Watch-List Matching:
The prescreening of airline passengers who may pose a security risk
before they board an aircraft is one of many layers of security
intended to strengthen commercial aviation. One component of
prescreening is passenger watch-list matching--or the process of
matching passenger information against the No-Fly and Selectee lists to
identify passengers who should be denied boarding or who should undergo
additional security scrutiny.[Footnote 13]
Aircraft operators are currently responsible for checking passenger
information against the No-Fly and Selectee lists to identify
passengers who should be denied boarding or who should undergo
additional security scrutiny. To further enhance commercial aviation
security and in accordance with the Intelligence Reform and Terrorism
Prevention Act of 2004 (IRTPA), TSA is developing a program to assume
from air carriers the function of matching passenger information
against government-supplied terrorist watch-lists for domestic
flights.[Footnote 14] Secure Flight is the program through which TSA
plans to meet this requirement. Following domestic implementation, TSA,
through Secure Flight, plans to assume responsibility from CBP for
watch-list matching of passengers on international flights bound to and
from the United States. Secure Flight's mission is to enhance the
security of commercial air travel by:
* eliminating inconsistencies in current air carrier watch-list
matching procedures,
* reducing the number of individuals who are misidentified as being on
the No Fly or Selectee list,
* reducing the risk of unauthorized disclosure of sensitive watch-list
information, and:
* integrating the redress process so that individuals are less likely
to be improperly or unfairly delayed or prohibited from boarding an
aircraft.
TSA plans to implement Secure Flight in three releases. During Release
One, completed in March 2008, TSA developed and tested the Secure
Flight system. During Release Two, scheduled to be conducted from April
2008 through August 2008, TSA plans to begin parallel testing with air
carriers during which both Secure Flight and air carriers will perform
watch-list matching. Finally, during Release Three, TSA is to develop
the capability for "airline cutovers" during which Secure Flight plans
to begin conducting all watch-list matching for domestic air
passengers. Release Three is scheduled to begin in September 2008.
Domestic cutovers are expected to begin in January 2009 and be
completed in July 2009. TSA plans to assume from CBP watch-list
matching for flights departing from and to the United States some time
after domestic cutovers are completed.
Over the last 5 years, we have reported that the Secure Flight program
(and its predecessor CAPPS II) had not met key milestones or finalized
its goals, objectives, and requirements, and faced significant
development and implementation challenges.[Footnote 15] Acknowledging
the challenges it faced with the program, TSA suspended the development
of Secure Flight and initiated a reassessment, or re-baselining, of the
program in February 2006, which was completed in January 2007. We were
mandated by the Implementing Recommendations of the 9/11 Commission Act
of 2007 to assess various aspects of Secure Flight's development and
implementation.[Footnote 16] In accordance with the act, we reviewed
(1) TSA's efforts to develop reliable cost and schedule estimates for
Secure Flight; (2) progress made by TSA in developing and implementing
the Secure Flight system, including the implementation of security
controls; (3) TSA's efforts to coordinate with CBP to integrate Secure
Flight with CBP's watch-list matching function for international
flights; (4) TSA's plans to protect private passenger information under
Secure Flight; and (5) DHS's efforts to assess the effectiveness of the
current redress process for passengers misidentified as being on or
wrongly assigned to the No Fly or Selectee list.[Footnote 17]
TSA's available funding for the Secure Flight program during fiscal
year 2007 was $32.5 million.[Footnote 18] In fiscal year 2008, TSA
received $50 million and requested a transfer of an additional $24
million to the program under statutory authority, making as much as $74
million available for the program in fiscal year 2008.[Footnote 19] For
fiscal year 2009, TSA has requested $82 million in funding to allow the
agency to continue development and implementation of the Secure Flight
program and the full assumption of the watch-list matching function in
fiscal year 2010.
Surface Transportation Security:
TSA shares responsibility for securing surface transportation modes
with federal, state, and local governments and the private sector.
TSA's security mission includes establishing security standards and
conducting assessments and inspections of surface transportation modes,
including passenger and freight rail; mass transit; highways and
commercial vehicles; and pipelines. The Federal Emergency Management
Agency's Grant Programs Directorate provides grant funding to surface
transportation operators and state and local governments, and the
National Protection and Programs Directorate, in conjunction with the
grant allocation process, conducts risk assessments of surface
transportation facilities. Within the Department of Transportation
(DOT), the Federal Transit Administration (FTA) and Federal Railroad
Administration (FRA) have responsibilities for establishing standards
for passenger rail safety and security. In addition, public and private
sector transportation operators are responsible for implementing
security measures for their systems.
TSA Has Made Significant Enhancements to Its Passenger Screening
Operations, but Can Further Strengthen Its Efforts:
TSA has taken significant steps to strengthen the three key elements of
the screening system--people (TSOs and private screeners), screening
procedures, and technology--but has faced management, planning, and
funding challenges. For example, TSA developed a Staffing Allocation
Model to determine TSO staffing levels at airports that reflect current
operating conditions, and implemented several initiatives intended to
enhance the detection of threat objects, particularly improvised
explosives. We reported that TSA also proposed modifications to
passenger checkpoint screening procedures based on risk (threat and
vulnerability information), among other factors, but could do more
evaluation of proposed procedures before they are implemented to help
ensure that they achieve their intended results. Finally, TSA is
exploring new technologies to enhance the detection of explosives and
other threats, but continues to face management and funding challenges
in developing and fielding technologies at airport checkpoints.
Of the approximately $6.0 billion requested for aviation security in
the President's fiscal year 2009 budget request, about $4.0 billion, or
approximately 66 percent, is for passenger and checked baggage
screening. This includes approximately $3.9 billion to support
passenger and checked baggage screening operations, such as TSO
salaries and training, and about $154 million for the procurement and
installation of checked baggage explosive detection systems. [Footnote
20]
TSA Has Efforts Under Way to Strengthen the Allocation of Its TSO
Workforce:
TSA has implemented several efforts intended to strengthen the
allocation of its TSO workforce. We reported in February 2004 that
staffing shortages and TSA's hiring process had hindered the ability of
some Federal Security Directors (FSD)--the ranking TSA authorities
responsible for leading and coordinating security activities at
airports--to provide sufficient resources to staff screening
checkpoints and oversee screening operations at their checkpoints
without using additional measures such as overtime.[Footnote 21] Since
that time, TSA has developed a Staffing Allocation Model to determine
TSO staffing levels at airports. [Footnote 22] In August 2005, TSA
determined that the Staffing Allocation Model contained complete and
accurate information on each airport from which to estimate staffing
needs, and the agency used the model to identify TSO allocations for
each airport.
FSDs we interviewed during 2006 as part of our review of TSA's staffing
model generally reported that the model is a more accurate predictor of
staffing needs than TSA's prior staffing model. However, FSDs expressed
the following concerns about assumptions used in the fiscal year 2006
model:
* the model assumed that airports could achieve a 20 percent part-time
TSO level, even though it was difficult for airports to achieve this;
* the model did not specifically account for the recurrent training
requirement for TSOs of 3 hours per week averaged over a fiscal year
quarter; and:
* the model did not account for TSO's time away from screening to
perform operational support duties.
To help ensure that TSOs are effectively utilized, we recommended that
TSA establish a policy for when TSOs can be used to provide operational
support. Consistent with our recommendation, in March 2007, TSA issued
a management directive that provides guidance on assigning TSOs,
through detail or permanent promotion, to duties of another position
for a specified period of time. Further, in response to FSDs' input and
the various mechanisms TSA had implemented to monitor the sufficiency
of the model's allocation outputs, TSA made changes to some assumptions
in the Staffing Allocation Model for fiscal year 2007, including
assumptions related to part-time TSOs, training, and operational
support to address the issues identified above. In our February 2007
report, we recommended that TSA establish a formal, documented plan for
reviewing all of the model assumptions on a periodic basis to ensure
that the assumptions result in TSO staffing allocations that accurately
reflect operating conditions that may change over time. TSA agreed with
our recommendation and, in December 2007, developed a Staffing
Allocation Model Rates and Assumptions Validation Plan. The plan
identifies the process TSA will use to review and validate the model's
assumptions on a periodic basis.
Although we did not independently review TSA's staffing allocation for
fiscal year 2008, the TSA fiscal year 2009 budget justification
identified that the agency has achieved operational and efficiency
gains that enabled them to implement or expand several workforce
initiatives involving TSOs, which are summarized in table 1. For
example, TSA reported making several changes to the fiscal year 2008
Staffing Allocation Model, such as decreasing the allocation for time
paid not worked (annual, sick, and military leave; compensatory time;
and injury time off) based on past performance data. TSA also reported
revising the exit lane staffing based on each checkpoint's unique
operating hours rather than staffing all exit lanes based on the
maximum open hours for any checkpoint at an airport.
Table 1: TSA Workforce Initiatives Involving Transportation Security
Officers (TSOs):
Workforce initiative: Travel document checker;
Description of initiative: TSA implemented the travel document checker
initiative at over 250 smaller airports during fiscal year 2007.
According to the TSA fiscal year 2009 budget justification, through
savings realized through adjustments in the fiscal year 2008 Staffing
Allocation Model, TSA was able to fund 1,033 additional full-time-
equivalent TSOs for the travel document checker initiative. This
program is intended to ensure that only passengers with authentic
travel documents access the sterile areas of airports and board
aircraft. TSA's budget justification identifies that in fiscal year
2007 the agency implemented this program at over 340 of the 450
airports with federal TSOs.
Workforce initiative: Behavior detection officers;
Description of initiative: TSA completed its planned deployment of the
behavior detection officer program. These officers screen passengers by
observation technique (also known as SPOT) to identify potentially high-
risk passengers based on involuntary physical and physiological
reactions. During fiscal year 2007, 643 behavior detection officers
were deployed at 42 airports.
Workforce initiative: Bomb appraisal officers;
Description of initiative: TSA completed the planned deployment of the
Bomb Appraisal Officer program. These officers, who have undergone
training in the disposal of explosives, provide formal training to TSOs
to increase their ability to recognize potential improvised explosive
devices and components. The Bomb Appraisal Officer Program was formally
implemented at 107 airports during fiscal year 2007.
Workforce initiative: Visible Intermodal Protection and Response Teams;
Description of initiative: According to TSA, the agency deployed
Visible Intermodal Protection and Response Teams to airports around the
country. These teams--comprised of TSOs, behavior detection officers
and other aviation security employees--are responsible for screening
passengers, looking for suspicious behavior, and acting as a visible
deterrent in multiple transportation sectors, including buses, mass
transit stations, and airports. TSA's budget justification identified
that as of February 2008, TSA had deployed over 100 Visible Intermodal
Protection and Response Teams to airports and mass transit systems
around the country.
Workforce initiative: Aviation Direct Access Screening Program;
Description of initiative: The Aviation Direct Access Screening Program
is intended to provide uniform procedures and standards for TSOs to
screen individuals, their accessible property, and vehicles upon
entering secure airport areas, and conduct visual inspections of
aircraft. Under this program, TSOs are to screen aviation workers and
inspect for the presence of explosives, incendiaries, weapons, and
other prohibited items, improper airport identification media, and
items identified through specific intelligence. In March 2007, TSA
required Federal Security Directors to implement the Aviation Direct
Screening Program at each of their assigned airports.
Source: TSA Fiscal Year 2009 budget justification.
[End of table]
TSA's fiscal year 2009 budget justification includes $2.7 billion for
the federal TSO workforce, and represents an increase of about $80
million over fiscal year 2008 funding. Of the $80 million increase,
about $38 million is for cost of living adjustments, and about $42
million is for the annualization of the full-year cost of the Behavior
Detection Officer and Aviation Direct Access Screening Program
positions. According to DHS' budget justification, the $2.7 billion
includes funding for compensation and benefits of 45,643 full-time
equivalent personnel--approximately 46,909 TSOs and about 1,100
screening managers.[Footnote 23] Table 2 identifies the total TSO and
screening manager full-time equivalents and the funding levels for
fiscal years 2005 through 2008, as reported by TSA.
Table 2: Passenger and Checked Baggage TSO and Screening Manager Full-
time Equivalents and Actual Spending for TSO Personnel, Compensation,
and Benefits, by Fiscal Year:
Total TSOs and screening managers at airports nationwide:
Fiscal year: FY 2005: 45,690;
Fiscal year: FY 2006: 42,187;
Fiscal year: FY 2007: 42,592;
Fiscal year: FY 2008[A]: 45,438.
Fiscal year:
Actual spending (dollars in thousands):
Fiscal year: FY 2005: $2,291,572;
Fiscal year: FY 2006: $2,251,503;
Fiscal year: FY 2007: $2,444,455;
Fiscal year: FY 2008[A]: $2,636,104.
Source: TSA.
[A] Fiscal year 2008 figures represent TSA's budget in accordance with
funds appropriated through Division E of the Consolidated
Appropriations Act, 2008.
[End of table]
TSA Has Taken Steps to Strengthen Passenger Screening Procedures, but
Could Improve Its Evaluation and Documentation of Proposed Procedures:
In addition to TSA's efforts to strengthen the allocation of its TSO
workforce, TSA has taken steps to strengthen passenger checkpoint
screening procedures to enhance the detection of prohibited items.
However, we have identified areas where TSA could improve its
evaluation and documentation of proposed procedures. In April 2007, we
reported that TSA officials considered modifications to its standard
operating procedures (SOP) based on risk information (threat and
vulnerability information), daily experiences of staff working at
airports, and complaints and concerns raised by the traveling
public.[Footnote 24]
We further reported that for more significant SOP modifications, TSA
first tested the proposed modifications at selected airports to help
determine whether the changes would achieve their intended purpose, as
well as to assess its impact on screening operations. However, we
reported that TSA's data collection and analyses could be improved to
help TSA determine whether proposed procedures that are operationally
tested would achieve their intended purpose. We also found that TSA's
documentation on proposed modifications to screening procedures was not
complete. We recommended that TSA develop sound evaluation methods,
when possible, to assess whether proposed screening changes would
achieve their intended purpose and generate and maintain documentation
on proposed screening changes that are deemed significant. DHS
generally agreed with our recommendations and TSA has taken steps to
implement them. For example, for several proposed SOP changes
considered during the fall of 2007, TSA provided documentation that
identified the sources of the proposed changes and the reasons why the
agency decided to accept or reject the proposed changes.
Once proposed SOP changes have been implemented, it is important that
TSA have a mechanism in place to ensure that TSOs are complying with
established procedures. In our April 2007 report, we identified that
TSA monitors TSO compliance with passenger checkpoint screening SOPs
through its performance accountability and standards system--which was
implemented in response to a recommendation by us in 2003[Footnote 25]
and in response to airport staff concerns--and through local and
national covert testing. We further reported that some TSA airport
officials have experienced resource challenges in implementing these
compliance monitoring efforts. TSA headquarters officials stated that
they were taking steps, such as automating the performance
accountability and standards system data entry functions, to address
this challenge. Since then, TSA has also implemented a new local covert
testing program nationwide, known as the Aviation Screening Assessment
Program. This program is intended to measure TSO performance using
realistic and standardized test scenarios to achieve a national TSO
assessment measurement. TSA plans to use these test results to identify
vulnerabilities across screening operations and to provide
recommendations for addressing the vulnerabilities to various
stakeholders within TSA.
DHS and TSA Are Pursuing New Checkpoint Technologies to Enhance the
Detection of Explosives and Other Threats, but Continue to Face
Challenges:
We reported in February 2007[Footnote 26] that S&T and TSA[Footnote 27]
were exploring new passenger checkpoint screening technologies to
enhance the detection of explosives and other threats. However, we
found that limited progress had been made in fielding explosives
detection technology at passenger screening checkpoints, in part due to
challenges S&T and TSA faced in coordinating research and development
efforts. TSA requested $103.2 million in its fiscal year 2009 budget
request for checkpoint technology and checkpoint reconfiguration. Among
other things, TSA plans to procure and deploy Advanced Technology
Systems to further extend explosives and prohibited item detection
coverage at category X and I checkpoints. The President's budget
request also identifies that TSA may purchase Whole Body Imagers,
Bottled Liquids Scanners, Cast and Prosthesis Imagers, shoe scanner
systems, technology integration solutions, and additional units or
upgrades to legacy equipment, among other technologies. TSA further
requested $11.5 million to support the optimization and reconfiguration
of additional checkpoint lanes to accommodate anticipated airport
growth and maintain throughput at the busiest airport checkpoints.
Of the various emerging checkpoint screening projects funded by TSA and
S&T, the explosive trace portal and the bottled liquids scanning device
have been deployed to airport checkpoints, and a number of additional
projects have initiated procurements or are being researched and
developed. [Footnote 28] Table 3 provides a description of passenger
checkpoint screening technologies that have been deployed as well as
technologies that have initiated procurements or are in research and
development. This list of technologies is limited to those for which
TSA could provide documentation. TSA is planning to develop and deploy
additional technologies. We are continuing to assess TSA's deployment
of new checkpoint screening technologies in our ongoing work and expect
to report on the results of this work later this year.
Table 3: Description of Passenger Checkpoint Screening Technologies
Deployed, Procured, or in Research and Development as of January 2008:
Technology: Explosives trace portals;
Description: Detects trace amounts of explosives on persons (will
reduce the size of the current explosives trace portals at
checkpoints);
Status: TSA initiated deployment of 95 portals to airports. However, in
June 2006, TSA halted the acquisition and deployment of the portals due
to performance and maintenance issues. Currently, 114 portals are in
storage, which were purchased at a total cost of over $20 million.
Technology: Bottled liquids scanners;
Description: Screens for liquid explosives;
Status: During fiscal year 2007, TSA procured 200 units. One hundred
and forty three units have been deployed to airports. For fiscal year
2008, TSA plans to procure 700 units.
Technology: Cast and prosthesis scanners;
Description: Provides a 2-dimensional image of the area beneath a cast
or inside a prosthetic device;
Status: TSA procured 34 units during fiscal year 2007 and expects
delivery of the first unit in February 2008. TSA plans to deploy this
technology to airports during 2008.
Technology: Advanced Technology Systems;
Description: TSA plans to replace the Threat Image Projection Ready X-
ray machines currently used at category X airports with Advanced
Technology Systems that are intended to improve detection capability
and performance;
Status: During 2007, testing was conducted on this technology,
including operational testing at four airports. TSA procured 250 units
during fiscal year 2007, and plans to procure 677 units and deploy 429
units during fiscal year 2008.
Technology: Checkpoint explosives detection systems;
Description: Creates a three dimensional image of bags to detect
explosives and other nonmetallic items;
Status: This technology is currently undergoing various types of
testing, including operational testing. During fiscal year 2007, TSA
procured 20 units to be deployed starting in 2008.
Technology: Whole body imagers;
Description: Provides two-dimensional, full-body images of all items on
a passenger's body, including plastic explosives and concealed
metallic, non-metallic, and ceramic or plastic objects;
Status: TSA is conducting operational pilot testing of the whole body
imager at one airport. If the testing is successful, TSA plans to
procure and deploy the first units to airports during 2008.
Source: TSA.
[End of table]
Despite TSA's efforts to develop passenger checkpoint screening
technologies, we reported that limited progress has been made in
fielding explosives detection technology at airport checkpoints. For
example, we reported that TSA had anticipated that the explosives trace
portals would be in operation throughout the country during fiscal year
2007. However, due to performance and maintenance issues, TSA halted
the acquisition and deployment of the portals in June 2006. As a
result, TSA has fielded less than 25 percent of the 434 portals it
projected it would deploy by fiscal year 2007. TSA officials are
considering what to do with the portals that were procured and are
currently in storage. In addition to the portals, TSA has fallen behind
in its projected acquisition of other emerging screening technologies.
For example, we reported that the acquisition of 91 Whole Body Imagers
was previously delayed in part because TSA needed to develop a means to
protect the privacy of passengers screened by this technology.
While TSA and DHS have taken steps to coordinate the research,
development, and deployment of checkpoint technologies, we reported in
February 2007 that challenges remained. For example, TSA and S&T
officials stated that they encountered difficulties in coordinating
research and development efforts due to reorganizations within TSA and
S&T. A senior TSA official further stated at the time that, while TSA
and the DHS S&T have executed a memorandum of understanding to
establish the services that the Transportation Security Laboratory is
to provide to TSA, coordination with S&T remained a challenge because
the organizations had not fully implemented the terms of the agreement.
Since our February 2007 testimony, according to TSA and S&T,
coordination between them has improved.
We also reported that TSA did not have a strategic plan to guide its
efforts to acquire and deploy screening technologies, and that a lack
of a strategic plan or approach could limit TSA's ability to deploy
emerging technologies at those airport locations deemed at highest
risk. The Consolidated Appropriations Act, 2008, provides that, of
TSA's appropriated funds for Transportation Security Support,
$10,000,000 may not be obligated until the Secretary of Homeland
Security submits to the House and Senate Committees on Appropriations
detailed expenditure plans for checkpoint support and explosive
detection systems refurbishment, procurement, and installation on an
airport-by-airport basis for fiscal year 2008, along with the strategic
plan for checkpoint technologies previously requested by the committees
no later than 60 days after the date of enactment of the Act (enacted
December 26, 2007). According to TSA officials, they currently plan to
submit the strategic plan to Congress by June 2008. We will continue to
evaluate S&T's and TSA's efforts to research, develop and deploy
checkpoint screening technologies as part of our ongoing review.
TSA Has Taken Action to Strengthen Air Cargo Security, but Additional
Efforts Are Needed:
TSA has taken steps to enhance domestic and inbound air cargo security,
but more work remains to strengthen this area of aviation security. For
example, TSA has issued an Air Cargo Strategic Plan that focused on
securing the domestic air cargo supply chain. However, in April 2007,
we reported that this plan did not include goals and objectives for
addressing the security of inbound air cargo, or cargo transported into
the United States from a foreign location, which presents different
security challenges than cargo transported domestically.[Footnote 29]
We also reported that TSA had not conducted vulnerability assessments
to identify the range of security weaknesses that could be exploited by
terrorists related to air cargo operations. In addition, we also
reported that TSA had established requirements for air carriers to
randomly screen air cargo, but had exempted some domestic and inbound
cargo from screening. With respect to inbound air cargo, we reported
that TSA lacked an inspection plan with performance goals and measures
for its inspection efforts, and recommended that TSA develop such a
plan. Finally, TSA is taking steps to compile and analyze information
on air cargo security practices used abroad to identify those that may
strengthen DHS's overall air cargo security program, as we recommended.
For fiscal year 2009, the President's budget includes a request of
about $104 million for TSA's air cargo security program. Specifically;
TSA is requesting $52 million for 460 air cargo inspectors, $33.5
million for 170 canine teams, and $2.8 million for the Certified Cargo
Screening Program.[Footnote 30] We issued two reports that examined
TSA's efforts to secure domestic air cargo and inbound air
cargo.[Footnote 31] Table 4 summarizes our key findings,
recommendations, and TSA's response.
Table 4: Key GAO Recommendations Related to Air Cargo Security and
TSA's Response[Footnote 32]:
Identified Issue: Air Cargo Strategic Plan did not include goals and
objectives for addressing the security of air cargo transported into
the United States from another country;
Recommendation: DHS develop a risk-based strategy to address inbound
air cargo security that should define TSA's and CBP's responsibilities
for ensuring the security of inbound air cargo;
Status: CBP issued its International Air Cargo Security Strategic Plan
in June 2007. According to TSA officials, the agency plans to revise
its Air Cargo Strategic Plan during the third quarter of fiscal year
2008, and will incorporate a strategy for addressing inbound air cargo
security, including how the agency will partner with CBP. TSA reported
that the updated strategic plan will also incorporate the requirement
that TSA develop a system to screen 100 percent of air cargo prior to
its transport on passenger aircraft as required by the Implementing
Recommendations of the 9/11 Commission Act of 2007.
Identified Issue: TSA had not conducted vulnerability assessments to
identify the range of security weaknesses that could be exploited by
terrorists related to air cargo operations;
Recommendation: TSA develop a methodology and schedule for completing
these assessments;
Status: TSA implemented an Air Cargo Vulnerability Assessment program
in November 2006 and, as of April 2008, had completed vulnerability
assessments at five domestic airports. TSA plans to complete
assessments of all Category X airports by 2009. Officials stated that
the results of these assessments will assist the agency with its
efforts to collaborate with foreign governments to conduct joint
assessments at foreign airports that will include a review of air cargo
vulnerabilities.
Identified Issue: TSA established requirements for air carriers to
randomly screen air cargo, but exempted some domestic and inbound cargo
from screening;
Recommendation: TSA examine the rationale for existing domestic and
inbound air cargo screening exemptions and determine whether such
exemptions left the air cargo system unacceptably vulnerable;
Status: TSA issued a security directive and emergency amendment in July
2007 to domestic and foreign air carriers operating within and from the
United States that limited the screening exemptions; however, these did
not apply to inbound air cargo. The Implementing Recommendations of the
9/11 Commission Act of 2007 requires DHS to conduct an assessment of
screening exemptions granted under 49 U.S.C. § 44901(i)(1) for cargo
transported on passenger aircraft and an analysis to assess the risk of
maintaining such exemptions. TSA's assessment, issued in February 2008,
includes the agency's plans to maintain, revise, or eliminate screening
exemptions for particular cargo types transported on passenger aircraft
departing from both domestic and foreign locations. GAO is required to
review the methodology used in this assessment and report back to
Congress by June 24, 2008, 120 after its issuance.
Identified Issue: TSA had not developed measures to assess the adequacy
of air carrier compliance with air cargo security requirements, or
assessed the results of its domestic compliance inspections to target
higher-risk air carriers or indirect air carriers for future reviews;
Recommendation: TSA systematically analyze compliance inspection
results and use the results to target future inspections;
Status: TSA has increased the number of inspectors dedicated to
conducting domestic air cargo compliance inspections, and has begun
analyzing the results of these inspections to prioritize their
inspections on those entities that have the highest rates of
noncompliance, as well as newly approved entities that have yet to be
inspected.
Identified Issue: TSA lacked an inbound air cargo compliance inspection
plan with performance goals and measures for its inspection efforts;
Recommendation: TSA develop such a plan;
Status: TSA officials stated that the agency formed an International
Cargo Working Group to develop inspection prompts to guide inspectors
in their examinations of foreign and U.S. air cargo operators departing
from foreign locations to the United States.
Identified Issue: GAO identified foreign security practices that are
currently not used by TSA but that potentially could help strengthen
the security of inbound and domestic air cargo supply chains. TSA did
not systematically collect information on such practices;
Recommendation: TSA compile and analyze information on air cargo
security practices used abroad to identify those that may strengthen
DHS's overall air cargo security program;
Status: TSA is taking steps to compile and analyze this information.
According to TSA officials, the agency reviewed foreign countries'
models for screening air cargo, which is performed early in the supply
chain by government certified shippers and freight forwarders, when
designing their Certified Cargo Screening Program. TSA officials
believe this program will assist the agency in meeting the requirement
to screen 100 percent of air cargo transported on passenger aircraft by
August 2010, as mandated by the Implementing Recommendations of the
9/11 Commission Act of 2007. We have not independently assessed TSA's
Certified Cargo Screening Program.
Source: GAO Analysis.
[End of table]
TSA Has Made Progress in Developing and Implementing the Secure Flight
Program, but Can Further Strengthen Its Efforts:
In February 2008, we reported that TSA has made substantial progress in
instilling more discipline and rigor into Secure Flight's development
and implementation, but challenges remain that may hinder the program's
progress moving forward.[Footnote 33] For example, TSA developed a
detailed concept of operations, established a cost and schedule
baseline, and drafted key management and systems development documents,
among other efforts. However, while TSA developed a life-cycle cost
estimate and an integrated master schedule for Secure Flight, the
program has not fully followed best practices that would help to ensure
reliable and valid cost and schedule estimates. We also reported that
TSA can strengthen its systems development efforts by demonstrating
that it has fully implemented its risk management plan, incorporated
end-to-end testing[Footnote 34] as part of the program's testing
strategy, and more fully addressed system security requirements and
vulnerabilities. We further reported that DHS and TSA can strengthen
their assessment of the current redress process for passengers who
believe they were inappropriately inconvenienced during the watch-list
matching process. TSA officials stated that they have considerably
strengthened Secure Flight's systems development efforts, and have
already taken or plan to take action to address the issues we
identified. We made a number of recommendations to strengthen TSA's
development and implementation of Secure Flight to address the issues
discussed below, which officials generally agreed with.
TSA Has Made Progress in Strengthening Secure Flight's Development and
Implementation:
TSA has taken numerous steps to address previous GAO recommendations
related to strengthening Secure Flight's development and
implementation, as well as additional steps designed to strengthen the
program.[Footnote 35] TSA has, among other things, developed a
detailed, conceptual description of how the system is to operate,
commonly referred to as a concept of operations; established a cost and
schedule baseline; developed security requirements; developed test
plans; conducted outreach with key stakeholders; published a notice of
proposed rulemaking on how Secure Flight is to operate; and issued a
guide to key stakeholders (e.g., air carriers and CBP) that defines,
among other things, system data requirements. Collectively, these
efforts have enabled TSA to more effectively manage the program's
development and implementation.
TSA has also taken steps to integrate the domestic watch-list matching
function with the international watch-list matching function currently
operated by CBP. We previously reported that TSA and CBP experienced
coordination challenges which, among other things, could result in a
duplication of effort and conflicting results from domestic and
international watch-list matching.[Footnote 36] We recommended that DHS
take additional steps and make key policy and technical decisions that
were necessary to more fully coordinate these programs. TSA and CBP
have since worked with DHS to develop a strategy called the One DHS
Solution, which is to align the two agencies' domestic and
international watch-list matching processes, information technology
systems, and regulatory procedures to provide a seamless interface
between DHS and the airline industry. TSA and CBP also agreed that TSA
will take over the screening of passengers against the watch list for
international flights from CBP, though CBP will continue to match
passenger information to the watch list in fulfillment of its border-
related functions. Full implementation of an integrated system is not
planned to take place until after Secure Flight acquires the watch list
matching function for domestic flights.
TSA has also taken steps to address key privacy principles in plans to
protect private passenger information for the Secure Flight program. We
previously reported that TSA, as part of its requirements development
process, had not clearly identified the privacy impacts of the Secure
Flight system or the full actions it planned to take to mitigate them.
We also reported that TSA violated provisions of the Privacy Act by not
fully disclosing its use of personal information during systems
testing.[Footnote 37] In March 2005, we recommended that TSA specify
how Secure Flight will protect personal privacy.[Footnote 38] In August
2007, TSA published, for public comment, the required privacy impact
assessment[Footnote 39] and system of records notice[Footnote 40] that
address key privacy protection principles.[Footnote 41] TSA also
developed a Program Privacy Architecture describing key aspects of
TSA's plans to protect private passenger information. We will continue
to monitor TSA's efforts as part of our ongoing work to ensure that
privacy protections continue to be appropriately considered.
TSA Has Not Fully Followed Best Practices for Developing Reliable and
Valid Cost and Schedule Estimates for Secure Flight:
Although TSA has developed a life-cycle cost estimate and maintains an
integrated master schedule for Secure Flight, the program has not fully
followed best practices for developing reliable and valid cost and
schedule estimates, and several program milestones have been missed or
have slipped. The Office of Management and Budget (OMB) endorsed the
use[Footnote 42]of GAO's Cost Assessment Guide in the development of
life-cycle cost and program schedule estimates.[Footnote 43] Without
adhering to these best practices in the development of its cost and
schedule estimates, TSA is at risk of the Secure Flight program
experiencing cost overruns, missed deadlines, and performance
shortfalls.
Life-cycle cost estimate. We reported that TSA has not fully followed
best practices for developing a reliable and valid life-cycle cost
estimate. Using our Cost Assessment Guide's 12-step process for
creating cost estimates, we assessed the Secure Flight cost estimate
against these best practices.[Footnote 44] DHS's Cost - Benefit
Analysis Guidebook, which TSA program officials stated that TSA used to
develop the life-cycle cost estimate for Secure Flight, contains most
of the best practices outlined in our Guide. TSA followed some of these
practices in developing its cost estimate, including defining the
purpose of the program and estimate purpose; identifying many program
cost elements, including expenditures for facilities, hardware, and
software; and identifying the numbers of staff, their pay, and
associated travel and training costs, among other elements. However, it
is unclear whether TSA followed other best practices or did not address
the practices in developing its estimate. For example, it is unclear
whether the cost estimate had been updated to reflect the current
program because the detailed support for the estimate was produced
between 2004 and 2006, and does not reflect the current program plan.
In addition, the cost estimate does not capture all key costs. For
example, the estimate does not capture costs beyond 2012 even though
the system is expected to be operational beyond that date. TSA
officials stated that the program's cost figures were updated in 2007
and continue to be updated as changes warrant. Officials further stated
that their estimates were prepared in accordance with DHS and OMB
guidance and were reviewed and approved by DHS and OMB. However,
without adhering to the best practices discussed above, as recommended
by OMB, TSA's cost estimate may not provide a meaningful baseline from
which to track progress, and effectively support investment decision
making.
Schedule estimate. We reported that TSA also did not fully follow best
practices for developing a reliable and valid schedule estimate. GAO's
Cost Assessment Guide includes 9 best practices, which if followed
correctly, should result in high quality, reliable, and valid schedule
estimates.[Footnote 45] Without a reliable schedule baseline and
careful monitoring of its status, a program may not be able to
determine when forecasted completion dates differ from planned dates.
TSA has made progress in developing a reliable and valid schedule
estimate, including capturing key activities and accounting for the
development of program requirements and testing. However, TSA officials
could not provide evidence that their scheduling software can produce a
critical path (i.e., the longest path of sequential activities in a
schedule) driven by discrete lower level tasks. Best practices call for
the critical path to be generated using scheduling software. We also
reported that the schedule is not fully integrated because several
lower level activities were not connected in a logical manner, as
called for by best practices. As a result, the Secure Flight schedule
estimate may not provide a meaningful benchmark from which to gauge
progress, identify and address potential problems, and make informed
decisions. For example, the inability to institute a reliable schedule
could affect TSA's ability to effectively measure contractor
performance in meeting deliverables. TSA officials stated that their
scheduling software can create a critical path, and that lower level
tasks in their schedule were logically linked together; however, they
did not provide evidence that supported this.
In February 2008, we reported that since TSA completed a re-baselining
of the Secure Flight program, and began using its current schedule, the
program has missed milestones and experienced schedule slippages.
[Footnote 46] For example, while TSA reported that it had met most of
its March 2007 schedule milestones to date, the August 2007 milestone
for developing memoranda of understanding and other written agreements
(e.g. service level agreements) with key Secure Flight stakeholders
(e.g. CBP) was missed and had not yet been met. TSA officials
attributed schedule slippages in part to an extension in the Secure
Flight rulemaking comment period and underestimating the time needed to
complete key activities.
In February 2008, we recommended that TSA fully incorporate best
practices into the development of Secure Flight life-cycle cost and
schedule estimates. TSA generally agreed with these recommendations. We
will continue to assess TSA's efforts to develop life-cycle cost and
schedule estimates as part of our ongoing review of the Secure Flight
Program.
TSA Has Made Progress in Strengthening Secure Flight's Development, but
Can Further Strengthen Efforts:
While TSA has taken numerous steps to strengthen the development of
Secure Flight, additional challenges remain. These challenges include:
1) implementing the program's risk management plan, 2) planning and
conducting end-to-end testing as part of their overall parallel testing
strategy, and 3) addressing information security requirements and
vulnerabilities.
Risk management. In October 2006, TSA issued a risk management plan for
identifying, managing, and mitigating Secure Flight program risks that
was consistent with relevant guidance and best practices. TSA also
acquired an electronic tool to guide its risk management efforts.
However, TSA has not yet provided us with evidence that it has
implemented all aspects of the plan, including developing an inventory
of risks and related information to demonstrate that its risk
management tool has been populated and is being used to identify,
prioritize, mitigate, and monitor risk. In November 2007, TSA hired a
risk management coordinator, a position that had been vacant since June
2007. According to program officials, the coordinator has been tasked
with supporting the risk management board in implementing the risk
management plan and has provided related training for its members. We
will continue to assess TSA's efforts to mange risk as part of our
ongoing review of Secure Flight.
End-to-end test planning. Secure Flight does not fully outline plans
for end-to-end testing in its overall test and evaluation plan, or
other test plans. Federal guidance and related best practices recommend
end-to-end testing to verify that the systems that collectively support
a program like Secure Flight will interoperate as intended in an
operational environment, either actual or simulated.[Footnote 47] We
reported in March 2005 on the importance of Secure Flight end-to-end
testing and recommended that TSA perform such testing.[Footnote 48] TSA
agreed with this recommendation. However, Secure Flight's current test
and evaluation master plan only outlines plans for partner
organizational entities (e.g., CBP for integration of international
watch-list functions) to test their respective parts of the system on
their own--rather than a coordinated end-to-end test involving all
parties. TSA developed a preliminary working draft of an end-to-end
testing strategy, called the parallel testing strategy. However, the
plan does not contain provisions for (1) testing that ensures that
supporting systems will operate as intended in an operational
environment, (2) definitions and dates for key milestone activities and
parties responsible for completing them, or (3) the revision of other
test plans, such as the test and evaluation master plan, to reflect the
performance of end-to-end tests. In February 2008, we reported that
Secure Flight officials stated that they plan to conduct full end-to-
end testing of the program, beginning in the spring of 2008, and that
they planned to reflect this testing in test plans that were still
under development. While we commend TSA's plans to conduct end-to-end
testing, the draft of TSA's test plan that discusses end-to-end testing
does not define a scope that extends to all aspects of the program.
Until TSA has well-defined and approved end-to-end test plans and
procedures, it will be challenged in its ability to demonstrate that
Secure Flight will perform in a way that will allow it to achieve
intended program outcomes and results. We will continue to assess TSA's
testing strategy, to include end-to-end testing, as part of our ongoing
review of the program.
Information security. While the Secure Flight program office has
completed important steps to incorporate security into the system's
development, it has not fully completed other steps to ensure security
is effectively addressed. Federal standards and guidance identify the
need to address information security throughout the life-cycle of
information systems, and specifies a minimum set of security steps
needed to effectively incorporate security into a system during its
development.[Footnote 49] The Secure Flight program has performed
several steps that incorporate security into the system's development,
including performing a security risk assessment, identifying and
documenting recommended security control requirements, and testing and
evaluating security controls for the system and incorporating
identified weaknesses in remedial action plans. However, other steps
pertaining to ensuring that security requirements are tested, preparing
security documentation, and conducting certification and accreditation
activities were not adequately completed.[Footnote 50] For example,
security requirements planned for Release One did not always trace to
test activities for this release.[Footnote 51] Program officials stated
that some security requirements were deferred until future releases due
to delays in funding for acquiring specific hardware and other
requirements require coordination with the information system security
official to verify whether they were tested as part of security test
and evaluation. In addition, security documentation contained incorrect
or incomplete information. To illustrate, the systems security plan did
not identify all interconnecting systems that Secure Flight will
interface with, such as those operated by the DHS Watch-List Service,
the organization that will transmit the watch-list to Secure Flight.
Program officials stated that security documentation was outdated or
incorrect because there was insufficient time to update the
documentation for changes in the computing environment and security
requirements.
Furthermore, program officials granted an authorization to operate--one
of three possible accreditation decisions made in the certification and
accreditation process--although the system had 46 known
vulnerabilities, including 11 high-risk and 27 moderate-risk
vulnerabilities and the controls had not yet been implemented.[Footnote
52] Federal guidance as well as DHS policy provide for an interim
authority to operate accreditation when significant restrictions or
limitations exist and certain deficiencies and corrective actions need
to be addressed within a specified period. Although security officials
identified plans of actions and milestones for addressing the
vulnerabilities within 60 and 90 days for the high and moderate risks,
respectively, given their significance, an interim authorization to
operate would be the more appropriate determination. In addition,
hardware components used to implement controls over user identity and
account management (i.e., authentication, logins and passwords, and
user roles and privileges), as well as the alternate processing site
had not yet been implemented. Once implemented, the security controls
over these components could have an impact on the information security
and, therefore, may require a re-accreditation. Program officials chose
the authority to operate accreditation because they asserted that the
DHS Chief Information Security Officer does not allow interim
authorizations. If these security activities are not completed, there
is an increased risk that key security controls and requirements may
not be fully developed, tested, implemented or documented. In February
2008, we recommended that TSA fully implement the Secure Flight risk
management plan; finalize and approve Secure Flight's end-to-end
testing strategy; and strengthen information security documentation and
controls. TSA generally agreed with these recommendations.
DHS and TSA Lack Performance Measures to Fully Evaluate the
Effectiveness of the Redress Process, But Plan Additional Measures
under Secure Flight:
DHS and TSA have not developed a complete set of performance measures
to assess the effectiveness of the redress process for passengers
inconvenienced as a result of watch-list matching.[Footnote 53]
Measuring performance allows organizations to track the progress they
are making toward their goals and gives managers critical information
on which to base decisions for improving their programs. DHS and TSA
are developing additional measures for the redress process that they
plan to implement when Secure Flight becomes operational.
TSA, supported by the Terrorist Screening Center, provides
opportunities for airline passengers to seek redress in cases where
they experienced inconveniences during the check-in and screening
processes due to the possibility they have been misidentified as being
on or wrongly assigned to the terrorist watch-list.[Footnote 54] The
redress process enables these individuals to file an inquiry to have
erroneous information corrected in DHS systems that may prevent future
delays and inconveniences at the airport. In February 2007, DHS
established the Traveler Redress Inquiry Program (TRIP) to serve as the
central processing point within the department for redress inquiries.
TSA's Office of Transportation Security Redress (OTSR) is responsible
for reviewing redress inquiries submitted by air passengers through
TRIP.
TRIP and OTSR's redress program goals are to process redress
applications as quickly and as accurately as possible. However, to
measure program performance against these goals, TRIP and OTSR
currently track only one measure for redress related to the timeliness
of case completion, and do not track any performance measures related
to program accuracy. Previous GAO work identified that agencies
successful in evaluating performance had measures that used attributes
from GAO's best practices.[Footnote 55] Specifically, our previous work
identified that agencies successful in evaluating performance had
measures that demonstrated results, covered multiple priorities,
provided useful information for decision making, and successfully
addressed important and varied aspects of program performance. TRIP and
OTSR officials stated that they do not plan to develop additional
performance measures, such as measures related to accuracy of the
redress process, but rather are awaiting the implementation of Secure
Flight to determine the program's impact on the redress process before
creating additional measures. Secure Flight is intended to reduce the
inconveniences experienced by air passengers by taking over from air
carriers the responsibility for prescreening passengers in order to
ensure consistent and effective use of the cleared list,[Footnote 56]
which should impact the effectiveness of the redress process.[Footnote
57]
In addition to TRIP and OTSR's performance measures for the redress
process, the Secure Flight program office is working with OTSR to
develop redress performance measures for the Secure Flight Program.
Secure Flight plans to use the TSA redress process that is currently
available for individuals affected by the air carrier identity-matching
processes. Secure Flight is coordinating with OTSR to determine how
this process will be integrated with other Secure Flight requirements.
Secure Flight and OTSR are jointly developing a set of performance
measures and targets covering multiple priorities for redress that are
to be implemented when Secure Flight becomes operational, and officials
told us that they will follow best practices in the development of
these measures.
While we commend TSA for developing redress performance measures for
the Secure Flight Program, since the program is not scheduled to be
implemented until January 2009, DHS and OTSR's current redress process
lacks a complete set of measures with which they can assess performance
and make program improvements. Since measures are often the key
motivators of performance and goal achievement, the program's overall
success is at risk if all priorities are not addressed and information
is not obtained to make future adjustments and improvements to the
program. Moreover, such performance data would provide a baseline
against which to benchmark Secure Flight's progress and planned
improvements to the redress process. In February 2008, we recommended
that DHS and TSA re-evaluate redress performance measures and consider
creating and implementing additional measures that, consistent with
best practices, demonstrate results, cover multiple priorities, and
provide useful information for decision making. TSA generally agreed
with this recommendation.
TSA Has Taken Steps to Secure the Nation's Surface Transportation
Systems, but More Work Remains:
DHS, primarily through the efforts of TSA, has undertaken initiatives
to strengthen the security of the nation's surface transportation
systems. While TSA has devoted the vast majority of its resources to
securing commercial aviation and to meeting related statutory
requirements, it has more recently increased its focus on the security
of surface modes of transportation. However, these efforts are still
largely in the early stages. International events such as the March
2004 bombing of commuter trains in Madrid, Spain, and the July 2005
bombings and attempted attacks against public transit in London,
England, have, in part, contributed to this increased focus. TSA and
other DHS components have developed a strategic approach for securing
surface modes of transportation, have taken steps to conduct risk
assessments of surface transportation assets and have administered
related grant programs. TSA also issued a proposed rule in December
2006 which, if finalized as proposed, will require freight and
passenger rail operators to implement additional security requirements,
and will increase TSA's oversight of operators' security
efforts.[Footnote 58] However, TSA has not issued standards for
securing all surface transportation modes or determined whether it will
issue standards for all modes, and is still defining what its
regulatory role will be for these modes. We have ongoing work assessing
the security of surface modes of transportation, and will report on our
results later this year.
Strategic Approach for Implementing Security Functions:
In September 2005, DHS completed the National Strategy for
Transportation Security. This strategy identified and evaluated
transportation assets in the United States that could be at risk of a
terrorist attack and addressed transportation sector security needs.
Further, in May 2007, DHS issued a strategic plan for securing the
transportation sector and supporting annexes for each of the surface
transportation modes, and reported taking actions to adopt the
strategic approach outlined by the plan. The Transportation Systems
Sector-Specific Plan describes the security framework that is intended
to enable sector stakeholders to make effective and appropriate risk-
based security and resource allocation decisions within the
transportation network. TSA has begun to implement some of the security
initiatives outlined in the sector-specific plan and supporting modal
plans. Additionally, the Implementing Recommendations of the 9/
11Commission Act imposes a deadline of May 2008, for the Secretary of
DHS to develop and implement the National Strategy for Public
Transportation Security. Our work assessing DHS's efforts in
implementing its strategy for securing surface transportation modes is
being conducted as part of our ongoing reviews of mass transit,
passenger and freight rail, commercial vehicle, and highway
infrastructure security. We will report on the results of this work
later this year.
Threat, Vulnerability, and Criticality Assessments:
TSA has taken actions to assess risk by conducting threat, criticality,
and vulnerability assessments of surface transportation assets,
particularly for mass transit, passenger rail, and freight rail, but
its efforts related to commercial vehicles and highway infrastructure
are in the early stages. For example, TSA had conducted threat
assessments of all surface modes of transportation. TSA has also
conducted assessments of the vulnerabilities associated with some
surface transportation assets. For example, regarding freight rail, TSA
has conducted vulnerability assessments of rail corridors in eight High
Threat Urban Areas where toxic-inhalation-hazard shipments are
transported. With respect to commercial vehicles and highway
infrastructure, TSA's vulnerability assessment efforts are ongoing.
According to TSA, the agency performed 113 corporate security reviews
on highway transportation organizations through fiscal year 2007, such
as trucking companies, state Departments of Transportation, and motor
coach companies.[Footnote 59] However, TSA does not have a plan or a
time frame for conducting these reviews on a nationwide basis.
Furthermore, DHS's National Protection and Programs Directorate's
Office of Infrastructure Protection conducts vulnerability assessments
of surface transportation assets to identify protective measures to
reduce or mitigate asset vulnerability. With regard to criticality
assessments, TSA reported in April 2008 that the agency had conducted
1,345 assessments of passenger rail stations.[Footnote 60]
Additionally, the Implementing Recommendations of the 9/11Commission
Act has several provisions related to security assessments. For
instance, the act requires DHS to review existing security assessments
for public transportation systems as well as conduct additional
assessments as necessary to ensure that all high-risk public
transportation agencies have security assessments. Moreover, the act
also requires DHS to establish a federal task force to complete a
nationwide risk assessment of a terrorist attack on rail carriers. We
will continue to review threat, vulnerability, and criticality
assessments conducted by TSA related to securing surface modes of
transportation during our ongoing work.[Footnote 61]
Issuance of Security Standards:
TSA has taken actions to develop and issue security standards for mass
transit, passenger rail, and freight rail transportation modes.
However, TSA has not yet developed or issued security standards for all
surface transportation modes, such as commercial vehicle and highway
infrastructure, or determined whether standards are necessary for these
modes of transportation. Specifically, TSA has developed and issued
both mandatory rail security directives and recommended voluntary best
practices--known as Security Action Items--for transit agencies and
passenger rail operators to implement as part of their security
programs to enhance both security and emergency-management
preparedness. TSA also issued a notice of proposed rule making in
December 2006, which if finalized as proposed, would include additional
security requirements for passenger and freight rail transportation
operators.[Footnote 62] For example, the rule would include additional
security requirements designed to ensure that freight railroads have
protocols for the secure custody transfers of toxic-inhalation-hazard
rail cars in High Threat Urban Areas. DHS and other federal partners
have also been collaborating with the American Public Transportation
Association (APTA) and public and private security professionals to
develop industry wide security standards for mass transit systems. APTA
officials reported that they expect several of the voluntary standards
to be released in mid-2008. Additionally, the Implementing
Recommendations of the 9/11Commission Act requires DHS to issue
regulations establishing standards and guidelines for developing and
implementing vulnerability assessments and security plans for high-risk
railroad carriers and over-the-road bus operators.[Footnote 63] The
deadlines for the regulations are August 2008 and February 2009,
respectively. With respect to freight rail, TSA is developing a notice
of proposed rulemaking proposing that high-risk rail carriers conduct
vulnerability assessments and develop and implement security plans. We
will continue to assess TSA's efforts to issue security standards for
other surface transportation modes during our ongoing reviews.
Compliance Inspections:
TSA has hired and deployed surface transportation security inspectors
who conduct compliance inspections for both passenger and freight rail
modes of transportation; however, questions exist regarding how TSA
will employ the inspectors to enforce new regulations proposed in its
December 2006 Notice of Proposed Rulemaking and regulations to be
developed in accordance with the Implementing Recommendations of the 9/
11 Commission Act.[Footnote 64] TSA officials reported having 100
surface transportation inspectors during fiscal year 2005 and, as of
December 2007, were maintaining an inspector workforce of about the
same number. The agency's budget request for fiscal year 2009 includes
$11.6 million to fund 100 surface transportation security inspectors--
which would maintain its current staffing level. Inspectors'
responsibilities include conducting on-site inspections of key
facilities for freight rail, passenger rail, and transit systems;
assessing transit systems' implementation of core transit security
fundamentals and comprehensive security action items; conducting
examinations of stakeholder operations, including compliance with
security directives; identifying security gaps; and developing
effective practices. To meet these compliance responsibilities, TSA
reported in December 2007 that it had conducted voluntary assessments
of 50 of the 100 largest transit agencies, including 34 passenger rail
and 16 bus-only agencies, and has plans to continue these assessments
with the next 50 largest transit agencies during fiscal year 2008. With
respect to freight rail, TSA reported visiting, during 2007, almost 300
railroad facilities including terminal and railroad yards to assess the
railroads' implementation of 17 DHS-recommended Security Action Items
associated with the transportation of toxic-inhalation-hazard
materials.
TSA has raised concerns about the agency's ability to continue to meet
anticipated inspection responsibilities given the new regulations
proposed in its December 2006 Notice of Proposed Rulemaking and
requirements of the Implementing Recommendations of the 9/11 Commission
Act. For example, the act mandates that high-risk over-the-road bus
operators, railroad carriers, and public transportation agencies
develop and implement security plans which must include, among other
requirements, procedures to be implemented in response to a terrorist
attack.[Footnote 65] The act further requires the Secretary of DHS to
review each plan within 6 months of receiving it. TSA officials stated
that they believe TSA inspectors will likely be tasked to conduct these
reviews. The act also requires that the Secretary of DHS develop and
issue interim final regulations by November 2007, for a public
transportation security training program.[Footnote 66] As of April
2008, these interim regulations have not been issued. According to TSA
officials, TSA inspectors will likely be involved in ensuring
compliance with these regulations as well. To help address these
additional requirements, the Implementing Recommendations of the 9/
11Commission Act authorizes funds to be appropriated for TSA to employ
additional surface transportation inspectors, and requires that surface
transportation inspectors have relevant transportation experience and
appropriate security and inspection qualifications.[Footnote 67]
However, it is not clear how TSA will meet these new requirements since
the agency has not requested funding for additional surface
transportation security inspectors for fiscal year 2009. We will
continue to assess TSA's inspection efforts during our ongoing work.
[Footnote 68]
Grant Programs:
DHS has developed and administered grant programs for various surface
transportation modes, although stakeholders have raised concerns
regarding the current grant process. For example, the DHS Office of
Grants and Training, now called the Grant Programs Directorate, has
used various programs to fund passenger rail security since 2003.
Through the Urban Areas Security Initiative grant program, the Grant
Programs Directorate has provided grants to urban areas to help enhance
their overall security and preparedness level to prevent, respond to,
and recover from acts of terrorism. The Grant Programs Directorate used
fiscal year 2005, 2006, and 2007 appropriations to build on the work
under way through the Urban Areas Security Initiative program, and
create and administer new programs focused specifically on
transportation security, including the Transit Security Grant Program,
Intercity Passenger Rail Security Grant Program, and the Freight Rail
Security Grant Program. However, some industry stakeholders have raised
concerns regarding DHS's current grant process, including the shifting
of funding priorities, the lack of program flexibility, and other
barriers to the provision of grant funding. For example, transit
agencies have reported that the lack of predictability in how TSA will
assess grant projects against funding priorities makes it difficult to
engage in long-term planning of security initiatives. Specifically,
transit agencies have reported receiving funding to begin projects--
such as retrofitting their transit fleet with security cameras or
installing digital video recording systems--but not being able to
finish these projects in subsequent years because TSA had changed its
funding priorities. The Implementing Recommendations of the 9/11
Commission Act codifies surface transportation grant programs and
imposes statutory requirements on the administration of the
programs.[Footnote 69] For example, the act lists authorized uses of
these grant funds and requires DHS to award the grants based on
risk.[Footnote 70] It also requires that DHS and DOT determine the most
effective and efficient way to distribute grant funds, authorizing DHS
to transfer funds to DOT for the purpose of disbursement.[Footnote 71]
According to the TSA fiscal year 2009 budget justification, to ensure
that the selected projects are focused on increasing security, DHS
grants are to be awarded based on risk. We will continue assessing
surface transportation related grant programs as part of our ongoing
work.[Footnote 72]
Conclusions:
DHS and TSA have undertaken numerous initiatives to strengthen the
security of the nation's transportation system, and should be commended
for these efforts. Regarding commercial aviation, TSA has developed
processes to more efficiently allocate and deploy the TSO workforce,
strengthened screening procedures, is working to develop and deploy
more effective screening technologies, strengthened the security of air
cargo, and improved the development of a program to prescreen
passengers against terrorist watch-lists. Further, TSA has more
recently taken actions in a number of areas to help secure surface
modes of transportation. More work, however, remains. For example,
TSA's surface transportation security efforts are still largely in the
early stage, and the nature of its regulatory role, and relationship
with transportation operators, is still being defined. Opportunities
therefore exist to further strengthen these efforts, in particular in
the areas of risk management and program planning and monitoring. Our
work has shown--in homeland security and in other areas--that a
comprehensive risk management approach can help inform decision makers
in the allocation of finite resources to the areas of greatest need. We
are encouraged that risk management has been a cornerstone of DHS and
TSA policy, and that TSA has implemented risk-based decision making
into a number of its efforts. Despite this commitment, however, TSA
will continue to face difficult decisions and trade-offs--particularly
as threats to transportation systems evolve--regarding acceptable
levels of risk and the need to balance security and its investments
among all transportation modes. We recognize that doing so will not be
easy.
Mr. Chairman this concludes my statement. I would be pleased to answer
any questions that you or other members of the committee may have at
this time.
Contact and Acknowledgements:
For further information on this testimony, please contact Cathleen A.
Berrick at (202) 512-3404 or berrickc@gao.gov. Contact points for our
Offices of Congressional Relations and Public Affairs may be found on
the last page of this statement.
In addition to the contact named above, Jason Berman, Chris Currie, Joe
Dewechter, Chris Ferencik, Dawn Hoff, Daniel Klabunde, Tracey King,
Anne Laffoon, Thomas Lombardi, Gary Malavenda, Vicky Miller, Steve
Morris, Maria Strudwick, and Meg Ullengren made contributions to this
testimony.
[End of section]
Footnotes:
[1] GAO, Aviation Security: Transportation Security Administration Has
Strengthened Planning to Guide Investments in Key Aviation Security
Programs, but More Work Remains, [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-08-456T] (Washington, D.C.: February 28, 2008).
[2] Pub. L. No. 110-53, § 1605(b), 121 Stat. 266, 481-82 (2007).
[3] See Pub. L. No. 107-71, 115 Stat. 597 (2001).
[4] DHS's budget execution reports are monthly statements that reflect
the department's financial activity. In our analysis of DHS's budget
execution reports and TSA Congressional Budget Justification, we
included funding that we determined to be specifically designated for
aviation security and funding for all programs, projects, and
activities related to aviation security, to the extent they were
identifiable, in order to present consistent total funding amounts
across fiscal years. In addition, these aviation security totals do not
reflect funding for activities that may support TSA's aviation security
programs and projects, such as intelligence and administration, because
DHS's documentation does not identify the proportion of funding
dedicated to support aviation security. During this time period, a
number of aviation security related activities were transferred in or
out of TSA's jurisdiction, which affects TSA funding levels for the
affected fiscal years.
[5] ATSA further required TSA to allow airports to apply to opt-out of
federal screening and to use private screeners under contract with TSA.
See 49 U.S.C. § 44920. Ten airports and 1 heliport currently have
screening operations conducted by private screening contractors under
TSA's Screening Partnership Program.
[6] Sterile areas are located within the terminal where passengers are
provided access to boarding aircraft. Access to these areas is
controlled by TSOs (or by non-federal screeners at airports
participating in the Screener Partnership Program) at checkpoints where
they conduct physical screening of individuals and their carry-on
baggage for weapons and explosives.
[7] CAPPS identifies passengers for secondary screening based on
certain travel behaviors reflected in their reservation information
that are associated with threats to aviation security, as well as
through a random selection of passengers. At some airports, some
passengers may also be screened by walking through an explosives trace
portal--a machine that detects trace amounts of explosives on persons.
[8] Explosive detection systems use computer-aided tomography X-rays to
examine objects inside baggage and identify the characteristic
signatures of threat explosives. This equipment operates in an
automated mode.
[9] Explosive trace detection works by detecting vapors and residues of
explosives. Human operators collect samples by rubbing bags with swabs,
which are chemically analyzed to identify any traces of explosive
materials.
[10] The Implementing Recommendations of the 9/11 Commission Act of
2007 defines the term 'screening' for purposes of air cargo to mean a
physical examination or non-intrusive methods of assessing whether
cargo poses a threat to transportation security. See 49 U.S.C. §
44901(g)(5). Such methods of screening include x-ray systems,
explosives detection systems, explosives trace detection, explosives
detection canine teams certified by TSA, or a physical search together
with manifest verification. While additional methods may be approved to
ensure that cargo does not pose a threat to transportation security,
these additional methods cannot include solely performing a review of
information about the contents of cargo or verifying the identity of a
shipper of the cargo if not performed in conjunction with other
authorized security methods, including whether a shipper is registered
in the known shipper database.
[11] Certified explosive detection canine teams have been evaluated by
TSA and shown to effectively detect explosive devices. Decompression
chambers simulate the pressures acting on aircraft by simulating flight
conditions, which cause explosives that are attached to barometric
fuses to detonate.
[12] See Pub. L. No. 110-53, § 1602(a), 121 Stat. 266, 477-480 (2007)
(codified at 49 U.S.C. § 44901(g)).
[13] The No Fly and Selectee lists contain the names of individuals
with known or suspected links to terrorism. These lists are subsets of
the consolidated terrorist watch-list that is maintained by the Federal
Bureau of Investigation's Terrorist Screening Center.
[14] See 49 U.S.C. § 44903(j)(2)(C).
[15] GAO, Aviation Security: Progress Made in Systematic Planning to
Guide Key Investment Decisions, but More Work Remains, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-448T] (Washington, D.C.:
February 13, 2007).
[16] See Pub. L. No. 110-53, § 1605(b), 121 Stat. 266, at 481-82.
[17] GAO is also mandated to review DHS's certification of 10
conditions outlined in section 522(a) of the DHS Appropriations Act,
2005, related to the development and implementation of the Secure
Flight program. See Pub. L. No. 110-161, § 513, 121 Stat. 1844 (2007).
[18] Fifteen million was appropriated during fiscal year 2007 and $17.5
million was carried over from the prior fiscal year, for a total of
$32.5 million.
[19] As mandated by law, GAO is currently reviewing TSA's request for
transfer of an additional $24 million to the Secure Flight program in
fiscal year 2008. See Pub. L. No. 110-161, § 550, 121 Stat. 1844.
[20] According to TSA's Congressional Justification, the $154 million
requested for procurement and installation of checked baggage explosive
detection systems is in addition to the $676 in mandatory fees
requested for the Aviation Security Capital Fund, which would provide
$830 million in total funding for the procurement and installation of
such systems.
[21] GAO, Aviation Security: Challenges Exist in Stabilizing and
Enhancing Passenger and Baggage Screening Operations, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-04-440T] (Washington, D.C.: Feb.
12, 2004).
[22] As part of TSA's Screening Partnership Program, 10 airports and 1
heliport use private contract screeners in lieu of federal TSOs.
Although these airports and heliport do not use federal screeners, TSA
uses the Staffing Allocation Model to determine the full-time
equivalent screening staff at each of these airports. These staffing
levels, as determined by the model, serve as a limit on the number of
private screeners that the private screening contractors could employ.
[23] The TSA fiscal year 2009 budget justification includes about $151
million for the Screening Partnership Program.
[24] GAO, Aviation Security: Risk, Experience, and Customer Concerns
Drive Changes to Airline Passenger Screening Procedures, but Evaluation
and Documentation of Proposed Changes Could Be Improved, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-634] (Washington, D.C.: April
16, 2007).
[25] GAO, Transportation Security Administration: Actions and Plans to
Build a Results Oriented Culture, [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-03-190] (Washington, D.C.: January 2003).
[26] GAO, Aviation Security: Progress Made in Systematic Planning to
Guide Key Investment Decisions, but More Work Remains, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-448T] (Washington, D.C.:
February 13, 2007).
[27] DHS S&T is responsible for research and development of checkpoint
technologies related to aviation security, managing the activities
conducted at the Transportation Security Laboratory, and coordinating
these efforts with TSA. TSA's Passenger Screening Program is
responsible for evaluating and deploying systems to detect explosives
and weapons concealed on persons or in carry-on items, while
strengthening access control, improving screener performance, and
reducing staffing requirements.
[28] Research and development projects generally fall within the
following phases: (1) basic research includes all scientific efforts
and experimentation directed to increase knowledge and understanding in
the fields of science related to long-term national needs; (2) applied
research includes efforts directed toward solving specific problems
with a focus on developing and evaluating the feasibility of proposed
solutions; (3) advanced development includes efforts directed toward
the development of hardware for field experiments; and (4) operational
testing includes evaluation of technologies in a realistic operating
environment to assess the performance or cost reduction potential of
advanced technology.
[29] GAO, Aviation Security: Federal Efforts to Secure U.S.-Bound Air
Cargo Are in the Early Stages and Could Be Strengthened, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-660] (Washington, D.C.: April
2007).
[31] According to TSA, the funding requested for the Certified Cargo
Screening Program could change if the agency has any contract activity
in fiscal year 2008 for this program.
[32] GAO, Aviation Security: Federal Action Needed to Strengthen
Domestic Air Cargo Security, [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-06-76] (Washington, D.C.: October 2005) and [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-660]; GAO, Aviation Security:
Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages
and Could Be Strengthened, [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-07-660] (Washington, D.C.: April 2007).
[33] The table represents the key recommendations GAO made regarding
air cargo, but does not encompass all of them. See [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-06-76] and [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-660] for the complete list of
recommendations.
[34] In fulfilling this mandate, DHS must provide for the screening of
50 percent of all cargo transported on passenger aircraft by February
2009, 18 months after enactment of the Act. See 49 U.S.C. § 44901(g).
[35] End-to-end testing is conducted to verify that the entire system,
including any external systems with which it interfaces, functions as
intended in an operational environment.
[36] GAO, Aviation Security: Secure Flight Development and Testing
Under Way, but Risks Should Be Managed as System is Further Developed,
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-05-356] (Washington,
D.C.: March 28, 2005); and GAO, Aviation Security: Significant
Management Challenges May Adversely Affect Implementation of the
Transportation Security Administration's Secure Flight Program,
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-374T] (Washington,
D.C.: February 9, 2006).
[37] See [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-448T].
[38] See GAO, Aviation Security: Transportation Security Administration
Did Not Fully Disclose Uses of Personal Information during Secure
Flight Program Testing in Initial Privacy Notices, but Has Recently
Taken Steps to More Fully Inform the Public, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-05-864R] (Washington, D.C.: July
22, 2005).
[39] See [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-05-356].
[40] The E-Government Act of 2002 requires agencies to conduct privacy
impact assessments (PIA). Pub. L. No. 107-347, § 208, 116 Stat. 2899,
2921-23 (2002). A PIA is an analysis of how personal information is
collected, stored, shared, and managed in a federal system. Agencies
are required to make their PIAs publicly available.
[41] The Privacy Act places limitations on agencies' collection,
disclosure, and use of personal information maintained in systems of
records and requires agencies to publish a public notice, known as a
System of Records Notice (SORN), in the Federal Register. See 5 U.S.C.
§ 552a.
[42] TSA will not issue final notices until it completes its evaluation
of public comments on notice of proposed rulemaking. The comment period
for the Secure Flight rulemaking closed on November 21, 2007.
[43] OMB's Capital Programming Guide (Supplement to Office of
Management and Budget Circular A-11, Part 7: Planning, Budgeting, and
Acquisition of Capital Assets) identifies that there are certain key
criteria that OMB will look for in the justification of spending for
proposed new capital assets including credible cost estimates. Appendix
9 of the guide identifies that following the guidelines in GAO's Cost
Assessment Guide will help agencies meet most cost estimating
requirements.
[44] See GAO, Cost Assessment Guide: Best Practices for Estimating and
Managing Program Costs, Exposure Draft, GAO-07-1134SP (Washington,
D.C.: July 2007).
[45] The 12 steps involved in developing a high-quality cost estimating
process are 1) define the estimate's purpose, 2) develop the estimating
plan, 3) define the program, 4) determine the estimating structure, 5)
identify ground rules and assumptions, 6) obtain the data, 7) develop
the point estimate and compare it to an independent cost estimate, 8)
conduct sensitivity analysis, 9) conduct risk and uncertainty analysis,
10) document the estimate, 11) present estimate to management, and 12)
update the estimate to reflect actual costs and changes.
[46] The 9 best practices are 1) capturing key activities, 2)
sequencing key activities, 3) establishing the duration of key
activities, 4) establishing the critical path for key activities, 5)
assigning resources to key activities, 6) identifying "float time"
between key activities, 7) distributing reserves to high risk
activities (including conducting an independent cost estimate), 8)
integrating key activities horizontally--to link products and outcomes
associated with already sequenced activities--and vertically--to ensure
that traceability exists among varying levels of activities and
supporting tasks, and 9) completing schedule risk analysis.
[47] See [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-456T].
[48] Risks of testing in the production environment must be thoroughly
analyzed and precautions taken to preclude damage to systems and data.
See GAO, Year 2000 Computing Crisis: A Testing Guide, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-10.1.21] (Washington. D.C.:
November 1998).
[49] See [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-05-356].
[50] National Institute of Standards and Technology (NIST), Technology
Administration, U.S. Department of Commerce, Security Considerations in
the Information System Development Life-Cycle, NIST Special Publication
800-64 (Gaithersburg, Md: June 2004).
[51] OMB requires that agency management officials formally authorize
their information systems to process information and accept the risk
associated with their operation. This management authorization
(accreditation) is to be supported by a formal technical evaluation
(certification) of the management, operational, and technical controls
established in an information system's security plan. See GAO,
Information Security: Although Progress Reported, Federal Agencies Need
to Resolve Significant Deficiencies, [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-08-496T], (Washington, D.C.: February 14, 2008).
[52] These activities include 1) system testing performed as part of
software development, and 2) security test and evaluation performed as
part of certification and accreditation.
[53] TSA defines high-risk vulnerabilities as those where there is a
strong need for corrective measures, the probability of serious
incident is likely and risks are not normally acceptable, corrective
action plans must in place as soon as possible, and the authorization
to operate may be receded or not granted. Moderate-risk vulnerabilities
are those where the probability of incident is elevated, with increased
probability of unauthorized disclosure or disruption of operations, and
risks are probably not acceptable.
[54] In general, performance measures are indicators, statistics, or
metrics used to gauge program performance.
[55] The term "misidentified" refers to a person initially matched by a
screening entity to a name on the watch-list, but upon closer
examination, the person is found to not match any watch-list record.
[56] GAO, Tax Administration: IRS Needs to Further Refine Its Tax
Filing Season Performance Measures, [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-03-143], (Washington, D.C.: November 22, 2002).
[57] The cleared list contains the names and other personal identifying
information of individuals who have gone through the redress process
and have been checked and cleared as being persons not on the No Fly or
Selectee lists.
[58] Under Secure Flight, as described by TSA's notice of proposed
rulemaking, TSA plans to introduce a unique redress number that would
enable Secure Flight to "pre-clear" individuals who have previously
been misidentified, have gone through the redress process, and who
provide additional identifying information when making a reservation.
TSA expects this to reduce the likelihood of travel delays at check-in
for those passengers.
[59] See 71 Fed Reg. 76,852 (Dec 21, 2006).
[60] TSA conducts corporate security reviews in multiple modes of
transportation to establish baseline data against which to evaluate
minimum-security standards and identify coverage gaps in reviewed
systems.
[61] According to TSA, the agency completed 945 criticality assessments
in fiscal year 2007 and 400 assessments in fiscal year 2008. TSA
officials stated that some of these assessments may have been conducted
to update previously completed ones.
[62] For more information, see GAO, Passenger Rail Security: Enhanced
Federal Leadership Needed to Prioritize and Guide Security Efforts,
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-225T] (Washington,
D.C.: Jan. 18, 2007).
[63] See 71 Fed. Reg. 76,852 (Dec. 21, 2006).
[64] See Pub. L. No. 110-53, § 1512, 1531, 121 Stat. at 429-33, 454-57.
[65] See, e.g., Pub. L. No. 110-53, § 1534, 121 Stat at 461-62.
[66] See Pub. L. No. 110-53, § 1405, 1512, 1531, 121 Stat. at 402-05,
429-33, 454-57.
[67] See Pub. L. No. 110-53, § 1408, 121 Stat. at 409-11 (requiring
that the Secretary develop and issue final regulations for the training
program by August 2008).
[68] See Pub. L. No. 110-53, § 1304, 121 Stat. at 393-94.
[69] For more information, see GAO, Passenger Rail Security: Enhanced
Federal Leadership Needed to Prioritize and Guide Security Efforts,
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-181T] (Washington,
D.C.: Oct. 20, 2005).
[70] See Pub. L. No. 110-53, § 1406, 1513, 1532, 121 Stat. 405-08, 433-
35, 457-60.
[71] See, e.g., Pub. L. No. 110-53, § 1406(b), (c)(2), 121 Stat. at 405-
07.
[72] See Pub. L. No. 110-53, § 1406(d), 1532(e), 121 Stat. at 407, 459.
[73] For more information see [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-06-181T].
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office:
441 G Street NW, Room LM:
Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
