Aviation Security
Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation Security Programs, but More Work Remains Gao ID: GAO-08-1024T July 24, 2008Since its inception in November 2001, the Transportation Security Administration (TSA) has focused much of its efforts on aviation security, and has developed and implemented a variety of programs and procedures to secure the commercial aviation system. TSA funding for aviation security has totaled about $26 billion since fiscal year 2004. This testimony focuses on TSA's efforts to secure the commercial aviation system through passenger screening, strengthening air cargo security, and watch-list matching programs, as well as challenges that remain. It also addresses crosscutting issues that have impeded TSA's efforts in strengthening security. This testimony is based on GAO reports and testimonies issued from February 2004 through July 2008 including selected updates obtained from TSA officials in June and July 2008.
DHS and TSA have undertaken numerous initiatives to strengthen the security of the nation's commercial aviation system, including actions to address many recommendations made by GAO. TSA has focused its efforts on, among other things, more efficiently allocating, deploying, and managing the Transportation Security Officer (TSO) workforce--formerly known as screeners; strengthening screening procedures; developing and deploying more effective and efficient screening technologies; strengthening domestic air cargo security; and developing a government operated watch-list matching program, known as Secure Flight. For example, in response to GAO's recommendation, TSA developed a plan to periodically review assumptions in its Staffing Allocation Model used to determine TSO staffing levels at airports, and took steps to strengthen its evaluation of proposed procedural changes. TSA also explored new passenger checkpoint screening technologies to better detect explosives and other threats, and has taken steps to strengthen air cargo security, including increasing compliance inspections of air carriers. Finally, TSA has instilled more discipline and rigor into Secure Flight's systems development, including preparing key documentation and strengthening privacy protections. While these efforts should be commended, GAO has identified several areas that should be addressed to further strengthen security. For example, TSA made limited progress in developing and deploying checkpoint technologies due to planning and management challenges. In addition, TSA faces resource and other challenges in developing a system to screen 100 percent of cargo transported on passenger aircraft in accordance with the Implementing Recommendations of the 9/11 Commission Act of 2007. GAO further identified that TSA faced program management challenges in the development and implementation of Secure Flight, including developing cost and schedule estimates consistent with best practices; fully implementing the program's risk management plan; developing a comprehensive testing strategy; and ensuring that information security requirements are fully implemented. A variety of crosscutting issues have affected DHS's and TSA's efforts in implementing its mission and management functions. For example, TSA can more fully adopt and apply a risk-management approach in implementing its security mission and core management functions, and strengthen coordination activities with key stakeholders. For example, while TSA incorporated risk-based decision making when modifying checkpoint screening procedures, GAO reported that TSA's analyses that supported screening procedural changes could be further strengthened. DHS and TSA have strengthened their efforts in these areas, but more work remains.
GAO-08-1024T, Aviation Security: Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation Security Programs, but More Work Remains
This is the accessible text file for GAO report number GAO-08-1024T
entitled 'Aviation Security: Transportation Security Administration Has
Strengthened Planning to Guide Investments in Key Aviation Security
Programs, but More Work Remains' which was released on July 24, 2008.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Testimony before the Subcommittee on Aviation, Committee on
Transportation and Infrastructure, House of Representatives:
United States Government Accountability Office:
GAO:
For Release on Delivery:
Expected at 10:00 a.m. EDT:
Thursday, July 24, 2008:
Aviation Security:
Transportation Security Administration Has Strengthened Planning to
Guide Investments in Key Aviation Security Programs, but More Work
Remains:
Statement of Cathleen A. Berrick, Director: Homeland Security and
Justice Issues:
GAO-08-1024T:
GAO Highlights:
Highlights of GAO-08-1024T, a testimony before the Subcommittee on
Aviation, Committee on Transportation and Infrastructure, House of
Representatives.
Why GAO Did This Study:
Since its inception in November 2001, the Transportation Security
Administration (TSA) has focused much of its efforts on aviation
security, and has developed and implemented a variety of programs and
procedures to secure the commercial aviation system. TSA funding for
aviation security has totaled about $26 billion since fiscal year 2004.
This testimony focuses on TSA's efforts to secure the commercial
aviation system through passenger screening, strengthening air cargo
security, and watch-list matching programs, as well as challenges that
remain. It also addresses crosscutting issues that have impeded TSA‘s
efforts in strengthening security. This testimony is based on GAO
reports and testimonies issued from February 2004 through July 2008
including selected updates obtained from TSA officials in June and July
2008.
What GAO Found:
DHS and TSA have undertaken numerous initiatives to strengthen the
security of the nation‘s commercial aviation system, including actions
to address many recommendations made by GAO. TSA has focused its
efforts on, among other things, more efficiently allocating, deploying,
and managing the Transportation Security Officer (TSO)
workforce”formerly known as screeners; strengthening screening
procedures; developing and deploying more effective and efficient
screening technologies; strengthening domestic air cargo security; and
developing a government operated watch-list matching program, known as
Secure Flight. For example, in response to GAO‘s recommendation, TSA
developed a plan to periodically review assumptions in its Staffing
Allocation Model used to determine TSO staffing levels at airports, and
took steps to strengthen its evaluation of proposed procedural changes.
TSA also explored new passenger checkpoint screening technologies to
better detect explosives and other threats, and has taken steps to
strengthen air cargo security, including increasing compliance
inspections of air carriers. Finally, TSA has instilled more discipline
and rigor into Secure Flight‘s systems development, including preparing
key documentation and strengthening privacy protections.
While these efforts should be commended, GAO has identified several
areas that should be addressed to further strengthen security. For
example, TSA made limited progress in developing and deploying
checkpoint technologies due to planning and management challenges. In
addition, TSA faces resource and other challenges in developing a
system to screen 100 percent of cargo transported on passenger aircraft
in accordance with the Implementing Recommendations of the 9/11
Commission Act of 2007. GAO further identified that TSA faced program
management challenges in the development and implementation of Secure
Flight, including developing cost and schedule estimates consistent
with best practices; fully implementing the program‘s risk management
plan; developing a comprehensive testing strategy; and ensuring that
information security requirements are fully implemented.
A variety of crosscutting issues have affected DHS‘s and TSA‘s efforts
in implementing its mission and management functions. For example, TSA
can more fully adopt and apply a risk-management approach in
implementing its security mission and core management functions, and
strengthen coordination activities with key stakeholders. For example,
while TSA incorporated risk-based decision making when modifying
checkpoint screening procedures, GAO reported that TSA‘s analyses that
supported screening procedural changes could be further strengthened.
DHS and TSA have strengthened their efforts in these areas, but more
work remains.
What GAO Recommends:
GAO has made recommendations to the Department of Homeland Security
(DHS) in prior reports and testimony to strengthen screening
operations, air cargo security, and the implementation of the Secure
Flight program. DHS generally concurred with our recommendations and
has taken action to implement a number of them.
To view the full product, including the scope and methodology, click on
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-1024T]. For more
information, contact Cathleen Berrick at (202) 512-3404 or
berrickc@gao.gov.
[End of section]
Mr. Chairman and Members of the Subcommittee:
I appreciate the opportunity to participate in today's hearing to
discuss the security of our nation's commercial aviation system. The
Transportation Security Administration (TSA) was established in
November 2001 with the mission to protect the transportation network
while also ensuring the free movement of people and commerce. Since its
inception, TSA has focused much of its efforts on aviation security,
and has developed and implemented a variety of programs and procedures
to secure commercial aviation. To implement these efforts, TSA funding
for aviation security has totaled about $26 billion since fiscal year
2004. In carrying out its broader homeland security responsibilities,
the Department of Homeland Security (DHS) faces the daunting challenge
of determining how to allocate its finite resources within the
transportation system and across all sectors to address threats and
strengthen security.
My testimony today focuses on TSA's efforts to ensure the security of
the following key areas of commercial aviation, which represent about
$4.5 billion of the President's budget request for TSA for fiscal year
2009: 1) screening operations, including transportation security
officer (TSO) and private screener allocations, screening procedures,
and checkpoint screening technologies; 2) air cargo; and 3) passenger
watch-list matching. In particular, I will address the numerous efforts
TSA has taken or plans to take to strengthen security in these areas
and the challenges that remain, as well as crosscutting issues that
have impeded TSA's efforts.
My comments are based on GAO reports and testimonies issued from
February 2004 through July 2008 addressing the security of the nation's
commercial aviation system. We also obtained selected updates to this
work from TSA officials in June and July 2008. We conducted these
performance audits in accordance with generally accepted government
auditing standards. Those standards require that we plan and perform
the audit to obtain sufficient, appropriate evidence to provide a
reasonable basis for our findings and conclusions based on our audit
objectives. We believe that the evidence obtained provides a reasonable
basis for our findings and conclusions based on our audit objectives.
Summary:
DHS and TSA have undertaken numerous initiatives to strengthen the
security of the nation's commercial aviation system and more
effectively guide program investments, including taking steps to
address many of our prior recommendations. Specifically, DHS and TSA
have, among other things, developed and implemented a Staffing
Allocation Model to determine staffing levels for Transportation
Security Officers (TSO), formerly known as screeners, at airports that
reflect current operating conditions, and provided TSOs with additional
training intended to enhance the detection of threat objects. TSA also
proposed and implemented modifications to passenger checkpoint
screening procedures based on risk (threat and vulnerability)
information, while considering efficiency and customer service needs.
TSA also explored new passenger checkpoint screening technologies to
enhance the detection of explosives and other threats, and took steps
to strengthen air cargo security, including conducting vulnerability
assessments at several domestic airports and inspections of air
carriers to ensure that they are complying with existing security
requirements. Finally, TSA has instilled more discipline and rigor into
Secure Flight's development and implementation, including preparing key
systems development documentation and strengthening privacy
protections.
While these efforts should be commended, we have reported on several
areas in which TSA could do more to strengthen security. For example,
we reported that some assumptions used in TSA's Staffing Allocation
Model did not accurately reflect airport operating conditions and
recommended that TSA establish a plan for reviewing these assumptions
on a periodic basis. TSA agreed with this recommendation and
subsequently developed a plan that the agency will use to review and
validate model assumptions. We also reported that TSA could improve its
process for evaluating the effectiveness of proposed changes to
passenger screening procedures before implementing them nationwide, and
that limited progress has been made in developing and deploying
checkpoint technologies due to planning and management challenges. With
respect to air cargo, we reported that TSA may face resource and other
challenges in developing a system to screen 100 percent of cargo
transported on passenger aircraft in accordance with the Implementing
Recommendations of the 9/11 Commission Act of 2007. Moreover, while TSA
has made considerable progress in the development and implementation of
Secure Flight, it has not fully addressed program management issues
related to developing cost and schedule estimates consistent with best
practices and developing a comprehensive testing strategy, among other
things. We made a number of recommendations to strengthen TSA's efforts
in these areas, to which TSA agreed.
A variety of crosscutting issues have affected DHS's and TSA's efforts
in implementing its mission and management functions. For example, TSA
has not always implemented effective strategic planning efforts, fully
developed performance measures, or put into place structures to help
ensure that it is managing for results. In addition, TSA can more fully
adopt and apply a risk-management approach in implementing its security
mission and core management functions, and more fully coordinate its
activities with key stakeholders.[Footnote 1] For example, while TSA
incorporated risk-based decision making when modifying checkpoint
screening procedures, we reported that TSA's analyses that supported
screening procedural changes could be strengthened. We also reported
that opportunities exist for TSA to work with foreign governments and
industry to identify best practices for securing air cargo, and
recommended that TSA systematically compile and analyze information on
practices used abroad to identify those that may strengthen the
department's overall security efforts. TSA has strengthened its efforts
in these areas, but more work remains.
Background:
The Aviation and Transportation Security Act (ATSA), enacted in
November 2001, created TSA and gave it responsibility for securing all
modes of transportation.[Footnote 2] As part of this responsibility,
TSA oversees security operations at the nation's more than 400
commercial airports, including establishing requirements for passenger
and checked baggage screening and ensuring the security of air cargo
transported to, from, and within the United States. TSA has operational
responsibility for conducting passenger and checked baggage screening
at most airports, and has regulatory, or oversight, responsibility, for
air carriers who conduct air cargo screening. While TSA took over
responsibility for passenger checkpoint and baggage screening, air
carriers have continued to conduct passenger watch-list matching in
accordance with TSA requirements, which includes the process of
matching passenger information against the No Fly List and Selectee
lists before flights depart.[Footnote 3] TSA is currently developing a
program, known as Secure Flight, to take over this responsibility from
air carriers for passengers on domestic flights, and plans to assume
from the U.S. Customs and Border Protection (CBP) this pre-departure
name-matching function for passengers on international flights
traveling to or from the United States.
Prior to ATSA, passenger and checked baggage screening had been
performed by private screening companies under contract to airlines.
ATSA established TSA and required it to create a federal workforce to
assume the job of conducting passenger and checked baggage screening at
commercial airports. The federal screener workforce was put into place,
as required, by November 2002.[Footnote 4] Passenger screening systems
are composed of three elements: the people (TSOs) responsible for
conducting the screening of airline passengers and their carry-on
items, the technology used during the screening process, and the
procedures TSOs are to follow to conduct screening. Collectively, these
elements help to determine the effectiveness and efficiency of
passenger screening operations.
TSA's responsibilities for securing air cargo include, among other
things, establishing security rules and regulations governing domestic
and foreign passenger air carriers that transport cargo, domestic and
foreign all-cargo carriers that transport cargo, and domestic freight
forwarders.[Footnote 5] TSA is also responsible for overseeing the
implementation of air cargo security requirements by air carriers and
freight forwarders through compliance inspections, and, in coordination
with DHS's Science and Technology (S&T) Directorate, for conducting
research and development of air cargo security technologies. Air
carriers (passenger and all-cargo) are responsible for implementing TSA
security requirements, predominantly through TSA-approved security
programs that describe the security policies, procedures, and systems
the air carrier will implement and maintain to comply with TSA security
requirements. Air carriers must also abide by security requirements
issued by TSA through security directives or emergency amendments to
air carrier security programs.
Air carriers use several methods and technologies to screen domestic
and inbound air cargo. These include manual physical searches and
comparisons between airway bills and cargo contents to ensure that the
contents of the cargo shipment matches the cargo identified in
documents filed by the shipper, as well as using approved technology,
such as X-ray systems, explosives trace detection systems,
decompression chambers, explosive detection systems, and certified
explosive detection canine teams.[Footnote 6] Under TSA's security
requirements for domestic, outbound and inbound air cargo, passenger
air carriers are currently required to randomly screen a specific
percentage of nonexempt air cargo pieces listed on each airway bill.
[Footnote 7] TSA's air cargo security requirements currently allow
passenger air carriers to exempt certain types of cargo from physical
screening. For such cargo, TSA has authorized the use of TSA-approved
alternative methods for screening, which can consist of verifying
shipper information and conducting a visual inspection of the cargo
shipment. TSA requires all-cargo carriers to screen 100 percent of air
cargo that exceeds a specific weight threshold. As of October 2006,
domestic freight forwarders are also required, under certain
conditions, to screen a certain percentage of air cargo prior to its
consolidation. TSA, however, does not regulate foreign freight
forwarders, or individuals or businesses that have their cargo shipped
by air to the United States. Under the Implementing Recommendations of
the 9/11 Commission Act of 2007, DHS is required to implement a system
to screen 50 percent of air cargo transported on passenger aircraft by
February 2009, and 100 percent of such cargo by August 2010.[Footnote
8]
The prescreening of airline passengers who may pose a security risk
before they board an aircraft is one of many layers of security
intended to strengthen commercial aviation. To further enhance
commercial aviation security and in accordance with the Intelligence
Reform and Terrorism Prevention Act of 2004, TSA is developing the
Secure Flight program to assume from air carriers the function of
matching passenger information against government-supplied terrorist
watch-lists for domestic flights.[Footnote 9] TSA expects to assume
from air carriers the watch-list matching for domestic flights
beginning in January 2009 and to assume this watch-list matching
function from CBP for flights departing from and to the United States
by fiscal year 2010.
TSA Has Made Significant Enhancements to Its Passenger Screening
Operations, but Can Further Strengthen Its Efforts:
TSA has taken steps to strengthen the three key elements of the
screening system--people (TSOs and private screeners), screening
procedures, and technology--but has faced management, planning and
funding challenges. For example, TSA has implemented several efforts
intended to strengthen the allocation of its TSO workforce. We reported
in February 2004 that staffing shortages and TSA's hiring process had
hindered the ability of some Federal Security Directors (FSD)--the
ranking TSA authorities responsible for leading and coordinating
security activities at airports--to provide sufficient resources to
staff screening checkpoints and oversee screening operations at their
checkpoints without using additional measures such as overtime.
[Footnote 10] Since that time, TSA has developed a Staffing Allocation
Model to determine TSO staffing levels at airports. FSDs we interviewed
during 2006 as part of our review of TSA's staffing model generally
reported that the model is a more accurate predictor of staffing needs
than TSA's prior staffing model. However, FSDs expressed concerns about
assumptions used in the fiscal year 2006 model related to the use of
part-time TSOs, TSO training requirements, and TSOs' operational
support duties. To help ensure that TSOs are effectively utilized, we
recommended that TSA establish a policy for when TSOs can be used to
provide operational support. Consistent with our recommendation, in
March 2007, TSA issued a management directive that provides guidance on
assigning TSOs, through detail or permanent promotion, to duties of
another position for a specified period of time. We also recommended
that TSA establish a formal, documented plan for reviewing all of the
model assumptions on a periodic basis to ensure that the assumptions
result in TSO staffing allocations that accurately reflect operating
conditions that may change over time. TSA agreed with our
recommendation and, in December 2007, developed a Staffing Allocation
Model Rates and Assumptions Validation Plan. The plan identifies the
process TSA plans to use to review and validate the model's assumptions
on a periodic basis.
Although we did not independently review TSA's staffing allocation for
fiscal year 2008, TSA's fiscal year 2009 budget justification
identified that the agency has achieved operational and efficiency
gains that enabled them to implement or expand several workforce
initiatives involving TSOs. For example, TSA implemented the travel
document checker program at over 259 of the approximately 450 airports
nationwide during fiscal year 2007. This program is intended to ensure
that only passengers with authentic travel documents access the sterile
areas of airports and board aircraft. TSA also deployed 643 behavior
detection officers to 42 airports during fiscal year 2007. These
officers screen passengers by observation techniques to identify
potentially high-risk passengers based on involuntary physical and
physiological reactions.
In addition to TSA's efforts to strengthen the allocation of its TSO
workforce, TSA has taken steps to strengthen passenger checkpoint
screening procedures to enhance the detection of prohibited items.
However, we have identified areas where TSA could improve its
evaluation and documentation of proposed procedures. In April 2007, we
reported that TSA officials considered modifications to its standard
operating procedures (SOP) based on risk information (threat and
vulnerability information), daily experiences of staff working at
airports, and complaints and concerns raised by the traveling public.
[Footnote 11] We further reported that for more significant SOP
modifications, TSA first tested the proposed modifications at selected
airports to help determine whether the changes would achieve their
intended purpose, as well as to assess its impact on screening
operations. However, we reported that TSA's data collection and
analyses could be improved to help TSA determine whether proposed
procedures that are operationally tested would achieve their intended
purpose. We also found that TSA's documentation on proposed
modifications to screening procedures was not complete. We recommended
that TSA develop sound evaluation methods, when possible, to assess
whether proposed screening changes would achieve their intended purpose
and generate and maintain documentation on proposed screening changes
that are deemed significant. DHS generally agreed with our
recommendations and TSA has taken some steps to implement them. For
example, for several proposed SOP changes considered during the fall of
2007, TSA provided documentation that identified the sources of the
proposed changes and the reasons why the agency decided to accept or
reject the proposed changes.
With respect to technologies, we reported in February 2007 that S&T and
TSA were exploring new passenger checkpoint screening technologies to
enhance the detection of explosives and other threats.[Footnote 12] Of
the various emerging checkpoint screening projects funded by TSA and
S&T, the explosive trace portal, the bottled liquids scanning device,
and Advanced Technology Systems have been deployed to airport
checkpoints. A number of additional projects have initiated
procurements or are being researched and developed. For example, TSA
has procured 34 scanners for screening passenger casts and prosthetic
devices to be deployed in July 2008. In addition, TSA has procured 20
checkpoint explosive detection systems and plans to deploy these in
August 2008. Further, TSA plans to finish its testing of whole body
imagers during fiscal year 2009 and begin deploying 150 of these units
by fiscal year 2010.
Despite TSA's efforts to develop passenger checkpoint screening
technologies, we reported that limited progress has been made in
fielding explosives detection technology at airport checkpoints in part
due to challenges S&T and TSA faced in coordinating research and
development efforts. For example, we reported that TSA had anticipated
that the explosives trace portals would be in operation throughout the
country during fiscal year 2007. However, due to performance and
maintenance issues, TSA halted the acquisition and deployment of the
portals in June 2006. As a result, TSA has fielded less than 25 percent
of the 434 portals it projected it would deploy by fiscal year 2007. In
addition to the portals, TSA has fallen behind in its projected
acquisition of other emerging screening technologies. For example, we
reported that the acquisition of 91 whole body imagers was previously
delayed in part because TSA needed to develop a means to protect the
privacy of passengers screened by this technology.
While TSA and DHS have taken steps to coordinate the research,
development and deployment of checkpoint technologies, we reported in
February 2007 that challenges remained. For example, TSA and S&T
officials stated that they encountered difficulties in coordinating
research and development efforts due to reorganizations within TSA and
S&T. Since our February 2007 testimony, according to TSA and S&T,
coordination between them has improved. We also reported that TSA did
not have a strategic plan to guide its efforts to acquire and deploy
screening technologies, and that a lack of a strategic plan or approach
could limit TSA's ability to deploy emerging technologies at those
airport locations deemed at highest risk. TSA officials stated that
they plan to submit the strategic plan for checkpoint technologies
mandated by Division E of the Consolidated Appropriations Act, 2008,
during the summer of 2008. We will continue to evaluate S&T's and TSA's
efforts to research, develop and deploy checkpoint screening
technologies as part of our ongoing review.
TSA Has Taken Action to Strengthen Air Cargo Security, but May Face
Challenges in Developing a System to Screen All Cargo Transported on
Passenger Aircraft:
TSA has taken steps to enhance domestic and inbound air cargo security,
but more work remains to strengthen this area of aviation security. For
example, TSA has issued an Air Cargo Strategic Plan that focused on
securing the domestic air cargo supply chain. However, in April 2007,
we reported that this plan did not include goals and objectives for
addressing the security of inbound air cargo, or cargo transported into
the United States from a foreign location, which presents different
security challenges than cargo transported domestically.[Footnote 13]
We also reported that TSA had not conducted vulnerability assessments
to identify the range of security weaknesses that could be exploited by
terrorists related to air cargo operations. We further reported that
TSA had established requirements for air carriers to randomly screen
air cargo, but had exempted some domestic and inbound cargo from
screening. With respect to inbound air cargo, we reported that TSA
lacked an inspection plan with performance goals and measures for its
inspection efforts, and recommended that TSA develop such a plan. TSA
is also taking steps to compile and analyze information on air cargo
security practices used abroad to identify those that may strengthen
DHS's overall air cargo security program, as we recommended. According
to TSA officials, the agency's proposed Certified Cargo Screening
Program (CCSP) is based on their review of foreign countries' models
for screening air cargo. TSA officials believe this program will assist
the agency in meeting the requirement to screen 100 percent of cargo
transported on passenger aircraft by August 2010, as mandated by the
Implementing Recommendations of the 9/11 Commission Act of 2007.
Through TSA's proposed CCSP, the agency plans on allowing the screening
of air cargo to take place at various points throughout the air cargo
supply chain. Under the CCSP, Certified Cargo Screening Facilities
(CCSF), such as shippers, manufacturing facilities and freight
forwarders that meet security requirements established by TSA, will
volunteer to screen cargo prior to its loading onto an aircraft. Due to
the voluntary nature of this program, participation of the air cargo
industry is critical to the successful implementation of the CCSP.
According to TSA officials, air carriers will ultimately be responsible
for screening 100 percent of cargo transported on passenger aircraft
should air cargo industry entities not volunteer to become a CCSF. In
July 2008, however, we reported that TSA may face challenges as it
proceeds with its plans to implement a system to screen 100 percent of
cargo transported on passenger aircraft by August 2010.[Footnote 14]
Specifically, we reported that DHS has not yet completed its
assessments of the technologies TSA plans to approve for use as part of
the CCSP for screening and securing cargo. We also reported that
although TSA has taken steps to eliminate the majority of exempted
domestic and outbound cargo that it has not required to be screened,
the agency currently plans to continue to exempt some types of domestic
and outbound cargo from screening after August 2010.[Footnote 15]
Moreover, we found that TSA has begun analyzing the results of air
cargo compliance inspections and has hired additional compliance
inspectors dedicated to air cargo. However, according to agency
officials, TSA will need additional air cargo inspectors to oversee the
efforts of the potentially thousands of entities that may participate
in the CCSP once it is fully implemented. Finally, we reported that
more work remains for TSA to strengthen the security of inbound cargo.
Specifically, the agency has not yet finalized its strategy for
securing inbound cargo or determined how, if at all, inbound cargo will
be screened as part of its proposed CCSP.
DHS Has Made Progress in Developing and Implementing the Secure Flight
Program, but Challenges Remain That May Hinder the Program Moving
Forward:
Over the past several years, TSA has faced a number of challenges in
developing and implementing an advanced prescreening system, known as
Secure Flight, which will allow TSA to assume responsibility from air
carriers for comparing domestic passenger information against the No
Fly and Selectee lists. We reported in February 2008 that TSA had made
substantial progress in instilling more discipline and rigor in
developing and implementing Secure Flight, but that challenges remain
that may hinder the program's progress moving forward. For example, TSA
had taken numerous steps to address previous GAO recommendations
related to strengthening Secure Flight's development and
implementation, as well as additional steps designed to strengthen the
program. Among other things, TSA developed a detailed, conceptual
description of how the system is to operate, commonly referred to as a
concept of operations; established a cost and schedule baseline;
developed security requirements; developed test plans; conducted
outreach with key stakeholders; published a notice of proposed
rulemaking on how Secure Flight is to operate; worked with CBP to
integrate the domestic watch list matching function with the
international watch list matching function currently operated by CBP;
and issued a guide to key stakeholders (e.g., air carriers and CBP)
that defines, among other things, system data requirements.
Collectively, these efforts have enabled TSA to more effectively manage
the program's development and implementation.
However, challenges remain that may hinder the program's progress
moving forward. In February 2008, we reported that TSA had not (1)
developed program cost and schedule estimates consistent with best
practices; (2) fully implemented its risk management plan; (3) planned
for system end-to-end testing in test plans; and (4) ensured that
information-security requirements are fully implemented. To address
these challenges, we made several recommendations to DHS and TSA to
incorporate best practices in Secure Flight's cost and schedule
estimates and to fully implement the program's risk-management,
testing, and information-security requirements. DHS and TSA officials
generally agreed with these recommendations. We will continue to
evaluate TSA's efforts to develop and implement Secure Flight as part
of our ongoing review.
Crosscutting Issues Have Hindered DHS's and TSA's Efforts in
Implementing Its Mission and Management Functions:
Our work has identified homeland security challenges that cut across
DHS's and TSA's mission and core management functions. These issues
have impeded the department's and TSA's progress since its inception
and will continue to confront the department as it moves forward. For
example, DHS and TSA have not always implemented effective strategic
planning efforts and have not yet fully developed performance measures
or put into place structures to help ensure that they are managing for
results. For example, with regard to TSA's efforts to secure air cargo,
we reported in October 2005 and April 2007 that TSA completed an Air
Cargo Strategic Plan that outlined a threat-based risk-management
approach to securing the nation's domestic air cargo system. However,
TSA had not developed a similar strategy for addressing the security of
inbound air cargo, including how best to partner with CBP and
international air cargo stakeholders. In addition, although DHS and TSA
have made risk-based decision making a cornerstone of departmental and
agency policy, TSA could strengthen its application of risk management
in implementing its mission functions. For example, TSA incorporated
risk-based decision making when making modifications to airport
checkpoint screening procedures, to include modifying procedures based
on intelligence information and vulnerabilities identified through
covert testing at airport checkpoints. However, in April 2007, we
reported that TSA's analyses that supported screening procedural
changes could be strengthened. For example, TSA officials based their
decision to revise the prohibited items list to allow passengers to
carry small scissors and tools onto aircraft based on their review of
threat information--which indicated that these items do not pose a high
risk to the aviation system--so that TSOs could concentrate on higher
threat items.[Footnote 16] However, TSA officials did not conduct the
analysis necessary to help them determine whether this screening change
would affect TSO's ability to focus on higher-risk threats.[Footnote
17]
We also reported that, although improvements are being made, homeland
security roles and responsibilities within and between the levels of
government, and with the private sector, are evolving and need to be
clarified. For example, we reported that opportunities exist for TSA to
work with foreign governments and industry to identify best practices
for securing air cargo, and recommended that TSA systematically compile
and analyze information on practices used abroad to identify those that
may strengthen the department's overall security efforts.[Footnote 18]
TSA has subsequently reviewed the models used in two foreign countries
that rely on government-certified screeners to screen air cargo to
facilitate the design of the agency's proposed CCSP. Regarding efforts
to respond to in-flight security threats, which, depending on the
nature of the threat, could involve more than 15 federal agencies and
agency components, in July 2007, we recommended that DHS and other
departments document and share their respective coordination and
communication strategies and response procedures, to which DHS agreed.
[Footnote 19]
Mr. Chairman this concludes my statement. I would be pleased to answer
any questions that you or other members of the committee may have at
this time.
Contacts and Acknowledgements:
For further information on this testimony, please contact Cathleen A.
Berrick at (202) 512-3404 or berrickc@gao.gov. Contact points for our
Offices of Congressional Relations and Public Affairs may be found on
the last page of this statement.
In addition to the contact named above, Chris Currie; Joe Dewechter;
Vanessa DeVeau; Thomas Lombardi; Steve Morris, Assistant Director; Meg
Ullengren; and Margaret Vo made contributions to this testimony.
[End of section]
Footnotes:
[1] A risk management approach entails a continuous process of managing
risk through a series of actions, including setting strategic goals and
objectives, assessing risk, evaluating alternatives, selecting
initiatives to undertake, and implementing and monitoring those
initiatives.
[2] See Pub. L. No. 107-71, 115 Stat. 597 (2001).
[3] Passengers identified as being on the No Fly List must be denied
boarding passes and must not be permitted to fly unless cleared in
accordance with TSA security requirements. Passengers on the Selectee
List are to be issued boarding passes, but they and their baggage are
to undergo additional security measures.
[4] In addition to establishing a federal screening workforce and in
accordance with ATSA, TSA established a pilot program at five airports
where private screening companies under contract to TSA performed
screening activities. See 49 U.S.C. § 44919. In 2004, consistent with
ATSA, TSA established a program to allow airports to apply to opt-out
of federal screening and to use private screeners under contract with
TSA. See 49 U.S.C. § 44920. Ten airports and 1 heliport currently have
screening operations conducted by private screening contractors under
TSA's Screening Partnership Program.
[5] A freight forwarder consolidates cargo from many shippers and takes
it to air carriers for transport.
[6] Explosives Trace Detection requires human operators to collect
samples of items to be screened with swabs, which are chemically
analyzed to identify any traces of explosive material. Decompression
chambers simulate the pressures acting on an aircraft by simulating
flight conditions, which cause explosives that are attached to
barometric fuses to detonate. An explosive detection system uses
computer-aided tomography X-rays to examine objects inside baggage and
identify the characteristic signatures of threat explosives. Certified
explosives detection canine teams have been evaluated by TSA and shown
to effectively detect explosive devices.
[7] Cargo transported by air within the United States is referred to as
domestic air cargo and cargo that is transported into the United States
from abroad by either U.S. or foreign-operated air carriers is referred
to as inbound air cargo.
[8] See Pub. L. No. 110-53, § 1602(a), 121 Stat. 266, 477-479 (2007)
(codified at 49 U.S.C. § 44901(g)).
[9] See Pub. L. No. 108-458, § 4012(a), 118 Stat. 3638, 3714-18 (2004)
(codified at 49 U.S.C. § 44903(j)(2)(C)).
[10] GAO, Aviation Security: Challenges Exist in Stabilizing and
Enhancing Passenger and Baggage Screening Operations, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-04-440T] (Washington, D.C.: Feb.
12, 2004).
[11] GAO, Aviation Security: Risk, Experience, and Customer Concerns
Drive Changes to Airline Passenger Screening Procedures, but Evaluation
and Documentation of Proposed Changes Could Be Improved, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-634] (Washington, D.C.: April
16, 2007).
[12] GAO, Aviation Security: Progress Made in Systematic Planning to
Guide Key Investment Decisions, but More Work Remains, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-448T] (Washington, D.C.:
February 13, 2007).
[13] GAO, Aviation Security: Federal Efforts to Secure U.S.-Bound Air
Cargo Are in the Early Stages and Could Be Strengthened, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-07-660] (Washington, D.C.: April
2007).
[14] GAO, Aviation Security: Transportation Security Administration May
Face Resource and other Challenges in Developing a System to Screen All
Cargo Transported on Passenger Aircraft, [hyperlink,
http://www.gao.gov/cgi-bin/getrpt?GAO-08-959T (Washington, D.C.: July
2008). The Implementing Recommendations of the 9/11 Commission Act of
2007 defines "screening" for purposes of satisfying the 100 percent
screening mandate. See 49 U.S.C. § 44901(g)(5).
[15] Cargo transported by air from the United States to a foreign
location is referred to as outbound air cargo.
[16] [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-634].
[17] [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-634].
[18] See [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-660].
[19] GAO, Aviation Security: Federal Coordination for Responding to In-
flight Security Threats Has Matured, but Procedures Can Be
Strengthened, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-
891R] (Washington, D.C.: July 31, 2007).
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office:
441 G Street NW, Room LM:
Washington, D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
