Commercial Vehicle Security
Risk-Based Approach Needed to Secure the Commercial Vehicle Sector Gao ID: GAO-09-85 February 27, 2009Numerous incidents around the world have highlighted the vulnerability of commercial vehicles to terrorist acts. Commercial vehicles include over 1 million highly diverse truck and intercity bus firms. Within the Department of Homeland Security (DHS), the Transportation Security Administration (TSA) has primary federal responsibility for ensuring the security of the commercial vehicle sector, while vehicle operators are responsible for implementing security measures for their firms. GAO was asked to examine: (1) the extent to which TSA has assessed security risks for commercial vehicles; (2) actions taken by key stakeholders to mitigate identified risks; and (3) TSA efforts to coordinate its security strategy with other federal, state, and private sector stakeholders. GAO reviewed TSA plans, assessments, and other documents; visited a nonrandom sample of 26 commercial truck and bus companies of varying sizes, locations, and types of operations; and interviewed TSA and other federal and state officials and industry representatives.
TSA has taken actions to evaluate the security risks associated with the commercial vehicle sector, including assessing threats and initiating vulnerability assessments, but more work remains to fully gauge security risks. Risk assessment uses a combined analysis of threat, vulnerability, and consequence to estimate the likelihood of terrorist attacks and the severity of their impact. TSA conducted threat assessments of the commercial vehicle sector and has also cosponsored a vulnerability assessment pilot program in Missouri. However, TSA's threat assessments generally have not identified the likelihood of specific threats, as required by DHS policy. TSA has also not determined the scope, method, and time frame for completing vulnerability assessments of the commercial vehicle sector. In addition, TSA has not conducted consequence assessments, or leveraged the consequence assessments of other sectors. As a result of limitations with its threat, vulnerability, and consequence assessments, TSA cannot be sure that its approach for securing the commercial vehicle sector addresses the highest priority security needs. Moreover, TSA has not developed a plan or time frame to complete a risk assessment of the sector. Nor has TSA completed a report on commercial trucking security as required by the Implementing Recommendations of the 9/11 Commission Act (9/11 Commission Act). Key government and industry stakeholders have taken actions to strengthen the security of commercial vehicles, but TSA has not assessed the effectiveness of federal programs. TSA and the Department of Transportation (DOT) have implemented programs to strengthen security, particularly those emphasizing the protection of hazardous materials. States have also worked collaboratively to strengthen commercial vehicle security through their transportation and law enforcement officials' associations, and the establishment of fusion centers. TSA also has begun developing and using performance measures to monitor the progress of its program activities to secure the commercial vehicle sector, but has not developed measures to assess the effectiveness of these actions in mitigating security risks. Without such information, TSA will be limited in its ability to measure its success in enhancing commercial vehicle security. While TSA has also taken actions to improve coordination with federal, state, and industry stakeholders, more can be done to ensure that these coordination efforts enhance security for the sector. TSA signed joint agreements with DOT and supported the establishment of intergovernmental and industry councils to strengthen collaboration. TSA and DOT completed an agreement to avoid duplication of effort as required by the 9/11 Commission Act. However, some state and industry officials GAO interviewed reported that TSA had not clearly defined stakeholder roles and responsibilities consistent with leading practices for collaborating agencies. TSA has not developed a means to monitor and assess the effectiveness of its coordination efforts. Without enhanced coordination with the states, TSA will have difficulty expanding its vulnerability assessments.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-09-85, Commercial Vehicle Security: Risk-Based Approach Needed to Secure the Commercial Vehicle Sector
This is the accessible text file for GAO report number GAO-09-85
entitled 'Commercial Vehicle Security: Risk-Based Approach Needed to
Secure the Commercial Vehicle Sector' which was released on March 27,
2009.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to the Chairman, Committee on Homeland Security, House of
Representatives:
United States Government Accountability Office:
GAO:
February 2009:
Commercial Vehicle Security:
Risk-Based Approach Needed to Secure the Commercial Vehicle Sector:
Commercial Vehicle Security:
GAO-09-85:
GAO Highlights:
Highlights of GAO-09-85, a report to the Chairman, Committee on
Homeland Security, House of Representatives.
Why GAO Did This Study:
Numerous incidents around the world have highlighted the vulnerability
of commercial vehicles to terrorist acts. Commercial vehicles include
over 1 million highly diverse truck and intercity bus firms. Within the
Department of Homeland Security (DHS), the Transportation Security
Administration (TSA) has primary federal responsibility for ensuring
the security of the commercial vehicle sector, while vehicle operators
are responsible for implementing security measures for their firms. GAO
was asked to examine: (1) the extent to which TSA has assessed security
risks for commercial vehicles; (2) actions taken by key stakeholders to
mitigate identified risks; and (3) TSA efforts to coordinate its
security strategy with other federal, state, and private sector
stakeholders. GAO reviewed TSA plans, assessments, and other documents;
visited a nonrandom sample of 26 commercial truck and bus companies of
varying sizes, locations, and types of operations; and interviewed TSA
and other federal and state officials and industry representatives.
What GAO Found:
TSA has taken actions to evaluate the security risks associated with
the commercial vehicle sector, including assessing threats and
initiating vulnerability assessments, but more work remains to fully
gauge security risks. Risk assessment uses a combined analysis of
threat, vulnerability, and consequence to estimate the likelihood of
terrorist attacks and the severity of their impact. TSA conducted
threat assessments of the commercial vehicle sector and has also
cosponsored a vulnerability assessment pilot program in Missouri.
However, TSA‘s threat assessments generally have not identified the
likelihood of specific threats, as required by DHS policy. TSA has also
not determined the scope, method, and time frame for completing
vulnerability assessments of the commercial vehicle sector. In
addition, TSA has not conducted consequence assessments, or leveraged
the consequence assessments of other sectors. As a result of
limitations with its threat, vulnerability, and consequence
assessments, TSA cannot be sure that its approach for securing the
commercial vehicle sector addresses the highest priority security
needs. Moreover, TSA has not developed a plan or time frame to complete
a risk assessment of the sector. Nor has TSA completed a report on
commercial trucking security as required by the Implementing
Recommendations of the 9/11 Commission Act (9/11 Commission Act).
Key government and industry stakeholders have taken actions to
strengthen the security of commercial vehicles, but TSA has not
assessed the effectiveness of federal programs. TSA and the Department
of Transportation (DOT) have implemented programs to strengthen
security, particularly those emphasizing the protection of hazardous
materials. States have also worked collaboratively to strengthen
commercial vehicle security through their transportation and law
enforcement officials‘ associations, and the establishment of fusion
centers. TSA also has begun developing and using performance measures
to monitor the progress of its program activities to secure the
commercial vehicle sector, but has not developed measures to assess the
effectiveness of these actions in mitigating security risks. Without
such information, TSA will be limited in its ability to measure its
success in enhancing commercial vehicle security.
While TSA has also taken actions to improve coordination with federal,
state, and industry stakeholders, more can be done to ensure that these
coordination efforts enhance security for the sector. TSA signed joint
agreements with DOT and supported the establishment of
intergovernmental and industry councils to strengthen collaboration.
TSA and DOT completed an agreement to avoid duplication of effort as
required by the 9/11 Commission Act. However, some state and industry
officials GAO interviewed reported that TSA had not clearly defined
stakeholder roles and responsibilities consistent with leading
practices for collaborating agencies. TSA has not developed a means to
monitor and assess the effectiveness of its coordination efforts.
Without enhanced coordination with the states, TSA will have difficulty
expanding its vulnerability assessments.
What GAO Recommends:
GAO is recommending that TSA develop a plan and time frame for
completing risk assessments, develop performance measures that assess
the effectiveness of federal commercial vehicle security programs,
fully define stakeholder roles and responsibilities, and assess its
coordination efforts. DHS concurred with our recommendations.
To view the full product, including the scope and methodology, click on
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-09-85]. For more
information, contact Cathleen Berrick at (202) 512-3404 or
berrickc@gao.gov.
[End of section]
Contents:
[End of section]
United States Government Accountability Office:
Washington, DC 20548:
February 27, 2009:
The Honorable Bennie G. Thompson:
Chairman:
Committee on Homeland Security:
House of Representatives:
Dear Mr. Chairman:
Numerous incidents around the world have highlighted the vulnerability
and accessibility of commercial trucks and buses to terrorists and
other persons intending to do harm, including domestic attacks using
commercial trucks at the Oklahoma City Murrah Federal Building in 1995
(fig. 1) and the World Trade Center in 1993, as well as bombings using
trucks of U.S. embassies in Kenya and Tanzania in 1998. Between 1997
and 2008, there have been 510 terrorist truck and bus bombing attacks
worldwide resulting in over 6,000 deaths and, due in large part to the
current conflict in Iraq, there was a large surge of truck bombings
during 2007. Commercial vehicles play an essential role in moving goods
and people throughout the country. For purposes of this report,
commercial vehicles refers to those vehicles used in the commercial
trucking industry (e.g., for-hire and private trucks moving freight,
rental trucks, and trucks carrying hazardous materials) and the
commercial motor coach industry (i.e., intercity, tour, and charter
buses).[Footnote 1]
Figure 1: Murrah Federal Building, Oklahoma City:
Image: Murrah Federal Building, Oklahoma City.
[Refer to PDF for image]
Source: Disaster Assistance and Rescue Team, Ames Research Center,
National Aeronautics and Space Administration.
[End of figure]
More than a million commercial trucking companies transport 65 percent
of the nation's daily freight, including almost 800,000 shipments of
hazardous materials daily. Commercial buses carry 775 million
passengers annually, more than commercial aviation carries. The
openness of the nation's highway transportation system allows these
vehicles and their operators to move freely and, with the exception of
commercial trucks carrying hazardous materials, under almost no
restrictions. The open operational environment, sizeable volume, and
accessibility of commercial vehicles also presents challenges in
addressing potential threats to the system. The Department of Homeland
Security's (DHS) Transportation Security Administration (TSA) has
primary responsibility for securing the commercial vehicle
sector.[Footnote 2] Within TSA, the Highway and Motor Carrier (HMC)
Division is responsible for ensuring highway and motor carrier
security. The Department of Transportation's (DOT) Pipeline and
Hazardous Materials Safety Administration (PHMSA) and Federal Motor
Carrier Safety Administration (FMCSA), state and local law enforcement
agencies, and private companies that own and operate commercial
vehicles also have responsibilities related to the security of
commercial vehicles. PHMSA is responsible for developing hazardous
materials security regulations, and FMCSA is responsible for enforcing
those regulations through safety and security inspections. State and
local governments coordinate with FMCSA as they conduct their own
safety and security inspections, while private commercial vehicle firms
are ultimately responsible for personnel, vehicle, and terminal
security within the commercial vehicle sector.
Given competing homeland security priorities and limited resources,
Congress and the executive branch must make difficult policy decisions
in order to prioritize security efforts and direct resources to the
areas of greatest risk among all transportation modes and across other
nationally critical sectors, such as the chemical and energy sectors.
Within the commercial vehicle sector, federal, state, and local
agencies and private commercial vehicle firms must also identify and
invest in appropriate security measures to safeguard the industry while
supporting other capital and operational improvements. The National
Commission on Terrorist Attacks upon the United States (the 9/11
Commission) recommended that the federal government use risk management
principles to determine how best to allocate limited resources.
Further, the Intelligence Reform and Terrorism Prevention Act of 2004
requires DHS to develop risk-based priorities across all transportation
modes in its National Strategy for Transportation Security.[Footnote 3]
A risk management approach entails a continuous process of managing
risks through a series of actions, including setting strategic goals
and objectives, assessing and quantifying risks, evaluating alternative
security measures, selecting which measures to undertake, and
implementing and monitoring those measures. The Secretary of DHS and
the Assistant Secretary, TSA, have identified that risk-based decision
making is a cornerstone of departmental and agency policy.
Homeland Security Presidential Directive 7 (HSPD-7), issued in December
2003, directed DHS to establish policies and approaches for integrating
critical infrastructure protection and risk management activities.
Specifically, federal departments and agencies, working with state and
local governments and the private sector, are to identify, prioritize,
and coordinate the protection of critical infrastructure and key
resources to prevent, deter, and mitigate the effects of deliberate
efforts to destroy, incapacitate, or exploit them.[Footnote 4] As
required by HSPD-7, in June 2006, DHS issued the National
Infrastructure Protection Plan (NIPP), which outlines national goals,
objectives, milestones, and key initiatives with respect to the
protection of critical infrastructure and provides a framework for the
development of sector-specific security plans. In accordance with the
NIPP and Executive Order 13416, DHS developed the Transportation
Systems Sector-specific Plan (TSSP) to govern its strategy for securing
the transportation sector, as well as annexes for each mode of
transportation, including highway infrastructure and motor carrier
transportation. The NIPP and TSSP require a strategy based on a risk
assessment process of considering threat, vulnerability, and
consequence assessments together to determine the likelihood of
terrorist attacks and the severity of their impact.
You expressed interest in the progress TSA has made in setting
priorities and implementing measures to enhance the security of
commercial vehicles, as well as the security practices that commercial
trucking and motor coach industries have implemented. This report
addresses the following questions: (1) To what extent has TSA assessed
the security risks associated with commercial vehicles and used this
information to develop and implement a security strategy? (2) What
security actions have key government and private sector stakeholders
taken to mitigate identified risks to commercial vehicle security, and
to what extent has TSA measured the effectiveness of its actions? (3)
To what extent has TSA coordinated its strategy and efforts for
securing commercial vehicles with other federal entities, states, and
private sector stakeholders?
To determine the extent to which TSA has assessed the security risks
associated with commercial vehicles and used this information to
develop and implement a security strategy, we analyzed strategic
security planning documents and risk assessment documentation--
including assessments of threat, vulnerability, and consequences--and
interviewed agency officials. Specifically, we reviewed DHS and TSA's
threat assessments and interviewed officials from TSA's Office of
Intelligence and HMC. To evaluate TSA's efforts to assess
vulnerability, we examined the results of its vulnerability
assessments, known as Corporate Security Reviews (CSRs), attended two
Missouri Pilot CSRs, and met with TSA HMC officials, FMCSA field
inspectors, and Missouri state officials to discuss the CSRs. We also
met with DOT FMCSA officials regarding their security inspection
programs. To assess TSA's efforts to conduct consequence assessments,
we interviewed officials from TSA's HMC and DHS's National Protection
and Programs Directorate. We also reviewed risk assessment and strategy
documents and interviewed HMC officials to determine the extent to
which their risk assessments were informing TSA's security strategy,
and we compared their actions to DHS risk management guidance.
To identify the security actions key federal government stakeholders
have taken to mitigate risks to commercial vehicle security, and the
extent to which TSA has measured the effectiveness of its actions, we
reviewed agency annual reports, field risk assessment summaries, and
performance reports, and interviewed officials from TSA, PHMSA, and
FMCSA. To identify state actions, we interviewed officials of two
associations representing state transportation and law enforcement
organizations. We also interviewed officials from eight states and
conducted site visits at five. We selected these states in a
nonprobability sample based on certain characteristics, including their
proximity to critical infrastructure and potential terrorist targets
such as large population centers, and the amount of hazardous materials
originating in the state. To identify private industry actions, we
examined inspections data from TSA, and reviewed documents from
industry trade associations on the guidance they provided to their
members. The quality of TSA's CSR inspection data was previously
assessed by the Missouri Pilot Evaluation. We reviewed the pilot
evaluation and concurred with its conclusion that the Missouri sample
was not representative of the commercial vehicle industry in Missouri
or the industry nationwide. We chose industry associations based on a
review of the industry and discussions with TSA. We chose 12 industry
associations that represent trucking firms, owner operators and truck
drivers, truck manufacturers, truck rental and leasing companies,
hazardous materials shippers, and intercity and tour bus companies. We
also interviewed leadership of the Highway and Motor Carrier Sector
Coordinating Council (SCC), and conducted site visit interviews with 26
commercial truck and bus companies selected on the basis of
characteristics including size, location, and other factors. Because we
selected a nonprobability sample of commercial vehicle firms and
states, the information we obtained from these interviews and visits
cannot be generalized to all commercial vehicle companies. However, we
believe that observations obtained from these visits provided us with a
greater understanding of the industry's and state's operations and
perspectives. To assess the extent to which TSA has measured the
effectiveness of its security actions, we used guidance from the
Government Performance Results Act (GPRA) and DHS guidelines as
criteria; assessed TSA planning, budgeting, and performance measurement
documents; and interviewed agency officials.
To review TSA's efforts to coordinate its strategy and efforts for
securing commercial vehicles with other federal entities, we reviewed
DHS's memorandum of understanding with DOT and subsequent annexes that
identify the roles and responsibilities of DHS and DOT components
related to the security of commercial vehicles, and interviewed
officials from TSA, PHMSA, and FMCSA. In addition, we reviewed statutes
relating to DHS and DOT roles and responsibilities, as well as related
regulations and associated comments provided during the rulemaking
process. To assess TSA's coordination with states, we interviewed state
officials in the eight states we selected. We also reviewed
documentation of state law enforcement and transportation associations'
communication with TSA and interviewed their officials. To assess TSA's
coordination with private industry, we reviewed documentation of
coordination and communication and interviewed members of the SCC and
the 26 private firms we visited. We then discussed a synopsis of these
agency, state, and industry comments with TSA officials to obtain their
perspectives. Finally, we compared TSA's efforts to collaborate and
coordinate with stakeholders to leading practices of collaborating
agencies.[Footnote 5]
We conducted this performance audit from October 2006 through February
2009 in accordance with generally accepted government auditing
standards. Those standards require that we plan and perform the audit
to obtain sufficient, appropriate evidence to provide a reasonable
basis for our findings and conclusions based on our audit objectives.
We believe that the evidence obtained provides a reasonable basis for
our findings and conclusions based on our audit objectives. For a more
detailed discussion of our objectives, scope, and methodology, see
appendix I.
Results in Brief:
TSA has taken actions to assess the security risks associated with the
commercial vehicle sector, including assessing threats, initiating
vulnerability assessments, and developing security best practices, but
more work remains to fully assess the security risks of commercial
trucks and buses, and to ensure that this information is used to inform
TSA's security strategy. Risk assessment is the process of considering
threat, vulnerability, and consequence assessments to determine the
likelihood of terrorist attacks and the severity of their impact. TSA
has and continues to conduct threat assessments of the commercial
vehicle sector, and has reported that Vehicle Borne Improvised
Explosive Devices, or truck bombs, are the most likely tactic. TSA has
also cosponsored a large number of vulnerability assessments of the
commercial vehicle sector through a pilot initiative in the state of
Missouri, known as Corporate Security Reviews (CSRs), and is in the
process of expanding its CSR program to Michigan and Colorado. In
addition, TSA has begun gathering evacuation data that could inform
consequence assessments, and is also in the process of conducting
threat scenarios of commercial vehicle security risks. Although TSA has
taken actions to assess risks to the commercial vehicle sector, it can
further strengthen and complete these efforts. Specifically, TSA's
threat assessments generally did not identify the likelihood of
specific threats as required by the NIPP, and the agency has not yet
developed a plan to regularly provide specific threat likelihood
estimates. Regarding vulnerability, TSA's contracted evaluation of the
Missouri CSR pilot program was completed 2 years ago and made a number
of recommendations to expand and improve the CSR program, which TSA has
not fully addressed. For example, TSA has not addressed the
evaluation's recommendation that it draw a more statistically
representative sample for its CSR interviews. As a result, the agency
cannot be sure that its CSR efforts will fully identify the
vulnerabilities of the sector. Standards for internal controls for the
federal government state that findings and deficiencies reported in
audits and other reviews should be promptly reviewed, resolved, and
corrected within established time frames. TSA also has not determined
the scope, method, or time frame it will use to complete vulnerability
assessments of the commercial vehicle sector and its diverse firms.
Without completing industry vulnerability assessments as required by
HSPD-7 and the NIPP, TSA cannot complete an overall assessment of the
industry security risks. In addition, TSA has not conducted assessments
of consequences of a terrorist attack on the commercial vehicle sector,
or developed a plan to conduct sector wide consequence assessments. The
agency also has not determined the scope and method required for risk
assessments for the commercial vehicle sector, specifically the mix of
expert and field-level risk assessments it intends to use and how it
plans to integrate the two. Nor has the agency leveraged the risk
assessments of other sectors to gauge the consequences of truck bomb
attacks on the nation's critical infrastructure. TSA has identified
that one of its strategic goals is to inventory the security status of
the nation's highway and motor carrier systems. Standard practices in
program and project management include developing a road map, or a
program plan, to achieve programmatic results within a specified time
frame or milestones. However, at present, TSA does not have a plan
specifying the degree to which further risk assessments of the
commercial vehicle industry are needed and the level of resources
required to complete these assessments, nor has TSA established a time
frame for completing its risk assessment efforts. Without a plan and a
time frame to complete threat, vulnerability, and consequence
assessments for the commercial vehicle sector, or an existing strategy
that is based on available intelligence information, TSA cannot be
assured that its approach for securing the commercial vehicle sector is
aligned with the highest priority security needs. In lieu of a
completed risk assessment, TSA leadership has decided to implement a
current strategy which focuses on examining security risks posed by the
shipment of hazardous materials. However, available information from
ongoing risk assessments does not appear to support this emphasis, and
the basis for TSA's decision for this strategy is unclear. TSA also has
not completed a report as required by the Implementing Recommendations
of the 9/11 Commission Act (9/11 Commission Act) on commercial trucking
security.
Key government and industry stakeholders have taken actions to
strengthen the security of the commercial vehicles sector, but TSA has
not completely assessed the effectiveness of federal actions. At the
federal level, DHS and DOT have implemented a number of programs
designed to strengthen the security of the commercial vehicle sector,
including conducting security assessments and implementing hazardous
materials security programs. States have also worked individually and
collaboratively through their state transportation and law enforcement
associations to strengthen the security of commercial vehicles and
highway infrastructure, establishing various committees and
implementing joint initiatives with TSA and DOT. In addition,
commercial truck and motor coach industry associations we contacted
reported that they were generally assisting their members to improve
security by providing them with a variety of best practices guidance.
Regarding the preparedness of individual firms, the Missouri CSR pilot
evaluation showed that the more highly regulated firms carrying
hazardous materials were implementing more security measures to
mitigate their risks, while truck companies not transporting hazardous
materials were implementing few of TSA's best security practices. Our
site visits to 26 commercial truck and bus companies found that most of
these companies had implemented basic security measures, but the
prevalence and sophistication of these practices varied. TSA has begun
developing and using performance measures to assess the progress of
commercial vehicle security programs, but does not have outcome data to
monitor how effectively its programs are achieving their intended
purpose, as suggested by GPRA and the Transportation Sector Security
Plan. TSA officials agreed that opportunities exist to develop outcome-
based performance measures for its commercial vehicle security
programs, and stated that they would like to do so in the future.
Without outcome measures and data, TSA will not be able to measure its
success in achieving the ultimate goal of enhancing the security of the
commercial vehicle sector. Moreover, as we have previously reported,
GPRA provides a means for agencies to ensure that program strategies
are mutually reinforcing, and, as appropriate, common or complementary
performance measures are used. Although TSA officials stated that
performance data for these programs are important to monitor the
effectiveness of federal efforts to secure the sector, they lacked an
agreement to receive performance measurement data for commercial
vehicle security programs from FMCSA. However, after the 9/11
Commission Act required TSA and FMCSA to complete an annex to a
memorandum of understanding (MOU), an agreement was concluded in
October 2008 which included procedures to implement data sharing.
While TSA has taken actions to strengthen coordination with federal,
state, and industry stakeholders related to commercial vehicle
security, more can be done to ensure that these coordination efforts
enhance security for the sector. Our previous work has shown that
leading practices for collaborating agencies include defining a common
outcome and complementary strategy, agreeing on roles and
responsibilities, leveraging stakeholder resources, and developing
mechanisms to monitor, evaluate, and report on the results of the
collaborative effort.[Footnote 6] DHS and DOT have signed an MOU, which
established broad areas of responsibility, and TSA signed an additional
annex with PHMSA to enhance coordination. Moreover, TSA has established
an intergovernmental council to coordinate with federal and state
officials and supported the creation of an industry council to gather
feedback and input regarding the commercial vehicle sector. DOT
officials expressed general satisfaction with their overall level of
coordination with TSA. However, without an agreement with FMCSA, TSA
had made limited progress in leveraging FMCSA resources and resolving
potentially duplicative security inspections. After the 9/11 Commission
Act required TSA and FMCSA to complete an annex to the MOU to reduce
potential duplication of effort, an agreement was concluded in October
2008. Some state and industry officials we interviewed raised concerns
about TSA's coordination and communication with the sector on
developing a security strategy and defining roles and responsibilities
for the industry. For example, one group of state transportation
officials stated that they tried to discuss with TSA and DHS what role
the states play in transportation security, but according to these
officials, neither agency responded by providing fully defined roles or
communicating TSA's strategy to secure commercial vehicles. Other state
officials said they had to delay implementing their own initiatives
pending TSA clarification of state roles and responsibilities. Although
TSA has leveraged the resources of the State of Missouri to conduct CSR
vulnerability assessments, and recently reached agreements to expand
them to Michigan and Colorado, the agency has made limited progress in
coordinating the expansion of CSRs to other states. Without enhanced
coordination, it will be difficult for TSA to expand the CSR approach
to other states. Finally, TSA stated that it has taken steps to
interact with industry regarding the security of the sector and has
also leveraged its expertise to strengthen security. However, the
agency has not developed a process to monitor the effectiveness of its
coordination efforts with this very large and diverse sector,
consistent with leading practices for collaborating agencies. Without
such a process, TSA will have difficulty enhancing and sustaining
collaborative efforts and identifying areas for improvement.
To help strengthen the security of commercial vehicles in the United
States and leverage the knowledge and practices employed by key federal
and nonfederal stakeholders, we are recommending that the Assistant
Secretary of the Transportation Security Administration establish a
plan and a time frame for completing risk assessments of the commercial
vehicle sector and use this information to support future updates of
the Transportation Sector Strategic Plan; clarify the basis for the
current risk reduction strategy; develop outcome-based performance
measures, to the extent possible, to assess the effectiveness of its
programs to enhance the security of the commercial vehicle sector; and
establish a process to strengthen coordination with the commercial
vehicle industry, including ensuring that roles and responsibilities of
industry and government are fully defined and clearly communicated, new
approaches to enhance communication are considered, and the
effectiveness of its coordination efforts are monitored and assessed.
We provided a draft copy of this report to DHS and DOT for review. DHS,
in its written comments, generally concurred with our findings and
recommendations and discussed efforts underway to address them. DOT
provided additional technical comments, which were incorporated as
appropriate.
Background:
Certain characteristics of commercial trucks and buses make them
inherently vulnerable to terrorist attacks and therefore difficult to
secure. The commercial trucking and bus industries are open by design,
with multiple access points and terminals so that vehicles can move
large numbers of people and volumes of goods quickly. The openness of
this sector and the large numbers of riders and quantities of goods on
vehicles with access to metropolitan areas or tourist destinations also
make them both difficult to secure and attractive targets for
terrorists because of the potential for mass casualties and economic
damage and disruption. In addition, the multitude of private commercial
truck and bus companies and their diversity in size and cargo
complicate efforts to develop security measures and mitigation
strategies that are appropriate for the entire industry.
Between 1997 and 2008 there were 510 terrorist-related commercial truck
and bus bombing attacks worldwide, killing over 6,000 people, with 106
bombings occurring during 2007 alone, killing over 2,500 people. Of the
510 bombings since 1997, 364 have been bus bombings and 146 have been
truck bombings; 156 have been in Iraq and 354 have been in countries
other than Iraq. In 2007, the use of truck bombs as a terrorist tactic
more than tripled and resulted in 2072 deaths.[Footnote 7] While trucks
were involved in just 29 percent of the bombings since 1997, they
accounted for 56 percent of the deaths. Vehicle Borne Improvised
Explosive Devices (VBIEDs) are vehicles loaded with a range of
explosive materials that are detonated when they reach their target.
VBIEDs can also be used to explode flammable fuel trucks, and disperse
toxic substances. Terrorists have used a variety of trucks--rental,
refrigerator, cement, dump, sewerage, gasoline tanker, trucks with
chlorine and propane tanks, and fire engines--to attack a broad range
of critical infrastructure, including police and military facilities,
playgrounds, childcare centers, hotels, and bridges. Worldwide,
commercial buses have also been attacked numerous times, including in
Israel, England, Iraq, the Philippines, Lebanon, Sri Lanka, India,
Russia, and Pakistan.[Footnote 8] In the United States, terrorists used
a commercial truck containing fertilizer-based explosives to attack the
World Trade Center in 1993, killing 6 and injuring 1,000 people. Two
years later, a similar attack occurred at the Alfred P. Murrah Federal
Building in Oklahoma City, Oklahoma, killing 168 people and injuring
more than 800. Terrorists have also targeted overseas U.S. military
personnel with commercial VBIEDs at the Marine barracks in Lebanon
(1983), Khobar Towers in Saudi Arabia (1996), and at U.S. embassies in
Kuwait (1983), Lebanon (1984), Kenya (1998), and Tanzania (1998).
Figure 2 charts the number of worldwide bombings involving commercial
truck or buses since the 1997. See appendix II for more information on
truck and bus bombing incidents.
Figure 2: Worldwide Terrorist Truck and Bus Bombings from January 1997
through December 2008A:
Combination line and bar graph:
Year: 1997;
Bus and truck bombings: 32;
Deaths from bus and truck bombings: 151.
Year: 1998;
Bus and truck bombings: 30;
Deaths from bus and truck bombings: 402.
Year: 1999;
Bus and truck bombings: 21;
Deaths from bus and truck bombings: 32.
Year: 2000;
Bus and truck bombings: 32;
Deaths from bus and truck bombings: 153.
Year: 2001;
Bus and truck bombings: 18;
Deaths from bus and truck bombings: 48.
Year: 2002;
Bus and truck bombings: 41;
Deaths from bus and truck bombings: 363.
Year: 2003;
Bus and truck bombings: 44;
Deaths from bus and truck bombings: 292.
Year: 2004;
Bus and truck bombings: 27;
Deaths from bus and truck bombings: 273.
Year: 2005;
Bus and truck bombings: 43;
Deaths from bus and truck bombings: 504.
Year: 2006;
Bus and truck bombings: 52;
Deaths from bus and truck bombings: 622.
Year: 2007;
Bus and truck bombings: 106;
Deaths from bus and truck bombings: 2578.
Year: 2008;
Bus and truck bombings: 64;
Deaths from bus and truck bombings: 666.
[Refer to PDF for image]
Source: GAO analysis of global terrorism data.
[A] Data on the incidents of truck and bus bombings were based on a
systematic search of the Global Terrorism Database, Nexis, and Dialog
databases. GAO determined which databases and search terms were to be
used through a pilot study which also explored the various potential
threats to validity and how to mitigate them. To use only the most
reliable data, we limited the search to 1997 through 2008. Incidents
directed at troops in combat were not counted; however, incidents
directed at civilians or other targets in active war zones such as Iraq
and Afghanistan are included. Bus attacks include attacks on bus
stations and bus stands. For further information on the methodology and
results of our database searches, see app. II.
[End of figure]
Stakeholder Roles and Responsibilities:
DHS and DOT share responsibility for securing the commercial vehicle
sector. Prior to the terrorist attacks of September 11, 2001, DOT was
the primary federal entity involved in regulating commercial vehicles.
In response to September 11, 2001, Congress passed the Aviation and
Transportation Security Act (ATSA) of 2001, which created and conferred
upon TSA broad responsibility for securing all transportation
sectors.[Footnote 9] In 2002, Congress passed the Homeland Security
Act, which established DHS, transferred TSA into DHS, and gave DHS
responsibility for protecting the nation from terrorism, including
securing the nation's transportation systems.[Footnote 10] Although TSA
is the lead agency responsible for the security of commercial vehicles,
including those carrying hazardous materials,[Footnote 11] DOT
maintains a regulatory role with respect to hazardous
materials.[Footnote 12] Specifically, DOT continues to issue and
enforce regulations governing the safe transportation of hazardous
materials. In addition, the Homeland Security Act expanded DOT's
responsibility to include ensuring the security, as well as the safety,
of the transportation of hazardous materials.[Footnote 13] Accordingly,
within DOT, PHMSA is responsible for developing, implementing, and
revising security plan requirements for carriers of hazardous
materials, while FMCSA inspectors enforce these regulations through
reviews of the content and implementation of these security plans.
In 2004, based on a recommendation we made, DHS and DOT entered into a
memorandum of understanding (MOU) to delineate the agencies' roles and
responsibilities with respect to transportation security. In 2006, TSA
and PHMSA completed an annex to the MOU related to the transportation
of hazardous materials. This annex identifies TSA as the lead federal
entity for the security of the transportation of hazardous materials,
and PHMSA as responsible for promulgating and enforcing regulations and
administering a national program of safety and security related to the
transportation of hazardous materials. In addition, the 9/11 Commission
Act requires that, by August 2008, DHS and DOT complete an annex to the
MOU that would govern the roles of the two agencies regarding the
security of commercial motor vehicles.[Footnote 14]
State and local governments also play a key role in securing commercial
vehicles. States own, operate, and have law enforcement jurisdiction
over significant portions of the infrastructure--including highways,
tunnels, and bridges--that commercial vehicles use. Further, state and
local governments respond to emergencies involving commercial vehicles
which travel within and through their jurisdictions daily. Many states
also have departments of homeland security with firsthand knowledge of
hazardous materials shippers and routing, local smuggling operations,
and individuals and groups to be monitored for security reasons. Some
states also have fusion centers that collect relevant law enforcement
and intelligence information to coordinate the dissemination of alerts
and assist in emergency response. State transportation and law
enforcement officials also conduct vehicle safety inspections and
compliance reviews, sometimes in coordination with FMCSA.[Footnote 15]
Although all levels of government are involved in the security of
commercial vehicles, primary responsibility for securing commercial
vehicles rests with the individual commercial vehicle companies
themselves. Truck and bus companies have responsibility for the
security of day-to-day operations. As part of these operations, they
ensure that company personnel, vehicles, and terminals---as well as all
of the material and passengers they transport----are secured. Faced
with tight competition, low margins, and, in some sectors, high driver
turnover, some industry officials that we interviewed stated that
devoting resources to security has remained a challenge. A variety of
national organizations represent commercial trucking and motor coach
industry interests. Many of these organizations disseminate pertinent
security bulletin information from DHS and DOT to their members. Some
have also developed and provided their members with security
information and tools--such as security check lists and handbooks--to
meet members' security needs. See appendix III for a list of the major
industry associations representing the truck and motor coach industries
interviewed by GAO.
Legislation and Regulations Governing the Security of Commercial
Vehicles:
Although ATSA, passed in November 2001, includes numerous requirements
for TSA regarding securing commercial aviation, it does not include any
specific requirements related to the security of land transportation
sectors. [Footnote 16] However, with regard to all sectors of
transportation, ATSA generally requires TSA to:
* receive, assess, and distribute intelligence information related to
transportation security;
* assess threats to transportation security and develop policies,
strategies, and plans for dealing with those threats, including
coordinating countermeasures with other federal organizations; and,
* enforce security-related regulations and requirements.
Other legislation, specifically the USA PATRIOT Act and the 9/11
Commission Act, requires TSA to take specific actions to ensure the
security of commercial vehicles. The USA PATRIOT Act provides that a
state may not issue to any individual a license to transport hazardous
materials unless that individual is determined not to pose a security
risk.[Footnote 17] TSA regulations require that drivers who transport
hazardous materials undergo a security threat assessment that consists
of an evaluation of a driver's criminal history, immigration status,
mental capacity, and connections to terrorism to determine if the
driver poses a security risk.[Footnote 18] The 9/11 Commission Act also
requires that the Secretary of Homeland Security, by August 2008,
submit a report to Congress that includes, among other things, a
security risk assessment on the trucking industry, an assessment of
industry best practices to enhance security, and an assessment of
actions already taken by both public and private entities to address
identified security risks.[Footnote 19] The act also mandates that the
Secretary develop a tracking program for motor carrier shipments of
hazardous materials by February 2008.[Footnote 20] With regard to
intercity buses, the act requires that the Secretary issue regulations
by February 2009 requiring high-risk, over-the-road bus operators to
conduct vulnerability assessments and develop and implement security
plans.[Footnote 21] The act further mandates that the Secretary of
Homeland Security issue regulations by February 2008 requiring all over-
the-road bus operators to develop and implement security training
programs for frontline employees, and that the Secretary establish a
security exercise program for over-the-road bus
transportation.[Footnote 22] The act also requires DOT to take specific
actions related to the security of commercial vehicles. For example,
the Act requires that the Secretary of Transportation, by August 2008,
analyze the highway routing of hazardous materials, and develop
guidance to identify and reduce safety and security risks.[Footnote 23]
DOT's PHMSA has issued regulations intended to strengthen the security
of the transportation of hazardous materials.[Footnote 24] The
regulations require persons who transport or offer for transportation
certain hazardous materials to develop and implement security
plans.[Footnote 25] Security plans must assess the security risks
associated with transporting these hazardous materials and include
measures to address those risks. At a minimum, the plan must include
measures to (1) confirm information provided by job applicants hired
for positions that involve access to and handling of hazardous
materials covered by the security plan, (2) respond to the assessed
risk that unauthorized persons may gain access to hazardous materials,
and (3) address the assessed risk associated with the shipment of
hazardous materials from origin to destination. The regulations also
require that all employees who directly affect hazardous materials
transportation safety receive training that provides awareness of
security risks associated with hazardous materials transportation and
of methods designed to enhance transportation security. Such training
is also to instruct employees on how to recognize and respond to
possible security threats. Additionally, each employee of a firm
required to have a security plan must be trained concerning the plan
and its implementation.
DHS funding for commercial vehicle security consists of a general
appropriation to TSA for its entire surface transportation security
program, which includes commercial vehicles and highway infrastructure,
rail and mass transit, and pipeline, as well as and appropriations to
the Federal Emergency Management Administration (FEMA) for truck and
bus security grant programs.[Footnote 26] Annual appropriations to TSA
for surface transportation security for fiscal years 2006 through 2009
are presented in table 1.
Table 1: Annual Appropriations to TSA for Surface Transportation
Security:
Fiscal year: 2006;
Annual appropriations: $36 million.
Fiscal year: 2007;
Annual appropriations: $37.2 million.
Fiscal year: 2008;
Annual appropriations: $46.6 million.
Fiscal year: 2009;
Annual appropriations: $49.6 million.
Source: TSA.
[End of table]
The number of TSA full-time employees (FTEs) dedicated to highway and
motor carrier security--which includes both commercial vehicles and
highway infrastructure--has remained at about 19 FTEs annually since
fiscal year 2002.[Footnote 27]
Commercial Trucking Industry:
TSA estimates that there are approximately 1.2 million commercial
trucking companies in the United States. Trucks transport the majority
of freight shipped in the United States: by tonnage, 65 percent of
total domestic freight; by revenue, 75 percent. According to TSA, 75
percent of U.S. communities depend solely on trucking to transport
commodities. Trucks and buses have access to nearly 4 million miles of
roadway in the United States. Trucking companies range in size from a
single truck to several thousand trucks. According to DOT 2004 data,
which are the most current available, 87 percent of trucking companies
operated 6 or fewer trucks, while 96 percent operated 20 or fewer. DOT
estimates that about 40,000 new commercial trucking companies enter the
industry annually. As of August 2008, nearly 11.9 million commercial
trucks were registered with DOT. Trucks come in a large variety of
configurations and cargo body types to perform a wide range of tasks.
Some trucks are used for local tasks such as construction, landscaping,
or local package delivery, while others are used for transporting cargo
over-the-road or for long hauls. For a more complete summary of DOT
data on commercial trucking and bus firms, trucks and buses, and
drivers, see appendix V.
The trucking industry is diverse, involving several different sectors
and including for-hire and private fleets, truckload and less-than-
truckload carriers, bulk transport, hazardous materials, rental and
leasing, and others. For-hire firms are those for which trucking is
their primary business, while private fleets are generally used to
support another business activity, such as grocery chains and
construction. According to a 2002 DOT survey, for-hire trucks
represented 47 percent of the industry, while private fleets
represented 53 percent[Footnote 28]. While truckload carriers move
loads from point to point, less-than-truckload carriers pick up smaller
shipments and consolidate them at freight terminals. Bulk transport
firms move bulk commodities such as gasoline, cement and corn syrup in
large trailers specifically designed for each type of commodity. Truck
rental and leasing companies also are part of the commercial trucking
industry. Consumer rental companies rent trucks to walk-in customers
for short periods of time and represent 15 percent of the rental and
leasing industry. Commercial rental and leasing companies generally
lease trucks for a year or longer and account for the remaining 85
percent of the rental and leasing industry.
With respect to the transportation of hazardous materials, of an
estimated 1.2 million commercial vehicle firms, 60,682 are registered
as hazardous materials carriers, or about 5 percent of the commercial
vehicle industry, and 1,778,833 drivers are licensed to transport
hazardous materials.[Footnote 29] Hazardous materials[Footnote 30] are
transported by truck almost 800,000 times a day, and 94 percent of
hazardous material shipments are by trucks, which transport
approximately 54 percent of hazardous materials volume (tons). DOT
PHMSA classifies hazardous materials under 9 different classes of
hazards.[Footnote 31] Most hazardous materials shipments by truck
involve flammable liquids such as gasoline (81.8 percent), followed by
gases (8.4 percent) and corrosive materials (4.4 percent). Class 6
toxic poisons include Toxic Inhalation Hazards (TIH) but comprise only
0.2 percent of hazardous materials transported by truck. The shipment
of security sensitive hazardous materials such as Toxic Inhalation
Hazards is of particular concern to TSA, although the agency estimates
that they represent just .000058 percent of the commercial vehicle
industry.[Footnote 32] Eighty-one percent of the Toxic Inhalation
Hazards transported by truck is anhydrous ammonia and 10 percent is
chlorine.
Commercial Bus Industry:
Commercial bus companies represent less than 1 percent of the
commercial vehicle industry, but according to TSA estimates, carry 775
million passengers annually. Intercity buses, or motor coaches, include
buses with regularly scheduled routes, as well as tour and charter bus
companies. In August 2008, DOT reported that there were 3,948 motor
coach carriers, with 75,285 buses. Of these carriers, fewer than 100
are intercity bus companies, which transport passengers from city to
city on scheduled routes, while the remaining carriers operate tour and
charter buses. Most bus companies (95 percent) are small operators with
fewer than 25 buses. Intercity buses, or motor coaches, serve all large
metropolitan areas and travel in close proximity to some of the
nation's most visible and populated sites, such as sporting events and
arenas, major tourist attractions, and national landmarks. A few
intercity bus carriers also travel internationally to Canada and
Mexico. According to a study commissioned by DOT, the accessibility and
open nature of the motor coach industry make it difficult to protect
these assets, and the level of security afforded to the infrastructure
of the motor coach industry is relatively low compared to the
commercial aviation sector, despite the fact that the motor coach
industry handles more passengers a year.[Footnote 33]
Risk Management Approach to Guide Homeland Security Investments:
HSPD-7 directed the Secretary of DHS to establish uniform policies,
approaches, guidelines, and methodologies for integrating federal
infrastructure protection and risk management activities. Recognizing
that each sector possesses its own unique characteristics and risk
landscape, HSPD-7 designates Federal Government Sector-Specific
Agencies (SSAs) for each of the critical infrastructure sectors to work
with DHS to improve critical infrastructure security.[Footnote 34] On
June 30, 2006, DHS released the National Infrastructure Protection Plan
(NIPP), which developed--in accordance with HSPD-7--a risk-based
framework for the development of Sector-Specific (SSA) strategic plans.
The NIPP defines roles and responsibilities for security partners in
carrying out critical infrastructure and key resources protection
activities through the application of risk management principles.
Figure 3 illustrates the several interrelated activities of the risk
management framework as defined by the NIPP, including setting security
goals and performance targets, identifying key assets and sector
information, and assessing risk information including both general and
specific threat information, potential vulnerabilities, and the
potential consequences of a successful terrorist attack. The NIPP
requires that federal agencies use this information to inform the
selection of risk-based priorities and continuous improvement of
security strategies and programs to protect people and critical
infrastructure through the reduction of risks from acts of terrorism.
Figure 3: NIPP Risk Management Framework:
Flowchart.
[Refer to PDF for image]
Source: DHS.
[End of figure]
The NIPP risk management framework consists of the following
interrelated activities:
* Set security goals: Define specific outcomes, conditions, end points,
or performance targets that collectively constitute an effective
protective posture.
* Identify assets, systems, networks, and functions: Develop an
inventory of the assets, systems, and networks that comprise the
nation's critical infrastructure, key resources, and critical
functions. Collect information pertinent to risk management that takes
into account the fundamental characteristics of each sector.
* Assess risks: Determine risk by combining potential direct and
indirect consequences of a terrorist attack or other hazards (including
seasonal changes in consequences, and dependencies and
interdependencies associated with each identified asset, system, or
network), known vulnerabilities to various potential attack vectors,
and general or specific threat information.
* Prioritize: Aggregate and analyze risk assessment results to develop
a comprehensive picture of asset, system, and network risk; establish
priorities based on risk; and determine protection and business
continuity initiatives that provide the greatest mitigation of risk.
* Implement protective programs: Select sector-appropriate protective
actions or programs to reduce or manage the risk identified, and secure
the resources needed to address priorities.
* Measure effectiveness: Use metrics and other evaluation procedures at
the national and sector levels to measure progress and assess the
effectiveness of the national Critical Infrastructure and Key Resources
protection program in improving protection, managing risk, and
increasing resiliency.
TSA Has Begun Conducting Risk Assessments of the Commercial Vehicle
Sector, but Has Not Completed These Efforts or Fully Used the Results
to Support Its Security Strategy:
TSA has taken actions to assess the security risks associated with the
commercial vehicle sector, including assessing threats, initiating
vulnerability assessments, and developing best security practices, but
more work remains to fully assess the security risks of commercial
trucks and buses, and to ensure that this information is used to inform
TSA's security strategy. Although TSA has completed a variety of threat
assessments and is in the process of developing several threat
scenarios with likelihood estimates, its key annual threat assessments
do not include information about the likelihood of a terrorist attack
method on a particular asset, system or network, as required by the
NIPP. However, in September 2008, TSA reported that in response to the
9/11 Commission Act mandate that it submit a risk assessment report on
commercial trucking security TSA was planning to use threat scenarios
with likelihood assessments for highway and motor carriers. TSA has
also cosponsored a large number of vulnerability assessments through a
pilot initiative in the state of Missouri. However, TSA has made
limited progress and has not established a plan or time frame for
conducting a vulnerability assessment of the commercial vehicle sector
nationwide. Moreover, TSA has not determined how it will address the
June 2006 recommendations of the Missouri Pilot Program evaluation
report regarding the ways in which future vulnerability assessments can
be strengthened. As a result, the agency cannot ensure that its CSR
efforts will fully identify the vulnerabilities of the sector.
Standards for internal controls in the federal government require that
findings and deficiencies reported in audits and other reviews be
promptly reviewed, resolved, and corrected within established time
frames. [Footnote 35] In addition, TSA has not conducted assessments of
consequences of a terrorist attack on the commercial vehicle sector, or
developed a plan to conduct sectorwide consequence assessments. The
TSSP calls for a sectorwide approach and strategies to managing
security risks, and TSA has identified one of its strategic goals as
conducting an inventory of the security status of the nation's highway
and motor carrier systems. In addition, standard practices in program
and project management call for developing a road map, or a program
plan, to achieve programmatic results within a specified time frame or
milestones. TSA has not completed a sectorwide risk assessment of the
commercial vehicle sector or determined the extent to which additional
risk assessment efforts are needed, nor has it developed a plan or a
time frame for doing so, including an assessment of the resources
required to support these efforts. In addition, TSA has not fully used
available information from its ongoing risk assessments to develop and
implement its security strategy. As a result, TSA cannot be assured
that its approach for securing the commercial vehicle sector is aligned
with the highest priority security needs. Moreover, TSA has not
completed a report as required by the 9/11 Commission Act on various
aspects of commercial vehicle security.
TSA Developed Threat Assessments of the Commercial Vehicle Sector, but
Generally Did Not Identify the Likelihood of Specific Threats as
Required by the NIPP:
TSA has and continues to conduct threat assessments of the commercial
vehicle sector by reviewing known terrorist goals and capabilities, and
is in the process of strengthening its efforts by developing more
specific threat likelihood information to inform agency risk assessment
efforts. TSA's Office of Intelligence (OI) develops a variety of
products identifying the threats from terrorism, from annual threat
assessments on each transportation sector to weekly field intelligence
summaries and daily briefings. OI also disseminates additional threat
and suspicious incident information to key federal and nonfederal
stakeholders as needed related to the commercial vehicle sector. To
date, these threat assessments have found an increase in truck and bus
terrorist incidents abroad and that VBIEDs were the most likely tactic.
TSA OI officials stated that they continue to regard common VBIEDs as a
greater threat than attacks using hazardous materials such as chlorine.
OI further reported that the July 2005 bus bombing in London
demonstrated the capability and intent of terrorists to bomb passenger
buses in Western nations.
While TSA's threat assessments provide detailed summaries of recent
attacks and incidents of interest, and are useful to TSA in informing
its strategy for securing commercial vehicles, they do not include
information on the likelihood of various types of threats. The NIPP
requires that in the context of terrorist risk assessments, the threat
component of the analysis be calculated based on the estimated
likelihood of a terrorist attack method on a particular asset, system,
or network.[Footnote 36] The estimate of this likelihood is to be based
on an analysis of intent and capability of a defined adversary, such as
a terrorist group. However, TSA has not included likelihood estimates
in its annual threat assessments for the highway and motor carrier
sector.[Footnote 37] In 2006, TSA developed rankings of the likelihood
of various tactics--such as attacks using VBIEDs, VBIED-assisted
hazardous materials, and other threats--for highway and commercial
vehicles. However, TSA subsequently excluded these likelihood
assessments in its 2008 annual threat assessment for the highway sector
and did not provide us with the rationale for this decision. OI told us
that it developed likelihood estimates for specific threat scenarios
used in the draft National Transportation Sector Risk Assessment
(NTSRA). NTSRA is being conducted by TSA to assess risks across the
entire U.S. transportation system and contains nine high-level
scenarios and threat likelihood estimates related to commercial
vehicles. Of these high-level scenarios, eight involve VBIEDs, and one
involves hazardous materials. OI rated the intent and capability of
terrorists to perform each threat scenario to provide their estimate of
the relative likelihood of each scenario. However, TSA officials could
not identify when the NTSRA will be finalized.[Footnote 38] In
addition, in June 2008, OI reported that it would provide likelihood
assessments for threat scenarios that were to be conducted in response
to a mandate in the 9/11 Commission Act that DHS submit a risk
assessment report on the commercial trucking sector.
While more extensive threat scenarios are being developed for the
commercial vehicle sector, including likelihood estimates, TSA's annual
threat assessments do not include information on the likelihood of
threat. HMC officials stated that this lack of specific threat
information continues to challenge agency risk managers. Without more
information on the likelihood of the various threats, there is limited
assurance that TSA is focusing its efforts on the activities that pose
the greatest threat. Officials stated that they may incorporate
likelihood estimates in the annual highway and motor carrier threat
assessments in the future, but did not have specific plans to do so.
TSA Has Begun to Conduct Industry Vulnerability Assessments of the
Commercial Vehicle Sector, but Its Efforts Are in the Early Stages:
TSA has begun conducting vulnerability assessments of the commercial
vehicle sector, but its efforts are in the early stages. In addition,
the agency has not determined the extent to which additional
vulnerability assessments are needed, and does not have a strategy or
time frame for assessing sectorwide vulnerabilities. HSPD-7 requires
each Sector-Specific Agency to conduct or facilitate vulnerability
assessments of its sector. In addition, the NIPP states that DHS is
responsible for ensuring that comprehensive vulnerability assessments
are performed for critical infrastructure and key resources that are
deemed nationally critical, and the TSSP further emphasizes a
sectorwide system-based approach to risk management. To determine the
vulnerability of commercial vehicles as targets or as weapons to attack
critical infrastructure in the United States, TSA has begun conducting
vulnerability assessments known as Corporate Security Reviews (CSRs).
TSA initiated the CSR program in November 2005 to: (1) develop best
practices for securing the commercial vehicle industry through
discussions with carrier representatives and site visits to carrier
facilities; (2) collect and maintain data that will allow TSA HMC to
assess various aspects of security across the trucking and motor coach
industries through statistical analysis of survey data; (3) identify
security gaps and opportunities for improvement; (4) promote security
awareness and collaboration with the commercial vehicle industry; (5)
provide guidance to motor carriers on their relative level of risk
exposure; and (6) determine the costs and benefits of risk mitigation
activities.
As of September 2008, TSA had conducted 100 CSRs of motor carriers,
including 15 motor coach companies, 20 school bus companies/districts,
and 65 trucking companies.[Footnote 39] These CSRs were of large firms
that were identified by industry stakeholders as having the best
security practices in the industry and that agreed to participate in
the CSRs on a voluntary basis. TSA conducts these reviews by sending
teams of two to four people from TSA headquarters to a trucking or bus
company, for one or two days, to analyze the company security plan and
mitigation procedures, and make informal recommendations to strengthen
security based on a draft of best security practices TSA developed. At
the conclusion of the CSRs, TSA prepares summary reports of its
findings and informal recommendations. TSA also developed a draft best
security practices in February 2006 for trucking firms based on the
results of early CSRs, as well as on TSA staff expertise, industry
stakeholder input, and best security practices from other
transportation sectors such as rail and pipeline, according to
officials. [Footnote 40] These draft best practices include measures
companies can take to conduct threat, vulnerability, and consequence
assessments. They also provide guidance on developing a security plan
and strengthening personnel security, training, hazardous materials
storage, physical security countermeasures, cyber security, and
emergency response exercises. However, according to TSA officials, the
agency has delayed issuing these draft best practices in final form
until it can complete and incorporate public and industry comments on
draft security guidance specifically for carriers of hazardous
materials.[Footnote 41] The 9/11 Commission Act requires that DHS, by
August 2008, submit a report to Congress that includes, among other
things, an assessment of trucking industry best practices to enhance
security. TSA reported that as of September 2008, it had not finalized
these best practices, but they hoped to complete a template within 4
months. Officials stated that they plan to develop a flexible list of
best practices that firms can adapt based on their line of work, size,
and circumstances.
TSA began a second CSR effort in April 2006 through a pilot project
with the state of Missouri which greatly expanded the number of firms
reviewed, and extended the reviews to smaller, more diverse firms.
Objectives of the pilot were to promote security awareness, collect
information on the security status of participating firms, and promote
public and private collaboration among federal, state, and private
sector stakeholders. TSA partnered with the State of Missouri, FMCSA's
Motor Carrier Safety Assistance Program, and the Commercial Vehicle
Safety Alliance (CVSA) to train Missouri state safety inspectors to
conduct these CSRs.[Footnote 42] DOT funded the CSRs and assisted
Missouri in the selection of firms to be reviewed and interviewed. The
CSRs performed by TSA headquarters staff were of large companies known
to have more robust security measures in place, while the Missouri CSRs
were generally conducted on small firms that are most common in the
industry. Reviewing the security practices of these small firms can
require inspectors to travel to remote locations all over the state.
For example, one Missouri CSR we attended assessed a small landscaping
company with 12 trucks, while another CSR assessed an owner-operator
with a single truck in front of his house (fig. 4). Although these
reviews remained voluntary, they were conducted in conjunction with
mandatory safety reviews that Missouri inspectors routinely conduct on
commercial vehicle trucking and motor coach firms. Motor carriers were
selected for Missouri CSRs based on either their safety records as
evaluated by FMCSA, or because they were newly registered
firms.[Footnote 43] TSA officials stated that partnering with the
state's safety inspections enabled TSA to review a more diverse group
of firms than it did during the original CSRs. Typically, the Missouri
pilot CSRs involved site visits with structured interviews using a
questionnaire based on TSA's draft best security practices, and
generally lasted less than an hour compared to one or two days as was
the case with the original CSRs. The Missouri CSR pilot concluded in
February 2007; however, TSA has continued to partner with Missouri and
FMCSA to implement a permanent CSR program in the state. TSA told us
that as of September 2008, 3,420 CSRs had been completed in Missouri.
Figure 4: Missouri CSR of a One Truck Owner-Operator:
Photograph.
[Refer to PDF for image]
Source: GAO.
[End of figure]
In September 2006, TSA awarded a contract to evaluate the extent to
which the Missouri CSR pilot program met its objectives, and whether
the firms reviewed had implemented effective security measures. The
report reviewed the 1,251 CSRs conducted by Missouri inspectors from
April 2006 through February 2007, including 1,231 trucking companies
(98.4 percent), 18 motor coach companies (1.4 percent), and 2 school
bus operators (0.2 percent). The evaluation reviewed each firm's
responses to the CSR questionnaire and assigned it an overall security
score based on the security measures the firm reported having in place
that were consistent with TSA's draft best security practices. The
contractor reported on the results of the study in June 2007 and
concluded among other things, that:
* the interviewed carriers did not have extensive security procedures
in place;
* small carriers and owner operators had implemented fewer security
measures than larger carriers; and:
* hazardous materials carriers identified by the contractor had
implemented most of the security measures on the TSA CSR questionnaire.
The evaluation report also found that while both motor coaches and
nonpassenger motor carriers had low scores, motor coaches scored
somewhat higher than nonpassenger motor carriers. The report concluded
that the program had achieved its objectives of promoting security
awareness, collecting information on the security status of
participating commercial vehicle firms, and promoting public and
private sector collaboration among federal, state, and private sector
stakeholders. However, the report also concluded that the Missouri
sample was not representative of the commercial vehicle industry in
Missouri or of the industry nationwide. The report further concluded
that since the CSRs were based on best practices developed for much
larger firms, the CSR data did not completely reflect overall security
practices and capabilities for small carriers. Missouri officials we
interviewed concurred that the CSR sample was not representative of
Missouri firms since the majority of carriers that do not encounter
safety problems would not be included in their CSR reviews. The
evaluation report of the Missouri CSR pilot made a number of
recommendations to TSA to expand and improve the CSR program. These
recommendations included that TSA:
* review and address CSR pilot program deficiencies;
* develop a set of best practices and baseline security standards that
is risk-based and appropriate for different sizes and types of firms;
* improve the CSR questionnaire to make it more effective in capturing
security practices and vulnerabilities of both small and large
carriers;
* develop a deployment strategy to expand the Missouri pilot program to
other carriers and other states;
* develop a statistically sound methodology for selecting companies for
CSRs as it evaluates the commercial vehicle industry nationwide by
conducting a random sample of motor carriers;[Footnote 44]
* work with FMCSA to leverage each other's resources and possibly merge
security inspection programs; and:
* develop a CSR Web portal to provide a more tailored CSR questionnaire
to address different industry sector security needs.
Two years after these recommendations were made, TSA has taken limited
steps to implement them, although officials stated that they were
continuing to review the recommendations. As a result, the agency
cannot ensure that its CSR efforts will fully identify sector
vulnerabilities. Standards for internal controls in the federal
government require that findings and deficiencies reported in audits
and other reviews be promptly reviewed, resolved, and corrected within
established time frames.[Footnote 45] The Missouri evaluation report's
recommendation that TSA develop a statistically sound methodology for
selecting companies to review was consistent with TSA's original goal
that CSRs collect data that enable statistical analysis. In September
2008, TSA officials stated that they had worked out agreements with
Michigan and Colorado to begin conducting CSRs in these states,
beginning with training officers in October 2008. However, TSA did not
have a plan in place or time frame for assessing industry-wide
vulnerabilities. The lead official for risk assessment with TSA HMC
stated that the agency would like to conduct a vulnerability assessment
of a valid nationwide sample of the commercial vehicle industry, but
that it lacked the resources to do so. TSA officials further stated
that to further expand its CSR efforts, it has initiated a program to
train Federal Security Director [Footnote 46] personnel (FSDs) at 3
airports to conduct CSRs on commercial vehicles in the airports'
surrounding areas. Officials told us that FSDs had completed 5 CSRs
during fiscal year 2008.
Without completing industry vulnerability assessments as required by
HSPD-7 and the NIPP, TSA cannot complete an overall assessment of the
industry security risks. For example, instead of assessing the
vulnerabilities of the entire commercial vehicle sector, at the
direction of TSA management, TSA HMC is currently focusing all of their
CSR efforts on the hazardous materials transportation sector.[Footnote
47] However, TSA's pilot study on Missouri firms found that hazardous
materials transportation companies reviewed by the contractor performed
much better than other companies in terms of implementing security
measures to mitigate potential vulnerabilities.
TSA Has Not Begun to Conduct Consequence Assessments of the Commercial
Vehicle Sector:
TSA has collected some relevant information necessary for estimating
the impact of potential attacks involving the commercial vehicle
sector, but has not conducted consequence assessments of potential
terrorist attacks or leveraged the consequence assessment efforts of
others. The DHS NIPP defines consequence assessment as the worst
reasonable adverse impact of a successful terrorist attack. According
to the NIPP, risk assessments should include consequence assessments to
measure the negative effects on public health and safety, the economy,
public confidence in institutions, and the functioning of government
that can be expected if an asset, system, or network is damaged,
destroyed, or disrupted by a terrorist attack. The TSA's TSSP also
requires that risk analysis include a consideration of consequences.
Terrorism involving commercial vehicles can affect a broad range of
targets, including not only trucks and buses, but also freight and
passengers, terminals, truck stops, and rest areas. In addition to the
commercial vehicle system being attacked, commercial vehicles can be
used to attack other assets. When used as VBIEDs with explosives or
fuel, for example, commercial vehicles can be used to target highway,
buildings, and other critical infrastructure. A powerful truck bomb can
destroy from a considerable distance. For example, Khobar Towers was
attacked from 80 feet away (fig. 5).
Figure 5: Khobar Towers, Saudi Arabia, June 1996:
Photograph.
[Refer to PDF for image]
Source: Air Force News.
[End of figure]
Truck VBIED attacks can also target large numbers of people, as was the
case with the coordinated attack of several truck bombs in Northern
Iraq on August 14, 2007, that killed approximately 500 people, or to
assassinate individuals such the former Lebanese Prime Minister Rafik
Hariri. Worldwide, buses have been the target of bombings---some
involving suicide bombers---on numerous occasions, such as the attack
on former Prime Minister Benazir Bhutto at a mass rally in Pakistan.
TSA officials stated that they cannot conduct consequence assessments
of the commercial vehicle sector because truck bombs can be used to
attack most of the nation's critical infrastructure. Accordingly,
officials stated that the number of potential consequences of terrorist
attacks is too great to practically assess. Although TSA has not
conducted consequence assessments of the commercial vehicle sector, the
agency has acquired data from the Bureau of Alcohol, Tobacco and
Firearms (ATF) and the U.S. Army on evacuation distances for various-
sized shipments of explosives and flammable substances, and PHMSA's
Emergency Response Guidebook for first responders to hazardous
materials incidents that could be applied to future consequence
assessments.[Footnote 48] TSA officials acknowledged that obtaining
data on evacuation distances is only a first step in conducting
consequence assessments. Evacuation distance provides one measure of
the potential consequences of a terrorist attack by defining the danger
zone surrounding an attack by a particular type and size of explosive
or flammable materials. For example, according to U.S. Army data, the
building evacuation distance for such a worst case scenario truck bomb
would be a minimum of 1,570 feet, and the minimum outdoor evacuation of
people would be 7000 feet. Using another example, a fireball from a
fuel truck can threaten both structures and people; accordingly, ATF
guidance suggests a minimum evacuation distance of 6,500 feet. In
comparison, a tank truck of anhydrous ammonia, which represents 81
percent of Toxic Inhalation Hazard (TIH) shipments, has a smaller
recommended standoff distance of 2,112 feet, and the recommended
standoff distance for chlorine, which is the next most common form of
Toxic Inhalation Hazard, is 3,168 feet. However, other guidance, such
as the PHMSA's Emergency Response Guidebook, provides different data
based on initial isolation distances and much larger maximum nighttime
protective action distances. TSA reported that it is working with
various federal partners and industry stakeholders to establish a
uniform and scientific assessment of potential consequences of VBIEDs
and the discharge of TIH materials. Although TSA has not conducted
consequence assessments of the commercial vehicle sector, OI officials
stated that, in their judgment, the likely consequences of common VBIED
attacks were greater than VBIED attacks using TIH materials because
attempts to date to use VBIEDs to vaporize chlorine into a gaseous
inhalation hazard have been largely unsuccessful, have caused little
damage, and resulted in few casualties. On the other hand, according to
officials, VBIEDs using a number of different explosives and incendiary
materials have repeatedly been successfully used to kill people.
TSA officials stated that the agency also has not leveraged DHS's
ongoing nationwide risk assessment efforts to obtain consequence
information. For example, recognizing that each sector of our country's
critical infrastructure possesses its own unique characteristics,
operating models, and risk landscape, pursuant to HSPD-7, the NIPP
designates 18 critical infrastructure sectors and the agencies
responsible for each of the sectors to work with DHS to implement a
risk management framework for the sector and develop protective
programs. Each of the 18 sectors has issued Sector Annual Reports
(SARs) of their risk management activities, including consequence
assessments, which HMC could draw upon to support the assessment of
VBIED and hazardous materials consequences for other critical
infrastructure sectors. For example, the 2007 sector annual reports
identified the following for select sectors:
Commercial Nuclear Power Sector: The Department of Energy employs a
Comprehensive Review Program to analyze facilities that it considers
potential terrorist targets. The Nuclear Sector Annual Report indicated
that as of May 2007, reviews had been completed of the vulnerabilities
and potential consequences of an attack on 52 of 65 commercial nuclear
reactors.
Dams Sector: The 2007 Dams Sector Annual Report identified that all
security measures were in place at 152 of 254 Army Corps of Engineers
dams, and the Federal Energy Regulatory Commission reported having
completed risk assessments on its 1,200 most security-sensitive dams.
The report also called for improved blast-damage estimates for VBIEDs
on certain dams and levees that are potential targets for terrorist
attacks.
The Chemical Sector: The 2007 Chemical Sector Annual Report, which was
based in part on industry risk assessments, identified that VBIEDs are
a particular concern because of their portability, size, and potential
to cause grave damage.
In addition, DHS's 2007 Strategic Homeland Infrastructure Risk
Assessment (SHIRA) assessed the highest risk scenarios targeting the
nation's 18 critical infrastructure/key resources sectors, and
highlighted attack methods with cross-sector implications. The SHIRA
used threat assessments from the intelligence community and
vulnerability and consequence assessments from the SSAs to identify the
attack methods that pose the highest risk to the respective sectors.
TSA HMC could use the SHIRA data to identify which sectors are most at
risk from VBIEDs and hazardous materials and then coordinate with those
SSAs on their vulnerability and consequence assessment efforts. TSA HMC
could also use a variety of other relevant assessments to obtain
consequence information. These include the agency's Aviation Domain
Risk Assessment which also considers consequences for a wide range of
attack scenarios including VBIEDs, the Department of Energy's risk
assessments of nuclear weapons facilities, and the Nuclear Regulatory
Commission's assessments of commercial nuclear power plants. Similar
information is also available from the Federal Risk Assessment Working
Group, a federal risk assessment information clearinghouse that shares
information about completed and ongoing risk assessments through
regular meetings and a Web portal. TSA did not comment on why it has
not developed a plan for completing consequence assessments, or why it
was not leveraging the analysis of potential consequences included in
these risk assessments.
An Incomplete Risk Assessment Impedes TSA's Ability to Identify
Effective Risk Reduction Efforts:
As discussed earlier in this report, TSA has identified one of its
strategic goals as taking an inventory of the security status of the
nation's highway and motor carrier systems, but it has not developed a
plan or a time frame for completing a risk assessment of the commercial
vehicle sector. Based on general guidance in the NIPP, the TSSP states
that TSA's plan for risk assessment should use a combination of both
expert and field-level risk assessment techniques to guide its risk
management efforts. Expert risk assessments are based on national risk
priorities and strategic risk objectives, scenario analyses and the
expert judgment of agency officials, national assessments, and annual
threat assessments. Field-level risk assessments include state and
local assessments, and field inspections such as TSA's CSRs and DOT
Security Contact Reviews (SCRs).[Footnote 49] Expert assessments and
field assessments have the same goal of identifying where the greatest
risk mitigation measures are needed.
As previously discussed, TSA is conducting nine high-level scenarios
related to commercial vehicles, and has contracted to have more threat
scenarios conducted to assess commercial trucking security risks in
response to a mandate in the 9/11 Commission Act.[Footnote 50] While
these expert assessments, if implemented effectively, should give TSA
insights into the security risks of the industry, they will likely
provide limited information on what sectors or companies are most at
risk and what mitigation practices are currently in place, unless they
are further supported by field-level risk assessments consistent with
the TSSP.[Footnote 51]
As stated previously, TSA is in the early stages of conducting CSRs and
the majority of CSRs have to date been conducted in a single state,
Missouri. Although TSA is working to expand both its threat scenarios
and CSRs, progress to date has been limited. TSA also has not reported
on the scope and method of risk assessments required for the commercial
vehicle sector. Specifically, it has not reported what mix of expert
and field-level risk assessments it intends to use and how it plans to
integrate the two.
Standard practices in program and project management include developing
a road map, or a program plan, to achieve programmatic results within a
specified time frame or milestones.[Footnote 52] TSA officials
recognize that the agency needs more complete and accurate risk
assessment information to inform its security strategy. However, TSA
has not developed a plan or a time frame for completing a risk
assessment of the commercial vehicle sector, including the level of
resources required to complete the assessment and the appropriate scope
of the assessment including determining the combination of threat
scenarios and field-level vulnerability assessments it intends to use.
The NIPP requires that it and the TSSP be reviewed and undergo periodic
interim updates as required, and reviewed and reissued every 3 years or
more frequently as needed and directed by the Secretary of Homeland
Security. Accordingly, the TSSP states that it will undergo periodic
updates and eventually align with the NIPP triennial update cycle. The
Highway Infrastructure and Motor Carrier Modal Annex also states that
the Government Coordination Council (GCC) and SCC are to submit
revisions to the annex on an annual basis, and the GCC and SCC are to
conduct a complete revision of the annex every 3 years. HMC began its
revision process by updating the TSSP Highway Infrastructure and
Motorcarrier Annex in 2008 to allow time for the revised strategy to be
reviewed by the GCC, SCC, and various working groups and will submit it
for review by the third quarter of 2009. The quality of this and future
revisions of the annex will depend in large measure on the progress of
risk assessments of the commercial vehicle sector and their utilization
by TSA managers to inform their risk mitigation efforts.
HMC officials stated that without complete risk assessments, they were
directed by TSA and DHS leadership to base their strategy for securing
the commercial vehicle sector on an examination of the security risks
posed by the shipment of hazardous materials. However, agency officials
could not identify why TSA and DHS leadership made this distinction,
and the rationale for this directive is unclear. HMC officials also
cited several additional reasons for focusing their security efforts on
commercial vehicles transporting hazardous materials, including the
professional judgment of its staff in the motor carrier industry; risk
assessments TSA conducted for other transportation sectors,
particularly rail; and legislative requirements, in particular the USA
PATRIOT Act. However, the applicability of rail risk assessments to
highways is unclear because VBIEDs trucks can directly access and
attack most buildings in the United States, whereas rail cannot. Rail
shipments also typically ship freight, including Toxic Inhalation
Hazards, in far larger quantities than can be carried on a truck.
Regarding congressional direction, the USA PATRIOT Act required TSA to
perform a background check for all applicants for an endorsement of
their commercial driver's licenses to allow them to carry hazardous
materials, but did not direct TSA to focus its commercial vehicle
security efforts on hazardous materials. Moreover, available risk
assessment information suggests alternatives or additions to the
agency's current focus on commercial vehicle transport of hazardous
materials. TSA OI officials have consistently reported that VBIEDs are
a greater threat to the United States than hazardous materials,
including Toxic Inhalation Hazards. In addition, the evaluation of the
Missouri CSR found that truck companies that transport hazardous
materials stood out from other truck companies as having implemented
most of TSA's security procedures, and concluded that hazardous
materials transporting companies were leaders related to the commercial
vehicle sector. In addition, in October 2007 DHS Secretary Chertoff
stated that IEDs remained a terrorist weapon of choice since they were
easy to make, difficult to defend against, and could cause untold
destruction. TSA OI officials stated that they continue to regard
common VBIEDs as a greater threat than attacks using hazardous
materials such as chlorine. Evacuation data also suggest that VBIEDs
can have potentially broader impact than trucks carrying many forms of
Toxic Inhalation Hazards. Without an existing strategy that is based on
available risk assessment information, TSA cannot be assured that its
current approach, which is focused on hazardous materials, is aligned
with the highest priority security needs of the commercial vehicle
sector.
Government and Industry Have Taken Actions to Strengthen the Security
of Commercial Vehicles, but TSA Has Not Completely Assessed the
Effectiveness of Its Actions:
Key government and industry stakeholders have taken actions to
strengthen the security of the commercial vehicles sector, but TSA has
not assessed the effectiveness of its actions. At the federal level,
DHS and DOT have implemented a number of programs designed to
strengthen commercial vehicle security, particularly programs for the
protection of hazardous materials. States, individually and
collectively, through their state transportation and law enforcement
associations, have also worked to strengthen the security of commercial
vehicles. In addition, most of the private truck and motor coach
industry associations we contacted stated that they were assisting
their members in strengthening security by providing those members with
guidance on best practices. TSA also contracted for an evaluation of
the Missouri pilot CSRs that found the industry security practices were
not extensive, but noted that the sample of firms in the pilot was not
representative of the entire industry. Our site visits to 26 commercial
truck and bus companies found that most had implemented basic security
measures, including some form of personnel security and background
checks, terminal security, locks and access controls, trailer seals,
and communications and tracking equipment. TSA has begun developing
output-based performance measures to gauge progress on achieving
milestones and other program activities for its security programs, but
the agency has not developed measures and data to monitor outcomes,
that is, the extent to which these programs have mitigated security
risks and strengthened commercial vehicle security. The TSSP identifies
that performance measures of strategic goals and objectives should be
outcome-based, but notes that interim output measures may be used
during the early years of the program when baseline data on the
program's performance are being acquired. Without more complete
performance measures, TSA will be limited in assessing the
effectiveness of federal commercial vehicle security programs. TSA
officials agreed that opportunities exist to develop outcome-based
performance measures for its commercial vehicle security programs, and
stated that they would like to do so in the future.
The Federal Government, States, and Private Industry Have Taken Action
to Enhance the Security of Commercial Vehicles:
A variety of federal programs have been implemented to enhance the
security of the commercial vehicle sector. Several of these programs
have been implemented by TSA and other DHS components, others by DOT,
and several jointly by DHS and DOT. Overall, these programs are
designed to assess commercial vehicle industry security risks, develop
guidance on how to prevent and deter attacks, improve security planning
for an effective response to a potential terrorist attack, enhance cost-
effective risk mitigation efforts, and support research on commercial
vehicle security technology. States, both individually and as members
of transportation alliances with other states, have expanded their
activities to secure the commercial vehicle sector as a part of broader
homeland security activities. In addition, many commercial vehicle
companies receive guidance on security awareness and best practices
from industry associations. According to TSA's pilot study of CSRs in
Missouri, except for firms transporting hazardous materials, most
commercial vehicle companies have implemented a limited number of
security measures.
DHS and DOT Security Programs:
In addition to CSRs, TSA and other DHS components have a number of
programs underway designed to strengthen the security of commercial
vehicles: the Truck Security Grant Program (TSP), the Intercity Bus
Security Grant Program, Security Action Items (SAIs), and Hazardous
Materials Driver Background Check Program. The TSP provides grants that
fund programs to train and support drivers, commercial vehicle firms,
and other members of the commercial vehicle industry in how to detect
and report security threats, and how to avoid becoming a target of
terrorist activity. TSP is administered by DHS's Federal Emergency
Management Agency's Grant Programs Directorate. From fiscal years 2004
through 2008, the principal activity funded by the TSP was the American
Trucking Associations' Highway Watch Program, which provided drivers
with security awareness training and support. In May 2008, however, a
new grantee was selected.[Footnote 53] DHS also established an
Intercity Bus Security Grant Program to distribute grant money to
eligible stakeholders for protecting intercity bus systems and the
traveling public from terrorism. Current priorities focus on enhanced
planning, passenger and baggage screening programs, facility security
enhancements, vehicle and driver protection, and training and
exercises. In addition, TSA is consulting with industry stakeholders
and PHMSA to develop SAIs, or voluntary security practices and
standards, intended to improve security for trucks carrying security-
sensitive hazardous materials. The SAIs are intended to allow TSA to
communicate the key elements of effective transportation security to
the industry as voluntary practices, and TSA will use CSRs to gauge
whether voluntary practices are sufficient or if regulation is needed.
TSA released its voluntary SAIs for hazardous materials carriers in
June 2008. For example, it recommended using team drivers for shipments
of the most security sensitive explosives, toxic inhalation hazards,
poisons, and radioactive materials. [Footnote 54]
The USA PATRIOT Act passed in October 2001 prohibited states from
issuing Hazardous Materials Endorsements (HME) for a commercial
driver's license to anyone not successfully completing a background
check. In response, DHS developed rules regarding how the background
checks will be conducted and implemented a hazardous materials driver
background check assessment program to determine whether a driver poses
a security risk.[Footnote 55] We have previously reported on the
problem of drivers who have job-hopped to circumvent the drug testing
results associated with background checks, including hazardous
materials drivers.[Footnote 56] As of October 2008, TSA had completed
background checks for 990,961 out of approximately 2.7 million
hazardous materials drivers, and 8,699 applicants have been denied HMEs
since the beginning of the program.
In addition to DHS, at the federal level, DOT has several commercial
vehicle security programs underway: Security Contact Reviews (SCR),
Security Sensitivity Visits (SSV), and the Hazardous Materials Safety
Permit Program. FMCSA conducts SCRs, or compliance reviews, of
commercial vehicle firms carrying hazardous materials.[Footnote 57]
PHMSA regulations require shippers and carriers of certain hazardous
materials to develop and implement security plans. [Footnote 58] At a
minimum, these plans must address personnel, access, and enroute
security. FMCSA SCRs review company security plans as part of ongoing
safety inspections. FMCSA also conducts SSVs, or educational security
discussions, with carriers of small amounts of hazardous materials that
do not require posting hazardous materials placards on their trucks. As
of September 2008, FMCSA had conducted 7,802 SCRs and 13,411 SSVs since
the inception of the programs. Federal law also directed DOT to
implement the Hazardous Materials Safety Permit Program to produce a
safe and secure environment to transport certain types of hazardous
materials.[Footnote 59] The Hazardous Materials Safety Permit Program
requires certain motor carriers to maintain a security program and
establish a system of enroute communication.
In addition to CSRs, TSA and DOT also work collaboratively on several
projects involving the security of commercial vehicles, including FMCSA
and TSA research and development efforts for commercial vehicle
security technologies. Both FMCSA and TSA have also completed pilot
studies of tracking systems for commercial trucks carrying hazardous
materials. For example, FMCSA completed a study of existing
technologies in December 2004 evaluating wireless communications
systems, including global positioning satellite tracking and other
technologies that allow companies to monitor the location of their
trucks and buses. TSA is testing tracking and identification systems,
theft detection and alert systems, motor vehicle disabling systems, and
systems to prevent unauthorized operation of trucks and unauthorized
access to their cargos. The 9/11 Commission Act requires that DHS
provide a report to Congress by August 2008, that includes, among other
things, assessments of (1) the economic impact that security upgrades
of trucks, truck equipment, or truck facilities may have on the
trucking industry, including independent owner-operators; (2) ongoing
research by public and private entities and the need for additional
research on truck security; and (3) the current status of secure truck
parking.[Footnote 60] TSA officials stated that they are working on
developing this report but have not completed it. The 9/11 Commission
Act also required that DHS develop a tracking program for motor carrier
shipments of hazardous materials by February 2008.[Footnote 61] TSA
officials reported that they worked with DOT and implemented a program
to facilitate truck tracking in January 2008. However, TSA stated that
while the 9/11 Commission Act mandated the tracking program and
authorized $21 million over 3 years for its activities, it was never
implemented because no funds were appropriated for the program.
The 9/11 Commission Act also had a number of mandates regarding the
security of over-the-road buses, including that DHS issue regulations
by February 2008 requiring all over-the-road bus operators to develop
and implement security training programs for frontline employees, and
that DHS establish a security exercise program for over-the-road bus
transportation.[Footnote 62] The 9/11 Commission Act further requires
that DHS issue regulations by February 2009 requiring high-risk over-
the-road bus operators to conduct vulnerability assessments and develop
and implement security plans.[Footnote 63] TSA officials stated that
they were preparing a Notice of Proposed Rulemaking that, if finalized,
would require high-risk, over-the-road bus operators to conduct
vulnerability assessments, and develop security plans and training
plans.[Footnote 64]
State Actions:
States are responsible for securing highway infrastructure, including
highways, bridges, and tunnels, and for ensuring the security and
safety of these roadways. State officials work on security issues
within their individual states and with other states through several
national associations. State transportation officials--through the
American Association of State Highway and Transportation Officials
(AASHTO)--and state law enforcement officials--through the Commercial
Vehicle Safety Alliance (CVSA)--have worked collectively to strengthen
the security of commercial vehicles and highway infrastructure through
various expert committees and the implementation of joint initiatives
with TSA and DOT. AASHTO formed a Special Committee on Transportation
Security that has sponsored highway and commercial vehicle security
research at the National Academies of Science. AASHTO also conducts
surveys of state DOT security efforts, priorities, and identified
needs. AASHTO's August 2007 survey found that many state departments of
transportation still needed basic training on integrating homeland
security considerations in the planning process; detecting, deterring,
and mitigating homeland security threats; and assessing transportation
network homeland security vulnerabilities and risks. CVSA's state law
enforcement members have also organized committees on Transportation
Security, Information Systems, Intelligent Transportation Systems,
Hazardous Materials, Passenger Carrier, and Training to pool and
provide expertise to promote best practices, new programs, and the
consistent application of regulations. For example, the purpose of the
CVSA's Transportation Security Committee is to enhance homeland
security by providing a forum to identify, develop, implement, and
evaluate education, enforcement, and information-sharing strategies for
enhancing commercial motor vehicle security. CVSA's Program Initiatives
committee originated the idea of conducting a CSR pilot in
Missouri.[Footnote 65]
We interviewed transportation, law enforcement, and homeland security
officials responsible for commercial vehicle security from eight states
to determine the nature and extent of their security efforts. These
officials stated that they generally focused on law enforcement,
protection of highway infrastructure, conducting inspections of
commercial vehicles, and monitoring threats of all kinds.[Footnote 66]
Officials in each state stated that they understood the major
transportation security risks in their state. For example, officials
from one state that has numerous chemical plants expressed particular
concern about the shipment of these chemicals, while officials from
another state with extensive military bases expressed concern about
shipments of nuclear weapons and waste. Officials from yet another
state with numerous explosives plants were more concerned about the
transportation of explosives. State and local authorities have also
created 58 fusion centers around the country to blend relevant law
enforcement and intelligence information analysis and coordinate
federal, state, and local security measures in order to reduce threats
in local communities. DHS analysts work with state and local
authorities at fusion centers to facilitate the two-way flow of
information on all types of hazards. DHS has provided staff and more
than $254 million to state and local governments to support these
centers and facilitate the two-way flow of information between DHS and
the states.[Footnote 67] Although states have a number of security
efforts involving the commercial vehicle sector, none of the state
officials whom we interviewed (with the exception of those from
Missouri) reported conducting formal vulnerability assessments of the
commercial vehicle sector in their states.
Private Sector Security Actions:
Industry associations we interviewed were actively assisting their
members in strengthening the security of the commercial vehicle sector.
We met with 12 of the industry associations representing the commercial
vehicle industry, including trucking, motor coaches, shipping, and
unions, 9 of which were members of TSA's SCC. TSA relies on the SCC and
its industry association members to facilitate communications between
the agency and the commercial vehicle industry, and to assist in the
development of sector strategies, plans, and policies. Eight of these
industry associations reported that they regularly provided federal
officials with their industry's perspective on proposed regulations and
legislation. Additionally, 8 of the 12 associations reported that they
were proactively providing security guidance to their members, which
included guidance on security best practices, security awareness, and
security self-assessments. In addition, about a third of the
associations we reviewed reported providing training, security
bulletins, and 24-hour hotlines for their members. TSA supports several
of these industry initiatives, including working with trade
associations to develop and distribute security brochures for their
members.
As discussed earlier in this report, the Missouri CSR Pilot evaluation
showed that firms carrying hazardous materials were complying with
regulations and implementing more security measures to mitigate their
risks than other commercial vehicle firms.[Footnote 68] In contrast,
the study further found that truck companies not transporting hazardous
materials were implementing few of TSA's best security practices.
During our site visits to 20 truck and 6 bus companies, ranging in size
from the nation's largest commercial vehicle company with 27,453 trucks
to an owner-operator with a single truck, we found that most had some
form of personnel security procedures and background checks in place,
as well as terminal security, communications systems, and truck
tracking systems. Overall, the types of security practices among the
commercial trucking companies we visited were similar, but the
prevalence and sophistication of these practices varied. The range of
security practices that companies were using included requiring drivers
to lock doors and inspect cargo; cargo seals; driver background checks;
vehicle tracking technology; terminal fencing, cameras, and gates;
access controls, such as employee identification badges, sign-in and
sign-out sheets, or electronic key cards; en route security measures;
and driver training. Large corporations and small one-truck owner-
operators generally used differently scaled security approaches to the
same problem. For example, while a cell phone can suffice for the
communications needs of a small operator, a large company may invest in
integrated communications and tracking technologies. Conversely, where
a large company may have a well-lit, gated terminal monitored by
security cameras and guards, a small operator may lock the door of the
vehicle and have a watch dog on the premises. In another example,
small, independent owner-operator firms may rely solely on emergency
responders such as 911 and state patrol hotlines, while larger firms
may have dispatchers and in-house security specialists on duty 24 hours
a day.
TSA Uses Performance Measures to Monitor Its Efforts in Securing
Commercial Vehicles, but Lacks Effectiveness Measures for Key Security
Programs:
TSA has begun developing measures that gauge the completion of its
program activities, but could improve its efforts by collecting data
that would measure the effectiveness of its programs in strengthening
commercial vehicle security. Performance measures are indicators,
statistics, or metrics used to gauge program performance.[Footnote 69]
Output measures summarize the direct products and services delivered by
a program, while outcome measures try to gauge the results of products
and services delivered by a program.[Footnote 70] TSA has begun
developing and using performance measures to assess the progress of
commercial vehicle security programs, but does not have outcome data to
monitor how effectively its programs are achieving their intended
purpose, as suggested by GPRA. The TSSP also states that performance
measures of strategic goals and objectives should be outcome-based, but
notes that interim output measures may be used during the early years
of the program while baseline data on the program's performance are
being acquired. The TSSP also requires that TSA form a Performance
Measurement Joint Working Group to recommend the appropriate mix of
output and outcome measures for agency programs, outcome monitoring
techniques, and standardize measures across transportation sectors. As
of August 2008, TSA had formed the transportation sectorwide working
group, and according to officials the group was instrumental in
developing and reporting on the transportation sector's core,
programmatic, and partnership metrics required by the NIPP. However,
the joint measurement group for the highway and motor carrier sector
had not been formed to develop outcome measures for commercial vehicle
security programs.
Currently, TSA HMC collects performance data on its own programs, while
other commercial vehicle security programs are monitored by other DHS
or DOT components. At our suggestion, TSA officials stated they plan to
work out an agreement with DOT to receive performance measurement data
for DOT security programs, stating that performance data for these
programs are important and necessary for an overall view of the impact
of federal security programs. TSA officials stated they would request
that TSA and DOT share performance measurement data for commercial
security programs as the DHS and DOT MOU is updated. The annex to
improve coordination and data sharing between TSA and PHMSA was signed
in October 2008. Table 2 summarizes the various federal commercial
vehicle security programs and the agency responsible for administering
the program and measuring its progress.
Table 2: Federal Agencies Responsible for Gathering Commercial Vehicle
Security Program Performance Measurement Data:
Federal program: 1. TSA Corporate Security Reviews (CSRs);
Agency performance measurement Data: TSA: X;
Agency performance measurement Data: DHS: [Empty];
Agency performance measurement Data: DOT: [Empty].
Federal program: 2. DHS Trucking Security Grant Program (TSP);
Agency performance measurement Data: TSA: [Empty];
Agency performance measurement Data: DHS: X;
Agency performance measurement Data: DOT: [Empty].
Federal program: 3. TSA Security Action Items (SAIs);
Agency performance measurement Data: TSA: X;
Agency performance measurement Data: DHS: [Empty];
Agency performance measurement Data: DOT: [Empty].
Federal program: 4. TSA Hazardous Materials Driver Background Program;
Agency performance measurement Data: TSA: X;
Agency performance measurement Data: DHS: [Empty];
Agency performance measurement Data: DOT: [Empty].
Federal program: 5. DHS Intercity Bus Security Grant Program;
Agency performance measurement Data: TSA: [Empty];
Agency performance measurement Data: DHS: X;
Agency performance measurement Data: DOT: [Empty].
Federal program: 6. FMCSA Sensitive Security Visits (SSVs);
Agency performance measurement Data: TSA: [Empty];
Agency performance measurement Data: DHS: [Empty];
Agency performance measurement Data: DOT: X.
Federal program: 7. FMCSA Security Contact Reviews (SCRs);
Agency performance measurement Data: TSA: [Empty];
Agency performance measurement Data: DHS: [Empty];
Agency performance measurement Data: DOT: X.
Federal program: 8. PHMSA Security Plan Requirements;
Agency performance measurement Data: TSA: [Empty];
Agency performance measurement Data: DHS: [Empty];
Agency performance measurement Data: DOT: X.
Federal program: 9. FMCSA Hazardous Materials Safety Permit Program;
Agency performance measurement Data: TSA: [Empty];
Agency performance measurement Data: DHS: [Empty];
Agency performance measurement Data: DOT: X.
Federal program: 10. TSA Missouri CSR Pilot (FMCSA funded);
Agency performance measurement Data: TSA: X;
Agency performance measurement Data: DHS: [Empty];
Agency performance measurement Data: DOT: [Empty].
Federal program: 11. TSA Truck Tracking Security Pilots;
Agency performance measurement Data: TSA: X;
Agency performance measurement Data: DHS: [Empty];
Agency performance measurement Data: DOT: [Empty].
Federal program: 12. DOT and DHS Hazardous Materials Research;
Agency performance measurement Data: TSA: [Empty];
Agency performance measurement Data: DHS: [Empty];
Agency performance measurement Data: DOT: X.
Source: GAO analysis of DHS and TSA data.
[End of table]
TSA's HMC established output measures for all five of its commercial
vehicle security programs to assist the agency in gauging the
performance of these programs. As of September 30, 2008, TSA reported
that it had completed:
* 100 percent of the target goal of 24 CSRs per year,
* 100 percent of the SAI goal of developing voluntary guidelines to
reduce risk and enhance the security of high-risk hazardous materials,
* 52 percent of hazardous materials driver's license endorsement
security threat assessment background checks, and:
* 100 percent of the work in developing a pilot Truck Tracking Center.
Output-based measures can be useful to TSA for program management
purposes, as they can identify whether programs are producing a desired
level of output and meeting established milestones. However, they do
not measure TSA's success in achieving the ultimate goal of enhancing
the security of the commercial vehicle sector. For example, while TSA
tracks the number of CSRs completed by its staff or as part of the
Missouri CSR program, it has not attempted to measure the effect these
programs are having. Missouri officials have suggested that a sample of
firms that participated in the CSR program should be revisited to
determine the extent to which their security-related practices improved
after completing a CSR. Such information could provide TSA with a
measure of the effectiveness of its key commercial vehicle security
program. In January 2009, TSA stated that it was planning to conduct
baseline and follow-on CSRs on hazardous material transporters to
measure changes in preparedness.
We recognize that TSA faces challenges in developing outcome measures
to monitor and evaluate the effectiveness of its security programs that
rely on the participation of many public and private entities. In
addition, it can be difficult to develop performance measures to gauge
the impact of a program in deterring terrorism. Nonetheless, outcome
measures of programs designed to mitigate vulnerabilities and
consequences are possible. For example, the domain awareness of drivers
could be measured both before and after participating in the Trucking
Security Grant program.
Furthermore, as we have previously reported, a focus on results as
envisioned by GPRA means that federal agencies are to look beyond their
organizational boundaries and coordinate with other agencies to ensure
that their efforts are aligned. The planning processes under GPRA
provide a means for agencies to ensure that their goals for
crosscutting programs complement those of other agencies; program
strategies are mutually reinforcing; and, as appropriate, common or
complementary performance measures are used. High-performing
organizations use their performance management systems to strengthen
accountability for results, specifically by placing greater emphasis on
fostering the necessary collaboration both within and across
organizational boundaries to achieve results.[Footnote 71]
TSA officials agreed that opportunities exist to develop outcome
performance measures for the agency's commercial vehicle security
programs, and stated that they would like to do so in the future. We
previously reported that DHS often lacked the performance information
to determine where to target program resources to improve performance,
but was taking steps to strengthen their performance measures.[Footnote
72] GAO is currently working with DHS, including TSA, to provide input
on the department's performance measurement efforts based on our work
at the department.
TSA Has Strengthened Efforts to Coordinate with Federal, State, and
Industry Stakeholders Regarding the Security of the Commercial Vehicle
Sector, but Further Actions Can Enhance Coordination:
While TSA has taken actions to improve coordination with federal,
state, and industry stakeholders to strengthen commercial vehicle
security, more can be done to ensure that these coordination efforts
enhance security for the sector. Leading practices for collaborating
agencies that we have previously identified offer suggestions for
strengthening coordination with other public and private sector
stakeholders. These key practices include, for example, defining common
outcomes and complementary strategies; agreeing on roles and
responsibilities; leveraging stakeholder resources; and developing
mechanisms to monitor, evaluate, and report on the results of the
collaborative effort.[Footnote 73] DHS and DOT signed an agreement that
established broad areas of responsibility regarding the security of the
transportation network, as we previously recommended.[Footnote 74] TSA
supported the creation of an intergovernmental and industry council to
gather feedback and input about security planning, among other efforts.
TSA has made limited progress in leveraging FMCSA resources and
resolving potentially duplicative security inspections, but in October
2008 signed an agreement to enhance coordination with FMCSA. Although
TSA has successfully leveraged resources in the State of Missouri to
conduct CSR vulnerability assessments, it has made limited progress in
coordinating the expansion of CSRs to other states. Some state and
industry officials we interviewed expressed concerns about TSA's
coordination and communication with the sector on developing a security
strategy, and fully defining roles and responsibilities for the
industry. Since many owner operators are hard to contact, some
suggested that TSA enhance its Web site to better communicate directly
with the industry's many small operators. Moreover, the Missouri CSR
pilot evaluation similarly suggested that TSA consider developing a two-
way Web portal to allow firms to fill out CSR questionnaires. TSA
officials stated that they have taken steps to interact with industry
regarding the security of the sector, and have also leveraged industry
expertise to strengthen security. However, TSA has not developed a
means to monitor the effectiveness of its coordination actions with
this very large and diverse sector. Without enhanced coordination, TSA
will have difficulty expanding its vulnerability assessments to other
states.
DHS and DOT Have Entered into Formal Agreements and Taken Other Actions
to Enhance Coordination:
DHS and DOT have taken actions toward coordinating their efforts to
strengthen commercial vehicle security. In September 2004, DHS and DOT
signed a MOU that established broad areas of responsibility for each
department related to the security of the transportation sector, and
specified roles and responsibilities to strengthen their cooperation
and coordination. For instance, under the MOU, DOT recognized that DHS
has primary responsibility for transportation security while it plays a
supporting role, providing technical assistance and supporting DHS in
the implementation of its security policies as allowed by DOT statutory
authorities. Furthermore, the MOU states that DHS is to establish
national transportation security performance goals and, to the extent
practicable, appropriate security measures for each transportation
sector to achieve an integrated national transportation security
system. The MOU responds to our previous work which emphasized the need
for greater coordination between DOT and DHS on transportation security
efforts and recommended that the two departments establish an MOU to,
among other things, delineate the roles, responsibilities, and funding
authorities of the each department.[Footnote 75]
In August 2006, TSA and PHMSA signed an annex to the DHS and DOT MOU,
identifying their respective roles and responsibilities related to
research and development, training, outreach, risk assessments, and
technical assistance involving hazardous materials transportation
security. According to this agreement, the parties commit themselves to
seeking consensus on measures to reduce risk and minimize consequences
of emergencies, sharing information that may concern the interests of
the other party, and coordinating the development of transportation
security-related guidelines. The annex further specified that TSA and
PHMSA will, among other things:
* base security planning on risk, seek consensus concerning measures to
reduce risk, and coordinate in the development of standards,
regulations, guidelines, and directives;
* coordinate on observations and recommended security measures;
* explore opportunities for collaboration in inspection and enforcement
activities; and:
* share information during an emergency.
Consistent with this agreement, PHMSA and TSA worked together to
develop recommended security measures for hazardous materials carriers.
As we have previously identified, an effectively implemented leveraging
of stakeholder resources is a key practice for enhancing
collaboration.[Footnote 76] According to leading practices for
collaborating agencies, such parties bring different levels of
resources and capacities to the collective effort; therefore, the
parties should identify the types of resources necessary to initiate or
sustain their collective effort, as well as assess each party's
relative strengths and limitations. In 2003, working with TSA, PHMSA
established a set of security plan requirements for hazardous materials
carriers that addressed the elements of en route security, unauthorized
access, and personnel security. TSA later expanded upon PHMSA's
requirements and, in consultation with PHMSA, drafted a set of
voluntary security standards, called Security Action Items (SAIs),
specifying the level of security suggested for each type of security-
sensitive hazardous materials, or hazardous materials transported by
motor vehicles whose potential consequences from an act of terrorism
may result in detrimental effects to the economy, communities, critical
infrastructure, or individuals of the United States. TSA reported that
these SAIs were finalized in June 2008 and distributed to stakeholders.
TSA further worked with PHMSA to develop guidance on security-sensitive
hazardous materials.
TSA also established a GCC in April 2006 to monitor and evaluate the
results of federal highway and motor carrier security programs, as
required by the NIPP. We previously identified the need for
collaborating agencies to create a mechanism to monitor and evaluate
their efforts and to assist them in identifying areas for improvement.
If implemented effectively, reporting on these collaborative activities
can help key decision makers obtain feedback for improving both policy
and operational effectiveness. The GCC consists of federal agencies and
associations representing state and local transportation and law
enforcement officials, and motor vehicle administrators with
responsibilities directly related to commercial vehicle security. (For
a complete list of GCC members, see app. VI). The GCC is intended to
coordinate strategies, activities, and communications among its member
entities, and establish policies, guidelines, metrics, and performance
criteria.[Footnote 77] The highway sector GCC meets approximately once
monthly, and both FMCSA and PHMSA officials expressed general
satisfaction with the GCC.[Footnote 78]
DHS and DOT Can Strengthen Efforts to Leverage Resources and Avoid
Duplication of Effort:
Although DHS and DOT have established agreements and developed
complementary strategies to strengthen security of the commercial
vehicles sector, gaps remain that hamper their ability to more
effectively coordinate their efforts. Specifically, the two departments
have not fully agreed on a strategy to leverage resources and eliminate
potential duplication of effort and to share inspection information for
monitoring security programs.
TSA and FMCSA have shared roles and responsibilities regarding the
enhancement of commercial vehicle security, but have different
capabilities and resources. TSA HMC has a staff allocation of 19 FTEs.
These staff are responsible for all aspects of commercial vehicle and
highway infrastructure security including developing best practices,
conducting risk assessments, and establishing policy. HMC is also
responsible for school bus security. FMCSA has 650 to 700 staff
deployed in the field nationwide to conduct inspections, enforce
Federal Motor Carrier safety regulations and hazardous materials
transportation safety and security regulations, and coordinate with
state safety inspectors. Moreover, TSA and FMCSA have similar
inspection programs, both of which are currently focused on hazardous
materials transportation. As discussed earlier in this report, TSA
operates the CSR program designed to review the security efforts and
vulnerabilities of all types of commercial vehicle firms, and FMCSA
conducts security compliance inspections (SCRs) of hazardous materials
carriers.[Footnote 79]
The 9/11 Commission Act requires that DOT consult with DHS to limit, to
the extent practicable, duplicative reviews of the hazardous materials
security plans. [Footnote 80] TSA and FMCSA officials stated that they
have discussed how best to leverage FMCSA's ongoing inspections
programs and the feasibility of merging the two inspection programs.
Officials reported that their interactions to date have focused on how
best to take advantage of the similarities between these programs to
more efficiently and effectively use agency resources, reduce
potentially duplicative efforts, and minimize the burden on the
industry. TSA officials stated that one obstacle to merging the two
programs is that hazardous materials transportation companies are
required to participate in FMCSA's SCRs because they are subject to
DOT's hazardous materials regulations, while TSA's CSRs are a voluntary
effort. However, both agencies' programs share voluntary and mandatory
aspects. For example, along with SCRs, FMCSA also conducts Security
Sensitivity Visits, which as discussed earlier in this report are
voluntary, educational security reviews of firms carrying small amounts
of hazardous materials. Moreover, TSA's Missouri pilot successfully
demonstrated that voluntary security reviews could be appended to
mandatory safety reviews, and that state safety inspectors could be
trained to conduct CSR security reviews. TSA officials further stated
that the agency's CSR reviews include a detailed assessment of the
adequacy of security plans, whereas FMCSA reviews are intended to
ensure a firm's compliance with its written security plan, but are not
an assessment of its adequacy. Another obstacle, according to TSA
officials, is associated with how the two agencies view their missions
and resource sharing. TSA believes utilizing FMCSA resources,
infrastructure, and databases may be cost effective. However, DOT
officials told us that the primary role of FMCSA's inspectors is safety
rather than security. One industry association we interviewed stated
that they were working with FMCSA and TSA to merge their commercial
vehicle security programs because association officials believed it
would reduce duplication and be more efficient for both government and
industry. By leveraging resources with FMCSA, TSA may be able to
address other priorities, such as conducting additional vulnerability
assessments, improving security mitigation programs beyond the
hazardous materials sector, and addressing highway infrastructure
protection.
TSA and FMCSA also do not have a process in place to share information
important to monitoring the results of security programs, consistent
with leading practices for collaborating agencies. For example, the
agencies are not comparing and contrasting their findings from
commercial vehicle security inspections. Both TSA and FMCSA concurred
that they could benefit from better sharing of information and have
discussed developing a unified database for storing and sharing
information on CSR and SCRs. Without a process in place to share
information on the results of their security programs, TSA will not
have a complete picture of the effectiveness of federal programs to
secure the sector. FMCSA also maintains other data and information that
could potentially be useful to TSA in its effort to understand and
analyze the commercial trucking and motor coach industries. For
example, the Missouri CSR program selected carriers with particularly
bad safety records for review, but TSA does not have general, direct
access to these data.[Footnote 81] FMCSA also maintains the Motor
Carrier Management Information System (MCMIS) database of all
interstate, and some intrastate companies, and all carriers of
hazardous materials. Access to MCMIS data could assist TSA in
addressing the NIPP requirement that the agency develop an inventory of
assets as a basis for conducting vulnerability and consequence
assessments. In addition, as TSA expands its CSRs of hazardous
materials transporters, DOT may benefit from knowing which firms TSA
has reviewed to avoid duplication of effort.
Although TSA and PHMSA have signed an annex detailing how they will
collaborate, TSA and FMCSA officials stated that they did not establish
a similar agreement because the agencies coordinated with each other
well, and an annex was not necessary. However, with enactment of the 9/
11 Commission Act, TSA and FMCSA were required to complete an annex by
August 2008 that defined the processes that will be used to promote
communications and efficiency, and avoid duplication of
effort.[Footnote 82] An annex to the MOU between TSA and FMCSA might
help reduce possible duplication of effort in inspection programs, as
well as facilitate the development of a process for sharing data to
monitor program results. TSA and FMCSA officials signed an annex to the
MOU in October 2008.
The TSSP also requires that the GCC and the SCC create several joint
working groups for research and development, performance measurement,
intelligence, and risk.[Footnote 83] These groups are to improve
coordination and prioritization of TSA's research and development
efforts, address the inherent difficulties in measuring and assessing
the performance of security mitigation programs, develop sector-
specific metrics, and coordinate and integrate intelligence efforts.
However, the creation of these committees has been delayed, according
to TSA officials. Without promptly developing joint working groups, TSA
increases the risk that collaborative work and progress in these areas
will be delayed. TSA officials stated that as of September 2008, the
Joint Working Groups for Highway and Motor Carrier had not been
officially approved.
TSA Has Increased Vulnerability Assessments by Collaborating with the
State of Missouri, but Has Not Developed a Plan to Expand the Approach
to the Other States:
TSA has leveraged resources to enhance its capabilities to perform CSR
vulnerability assessments through collaboration with the state of
Missouri, and recently reached agreements with Michigan and Colorado to
conduct CSRs, but has faced challenges in expanding this collaborative
effort to other states. These state coordination challenges have the
potential to significantly delay progress in expanding vulnerability
assessments to other states. TSA officials stated that it was
continuing to explore opportunities to expand the CSR program from
Missouri to other states, and to leverage state field inspector and law
enforcement resources.
TSA also does not have a direct mechanism for coordinating its strategy
with the states related to commercial vehicle security planning, and
some state officials we spoke to expressed dissatisfaction with TSA's
coordination efforts. The agency relies on several GCC-member
associations that represent state and local transportation and law
enforcement officials to coordinate with states. However, all of these
state GCC stakeholders identified concerns about the adequacy of TSA
coordination efforts. For example, CVSA, which represents state law
enforcement officials at the GCC, stated that the GCC is not an
effective means of communication and coordination, and that direct
communication with the states was minimal. As a result, CVSA
transportation security officials stated that they were not fully
informed about TSA's risk management strategy. CVSA officials further
stated, in September 2008, that while coordination with TSA had
improved after TSA's staffing stabilized, they continued to be
concerned that the federal government was more engaged in helping
states ensure safety rather than security. They also questioned whether
TSA had dedicated sufficient resources to commercial vehicle security,
or had the expertise to lead federal efforts to expand vulnerability
assessments nationwide. CVSA officials stated that since DOT had the
resources but not the authority to oversee commercial vehicle security,
it is difficult for either agency to assist the states.
Another key association, AASHTO, which represents state transportation
officials at the GCC, stated that state security planners are given
insufficient attention and information by TSA and other DHS components
relating to security. Specifically, AASHTO officials stated that TSA
had not communicated its strategy or initiatives to secure commercial
vehicles, and that while AASHTO has tried to discuss what role the
states play in transportation security with DHS and TSA, neither has
been responsive in providing fully defined roles.[Footnote 84] Several
officials we spoke with during our interviews with state DOTs also
expressed concerns regarding whether the GCC is a sufficient mechanism
for TSA to coordinate with the 50 states and were also critical of
TSA's leadership and communication related to commercial vehicle
security. For example, one state noted that TSA's slow pace in
providing guidance was causing it to delay the implementation of its
programs for fear such programs would conflict with TSA initiatives.
TSA officials stated that the agency had coordinated with states to the
extent possible with available resources--having one staff member
responsible for federal, state, and industry coordination.
TSA Has Worked to Strengthen Partnerships with the Commercial Vehicle
Industry, but Stakeholders Identified Coordination Challenges, and the
Effects of Existing Coordination Efforts Are Unknown:
TSA has made progress in involving industry in their strategy for
strengthening commercial vehicle security by supporting the formation
of an industry stakeholder council and through ongoing outreach efforts
and meetings with industry officials. However, as discussed earlier in
this report, industry officials we interviewed stated that they
generally desired greater communication with TSA. More specifically,
the officials noted that they did not fully understand TSA's strategy
for securing the commercial vehicle sector, or what roles and
responsibilities the agency expected from industry. Additionally, TSA
does not have any measures of the effectiveness of its efforts to
coordinate with its many stakeholders, which limits its ability to
determine whether its ongoing efforts to collaborate are appropriate
and adequate for this very large and diverse transportation sector.
Without strengthening communication and coordination with industry, TSA
will not be able to fully leverage the resources of its stakeholders.
Four of the leading practices for collaborating agencies we previously
identified to help improve coordination among federal agencies could
also be applied to improve federal collaboration with industry
stakeholders--defining a common outcome and complementary strategies,
agreeing on roles and responsibilities, leveraging stakeholder
resources, and monitoring results.
TSA coordinates with the commercial vehicles sector through an industry
council and industry associations. To (1) overcome the challenge of
working in partnership with such a large and diverse group of
stakeholders, (2) understand the current security practices of these
industries, and (3) gather industry input and feedback, TSA supported
the creation of the Highway and Motor Carrier Sector Coordinating
Council (SCC) in June 2006. The SCC represents three private industry
groups: highway passenger and school bus carriers, highway freight
carriers, and highway infrastructure owners and builders, and
facilitates communications within the industry and between the industry
and TSA. According to members, its purpose is to represent a broad
cross-section of the industry, and there is no limit on the number of
organizations that can participate. As of September 2008, the SCC had
convened eight times since its first meeting in August 2006, and holds
separate meetings to address issues requiring a quick response. Apart
from the SCC, TSA has also collaborated with several industry trade
associations to develop and distribute security brochures and guides
for their membership. For example, TSA assisted the Truck Rental and
Leasing Association in developing its Security Awareness and Self-
Assessment Guide.
Although TSA has made progress in coordinating with industry
stakeholders, challenges remain. Specifically, SCC officials stated
that the council was dissatisfied with TSA's level of coordination with
the SCC on the development of a strategy for enhancing commercial
vehicle security. For example, the SCC leadership stated that the SCC
was excluded from key stages of drafting revisions to the initial TSSP
annex. The TSSP states that its initial goals and objectives would be
developed by TSA, and be informed by comments and suggestions from the
SCC, and going forward the TSSP annex states that the GCC and SCC are
to prepare future revisions of the TSA strategy in the TSSP annex. SCC
officials said that TSA did not consult with them regarding the
development of key strategic objectives, known as Strategic Risk
Objectives, or the Highway and Motor Carrier Annual Report regarding
progress made and goals for the next year. These officials stated that
overall coordination was better on trucking issues than for motor
coach. Furthermore, industry and company officials we interviewed also
expressed concerns about TSA's coordination efforts regarding its
strategy Specifically, officials from 9 of the 12 industry associations
and 20 of the 26 truck and bus companies we interviewed, some of whom
were also members of the SCC, stated that they were not familiar with
TSA's strategy and/or ongoing efforts to secure the commercial vehicle
sector, and that TSA could strengthen its coordination with industry.
Officials stated that in some cases, a lack of information led industry
associations to hesitate in implementing security actions and
dedicating resources to additional security measures that TSA may
determine are not necessary or identify other required measures that
must be implemented instead. Finally, SCC officials stated that TSA had
not explicitly defined roles and responsibilities for the committee,
its members, or the industry. Several industry association
representatives also expressed similar confusion over their
responsibilities and roles in securing the commercial vehicle sector.
TSA officials stated that the SCC was not consulted in the development
of the Highway and Motorcarrier Annex because TSA did not have enough
time to include them. However, the SCC disagreed stating that TSA had
received an extension on when the annex was due. TSA officials also
said that they were not surprised by the uncertainty about their
strategy for securing the sector because TSA's focus has been largely
on developing security programs rather than communicating its security
strategy to industry. TSA officials stated that going forward, they
will work with the SCC as it revises the Highway and Motor Carrier
Annex to the TSSP. The SCC leadership stated that during the revision
to the latest HMC annual report, TSA was much more open to SCC's input.
Our previous work on effective interagency collaboration has
demonstrated that to achieve a common outcome, collaborating agencies
need to establish strategies that work in concert with those of their
partners or are joint in nature.[Footnote 85] Our prior work has
further shown that collaboration can be enhanced when parties work
together to define and agree on their respective roles and
responsibilities, including how the collaborative effort will be led.
Responsibility for securing the commercial vehicle sector involves
collaboration between governmental and nongovernmental entities that
typically have not worked together before on these issues. A fully
defined outcome and strategy facilitates overcoming significant
differences in organizational missions, cultures, and established ways
of doing business. Without defining a common outcome and strategy,
individual organizations increase the risk of developing strategies for
securing the commercial vehicles industry that differ and conflict
rather than help organizations better align their activities and
resources to accomplish a common outcome. Fully defining and clarifying
respective roles and responsibilities will be important to ensure that
TSA and industry understand who will do what regarding securing the
commercial vehicle sector, and help to reconcile differing perceptions
of leadership that exist among stakeholders.
SCC representatives stated that TSA has not maintained active
communication with the committee, resulting in missed opportunities to
take advantage of their potential contributions, including leveraging
of their expertise and resources. TSA officials stated that given the
SCC's recent establishment, it may be too soon to fairly assess the
effectiveness of their interactions with the council. Most companies we
spoke with stated that they rarely heard from TSA if at all, although
they were generally much more familiar with FMCSA with whom they have
worked for years. Some company officials suggested that TSA develop a
direct means of communicating with the industry, such as through e-mail
or a robust Web page. The Missouri Pilot Program Evaluation Report also
recommended that TSA develop a Web portal to improve coordination and
communication with the industry. The lack of communications and
coordination could limit the effectiveness of standards and measures
meant to enhance the security of commercial vehicles.
TSA officials stated that the agency has conducted outreach with
private industry to, among other things, coordinate its overall
strategy and roles and responsibilities. According to officials, TSA
has made numerous resources available to private industry stakeholders
through the Homeland Security Information Network and more recently
through TSA's Highway and Motor Carrier Web site link.[Footnote 86]
Additionally, TSA reported that officials from the HMC are continually
attending association conferences and workshops to educate and share
TSA's strategy, goals, and policies. To further improve communications,
TSA reported that it has conducted 14 monthly conference calls since
2007 with attendees varying from 10 to 20 stakeholder participants. TSA
officials stated that, while minor issues regarding specific lines of
communication may have existed, in their opinion, the general level of
coordination with the industry has been successful and that they were
unaware of any significant private sector stakeholder misunderstandings
of the agency's security strategy, efforts, or their own roles and
responsibilities.
While TSA's actions should help strengthen coordination with the
commercial vehicle industry, the extent of any effect of these efforts
is unknown because, according to TSA officials, the agency has not
developed an approach to evaluate the effectiveness of its coordination
efforts. Specifically, TSA does not have measures of how coordination
efforts such as its current Web site, its participation in conferences,
its efforts to coordinate with states, the GCC, and SCC result in a
better understanding of TSA strategy and definitions of roles and
responsibilities within the commercial vehicle sector. We have
previously reported that collaborative efforts can be enhanced and
sustained when they include mechanisms for monitoring and evaluation to
assist stakeholders in identifying areas for improvement.[Footnote 87]
Without such an evaluation, TSA will be hindered in determining whether
its ongoing efforts to collaborate with the commercial vehicle industry
are appropriate and effective for enhancing the security of this very
large and diverse transportation sector.
Conclusions:
The nature, size, and complexity of the nation's commercial vehicle
sector highlights the need for federal and state governments and the
private sector to work together to secure this transportation sector.
The importance of the nation's commercial trucking and motor coach
industries and concerns about their security, coupled with finite
homeland security resources, underscores the need for TSA to employ a
risk management approach to prioritize its security efforts so that an
appropriate balance between costs and security is obtained. TSA has
taken steps in implementing a risk management approach by assessing
threats to and from the commercial vehicle sector, conducting some
vulnerability assessments, and initiating the development of best
practices to secure the sector. Despite these achievements, much work
remains to fully address the security risks of commercial trucks and
motor coaches, and to ensure that this information is used to inform
TSA's security strategy. TSA has not yet completed annual threat
assessments with estimations of the likelihood of various threats or
tactics, nor established a plan and a time frame for completing
vulnerability assessments of the commercial vehicle industry and its
diverse sectors and firms, to include considering the recommendations
of the Missouri Pilot Program Evaluation. TSA also has not developed a
plan to conduct consequence assessments, or leveraged the consequence
assessments of other sectors. Further, TSA has not determined the
extent to which additional risk assessments are needed, or the
resources needed to support these efforts. Although TSA is having
threat scenarios conducted to inform a preliminary risk assessment of
the industry, these assessments will likely provide limited information
on what sectors or companies are most at risk, and what mitigation
practices are currently in place, unless they are further supported by
field-level risk assessments, such as CSRs, consistent with the TSSP.
As a result of not having specific threat assessments or complete
vulnerability and consequence assessments, the agency is limited in its
ability to determine the most pressing security needs, and to use this
information to guide its security strategy. While working to develop
complete risk assessments, it is important that TSA assess and use
available information as the basis for its interim decisions. For
example, information currently available from existing threat,
vulnerability, and consequence assessments suggest alternatives or
additions to the agency's current focus on commercial vehicle transport
of hazardous materials. TSA has recently begun the process of revising
its strategy for 2009 and beyond; however, without completed risk
assessments, its revised strategy may not be appropriately targeted.
Until TSA completes assessments of this very large and highly diverse
transportation sector, and uses this information to inform its security
strategy, it will be limited in its ability to assure Congress that
existing funds are being spent in the most efficient and effective
manner.
TSA has developed a range of programs to strengthen truck and bus
security, but has not developed outcome measures to assess how
effectively the programs have improved security. Without such
performance measures, TSA cannot monitor and evaluate whether or not
these programs are achieving results in enhancing commercial vehicle
security, nor communicate this progress to industry stakeholders,
Congress, policymakers, and taxpayers.
With 50 states and over a million diverse industry stakeholders,
securing commercial vehicles can pose considerable communication
challenges and lead to confusion about roles and responsibilities.
Ultimately, the security of the industry is maintained by the companies
themselves, and if TSA is to secure the sector it must do so by working
with the industry. Coordination and communications techniques that
might work well in other transportation sectors may be insufficient for
the larger, more complex commercial vehicle industry. TSA has taken
steps to coordinate with government and industry stakeholders, and has
had some noteworthy successes such as the Missouri CSR program.
However, both industry and state officials we interviewed stated that
more needed to be done to enhance federal leadership and better ensure
that federal, state, and industry actions and investments designed to
enhance security are properly focused and prioritized. TSA communicates
with states primarily through associations of state law enforcement and
transportation officials who participate in the GCC. However,
opportunities exist for more effective coordination with states to
expand the Missouri CSR to other states, and for TSA to leverage
FMCSA's resources in conducting field inspections. TSA could address
industry concerns about communication of its strategy, roles, and
responsibilities, as well as better leverage industry expertise, by
working more collaboratively with industry representatives and
improving communication with the nation's many small owner-operators
and midsized firms. In addition, because TSA does not monitor and
measure the effectiveness of its coordination and communications
efforts, it cannot be sure that it is addressing stakeholder concerns.
By improving coordination with DOT, the states, and the industry, TSA
could build a solid foundation for strengthening the security of the
commercial vehicle sector.
Recommendations for Executive Action:
To assist the Transportation Security Administration in more fully
evaluating, selecting, and implementing commercial vehicle security
risk mitigation activities, and to help strengthen the security of
commercial vehicles in the United States and leverage the knowledge and
practices employed by key federal and nonfederal stakeholders, we
recommend that the Assistant Secretary for the Transportation Security
Administration take the following four actions:
1. Establish a plan and a time frame for completing risk assessments of
the commercial vehicle sector, and use this information to support
future updates to the Transportation Sector Strategic Plan, to include
conducting:
* to the extent feasible, assessments that include information about
the likelihood of a terrorist attack method on a particular asset,
system, or network as required by the National Infrastructure
Protection Plan;
* a vulnerability assessment of the commercial vehicle sector,
including:
- assessing the scope and method of assessments required to gauge the
sector's vulnerabilities;
- considering the findings and recommendations of the Missouri pilot
evaluation report to strengthen future Corporate Security Reviews; and:
- enhancing direct coordination with state governments to expand the
Transportation Security Administration's field inspection Corporate
Security Review capacities;
* consequence assessments of the commercial vehicle sector, or
developing alternative strategies to assess potential consequences of
attacks, such as coordinating with other Sector-Specific Agencies to
leverage their consequence assessment efforts.
2. In future updates to the Highway Infrastructure and Motor Carrier
Annex to the Transportation Sector Security Plan, clarify the basis for
the agency's security strategy of focusing on the transportation of
hazardous materials, the relative risk of vehicle-borne improvised
explosive devices to the sector, and, based on the relative risk of
these threats, any risk mitigation activities to be implemented to
address them.
3. Develop outcome-based performance measures, to the extent possible,
to assess the effectiveness of federal programs to enhance the security
of the commercial vehicle sector.
4. Establish a process to strengthen coordination with the commercial
vehicle industry, including ensuring that the roles and
responsibilities of industry and government are fully defined and
clearly communicated; new approaches to enhance communication are
considered; and monitoring and assessing the effectiveness of its
coordination efforts.
Agency Comments and Our Evaluation:
We provided a draft of this report to DHS and DOT for review and
comment. On January 15, 2009, DOT provided technical oral comments
which we incorporated as appropriate. On February 6, 2009, we received
written comments on the draft report from DHS, which are reproduced in
full in appendix II. DHS concurred with our findings and
recommendations and discussed efforts underway to address them.
Regarding our recommendation that TSA establish a plan and a time frame
for completing risk assessments of the commercial vehicle sector, and
use this information to support future updates to the Transportation
Sector Strategic Plan, DHS concurred and stated that TSA is actively
conducting risk assessments of the major components of the commercial
vehicle sector as required by the Implementing Recommendations of the
9/11 Commission Act of 2007, and provided a timetable for completing
these scenario-based risk assessments. According to TSA, these
assessments will examine specific scenarios involving the commercial
vehicle sector and will include information on the likelihood of a
terrorist attack. We are pleased that TSA is beginning to conduct risk
scenario assessments on various parts of the industry. However, we
continue to believe that TSA needs to expand its use of threat
likelihood estimates to the extent feasible. For example, we believe
that TSA should address the feasibility of annual sector threat
assessments including likelihood estimates. TSA also stated that it is
planning to conduct annual field-level vulnerability assessment CSRs on
a statistically valid sample of hazardous materials carriers. While we
support these efforts, as we noted in the report carriers transporting
hazardous materials represent only a small fraction of the industry.
Therefore, we believe that TSA should also assess the scope and method
of its vulnerability assessments for the entire sector, beginning with
establishing the mix of expert scenarios and field assessments it deems
most appropriate. In response to our recommendation that TSA conduct
consequence assessments of the commercial vehicle sector or develop
alternative strategies to assess potential consequences of attacks such
as coordinating with other sector-specific agencies to leverage their
consequence assessment efforts, TSA concurred and stated that it will
examine consequence information based on the scenarios that have been
developed, consult with public and private sector subject matter
experts, and, when appropriate, consult with sector-specific agencies.
DHS concurred with our recommendation that in future updates to the
Highway Infrastructure and Motor Carrier Annex to the Transportation
Sector Security Plan, they should clarify the basis for the agency's
security strategy of focusing on the transportation of hazardous
materials, the relative risk of vehicle-borne improvised explosive
devices in the sector, and, based on the relative risk of these
threats, any risk mitigation activities that should be implemented to
address them. TSA stated that it intends to include risk-based
clarification of the security strategies in future updates to the plan.
According to TSA, for the past 2 years it has focused primarily on the
transportation of hazardous materials. However, ongoing industry risk
assessments and regulatory efforts may shift the current strategies,
and communicating these strategies in the annex to all stakeholders
will be critical to successful implementation of the plan. We believe
that these efforts will help strengthen TSA's strategy for securing the
sector. We further believe that it will be important for TSA to clarify
the basis for its strategy and any shift in that strategy based on
assessments of the relative risks.
DHS concurred with our recommendation that TSA develop, to the extent
possible, outcome-based performance measures to assess the
effectiveness of federal programs to enhance the security of the
commercial vehicle sector. DHS stated that TSA recognizes the
importance of establishing outcome-based performance measures and
described ongoing efforts. TSA stated that it intends to conduct annual
CSRs on hazardous materials motor carriers to measure changes in
industry security. While these activities will help TSA strengthen its
ability to assess the effectiveness of ongoing security measures, we
believe that the impact of TSA's programs on the progress of the rest
of the commercial vehicle sector should be measured as well.
DHS also concurred with our recommendation that TSA establish a process
to strengthen coordination with the commercial vehicle industry,
including ensuring that the roles and responsibilities of industry and
government are fully defined and clearly communicated; new approaches
to enhance communication are considered; and the effectiveness of its
coordination efforts are monitored and assessed. DHS noted that TSA
recognizes the importance of strong working relationships with both
industry and other government agencies, and that through its work with
coordination councils TSA has established a coordination process that
continues to mature and develop. Finally, DHS noted that these
coordination efforts are only 17 months old, hence performance
measurement processes continue to be refined. We believe that given the
size and complexity of the commercial vehicle sector, and the concerns
expressed by various stakeholders, new approaches to enhance
communication are important. As such, TSA should develop a process to
monitor and assess the effectiveness of its coordination efforts.
As agreed with your office, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 30 days
from the date of this report. At that time, we will send copies of this
report to the Secretary of Homeland Security, the Secretary of the
Department of Transportation, and other interested parties. This report
will also be available at no charge on our Web site at [hyperlink,
http://www.gao.gov]. Should you or your staff have any questions
concerning this report, please contact me at (202) 512-3404 or
berrickc@gao.gov. Contact points for our Offices of Congressional
Relations and Public Affairs may be found on the last page of this
report. Key contributors to this report are listed in appendix VIII.
Sincerely yours,
Signed by:
Cathleen A. Berrick:
Managing Director, Homeland Security and Justice Issues:
[End of section]
Appendix I: Objectives, Scope, and Methodology:
The objectives of our review were to answer the following questions:
(1) To what extent has TSA assessed the security risks associated with
commercial vehicles and used this information to develop and implement
a security strategy? (2) What security actions have key government and
private sector stakeholders taken to mitigate identified risks to
commercial vehicle security, and to what extent has TSA measured the
effectiveness of its actions? (3) To what extent has TSA coordinated
its strategy and efforts for securing commercial vehicles with other
federal entities, states and private sector stakeholders?
Federal Risk Assessment Activities:
To review the extent to which the federal government has assessed
security risks associated with commercial vehicles and used this
information to develop and implement its security strategy, we analyzed
DHS and DOT strategic and security planning documents such as the NIPP,
the TSSP and its Highway and Motor Carrier Annex; performance documents
including annual reports such as DHS's 2008 Performance Budget Overview
and TSA HMC's Annual Reports and quarterly risk reduction reports; and
risk assessment documentation--including assessments of threat,
vulnerability, and standoff and evacuation distances. We interviewed
officials from DHS National Protection and Programs Directorate; TSA's
Office of Highway and Motor Carriers, Office of Risk Management and
Strategic Planning, Office of Intelligence, and Office of Cargo Policy;
DOT's Office of Intelligence and Security; PHMSA's Office of Hazardous
Materials Safety; FMCSA's Office of Emergency Preparedness and
Security; and DOT's Bureau of Transportation Statistics.
To assess TSA's threat assessments, we analyzed its annual threat
assessments and other intelligence products, and met with officials of
TSA's Office of Intelligence. We also assessed documentation and
interviewed TSA's HMC officials regarding the agency's use of the
threat assessments for planning its vulnerability and consequence
assessments. We also met with TSA's Risk Management Division and
reviewed its use of estimates regarding the likelihood of certain types
of specific threats for high-level NTSRA scenarios, and more systematic
use of threat scenarios and likelihood estimates for the Aviation
Domain Risk Assessment. To evaluate TSA's vulnerability assessments, we
reviewed TSA's draft best practices, its vulnerability assessments
known as Corporate Security Reviews (CSRs), and CSR questionnaires and
reports. We also met with TSA HMC officials and interviewed officials
from truck and bus companies that had undergone CSRs. To assess TSA's
CSR pilot program, we attended two Missouri Pilot CSRs and analyzed the
TSA-sponsored evaluation report of the CSR pilot. At the conclusion of
the two CSRs we observed, we interviewed company officials about what
they learned from the CSR, how germane it was to their security needs,
and how appropriate TSA's suggested security measures were for their
operating and business environment. We also met with Missouri state
department of transportation and law enforcement officials and FMCSA
field officers in Missouri to discuss their experiences with
implementing the pilot and conducting CSRs. We also discussed the
usefulness of the CSRs with officials from 12 leading industry trade
associations representing the different sectors of the industry
including, trucking companies, owner-operators, private truck
companies, the bus industry, tank truck operators, hazardous materials
shippers, rental and leasing firms, and unions. To review DOT's SCR
inspections of hazardous material security plan implementation, we
reviewed the SCR questionnaire, gathered data from agency Performance
and Accountability Reports regarding their annual progress, and met
with DOT FMCSA's Office of Emergency Preparedness and Security. We also
analyzed FMCSA-sponsored vulnerability assessment of the U.S. motor
coach Industry. We also reviewed the completeness of DOT MCMIS and BTS
data on the population, or national inventory, of commercial vehicle
firms, trucks, and drivers, because to determine industry
vulnerabilities requires the development of a well-defined inventory or
population of industry firms and assets. For more information, see
appendix V.
To evaluate TSA's consequence assessments, we analyzed DHS, DOD, and
ATF data about standoff distances for VBIED explosions, tanker fuel
truck fireballs, and TIH evacuation distances. We also interviewed
officials from TSA's HMC and DHS's National Protection and Programs
Directorate about their consequence assessment efforts. To explore the
feasibility of TSA leveraging the consequence efforts of other sectors,
we also reviewed the 17 Critical Infrastructure Sector Annual Reports
for 2006 and 2007, and the Strategic Homeland Infrastructure Risk
Assessment report which identifies the sectors most at risk from
VBIEDs.
To determine how, if at all, TSA used its risk assessments to inform
its strategy for securing commercial vehicles, we reviewed its
strategic plan, the TSSP annex, annual reports, and other related
documents. We also interviewed HMC officials, and compared their
actions to DHS risk management guidance in the NIPP and TSSP. The
quality of TSA's CSR inspection data was previously assessed by the
Missouri Pilot Evaluation. We reviewed the pilot evaluation and
concurred with its conclusion that the Missouri sample was not
representative of the commercial vehicle industry in Missouri or of the
industry nationwide. To evaluate the extent to which TSA had a plan or
a time frame to complete a comprehensive risk assessment of the
commercial vehicle sector, we used standard practices in program and
project management, which include developing a road map or a program
plan to achieve programmatic results within a specified time frame or
milestones.[Footnote 88] To evaluate TSA's progress in addressing the
Missouri CSR Pilot evaluation, we used GAO's standards for internal
controls in the federal government, which require that findings and
deficiencies reported in audits and other reviews be promptly reviewed,
resolved, and corrected within established time frames.[Footnote 89]
Government and Private Sector Security Actions:
To determine the actions the federal government and state and local
governments have taken to mitigate commercial vehicle security risks,
and the extent to which these actions are consistent with TSA's
security strategy, we reviewed documentation and interviewed officials
from TSA's Office of Highway and Motor Carrier and the Office of Cargo
Policy; DOT PHMSA's Office of Hazardous Materials Safety; FMCSA's
Office of Emergency Preparedness and Security; FHWA Transportation
Security Office; and the FTA Office of Safety and Security. We also
interviewed officials from eight states and conducted site visits to
five.[Footnote 90] We selected the states in a nonprobability sample
based on their characteristics, proximity to critical infrastructure
and potential terrorist targets, such as large population centers, and
the amount of hazardous materials (in tons) originating in the state.
As a result, we cannot generalize the results to all states. However,
we believe that observations obtained from these visits provided us
with a greater understanding of the states' operations and
perspectives. We gathered information from each regarding their actions
to mitigate security risks, and any challenges they face in
strengthening security.
To identify industry actions taken to secure the commercial vehicle
sector, we analyzed TSA's draft best practices and Security Action
Items, and reviewed TSA CSR and FMCSA SCR and SSV inspection data. We
also interviewed officials from 12 industry associations that represent
trucking firms and truck drivers, truck manufacturers, truck rental and
leasing companies, hazardous materials shippers, and intercity and tour
bus companies to see what actions, if any, the association and its
members were taking. We also reviewed security guidance industry trade
associations had developed and provided to their members. To supplement
what federal and industry associations told us and to observe industry
operations firsthand, we also conducted site visits to 26 commercial
truck and bus owner-operators. These companies were selected by a
nonprobability sample based on:
* size, using the number of vehicles (tractors, or power units for
trucking companies, and buses for motor coach companies) as an
indicator;
* geographic location, noting the region's characteristics, proximity
to critical infrastructure and potential terrorist targets such as
large population centers, and the amount of hazardous materials (in
tons) originating in the state; and:
* type of operations, using the quantity of hazardous materials
transported as an indicator for trucking companies.
Because we used a nonprobability sample of owner-operators and states,
the information we obtained from these interviews and visits cannot be
generalized to all commercial vehicle companies. However, we believe
that observations obtained from these visits provided us with a greater
understanding of the industry's operations and perspectives. The 20
trucking companies we visited included hazardous materials carriers,
nonhazardous materials carriers, and carriers that transported both
hazardous materials and nonhazardous materials. The 6 motor coach
companies we visited included companies that offer intercity services,
and tour and charter services, as well as companies that do both.
During our site visits to bus and trucking companies, we interviewed
officials and inspected a range of security measures.
To assess how the effectiveness of federal programs to reduce risk was
being monitored, we analyzed DHS and DOT strategic planning and
budgeting documents and performance data and interviewed officials from
TSA's HMC, the Transportation Sector Network Management Business
Management Office, and the DHS Federal Emergency Management Agency's
(FEMA) Grants Program Directorate. To determine what performance
measurement data DOT had developed that TSA could potentially use to
monitor the progress of these commercial vehicle security programs, we
interviewed officials from FMCSA's Analysis Division and Strategic
Planning and Program Evaluation Division. We also compared TSA's
efforts to evaluate its programs with guidance on performance
measurement contained in the GPRA and the TSSP.
Coordination and Collaboration Efforts:
To review the extent to which the federal government has coordinated
its strategy for securing commercial vehicles internally and with
private sector stakeholders, we analyzed DHS's memorandum of
understanding with DOT and subsequent annex with PHMSA that identifies
the roles and responsibilities of DHS and DOT related to commercial
vehicle and hazardous materials transportation security. In addition,
we reviewed statutes related to DHS and DOT roles and responsibilities,
as well as regulations and associated comments provided during
rulemaking procedures for commercial vehicle security programs and
requirements. We also interviewed officials from TSA's Office of
Intelligence, Risk Management Division, the Office of Highway and Motor
Carrier, and the Office of Cargo Policy; and DOT's PHMSA and FMCSA to
obtain information on their current and planned efforts to secure
commercial vehicles, as well as their collaborative efforts across
agencies and with the private sector. We also interviewed members of
the SCC and the private firms we visited to obtain their views
regarding the effectiveness of TSA's coordination efforts, and
discussed their views with TSA officials. Finally, we compared TSA's
efforts to collaborate and coordinate with stakeholders to key
practices that we had previously developed as leading practices of
collaborating agencies.[Footnote 91]
We conducted this performance audit from September 2006 through
February 2009 in accordance with generally accepted government auditing
standards. Those standards require that we plan and perform the audit
to obtain sufficient, appropriate evidence to provide a reasonable
basis for our findings and conclusions based on our audit objectives.
We believe that the evidence obtained provides a reasonable basis for
our findings and conclusions based on our audit objectives. (The
methodology used to gather our data on the incidents of truck and bus
bombing is summarized in app. II).
[End of section]
Appendix II: Incidents of Truck and Bus Bombings from 1997 to 2008:
This appendix provides information on the analysis we conducted to
determine the incidents of truck and bus bombings presented in this
report. It provides information on the methodology used to identify
incidents worldwide and the detailed results of our analysis.
Methodology Used to Identify Bombing Incidents:
We used open sources, such as press and wire service reports, to
determine the extent of bus and truck bombings. We first reviewed the
general strengths and weakness of different open-source databases and
consulted open source search experts. We reviewed eight databases and
chose to use four based on the breadth and completeness of their media
sources, years, and geographic coverage; whether they contained
sufficient detail to verify that the event was a truck or bus bombing;
and whether they allowed for independent verification of source
information. We also wanted databases that had, or enabled, control
methods to ensure minimization of false positives and duplicates, and
standardized criteria for incident inclusion.
We narrowed our selection of databases to the Open Source Center (OSC),
Nexis, Global Terrorism Database (GTD), and Dialog databases. OSC is
the official open-source clearinghouse for the U.S. government that
monitors, translates, and disseminates within the U.S. government
openly available news and information from non-U.S. media sources. It
has state of the art language translation capabilities, so articles are
usually translated into English by native-speaker linguists. Nexis,
Major World Newspapers provides access to 5 billion searchable
documents from more than 40,000 legal, news, and business sources. GTD
is an open-source database gathering information on terrorist incidents
around the world since 1970. We made limited use of the earlier, first
version called GTD 1 and only for 1997 when we could corroborate the
incidents it identified with additional sources found in Nexis. Our
primary database was the more rigorous GTD2, which currently covers
terrorism events from 1998 to 2004. GTD2 is based on the OSC and Nexis
databases, which it evaluated as the best general databases. GTD2
entries have to be based on multiple independent open-source reports or
a single "highly credible" source. GTD2 has a configurable definition
of terrorism that includes more than one definition of the phenomenon;
control methods in place to ensure minimization of false positives; a
standardized criteria for incident inclusion that is documented in a
formal and publicly available codebook; and a ranking system for media
sources. Dialog is an online database that allows for an extensive
search of a variety of databases and collections using powerful search
language. Dialog's ability to identify very specific information made
it an ideal second source to search for additional documentation on
known but not fully documented events.
We then explored the capabilities of these databases over time with a
small pilot, conducting searches on truck and bus bombings in one
individual year in each of three decades, specifically the years 1987,
1996, and 2002, and explored which search terms and strategies produced
the best results for each database. We assessed the possible threats to
validity and confirmed that these were the pertinent issues with an
open-source terrorism data expert. Our analysis plan addressed a
variety of threats to validity and their mitigation:
* False positives - Unclassified data on terrorist events are largely
gathered through open-source data, typically press reports.[Footnote
92] Since press reports may not be the most reliable, we used several
databases that use reputable sources and decision rules for the
inclusion of their entries. Entries we accepted had to be based on a
highly reliable source, or multiple sources. Supporting articles had to
directly confirm whether the incident was a truck or bus bombing as
well as the incident date, location, and the number killed.
* History - Electronic search engines and archives have improved over
time. Therefore, data across 25 years, since the 1983 Marine barracks
bombing, may not be comparable. Based on our pilot data, we only
included incidents from 1997, by which time both Nexis and GTD were
well developed and reliable.
* Language - All languages may not be equally covered. GTD uses the
Open Source Center which is based entirely on foreign sources and has
strong translation capabilities among its staff.
* Synonyms - Multiple English terms may be used for bus, truck and bomb
(e.g., bus vs. lorry). GTD uses extensive Boolean search terms with
search strings using hundreds of terms and synonyms. Nexis and Dialog
enable similar searches with wildcard strings. We applied GTD search
strings to Nexis and Dialog to cover more current events not yet
included in GTD.
* Geography - Some areas (e.g. Africa) may not be covered as well.
However, we looked for a very particular type of incident that was
highly likely to be the lead story where it occurred and picked up by
the wires.
* Dates -Reporting date vs. actual dates. Reporting dates on global
time can lead to confusion. GTD and OSC have date protocols to minimize
date error. Since our unit of analysis is years, this error was of
little risk.
* Breaking reports vs. "final" reports - Initial reports usually have
less confirmation of the number killed. When conflicting reports cannot
be reconciled, we used the lower number of reported killed. GTD also
uses the lowest number.
* Incidents in a military area may not be terrorism - The GTD makes a
distinction between combatants and noncombatants. We screened out
events involving active combatants. However, we included incidents
directed at civilians or other targets in active war zones such as Iraq
and Afghanistan.
* Incident duplication - Using multiple sources could inadvertently
lead to incident duplication. GTD has a protocol to eliminate
duplicates and Nexis also enables electronic duplication vetting. In
addition, duplications were screened manually and the entire dataset
was verified by independent staff.
Search strategy:
We originally hoped to list the incidents since the Beirut bombings of
1983, but given the less rigorous methodology of GTD1, the limited
archival coverage of Nexis prior to 1996, and the limitations of other
databases we decided to drop 1983 through 1996. Due to the evolving
coverage of these databases, we had to employ three different search
strategies to cover the years from 1997 to 2007.
Time period: 1997 Primary search database: Global Terrorism Database
"GTD1" Secondary search database: Nexis' Major World Newspapers:
By 1997, Nexis sources were sufficiently developed and available online
to augment GTD1, which did not list supporting sources.
Time period: 1998-2004 Primary search database: Global Terrorism
Database "GTD2" GTD2 incorporates OSC and Nexis in a systematic manner
and additional searches of these sources were not necessary.
Time period: 2005-present Primary search database: Nexis' Major World
Newspapers Secondary search database: Individual newswires database in
Dialog Third search database: Open Source Center:
For our study we searched the GTD2 for attacks utilizing or against a
commercial vehicle, either truck, bus, or bus station or bus stand,
specifically with explosives (VBIEDs, IED's, suicide bomber(s), bombs,
grenades, roadside bombs, landmines, and rockets). When searching Nexis
we used the same search factors but with a Boolean search string. For
years in our study outside the GTD year range, we duplicated their
search and inclusion methodology. As a final check, we compared our
results with Department of State and Department of Defense terrorism
lists and timelines. We believe that these various steps successfully
mitigated the various threats to validity and enabled us to compile
information on the incidents of truck and bus bombings since 1997 with
confidence.
The results of our search are summarized in figure 2 and detailed in
table 3 below. Some additional trends are summarized in the figures
below. Truck and bus bombings are compared in figure 6, which shows
that while bus bombings have historically been more common, the
incidence of truck bombings has sharply increased since 2004 and peaked
in 2007.
Figure 6: Comparison of Annual Truck and Bus Bombing Incidents:
[Refer to PDF for image]
Line Graph:
Year: 1997;
Bus bombings: 3;
Truck bombings: 29.
Year: 1998;
Bus bombings: 5;
Truck bombings: 25.
Year: 1999;
Bus bombings: 3;
Truck bombings: 18.
Year: 2000;
Bus bombings: 6;
Truck bombings: 26.
Year: 2001;
Bus bombings: 2;
Truck bombings: 16.
Year: 2002;
Bus bombings: 4;
Truck bombings: 37.
Year: 2003;
Bus bombings: 7;
Truck bombings: 37.
Year: 2004;
Bus bombings: 6;
Truck bombings: 21.
Year: 2005;
Bus bombings: 13;
Truck bombings: 30.
Year: 2006;
Bus bombings: 16;
Truck bombings: 36.
Year: 2007;
Bus bombings: 58;
Truck bombings: 48.
Year: 2008;
Bus bombings: 23;
Truck bombings: 41.
Source: GAO analysis of global terrorism data.
[End of figure]
Figure 7 summarizes how the sharp increase in bombing deaths in 2007
was due to the increase in truck bombings.
Figure 7: Comparison of Annual Death Totals from Truck and Bus Bombing
Incidents:
[Refer to PDF for image]
Line Graph:
Year: 1997;
Deaths by bus: 120;
Deaths by truck: 31.
Year: 1998;
Deaths by bus: 124;
Deaths by truck: 278.
Year: 1999;
Deaths by bus: 31;
Deaths by truck: 1.
Year: 2000;
Deaths by bus: 83;
Deaths by truck: 70.
Year: 2001;
Deaths by bus: 47;
Deaths by truck: 1.
Year: 2002;
Deaths by bus: 269;
Deaths by truck: 94.
Year: 2003;
Deaths by bus: 195;
Deaths by truck: 97.
Year: 2004;
Deaths by bus: 161;
Deaths by truck: 112.
Year: 2005;
Deaths by bus: 345;
Deaths by truck: 159.
Year: 2006;
Deaths by bus: 378;
Deaths by truck: 244.
Year: 2007;
Deaths by bus: 506;
Deaths by truck: 2072.
Year: 2008;
Deaths by bus: 446;
Deaths by truck: 220.
Source: GAO analysis of global terrorism data.
[End of figure]
We only counted incidents involving noncombatants, but most of the
sharp rise in deaths in truck and bus bombings that occurred in 2007
was due to bombings in Iraq.
Figure 8: Comparison of Annual Death Totals from Truck and Bus Bombings
in Iraq and All Other Countries:
[Refer to PDF for image]
Line Graph:
Year: 1997;
Deaths in Iraq: 0;
Deaths in other countries: 151.
Year: 1998;
Deaths in Iraq: 0;
Deaths in other countries: 402.
Year: 1999;
Deaths in Iraq: 7;
Deaths in other countries: 25.
Year: 2000;
Deaths in Iraq: 0;
Deaths in other countries: 153.
Year: 2001;
Deaths in Iraq: 0;
Deaths in other countries: 48.
Year: 2002;
Deaths in Iraq: 7;
Deaths in other countries: 256.
Year: 2003;
Deaths in Iraq: 45;
Deaths in other countries: 247.
Year: 2004;
Deaths in Iraq: 151;
Deaths in other countries: 122.
Year: 2005;
Deaths in Iraq: 378;
Deaths in other countries: 126.
Year: 2006;
Deaths in Iraq: 384;
Deaths in other countries: 238.
Year: 2007;
Deaths in Iraq: 2119;
Deaths in other countries: 459.
Year: 2008;
Deaths in Iraq: 264;
Deaths in other countries: 402.
Source: GAO analysis of global terrorism data.
[End of figure]
Table 3: Worldwide Terrorist Truck and Bus Bombings from January 1997
through December 2008:
Date: 1/7/1997;
Location: Zugdidi, Georgia;
Description: Bus bombing;
Deaths: 1.
Date: 1/7/1997;
Location: Lagos, Nigeria;
Description: Bus bombing;
Deaths: 2.
Date: 1/7/1997;
Location: Algiers, Algeria;
Description: Car bomb hits bus;
Deaths: 13.
Date: 1/9/1997;
Location: Tel Aviv, Israel;
Description: Two bombs at bus station;
Deaths: 0.
Date: 1/21/1997;
Location: Algiers, Algeria;
Description: Car bomb hits bus;
Deaths: 6.
Date: 2/12/1997;
Location: Lagos, Nigeria;
Description: Bus bombing;
Deaths: 0.
Date: 2/25/1997;
Location: Urumqi, China;
Description: Bus bombing;
Deaths: 3.
Date: 3/7/1997;
Location: Beijing, China;
Description: Bus bombing;
Deaths: 2.
Date: 3/17/1997;
Location: Algiers, Algeria;
Description: Bus stop bombing;
Deaths: 4.
Date: 3/29/1997;
Location: Jammu & Kashmir, India;
Description: Bus station bombing;
Deaths: 17.
Date: 4/6/1997;
Location: Pathankot, India;
Description: Bus bombing;
Deaths: 2.
Date: 4/10/1997;
Location: Nablus, West Bank;
Description: Bus bombing;
Deaths: 0.
Date: 5/6/1997;
Location: Lagos, Nigeria;
Description: Army bus bombing;
Deaths: 0.
Date: 5/8/1997;
Location: Tirana, Albania [vicinity];
Description: Bus bombing;
Deaths: 3.
Date: 5/12/1997;
Location: Shunde, China;
Description: Suicide bus bombing;
Deaths: 5.
Date: 6/1/1997;
Location: Algiers, Algeria;
Description: First of two bus bombings;
Deaths: 14.
Date: 6/6/1997;
Location: Pathankot, India;
Description: Bus bombing;
Deaths: 7.
Date: 6/17/1997;
Location: Bogota, Colombia;
Description: Truck bombing;
Deaths: 8.
Date: 6/30/1997;
Location: Sialkot, Pakistan;
Description: Bus bombing;
Deaths: 8.
Date: 7/9/1997;
Location: Jerusalem, Israel;
Description: Bus bombing;
Deaths: 0.
Date: 7/9/1997;
Location: Dagestan, Russian Federation;
Description: Bus bombing;
Deaths: 9.
Date: 7/14/1997;
Location: New Delhi, India;
Description: First of two bus bombings;
Deaths: 0.
Date: 7/14/1997;
Location: New Delhi, India;
Description: Second of two bus bombings;
Deaths: 0.
Date: 9/5/1997;
Location: Blida, Algeria;
Description: Bus bombing;
Deaths: 4.
Date: 9/18/1997;
Location: Cairo, Egypt;
Description: Bus incendiary bombing;
Deaths: 10.
Date: 10/15/1997;
Location: Colombo, Sri Lanka;
Description: Truck bombing;
Deaths: 20.
Date: 10/24/1997;
Location: Srinagar, India;
Description: Bus bombing;
Deaths: 2.
Date: 10/28/1997;
Location: Beirut, Lebanon;
Description: Bus station bombing;
Deaths: 0.
Date: 12/3/1997;
Location: Udumalpet, India;
Description: Bus stand bombing;
Deaths: 3.
Date: 12/28/1997;
Location: Galle, Sri Lanka;
Description: Truck bombing;
Deaths: 3.
Date: 12/30/1997;
Location: New Delhi, India;
Description: Bus bombing;
Deaths: 4.
Date: 1/20/1998;
Location: Algiers, Algeria;
Description: Bus bombing;
Deaths: 1.
Date: 1/24/1998;
Location: Algiers, Algeria;
Description: Bomb thrown from a bus;
Deaths: 1.
Date: 1/26/1998;
Location: Kandy, Sri Lanka;
Description: Suicide truck bombing of a temple;
Deaths: 13.
Date: 2/3/1998;
Location: Kosice, Slovakia;
Description: Bus station bombing;
Deaths: 0.
Date: 2/14/1998;
Location: Wuhan, China;
Description: Bus bombing;
Deaths: 50.
Date: 2/26/1998;
Location: Medea, Algeria;
Description: Bus hits a mine;
Deaths: 10.
Date: 2/27/1998;
Location: Gujranwala, Pakistan;
Description: Bus bombing;
Deaths: 5.
Date: 3/5/1998;
Location: Colombo, Sri Lanka;
Description: Suicide bus bombing;
Deaths: 37.
Date: 3/9/1998;
Location: Eravur, Sri Lanka;
Description: Truck bombing;
Deaths: 6.
Date: 4/6/1998;
Location: Sakrand, Pakistan;
Description: Bus bombing;
Deaths: 6.
Date: 4/22/1998;
Location: Sialkot, Pakistan;
Description: Bus bombing;
Deaths: 0.
Date: 7/29/1998;
Location: Sarajevo, Bosnia and Herzegovina;
Description: Bus bombing;
Deaths: 0.
Date: 7/30/1998;
Location: Algiers, Algeria;
Description: Bus bombing;
Deaths: 2.
Date: 8/7/1998;
Location: Dar es Salaam, Tanzania;
Description: Truck bombing of U.S. Embassy;
Deaths: 12.
Date: 8/7/1998;
Location: Nairobi, Kenya;
Description: Truck bombing of U.S. Embassy;
Deaths: 246.
Date: 9/11/1998;
Location: Kigali, Rwanda;
Description: Bus bombing;
Deaths: 1.
Date: 9/22/1998;
Location: Milan, Italy;
Description: Bus bombing;
Deaths: 0.
Date: 9/24/1998;
Location: Jerusalem, Israel;
Description: Bus stop bombing;
Deaths: 0.
Date: 10/7/1998;
Location: Ain Tagourait, Algeria;
Description: Bus bombing;
Deaths: 1.
Date: 10/7/1998;
Location: Barrancabermeja, Colombia;
Description: Truck bombing;
Deaths: 0.
Date: 10/11/1998;
Location: Halis, Iraq;
Description: Car bomb exploded near a bus;
Deaths: 0.
Date: 10/17/1998;
Location: Beersheva, Israel;
Description: Two grenades explode in a bus terminal;
Deaths: 0.
Date: 10/29/1998;
Location: Kfar Darom, Palestine;
Description: Car bombing of a bus;
Deaths: 2.
Date: 11/2/1998;
Location: Bacolod, Philippines;
Description: Bus terminal bombing;
Deaths: 1.
Date: 11/2/1998;
Location: Cagayan de Oro, Philippines;
Description: Bus terminal bombing;
Deaths: 0.
Date: 11/19/1998;
Location: Plaridel, Philippines;
Description: Bus terminal bombing;
Deaths: 0.
Date: 11/19/1998;
Location: Dipolog City, Philippines;
Description: Bus bombing;
Deaths: 1.
Date: 11/22/1998;
Location: Oued Atteli, Algeria;
Description: Bus bombing;
Deaths: 0.
Date: 11/25/1998;
Location: Kirikkale, Turkey;
Description: Bus bombing;
Deaths: 4.
Date: 12/24/1998;
Location: Van, Turkey;
Description: Suicide bus bombing;
Deaths: 2.
Date: 1/8/1999;
Location: Impasugong Philippines;
Description: Bus bombing;
Deaths: 1.
Date: 1/12/1999;
Location: Davao, Philippines;
Description: First of two bus bombings;
Deaths: 0.
Date: 1/12/1999;
Location: Davao, Philippines;
Description: Second of two bus bombings;
Deaths: 0.
Date: 3/7/1999;
Location: Bursa, Turkey;
Description: Incendiary bombing of a bus;
Deaths: 0.
Date: 3/9/1999;
Location: Colombo, Sri Lanka;
Description: Bus station bombing;
Deaths: 0.
Date: 3/9/1999;
Location: Colombo, Sri Lanka;
Description: Bombing of bus and bus terminal;
Deaths: 1.
Date: 3/18/1999;
Location: Istanbul, Turkey;
Description: Bottled gas truck hit by grenade;
Deaths: 0.
Date: 3/26/1999;
Location: Istanbul, Turkey;
Description: Suicide bus bombing;
Deaths: 1.
Date: 6/9/1999;
Location: Baghdad, Iraq;
Description: Car bomb next to two buses;
Deaths: 7.
Date: 7/4/1999;
Location: Batman, Turkey;
Description: A tanker truck hit a landmine;
Deaths: 1.
Date: 7/8/1999;
Location: Esenler, Turkey;
Description: Time bomb on fuel tanker;
Deaths: 0.
Date: 7/12/1999;
Location: Istanbul, Turkey;
Description: Bus bombing;
Deaths: 0.
Date: 7/24/1999;
Location: Anantnag, India;
Description: Grenade attack on a bus stand;
Deaths: 0.
Date: 7/24/1999;
Location: Lusaka, Zambia;
Description: Grenade attack on a bus;
Deaths: 0.
Date: 7/27/1999;
Location: Rawalpindi , Pakistan;
Description: Bus bombing;
Deaths: 11.
Date: 8/14/1999;
Location: Dina, Pakistan;
Description: Bus bombing;
Deaths: 6.
Date: 8/16/1999;
Location: Suva, Fuji;
Description: Bus bombing;
Deaths: 0.
Date: 9/26/1999;
Location: Badulla, Sri Lanka;
Description: Bus bombing;
Deaths: 1.
Date: 11/14/1999;
Location: Cali, Colombia;
Description: Incendiary bomb attack on a bus stop;
Deaths: 0.
Date: 11/29/1999;
Location: Hyderabad, Pakistan;
Description: A bomb hidden under a bus seat;
Deaths: 2.
Date: 12/28/1999;
Location: Jammu, India;
Description: Bus terminal bombing;
Deaths: 1.
Date: 1/1/2000;
Location: Chittagong, Bangladesh;
Description: Bus stand bombing;
Deaths: 0.
Date: 2/3/2000;
Location: Kosocska Mitrovica, Serbia;
Description: Rocket fired at a United Nations bus;
Deaths: 2.
Date: 2/3/2000;
Location: Colombo, Sri Lanka;
Description: Bus bombing;
Deaths: 0.
Date: 2/25/2000;
Location: Ozamiz, Philippines;
Description: Bus bombing;
Deaths: 44.
Date: 3/15/2000;
Location: Kidapawan, Philippines;
Description: Bus bombing;
Deaths: 2.
Date: 3/15/2000;
Location: Matalan, Philippines;
Description: Bus bombing;
Deaths: 0.
Date: 4/4/2000;
Location: Kittuoothu, Sri Lanka;
Description: Bus hit a land mine;
Deaths: 3.
Date: 4/7/2000;
Location: Lahore, Pakistan;
Description: Bus station bombing;
Deaths: 0.
Date: 5/12/2000;
Location: Dzhaglarbi, Russia;
Description: Bus bombing;
Deaths: 3.
Date: 5/20/2000;
Location: Midsayap, Philippines;
Description: Bus terminal bombing;
Deaths: 0.
Date: 6/4/2000;
Location: Iligan City, Philippines;
Description: Bus depot bombing;
Deaths: 1.
Date: 6/6/2000;
Location: Vientiane, Laos;
Description: Bus terminal bombing;
Deaths: 0.
Date: 6/14/2000;
Location: Wattala, Sri Lanka;
Description: Suicide bus bombing;
Deaths: 3.
Date: 7/2/2000;
Location: Argun, Russia;
Description: Suicide truck bombing;
Deaths: 50.
Date: 7/2/2000;
Location: Gudermes, Russia;
Description: Two truck bomb suicide attacks;
Deaths: 10.
Date: 7/2/2000;
Location: Urus-Martan, Russia;
Description: Truck bombing;
Deaths: 2.
Date: 7/2/2000;
Location: Novogrozny, Russia;
Description: Suicide truck bombing;
Deaths: 3.
Date: 7/17/2000;
Location: Matalam, Philippines;
Description: Bus terminal bombing;
Deaths: 0.
Date: 7/24/2000;
Location: Jullundur, India;
Description: Bus bombing;
Deaths: 7.
Date: 9/3/2000;
Location: Lahore, Pakistan;
Description: Bus station bombing;
Deaths: 3.
Date: 9/12/2000;
Location: Grozny, Chechnya;
Description: Truck bombing;
Deaths: 2.
Date: 10/6/2000;
Location: Nevinnomyssk, Russia;
Description: Bus stop bombing;
Deaths: 3.
Date: 10/18/2000;
Location: Gaza, Palestinian Territories;
Description: Bus hit by grenades;
Deaths: 0.
Date: 11/20/2000;
Location: Kfar Darom, Palestine;
Description: Bus bombing;
Deaths: 2.
Date: 11/22/2000;
Location: Hadera, Israel;
Description: Car bombing of a bus;
Deaths: 2.
Date: 11/27/2000;
Location: Lahore, Pakistan;
Description: Bus bombing;
Deaths: 0.
Date: 11/27/2000;
Location: Burewala, Pakistan;
Description: Bus bombing;
Deaths: 0.
Date: 11/28/2000;
Location: Kebitigollew, Sri Lanka;
Description: Bus Hit a Landmine;
Deaths: 7.
Date: 12/8/2000;
Location: Gudermes, Russia;
Description: Truck bombing using a water tanker;
Deaths: 3.
Date: 12/25/2000;
Location: Hyderabad, Pakistan;
Description: Bus bombing;
Deaths: 0.
Date: 12/28/2000;
Location: Tel Aviv, Israel;
Description: Bus bombing;
Deaths: 0.
Date: 12/30/2000;
Location: Manila, Philippines;
Description: Bus terminal bombing;
Deaths: 1.
Date: 1/26/2001;
Location: Rishikesh, India;
Description: Bus bombing;
Deaths: 2.
Date: 2/5/2001;
Location: Grozny, Chechnya;
Description: Bus hits a mine;
Deaths: 0.
Date: 2/16/2001;
Location: vicinity of Podujevo Kosovo;
Description: Bus bombing;
Deaths: 10.
Date: 2/14/2001;
Location: Tel Aviv, Israel;
Description: Bus drove into crowded bus stop;
Deaths: 8.
Date: 3/2/2001;
Location: Umm al-Fahm, Israel;
Description: Bus bombing;
Deaths: 1.
Date: 3/7/2001;
Location: Jerusalem, Israel;
Description: Truck bomb using a garbage truck;
Deaths: 0.
Date: 3/7/2001;
Location: Grozny, Chechnya;
Description: Bus bombing;
Deaths: 0.
Date: 3/16/2001;
Location: Tovzeni, Russia;
Description: Bus bombing;
Deaths: 7.
Date: 4/1/2001;
Location: Dhaka , Bangladesh;
Description: Truck bombing;
Deaths: 1.
Date: 4/22/2001;
Location: Kfar Sava, Israel;
Description: Bus stop suicide bombing;
Deaths: 2.
Date: 5/25/2001;
Location: Hadera, Israel;
Description: Car bombing of a bus;
Deaths: 2.
Date: 6/25/2001;
Location: Maduvil, Sri Lanka;
Description: Bus hits landmine;
Deaths: 6.
Date: 7/20/2001;
Location: Karachi, Pakistan;
Description: Double bus bombing;
Deaths: 2.
Date: 9/6/2001;
Location: Digdol, India;
Description: Bus bombing;
Deaths: 4.
Date: 9/8/2001;
Location: Matan, India;
Description: Bus hits landmine;
Deaths: 1.
Date: 10/28/2001;
Location: Quetta, Pakistan;
Description: Bus bombing;
Deaths: 2.
Date: 10/29/2001;
Location: Belfast, Northern Ireland;
Description: Bus bombing;
Deaths: 0.
Date: 11/20/2001;
Location: Tafourah , Algeria;
Description: A bomb at bus station;
Deaths: 0.
Date: 1/25/2002;
Location: Tel Aviv, Israel;
Description: Suicide bombing of a bus station;
Deaths: 1.
Date: 1/26/2002;
Location: Bir Mourad Rais, Algeria;
Description: Bus stop bombing;
Deaths: 0.
Date: 2/3/2002;
Location: Bayt Immar, Israel;
Description: Incendiary bus bombing;
Deaths: 0.
Date: 2/19/2002;
Location: vicinity of Mehola, Palestine;
Description: Suicide bus bombing;
Deaths: 1.
Date: 2/22/2002;
Location: Bhandara, Nepal;
Description: Incendiary bombing of a bus;
Deaths: 5.
Date: 3/5/2002;
Location: Afula, Israel;
Description: Suicide bus bombing;
Deaths: 2.
Date: 3/17/2002;
Location: Jerusalem, Israel;
Description: Suicide bus bombing;
Deaths: 1.
Date: 3/20/2002;
Location: Umm el-Fahm, Israel;
Description: Bus bombing;
Deaths: 8.
Date: 4/11/2002;
Location: Djerba, Tunisia;
Description: Truck Bombing;
Deaths: 20.
Date: 4/11/2002;
Location: Haifa, Israel;
Description: Bus bombing;
Deaths: 10.
Date: 4/18/2002;
Location: Grozny , Chechnya;
Description: Truck bombing;
Deaths: 17.
Date: 4/25/2002;
Location: Jammu & Kashmir, India;
Description: Bus bombing;
Deaths: 1.
Date: 5/8/2002;
Location: Casanare, Colombia;
Description: Truck bombing of a bridge;
Deaths: 0.
Date: 5/8/2002;
Location: Karachi, Pakistan;
Description: Car bombing of a bus;
Deaths: 14.
Date: 5/14/2002;
Location: Calarca, Colombia;
Description: Bus bombing;
Deaths: 0.
Date: 5/20/2002;
Location: Ta'anachim, Israel;
Description: Suicide bus bombing;
Deaths: 1.
Date: 5/29/2002;
Location: Ahmedabad, India;
Description: One of three bus bombings;
Deaths: 0.
Date: 5/29/2002;
Location: Ahmedabad, India;
Description: One of three bus bombings;
Deaths: 0.
Date: 5/29/2002;
Location: Ahmedabad, India;
Description: One of three bus bombings;
Deaths: 0.
Date: 6/6/2002;
Location: Poso, Indonesia;
Description: Bus bombing;
Deaths: 4.
Date: 6/17/2002;
Location: Jerusalem, Israel;
Description: Suicide bus bombing;
Deaths: 19.
Date: 6/19/2002;
Location: Jerusalem, Israel;
Description: Suicide bomber attacked a bus stop;
Deaths: 7.
Date: 6/27/2002;
Location: Davao City, Philippines;
Description: Bus bombing;
Deaths: 0.
Date: 7/16/2002;
Location: Emmanuel, Israel [vicinity];
Description: Bus attacked with grenades;
Deaths: 7.
Date: 8/13/2002;
Location: Shali, Russia;
Description: Bus hit a landmine;
Deaths: 3.
Date: 10/10/2002;
Location: Kidapawan, Philippines;
Description: Bus terminal bombing;
Deaths: 8.
Date: 10/10/2002;
Location: Tel Aviv, Israel;
Description: Suicide bombing of a bus;
Deaths: 2.
Date: 10/12/2002;
Location: Kuta, Bali;
Description: Bus bomb;
Deaths: 101.
Date: 10/18/2002;
Location: Quezon City, Philippines;
Description: Bus bombing;
Deaths: 3.
Date: 10/22/2002;
Location: Pardes Hanna, Israel;
Description: Suicide car bomb next to a bus;
Deaths: 16.
Date: 11/4/2002;
Location: Ganeshchowk, Nepal;
Description: Incendiary bombing of a bus;
Deaths: 2.
Date: 11/11/2002;
Location: Ramsu, Iraq;
Description: Bus hit a landmine;
Deaths: 7.
Date: 11/13/2002;
Location: Lasana, India;
Description: Bus bombing;
Deaths: 0.
Date: 11/14/2002;
Location: Malgobek, Russia;
Description: Hand grenade attack in a bus;
Deaths: 4.
Date: 11/14/2002;
Location: Charikot, Nepal;
Description: Bus hit a landmine;
Deaths: 2.
Date: 11/18/2002;
Location: Chintagudam, India;
Description: Bus bombed by remote detonation of landmine;
Deaths: 14.
Date: 11/21/2002;
Location: Jerusalem, Israel;
Description: Suicide bus bombing;
Deaths: 12.
Date: 11/23/2002;
Location: Munda, India;
Description: Army bus hit a landmine;
Deaths: 12.
Date: 11/25/2002;
Location: Mukinda, India;
Description: Grenades attack bus;
Deaths: 0.
Date: 12/2/2002;
Location: Mumbai, India;
Description: Bus bombing;
Deaths: 2.
Date: 12/27/2002;
Location: Chechnya, Russian Federation;
Description: Suicide truck bombing;
Deaths: 57.
Date: 1/5/2003;
Location: Jammu & Kashmir, India;
Description: Grenade attack on a bus stand;
Deaths: 0.
Date: 1/5/2003;
Location: Tel Aviv, Israel;
Description: Suicide bombing of a bus station;
Deaths: 24.
Date: 1/12/2003;
Location: Gaza, Palestinian Territories;
Description: Bus hit by grenades;
Deaths: 2.
Date: 1/14/2003;
Location: La Trinidad, Philippines;
Description: Bus bombing;
Deaths: 0.
Date: 1/19/2003;
Location: Kulgam, India;
Description: Grenade thrown at a bus;
Deaths: 0.
Date: 1/31/2003;
Location: Spin Boldak, Afghanistan;
Description: Bus on bridge hit a land mine;
Deaths: 18.
Date: 2/2/2003;
Location: vicinity of Basaguda , India;
Description: Incendiary bombing of a bus;
Deaths: 5.
Date: 3/5/2003;
Location: Haifa, Israel;
Description: Suicide bus bombing;
Deaths: 16.
Date: 3/11/2003;
Location: Bogota, Colombia;
Description: Incendiary devices on buses;
Deaths: 0.
Date: 3/11/2003;
Location: Arauca, Colombia;
Description: Truck bombing;
Deaths: 1.
Date: 3/13/2003;
Location: Rajauri, India;
Description: Bus bombing at a bus terminal;
Deaths: 4.
Date: 3/16/2003;
Location: vicinity of Bamungopha , India;
Description: Bus bombed by rebel triggered landmine;
Deaths: 7.
Date: 4/3/2003;
Location: Grozny, Chechnya;
Description: Bus bombing;
Deaths: 8.
Date: 4/8/2003;
Location: Gulu, Uganda;
Description: Grenades and bombs hit buses;
Deaths: 10.
Date: 4/12/2003;
Location: Qazigund, India;
Description: Grenade attack on a bus stop;
Deaths: 1.
Date: 4/12/2003;
Location: Kulgam, India;
Description: Grenade attack on a bus stand;
Deaths: 0.
Date: 4/23/2003;
Location: Carmen, Philippines;
Description: Bus hit a landmine and attacked by grenades;
Deaths: 4.
Date: 5/3/2003;
Location: Anantnag, India;
Description: Grenade attack on a bus stand;
Deaths: 0.
Date: 5/5/2003;
Location: Doda, India;
Description: Grenade attack on a bus stand;
Deaths: 1.
Date: 5/10/2003;
Location: Hyderabad, Pakistan;
Description: Bus bombing;
Deaths: 0.
Date: 5/18/2003;
Location: Jerusalem, Israel;
Description: Suicide bombing of a bus;
Deaths: 8.
Date: 5/23/2003;
Location: Netzarim, Israel [vicinity];
Description: Bus bombing;
Deaths: 0.
Date: 5/30/2003;
Location: Grozny, Chechnya;
Description: Bus hit a landmine;
Deaths: 0.
Date: 5/31/2003;
Location: Hyderabad, Pakistan;
Description: Grenade attack on a bus;
Deaths: 0.
Date: 6/5/2003;
Location: Mozdok, Russia;
Description: Suicide bus bombing;
Deaths: 20.
Date: 6/11/2003;
Location: Jerusalem, Israel;
Description: Suicide bus bombing;
Deaths: 17.
Date: 6/23/2003;
Location: Shopian, India;
Description: Grenade attack on a bus station;
Deaths: 2.
Date: 7/12/2003;
Location: Kaloosa, India;
Description: Bus bombing;
Deaths: 0.
Date: 7/28/2003;
Location: Ghatkopar , India;
Description: Bus bombing;
Deaths: 5.
Date: 8/1/2003;
Location: Chechnya, Russia;
Description: Suicide Truck bomb;
Deaths: 50.
Date: 8/4/2003;
Location: Vien-tiane, Laos;
Description: Bomb explodes at a bus station;
Deaths: 0.
Date: 8/13/2003;
Location: Helmand, Afghanistan;
Description: bomb wrecked a bus;
Deaths: 15.
Date: 8/19/2003;
Location: Jerusalem, Israel;
Description: Suicide bomber on a bus;
Deaths: 20.
Date: 8/19/2003;
Location: Baghdad, Iraq;
Description: Truck Bomb Explosion;
Deaths: 24.
Date: 9/15/2003;
Location: Magas, Russian Federation;
Description: Truck Bomb;
Deaths: 2.
Date: 9/23/2003;
Location: Tigzirt, Algeria;
Description: Truck bombing;
Deaths: 0.
Date: 9/24/2003;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 1.
Date: 9/27/2003;
Location: Karachi, Pakistan;
Description: Bus bombing;
Deaths: 0.
Date: 10/12/2003;
Location: Irun, Spain;
Description: Two truck bombings;
Deaths: 0.
Date: 10/20/2003;
Location: Batmalloo, India;
Description: Grenade attack on a bus station;
Deaths: 2.
Date: 10/21/2003;
Location: Kulgam, India;
Description: Grenade attack on a bus stand;
Deaths: 0.
Date: 11/12/2003;
Location: Nasiriyah, Iraq;
Description: Truck bombing;
Deaths: 20.
Date: 12/23/2003;
Location: Poso, Indonesia;
Description: Bus bombing;
Deaths: 0.
Date: 12/25/2003;
Location: Tel Aviv, Israel;
Description: Suicide bus bombing;
Deaths: 5.
Date: 1/4/2004;
Location: Medan, Indonesia;
Description: Bus terminal bombing;
Deaths: 0.
Date: 1/15/2004;
Location: Tikrit, Iraq;
Description: Bus hits a landmine;
Deaths: 3.
Date: 1/16/2004;
Location: Dhanakuta, Nepal;
Description: Bus bombing;
Deaths: 4.
Date: 1/28/2004;
Location: Baghdad, Iraq;
Description: Ambulance used as a truck bomb;
Deaths: 3.
Date: 1/29/2004;
Location: Jerusalem, Israel;
Description: Suicide bus bombing;
Deaths: 11.
Date: 2/10/2004;
Location: Iskandariya, Iraq;
Description: Truck Bomb;
Deaths: 50.
Date: 2/12/2004;
Location: vicinity of Bardibas , Nepal;
Description: Bus bombed crossing a bridge;
Deaths: 6.
Date: 3/29/2004;
Location: Tashkent, Uzbekistan;
Description: Suicide bombing of a bus stop;
Deaths: 6.
Date: 4/5/2004;
Location: Pulwama, India;
Description: Grenade attack on a bus station;
Deaths: 8.
Date: 5/23/2004;
Location: Woodsa , India;
Description: Bus bombing;
Deaths: 28.
Date: 5/30/2004;
Location: Kathmandu, Nepal;
Description: Bus bombed in a bus station;
Deaths: 2.
Date: 6/17/2004;
Location: Dagestan, Russian Federation;
Description: Truck bombing;
Deaths: 0.
Date: 6/24/2004;
Location: Guwahati , India;
Description: Bus bombing;
Deaths: 5.
Date: 6/24/2004;
Location: Istanbul, Turkey;
Description: Bus bombing;
Deaths: 4.
Date: 6/27/2004;
Location: Jalalabad, Afghanistan;
Description: Bus bombing;
Deaths: 2.
Date: 7/11/2004;
Location: San Francisco, Colombia;
Description: Bus bombing;
Deaths: 2.
Date: 7/11/2004;
Location: Tel Aviv, Israel;
Description: Bomb at a bus stop;
Deaths: 1.
Date: 7/19/2004;
Location: Baghdad. Iraq;
Description: Truck bombs hit police station;
Deaths: 13.
Date: 7/19/2004;
Location: Voronezh, Russia;
Description: Bomb at a bus stop;
Deaths: 2.
Date: 7/28/2004;
Location: Baqouba, Iraq;
Description: Suicide bus bombing;
Deaths: 70.
Date: 8/5/2004;
Location: Mozdok, Russia;
Description: Bomb attack on a bus stop;
Deaths: 0.
Date: 8/10/2004;
Location: Barkan, Israel;
Description: Bus bombing;
Deaths: 0.
Date: 8/25/2004;
Location: Guwahati, India;
Description: One of two bus bombings;
Deaths: 1.
Date: 8/25/2004;
Location: Gossaigaon, India;
Description: One of two bus bombings;
Deaths: 0.
Date: 10/7/2004;
Location: Taba, Egypt;
Description: Truck bombing of a hotel;
Deaths: 34.
Date: 11/13/2004;
Location: Poso, Indonesia;
Description: Bus bombing;
Deaths: 6.
Date: 12/24/2004;
Location: Baghdad, Iraq;
Description: Fuel tanker used as a truck bomb;
Deaths: 12.
Date: 1/2/2005;
Location: Balad, Iraq [vicinity];
Description: Bus bombing;
Deaths: 23.
Date: 1/4/2005;
Location: Baghdad, Iraq;
Description: Truck bombing of a guard post;
Deaths: 10.
Date: 1/11/2005;
Location: Yussifiyah, Iraq;
Description: Bus bombing;
Deaths: 7.
Date: 1/14/2005;
Location: Karni, Gaza Strip;
Description: Border police truck bombed;
Deaths: 7.
Date: 1/19/2005;
Location: Baghdad, Iraq;
Description: Truck bomb attack on Australian Embassy;
Deaths: 3.
Date: 1/20/2005;
Location: Karamay, China;
Description: Suicide bus bombing;
Deaths: 11.
Date: 1/26/2005;
Location: Sinjar, Iraq;
Description: Truck bombing;
Deaths: 15.
Date: 1/30/2005;
Location: Abu Alwan, Iraq;
Description: Bus bombing;
Deaths: 5.
Date: 2/14/2005;
Location: Manila, Philippines;
Description: Bus bombing;
Deaths: 3.
Date: 2/14/2005;
Location: Davao, Philippines;
Description: Bus terminal bombing;
Deaths: 1.
Date: 2/14/2005;
Location: Beirut, Lebanon;
Description: Truck bombing;
Deaths: 21.
Date: 2/19/2005;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 18.
Date: 3/9/2005;
Location: Baghdad, Iraq;
Description: Truck bomb hits hotel;
Deaths: 4.
Date: 4/1/2005;
Location: Mazar-e Sharif, Afghanistan;
Description: Tractor trailer truck bombing;
Deaths: 2.
Date: 4/5/2005;
Location: Srinagar, India;
Description: Bus bombing;
Deaths: 0.
Date: 4/5/2005;
Location: Tal Afar, Iraq;
Description: Bus bombing;
Deaths: 3.
Date: 4/30/2005;
Location: Cairo, Egypt;
Description: Bus station bombed;
Deaths: 2.
Date: 5/6/2005;
Location: Tikrit, Iraq;
Description: Iraqi police bus bombing;
Deaths: 8.
Date: 5/31/2005;
Location: Baquba, Iraq;
Description: Truck bombing;
Deaths: 2.
Date: 6/6/2005;
Location: Badarmude, Nepal;
Description: Bus bombing;
Deaths: 38.
Date: 6/10/2005;
Location: Narke, Nepal;
Description: Bus bombing;
Deaths: 8.
Date: 6/13/2005;
Location: Sungai Padi, Thailand;
Description: Garbage truck used as a truck bomb;
Deaths: 1.
Date: 6/13/2005;
Location: Groznyy, Chechnya;
Description: Bus stop bombing;
Deaths: 0.
Date: 6/25/2005;
Location: Srinagar, India;
Description: Car bomb attacks;
Deaths: 9.
Date: 7/7/2005;
Location: London, United Kingdom;
Description: Bus bombing;
Deaths: 14.
Date: 7/13/2005;
Location: Ofra, Israel;
Description: Bus bombing;
Deaths: 0.
Date: 7/16/2005;
Location: Kusadasi, Turkey;
Description: Bus bombing;
Deaths: 5.
Date: 7/21/2005;
Location: London, United Kingdom;
Description: Bus bombing;
Deaths: 0.
Date: 7/24/2005;
Location: Baghdad, Iraq;
Description: Truck bombing;
Deaths: 40.
Date: 8/10/2005;
Location: Karimnagar, India;
Description: Bus station bombed;
Deaths: 0.
Date: 8/17/2005;
Location: Baghdad, Iraq;
Description: Bus station bombed;
Deaths: 25.
Date: 8/28/2005;
Location: Beersheba, Israel;
Description: Bus station bombed;
Deaths: 1.
Date: 9/14/2005;
Location: Baghdad, Iraq;
Description: Suicide bus bombing;
Deaths: 114.
Date: 9/15/2005;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 3.
Date: 9/23/2005;
Location: Baghdad, Iraq;
Description: Bus Bombing;
Deaths: 6.
Date: 10/24/2005;
Location: Baghdad, Iraq;
Description: Cement truck used as a truck bomb;
Deaths: 18.
Date: 10/29/2005;
Location: Iraq;
Description: Date truck used as a truck bomb;
Deaths: 30.
Date: 11/14/2005;
Location: Jhalakati, Bangladesh;
Description: Bus bombing;
Deaths: 2.
Date: 11/14/2005;
Location: Ramadi, Iraq;
Description: Bus bombing;
Deaths: 3.
Date: 11/18/2005;
Location: Baghdad, Iraq;
Description: Truck bombing;
Deaths: 6.
Date: 11/19/2005;
Location: Beylikduzu, Turkey;
Description: Bus stop bombing;
Deaths: 1.
Date: 12/8/2005;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 32.
Date: 12/12/2005;
Location: Baghdad, Iraq;
Description: Bus bombing near a hospital;
Deaths: 3.
Date: 1/4/2006;
Location: Ishaqi, Iraq;
Description: Bombing of a fuel tanker truck;
Deaths: 0.
Date: 2/5/2006;
Location: Quetta, Pakistan;
Description: Bus bombing;
Deaths: 12.
Date: 2/20/2006;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 12.
Date: 2/26/2006;
Location: Hillah, Iraq;
Description: Bus bombing;
Deaths: 0.
Date: 3/2/2006;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 5.
Date: 3/4/2006;
Location: Baghdad, Iraq;
Description: Bombing of trailer truck;
Deaths: 0.
Date: 3/4/2006;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 7.
Date: 3/10/2006;
Location: Fallujah, Iraq;
Description: Truck bombing;
Deaths: 7.
Date: 3/10/2006;
Location: Rakhni, Pakistan;
Description: Truck hit a landmine;
Deaths: 27.
Date: 3/29/2006;
Location: Digos City, Philippines;
Description: Bus bombing;
Deaths: 0.
Date: 3/31/2006;
Location: Istanbul, Turkey;
Description: Bus bombing;
Deaths: 1.
Date: 4/1/2006;
Location: Istanbul, Turkey;
Description: Bombing of a bus stop;
Deaths: 1.
Date: 4/2/2006;
Location: Istanbul, Turkey;
Description: Bus bombing;
Deaths: 3.
Date: 4/3/2006;
Location: Baghdad, Iraq;
Description: Truck bombing near mosque;
Deaths: 10.
Date: 4/19/2006;
Location: Narathiwat, Thailand;
Description: Truck bombing;
Deaths: 1.
Date: 5/14/2006;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 5.
Date: 5/20/2006;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 19.
Date: 5/29/2006;
Location: Khalis, Iraq;
Description: Bus bombing;
Deaths: 11.
Date: 6/6/2006;
Location: Baqubah, Iraq;
Description: Bus stop bombing;
Deaths: 1.
Date: 6/8/2006;
Location: Mosul, Iraq [vicinity];
Description: Fuel truck bombed;
Deaths: 1.
Date: 6/11/2006;
Location: Manila, Philippines;
Description: Bus bombing;
Deaths: 0.
Date: 6/15/2006;
Location: Kabithigollewa , Sri Lanka;
Description: Bus hit a landmine;
Deaths: 62.
Date: 6/15/2006;
Location: Kandahar, Afghanistan;
Description: Bus bombing;
Deaths: 8.
Date: 7/1/2006;
Location: Baghdad, Iraq;
Description: Suicide truck bombing;
Deaths: 66.
Date: 7/6/2006;
Location: Tiraspol, Moldova;
Description: Bus bombing;
Deaths: 7.
Date: 7/52006;
Location: Kabul, Afghanistan;
Description: Bus bombing;
Deaths: 1.
Date: 7/18/2006;
Location: Kufa, Iraq;
Description: Bus bombing;
Deaths: 50.
Date: 7/18/2006;
Location: Hawijah, Iraq;
Description: roadside bomb near a bus station;
Deaths: 9.
Date: 7/31/2006;
Location: Trincaomalee, Sri Lanka;
Description: roadside bomb exploded near a military truck;
Deaths: 18.
Date: 8/1/2006;
Location: Baiji, Iraq;
Description: Bus bombing;
Deaths: 24.
Date: 8/5/2006;
Location: Bangkok, Thailand;
Description: Bus bombing;
Deaths: 0.
Date: 8/6/2006;
Location: Samarra, Iraq;
Description: Truck bombing;
Deaths: 9.
Date: 8/15/2006;
Location: Mosul, Iraq;
Description: Truck bombing;
Deaths: 5.
Date: 8/27/2006;
Location: Marmaris, Turkey;
Description: Bus bombing;
Deaths: 0.
Date: 8/27/2006;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 9.
Date: 8/30/2006;
Location: Kirkuk, Iraq;
Description: Bus bombing;
Deaths: 3.
Date: 9/12/2006;
Location: Diyarbakir, Turkey;
Description: Bus stop bombed;
Deaths: 11.
Date: 9/17/2006;
Location: Kirkuk, Iraq;
Description: Suicide truck bombing;
Deaths: 18.
Date: 9/20/2006;
Location: Baghdad, Iraq;
Description: Truck bomb attacks police;
Deaths: 8.
Date: 10/10/2006;
Location: Kabul, Afghanistan;
Description: Bus bombing;
Deaths: 0.
Date: 10/16/2006;
Location: Habarana, Sri Lanka;
Description: Truck bombing of bus terminal;
Deaths: 67.
Date: 10/17/2006;
Location: Baghdad, Iraq [vicinity];
Description: Truck bombing;
Deaths: 4.
Date: 10/27/2006;
Location: Uruzgan Province, Afghanistan;
Description: Bus bombing;
Deaths: 14.
Date: 10/29/2006;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 1.
Date: 10/30/2006;
Location: Algiers, Algeria;
Description: Truck bombing of a police station;
Deaths: 3.
Date: 11/13/2006;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 16.
Date: 12/5/2006;
Location: Baghdad, Iraq;
Description: Car bomb hit bus;
Deaths: 14.
Date: 12/10/2006;
Location: Algiers, Algeria;
Description: Bus bombing;
Deaths: 1.
Date: 12/12/2006;
Location: Baghdad, Iraq;
Description: Car bomb hits bus;
Deaths: 57.
Date: 12/13/2006;
Location: Baghdad, Iraq;
Description: Car bombing of a bus stop;
Deaths: 11.
Date: 12/25/2006;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 2.
Date: 12/31/2006;
Location: Bangkok, Thailand;
Description: Bus station bombed;
Deaths: 1.
Date: 1/5/2007;
Location: Nittambuwa, Sri Lanka;
Description: Suicide Bus;
Deaths: 5.
Date: 1/6/2007;
Location: Meetiyagoda , Sri Lanka;
Description: Suicide Bus;
Deaths: 16.
Date: 1/17/2007;
Location: Kirkuk, Iraq;
Description: Truck bombing;
Deaths: 10.
Date: 1/19/2007;
Location: Guwahati, India;
Description: Bus terminal bombed;
Deaths: 2.
Date: 1/28/2007;
Location: Najaf, Iraq;
Description: Bus bombing;
Deaths: 1.
Date: 1/28/2007;
Location: Ramadi, Iraq;
Description: Dump Truck with Cholrine;
Deaths: 16.
Date: 2/3/2007;
Location: Baghdad, Iraq;
Description: Truck bombing;
Deaths: 135.
Date: 2/12/2007;
Location: Baghdad, Iraq;
Description: Truck bombing;
Deaths: 70.
Date: 2/13/2007;
Location: Algiers, Algeria [vicinity];
Description: Truck bombing;
Deaths: 6.
Date: 2/13/2007;
Location: Ain Alaq, Lebanon;
Description: Bus Bombs;
Deaths: 3.
Date: 2/14/2007;
Location: Zahedan, Iran;
Description: Car bomb attack on a bus;
Deaths: 11.
Date: 2/19/2007;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 5.
Date: 2/20/2007;
Location: Taji, Iraq;
Description: Chlorine gas tank trucks;
Deaths: 9.
Date: 2/21/2007;
Location: Baghdad, Iraq;
Description: Truck bombing using a chlorine gas tank truck;
Deaths: 5.
Date: 2/21/2007;
Location: Kirkuk, Iraq;
Description: Bombs at a bus depot;
Deaths: 0.
Date: 2/24/2007;
Location: Falluja, Iraq;
Description: Truck bombing;
Deaths: 40.
Date: 2/27/2007;
Location: Ramadi, Iraq;
Description: Truck bombing;
Deaths: 19.
Date: 3/11/2007;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 11.
Date: 3/11/2007;
Location: Baghdad, Iraq;
Description: Car bomb hits truck;
Deaths: 19.
Date: 3/16/2007;
Location: Amiriyah, Iraq;
Description: Truck bombing using a chlorine gas tank truck;
Deaths: 8.
Date: 3/25/2007;
Location: Baghdad, Iraq;
Description: Truck bombing;
Deaths: 20.
Date: 3/25/2007;
Location: Hillah, Iraq;
Description: Truck bombing;
Deaths: 20.
Date: 3/27/2007;
Location: Tal Afar, Iraq;
Description: Truck bombing;
Deaths: 152.
Date: 3/29/2007;
Location: Fallujah, Iraq;
Description: Chlorine Trucks;
Deaths: 0.
Date: 4/2/2007;
Location: Kirkuk, Iraq;
Description: Truck bombing;
Deaths: 14.
Date: 4/3/2007;
Location: Ampara, Sri Lanka;
Description: Bus bombing;
Deaths: 16.
Date: 4/6/2007;
Location: Ramadi,Iraq;
Description: Truck bombing;
Deaths: 25.
Date: 4/7/2007;
Location: Vavuniya, Sri Lanka;
Description: Bus bombing;
Deaths: 7.
Date: 4/12/2007;
Location: Baghdad, Iraq;
Description: Truck bombing;
Deaths: 10.
Date: 4/14/2007;
Location: Mosul, Iraq;
Description: Two oil trucks exploded;
Deaths: 6.
Date: 4/14/2007;
Location: Karbala, Iraq;
Description: Bombing of a bus station;
Deaths: 43.
Date: 4/15/2007;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 3.
Date: 4/18/2007;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 127.
Date: 4/18/2007;
Location: Rusafi, Iraq;
Description: Bus bombing;
Deaths: 4.
Date: 4/23/2007;
Location: Diyala Province, Iraq;
Description: Truck Bombing;
Deaths: 9.
Date: 4/23/2007;
Location: Fallujah, Iraq;
Description: Truck bombing;
Deaths: 3.
Date: 4/24/2007;
Location: Ramadi, Iraq;
Description: Truck bombing;
Deaths: 25.
Date: 4/24/2007;
Location: Baghdad, Iraq;
Description: military checkpoint, A chlorine truck bomb;
Deaths: 1.
Date: 4/30/2007;
Location: Hit, Iraq;
Description: Chlorine tanker;
Deaths: 10.
Date: 5/9/2007;
Location: Irbil (Arbil), Iraq;
Description: Truck bombing;
Deaths: 15.
Date: 5/14/2007;
Location: Makhmour, Iraq;
Description: Truck bombing;
Deaths: 50.
Date: 5/15/2007;
Location: Diyala, Iraq;
Description: Truck bombing using a chlorine gas tank truck;
Deaths: 45.
Date: 5/18/2007;
Location: Cotabato City, Philippines;
Description: Bomb at bus terminal;
Deaths: 3.
Date: 5/20/2007;
Location: Ramadi, Iraq;
Description: Truck bomb with chlorine gas attacked a police checkpoint;
Deaths: 11.
Date: 5/24/2007;
Location: Colombo, Sri Lanka;
Description: Bus bombing;
Deaths: 1.
Date: 5/28/2007;
Location: Baghdad, Iraq;
Description: Truck bombing;
Deaths: 24.
Date: 6/5/2007;
Location: Fallujah, Iraq;
Description: Truck bombing;
Deaths: 18.
Date: 6/7/2007;
Location: Rabiyah, Iraq;
Description: Truck Bomb at Police headquarters;
Deaths: 9.
Date: 6/7/2007;
Location: Ramadi, Iraq;
Description: Truck Bomb at Police headquarters;
Deaths: 3.
Date: 6/7/2007;
Location: Abu Ghraib, Iraq;
Description: Truck bomb at Shiite mosque;
Deaths: 3.
Date: 6/8/2007;
Location: Qurnah, Iraq;
Description: Bus terminal bombing;
Deaths: 18.
Date: 6/10/2007;
Location: Albu-Ajeel , Iraq;
Description: Truck bombing;
Deaths: 9.
Date: 6/11/2007;
Location: Nairobi, Kenya;
Description: Bus stop bombing;
Deaths: 2.
Date: 6/15/2007;
Location: Bansalan, Philippines;
Description: Bus bombing;
Deaths: 9.
Date: 6/15/2007;
Location: Cotabato City, Philippines;
Description: Bus bombing;
Deaths: 0.
Date: 6/15/2007;
Location: Diyarbakir,Turkey;
Description: Bus station;
Deaths: 0.
Date: 6/17/2007;
Location: Kabul Afghanistan;
Description: Bus bombing;
Deaths: 35.
Date: 6/19/2007;
Location: Baghdad, Iraq;
Description: Truck bomb attacks a mosque;
Deaths: 78.
Date: 6/21/2007;
Location: Kirkuk, Iraq;
Description: Truck bombing;
Deaths: 13.
Date: 6/28/2007;
Location: Baghdad, Iraq;
Description: Car bombing of a bus station;
Deaths: 25.
Date: 7/1/2007;
Location: Ramadi, Iraq;
Description: Truck Bomb;
Deaths: 5.
Date: 7/7/2007;
Location: Armil, Iraq;
Description: Truck bombing;
Deaths: 150.
Date: 7/12/2007;
Location: Lakhdaria, Algeria;
Description: Algerian solders attacked;
Deaths: 8.
Date: 7/16/2007;
Location: Kirkuk, Iraq;
Description: Truck bombing;
Deaths: 85.
Date: 7/18/2007;
Location: Tacurong City, Philippines;
Description: Bus bombing;
Deaths: 0.
Date: 7/26/2007;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 3.
Date: 7/27/2007;
Location: Baghdad, Iraq;
Description: Truck bomb Karada market;
Deaths: 61.
Date: 8/4/2007;
Location: Peshawar, Pakistan;
Description: Car bombing of a bus station;
Deaths: 9.
Date: 8/14/2007;
Location: Qahtaniya, Iraq;
Description: Four truck bombs attack village;
Deaths: 500.
Date: 8/14/2007;
Location: Northern Baghdad, Iraq;
Description: Bridge attacked again;
Deaths: 10.
Date: 8/17/2007;
Location: Christchurch, New Zealand;
Description: Bus bombing;
Deaths: 0.
Date: 8/22/2007;
Location: Baiji, Iraq;
Description: Truck bombing;
Deaths: 50.
Date: 8/22/2007;
Location: Taji, Iraq;
Description: Truck bombing;
Deaths: 0.
Date: 8/22/2007;
Location: Baiji, Iraq;
Description: Police Station Bombing with Truck;
Deaths: 23.
Date: 8/26/2007;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 3.
Date: 9/1/2007;
Location: Afisyoone, Somalia;
Description: Bus bombing;
Deaths: 1.
Date: 9/5/2007;
Location: Baghdad, Iraq;
Description: Bomb at bus stop;
Deaths: 4.
Date: 9/5/2007;
Location: Rawalpindi, Pakistan;
Description: Army bus bombing;
Deaths: 24.
Date: 9/10/2007;
Location: Northern Iraq;
Description: Truck bombing;
Deaths: 10.
Date: 9/14/2007;
Location: Beiji, Iraq;
Description: Truck bombing of Police checkpoint;
Deaths: 4.
Date: 9/16/2007;
Location: Parwanipur, Nepal;
Description: Bus bombing;
Deaths: 1.
Date: 9/16/2007;
Location: Jaffna, Sri Lanka;
Description: Bus bombing;
Deaths: 2.
Date: 9/21/2007;
Location: Trincomalee, Sri Lanka;
Description: Bus bombing;
Deaths: 2.
Date: 9/24/2007;
Location: Tal Afar, Iraq;
Description: Truck bombing;
Deaths: 6.
Date: 9/29/2007;
Location: Kabul, Afghanistan;
Description: Military bus bombing;
Deaths: 30.
Date: 10/2/2007;
Location: Kabul, Afghanistan;
Description: Bus bombing;
Deaths: 13.
Date: 10/11/2007;
Location: Kirkuk, Iraq;
Description: truck bomb exploded at a market;
Deaths: 7.
Date: 10/16/2007;
Location: Mosul, Iraq;
Description: Truck bombing;
Deaths: 16.
Date: 10/19/2007;
Location: Karachi , Pakistan;
Description: Truck Bomb near Bhutto;
Deaths: 136.
Date: 10/20/2007;
Location: Dera Bugti, Pakistan;
Description: Bus bombing;
Deaths: 7.
Date: 10/23/2007;
Location: Mogadishu, Somalia;
Description: Bus bombing;
Deaths: 7.
Date: 10/25/2007;
Location: Mingora, Pakistan;
Description: Truck bombing;
Deaths: 20.
Date: 10/31/2007;
Location: Togliatti, Russia;
Description: Bus bombing;
Deaths: 8.
Date: 11/22/2007;
Location: North Ossetia and Kabardino-Balkaria, Russia [vicinity];
Description: Bus bombing;
Deaths: 5.
Date: 11/23/3007;
Location: Mosul, Iraq;
Description: Truck Bomb on bridge;
Deaths: 0.
Date: 11/24/2007;
Location: Rawalpindi, Pakistan;
Description: Bus bombing;
Deaths: 19.
Date: 12/5/2007;
Location: Baquba, Iraq;
Description: Bus station bombed;
Deaths: 5.
Date: 12/9/2007;
Location: Baghdad, Iraq;
Description: Truck bombing;
Deaths: 8.
Date: 12/9/2007;
Location: Algiers, Algeria;
Description: Bus bombing;
Deaths: 12.
Date: 12/9/2007;
Location: Nevinnomysk, Russia;
Description: School bus bombing;
Deaths: 2.
Date: 12/10/2007;
Location: Kamra, Pakistan;
Description: School bus bombing;
Deaths: 0.
Date: 12/11/2007;
Location: Algiers, Algeria;
Description: Multiple truck bombs;
Deaths: 37.
Date: 12/12/2007;
Location: Tambon Bang Khoo, Thailand;
Description: Bus bombing;
Deaths: 0.
Date: 12/17/2007;
Location: Mosul, Iraq;
Description: Truck bombing on dam;
Deaths: 1.
Date: 12/24/2007;
Location: Baghdad, Iraq;
Description: Bus bomb;
Deaths: 2.
Date: 12/25/2007;
Location: Baghdad, Iraq;
Description: Truck Bomb;
Deaths: 25.
Date: 1/2/2008;
Location: Colombo, Sri Lanka;
Description: Bus bombing;
Deaths: 4.
Date: 1/3/2008;
Location: Diyarbakir, Turkey;
Description: Bus bombing;
Deaths: 5.
Date: 1/16/2008;
Location: Buttala, Sri Lanka;
Description: Bus bombing;
Deaths: 23.
Date: 1/29/2008;
Location: Colombo, Sri Lanka;
Description: Bus bombing;
Deaths: 18.
Date: 2/1/2008;
Location: Kabul, Afghanistan;
Description: Bus bombing;
Deaths: 1.
Date: 2/2/2008;
Location: Dambulla, Sri Lanka;
Description: Bus bombing;
Deaths: 20.
Date: 2/3/2008;
Location: Mogadishu, Somali;
Description: Bus bombing;
Deaths: 5.
Date: 2/5/2008;
Location: Weli-Oya, Sri Lanka;
Description: Bus bombing;
Deaths: 13.
Date: 2/12/2008;
Location: Beirut, Lebonon;
Description: Truck bomb;
Deaths: 1.
Date: 2/22/2008;
Location: Pakistan;
Description: Truck bomb;
Deaths: 12.
Date: 2/24/2008;
Location: Colombo, Sri Lanka;
Description: Bus bombing;
Deaths: 0.
Date: 2/26/2008;
Location: Tall Afar, Iraq;
Description: Bus bombing;
Deaths: 8.
Date: 3/2/2008;
Location: Diyala, Iraq;
Description: Bus bombing;
Deaths: 5.
Date: 3/4/2008;
Location: Lahore, Pakistan;
Description: Truck bomb;
Deaths: 7.
Date: 3/11/2008;
Location: Nassiriya, Iraq;
Description: Bus bombing;
Deaths: 14.
Date: 3/12/2008;
Location: Between Basra and Nasiriya Iraq;
Description: Bus bombing;
Deaths: 16.
Date: 3/12/2008;
Location: Mosul, Iraq;
Description: Truck bomb;
Deaths: 0.
Date: 3/12/2008;
Location: Samarra, Iraq;
Description: Truck bomb;
Deaths: 3.
Date: 3/14/2008;
Location: Humera, Ethiopia;
Description: Bus bombing;
Deaths: 7.
Date: 3/24/2008;
Location: Pakistan/ Afghanistan border;
Description: Truck bomb;
Deaths: 0.
Date: 4/5/2008;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 3.
Date: 4/14/2008;
Location: Mosul, Iraq;
Description: Truck bomb;
Deaths: 12.
Date: 4/22/2008;
Location: Ramadi, Iraq;
Description: Truck bomb;
Deaths: 12.
Date: 4/25/2008;
Location: Piliyandala, Sri Lanka;
Description: Bus bombing;
Deaths: 23.
Date: 5/9/2008;
Location: Midsayap, North Cotabato;
Description: Bus bombing;
Deaths: 0.
Date: 5/15/2008;
Location: Legutiano, Spain;
Description: Truck bomb;
Deaths: 1.
Date: 5/22/2008;
Location: Erez crossing between Israel and the Gaza Strip;
Description: Truck bomb;
Deaths: 1.
Date: 5/28/2008;
Location: Farah province, Afghanistan;
Description: Bus bombing;
Deaths: 8.
Date: 6/5/2008;
Location: Baghdad, Iraq;
Description: Truck bomb;
Deaths: 15.
Date: 6/6/2008;
Location: Columbo, Sri Lanka;
Description: Bus bombing;
Deaths: 21.
Date: 6/11/2008;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 5.
Date: 6/13/2008;
Location: Kandahar, Afghanistan;
Description: Truck bomb;
Deaths: 9.
Date: 6/14/2008;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 2.
Date: 6/18/2008;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 63.
Date: 7/1/2008;
Location: Gayarah, Iraq;
Description: Truck bomb;
Deaths: 1.
Date: 7/21/2008;
Location: Kunming, China;
Description: Bus bombing;
Deaths: 2.
Date: 7/24/2008;
Location: Philippines;
Description: Bus bombing;
Deaths: 0.
Date: 7/25/2008;
Location: Bangalore, India;
Description: Bus bombing;
Deaths: 20.
Date: 8/3/2008;
Location: Baghdad, Iraq;
Description: Truck bomb;
Deaths: 12.
Date: 8/10/2008;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 4.
Date: 8/12/2008;
Location: Peshawar, Pakistan;
Description: Bus bombing;
Deaths: 13.
Date: 8/13/2008;
Location: Tripoli, Lebanon;
Description: Bus bombing;
Deaths: 18.
Date: 8/20/2008;
Location: Bouira, Algeria;
Description: Bus bombing;
Deaths: 12.
Date: 8/23/2008;
Location: Kandahar, Afghanistan;
Description: Bus bombing;
Deaths: 10.
Date: 8/28/2008;
Location: Bannu, Pakistan;
Description: Bus bombing;
Deaths: 8.
Date: 8/30/2008;
Location: Columbo, Sri Lanka;
Description: Bus bombing;
Deaths: 12.
Date: 9/1/2008;
Location: Manila, Philippines;
Description: Bus bombing;
Deaths: 6.
Date: 9/2/2008;
Location: Mosul, Iraq;
Description: Bus bombing;
Deaths: 4.
Date: 9/20/2008;
Location: Islamabad, Pakistan;
Description: Truck bomb;
Deaths: 60.
Date: 9/30/2008;
Location: Tripoli, Lebanon;
Description: Bus bombing;
Deaths: 5.
Date: 10/1/2008;
Location: Agartala, India;
Description: Bus bombing;
Deaths: 2.
Date: 10/20/2008;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 4.
Date: 10/29/2008;
Location: Hargeisa, Somalia;
Description: Truck bomb;
Deaths: 21.
Date: 11/2/2008;
Location: South Waziristan tribal region, Pakistan;
Description: Truck bomb;
Deaths: 8.
Date: 11/4/2008;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 11.
Date: 11/10/2008;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 28.
Date: 11/12/2008;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 12.
Date: 11/12/2008;
Location: Kandahar, Afghanistan;
Description: Truck bomb;
Deaths: 7.
Date: 11/24/2008;
Location: Baghdad, Iraq;
Description: Bus bombing;
Deaths: 11.
Date: 12/4/2008;
Location: Falluja, Iraq;
Description: Truck bomb;
Deaths: 13.
Date: 12/6/2008;
Location: Baghdad, Iraq;
Description: Truck bomb;
Deaths: 1.
Date: 12/15/2008;
Location: Khan Dhari, Iraq;
Description: Truck bomb;
Deaths: 9.
Date: 12/24/2008;
Location: Lahore, Pakistan;
Description: Truck bomb;
Deaths: 1.
Date: 12/28/2008;
Location: Afghanistan;
Description: Truck bomb;
Deaths: 14.
Source: GAO.
[End of table]
[End of section]
Appendix III: Commercial Vehicle Industry Trade Associations GAO
Contacted:
Table 4: Industry Associations GAO Interviewed Representing Commercial
Vehicles:
Association: American Bus Association (ABA);
Population represented: Membership includes all types of motor coach
services including scheduled, charter, shuttle, and commuter buses.
Association: American Chemistry Council (ACC);
Population represented: Companies engaged in the business of chemistry,
including the transportation of chemicals.
Association: American Federation of Labor and Congress of Industrial
Organizations (AFL-CIO);
Population represented: Commercial bus drivers and employees.
Association: American Trucking Associations (ATA);
Population represented: Trucking companies and affiliated state
trucking associations.
Association: Chlorine Institute (CI);
Population represented: Companies involved in the production,
distribution, and use of chlorine and related chemicals.
Association: International Brotherhood of Teamsters (IBT);
Population represented: Commercial truck drivers and warehousemen.
Association: National Private Truck Council (NPTC);
Population represented: Companies that operate truck fleets, but not as
a primary source of business, such as retail, food and beverage
companies.
Association: National Tank Truck Carriers (NTTC);
Population represented: Companies that specialize in the distribution
of bulk liquids, industrial gases, and dry products carried in bulk
cargo tankers.
Association: Owner-Operator Independent Drivers Association (OOIDA);
Population represented: Independent owner-operators and professional
drivers.
Association: Truck Manufacturers Association (TMA);
Population represented: Manufacturers of medium and heavy duty trucks.
Association: Truck Rental and Leasing Association (TRALA);
Population represented: Truck renting and leasing companies.
Association: United Motorcoach Association (UMA);
Population represented: Membership largely consists of small bus
companies offering charter services.
Source: GAO.
[End of table]
[End of section]
Appendix IV: DHS and DOT Commercial Vehicle Security Programs Designed
to Strengthen Commercial Vehicle Security:
In addition to Corporate Security Reviews, TSA and DHS have four key
programs designed to strengthen the security of the commercial vehicle
industry. DOT also has four programs underway to strengthen commercial
vehicle security and TSA and DOT are working collaboratively on several
projects for securing commercial vehicles. Each of these programs and
projects are discussed below.
DHS Security Programs:
Trucking Security Program: The Trucking Security Program (TSP) provides
grants that fund programs to train and support the members of the
commercial vehicle industry in how to detect and report security
threats, and how to avoid becoming a target for terrorist activity. TSP
is administered by the Federal Emergency Management Agency's Grant
Programs Directorate within DHS. As of May 2008, DHS has provided
nearly $78 million in TSP grants since 2003. Congress appropriated $16
million to fund this trucking security grant program for fiscal year
2008, and $8 million for fiscal year 2009. For fiscal years 2004-2008
the principal activity funded by the TSP was the American Trucking
Associations' Highway Watch program to improve security awareness in
the commercial vehicle industry. In May 2008, however, a new grantee,
the HMS Company of Alexandria, Virginia was selected.
Security Action Items (SAIs): TSA consulted with DOT and industry
stakeholders to develop SAIs, or voluntary security practices, intended
to improve security for trucks carrying security-sensitive hazardous
materials. TSA eventually plans to also develop SAIs for motor coaches
and school buses. According to TSA officials, the SAIs will allow TSA
to communicate the key elements of effective transportation security as
voluntary practices; TSA officials will use CSRs to gauge whether
voluntary practices are sufficient or if regulation is needed.
Hazardous Materials Driver Background Check Program: A Hazardous
Materials Endorsement (HME) authorizes an individual to transport
hazardous materials for commerce. The USA PATRIOT Act, enacted in
October 2001, prohibits states from issuing HMEs for a commercial
driver's license to applicants who have not successfully completed
background checks. In response, TSA implemented the hazardous materials
driver security threat assessment program which evaluates the hazardous
materials driver's criminal history, immigration status, mental
capacity, and connection with terrorism to determine whether that
driver poses a security risk.[Footnote 93]
Intercity Bus Security Grant Program: This DHS program distributes
grant money to eligible stakeholders to protect intercity bus systems
and the traveling public from terrorism. Current priorities focus on
enhanced security planning, passenger and baggage screening programs,
facility security enhancements, vehicle and driver protection, as well
as training and exercises. A total of $11.5 million was appropriated
for fiscal year 2008 and $12 million for fiscal year 2009. A total of
$11.5 million was appropriated for fiscal year 2008 and $12 million for
fiscal year 2009.[Footnote 94]
DOT Security Programs:
Security Plans and Training: DOT regulations require shippers and
carriers of certain hazardous materials to develop and implement
security plans. [Footnote 95] The regulations permit a company to
implement a security plan tailored to its specific circumstances and
operations. At a minimum, a security plan must address personnel,
access, and en route security. All shippers and carriers must also
ensure that employee training includes a security awareness component.
In response to an industry petition that certain hazardous materials
posing little or no security risk be removed from the list of hazardous
materials for which security plans are required, DOT is reevaluating
the security plan regulations.
Security Contact Reviews (SCRs): Through its SCRs, FMCSA conducts
compliance reviews of the security plans for hazardous materials
transport required by DOT hazardous materials regulations. FMCSA
conducts SCRs on all hazardous materials motor carriers that transport
placardable amounts of hazardous materials. As of September, 2008,
FMCSA had conducted 7,802 SCRs since the inception of the programs.
Hazardous Materials Safety Permit Program: Federal law directed FMCSA
to implement the hazardous materials permit program to produce a safe
and secure environment to transport certain types of hazardous
materials.[Footnote 96] The program requires certain motor carriers to
maintain a security program and establish a system of enroute
communication. This program uses the SCRs to collect data on motor
carrier ability to secure hazardous materials.
Sensitive Security Visits (SSVs): FMCSA conducts SSVs as educational
security discussions with motor carriers that carry small amounts of
hazardous materials that do not require posting hazardous materials
placards on their trucks. These visits discuss best practices for
hazardous materials transportation and provide informal suggestions for
improvement. As of September, 2008, FMCSA had conducted 13,411 SSVs
since the inception of the programs.
TSA and DOT Joint Security Programs:
TSA Missouri CSR Pilot: This pilot program conducts abbreviated CSRs of
trucking and motor coach companies using state inspectors. For more
details of the Missouri CSR program, see pages 26-31.
FMCSA and TSA Truck Tracking Security Pilots: FMCSA and TSA have
concluded hazardous materials truck-tracking pilots. FMCSA completed a
study of existing technologies in December 2004, evaluating wireless
communications systems, including global positioning satellite (GPS)
tracking and other technologies that allow companies to monitor the
location of their trucks and buses. TSA also tested tracking and
identification systems, theft detection and alert systems, motor
vehicle disabling systems, and systems to prevent unauthorized
operation of trucks and unauthorized access to their cargos. The 9/11
Commission Act mandated that the Secretary develop a tracking program
for motor carrier shipments of hazardous materials by February
2008.[Footnote 97] TSA officials reported that they worked with DOT to
meet this mandate and completed a program to facilitate truck tracking
on January 10, 2008.
Hazardous Materials Research Involving Security Initiatives: DOT and
DHS sponsor research on emerging technology that could potentially be
used to enhance the safety and security of hazardous materials
transportation. This research involves evaluation of potential truck-
disabling technologies, radiation detection devices, hazardous
materials routing, and software to assist in hazardous materials
incident response.
Additional Programs: DHS and TSA also have a number of smaller programs
to augment motor carrier security and programs in the planning stages.
TSA has several projects on screening applicants for Commercial Drivers
Licenses (CDLs) and Hazardous Materials Endorsements on CDLs. These
include the Universal CDL Vetting Project, which will assess the
feasibility of implementing watch list checks of 9 million commercial
driver records. Through the Rental Truck Vetting Operational Study and
Analysis, TSA is assessing technologies to screen rental truck
customers against the DHS and FBI Watch List. To address the lack of
security-related domain awareness, TSA and DHS also have developed
several projects: Federal Law Enforcement Training Center (FLETC)
Roadside Law Enforcement Transportation Security Awareness, and the
Hazmat Motor Carrier Security Self-Assessment Training Project which
distributed security self-assessment training on CDs to approximately
75,000 hazardous materials motor carriers and shippers. Through the
Commercial Truck Insurance Initiative, TSA is coordinating with
insurance companies to develop methods and measures to provide
companies incentives to improve security.
[End of section]
Appendix V: DOT Data on the Commercial Vehicle Industry:
DOT maintains data on carriers and commercial vehicles registered with
DOT. However, the data on intrastate operations is incomplete and
unreliable because FMCSA does not have authority to regulate intrastate
operations that are not involved in the transport of hazardous
materials. Firms that operate exclusively within a single state do not
have to register with DOT unless they are in the 25 states that require
all commercial vehicles to register with DOT, or transport hazardous
materials. This means that DOT does not have data on approximately half
the nation's intrastate carriers. Second, firms frequently do not keep
their registrations current, and as a result the currency and accuracy
of DOT's records are not assured and many of its registrations are
inactive. "Inactive" means that carriers had no inspections, crashes,
enforcement actions, compliance reviews, safety audits, or registration
applications with DOT for 3 years. DOT does not know which firms have
gone out of business and which have simply failed to maintain their
registrations. These incomplete data on the population of commercial
vehicle firms will present some additional challenges to TSA for
conducting a truly representative sample of industry assessments.
Table 5: DOT Commercial Vehicle Industry Data on Active and Inactive
Registrants:
Commercial vehicle industry: Truck motor carriers;
Interstate operation: Total: 654,666;
Interstate operation: Active: 479,120;
Interstate operation: Inactive[B]: 175,546;
Intrastate operation[A]: Total: 360,489;
Intrastate operation[A]: Active: 240,726;
Intrastate operation[A]: Inactive: 119,763;
Total operation: Total: 1,015,155;
Total operation: Active: 719,846;
Total operation: Inactive: 295,309.
Commercial vehicle industry: Motor coach carriers;
Interstate operation: Total: 3,792;
Interstate operation: Active: 3,686;
Interstate operation: Inactive[B]: 106;
Intrastate operation[A]: Total: 156;
Intrastate operation[A]: Active: 146;
Intrastate operation[A]: Inactive: 10;
Total operation: Total: 3,948;
Total operation: Active: 3,832;
Total operation: Inactive: 116.
Commercial vehicle industry: Trucks;
Interstate operation: Total: 9,618,035;
Interstate operation: Active: 8,455,301;
Interstate operation: Inactive[B]: 1,162,734;
Intrastate operation[A]: Total: 2,281,035;
Intrastate operation[A]: Active: 1,622,392;
Intrastate operation[A]: Inactive: 658,643;
Total operation: Total: 11,899,070;
Total operation: Active: 10,077,693;
Total operation: Inactive: 1,821,377.
Commercial vehicle industry: Motor coaches;
Interstate operation: Total: 59,785;
Interstate operation: Active: 47,629;
Interstate operation: Inactive[B]: 12,156;
Intrastate operation[A]: Total: 15,500;
Intrastate operation[A]: Active: 13,241;
Intrastate operation[A]: Inactive: 2,259;
Total operation: Total: 75,285;
Total operation: Active: 60,870;
Total operation: Inactive: 14,415.
Commercial vehicle industry: Drivers;
Interstate operation: Total: 5,200,215;
Interstate operation: Active: 4,647,922;
Interstate operation: Inactive[B]: 552,293;
Intrastate operation[A]: Total: 2,214,881;
Intrastate operation[A]: Active: 1,789,207;
Intrastate operation[A]: Inactive: 425,674;
Total operation: Total: 7,415,096;
Total operation: Active: 6,437,129;
Total operation: Inactive: 977,967.
Source: GAO analysis of DOT Motor Carrier Management Information System
(MCMIS) and License and & Insurance (L&I) data as of August 22, 2008.
[A] Intrastate carriers operate only within a single state.
[B] "Inactive" means that carriers have had no inspections, crashes,
enforcement actions, compliance reviews, safety audits, or MCS-150
filings with DOT for 3 years. DOT does not know which inactive firms
have gone out of business and which have simply failed to maintain
their registrations.
[End of table]
Table 6: Summary of Interstate and Intrastate Hazardous Materials
(HAZMAT) Carriers:
Total number of truck motor carriers;
Interstate hazardous materials operation: Total: 44,028;
Interstate hazardous materials operation: Active: 34,660;
Interstate hazardous materials operation: Inactive[B]: 9,368;
Intrastate hazardous materials operation[A]: Total: 16,654;
Intrastate hazardous materials operation[A]: Active: 12,007;
Intrastate hazardous materials operation[A]: Inactive: 4,647;
Interstate & intrastate hazardous materials operations: Total: 60,682;
Interstate & intrastate hazardous materials operations: Active: 46,667;
Interstate & intrastate hazardous materials operations: Inactive:
14,015.
: Total number of trucks;
Interstate hazardous materials operation: Total: 3,677,169;
Interstate hazardous materials operation: Active: 3,470,221;
Interstate hazardous materials operation: Inactive[B]: 206,948;
Intrastate hazardous materials operation[A]: Total: 180,559;
Intrastate hazardous materials operation[A]: Active: 159,427;
Intrastate hazardous materials operation[A]: Inactive: 21,132;
Interstate & intrastate hazardous materials operations: Total:
3,857,728;
Interstate & intrastate hazardous materials operations: Active:
3,629,648;
Interstate & intrastate hazardous materials operations: Inactive:
228,080.
: Total number of drivers;
Interstate hazardous materials operation: Total: 1,642,460;
Interstate hazardous materials operation: Active: 1,560,586;
Interstate hazardous materials operation: Inactive[B]: 81,874;
Intrastate hazardous materials operation[A]: Total: 137,584;
Intrastate hazardous materials operation[A]: Active: 121,266;
Intrastate hazardous materials operation[A]: Inactive: 16,318;
Interstate & intrastate hazardous materials operations: Total:
1,780,044;
Interstate & intrastate hazardous materials operations: Active:
1,681,852;
Interstate & intrastate hazardous materials operations: Inactive:
98,192.
Source: GAO analysis of DOT Motor Carrier Management Information System
(MCMIS) and License and & Insurance (L&I) data as of August 22, 2008.
[A] Intrastate carriers operate only within a single state.
[B] "Inactive" means that carriers have had no inspections, crashes,
enforcement actions, compliance reviews, safety audits, or MCS-150
filings with DOT for 3 years. DOT does not know which inactive firms
have gone out of business and which have simply failed to maintain
their registrations.
[End of table]
[End of section]
Appendix VI Highway and Motor Carrier GCC Membership List:
The following are member organizations of the Highway GCC:
Transportation Security Administration:
Federal Motor Carrier Safety Administration:
Federal Highway Administration:
National Highway Traffic Safety Administration:
Pipeline and Hazardous Materials Safety Administration:
Department of Defense:
Department of Energy:
Nuclear Regulatory Commission:
DHS Customs and Border Protection:
DHS Office of Infrastructure Protection:
DHS Homeland Infrastructure Threat and Risk Analysis Center:
DHS National Preparedness Directorate:
DHS Office for State and Local Government Coordination:
American Association of State Highway Transportation Officials:
Commercial Vehicle Safety Alliance:
American Association of Motor Vehicle Administrators:
International Association of Chiefs of Police:
National Sheriffs' Association:
Federal Bureau of Investigation:
[End of section]
Appendix VII: Comments from the Department of Homeland Security:
U.S. Department of Homeland Security:
Washington, DC 20528:
Homeland Security:
February 6, 2009:
Ms. Cathleen A. Berrick:
Director, Homeland Security and Justice Issues:
U.S. Government Accountability Office:
441 G Street, NW:
Washington, DC 20548:
Dear Ms. Berrick:
RE: Draft Report GAO-09-85, Commercial Vehicle Security: Risk-Based
Approach Needed to Secure the Commercial Vehicle Sector (GAO Job Code
440538)
The Department of Homeland Security (Department) appreciates the
opportunity to review and comment on the draft report referenced above.
The Department, specifically the Transportation Security Administration
(TSA), agrees with the four recommendations. We value the U.S.
Government Accountability Office's (GAO's) extensive review of TSA's
progress in addressing commercial vehicle security needs.
Progress continues to be made in several commercial vehicle security
programs referenced in the report as noted below.
Risk Assessments:
TSA is conducting separate risk assessments of highway components. TSA
examines potential indicators of terrorist activity including the
capabilities and intent of terrorists. This examination involves
searching open source information along with a careful and thorough
examination of classified information.
In accordance with the provisions of the "Implementing Recommendations
of the 9/11 Commission Act of 2007" (9/11 Act), TSA is conducting risk
assessments on school bus transportation and commercial vehicle
security, including general freight trucking, hazardous materials
trucking, and bulk food transportation trucking. These risk assessments
are expected to be completed by February 2009 and May 2009,
respectively. In addition to the above, TSA is also conducting risk
assessments on motor coach transportation, port and trucking interface,
and highway infrastructure.
TSA is actively working on the truck security assessment required under
section 1540 of the 9/11 Act and as required will develop a
comprehensive report which will include [hyperlink, http://www.dbs.gov]
assessments of (1) actions already taken by private and public entities
to address security risks, (2) economic impacts of security upgrades of
trucks, (3) ongoing research by public and private entities, and (4)
the current status of secure truck parking.
TSA/U.S. Department of Transportation Memorandum of Understanding:
TSA and the U.S. Department of Transportation (USDOT) have signed an
overarching Memorandum of Understanding (MOU) for commercial vehicle
security. TSA and the Federal Motor Carrier Safety Administration
(FMCSA) have exhaustively discussed common programs and shared
approaches to the variety of security programs needed. Many of those
shared programs have become key cooperative elements in the
Transportation Systems Sector-Specific Plan (TSSSP). Both agencies
agreed during TSSSP discussions to incorporate TSSSP program agreements
into MOU formats. That final step was completed when the MOU was signed
by FMCSA and TSA on October 22, 2008.
Corporate Security Reviews:
Since the review by GAO, TSA has enlisted several additional states to
conduct Corporate Security Reviews (CSR). Colorado and Michigan state
commercial vehicle safety enforcement officers have been trained and
have been performing CSRs over the past several months. The State of
Arkansas will participate and the state commercial vehicle safety
enforcement officers will receive training in June of 2009. TSA's
Highway and Motor Carrier Division also is in the process of training
150 TSA Surface Transportation Security Inspectors (STSI) throughout
the United States to conduct CSRs. Training has been conducted in
Dallas, Washington, D.C., and Los Angeles to date, and additional
training is scheduled for Philadelphia, Seattle and Chicago.
As of December 2008, TSA has conducted 153 CSRs, encompassing 102 CSRs
of motor carriers (15 motor coach companies, 20 school bus
companies/districts, and 67 trucking companies). TSA has conducted 46
CSRs of state DOTs, including 3 revisits to previously reviewed states,
and 5 CSRs of infrastructure facilities.
TSA is launching a voluntary program to measure the security
preparedness of the hazardous materials trucking industry. TSA is
utilizing its STSI force to conduct CSR visits. TSA will select a
statistically valid sample of motor carriers transporting hazardous
materials to request that they voluntarily participate in a CSR. This
will allow TSA to measure the current level of preparedness for
terrorist incidents involving trucks transporting hazardous materials.
TSA plans to conduct annual CSRs on a recurring basis to determine
whether the trucking industry is following current security regulations
as well as voluntary Security Action Items (SATs) established by TSA.
TSA's mission includes ensuring the secure movement of people, goods,
and services for those using highways, roads, intermodal terminals,
bridges, and tunnels. This includes all aspects of the transport of
persons and cargo by commercial and non-commercial buses, trucks, and
school buses. Although the report analyzes TSA's efforts to secure the 3
"commercial" motor carrier community, TSA's responsibility to address
large vehicles capable of delivering terrorist weapons of extraordinary
destructive force extends well beyond the "for hire" motor carriers who
fall under the jurisdiction of other federal transportation regulators.
TSA must also ensure that the security of private motor carriers and
those who may not operate in interstate commerce are addressed as well.
Highway security is a huge task.
Implementation of Recommendations:
The recommendations provide TSA with a useful analysis of TSA's current
approach regarding commercial vehicle security, recognition of progress
to date, and additional guidance for success. TSA is accomplishing much
of what GAO recommends and is formulating additional plans to fulfill
the recommendations.
Recommendation 1: The Assistant Secretary for the TSA establish a plan
and a timeframe for completing risk assessments of the commercial
vehicle sector, and use this information to support future updates to
the Transportation Sector Strategic Plan, including:
* to the extent feasible, conduct assessments that include information
about the likelihood of a terrorist attack method on a particular
asset, system or network as required by the National Infrastructure
Protection Plan;
* conducting a vulnerability assessment of the commercial vehicle
sector, including:
- assessing the scope and method of assessments required to gauge the
sector's vulnerabilities;
- considering the findings and recommendations of [the] Missouri pilot
evaluation report to strengthen future Corporate Security Reviews; and
- enhancing direct coordination with state governments to expand the
TSA's field inspection CSR capacities;
* conducting consequence assessments of the commercial vehicle sector,
or develop alternative strategies to assess potential consequences of
attacks, such as coordinating with other Sector Specific Agencies to
leverage their consequence assessment efforts.
Response:
TSA is actively conducting risk assessments of the major components of
the commercial vehicle sector. This includes assessments of the
trucking industry (general trucking, hazardous materials trucking, and
segments of bulk food trucking) and school buses as required under the
9/11 Act. TSA is also conducting risk assessments of the motor coach
industry, highway infrastructure, and the interface of the domestic
trucking industry with U.S. ports. These assessments will examine
specific scenarios involving individual 4
components of the commercial vehicle sector and will include
information on the likelihood of a terrorist attack method on an asset,
system, or network. TSA also is committed to a cross comparison of the
risk analysis for all of these elements of the commercial vehicle
sector. TSA's goal is to complete these risk assessments in the
following timeframes:
Highway Sector: School Bus;
Date: February 2009.
Highway Sector: Trucking;
Date: May 2009.
Highway Sector: Motor Coach;
Date: May 2009.
Highway Sector: Highway Infrastructure;
Date: July 2009.
Highway Sector: Trucking-Port Interface;
Date: July 2009.
Highway Sector: Cross Comparison of Highway/Motor Carrier Risks;
Date: October 2009.
In developing the risk assessments, TSA relies upon federal and state
government subject matter experts and specific private sector
stakeholders to identify potential vulnerabilities that may make the
structure susceptible to terrorist attacks. This takes place through
the framework of scenarios that carefully identify specific elements
such as attack mode, attack type, and access to target. When
appropriate, TSA will consult with Sector Specific Agencies.
TSA also examines consequence information based on the scenarios that
have been developed. TSA relies upon public and private sector subject
matter experts to identify potential consequences and draws upon data
from the Department of Transportation's Federal Motor Carrier Safety
Administration, Federal Highway Administration, and Pipeline and
Hazardous Materials Safety Administration; the Federal Bureau of
Investigation; and the Bureau of Alcohol, Tobacco, Firearms, and
Explosives. TSA experts in risk analysis and explosives also provide
information on consequences. TSA will continue using this methodology
to identify the potential consequences of terrorist actions on
transportation and, when appropriate, will consult with Sector Specific
Agencies.
As previously noted, in addition to working with the State of Missouri,
TSA has worked with the states of Colorado and Michigan to set up CSR
programs. TSA has provided extensive training to these states in
conducting and reporting on CSRs. TSA also is launching a voluntary
program to measure security preparedness in the hazardous materials
trucking industry. TSA is training its Federal Security Director staffs
and Surface Transportation Security Inspectors to conduct CSRs. Using
these field resources, TSA will select a statistically valid sample of
motor carriers transporting hazardous materials and request they each
voluntarily participate in a CSR. This will allow TSA to clearly
measure the current level of preparedness for terrorist incidents
involving trucks transporting hazardous materials. TSA plans to conduct
CSRs annually to assess changes in preparedness in the hazardous
materials trucking industry.
Recommendation 2: In future updates to the Highway Infrastructure and
Motor Carrier Annex to the Transportation Sector Security Plan, the
Assistant Secretary for the TSA should clarify the basis for the
agency's security strategy of focusing on the transportation of
hazardous materials, the relative risk of vehicle borne improvised
explosive devices to the sector, and, based on the relative risk of
these threats, any risk mitigation activities that will be implemented
to address them.
Response:
As TSA develops future updates to the Transportation Systems Sector
Specific Plan Highway Infrastructure and Motor Carrier Annex, it
intends to include risk-based clarification of the security strategies.
Although for the past two years TSA has primarily focused on the
transportation of hazardous materials, ongoing industry risk
assessments and regulatory efforts may shift the current strategies,
and communicating these strategies in the annex to all stakeholders
will be critical to successful implementation of the TSSSP. TSA
anticipates that the updated Highway Infrastructure and Motor Carrier
Annex to the TSSSP will better enable the communication of the security
strategies, including the risks and associated mitigation efforts,
stakeholder roles and responsibilities.
Recommendation 3: The Assistant Secretary of the TSA develop outcome-
based performance measures, to the extent possible, to assess the
effectiveness of federal programs to enhance the security of the
commercial vehicle sector.
Response:
TSA recognizes the importance of establishing outcome-based performance
measures for any and all programs developed and implemented to
strengthen security. Within the highway mode, TSA's Hazardous Materials
(HAZMAT) Endorsement Threat Assessment Program requires that security
threat assessments be completed on commercial drivers requesting a
HAZMAT endorsement for their commercial drivers license (CDL). The
outcome-based measure for this program is directly correlated to the
number of HAZMAT endorsements approved in relation to the total CDL
population. The majority of the other highway modal security efforts
within TSA have been establishing baseline voluntary guidelines and
training tools as well as industry risk assessments. It is premature to
use outcome-based measures on these new and voluntary efforts, thus
output measurements were and are being used. As the regulations from
the 9/11 Act are completed and finalized, the resulting programs will
have outcome based measures. One example of TSA's efforts to establish
baseline and follow-on measurements is in the CSR initiative. TSA is
creating a database to compile the results of statistically valid CSR
visits which are being conducted nationwide on hazardous materials
motor carriers beginning in 2009. TSA will conduct these CSRs annually
to measure changes in industry security against a potential terrorist
event targeting the hazardous materials highway transportation
component.
Recommendation 4: The Assistant Secretary for the TSA establish a
process to strengthen coordination with the commercial vehicle
industry, including ensuring that roles and responsibilities of
industry and government are fully defined and clearly communicated; new
approaches to enhance communication are considered; and monitoring and
assessing the effectiveness of its coordination efforts.
Response:
Recognizing the importance of having and maintaining strong working
relationships with both industry and other government agencies, and
working through the Government Coordinating Council/Sector Coordinating
Councils (GCC/SCC) security partnership framework established in the
National Infrastructure Protection Plan (NIPP), TSA has established an
industry/government coordination process that continues to mature and
develop. TSA recognizes the need to specifically define roles and
responsibilities with all highway security stakeholders, including
industry and federal, state, local, and tribal governments. The
appropriate place for defining roles and responsibilities as well as
communications methods and measurement efforts is in the TSSSP modal
annex. TSA will include a "roles and responsibilities" section and a
"communications" section during the TSSSP rewrite in 2009. In terms of
monitoring and assessing the effectiveness of the coordination efforts,
TSA continues to build security partnerships under the newly defined
GCC/SCC organizations as established in the NIPP and TSSSP. As the
coordination efforts under these strategic plans are only 17 months
old, the measuring and assessing processes are also new and continue to
be refined so as to improve the coordination and communications efforts
to be the most effective and efficient possible.
Sincerely,
Signed by:
Jerald E. Levine:
Director:
Departmental GAO/OIG Liaison Office:
[End of section]
Appendix VIII: GAO Contact and Staff Acknowledgments:
GAO Contact:
Cathleen A. Berrick (202) 512-3404 or berrickc@gao.gov:
Acknowledgments:
Glenn Davis and Robert White, Assistant Directors, and Dan Rodriguez
and Jason Schwartz, Analysts-in-Charge worked with Cathleen Berrick to
manage this assignment. Gary Malavenda made significant contributions
to many aspects of the work. Tracey King provided legal and regulatory
support. Shamia Woods analyzed federal, state, and industry actions.
Jennifer Cooper analyzed TSA's cooperation efforts. Elizabeth Curda
provided assistance on performance measurement and collaboration. Anish
Bhatt and Joanna Berry helped in the design, methodology, and pilot
test of the incidents of bus and truck bombings. Colleen Candrl helped
in the design and conducted the searches on the incidents of bus and
truck bombings. Evan Gilman, Virginia Chanley, and Anna Maria Ortiz
provided additional design and methodological support.
[End of section]
Footnotes:
[1] Intracity buses and rail are part of urban mass transit systems. We
are currently conducting a separate review of mass transit and
passenger rail security and plan to report on the results in early
2009.
[2] Transportation sectors are also referred to as modes of
transportation.
[3] Pub. L. No. 108-458, § 4001(a), 118 Stat. 3638, 3710 (2004).
[4] On December 17, 2003, President Bush issued HSPD-7 addressing
critical infrastructure identification, prioritization, and protection.
[5] GAO, Results-Oriented Government: Practices That Can Help Enhance
and Sustain Collaboration among Federal Agencies, [hyperlink,
http://www.gao.gov/products/GAO-06-15] (Washington, D.C.: October
2005).
[6] See [hyperlink, http://www.gao.gov/products/GAO-06-15].
[7] In 2007, 1865 of 2072 truck bombing deaths were in Iraq.
[8] There have also been shootings and kidnappings of drivers.
[9] Pub. L. No. 107-71, § 101(a), 115 Stat. 597, 597 (2001).
[10] Pub. L. No. 107-296, 116 Stat. 2135 (2002).
[11] See Pub. L. No. 110-53, § 1310, 121 Stat. 266, 400 (2007); Pub. L.
No. 107-71, 115 Stat. 597 (2001); HSPD-7; Exec. Order No. 13,416, 71
Fed. Reg. 71,033 (Dec. 5, 2006).
[12] 49 U.S.C. § 5103.
[13] Pub. L. No. 107-296, § 1711, 116 Stat. 2135, 2319-20 (2002)
(codified at 49 U.S.C. § 5103).
[14] Pub. L. No. 110-53, § 1541, 121 Stat. 266, 469 (2007) (codified at
6 U.S.C. § 1186).
[15] Some of these inspections are funded through FMCSA's Motor Carrier
State Assistance Program (MCSAP), which provides financial assistance
to certain state and local jurisdictions. This assistance may be used
to conduct compliance reviews of state safety regulations. MCSAP is a
federal grant program administered by FMCSA that provides financial
assistance to states to reduce the number and severity of crashes and
hazardous materials incidents involving commercial motor vehicles.
[16] Pub. L. No. 107-71, 115 Stat. 597 (2001).
[17] 49 U.S.C. § 5103a(a)(1).
[18] 49 C.F.R. pt. 1572.
[19] The report must also include an assessment of the economic impact
that security upgrades of trucks, truck equipment, or truck facilities
may have on the trucking industry and its employees, including
independent owner-operators; an assessment of ongoing research by
public and private entities and the need for additional research on
truck security; and an assessment of the current status of secure truck
parking. Pub. L. No. 110-53, § 1540, 121 Stat. 266, 468 (2007).
[20] Id. at § 1554, 121 Stat. at 473 (codified at 6 U.S.C. § 1204).
[21] Id. at § 1531, 121 Stat. at 454-57 (codified at 6 U.S.C. § 1181).
[22] Id. at § 1534, 121 Stat. at 461-62 (codified at 6 U.S.C. § 1184);
id. at § 1533, 121 Stat. at 460-61 (codified at 6 U.S.C. § 1183).
[23] Id. at § 1553, 121 Stat. at 472 (2007) (codified at 6 U.S.C. §
1203).
[24] 49 C.F.R. §§ 172.700-172.804.
[25] Specifically, the subset of hazardous materials requiring security
plans includes: (1) a highway route-controlled quantity of a Class 7
(radioactive) material; (2) more than 25 kg (55 lbs) of a Division 1.1
(explosive with a mass explosion hazard), 1.2 (explosive with a
projection hazard), or 1.3 (explosive with predominately a fire hazard
material); (3) more than 1 L (1.06 qt) per package of a toxic by
inhalation (TIH) material of a specified concentration level; (4) a
shipment of hazardous materials in bulk packaging having a capacity of
13,248 L (3,500 gallons) or more for liquids or gases or more than
13.24 cubic meters (468 cubic feet) for solids; (5) a shipment in other
than bulk packaging of 2,268 kg (5,000 lbs) gross weight or more of one
class of hazardous materials for which placarding is required; (6) a
select agent or toxin regulated by the Centers for Disease Control and
Prevention; and (7) a quantity of hazardous materials that requires
placarding. 49 C.F.R. § 172.800.
[26] The component to which surface transportation grant funding has
been appropriated has changed over time, due largely to DHS
restructuring. TSA distributed the transportation security grants until
fiscal year 2005, when the DHS Office for State and Local Government
Coordination and Preparedness assumed responsibility for issuing and
administering the grants. During fiscal year 2008, the grant funding
was appropriated to FEMA, which is currently responsible for
distributing the grants.
[27] As of May 2008, TSA HMC had 17 staff including two personnel in
the risk assessment (TVC) branch, five in trucking, four for licensing
and infrastructure, and three for policy, plans and stakeholder
coordination. HMC had two staff vacancies.
[28] Industry shares are by tonnage.
[29] DOT data on carriers are as of August 2008.
[30] Federal hazardous transportation law defines a hazardous material
as a substance or material that the Secretary of Transportation has
determined is capable of posing an unreasonable risk to health and
safety or property when transported in commerce. 49 U.S.C. § 5103. It
includes a variety of substances such as explosive or radioactive
material and toxic materials such as anhydrous ammonia, sulfuric acid,
or chlorine.
[31] The hazard class of dangerous goods is indicated either by its
class (or division) number or name. Most classes also are further
broken out into subsidiary hazard classes. Placards are used to
identify the class or division of a material to first responders. Class
1 are explosives which are further subdivided into explosives with a
hazard of mass explosion, projection, fire, etc; Class 2 are flammable,
nonflammable and nontoxic gases, and toxic gases; Class 3 are flammable
liquids and combustible liquids such as gasoline; Class 4 are flammable
solids, spontaneously combustible materials, and water- reactive,
dangerous-when-wet materials; Class 5 are oxidizing substances and
organic peroxides; Class 6 include toxic or poisonous substances such
as TIH and infectious substances; Class 7 are radioactive materials,
Class 8 are corrosive substances; and class 9 are miscellaneous
hazardous materials, products, substances, or organisms.
[32] Toxic Inhalation Hazards are a gas or volatile liquid which is
known to be so toxic to humans as to pose a hazard to health during
transportation, or in the absence of adequate data on human toxicity,
is presumed to be toxic to humans based on tests on laboratory animals.
[33] Volpe National Transportation Systems Center, Security Enhancement
Study for the U.S. Motorcoach Industry. (Cambridge, Mass.: May 2003).
[34] DHS serves as the sector-specific agency for 11 of the 18 sectors:
information technology; communications; transportation systems;
chemical; emergency services; nuclear reactors, material, and waste;
postal and shipping; dams; government facilities; critical
manufacturing and commercial facilities. Other sector-specific agencies
are the Departments of Agriculture, Defense, Energy, Health and Human
Services, Interior, Treasury, and the Environmental Protection Agency.
See GAO, Critical Infrastructure Protection: Sector Plans and Sector
Councils Continue to Improve, GAO-07-706R (Washington, D.C.: July 10,
2007).
[35] See GAO, Standards for Internal Control in the Federal Government
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]
(Washington, D.C.: November 1999) pp. 21-22.
[36] The NIPP defines threat as: The likelihood that a particular
asset, system, or network will suffer an attack or an incident. In the
context of risk from terrorist attack, the estimate of this is based on
the analysis of the intent and the capability of an adversary; in the
context of natural disaster or accident, the likelihood is based on the
probability of occurrence.
[37] Motor carriers include commercial vehicles and school buses.
[38] TSA officials also stated that the Aviation Domain Risk Assessment
(ADRA) developed in response to HSPD-16 was a more comprehensive risk
assessment of the aviation industry, with 117 scenario-based risk
assessments with likelihood estimates. We were not provided the
opportunity to review the NTSRA or the ADRA before completing our work,
and we could not assess their validity.
[39] This is the most recent information provided by TSA. The agency
has also conducted 44 CSRs on state DOTs and 6 bridge and tunnel
authorities.
[40] The draft best practices are called the Uniform Security Template.
In addition, specific voluntary best practices for hazardous materials
carriers, called Strategic Action Items, were developed.
[41] Through an earlier contract with the American Bus Association, TSA
developed and released a list of recommended security practices for
motor coach operators in October 2005.
[42] This program is generally referred to as the MCSAP.
[43] FMCSA decides which motor carriers to review for compliance with
its safety regulations primarily by using an algorithm called SafeStat
to identify high-risk carriers. GAO analyzed two alternative approaches
to better identify commercial carriers that pose high crash risks: GAO,
Motor Carrier Safety: A Statistical Approach Will Better Identify
Commercial Carriers That Pose High Crash Risks Than Does the Current
Federal Approach, [hyperlink, http://www.gao.gov/products/GAO-07-585]
(Washington, D.C.: June 11, 2007); and Motor Carrier Safety: Federal
Safety Agency Identifies Many High-Risk Carriers but Does Not Assess
Maximum Fines as Often as Required by Law, [hyperlink,
http://www.gao.gov/products/GAO-07-584] (Washington, D.C.: Aug. 28,
2007). All new firms registering with DOT are also subject to these
safety inspections.
[44] The report also noted difficulties throughout the CSR data
collection process, from questionnaire design through analysis and
reporting. For example, because the Missouri CSRs did not identify
carriers delivering different types of cargo on the questionnaire, the
contractor lacked a formal mechanism for selection of hazardous
material transport companies for review, and it is likely that the 14
hazardous materials carriers identified do not represent the full set
of hazardous materials carriers among the 1251 cases studied.
[45] Monitoring of internal control should include policies and
procedures for ensuring that the findings of audits and other reviews
are promptly resolved. Managers are to (1) promptly evaluate findings
from audits and other reviews, including those showing deficiencies and
recommendations reported by auditors and others who evaluate agencies'
operations; (2) determine proper actions in response to findings and
recommendations from audits and reviews; and (3) complete, within
established time frames, all actions that correct or otherwise resolve
the matters brought to management's attention. See GAO, Standards for
Internal Control in the Federal Government, [hyperlink,
http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.:
November 1999) pp. 21-22.
[46] TSA Federal Security Directors (FSDs) are the ranking TSA
authorities responsible for the leadership and coordination of TSA
security activities at commercial airports regulated by TSA.
[47] Going forward, TSA reported that it will identify CSR targets
based on risk factors including the safety records of commercial motor
carriers, business factors, data on theft, and a focus on select
hazardous materials such as toxic inhalation hazards. TSA could not
provide documentation that it had validated this approach and that
these factors were valid indicators of likely levels of security
practices. TSA contracted with Oak Ridge National Laboratory to develop
a risk-based CSR selection procedure, but this report has not been
finalized.
[48] TSA also had acquired an Argonne National Laboratory report that
provides additional predictive information that expands on the
Protective Action Distances for Toxic Inhalation Hazard incidents
provided in the Emergency Response Guidebook: David F. Brown, Safe
Distance Estimates for Selected Toxic-by-Inhalation Materials, Argonne
National Laboratory (Argonne, Ill.: 2003). TSA has also consulted the
Defense Threat Reduction Agency on specific scenarios.
[49] Security self-assessments could provide additional data on
industry vulnerabilities, and TSA developed Web-based security self-
assessment training for hazmat motor carriers and shippers.
[50] In September 2008 TSA officials stated that the contractor was
conducting 80 to 100 scenarios using industry experts for the highway
and motor carrier sector. TSA stated that these scenarios would cover
general freight, transportation of food commodities and hazardous
materials, IEDs, and VBIEDs.
[51] For example, a full analysis of vulnerability, the likelihood of
an attack succeeding, includes assessing how well potential targets
have mitigated risks. Accordingly, the 9/11 Commission Act also
mandated that TSA complete and report an assessment of actions already
taken by both public and private entities to address identified
security risks to the trucking industry. Scenarios alone cannot assess
the incidence and quality of mitigation efforts. Without a
comprehensive CSR program, or a survey of private sector actions, TSA
will not be able to methodically assess private security activity.
[52] See GAO, Information Sharing Environment: Definition of the
Results to Be Achieved in Improving Terrorism-Related Information
Sharing Is Needed to Guide Implementation and Assess Progress,
[hyperlink, http://www.gao.gov/products/GAO-08-492] (Washington, D.C.:
June 25, 2008), p. 13.
[53] The Trucking Security Program (TSP) provides grants that fund
programs to train and support the members of the commercial vehicle
industry in how to detect and report security threats, and how to avoid
becoming a target for terrorist activity. The 9/11 Commission Act
required the DHS Inspector General to prepare an initial report on the
Trucking Security Program, which was issued in October 2007 and
described the announcement, application, receipt, review, award, and
monitoring processes, and summarized the expenditures related to fiscal
year 2004 and 2005 grants. Office of the Inspector General, Department
of Homeland Security, Administration of the Federal Trucking Industry
Security Grant Program for FY 2004 and FY 2005, OIG-08-08 (Washington,
D.C.: Oct. 29, 2007). The 9/11 Commission Act also required the DHS
Inspector General to prepare a report by August 2008 that analyzes the
performance, efficiency, and effectiveness of the trucking security
grant program. Pub. L. No. 110-53, § 1542, 121 Stat. 266, 469 (2007).
[54] In addition, the Transportation Sector Annual Report notes that
the DHS Science and Technology Explosives Division and is working on
improving existing explosive detection methods and technologies,
including for IEDs and VBIEDS.
[55] 49 C.F.R. pt. 1572. TSA is utilizing a phased-in implementation
over 5 years and expects that all drivers with a hazardous materials
endorsement on a commercial driver's license will have obtained a TSA
fingerprint-based background check by May 31, 2010. To mitigate the
risk of potentially dangerous drivers retaining an HME until the end of
the implementation period, in September, 2006 TSA conducted name-based
intelligence checks of all drivers who have HMEs.
[56] Most of these are trucking firms, but a few bus companies also
transport some of the less dangerous hazardous materials.
[57] 49 C.F.R. §§ 172.800-172.804.
[58] The Hazardous Materials Transportation Uniform Safety Act of 1990
required DOT to establish a safety permit program for hazardous
materials motor carriers. Pub. L. No. 101-615, § 8, 104 Stat. 3244,
3255-58 (codified as amended at 49 U.S.C. § 5109).
[59] Pub. L. No. 110-53, § 1540, 121 Stat. 266, 468 (2007).
[60] Id. at § 1554, 121 Stat. 266, 473.
[61] Id. at § 1534, 121 Stat. at 461-62 (codified at 6 U.S.C. § 1184);
id. at § 1533, 121 Stat. at 460-61 (codified at 6 U.S.C. § 1183).
[62] Id. at § 1531, 121 Stat. at 454-57 (codified at 6 U.S.C. § 1181).
[63] TSA officials stated that they also supported a FEMA decision to
require bus security grant applicants this year to have in place a
vulnerability assessment and a comprehensive plan.
[64] State governors also work collectively through the National
Governor's Association (NGA) which has surveyed its members on their
homeland security progress in developing homeland security structures,
priorities, and programs, but NGA does not have any specific committees
for commercial vehicle security.
[65] States conduct both roadside inspections of trucks and on-site
company inspections.
[66] DHS supports fusion centers by providing financial assistance, the
majority of which has flowed through the Homeland Security Grant
Program. All of the states we interviewed had state or regional fusion
centers to coordinate safety and security monitoring and response.
[67] However, as previously noted, due to design problems the accuracy
of the report's findings regarding both hazardous materials and small
carriers could not be assured.
[68] OMB Circular A-11.
[69] GAO, Performance Measurement and Evaluation: Definitions and
Relationships, [hyperlink, http://www.gao.gov/products/GAO-05-739SP],
p. 3 (Washington, D.C.: May 2, 2005).
[70] See [hyperlink, http://www.gao.gov/products/GAO-06-15]; GAO,
Agency Performance Plans: Examples of Practices That Can Improve
Usefulness to Decision Makers, [hyperlink,
http://www.gao.gov/products/GAO/GGD/AIMD-99-69] (Washington, D.C.:
February 26, 1999), p. 3; and GAO, Results-Oriented Management: Agency
Crosscutting Actions and Plans in Border Control, Flood Mitigation and
Insurance, Wetlands, and Wildland Fire Management, [hyperlink,
http://www.gao.gov/products/GAO-03-321], p.1 (Washington, D.C.:
December 20, 2002), p. 1.
[71] GAO, Transportation Security: DHS Efforts to Eliminate Redundant
Background Check Investigations, [hyperlink,
http://www.gao.gov/products/GAO-07-756], (Washington, D.C.: April 26,
2007), p. 5.
[72] See [hyperlink, http://www.gao.gov/products/GAO-06-15]
(Washington, D.C: October 21, 2005).
[73] GAO, Transportation Security: Federal Action Needed to Help
Address Security Challenges, [hyperlink,
http://www.gao.gov/products/GAO-03-843] (Washington, D.C.: June 2003).
[74] See [hyperlink, http://www.gao.gov/products/GAO-03-843].
[75] See [hyperlink, http://www.gao.gov/products/GAO-06-15].
[76] TSA plans to revise its sector-specific plan in 2009.
[77] PHMSA did complain that TSA has a separate GCC for each sector of
transportation, and as a result, the sum of all these meetings was
becoming a burden.
[78] As noted above, DOT is responsible for ensuring the security, as
well as the safety, of the transportation of hazardous materials, and
DOT has issued and enforces regulations regarding training and security
plans for hazardous materials shippers and carriers. 49 U.S.C. § 5103;
49 C.F.R. §§ 172.700-172.804.
[79] Pub. L. No. 110-53, § 1555, 121 Stat. 266, 475 (2007).
[80] Safety Status Measurement System (SAFESTAT). GAO has previously
made recommendations about how to better identify safety risks: GAO,
Motor Carrier Safety: A Statistical Approach Will Better Identify
Commercial Carriers That Pose High Crash Risks Than Does the Current
Federal Approach, [hyperlink, http://www.gao.gov/products/GAO-07-585]
(Washington, D.C.: September 2007).
[81] In addition, TSA and DOT have established a specific MOU annex
concerning the Commercial Driver's License Information System (CDLIS),
which allows TSA direct access to this database to check applicants
with backgrounds in hazardous materials transport.
[82] The TSSP does not specify what the role of the Risk Working Group
shall be.
[83] The National Governors Association (NGA), representing the
nation's governors, does not have a specific committee on commercial
vehicle security. However, they are the lead on state homeland security
and recently reported in their 2007 NGA Best Practices survey that a
particular concern of state homeland security officials was
coordination with DHS. They reported that "States continue to report
unsatisfactory progress in their relationship with the federal
government, specifically with the DHS."
[84] [hyperlink, http://www.gao.gov/products/GAO-06-15].
[85] TSA HMC's Web site [hyperlink,
http://www.tsa.gov/what_we_do/tsnm/highway/documents_reports.shtm]
[86] See [hyperlink, http://www.gao.gov/products/GAO-06-15].
[87] See GAO, Information Sharing Environment: Definition of the
Results to Be Achieved in Improving Terrorism-Related Information
Sharing Is Needed to Guide Implementation and Assess Progress,
[hyperlink, http://www.gao.gov/products/GAO-08-492] (Washington, D.C.:
June 25, 2008), p. 13.
[88] See GAO, Standards for Internal Control in the Federal Government,
[hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]
(Washington, D.C.: November 1999) pp. 21-22.
[89] We conducted site visits to Maryland, Virginia, Ohio, Georgia, and
Missouri and held teleconferences with Louisiana, Illinois, and
Florida.
[90] GAO, Results-Oriented Government: Practices That Can Help Enhance
and Sustain Collaboration among Federal Agencies, [hyperlink,
http://www.gao.gov/products/GAO-06-15] (Washington, D.C.: October
2005).
[91] In September 2008, the Director of the Central Intelligence Agency
said that 80 percent of all intelligence comes from open sources.
[92] 49 C.F.R. pt. 1572.
[93] Annual appropriations for the bus security grant program were $10
million for fiscal year 2005, $10 million for fiscal year 2006, $12
million for fiscal year 2007, $11.5 million for fiscal year 2008, and
$12 million for fiscal year 2009.
[94] 49 C.F.R. §§ 172.800-172.804.
[95] The Hazardous Materials Transportation Uniform Safety Act of 1990
required DOT to establish a safety permit program for hazardous
materials motor carriers. Pub. L. No. 101-615, § 8, 104 Stat. 3244
(codified as amended at 49 U.S.C. § 5109).
[96] Pub. L. No. 110-53, § 1554, 121 Stat. 266, 473 (2007).
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
