Maritime Security
Ferry Security Measures Have Been Implemented, but Evaluating Existing Studies Could Further Enhance Security
Gao ID: GAO-11-207 December 3, 2010
Ferries are a vital component of the U.S. transportation system and 2008 data show that U.S. ferries carried more than 82 million passengers and over 25 million vehicles. Ferries are also potential targets for terrorism in the United States and have been terrorist targets overseas. GAO was asked to review ferry security, and this report addresses the extent to which (1) the Coast Guard, the lead federal agency for maritime security, assessed risk in accordance with the Department of Homeland Security's (DHS) guidance and what risks it identified; and (2) federal agencies, ferry and facility operators, and law enforcement entities have taken actions to protect ferries and their facilities. GAO reviewed relevant requirements, analyzed 2006 through 2009 security operations data, interviewed federal and industry officials, and made observations at five domestic and one international locations with varying passenger volumes and relative risk profiles. Site visits provided information on security, but were not projectable to all ports. This is the public version of a sensitive report that GAO issued in October 2010. Information that DHS deemed sensitive has been redacted.
The Coast Guard assessed the risk--including threats, vulnerabilities, and consequences--to ferries in accordance with DHS guidance on risk assessment and, along with other maritime stakeholders, identified risks associated with explosive devices, among other things. Although in April 2010, Coast Guard intelligence officials stated that there have been no credible terrorist threats identified against ferries and their facilities in at least the last 12 months, maritime intelligence officials have identified the presence of terrorist groups with the capability of attacking a ferry. Many of the Coast Guard, ferry system and law enforcement officials GAO spoke with generally believe ferries are vulnerable to passenger- or vehicle-borne improvised explosive devices, although not all ferry systems transport vehicles. The Coast Guard has also identified the potential consequences of an attack, which could include possible loss of life and negative economic effects. In April 2010, Coast Guard officials stated that the relative risk to ferries is increasing, as evidenced by attacks against land-based mass transit and other targets overseas. Federal agencies--including the Coast Guard, the Transportation Security Administration (TSA), and Customs and Border Protection (CBP)--ferry operators, and law enforcement entities report that they have taken various actions to enhance the security of ferries and facilities and have implemented related laws, regulations, and guidance, but the Coast Guard may be missing opportunities to enhance ferry security. Security measures taken by the Coast Guard have included providing a security presence on ferries during transit. Coast Guard officials also reported that they are revising regulations to improve ferry operator training and developing guidance on screening. Ferry operators' security actions have included developing and implementing security plans and screening vehicles and passengers, among other things. However, the Coast Guard had not evaluated and, if determined warranted, acted on all findings and recommendations resulting from five agency-contracted studies on ferry security completed in 2005 and 2006. Reports from these studies included several recommendations for standardizing and enhancing screening across ferry operators. Standards for internal control in the federal government state that agencies should ensure that findings of audits and other reviews are promptly resolved, and that managers take action to evaluate and resolve matters identified in these audits and reviews. As a result of our work on ferry security, in August 2010, Coast Guard officials stated they planned to review the reports. Taking action to address the recommendations in these reports, if determined warranted by the Coast Guard's evaluation, could enhance ferry security. Furthermore, Coast Guard documents from 2004 state that the agency should reassess vehicle screening requirements pending the completion of the ferry security reports or if the threat changes. However, no specific plans were in place to reassess these requirements. By taking action to reassess its screening requirements, the agency would be better positioned to determine if changes are warranted. GAO recommends that the Commandant of the Coast Guard, after evaluating the completed studies on ferry security, reassess vehicle screening requirements and take further actions to enhance security, if determined warranted. DHS concurred with our recommendations.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director:
Stephen L. Caldwell
Team:
Government Accountability Office: Homeland Security and Justice
Phone:
(202) 512-9610
GAO-11-207, Maritime Security: Ferry Security Measures Have Been Implemented, but Evaluating Existing Studies Could Further Enhance Security
This is the accessible text file for GAO report number GAO-11-207
entitled 'Maritime Security: Ferry Security Measures Have Been
Implemented, but Evaluating Existing Studies Could Further Enhance
Security' which was released on December 6, 2010.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as
part of a longer term project to improve GAO products' accessibility.
Every attempt has been made to maintain the structural and data
integrity of the original printed product. Accessibility features,
such as text descriptions of tables, consecutively numbered footnotes
placed at the end of the file, and the text of agency comment letters,
are provided but may not exactly duplicate the presentation or format
of the printed version. The portable document format (PDF) file is an
exact electronic replica of the printed version. We welcome your
feedback. Please E-mail your comments regarding the contents or
accessibility features of this document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
United States Government Accountability Office:
GAO:
Report to the Chairman, Committee on Homeland Security, House of
Representatives:
December 2010:
Maritime Security:
Ferry Security Measures Have Been Implemented, but Evaluating Existing
Studies Could Further Enhance Security:
GAO-11-207:
GAO Highlights:
Highlights of GAO-11-207, a report to the Chairman, Committee on
Homeland Security, House of Representatives.
Why GAO Did This Study:
Ferries are a vital component of the U.S. transportation system and
2008 data show that U.S. ferries carried more than 82 million
passengers and over 25 million vehicles. Ferries are also potential
targets for terrorism in the United States and have been terrorist
targets overseas. GAO was asked to review ferry security, and this
report addresses the extent to which (1) the Coast Guard, the lead
federal agency for maritime security, assessed risk in accordance with
the Department of Homeland Security‘s (DHS) guidance and what risks it
identified; and (2) federal agencies, ferry and facility operators,
and law enforcement entities have taken actions to protect ferries and
their facilities. GAO reviewed relevant requirements, analyzed 2006
through 2009 security operations data, interviewed federal and
industry officials, and made observations at five domestic and one
international locations with varying passenger volumes and relative
risk profiles. Site visits provided information on security, but were
not projectable to all ports. This is the public version of a
sensitive report that GAO issued in October 2010. Information that DHS
deemed sensitive has been redacted.
What GAO Found:
The Coast Guard assessed the risk”including threats, vulnerabilities,
and consequences”to ferries in accordance with DHS guidance on risk
assessment and, along with other maritime stakeholders, identified
risks associated with explosive devices, among other things. Although
in April 2010, Coast Guard intelligence officials stated that there
have been no credible terrorist threats identified against ferries and
their facilities in at least the last 12 months, maritime intelligence
officials have identified the presence of terrorist groups with the
capability of attacking a ferry. Many of the Coast Guard, ferry system
and law enforcement officials GAO spoke with generally believe ferries
are vulnerable to passenger- or vehicle-borne improvised explosive
devices, although not all ferry systems transport vehicles. The Coast
Guard has also identified the potential consequences of an attack,
which could include possible loss of life and negative economic
effects. In April 2010, Coast Guard officials stated that the relative
risk to ferries is increasing, as evidenced by attacks against land-
based mass transit and other targets overseas.
Federal agencies-”including the Coast Guard, the Transportation
Security Administration (TSA), and Customs and Border Protection
(CBP)”-ferry operators, and law enforcement entities report that they
have taken various actions to enhance the security of ferries and
facilities and have implemented related laws, regulations, and
guidance, but the Coast Guard may be missing opportunities to enhance
ferry security. Security measures taken by the Coast Guard have
included providing a security presence on ferries during transit.
Coast Guard officials also reported that they are revising regulations
to improve ferry operator training and developing guidance on
screening. Ferry operators‘ security actions have included developing
and implementing security plans and screening vehicles and passengers,
among other things. However, the Coast Guard had not evaluated and, if
determined warranted, acted on all findings and recommendations
resulting from five agency-contracted studies on ferry security
completed in 2005 and 2006. Reports from these studies included
several recommendations for standardizing and enhancing screening
across ferry operators. Standards for internal control in the federal
government state that agencies should ensure that findings of audits
and other reviews are promptly resolved, and that managers take action
to evaluate and resolve matters identified in these audits and
reviews. As a result of our work on ferry security, in August 2010,
Coast Guard officials stated they planned to review the reports.
Taking action to address the recommendations in these reports, if
determined warranted by the Coast Guard‘s evaluation, could enhance
ferry security. Furthermore, Coast Guard documents from 2004 state
that the agency should reassess vehicle screening requirements pending
the completion of the ferry security reports or if the threat changes.
However, no specific plans were in place to reassess these
requirements. By taking action to reassess its screening requirements,
the agency would be better positioned to determine if changes are
warranted.
What GAO Recommends:
GAO recommends that the Commandant of the Coast Guard, after
evaluating the completed studies on ferry security, reassess vehicle
screening requirements and take further actions to enhance security,
if determined warranted. DHS concurred with our recommendations.
View [hyperlink, http://www.gao.gov/products/GAO-11-207] or key
components. For more information, contact Stephen L. Caldwell at (202)
512-9610 or caldwells@gao.gov.
[End of section]
Contents:
Letter:
Background:
The Coast Guard Assessed Risk to Ferries and Their Facilities in
Accordance with DHS's Risk Assessment Guidance and Security Concerns
Exist:
Stakeholders Have Implemented Ferry Security Measures, but the Coast
Guard Has Not Acted on Other Identified Opportunities That May Enhance
Security:
Conclusions:
Recommendations for Executive Action:
Agency Comments:
Appendix I: GAO Contact and Staff Acknowledgments:
Related GAO Products:
Tables:
Table 1: Selected Stakeholders with Security Responsibilities
Applicable to Ferries:
Table 2: Key Security Requirements Applicable to Ferries and Ferry
Facilities:
Figures:
Figure 1: 2008 National Census Data on States with Ferry Systems
Operating High Capacity Passenger Ferries and the Number of Passengers
and Vehicles Carried:
Figure 2: Coast Guard Escorts of Ferries:
Figure 3: TSA Testing of a Vehicle Screening Technology:
Figure 4: Security Signage Posted at a Ferry Facility:
Figure 5: Security Deficiencies by Vessel Type, 2006 through 2009:
Figure 6: Security Deficiencies by Facility Type, 2006 through 2009:
Abbreviations:
CBP: Customs and Border Protection:
DHS: Department of Homeland Security:
ISPS: International Ship and Port Facility Security:
MTSA: Maritime Transportation Security Act of 2002:
SAFE Port Act: Security and Accountability for Every Port Act of 2006:
TSA: Transportation Security Administration:
VIPR: Visible Intermodal Prevention and Response:
[End of section]
United States Government Accountability Office:
Washington, DC 20548:
December 3, 2010:
The Honorable Bennie G. Thompson:
Chairman:
Committee on Homeland Security:
House of Representatives:
Dear Mr. Chairman:
Ferries are an important component of the U.S. transportation system,
and according to respondents to the 2008 National Census of Ferry
Operators, carried more than 82 million passengers and over 25 million
vehicles.[Footnote 1] Ferries are also potential targets for terrorism
in the United States and have been terrorist targets overseas. A 2005
Coast Guard study stated that as part of the U.S. maritime
transportation system, ferry operations are potential terrorist
targets, and according to a 2006 RAND Corporation study, certain
traits inherent to ferries make them especially attractive to
terrorist aggression.[Footnote 2] For example, the RAND study reported
that attacks on ferries are easy to execute, have the potential to
kill many people, are likely to capture significant media attention,
and can be exploited to visibly demonstrate a terrorist group's
salience and vibrancy. While these fears have not been realized in the
United States, ferries and their facilities in the Philippines have
repeatedly been targeted by terrorists. For example, successful
bombings on Philippine ferries killed or wounded at least 130 people
in 2004 and 2005. Attacks on ferries and their facilities have
continued, and in 2009 there were three more attempted bombings in the
Philippines. These attacks led the Transportation Security
Administration (TSA)--the lead U.S. federal agency for transportation
security--to report in 2009 that violent extremists around the
Philippines have the intent and capability to attack ferries or use
them as a means of conveyance to transport materials. Coast Guard and
Navy intelligence officials also stated that the overall risk to
ferries may be increasing given the attempts in the Philippines and
the attacks against land-based mass transit and other soft targets
overseas. Although not caused by a terrorist attack, one of the
greatest maritime disasters ever occurred in the Philippines in 1987
when an overloaded ferry collided with a tanker and an estimated 4,300
people died. Although the circumstances of this ferry sinking may be
different than those faced by ferries in the United States, they
illustrate that an attack on a crowded ferry could have dire
consequences. The U.S. Coast Guard, a component of the Department of
Homeland Security (DHS), is the lead federal agency responsible for a
wide array of maritime safety and security activities, including those
involving ferries and their facilities under the Maritime
Transportation Security Act of 2002 (MTSA).[Footnote 3]
This report is the second of two reviewing the security of high
capacity passenger vessels--vessels capable of carrying 500 or more
passengers. The first report focused on cruise ship and cruise ship
facility security and was issued in April 2010.[Footnote 4] The report
found that while governmental agencies, cruise ship operators, and
other maritime security stakeholders have taken significant steps to
protect against a possible terrorist attack, the U.S. Customs and
Border Protection (CBP)--the federal agency primarily responsible for
border security--should consider obtaining additional information
about cruise ship passengers to enhance its screening process. This
report focuses on the security issues of high capacity passenger
ferries and their facilities.[Footnote 5] While we limited our review
to ferry systems that operate larger, high capacity passenger ferries,
these systems often also operate smaller ferries, and according to
Coast Guard officials, smaller ferries face similar security concerns.
You requested that we identify risks associated with ferries and their
facilities and the measures being taken to protect them.[Footnote 6]
Specifically, this report responds to the following questions:
* To what extent has the U.S. Coast Guard assessed risk related to
high capacity passenger ferries and their facilities in accordance
with DHS's guidance, and what are the identified risks?
* To what extent have maritime security stakeholders taken actions to
mitigate the potential risks to high capacity passenger ferries and
their facilities, and to implement applicable federal laws,
regulations, and guidance; and what additional actions, if any, could
enhance ferry security?
This is the public version of the report we issued in October 2010
that contained information related to risks to high capacity passenger
ferries and efforts made to secure these ferries from terrorist
attacks. DHS deemed specific details of ferries, the risks to ferries,
and methods used by the Coast Guard and others to secure ferries to be
sensitive security information, which must be protected from public
disclosure. Therefore, this report omits those details. Although
information provided in this report is more limited in scope, it
addresses the same questions as the previously issued report. Also,
the overall methodology used for both reports is the same. The
conclusions and recommendations contained in our October 2010 version
of this report remain generally unchanged.
To determine the extent to which the Coast Guard assessed the risks to
ferries and their facilities in accordance with DHS's guidance, and to
identify the risks associated with ferries and their facilities, we
reviewed relevant federal guidance on the use of risk management,
including DHS's National Infrastructure Protection Plan.[Footnote 7]
We also reviewed documents describing the methodology and use of the
Coast Guard's primary risk assessment tool--the Maritime Security Risk
Analysis Model. We analyzed the elements of the Coast Guard's risk
analysis model process and compared it to criteria from two
components--risk assessment and prioritization--of the National
Infrastructure Protection Plan, the document that articulates the risk
management framework for DHS. We also analyzed the nationwide results
for 2009 of the risk analysis model to determine the relative risks
facing ferries and their facilities. In addition, we interviewed Coast
Guard headquarters personnel responsible for the risk analysis model
and Coast Guard Sector personnel responsible at the local level to
discuss the relative risks in their areas of responsibility.[Footnote
8]
In addition, we interviewed Coast Guard and U.S. Navy intelligence
personnel actively engaged in determining possible threats to ferries
and their facilities. We also interviewed Coast Guard, CBP, and U.S.
Park Police officials, as well as personnel from seven nonfederal law
enforcement agencies. The Coast Guard and CBP officials were those
responsible for ferry and ferry facility security at both the national
level and at the locations where we made site visits. Similarly, the
law enforcement personnel we met with represented jurisdictions
covered in our site visits where they provided security for ferries
and their facilities. We made these visits to a nonprobability sample
of five domestic locations. Ferry operations at these locations are
overseen by five Coast Guard Sectors.[Footnote 9] We selected these
locations based on the number of passengers carried by the ferry
systems operating in these locations and the relative risk associated
with the ferry systems. We also selected locations that had domestic
and international ferries. While the information we obtained from
personnel at these locations cannot be generalized across all U.S.
ferry systems, it provided us with a perspective on the risks to
ferries and their facilities at the selected locations. While their
views may not represent the views of all high capacity passenger ferry
operators, these ferry systems represented about 70 percent of
passengers and about 80 percent of vehicles carried by U.S. ferry
operators that in 2008 reported that they had vessels in service
capable of carrying 500 or more passengers.
To determine the extent to which maritime security stakeholders--
including federal agencies, ferry and ferry facility operators, and
law enforcement agencies--have taken actions to mitigate the potential
risks to ferries and their facilities and to implement applicable
federal laws, regulations, and guidance, we reviewed relevant federal
legislation, regulations, and guidance. These included pertinent
provisions of MTSA, as amended, including the Security and
Accountability For Every Port Act of 2006 (SAFE Port Act) amendments
to MTSA; implementing regulations--such as 33 CFR Parts 101, 102, 103,
104, and 105; the Coast Guard's Operation Neptune Shield operations
order; Navigation and Vessel Inspection Circulars; and Maritime
Security Directives, respectively. We analyzed data on the Coast
Guard's security performance in meeting internal standards established
for Operation Neptune Shield during 2009, and on ferry and ferry
facility operator's security performance in meeting requirements
identified in Coast Guard regulations from 2006 to 2009. We found
these data to be sufficiently reliable for the purpose of providing
contextual or background information. To make this determination we
conducted interviews with knowledgeable agency officials and performed
data testing for missing data, outliers, and obvious errors. We also
interviewed federal officials from various agencies, including the
Coast Guard, CBP, and U.S. Park Police to discuss their actions to
reduce risks to ferries and their facilities. We observed security
activities and interviewed law enforcement personnel from seven
nonfederal police departments responsible for protecting ferries and
their facilities from terrorist attacks at the domestic locations we
visited. As part of our observations of security measures, we traveled
aboard international and domestic ferries at these locations. While
our observations at these locations cannot be generalized across all
U.S. ports, they provided us with a general overview and perspective
on ferry and ferry facility security at the selected locations. We
also made a site visit to one foreign location where a major high
capacity ferry system operated to observe possible security actions
other than those used in the United States. Although this location
does not represent all international locations with high capacity
passenger ferry operators, we selected this location because Coast
Guard officials stated that this ferry system was similar to one of
the larger systems in the United States and would serve as a good
comparison to U.S. ferry systems. We also reviewed three Coast Guard-
funded reports issued in 2005 and 2006 on ferry security to determine
what actions the reports recommended that the Coast Guard take to help
ensure ferry security. We interviewed Coast Guard officials to
determine what actions had been taken in response to these reports. We
also reviewed the scope and methodology for these reports and
determined they were sufficient for us to rely on for the purposes of
this report.
We conducted this performance audit from January 2009 to December 2010
in accordance with generally accepted government auditing standards.
[Footnote 10] Those standards require that we plan and perform the
audit to obtain sufficient, appropriate evidence to provide a
reasonable basis for our findings and conclusions based on our audit
objectives. We believe that the evidence obtained provides a
reasonable basis for our findings and conclusions based on our audit
objectives.
Background:
Ferries Transport Passengers and Vehicles:
According to the 190 ferry operators responding to the 2008 National
Census of Ferry Operators, more than 82 million passengers and over 25
million vehicles were carried on their vessels in the United States.
[Footnote 11] As reported in 2008, the ferry systems that carried the
most passengers and vehicles in 2008 were the New York City Department
of Transportation Ferry Division (Staten Island Ferry) which carried
19 million passengers, but no vehicles, and the Washington State
Ferries that carried over 13 million passengers and almost 11 million
vehicles. In addition, California, Louisiana, Massachusetts, New
Jersey, North Carolina, Ohio, Texas, and Virginia all had ferry
systems that carried over 1 million passengers. See figure 1 for a map
identifying the states where ferry systems operate vessels that can
carry 500 or more passengers, as well as the number of passengers and
vehicles carried by these systems. In addition to the ferries that
operate solely inside the United States, CBP identified 28 ferries
that sailed in 2009 to the United States from a port in Canada,
Mexico, the British Virgin Islands, or the Dominican Republic.
Figure 1: 2008 National Census Data on States with Ferry Systems
Operating High Capacity Passenger Ferries and the Number of Passengers
and Vehicles Carried:
[Refer to PDF for image: illustrated U.S. map]
Depicted on the map are the states with ferry systems along with
symbols indicating the number of passengers and vehicles carried in
2008:
Symbol scale:
100,000;
1,000,000;
5,000,000;
15,000,000;
20,000,000.
States:
California: approximately 5,000,000 passengers;
Connecticut: approximately 1,000,000 passengers and 100,000 vehicles;
Delaware: approximately 1,000,000 passengers and 100,000 vehicles;
Florida: approximately 100,000 passengers;
Massachusetts: approximately 5,000,000 passengers and 1,000,000
vehicles;
Michigan: approximately 1,000,000 passengers and 100,000 vehicles;
New Jersey: approximately 1,000,000 passengers;
New York: approximately 20,000,000 passengers and 100,000 vehicles;
Ohio: approximately 1,000,000 passengers and 100,000 vehicles;
Texas: approximately 10,000,000 passengers and 5,000,000 vehicles;
Washington: approximately 15,000,000 passengers and 15,000,000
vehicles.
Sources: National Census of Ferry Operators; Map Resources (map).
Note: This graphic is based on data reported by the Bureau of
Transportation Statistics in the 2008 National Census of Ferry
Operators. These data included self-reported data to the census by the
responding ferry systems, along with information obtained from
agencies such as the Coast Guard and the Army Corps of Engineers. As
reported by the Bureau of Transportation Statistics, data was not
available for all questions for all systems. For example, the reported
data for one system in Louisiana included that it operated high
capacity passenger ferries, but did not include the total number of
passengers it carried. That system is not included in figure 1. Of the
systems included in the census, data show that 29 operated ferries
capable of carrying 500 or more passengers. Twenty-eight of these 29
ferry systems operate in the 11 states highlighted in figure 1 above.
No systems reported operating ferries capable of carrying 500 or more
passengers in Alaska or Hawaii.
[End of figure]
Many Stakeholders Involved in Securing Ferry Operations:
Numerous organizations play a role in the security of ferries
operating in U.S. waters. Table 1 lists selected federal agencies and
other stakeholders together with examples of the ferry-related
maritime security activities that they conduct.
Table 1: Selected Stakeholders with Security Responsibilities
Applicable to Ferries:
International organization:
Stakeholder:
* International Maritime Organization[A];
Selected maritime security-related responsibilities:
* Develop international standards for port and vessel security.
Federal government: Department of Homeland Security:
Stakeholder:
* U.S. Coast Guard;
Selected maritime security-related responsibilities:
* Conduct vessel escorts, boardings of selected vessels, and security
patrols of key port areas;
* Ensure vessels in U.S. waters comply with domestic and international
maritime security standards;
* Review U.S. vessel and facility security plans and oversee
compliance with these plans.
Stakeholder:
* Transportation Security Administration (TSA);
Selected maritime security-related responsibilities:
* Test technologies, practices, and techniques for passenger screening
systems in the maritime environment;
* Coordinate with the Coast Guard on security training and surge
operations.
Stakeholder:
* U.S. Customs and Border Protection (CBP);
Selected maritime security-related responsibilities:
* Review documentation of persons, baggage, and cargo arriving from
foreign ports on international ferries;
* Take action to deny entrance to the United States if concerns about
persons, baggage, or cargo exist.
State and local governments.
Stakeholders:
* Law enforcement agencies;
Selected maritime security-related responsibilities:
* Often act as land-based security for ferry operators;
* Support Coast Guard role through water patrols and possibly escort
vessels if the agency operates a marine unit.
Stakeholder:
* State and city Departments of Transportation and Port Authorities;
Selected maritime security-related responsibilities:
* Own many ferry systems and thus assume responsibility for ensuring
their security by conducting vulnerability assessments and developing
and implementing security plans to mitigate vulnerabilities and comply
with applicable international and domestic standards;
* Conduct risk-mitigating actions including maintaining secure areas
and screening passengers and vehicles.
Private sector:
Stakeholder:
* Private owners or operators;
Selected maritime security-related responsibilities:
* Own or operate many ferry systems and thus assume responsibility for
ensuring their security by conducting vulnerability assessments and
developing and implementing security plans to mitigate the
vulnerabilities and comply with applicable international and domestic
standards;
* Conduct risk-mitigating actions including maintaining secure areas
and screening passengers and vehicles.
Stakeholder:
* Security contractors;
Selected maritime security-related responsibilities:
* Provide security services at ferry facilities.
Source: GAO.
[A] The International Maritime Organization is a specialized agency of
the United Nations with 169 member states that is responsible for
developing an international regulatory framework addressing, among
other things, maritime safety and security.
[End of table]
Maritime Security Actions Are Guided by a Legal and Regulatory
Framework:
International standards and national laws, regulations, and guidance
direct federal agencies and vessel and facility operators nationwide
in their security efforts (see table 2).
Table 2: Key Security Requirements Applicable to Ferries and Ferry
Facilities:
Promulgator: International Maritime Organization;
Law or guidance: International Ship and Port Facility Security (ISPS)
Code,[A] as implemented through Chapter XI-2 of the International
Convention for the Safety of Life at Sea[B];
Key provisions: Sets out many of the international standards for
vessel and port facility security. For example, all covered vessels
shall have a designated security officer.
Promulgator: U.S. Federal Government;
Law or guidance: Maritime Transportation Security Act of 2002
(MTSA)[C];
Key provisions: Establishes a maritime security framework including
many of the U.S. vessel and port facility security requirements and
standards and for Coast Guard enforcement of many of such provisions.
One such provision, for example, requires regulated facilities and
vessels to have vulnerability assessments.
Promulgator: U.S. Federal Government;
Law or guidance: SAFE Port Act amendments to MTSA (2006)[D];
Key provisions: Sets additional requirements for Coast Guard
regulation of port facility security. For example, at least one
security inspection to verify the effectiveness of a regulated
facility security plan shall be unannounced.
Promulgator: Coast Guard;
Law or guidance: Implementing Regulations (such as 33 C.F.R. Parts
101, 104, and 105);
Key provisions: Based on legislative authority, set specific security
requirements for U.S. flagged vessels and port facilities. For
example, owners or operators of ferries must ensure that security
sweeps of the vessel are performed before getting underway.
Promulgator: Coast Guard;
Law or guidance: Operation Neptune Shield Operations Order;
Key provisions: Sets internal Coast Guard standards for vessel
(including ferries) security activities, which include escorts and
security boardings--boardings performed to verify that the ship and
crew are operating as expected and to act on intelligence that may
have prompted security concerns. For example, Coast Guard units are
required to escort a certain percentage of high capacity passenger
vessels under different Maritime Security threat levels.[E] (Specific
percentages are classified.) Operation Neptune Shield activities are
based on an understanding of maritime risk and mitigation.
Promulgator: Coast Guard;
Law or guidance: Navigation and Vessel Inspection Circulars;
Key provisions: Provide Coast Guard guidance about the enforcement of,
or compliance with, certain federal maritime regulations and Coast
Guard maritime safety and security programs. For example, these state
how Coast Guard inspectors are to ensure operators' compliance with
higher standards for passenger screening and security sweeps on
ferries.
Promulgator: Coast Guard;
Law or guidance: Maritime Security Directives;
Key provisions: Set security performance standards for stakeholders
responsible for taking security actions commensurate with various
Maritime Security threat levels. For example, one standard includes
the varying percentages of vehicles to be screened before boarding
ferries under different Maritime Security threat levels.
Source: GAO.
[A] IMO Doc. SOLAS/CONF. 5/34 (Dec. 12, 2002).
[B] 32 U.S.T. 47, T.I.A.S. No. 9700.
[C] Pub. L. No. 107-295, 116 Stat. 2064 (2002).
[D] Pub. L. No. 109-347, 120 Stat. 1884 (2006).
[E] Maritime Security threat levels are a three-tiered (Maritime
Security Level 1, Maritime Security Level 2, and Maritime Security
Level 3) threat warning system to provide a means to easily
communicate preplanned scalable responses to increased threat levels.
They are set by the Coast Guard, in consultation with DHS, to reflect
the prevailing threat environment to the marine elements of the
national transportation system, including ports, vessels, facilities,
and critical assets and infrastructure located on or adjacent to
waters subject to the jurisdiction of the United States. For the
purpose of these requirements, the Coast Guard defines high capacity
passenger vessels as those carrying 500 or more passengers.
[End of table]
Risk Management Is Important for Maritime Security:
DHS is required by statute to utilize risk management principles with
respect to various DHS functions.[Footnote 12] In 2006, DHS issued the
National Infrastructure Protection Plan, which is DHS's base plan that
guides how DHS and other relevant stakeholders should use risk
management principles to prioritize protection activities in an
integrated and coordinated fashion. Updated in 2009, the National
Infrastructure Protection Plan requires that federal agencies use
relative risk to inform the selection of priorities and the continuous
improvement of security strategies and programs to protect people and
critical infrastructure by reducing the risk of acts of terrorism. The
framework for the plan includes six components: (1) set goals and
objectives; (2) identify assets, systems, and networks; (3) assess
risk; (4) prioritize; (5) implement programs; and (6) measure
effectiveness.
In the assess risk component, the National Infrastructure Protection
Plan establishes baseline criteria for conducting risk assessments.
According to the National Infrastructure Protection Plan, risk
assessments are a qualitative or quantitative determination of the
likelihood of an adverse event occurring and are a critical element of
the National Infrastructure Protection Plan's risk management
framework. Risk assessments can also help decision makers identify and
evaluate potential risks so that countermeasures can be designed and
implemented to prevent or mitigate the potential effects of the risks.
The National Infrastructure Protection Plan also characterizes risk
assessment as a function of three elements:
* Threat: The likelihood that a particular asset, system, or network
will suffer an attack or an incident. In the context of risk
associated with a terrorist attack, the estimate of threat is based on
the analysis of the intent and the capability of an adversary; in the
context of a natural disaster or accident, the likelihood is based on
the probability of occurrence.
* Vulnerability: The likelihood that a characteristic of, or flaw in,
an asset's, system's, or network's design, location, security posture,
process, or operation renders it susceptible to destruction,
incapacitation, or exploitation by terrorist or other intentional
acts, mechanical failures, and natural hazards.
* Consequence: The negative effects on public health and safety, the
economy, public confidence in institutions, and the functioning of
government, both direct and indirect, that can be expected if an
asset, system, or network is damaged, destroyed, or disrupted by a
terrorist attack, natural disaster, or other incident.
Information from the three elements that assess risk--threat,
vulnerability, and consequence--can lead to a risk characterization
and provide input for prioritizing security goals--the fourth
component within the framework. For example, MTSA requires the Coast
Guard to prepare Area Maritime Transportation Security Plans for ports
around the United States. These plans convey operational and physical
security measures, communications procedures, time frames for
responding to security threats, and other actions to direct the
prevention of and response to a security incident. In its regulations
implementing MTSA, the Coast Guard gave primary responsibility for
creating the Area Maritime Security Plans to the Captain of the Port,
based on the Area Maritime Security Assessment.[Footnote 13] Area
Maritime Security Assessments examine the threats and vulnerabilities
to activities, operations, and infrastructure critical to a port and
the consequences of a successful terrorist attack on the critical
activities, operations, and infrastructure at the port. Under the
regulations, such assessments are to be risk-based, and should assess
each potential threat and the consequences and vulnerabilities for
each combination of targets and attack modes in the area. With the
information supplied in the assessment, the Area Maritime Security
Plan is to identify, among other things, the operational and physical
security measures to be implemented at Maritime Security Level 1 and
those that, as risks increase, will enable the area to progress to
levels 2 and 3. According to the Coast Guard, procedures and measures
conveyed in Area Maritime Security Plans are coordinated,
communicated, and implemented by the Captain of the Port with
stakeholder communication assistance from Area Maritime Security
Committees, using existing agency command and control systems, and
when activated, unified incident management structures.
The Coast Guard Assessed Risk to Ferries and Their Facilities in
Accordance with DHS's Risk Assessment Guidance and Security Concerns
Exist:
The Coast Guard Adheres to Risk Assessment Guidance from DHS's
National Infrastructure Protection Plan:
The Coast Guard uses a tool known as the Maritime Security Risk
Analysis Model to assess risk to vessels and port infrastructure,
including ferries and ferry facilities, in accordance with the
guidance from DHS's National Infrastructure Protection Plan. As we
reported in April 2010, the Coast Guard uses this analysis tool to
help implement its strategy and concentrate maritime security
activities when and where relative risk is believed to be the
greatest.[Footnote 14] The model assesses the risk--threats,
vulnerabilities, and consequences--of a terrorist attack based on
different scenarios; that is, it combines potential targets with
different means of attack. Examples of a Maritime Security Risk
Analysis Model scenario related to ferries include those involving a
suicide bomber or a boat attack. Taking threats, vulnerabilities, and
consequences into consideration is the approach to assessing risk
recommended by the National Infrastructure Protection Plan. According
to the Coast Guard, the model's underlying methodology is designed to
capture the security risk facing different types of targets, allowing
comparison between different targets and geographic areas at the
local, regional, and national levels. Also in accordance with guidance
from the National Infrastructure Protection Plan, the model is
designed to support decision making for the Coast Guard. At the
national level, the model's results are used for (1) long-term
strategic resource planning, (2) identifying capabilities needed to
combat future terrorist threats, and (3) identifying the highest-risk
scenarios and targets in the maritime domain. At the local level, the
Captain of the Port can use the model as a tactical planning tool, and
it can help to identify the highest-risk scenarios, allowing the
Captain of the Port to prioritize needs and better deploy security
assets. As we reported in March 2009, Intelligence Coordination Center
officials stated that the Coast Guard uses the model to inform
allocation decisions, such as the deployment of local resources and
grants.[Footnote 15]
Although No Recent Threats Have Been Identified, Stakeholders Reported
Security Concerns:
Although there have been no recent, credible terrorist threats against
ferries and their facilities in the United States, stakeholders
expressed concerns about various types of attacks that, if successful,
could have significant consequences. Since the characteristics and
operations of the ferry systems vary widely, different operations and
ferry system components face different levels of threats with
different probabilities of occurrence. In April 2010, Coast Guard
intelligence officials stated that there have been no credible
terrorist threats against ferries and their facilities identified in
at least the last 12 months, but noted the presence of terrorist
groups that have the capability to attack a ferry. Further, the lack
of a recent threat does not preclude the possibility of such an
incident occurring in the future. As reported both by the Coast Guard
and RAND, ferries have been terrorist targets in the past and are
considered attractive targets for terrorists. In 2006, the
Transportation Research Board reported that the same characteristics
that make ferry systems desirable to passengers--the wide extent of
service and the popularity of use--also make them potential targets
and potential instruments of a terrorist act.[Footnote 16] As we
previously reported in 2007, security officials in the U.S. government
are concerned about the possibility of a future terrorist attack in a
U.S. port.[Footnote 17] For example, captured terrorist training
manuals cite ports as targets and instruct trainees to use covert
means to obtain surveillance information for use in attack planning.
Terrorist leaders have also stated their intent to attack
infrastructure targets within the United States, including ports, in
an effort to cause physical and economic damage and inflict mass
casualties. In April 2010, Coast Guard intelligence officials also
stated that they have seen a gradual shift in terrorist tactics and
procedures overseas that had been seen in attacks against mass transit
and other soft targets--characteristics typically shared with ferry
systems as well.
Stakeholders Reported Various Security Concerns:
Maritime security stakeholders reported various ferry-related security
concerns with the greatest concerns being improvised explosive device
attacks delivered via vehicles, passengers or small boats. Vehicle-
borne improvised explosive device concerns, for ferry operations that
carry vehicles, included concerns about devices carried in cars and
trucks. Our work from February 2009 supports the likely validity of
this concern as vehicle-borne improvised explosive devices were the
most common tactic used in truck and bus terrorist incidents abroad.
[Footnote 18] However, not all ferry systems allow vehicles on board.
Coast Guard officials we interviewed expressed concern about passenger-
borne improvised explosive devices on ferries as well--such as a
passenger carrying a bomb in a backpack. Determining passengers'
identities, through admissibility inspections, is one type of action
that CBP has taken to help mitigate concerns posed by passengers
boarding ferries that originate from Canada.[Footnote 19] Nonetheless,
according to CBP officials, CBP personnel do not know a person's
identity until he or she arrives at the facility to board. However,
Coast Guard officials stated that ferry operators may see the same
people over and over again and can become familiar with the regular
passengers. Maritime security stakeholders also consider waterborne
improvised explosive devices to be a concern for ferries and their
facilities. According to the Coast Guard's Strategy for Maritime
Safety, Security, and Stewardship, one of the greatest risks
associated with maritime scenarios is a direct attack using a
waterborne improvised explosive device, and a recurring attack mode
has been the use of small boats to carry out an attack.
Port security stakeholders we interviewed also reported other ferry-
related security concerns--some of which were more port specific. For
example, international ferries pose an additional concern by providing
a possible transit for terrorists to enter the United States as
exemplified by the 1999 millennium bomber, who traveled to the United
States on a ferry from Canada and had planned to bomb the Los Angeles
International Airport. Port security stakeholders reported other
security concerns including criminal activity, such as drug or human
smuggling, particular to where their ferries transit.
A Successful Attack Could Have Significant Consequences:
A successful attack on a ferry could affect the ship, its passengers,
and the U.S. economy. A successful attack could damage a ferry and the
extent of the loss of life would depend on the severity of the attack,
according to various studies. A 2006 RAND report stated that scenarios
involving significant damage could easily result in several hundred
fatalities and the greater the damage, the more likely it would be
that the vessel would sink resulting in a higher death toll.
A successful terrorist attack on a ferry system may also have an
economic impact. Coast Guard officials stated that an attack on a
ferry could target a lot of people at one time and shut down port
operations, which could ultimately have an economic ripple effect.
Coast Guard officials differed in their opinions, however, on whether
a ferry attack would likely have a national economic impact or if the
economic impact would be more localized, but agreed that it would
depend on the scenario. Furthermore, the reaction to an attack on a
ferry could also affect the degree of the economic impact. According
to the Coast Guard and RAND, ferry transit is largely a substitutable
form of transportation for which passengers may opt to use another
form of transportation, such as a bridge, following an attack, and,
therefore, the economic impact of such an action may not necessarily
be significant. However, an attack on a ferry could also result in
additional funding spent on enhanced security measures. For example,
the 2004 attack against the SuperFerry 14 in the Philippines affected
perceived terrorist threat contingencies and was a central factor in
subsequent decisions to deploy sea marshals on all ships traveling in
Philippine waters as well as promulgate heightened surveillance,
investigation, arrest, and detention powers for the police and
intelligence services.
Stakeholders Have Implemented Ferry Security Measures, but the Coast
Guard Has Not Acted on Other Identified Opportunities That May Enhance
Security:
To secure ferries and their facilities, responsible maritime security
stakeholders--including the Coast Guard, CBP, and TSA, as well as
owners and operators of ferries and their facilities--reported having
taken various actions to implement applicable federal maritime laws,
regulations, and guidance designed to help ensure the security of
ferries and their facilities.
The Coast Guard Reports That It Conducts Multiple Types of Security
Activities:
The Coast Guard seeks to mitigate risks to ferries and their
facilities through regulatory and operational activities. The Coast
Guard's regulatory activity involves ferry and ferry facility
inspections, conducted by inspections teams who monitor compliance
with operators' security plans.[Footnote 20] According to Coast Guard
officials, the Coast Guard conducts inspections of ferries four times
per year: the annual security inspection, which may be combined with a
safety inspection and typically occurs when the ferry is out of
service, and the quarterly inspections, which are shorter in duration,
and generally take place while the ferry remains in service. During
calendar years 2006 through 2009, the Coast Guard reported conducting
over 1,500 ferry inspections--about 670 of which were for high
capacity passenger ferries. Coast Guard officials stated that although
ferry operators are responsible for scheduling inspections as a
condition of their certification, the Coast Guard has a system in
place to notify the agency if a ferry's certification has expired so
that the Coast Guard may act accordingly.
In addition to ferry vessel inspections, the Coast Guard reports that
it inspects MTSA-regulated maritime facilities, including ferry
facilities, at least two times a year in accordance with SAFE Port Act
requirements.[Footnote 21] One of these inspections must be
unannounced. The Coast Guard reported conducting between approximately
700 and 850 ferry facility inspections each calendar year for the
period 2006 through 2009.[Footnote 22] To track its performance in
completing inspections, Coast Guard officials stated they have the
ability to create a daily report to inform the Captain of the Port
when each facility in his or her area of responsibility is due for an
inspection. The report lists all MTSA-regulated facilities, shows the
dates on which the Coast Guard performed its last two required
inspections, and highlights any facilities that are coming due or are
overdue for an inspection. In addition, a quarterly reporting tool was
developed for Coast Guard district and headquarters officials to
determine if facility inspection requirements were being met.
The Coast Guard also reported that it conducts operational activities
to secure ferries, including conducting boat escorts of ferries,
implementing positive control measures--that is, stationing armed
Coast Guard personnel in key locations aboard a vessel to ensure that
the operator maintains control--and providing a security presence
through various actions. Operation Neptune Shield requires Coast Guard
units to escort a certain percentage of high capacity passenger
vessels at each maritime security threat level to protect against an
external threat, such as a waterborne improvised explosive device.
[Footnote 23] The requirement is applicable to all types of high
capacity passenger vessels--cruise ships, ferries, and excursion
vessels--in a Sector's area of responsibility, and is not specific to
ferries. According to Coast Guard data, although 16 of 28 Sectors with
high capacity passenger vessels operating in their area of
responsibility met or exceeded the number of required escorts in
calendar year 2009, 12 did not meet their escort requirement.[Footnote
24] However, Coast Guard officials reported that some of the Sectors
that did not meet escort requirements may not have had high capacity
passenger ferries operating in their area of responsibility, but
instead may have had other high capacity passenger vessels, such as
cruise ships.[Footnote 25] Moreover, Operation Neptune Shield allows
the Captain of the Port the latitude to manage risk and shift
resources to other priorities when deemed necessary, for example, when
resources are not available to fulfill all missions simultaneously.
Officials from one Sector reported that its local law enforcement
agency has a large presence in the port, providing a presence on the
ferries and protecting security zones. See figure 2 for a depiction of
Coast Guard units escorting ferries.
Figure 2: Coast Guard Escorts of Ferries:
[Refer to PDF for image: 3 photographs]
Source: U.S. Coast Guard.
[End of figure]
In addition to conducting escorts and positive control measures, the
Coast Guard provides a security presence through other activities,
including patrolling areas in which ferries operate using airborne,
waterborne, and shoreside assets. In addition, Coast Guard personnel
may board docked ferries for the purpose of providing a security
presence once they are in transit. For example, at one location we
visited, we accompanied a Coast Guard Vessel Boarding Security Team,
which boarded the ferry and rode for two consecutive trips to provide
a security presence as part of its regular patrol duties.
TSA Also Has a Role in Ferry and Ferry Facility Security:
TSA supports ferry security by demonstrating a security presence,
providing training, and implementing pilot programs involving security
technologies. Providing a security presence, TSA's Visible Intermodal
Prevention and Response (VIPR) teams are comprised of federal air
marshals, surface transportation security inspectors, transportation
security officers, behavior detection officers, and explosives
detection canine teams. In July 2010, TSA officials reported that they
had deployed VIPR teams to ferry systems 319 times since calendar year
2006. Law enforcement officials in one location stated they had
participated in one VIPR operation each year from 2007 to 2009. In
another location, the Coast Guard Sector cited VIPR operations among
other best practices for ensuring the security of high capacity
passenger ferries. In addition to its security presence, TSA developed
training courses to educate passenger vessel employees on maritime
security issues such as crowd control, improvised explosive detection
recognition, and hijacking procedures. TSA also provides training
through its Intermodal Security Training Exercise Program, which
allows maritime security stakeholders to practice security exercises
on ferries and provides training on explosive devices. TSA also
accepts maritime security stakeholders into its explosive trace
detection canine training program.[Footnote 26] Law enforcement
officers affiliated with a ferry system we visited reported they were
among the first ferry operators to be accepted into the TSA program,
which has helped them to integrate four canines into their security
operation.
TSA also reported that it conducts pilot programs at transportation
systems, including ferry systems, through its Security Enhancement and
Capabilities Augmentation Program. TSA documents state that the
program gives TSA the opportunity to network with different ferry
operators across the United States, test emerging technologies, and
develop strategies that the agency can use to respond to specific
threats that arise from new intelligence or major events. TSA
officials stated that these pilots help to determine how technologies
work in different environments and in large-scale applications, and
allow local agencies to try the technologies. According to one ferry
operator, as part of their participation in TSA pilot programs, they
provided feedback to TSA in response to pilots that have been tested
in their respective systems. TSA officials also stated that the agency
has visited approximately 12 passenger vessel venues since 2003 to
test technologies used in the screening of passengers, baggage, and
stores to be loaded on passenger vessels. Although TSA does not track
implementation of piloted screening technologies, officials reported
that five passenger facility operators, some of which were ferry
facility operators, have adopted new technologies as a result of
participating in a TSA pilot. See figure 3 for a photographic
depiction of a technology used to screen vehicles for explosives that
TSA piloted at a ferry system.
Figure 3: TSA Testing of a Vehicle Screening Technology:
[Refer to PDF for image: photograph]
Source: Transportation Security Administration.
[End of figure]
For International Ferries That Enter U.S. Ports, CBP Carries Out
Several Activities:
CBP reports that it conducts inspections on international ferries that
arrive in, or are bound for a U.S. port, and deploys radiation
detection technologies at international ferry crossings. In the United
States, CBP inspects passengers, bags, vehicles, and crew that
disembark from international ferries. Additionally, CBP officers based
in Canada conduct admissibility inspections of U.S.-bound ferry
passengers. Furthermore, the SAFE Port Act of 2006 required CBP to
determine if it could expand its international presence. Specifically,
the act required CBP to seek to develop a plan by February 2007 for
the inspection of passengers and vehicles before they board a vehicle-
carrying ferry bound for the United States.[Footnote 27] In 2009, CBP
concluded that such actions would not be feasible, and in a 2009
letter to Congress, listed conditions which would prevent the agency
from examining all persons seeking to enter the United States.
Finally, CBP uses radiation detectors called portal monitors to screen
vehicles inbound from Canada as they disembark in the United States.
CBP officials stated that beginning in March 2008, radiation portal
monitors were deployed to U.S. facilities that receive ferries inbound
from Canada. By October 2009, CBP officials reported that 11 radiation
portal monitors had been deployed, and in July 2010, officials
reported that 4 additional devices were estimated to be deployed by
2013.
Ferry Operators Have Taken Action to Enhance Security and Their
Ability to Meet Security Standards Has Been Measured through
Inspections:
Ferry and ferry facility operators develop and implement security
plans. Pursuant to the ISPS Code and its guidance, and Coast Guard's
implementing MTSA regulations and guidance, like other regulated
vessels and facilities, ferry and ferry facility operators must
develop and implement security plans that address, among other things,
concerns identified in their security assessments. Security plans must
be reviewed and approved by the Coast Guard. Coast Guard officials
stated that as part of this process, the Captain of the Port
determines whether a plan's security measures address the concerns
identified in a ferry or ferry facility's security assessment. To
address requirements in their security plans, ferry operators we
interviewed reported using measures such as establishing a security
presence that may be provided by either their own law enforcement
branches or state and local law enforcement agencies; conducting
security sweeps of the ferries; implementing access controls such as
cameras, posting signage advising of security procedures, and
installing proximity card door systems; and screening vehicles.
[Footnote 28] See figure 4 for a photograph depicting security signage
posted at a ferry facility.
Figure 4: Security Signage Posted at a Ferry Facility:
[Refer to PDF for image: photograph]
Sign data:
Security Notice:
Maritime Security Level: 1:
Security measures may include ID checks and screening of
persons/belongings/vehicles.
Entering this facility is deemed valid consent to ID
check/screening/inspection. Failure to consent or submit to ID
check/screening/inspection will result in denial or revocation of
authorization to enter this facility.
Source: GAO.
[End of figure]
Security methods varied across ferry operations. Ferry systems had a
range of methods for providing onboard security, though the frequency
and means they used varied across ferry systems. For example, at one
ferry system we visited, local law enforcement officers rode on all
ferry transits, while another ferry system had state law enforcement
officers ride on selected trips. Similarly, all of the ferry systems
we visited conducted screening operations to help protect against a
passenger-or vehicle-borne improvised explosive device, but their
frequency and screening methods also varied across systems. While the
Coast Guard sets the minimum screening requirements at each maritime
security threat level,[Footnote 29] Coast Guard guidance states that
each ferry operator is permitted to enact measures that protect
passengers without unduly compromising service to the community.
Accordingly, operators may select the screening method most
appropriate for their respective operation and within their resources,
provided the Coast Guard deems the method sufficient to mitigate
security risks. On our site visits, we observed variation in screening
operations with respect to (a) the frequency of screening, (b) the
personnel involved in screening, and (c) the screening methods used.
With respect to screening frequency, port security stakeholders with
screening responsibilities at five of the six ferry systems we
interviewed generally reported that they met the minimum screening
requirement set forth by the Coast Guard, and one ferry system
reported that it screened all passengers, bags, and crew.[Footnote 30]
This operator noted that its screening frequency was determined by the
U.S. Park Police because the ferry transits to a national park.
According to the U.S. Park Police, this national park is listed as the
national icon that receives the greatest number of threats. During our
site visits, we also observed one system that did not appear to be
screening according to its standards, but we did not determine any
failure to meet minimum screening requirements.
Ferry and ferry facility operators utilize various personnel in their
screening operations. Federal regulations require personnel with
specific security responsibilities--such as screening--to have
knowledge through training or equivalent job experience in certain
areas and require operators to maintain personnel training records.
[Footnote 31] Based on our site visits, screening was performed by a
variety of personnel in these locations, including ferry crew members,
contracted security screeners, and state or local law enforcement.
[Footnote 32]
Among the ferry systems we visited, canine and manual screening
methods were utilized. Additionally, one passenger-only ferry system
we visited screened passengers and baggage using walk-through metal
detectors and baggage belts. According to a Coast Guard report on
ferry security, canine screening provides a reliable and proven method
for detecting concealed explosives.[Footnote 33] The report also
states that canines provide advantages of superior mobility and the
ability to follow a scent directly to its source--citing that canines
have a higher probability of detection compared to manual, x-ray, and
trace detection methods. Finally, the report states that while manual
screening is considered a nontechnological screening option, it allows
for higher passenger throughput than other screening devices.
Screening operations differ by ferry system due to various factors,
including system characteristics, state laws, and resource
availability. System characteristics like passenger throughput
influence the screening method an operator may feasibly implement, as
passenger processing rates vary across technologies. For example, two
ferry operators we interviewed reported that certain screening
technologies would not be able to accommodate their high passenger
throughput. Additionally, state provisions, under certain
circumstances, may limit the ability of security personnel to perform
certain screening methods. For example, state police officers who
perform canine screening at one ferry system we visited reported that
state case law generally prohibits them from opening a vehicle trunk
without the driver's consent or a search warrant. However, when a
canine detects a potential threat associated with a vehicle and the
driver does not consent to trunk screening, officers notify the ferry
captain. Under the ferry system's security procedures, anyone denying
such a screening will be prohibited from boarding, preventing a
potential risk from boarding the ferry. Furthermore, funding may also
pose a limiting factor in designing security operations. A 2005 Coast
Guard report on ferry screening indicates that costs vary across
screening methods, stating that canine screening is over three times
more expensive than manual screening. The report also notes that
startup programs for two canines and their handlers are estimated to
cost $250,000.[Footnote 34] In July 2010, one port security
stakeholder we interviewed stated that in addition to training costs,
their four canine units cost $160,000 per year.
Coast Guard data show that while ferry security deficiency rates
varied compared to other vessel types, ferry facility deficiency rates
were generally lower compared to other facility types. Of the nearly
700 inspections conducted on high capacity passenger ferries during
calendar years 2006 through 2009, the Coast Guard identified 48
deficiencies.[Footnote 35] Officials stated that overall, ferry
security deficiencies were generally no more severe than deficiencies
cited for cargo vessels and other passenger vessels. As shown in
figure 5, among nine vessel types, the relative ranking of security
deficiency rates for ferries--including both high capacity and smaller
capacity passenger ferries--varied from 2006 to 2009.
Figure 5: Security Deficiencies by Vessel Type, 2006 through 2009:
[Refer to PDF for image: vertical bar graph]
Vessel type: Ferry;
Deficiency rate[A]:
2006: 0.29;
2007: 0.29;
2008: 0.13;
2009: 0.32.
Vessel type: Cruise ship;
Deficiency rate[A]:
2006: 0.11;
2007: 0.33;
2008: 0.08;
2009: 0.09.
Vessel type: Excursion tour vessel;
Deficiency rate[A]:
2006: 0.7;
2007: 0.28;
2008: 0.39;
2009: 0.89.
Vessel type: General dry cargo ship;
Deficiency rate[A]:
2006: 0.23;
2007: 0.3;
2008: 0.14;
2009: 0.25.
Vessel type: Bulk carrier;
Deficiency rate[A]:
2006: 0.08;
2007: 0.21;
2008: 0.05;
2009: 0.02.
Vessel type: Tank ship;
Deficiency rate[A]:
2006: 0.23;
2007: 0.11;
2008: 0.11;
2009: 0.21.
Vessel type: Ro-Ro cargo ship;
Deficiency rate[A]:
2006: 0.22;
2007: 0.29;
2008: 0.17;
2009: 0.11.
Vessel type: Barge;
Deficiency rate[A]:
2006: 0.01;
2007: 0.01;
2008: 0.01;
2009: 0.01.
Vessel type: Towing vessel;
Deficiency rate[A]:
2006: 0.18;
2007: 0.02;
2008: 0.01;
2009: 0.01.
Source: U.S. Coast Guard.
[A] Within each vessel type, the deficiency rate is the number of
deficiencies divided by the number of regulated vessels each year.
[End of figure]
Coast Guard officials stated that ferry security deficiencies were
commonly found in the following areas: security plan audits and
amendments; drills and exercises; records and documentation; and
access control procedures, including monitoring of secure and
restricted areas. Coast Guard officials at agency headquarters
reported that operators were particularly responsive to correcting
deficiencies, because they understood that deficiencies could lead the
Coast Guard to remove a vessel from service and interrupt operations.
With regard to ferry facilities, the Coast Guard identified nearly
1,300 deficiencies in conducting a total of nearly 3,200 ferry
facility inspections during calendar years 2006 through 2009.
According to Coast Guard officials, the majority of the deficiencies
were related to (1) operations or management issues, such as the
failure of the security officers to properly perform their duties
related to required drills or personnel training and (2) documentation
issues such as the security officer failing to post security signage,
document security responsibilities, drills or training, or submit
security plan amendments. Coast Guard officials stated that compared
to other types of facilities, ferry facilities tended to have more
security requirements yet they generally outperformed other types of
facilities in meeting requirements. As shown in figure 6, ferry
facilities generally had the lowest deficiency rate compared to eight
other facilities during the period 2006 through 2009.
Figure 6: Security Deficiencies by Facility Type, 2006 through 2009:
[Refer to PDF for image: vertical bar graph]
Facility type: Ferry;
Deficiency rate[A]:
2006: 0.61;
2007: 0.86;
2008: 0.65;
2009: 0.84.
Facility type: Cruise Ship;
Deficiency rate[A]:
2006: 1.18;
2007: 1.29;
2008: 0.66;
2009: 0.93.
Facility type: Bulk Dry/Solid;
Deficiency rate[A]:
2006: 1.28;
2007: 1.47;
2008: 1.08;
2009: 1.07.
Facility type: Break Bulk;
Deficiency rate[A]:
2006: 1.48;
2007: 1.75;
2008: 1.52;
2009: 1.44.
Facility type: Bulk Liquid;
Deficiency rate[A]:
2006: 0.77;
2007: 1.16;
2008: 0.95;
2009: 1.14.
Facility type: Bulk Oil;
Deficiency rate[A]:
2006: 0.92;
2007: 1.24;
2008: 0.96;
2009: 0.89.
Facility type: Barge Fleeting;
Deficiency rate[A]:
2006: 2.48;
2007: 0.45;
2008: 3.03;
2009: 3.72.
Facility type: Assist/Escort Tug;
Deficiency rate[A]:
2006: 1.64;
2007: 1.29;
2008: 0.79;
2009: 1.07.
Facility type: Boat Ramp;
Deficiency rate[A]:
2006: 0.67;
2007: 0.76;
2008: 0.67;
2009: 0.19.
Source: U.S. Coast Guard.
[A] Within each facility type, the deficiency rate is the number of
deficiencies recorded each year divided by the number of regulated
facilities recorded in 2008. Ferry facilities may service both high
capacity ferries and smaller ferries.
[End of figure]
The Coast Guard May Be Missing Opportunities to Enhance Ferry Security:
The Coast Guard has reported taking various actions to help secure
ferries, but may be missing opportunities to further enhance ferry
security, particularly with respect to enhancing screening measures
because it has not evaluated and, if determined warranted, acted on
all of the findings and recommendations from several ferry security
reports completed in 2005 and 2006. In addition, the Coast Guard has
not reassessed its vehicle screening requirements since 2004.
The Coast Guard Has Not Evaluated and, if Determined Warranted, Acted
on Report Findings and Recommendations:
The Coast Guard spent $1.5 million on contracted studies related to
ferry security, but has not evaluated and, if determined warranted,
taken action to address all of the findings and recommendations from
these studies even though their results were issued in 2005 and 2006.
Recognizing the security risk posed by vehicle-borne improvised
explosive devices, the Coast Guard, in consultation with various other
entities, initiated five studies to conduct more comprehensive
research and development to enhance security on ferries.[Footnote 36]
According to Coast Guard documentation from 2004, these studies were
aimed at establishing a new benchmark for ferry screening and
enhancing the agency's ability to focus on improving security
practices, screening technology, and identification of explosive
hazards. In addition, the document states that the Coast Guard should
convene an interagency working group with private sector
representation from the ferry industry to identify areas for
improvement in the screening process by discussing (a) previously
implemented screening practices and (b) information from the studies
once they were completed. The five studies resulted in three reports
with key findings related to the screening of vehicles boarding a
ferry, and two of them made recommendations to the Coast Guard.
The ferry security reports included several findings and
recommendations. Two of the reports included classified
recommendations which can not be discussed in our report. The third
report, issued by ABSG Consulting in April 2005, reported on the
completed consequence studies that were conducted and included
classified findings on the potential consequences of a vehicle-borne
improvised explosive device, but no recommendations resulted from this
report. The objectives of the consequences studies were to predict
structural damage to the selected ferries from different charge sizes,
locations, and methods of attack.
The Coast Guard has not evaluated and, if determined warranted, taken
actions on the ferry security reports. Standards for Internal Control
in the Federal Government state that agencies should have policies and
procedures for ensuring that findings of audits and other reviews are
promptly resolved. The guidance further states that managers are to
(1) promptly evaluate findings from audits and other reviews,
including those showing deficiencies and recommendations reported by
auditors and others who evaluate agencies' operations; (2) determine
proper actions in response to findings and recommendations from audits
and reviews; and (3) complete, within established time frames, all
actions that correct or otherwise resolve the matters brought to
management's attention.[Footnote 37] Although Coast Guard program
officials stated that the agency does not have a process for
addressing, responding to, or documenting recommendations stemming
from research and development studies, they stated that once they
receive a report they generally review its recommendations and seek
feedback from Coast Guard program specialists and field units as well
as industry stakeholders. After this, Coast Guard officials stated
that they work with port captains and industry stakeholders to
implement feasible security measures. Coast Guard Research and
Development officials we met with told us that after the 2005 National
Ferry Security Study was issued, they communicated the report findings
to various entities, including the Coast Guard Commandant, Area
Maritime Security Committees, and stakeholders at the ports included
in the ferry study. In addition, a 2005 informational memorandum to
the Secretary of Homeland Security from the Commandant indicated that
the Coast Guard, in consultation with TSA and the Office for Domestic
Preparedness, planned to implement new security measures to mitigate
the risk of an improvised explosive device as a result of the ferry
security studies. However, in May 2010, Coast Guard program officials
stated that there were no current actions being taken to address the
findings and recommendations from the National Ferry Security Study.
Coast Guard officials explained that the ferry security reports were
released when the agency was undergoing an internal reorganization and
as a result the reports were not sent to the appropriate unit after
the reorganization--which they also believe is the likely reason for
why no further actions were taken to evaluate or address the reports'
findings and recommendations.
In June 2010, Coast Guard program officials reported that they were
taking actions to improve ferry security through ongoing rulemaking
and guidance development efforts. Coast Guard officials stated that
they were in the process of revising the MTSA regulations, through
which they would amend security training for vessel and facility
personnel--including ferry screening personnel. Coast Guard officials
stated that they began these revisions in late 2006, but had to divert
their attention to the implementation of the Transportation Worker
Identification Credential program in 2007, and thus, were delayed in
developing the MTSA regulation revisions. The Coast Guard plans to
finalize the MTSA regulatory revisions through the proposed rulemaking
process. In addition, Coast Guard officials stated that they have been
developing a Navigation and Vessel Inspection Circular for about 2
years to provide updated guidance for ferry screening. The guidance is
intended to update existing screening policies and assist owners or
operators of ferries and ferry facilities in the prevention of
security incidents by developing and implementing more effective
passenger screening programs appropriate for each maritime security
threat level. Although the officials reported these efforts initially
began in about 2005 or 2006, they did not expect the Navigation and
Vessel Inspection Circular to be published until fall 2010. Coast
Guard officials further reported that they plan to review the 2005 and
2006 reports to determine if additional changes should be incorporated
into their ongoing development of the Navigation and Vessel Inspection
Circular. However, officials stated that they could not delay the
publication of the MTSA regulatory revisions currently under
development, and thus, it was unlikely they would make any major ferry-
related changes in this rulemaking as a result of reviewing the 2005
and 2006 reports. Furthermore, Coast Guard officials also informed us
that DHS is currently evaluating the feasibility of developing
standards for nonfederal canine programs. The Captain of the Port
determines whether the qualifications of the canine program used by
screening personnel are sufficient, as standards for private or
nonfederal canine programs do not exist as they do for federal canine
programs.[Footnote 38]
Although these ongoing efforts may address some of the findings and
recommendations from the 2005 and 2006 reports, it is not evident that
the Coast Guard utilized the reports or their recommendations to
inform the agency's decision making, as officials could not confirm
whether the 2005 and 2006 reports were the catalyst for the agency's
actions. In addition, Coast Guard officials confirmed that the ongoing
actions will not address all of the findings and recommendations from
the reports. As a result of our work on ferry security, in August
2010, Coast Guard officials stated that they believe the ferry
security reports can still provide valuable information and they plan
to begin evaluating the reports in fall 2010. After conducting this
evaluation of the reports and considering their recommendations, the
Coast Guard could be in a better position to determine if additional
actions could be taken to improve the security of ferries and their
facilities. Moreover, fully evaluating the study results could assist
the Coast Guard in determining if its current proposed actions will
address previously identified deficiencies.
The Coast Guard Has Not Reassessed Vehicle Screening Requirements in
Accordance with Agency Guidance:
Although agency documents have suggested that the Coast Guard reassess
its vehicle screening requirements for ferry operators, the Coast
Guard has not taken action to update these requirements since 2004.
[Footnote 39] Along with MTSA regulations pertaining to vehicle
screening, the Coast Guard established minimum screening requirements
for vehicles boarding ferries in a November 2003 Coast Guard maritime
security directive.[Footnote 40] In September 2004, the Coast Guard
issued another maritime security directive which increased minimum
vehicle screening requirements for high capacity passenger ferries,
citing the use of a vehicle-borne improvised explosive device by a
terrorist as a primary concern for ferries.[Footnote 41] The directive
cited three factors that contributed to the decision to increase
vehicle screening requirements: (1) an increase in suspicious activity
in the preceding 2 years, (2) possible surveillance of ferry
operations during that same period, and (3) an anticipated increase in
risk associated with the January 2005 presidential inauguration. The
directive further stated that following the period of increased risk
related to the inauguration and the completion of the aforementioned
studies on ferry security, screening requirements would be reassessed.
The directive also called for the establishment of a workgroup to
address the new screening levels and develop a strategy to monitor
vehicle screening effectiveness. Lastly, a 2004 Coast Guard document
on ferry screening stated that the agency should monitor threats to
ferries and continually reassess screening requirements relative to
specific threats.
Despite Coast Guard documents from 2004 stating that a reassessment of
the screening requirements should be conducted when the ferry security
studies were completed or if the threat were to change--both of which
have occurred--as of May 2010, Coast Guard officials stated that they
had not taken action to reassess and update the requirements since the
2004 security directive. Reviewing the screening requirements could
provide the Coast Guard with reasonable assurance that it is setting
standards for ferry operators that mitigate current threats to ferries
and take into account the needs of ferry operators in maintaining
their operations. Again, as a result of our work on ferry security, in
August 2010, Coast Guard officials stated that they intended to begin
reviewing the ferry security reports in fall 2010. According to one of
these officials, although the agency's review of the ferry security
reports could result in a change to the vehicle screening
requirements, the agency did not have a specific plan to reassess the
vehicle screening requirements.
Conclusions:
Given the attractiveness of ferries as targets for terrorists and the
importance of ferry systems as a transportation mode, it is important
that maritime security stakeholders regularly assess risks and take
action to best ensure their security. Certainly, federal agencies and
maritime security stakeholders have implemented security measures to
enhance ferry system security, and in 2005, the Coast Guard recognized
the need to further enhance ferry system security. However, the Coast
Guard's attention was then diverted to other agency priorities and
thus the agency did not proactively evaluate and take action, if
determined appropriate, on the findings and recommendations from the
2005 and 2006 ferry security reports. The reports provide information
for potentially improving the detection of vehicle-borne improvised
explosive devices and enhancing security across the nation's ferry
systems, and in August 2010, Coast Guard officials acknowledged the
value of this information. Fully assessing and considering these
report findings and recommendations could provide the Coast Guard with
valuable information that could augment ferry security. After
evaluating the report findings and recommendations, the Coast Guard
could be in a better position to determine what additional actions, if
any, should be taken to enhance ferry security.
In addition, although Coast Guard documentation from 2004 states that
the agency should reassess its vehicle screening requirements after
the results of the ferry security reports are issued or if the threat
changes, it has not yet taken action to do so. Taking action to
reassess screening requirements could provide the Coast Guard with key
information to help improve its vehicle screening requirements. Thus,
the Coast Guard could be in a better position to set standards for
ferry operators that take into consideration the needs of the ferry
systems to maintain operations while also protecting against current
threats.
Recommendations for Executive Action:
To ensure that the Coast Guard considers all known options for
securing the ferry transportation system and is not missing
opportunities to enhance ferry security, we recommend that the
Commandant of the Coast Guard take the following two actions:
(1) after fully evaluating the findings and recommendations from the
Coast Guard's 2005 and 2006 ferry security reports, take appropriate
actions to address the findings and recommendations identified in
these reports; and:
(2) upon review of the reports, ensure that vehicle screening
requirements are set at an appropriate level that considers both the
risks to and operating requirements of ferry systems, and when
warranted, reassess screening requirements for ferries and make
changes as appropriate.
Agency Comments:
We provided a draft of the sensitive version of this report to the
Departments of Homeland Security, State, and Interior for their review
and comment. DHS did not provide official written comments to include
in our report. However, in an e-mail received on September 23, 2010,
the DHS liaison stated that DHS concurred with our recommendations.
DHS provided written technical comments, which we incorporated into
the report, as appropriate. The Departments of State and Interior
responded that they did not have any comments on the report.
We are sending copies of this report to the Secretaries of Homeland
Security, the Interior, and State; and interested congressional
committees as appropriate. The report is also available at no charge
on the GAO Web site at [hyperlink, http://www.gao.gov].
If you or your staff have any questions about this report, please
contact me at (202) 512-9610 or caldwells@gao.gov. Contact points for
our Offices of Congressional Relations and Public Affairs may be found
on the last page of this report. Key contributors to this report are
listed in appendix I.
Sincerely yours,
Signed by:
Stephen L. Caldwell:
Director, Homeland Security and Justice Issues:
[End of section]
Appendix I: GAO Contact and Staff Acknowledgments:
GAO Contact:
Stephen L. Caldwell, (202) 512-9610 or caldwells@gao.gov:
Staff Acknowledgments:
In addition to the contact named above, Dawn Hoff, Assistant Director,
and Jonathan Bachman, analyst-in-charge, managed this assignment.
Tracey Cross and Christine Hanson made significant contributions to
the work. Stanley Kostyla assisted with design and methodology.
Geoffrey Hamilton provided legal support. Jessica Orr provided
assistance in report preparation. Josh Ormond and Lydia Araya
developed the report's graphics.
[End of section]
Related GAO Products:
Maritime Security: DHS Progress and Challenges in Key Areas of Port
Security. [hyperlink, http://www.gao.gov/products/GAO-10-940T].
Washington, D.C.: July 21, 2010.
Maritime Security: Varied Actions Taken to Enhance Cruise Ship
Security, but Some Concerns Remain. [hyperlink,
http://www.gao.gov/products/GAO-10-400]. Washington, D.C.: April 9,
2010.
Supply Chain Security: Feasibility and Cost-Benefit Analysis Would
Assist DHS and Congress in Assessing and Implementing the Requirement
to Scan 100 Percent of U.S.-Bound Containers. [hyperlink,
http://www.gao.gov/products/GAO-10-12]. Washington, D.C.: October 30,
2009.
Maritime Security: Vessel Tracking Systems Provide Key Information,
but the Need for Duplicate Data Should Be Reviewed. [hyperlink,
http://www.gao.gov/products/GAO-09-337]. Washington, D.C.: March 17,
2009.
Supply Chain Security: CBP Works with International Entities to
Promote Global Customs Security Standards and Initiatives, but
Challenges Remain. [hyperlink,
http://www.gao.gov/products/GAO-08-538]. Washington, D.C.: August 15,
2008.
Maritime Security: National Strategy and Supporting Plans Were
Generally Well-Developed and Are Being Implemented. [hyperlink,
http://www.gao.gov/products/GAO-08-672]. Washington, D.C.: June 20,
2008.
Supply Chain Security: Challenges to Scanning 100 Percent of U.S.-
Bound Cargo Containers. [hyperlink,
http://www.gao.gov/products/GAO-08-533T]. Washington, D.C.: June 12,
2008.
Supply Chain Security: U.S. Customs and Border Protection Has Enhanced
Its Partnership with Import Trade Sectors, but Challenges Remain in
Verifying Security Practices. [hyperlink,
http://www.gao.gov/products/GAO-08-240]. Washington, D.C.: April 25,
2008.
Maritime Security: Coast Guard Inspections Identify and Correct
Facility Deficiencies, but More Analysis Needed of Program's Staffing,
Practices, and Data. [hyperlink,
http://www.gao.gov/products/GAO-08-12]. Washington, D.C.: February 14,
2008.
Supply Chain Security: Examinations of High-Risk Cargo at Foreign
Seaports Have Increased, but Improved Data Collection and Performance
Measures Are Needed. [hyperlink,
http://www.gao.gov/products/GAO-08-187]. Washington, D.C.: January 25,
2008.
Maritime Security: Federal Efforts Needed to Address Challenges in
Preventing and Responding to Terrorist Attacks on Energy Commodity
Tankers. [hyperlink, http://www.gao.gov/products/GAO-08-141].
Washington, D.C.: December 10, 2007.
Maritime Security: The SAFE Port Act: Status and Implementation One
Year Later. [hyperlink, http://www.gao.gov/products/GAO-08-126T].
Washington, D.C.: October 30, 2007.
Combating Nuclear Smuggling: Additional Actions Needed to Ensure
Adequate Testing of Next Generation Radiation Detection Equipment.
[hyperlink, http://www.gao.gov/products/GAO-07-1247T]. Washington,
D.C.: September 18, 2007.
Information on Port Security in the Caribbean Basin. [hyperlink,
http://www.gao.gov/products/GAO-07-804R]. Washington, D.C.: June 29,
2007.
Port Risk Management: Additional Federal Guidance Would Aid Ports in
Disaster Planning and Recovery. [hyperlink,
http://www.gao.gov/products/GAO-07-412]. Washington, D.C.: March 28,
2007.
Maritime Security: Public Safety Consequences of a Terrorist Attack on
a Tanker Carrying Liquefied Natural Gas Need Clarification.
[hyperlink, http://www.gao.gov/products/GAO-07-316]. Washington, D.C.:
February 22, 2007.
Coast Guard: Observations on the Preparation, Response, and Recovery
Missions Related to Hurricane Katrina. [hyperlink,
http://www.gao.gov/products/GAO-06-903]. Washington, D.C.: July 31,
2006.
Maritime Security: Information Sharing Efforts Are Improving.
[hyperlink, http://www.gao.gov/products/GAO-06-933T]. Washington,
D.C.: July 10, 2006.
Cargo Container Inspections: Preliminary Observations on the Status of
Efforts to Improve the Automated Targeting System. [hyperlink,
http://www.gao.gov/products/GAO-06-591T]. Washington, D.C.: March 30,
2006.
Risk Management: Further Refinements Needed to Assess Risks and
Prioritize Protective Measures at Ports and Other Critical
Infrastructure. [hyperlink, http://www.gao.gov/products/GAO-06-91].
Washington, D.C.: December 15, 2005.
Homeland Security: Key Cargo Security Programs Can Be Improved.
[hyperlink, http://www.gao.gov/products/GAO-05-466T]. Washington,
D.C.: May 26, 2005.
Maritime Security: Enhancements Made, But Implementation and
Sustainability Remain Key Challenges. GAO-05-448T. Washington, D.C.:
May 17, 2005.
Container Security: A Flexible Staffing Model and Minimum Equipment
Requirements Would Improve Overseas Targeting and Inspection Efforts.
[hyperlink, http://www.gao.gov/products/GAO-05-557]. Washington, D.C.:
April 26, 2005.
Maritime Security: New Structures Have Improved Information Sharing,
but Security Clearance Processing Requires Further Attention.
[hyperlink, http://www.gao.gov/products/GAO-05-394]. Washington, D.C.:
April 15, 2005.
Cargo Security: Partnership Program Grants Importers Reduced Scrutiny
with Limited Assurance of Improved Security. [hyperlink,
http://www.gao.gov/products/GAO-05-404]. Washington, D.C.: March 11,
2005.
Maritime Security: Better Planning Needed to Help Ensure an Effective
Port Security Assessment Program. [hyperlink,
http://www.gao.gov/products/GAO-04-1062]. Washington, D.C.: September
30, 2004.
Maritime Security: Partnering Could Reduce Federal Costs and
Facilitate Implementation of Automatic Vessel Identification System.
[hyperlink, http://www.gao.gov/products/GAO-04-868]. Washington, D.C.:
July 23, 2004.
Maritime Security: Substantial Work Remains to Translate New Planning
Requirements into Effective Port Security. [hyperlink,
http://www.gao.gov/products/GAO-04-838]. Washington, D.C.: June 30,
2004.
Homeland Security: Summary of Challenges Faced in Targeting Oceangoing
Cargo Containers for Inspection. [hyperlink,
http://www.gao.gov/products/GAO-04-557T]. Washington, D.C.: March 31,
2004.
Homeland Security: Preliminary Observations on Efforts to Target
Security Inspections of Cargo Containers. [hyperlink,
http://www.gao.gov/products/GAO-04-325T]. Washington, D.C.: December
16, 2003.
Maritime Security: Progress Made in Implementing Maritime
Transportation Security Act, but Concerns Remain. [hyperlink,
http://www.gao.gov/products/GAO-03-1155T]. Washington, D.C.: September
9, 2003.
Combating Terrorism: Interagency Framework and Agency Programs to
Address the Overseas Threat. [hyperlink,
http://www.gao.gov/products/GAO-03-165]. Washington, D.C.: May 23,
2003.
Nuclear Nonproliferation: U.S. Efforts to Combat Nuclear Smuggling.
[hyperlink, http://www.gao.gov/products/GAO-02-989T]. Washington,
D.C.: July 30, 2002.
Coast Guard: Vessel Identification System Development Needs to Be
Reassessed. [hyperlink, http://www.gao.gov/products/GAO-02-477].
Washington, D.C.: May 24, 2002.
[End of section]
Footnotes:
[1] Ferry data are based on results from the 2008 National Census of
Ferry Operators. These data were self-reported by respondents to the
census, include other sources of ferry data, and are the latest data
available. The Bureau of Transportation Statistics has ferry data
available for censuses taken in 2000, 2006, and 2008.
[2] U.S. Coast Guard Research and Development Center, National Ferry
Security Study (Groton, Conn.: May 2005); Michael D. Greenberg, Peter
Chalk, Henry H. Willis, Ivan Khilko, and David S. Ortiz, Maritime
Terrorism: Risk and Liability (Santa Monica, Calif.: RAND Corporation,
2006).
[3] Pub. L. No. 107-295, 116 Stat. 2064 (2002).
[4] GAO, Maritime Security: Varied Actions Taken to Enhance Cruise
Ship Security, but Some Concerns Remain, [hyperlink,
http://www.gao.gov/products/GAO-10-400] (Washington, D.C.: Apr. 9,
2010).
[5] Some passenger ferries may also carry cargo and/or vehicles in
addition to passengers.
[6] Risk is a function of three elements: (1) threat--the probability
that a specific type of attack will be initiated against a particular
target/class of targets, (2) vulnerability--the probability that a
particular attempted attack will succeed against a particular target
or class of targets, and (3) consequence--the expected worst case or
worst reasonable adverse impact of a successful attack.
[7] The National Infrastructure Protection Plan provides the unifying
structure and overall framework for the integration of critical
infrastructure and key resource protection into a single national
program.
[8] Coast Guard Sectors run all Coast Guard missions at the local and
port level, such as search and rescue, port security, environmental
protection, and law enforcement in ports and surrounding waters, and
oversee a number of smaller Coast Guard units, including small
cutters, small boat stations, and Aids to Navigation teams. The Coast
Guard is divided into 35 Sectors.
[9] At these five locations, we made observations of six ferry
systems. Two of the locations also received international ferries. In
addition to the Coast Guard, we interviewed a total of eight federal,
state, or local law enforcement agencies; seven ferry operators or
port authorities; and one Area Maritime Security Committee chair at
these locations; and one CBP unit at a foreign port.
[10] During this time, we were concurrently working on another
passenger vessel security report, issued in April 2010; see GAO-10-
400. In addition, we were also developing the sensitive version of
this ferry security report, issued in October 2010.
[11] U.S. Department of Transportation, Research and Innovative
Technology Administration, Bureau of Transportation Statistics,
National Census of Ferry Operators 2008, hyperlink,
http://www.transtats.bts.gov/tables.asp?DB_ID=616&DB_Name=&DB_Short_Name
] (Accessed May 21, 2010).
[12] For example, the Homeland Security Act of 2002 (Pub. L. No. 107-
296, §201, 116 Stat. 2135, 2146 (2002)) requires DHS to perform risk
assessments of key resources and critical infrastructure, and the
Intelligence Reform and Terrorism Prevention Act of 2004 (Pub. L. No.
108-458, §4001, 118 Stat. 3638, 3710 (2004)) requires that DHS's
National Strategy for Transportation Security include the development
of risk-based priorities across all transportation modes.
[13] The Captain of the Port is the Coast Guard officer designated by
the Commandant to enforce within his or her respective areas port
safety and security and marine environmental protection regulations,
including, without limitation, regulations for the protection and
security of vessels, harbors, and waterfront facilities.
[14] [hyperlink, http://www.gao.gov/products/GAO-10-400].
[15] For more information on risk assessment models used in the
aviation transportation mode, see GAO, Transportation Security:
Comprehensive Risk Assessments and Stronger Internal Controls Needed
to Help Inform TSA Resource Allocation, [hyperlink,
http://www.gao.gov/products/GAO-09-492] (Washington D.C.: Mar. 27,
2009).
[16] Transportation Research Board's Transit Cooperative Research
Program, Security Measures for Ferry Systems (Washington, D.C.: 2006).
[17] GAO, Maritime Security: Federal Efforts Needed to Address
Challenges in Preventing and Responding to Terrorist Attacks on Energy
Commodity Tankers, [hyperlink, http://www.gao.gov/products/GAO-08-141]
(Washington, D.C.: Dec. 10, 2007).
[18] GAO, Commercial Vehicle Security: Risk-Based Approach Needed to
Secure the Commercial Vehicle Sectors, [hyperlink,
http://www.gao.gov/products/GAO-09-85] (Washington, D.C.: Feb. 27,
2009).
[19] Admissibility inspections are conducted to determine the
nationality and identity of each person wishing to enter the United
States and to prevent the entry of inadmissible aliens, including
those thought to be criminals, terrorists, or drug traffickers. In
this example, the inspection would be conducted while the ferry is
still in a Canadian port.
[20] MTSA and its implementing regulations require that ferry and
ferry facility operators develop security plans and that the Coast
Guard review and approve these plans to ensure they are sufficient to
mitigate identified vulnerabilities and that stakeholders are
complying with them.
[21] Some ferries operate out of public access facilities for which
the Coast Guard does not conduct security inspections. For those
facilities the Coast Guard does inspect, agency guidance requires that
inspections: (a) ensure the facility complies with the Facility
Security Plan; (b) ensure the approved Facility Security Plan/
Alternative Security Program adequately addresses the performance-
based criteria as outlined in 33 CFR 105; (c) ensure the adequacy of
the Facility Security Assessment and the Facility Vulnerability and
Security Measures Summary (Coast Guard-6025); and (d) ensure that the
measures in place adequately address the vulnerabilities.
[22] The total number of MTSA-regulated ferry facilities can vary from
year to year due to some facilities receiving waivers from MTSA
regulations or discontinuing their operations.
[23] Operation Neptune Shield escort percentages are classified. To
meet escort requirements, the Coast Guard may receive assistance from
local law enforcement, provided the escorting vessel is equipped
comparably to Coast Guard vessels. According to Coast Guard officials,
the Captain of the Port uses historical data for the purpose of
determining which ferries to escort.
[24] Seven of the Coast Guard's 35 Sectors did not have any type of
high capacity passenger vessel operating within their respective area
of responsibility.
[25] Coast Guard data on escorts do not differentiate between types of
high capacity passenger vessels, such as ferries, cruise ships, or
excursion vessels. Accordingly, it is not possible to determine the
number of escorts that were performed on ferries or the number of
ferry transits that did not receive escorts.
[26] TSA's canine training program consists of a 10-week course which
pairs law enforcement officers from across the country with canines
specifically bred for the program. Officers and canines learn to work
together while being trained to locate and identify a wide variety of
dangerous materials.
[27] Pub. L. No. 109-347, § 122, 120 Stat. 1884, 1899 (2006).
[28] In addition to security actions taken on behalf of the ferry
operators, state and local law enforcement agencies may engage in
ferry security efforts as part of their broader law enforcement or
antiterrorism activities.
[29] The maritime security threat level is a three tiered rating of
the terrorist threat in the maritime environment.
[30] In one location the Coast Guard approved a slight decrease in the
minimum vehicle screening requirements so the ferry operator could
more randomly screen and more effectively mitigate risk.
[31] Required knowledge includes areas such as current security
threats and patterns; testing, calibration, operation, and maintenance
of security equipment and systems; methods of physical screening of
persons; inspection, control, and monitoring techniques; recognition
of characteristics and behavioral patterns of persons who are likely
to threaten security; and recognition and detection of dangerous
substances and devices.
[32] At one ferry system where both law enforcement and contractors
participated in security operations, officials stated that personnel
conducting screening may have varying authorities. For example, sworn
law enforcement officers would typically have the authority to take
additional actions beyond those that ferry employees or contractors
may have been able to take, such as detaining a passenger suspected of
committing or attempting to commit an illegal act.
[33] U.S. Coast Guard Research and Development Center, National Ferry
Security Study (Groton, Conn.: May 2005).
[34] U.S. Coast Guard Research and Development Center, National Ferry
Security Study (Groton, Conn.: May 2005).
[35] The reported number of deficiencies does not include deficiencies
that may still be open. Coast Guard officials reported that
deficiencies could be considered open for a number of reasons, such as
an appeal of the deficiency. Officials stated that prior year
deficiencies should all be closed, though it is possible that some may
still be open. According to the Coast Guard's standardized inspection
checklist, inspectors can check operators' compliance with
approximately 150 items, many of which could result in more than one
deficiency. In addition to the items addressed during the inspection,
other items such as failure to resolve or acquire waivers for
previously cited deficiencies could generate further deficiencies.
Conversely, some inspection items may not apply to certain facilities.
For example, one item applies only to facilities which serve vessels
that carry vehicles.
[36] The five studies included a general study, a consequence
assessment, an explosion screening effectiveness and technology study,
a study to collect data on screening technology in the ferry-operating
environment, and a system analysis and deterrence effectiveness study.
These studies were conducted by members of an integrated product team
that included members from the Coast Guard's Research and Development
Center, DHS's Science and Technology Directorate, Department of
Transportation's Maritime Administration, the Department of Defense's
Technical Support Working Group, TSA, Homeland Security Institute, and
ABSG Consulting.
[37] Federal guidance on internal control also states that the
resolution process begins when audit or other review results are
reported to management, and is completed only after action has been
taken that (1) corrects identified deficiencies, (2) produces
improvements, or (3) demonstrates the findings and recommendations do
not warrant management action. In addition, the consideration of
findings of reviews and audits is a means for an agency to identify
risk. See GAO, Standards for Internal Control in the Federal
Government, [hyperlink,
http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.:
November 1999).
[38] Participants in TSA's Transit Security Grant Program and DHS's
Homeland Security Grant Program are required to maintain data to
document compliance with guidelines for their explosives detection
canine teams. These guidelines were developed by a scientific working
group that included officials from DHS. See GAO, TSA's Explosives
Detection Canine Program: Status of Increasing Number of Explosives
Detection Canine Teams, [hyperlink,
http://www.gao.gov/products/GAO-08-933R] (Washington, D.C.: July 2008).
[39] The requirements employed a random strategy designed to provide
an effective level of deterrence while also balancing the need to
maintain an efficient flow of commerce.
[40] While the Coast Guard required ferry operators to incorporate
screening into their security plans--plans the Coast Guard must
approve--operators were permitted to select the method of screening.
The Captain of the Port may change screening requirements based on
changes in the risk to or threat level at the port.
[41] Through the security directive the Coast Guard increased minimum
screening requirements for vehicles and large enclosed vehicles at two
of the three maritime security threat levels.
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548: