Aviation Security

TSA Is Increasing Procurement and Deployment of the Advanced Imaging Technology, but Challenges to This Effort and Other Areas of Aviation Security Remain Gao ID: GAO-10-484T March 17, 2010

The attempted bombing of Northwest flight 253 highlighted the importance of detecting improvised explosive devices on passengers. This testimony focuses on (1) the Transportation Security Administration's (TSA) efforts to procure and deploy advanced imaging technology (AIT), and related challenges; and (2) TSA's efforts to strengthen screening procedures and technology in other areas of aviation security, and related challenges. This testimony is based on related products GAO issued from March 2009 through January 2010, selected updates conducted from December 2009 through March 2010 on the AIT procurement, and ongoing work on air cargo security. For the ongoing work and updates, GAO obtained information from the Department of Homeland Security (DHS) and TSA and interviewed senior TSA officials regarding air cargo security and the procurement, deployment, operational testing, and assessment of costs and benefits of the AIT.

In response to the December 25, 2009, attempted attack on Northwest flight 253, TSA revised the AIT procurement and deployment strategy, increasing the planned deployment of AITs from 878 to 1,800 units and using AITs as a primary--instead of a secondary--screening measure where feasible; however, challenges remain. In October 2009, GAO reported on the challenges TSA faced deploying new technologies such as the explosives trace portal (ETP) without fully testing them in an operational environment, and recommended such testing prior to future deployments. TSA officials concurred and stated that, unlike the ETP, operational testing for the AIT was successfully completed late in 2009 before its deployment was fully initiated. While officials said AITs performed as well as physical pat downs in operational tests, it remains unclear whether the AIT would have detected the weapon used in the December 2009 incident based on the preliminary information GAO has received. GAO is verifying that TSA successfully completed operational testing of the AIT. In October 2009, GAO also recommended that TSA complete cost-benefit analyses for new passenger screening technologies. While TSA conducted a life-cycle cost estimate and an alternatives analysis for the AIT, it reported that it has not conducted a cost-benefit analysis of the original deployment strategy or the revised AIT deployment strategy, which proposes a more than twofold increase in the number of machines to be procured. GAO estimates increases in staffing costs alone due to doubling the number of AITs that TSA plans to deploy could add up to $2.4 billion over its expected service life. While GAO recognizes that TSA is attempting to address a vulnerability exposed by the December 2009 attempted attack, a cost-benefit analysis is important as it would help inform TSA's judgment about the optimal deployment strategy for the AITs, and how best to address this vulnerability considering all elements of the screening system. TSA has also taken actions towards strengthening other areas of aviation security but continues to face challenges. For example, TSA has taken steps to meet the statutory mandate to screen 100 percent of air cargo transported on passenger aircraft by August 2010, including developing a program to share screening responsibilities across the air cargo supply chain. However, as GAO reported in March 2009, a number of challenges to this effort exist, including attracting participants to the TSA screening program, completing technology assessments, and overseeing additional entities that it expects to participate in the program. GAO is exploring these issues as part of an ongoing review of TSA's air cargo security program which GAO plans to issue later this year. Further, while TSA has taken a variety of actions to strengthen the security of commercial airports, GAO reported in September 2009 that TSA continues to face challenges in several areas, such as assessing risk and evaluating worker screening methods. In September 2009, GAO also recommended that TSA develop a national strategy to guide stakeholder efforts to strengthen airport perimeter and access control security, to which DHS concurred.

GAO-10-484T, Aviation Security: TSA Is Increasing Procurement and Deployment of the Advanced Imaging Technology, but Challenges to This Effort and Other Areas of Aviation Security Remain This is the accessible text file for GAO report number GAO-10-484T entitled 'Aviation Security: TSA Is Increasing Procurement and Deployment of the Advanced Imaging Technology, but Challenges to This Effort and Other Areas of Aviation Security Remain' which was released on March 17, 2010. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Testimony: Before the Subcommittee on Transportation Security and Infrastructure Protection, Committee on Homeland Security, House of Representatives: United States Government Accountability Office: GAO: For Release on Delivery: Expected at 2:00 p.m. EDT: Wednesday, March 17, 2010: Aviation Security: TSA Is Increasing Procurement and Deployment of the Advanced Imaging Technology, but Challenges to This Effort and Other Areas of Aviation Security Remain: Statement of Steve Lord, Director: Homeland Security and Justice Issues: GAO-10-484T: GAO Highlights: Highlights of GAO-10-484T, a testimony before the Subcommittee on Transportation Security and Infrastructure Protection, Committee on Homeland Security, House of Representatives. Why GAO Did This Study: The attempted bombing of Northwest flight 253 highlighted the importance of detecting improvised explosive devices on passengers. This testimony focuses on (1) the Transportation Security Administration‘s (TSA) efforts to procure and deploy advanced imaging technology (AIT), and related challenges; and (2) TSA‘s efforts to strengthen screening procedures and technology in other areas of aviation security, and related challenges. This testimony is based on related products GAO issued from March 2009 through January 2010, selected updates conducted from December 2009 through March 2010 on the AIT procurement, and ongoing work on air cargo security. For the ongoing work and updates, GAO obtained information from the Department of Homeland Security (DHS) and TSA and interviewed senior TSA officials regarding air cargo security and the procurement, deployment, operational testing, and assessment of costs and benefits of the AIT. What GAO Found: In response to the December 25, 2009, attempted attack on Northwest flight 253, TSA revised the AIT procurement and deployment strategy, increasing the planned deployment of AITs from 878 to 1,800 units and using AITs as a primary”instead of a secondary”screening measure where feasible; however, challenges remain. In October 2009, GAO reported on the challenges TSA faced deploying new technologies such as the explosives trace portal (ETP) without fully testing them in an operational environment, and recommended such testing prior to future deployments. TSA officials concurred and stated that, unlike the ETP, operational testing for the AIT was successfully completed late in 2009 before its deployment was fully initiated. While officials said AITs performed as well as physical pat downs in operational tests, it remains unclear whether the AIT would have detected the weapon used in the December 2009 incident based on the preliminary information GAO has received. GAO is verifying that TSA successfully completed operational testing of the AIT. In October 2009, GAO also recommended that TSA complete cost-benefit analyses for new passenger screening technologies. While TSA conducted a life-cycle cost estimate and an alternatives analysis for the AIT, it reported that it has not conducted a cost-benefit analysis of the original deployment strategy or the revised AIT deployment strategy, which proposes a more than twofold increase in the number of machines to be procured. GAO estimates increases in staffing costs alone due to doubling the number of AITs that TSA plans to deploy could add up to $2.4 billion over its expected service life. While GAO recognizes that TSA is attempting to address a vulnerability exposed by the December 2009 attempted attack, a cost-benefit analysis is important as it would help inform TSA‘s judgment about the optimal deployment strategy for the AITs, and how best to address this vulnerability considering all elements of the screening system. TSA has also taken actions towards strengthening other areas of aviation security but continues to face challenges. For example, TSA has taken steps to meet the statutory mandate to screen 100 percent of air cargo transported on passenger aircraft by August 2010, including developing a program to share screening responsibilities across the air cargo supply chain. However, as GAO reported in March 2009, a number of challenges to this effort exist, including attracting participants to the TSA screening program, completing technology assessments, and overseeing additional entities that it expects to participate in the program. GAO is exploring these issues as part of an ongoing review of TSA‘s air cargo security program which GAO plans to issue later this year. Further, while TSA has taken a variety of actions to strengthen the security of commercial airports, GAO reported in September 2009 that TSA continues to face challenges in several areas, such as assessing risk and evaluating worker screening methods. In September 2009, GAO also recommended that TSA develop a national strategy to guide stakeholder efforts to strengthen airport perimeter and access control security, to which DHS concurred. What GAO Recommends: GAO is not making new recommendations. In past reports, GAO has recommended, among other things, that TSA operationally test screening technologies prior to deployment and assess costs and benefits of screening technology investments. DHS concurred and is working to address the recommendations. DHS provided comments to this statement, which were incorporated. View [hyperlink, http://www.gao.gov/products/GAO-10-484T] or key components. For more information, contact Steve Lord at (202) 512-4379 or lords@gao.gov. [End of section] Madame Chairwoman and Members of the Subcommittee, I am pleased to be here today to discuss the Transportation Security Administration's (TSA) progress in securing passenger checkpoints and other areas of commercial aviation. In response to the December 25, 2009, attempted bombing of Northwest flight 253, the Secretary of Homeland Security announced five corrective actions to improve aviation security, including accelerating deployment of the advanced imaging technology (AIT)--formerly called the Whole Body Imager--to identify materials such as those used in the attempted Christmas Day bombing. The AITs produce an image of a passenger's body that TSA personnel use to look for anomalies, such as explosives. TSA is deploying AITs to airport passenger checkpoints to enhance its ability to detect explosive devices and other prohibited items on passengers. Passengers undergo either primary or secondary screening at these checkpoints. Primary screening is conducted on all airline passengers before they enter the sterile area of an airport and involves passengers walking through a metal detector and their carry-on items being subjected to X-ray screening.[Footnote 1] Secondary screening is conducted on selected passengers and involves additional screening of both passengers and their carry-on items. While screening passengers at the checkpoint is a vital layer of security, it is also important to ensure the security of other areas of commercial aviation, such as air cargo transported on passenger aircraft, and airport worker screening and checked baggage screening. TSA's passenger checkpoint screening system comprises three elements: (1) personnel responsible for, among other things, screening passengers and baggage; (2) the policies and procedures that govern the different aviation security programs; and (3) the technology used to screen passengers and baggage. All three elements--people, process, and technology--collectively help determine the effectiveness and efficiency of passenger checkpoint screening, and our past work in this area has addressed all three elements of the system.[Footnote 2] Similarly, securing the flying public involves tradeoffs between security, privacy, and the efficient flow of commerce. Striking the right balance between these three goals is an ongoing challenge facing TSA. My testimony today focuses on (1) TSA's plans to procure, deploy, and test AITs to enhance the security of the passenger checkpoint, and any challenges TSA faces in this effort; and (2) TSA's efforts to strengthen screening procedures and technology in other areas of aviation security, and any related challenges the agency faces in these areas. This statement is based on related GAO reports and testimonies we issued from March 2009 through January 2010, as well as preliminary observations based on ongoing work--from October 2008 through February 2010--to be completed later this year assessing the progress that DHS and its component agencies have made in addressing challenges related to air cargo security.[Footnote 3] To conduct all of this work, we reviewed relevant documents related to the programs reviewed, and interviewed cognizant Department of Homeland Security (DHS) and TSA officials. All of this work was conducted in accordance with generally accepted government auditing standards, and our previously published reports contain additional details on the scope and methodology for those reviews. In addition, this statement contains selected updates conducted from December 2009 through March 2010 on TSA's effort to procure and deploy the AIT. For the updates, we obtained information from DHS and TSA on the AIT and interviewed senior TSA officials regarding the planned procurement, deployment, operational testing and evaluation, and assessment of benefits and costs of the AITs. We conducted these updates in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings based on our audit objectives. Background: Airline Passenger Screening Using Checkpoint Technology: Passenger screening is a process by which screeners inspect individuals and their property to deter and prevent an act of violence or air piracy, such as the carrying of any unauthorized explosive, incendiary, weapon, or other prohibited item on board an aircraft or into a sterile area. Screeners inspect individuals for prohibited items at designated screening locations. TSA developed standard operating procedures for screening passengers at airport checkpoints. Primary screening is conducted on all airline passengers before they enter the sterile area of an airport and involves passengers walking through a metal detector, and carry-on items being subjected to X-ray screening. Passengers who alarm the walk-through metal detector or are designated as selectees--that is, passengers selected for additional screening--must then undergo secondary screening, as well as passengers whose carry-on items have been identified by the X-ray machine as potentially containing prohibited items. Secondary screening involves additional means for screening passengers, such as by hand wand; physical pat down; or other screening methods such as the AIT. Role of DHS Science & Technology Directorate: Within DHS, both the Science and Technology Directorate (S&T) and TSA have responsibilities for researching, developing, and testing and evaluating new technologies, including airport checkpoint screening technologies. Specifically, S&T is responsible for the basic and applied research and advanced development of new technologies, while TSA, through its Passenger Screening Program (PSP), identifies the need for new checkpoint screening technologies and provides input to S&T during the research and development of new technologies, which TSA then procures and deploys. Because S&T and TSA share responsibilities related to the research, development, test and evaluation (RDT&E), procurement, and deployment of checkpoint screening technologies, the two organizations must coordinate with each other and external stakeholders, such as airport operators and technology vendors. Air Cargo Security: Air cargo can be shipped in various forms, including unit load devices (ULD) that allow many packages to be consolidated into one container or pallet; wooden crates; or individually wrapped/boxed pieces, known as loose or break-bulk cargo. Participants in the air cargo shipping process include shippers, such as manufacturers; freight forwarders, who consolidate cargo from shippers and take it to air carriers for transport; air cargo handling agents, who process and load cargo onto aircraft on behalf of air carriers; and air carriers that load and transport cargo.[Footnote 4] TSA's responsibilities include, among other things, establishing security requirements governing domestic and foreign passenger air carriers that transport cargo and domestic freight forwarders. Airport Perimeter Security and Access Control: Airport perimeter and access control security is intended to prevent unauthorized access into secured airport areas, either from outside the airport complex or from within. Airport operators generally have direct day-to-day responsibility for maintaining and improving perimeter and access control security, as well as implementing measures to reduce worker risk. However, TSA has primary responsibility for establishing and implementing measures to improve security operations at U.S. commercial airports--that is, TSA- regulated airports--including overseeing airport operator efforts to maintain perimeter and access control security.[Footnote 5] Airport workers may access sterile areas through TSA security checkpoints or through other access points that are secured by the airport operator. The airport operator is also responsible, in accordance with its security program, for securing access to secured airport areas where passengers are not permitted. Airport methods used to control access vary, but all access controls must meet minimum performance standards in accordance with TSA requirements. Increased Deployment of AIT Highlights the Importance of Operational Testing and Cost-Benefit Analysis Prior to Deployment: TSA Plans to Procure and Deploy 1,800 AITs by 2014 and Use Them as a Primary Screening Measure: In response to the December 2009 attempted terrorist attack, TSA has revised its procurement and deployment strategy for the AIT, increasing the number of AITs it plans to procure and deploy. In contrast with its prior strategy, the agency now plans to acquire and deploy 1,800 AITs (instead of the 878 units it had previously planned to acquire) and to use them as a primary screening measure where feasible rather than solely as a secondary screening measure. According to a senior TSA official, the agency is taking these actions in response to the Christmas Day 2009 terrorist incident. These officials stated that they anticipate the AIT will provide enhanced security benefits compared to walk-through metal detectors, such as enhanced detection capabilities for identifying nonmetallic threat objects and liquids. TSA officials also stated that the AIT offers greater efficiencies because it allows TSA to more rigorously screen a greater number of passengers in a shorter amount of time while providing a detection capability equivalent to a pat down. For example, the AIT requires about 20 seconds to produce and interpret a passenger's image as compared with 2 minutes required for a physical pat down. A senior official also stated that TSA intends to continue to offer an alternative but comparable screening method, such as a physical pat down, for passengers who prefer not to be screened using the AIT. The AIT produces an image of a passenger's body that a screener interprets. The image identifies objects, or anomalies, on the outside of the physical body but does not reveal items beneath the surface of the skin, such as implants. TSA plans to procure two types of AIT units: one type uses millimeter-wave and the other type uses backscatter X-ray technology. Millimeter-wave technology beams millimeter-wave radio-frequency energy over the body's surface at high speed from two antennas simultaneously as they rotate around the body. The energy reflected back from the body or other objects on the body is used to construct a three-dimensional image. Millimeter wave technology produces an image that resembles a fuzzy photo negative. Backscatter X-ray technology uses a low-level X-ray to create a two- sided image of the person. Backscatter technology produces an image that resembles a chalk etching. As of February 24, 2010, according to a senior TSA official, the agency has deployed 40 of the millimeter-wave AITs and procured 150 backscatter X-ray units in fiscal year 2009. In early March 2010, TSA initiated the deployment of these backscatter units starting with two airports, Logan International Airport in Boston, Massachusetts, and Chicago O'Hare International Airport in Des Plaines, Illinois. TSA officials stated that they do not expect these units to be fully operational, however, until the second or third week of March due to time needed to hire and train additional personnel. TSA estimates that the remaining backscatter X-ray units will be installed at airports by the end of calendar year 2010. In addition, TSA plans to procure an additional 300 AIT units in fiscal year 2010, some of which it plans to purchase with funds from the American Recovery and Reinvestment Act of 2009. In fiscal year 2011, TSA plans to procure 503 AIT units. TSA projects that a total of about 1,000 AIT systems will be deployed to airports by the end of December 2011. In fiscal year 2014 TSA plans to reach full operating capacity, having procured a total of 1,800 units and deployed them to 60 percent of the checkpoint lanes at Category X, I, and II airports.[Footnote 6] The current projected full operating capacity of 1,800 machines represents a more than two-fold increase from 878 units that TSA had previously planned. TSA officials stated that the cost of the AIT is about $170,000 per unit, excluding training, installation, and maintenance costs. In addition, in the fiscal year 2011 President's budget submission, TSA has requested $218.9 million for 3,550 additional full-time equivalents (FTE) to help staff the AITs deployed in that time frame. From 2012 through 2014, as TSA deploys additional units to reach full operating capacity, additional staff will be needed to operate these units; such staffing costs will recur on an annual basis. TSA officials told us that three FTEs are needed to operate each unit. Because the AIT presents a full body image of a person during the screening process, concerns have been expressed that the image is an invasion of privacy. According to TSA, to protect passenger privacy and ensure anonymity, strict privacy safeguards are built into the procedures for use of the AIT. For example, the officer who assists the passenger does not see the image that the technology produces, and the officer who views the image is remotely located in a secure resolution room and does not see the passenger. Officers evaluating images are not permitted to take cameras, cell phones, or photo- enabled devices into the resolution room. To further protect passengers' privacy, ways have been introduced to blur the passengers' images. The millimeter-wave technology blurs all facial features, and the backscatter X-ray technology has an algorithm applied to the entire image to protect privacy. Further, TSA has stated that the AIT's capability to store, print, transmit, or save the image will be disabled at the factory before the machines are delivered to airports, and each image is automatically deleted from the system after it is cleared by the remotely located security officer. Once the remotely located officer determines that threat items are not present, that officer communicates wirelessly to the officer assisting the passenger. The passenger may then continue through the security process. Potential threat items are resolved through a directed physical pat down before the passenger is cleared to enter the sterile area.[Footnote 7] In addition to privacy concerns, the AITs are large machines, and adding them to the checkpoint areas will require additional space, especially since the operators are physically segregated from the checkpoint to help ensure passenger privacy. Adding a significant number of additional AITs to the existing airport infrastructure could impose additional challenges on airport operators. TSA Recently Reported Efforts to Strengthen Its Operational Test and Evaluation Process, but It Is Not Clear Whether TSA Has Fully Evaluated the Relative Security Benefits and Costs of the AIT: In October 2009, we reported that TSA had relied on a screening technology in day-to-day airport operations that had not been proven to meet its functional requirements through operational testing and evaluation, contrary to TSA's acquisition guidance and a knowledge- based acquisition approach.[Footnote 8] We also reported that TSA had not operationally tested the AITs at the time of our review, and we recommended that TSA operationally test and evaluate technologies prior to deploying them.[Footnote 9] In commenting on our report, TSA agreed with this recommendation. Although TSA does not yet have a written policy requiring operational testing prior to deployment, a senior TSA official stated that TSA has made efforts to strengthen its operational test and evaluation process and that TSA is now complying with DHS's current acquisition directive that requires operational testing and evaluation be completed prior to deployment.[Footnote 10] According to officials, TSA is now requiring that AIT are to successfully complete both laboratory tests and operational tests prior to deployment. As we previously reported, TSA's experience with the explosives trace portal (ETP), or "puffers," demonstrates the importance of testing and evaluation in an operational environment.[Footnote 11] The ETP detects traces of explosives on a passenger by using puffs of air to dislodge particles from the passenger's body and clothing that the machine analyzes for traces of explosives. TSA procured 207 ETPs and in 2006 deployed 101 ETPs to 36 airports, the first deployment of a checkpoint technology initiated by the agency.[Footnote 12] TSA deployed the ETPs even though tests conducted during 2004 and 2005 on earlier ETP models suggested that they did not demonstrate reliable performance. Furthermore, the ETP models that were subsequently deployed were not tested to prove their effective performance in an operational environment, contrary to TSA's acquisition guidance, which recommends such testing. As a result, TSA procured and deployed ETPs without assurance that they would perform as intended in an operational environment. TSA officials stated that they deployed the machines without resolving these issues to respond quickly to the threat of suicide bombers. In June 2006 TSA halted further deployment of the ETP because of performance, maintenance, and installation issues. According to a senior TSA official, as of December 31, 2009, all but 9 ETPs have been withdrawn from airports, and 18 ETPs remain in inventory. Following the completion of our review, TSA officials told us that the AIT successfully completed operational testing at the end of calendar year 2009 before its deployment was fully initiated. The official also stated that the AIT test results were provided and reviewed by DHS's Acquisition Review Board prior to the board approving the AIT deployment. According to TSA's threat assessment, terrorists have various techniques for concealing explosives on their persons, as was evident in Mr. Abdulmutallab's attempted attack on December 25, when he concealed an explosive in his underwear. While TSA officials stated that the laboratory and operational testing of the AIT included placing explosive material in different locations on the body,[Footnote 13] it remains unclear whether the AIT would have been able to detect the weapon Mr. Abdulmutallab used in his attempted attack based on the preliminary TSA information we have received. We are in the process of reviewing these operational tests to assess the AIT's detection capabilities and to verify that TSA successfully completed operational testing of the AIT. In addition, while TSA officials stated that the AITs performed as well as physical pat downs in operational testing, TSA officials also reported they have not conducted a cost-benefit analysis of the original or revised AIT deployment strategy. We reported in October 2009 that TSA had not conducted a cost-benefit analysis of checkpoint technologies being researched and developed, procured, and deployed and recommended that it do so. DHS concurred with our recommendation. Cost-benefit analyses are important because they help decision makers determine which protective measures, for instance, investments in technologies or in other security programs, will provide the greatest mitigation of risk for the resources that are available. TSA officials stated that a cost-benefit analysis was not completed for the AIT because one is not required under DHS acquisition guidance. However, these officials reported that they had completed, earlier in the program, a life-cycle cost estimate and an analysis of alternatives for the AIT as required by DHS, which, according to agency officials, provides equivalent information to a cost-benefit analysis. We are in the process of reviewing the alternatives analysis that was completed in 2008 and life-cycle cost estimates which TSA provided to us on March 12, 2010, to determine the extent to which these estimates reflect the additional costs to staff these units. We estimate that, based on TSA's fiscal year 2011 budget request and current AIT deployment strategy, increases in staffing costs due to doubling the number of AITs that TSA plans to deploy could add up to $2.4 billion over the expected service life of this investment.[Footnote 14] While we recognize that TSA is taking action to address a vulnerability of the passenger checkpoint exposed by the December 25, 2009, attempted attack, we continue to believe that, given TSA's expanded deployment strategy, conducting a cost-benefit analysis of TSA's AIT deployment is important. An updated cost-benefit analysis would help inform TSA's judgment about the optimal deployment strategy for the AITs, as well as provide information to inform the best path forward, considering all elements of the screening system, for addressing the vulnerability identified by this attempted terrorist attack. TSA Has Made Progress in Securing Air Cargo and Airport Access, but Challenges Remain: TSA Has Made Progress in Meeting the Air Cargo Screening Mandate, but Faces Participation, Technology, Oversight, and Inbound-Cargo Challenges: As we previously reported in March 2009, based on preliminary observations from ongoing work, TSA has taken several key steps to meet the statutory mandate to screen 100 percent of air cargo transported on passenger aircraft by August 2010.[Footnote 15] Among the steps that TSA has taken to address domestic air cargo screening, the agency has revised its security programs to require more cargo to be screened; created the Certified Cargo Screening Program (CCSP), a voluntary program to allow screening to take place earlier in the shipping process and at various points in the air cargo supply chain-- including before the cargo is consolidated; issued an interim final rule, effective November 16, 2009, that, among other things, codifies the statutory air cargo screening requirements of the 9/11 Commission Act and establishes requirements for entities participating in the CCSP;[Footnote 16] established a technology pilot program to operationally test explosives trace detection (ETD) and X-ray technology;[Footnote 17] and expanded its explosives detection canine program. While these steps are encouraging, TSA faces several challenges in meeting the air cargo screening mandate. First, although industry participation in the CCSP is vital to TSA's approach to move screening responsibilities across the U.S. supply chain, the voluntary nature of the program may make it difficult to attract program participants needed to screen the required levels of domestic cargo. Second, while TSA has taken steps to test technologies for screening and securing air cargo, it has not yet completed assessments of the various technologies it plans to allow air carriers and program participants to use in meeting the August 2010 screening mandate. According to TSA officials, several X-ray and explosives detection systems (EDS) technologies successfully passed laboratory testing, and TSA placed them on a December 2009 list of qualified products that industry can use to screen cargo after August 2010.[Footnote 18] TSA plans to conduct field testing and evaluation of these technologies in an operational environment. In addition, TSA plans to begin laboratory testing for ETD, Electronic Metal Detection (EMD), and additional X- ray technologies in early 2010, and anticipates including these technologies on the list of qualified products the industry can use by the summer of 2010, before proceeding with operational testing. [Footnote 19] As we previously reported, based on preliminary observations from ongoing work, X-ray and ETD technologies, which have not yet been fully tested for effectiveness, are currently being used by industry participants to meet air cargo screening requirements. [Footnote 20] We are examining this issue in more detail as part of our ongoing review of TSA's air cargo security efforts, to be issued later this year. Third, TSA faces challenges overseeing compliance with the CCSP due to the size of its current Transportation Security Inspector (TSI) workforce. Under the CCSP, in addition to performing inspections of air carriers and freight forwarders, TSIs are to also perform compliance inspections of new regulated entities that voluntarily become certified cargo screening facilities (CCSF), as well as conduct additional CCSF inspections of existing freight forwarders. TSA officials have stated that the agency is evaluating the required number of TSIs to fully implement and oversee the program. Completing its staffing study may help TSA determine whether it has the necessary staffing resources to ensure that entities involved in the CCSP are meeting TSA requirements to screen and secure air cargo.[Footnote 21] As part of our ongoing work, we are exploring to what extent TSA is undertaking a staffing study. Finally, TSA has taken some steps to meet the screening mandate as it applies to inbound cargo but does not expect to achieve 100 percent screening of inbound cargo by the August 2010 deadline. TSA revised its requirements to, in general, require carriers to screen 50 percent of nonexempt inbound cargo. TSA also began harmonization of security standards with other nations through bilateral and quadrilateral discussions.[Footnote 22] In addition, TSA continues to work with Customs and Border Protection (CBP) to leverage an existing CBP system to identify and target high-risk air cargo. However, TSA does not expect to meet the mandated 100 percent screening level by August 2010. This is due, in part, to challenges TSA faces in harmonizing the agency's air cargo security standards with those of other nations. Moreover, TSA's international inspection resources are limited. We will continue to explore these issues as part of our ongoing review of TSA's air cargo security efforts, to be issued later this year. TSA Has Taken Actions to Strengthen Airport Security, but Faces Challenges That Include Assessing Risk and Evaluating Worker Screening Methods: In our September 2009 report on airport security, we reported that TSA has implemented a variety of programs and protective actions to strengthen the security of commercial airports.[Footnote 23] For example, in March 2007, TSA implemented a random worker screening program--the Aviation Direct Access Screening Program (ADASP)-- nationwide to enforce access procedures, such as ensuring that workers do not possess unauthorized items when entering secured areas. [Footnote 24] In addition, TSA has expanded requirements for background checks and for the population of individuals who are subject to these checks, and has established a statutorily directed pilot program to assess airport security technology.[Footnote 25] As we reported in September 2009, while TSA has taken numerous steps to enhance airport security, it continues to face challenges in several areas, such as assessing risk, evaluating worker screening methods, addressing airport technology needs, and developing a unified national strategy for airport security.[Footnote 26] For example, while TSA has taken steps to assess risk related to airport security, it has not conducted a comprehensive risk assessment based on assessments of threats, vulnerabilities, and consequences, as required by DHS's National Infrastructure Protection Plan. To address these issues, we recommended, among other things, that TSA develop a comprehensive risk assessment of airport security and milestones for its completion, and evaluate whether the current approach to conducting vulnerability assessments appropriately assesses vulnerabilities. DHS concurred with these recommendations and stated that TSA is taking actions to implement them. Our September 2009 report also reported the results of TSA efforts to help identify the potential costs and benefits of 100 percent worker screening and other worker screening methods.[Footnote 27] In July 2009 TSA issued a final report on the results and concluded that random screening is a more cost-effective approach because it appears "roughly" as effective in identifying contraband items at less cost than 100 percent worker screening.[Footnote 28] However, the report also identified limitations in the design and evaluation of the program and in the estimation of costs, such as the limited number of participating airports, the limited evaluation of certain screening techniques, the approximate nature of the cost estimates, and the limited amount of information available regarding operational effects and other costs. Given the significance of these limitations, we reported in September 2009 that it is unclear whether random worker screening is more or less cost effective than 100 percent worker screening. In addition, TSA did not document key aspects of the pilot's design, methodology, and evaluation, such as a data analysis plan, limiting the usefulness of these efforts. To address this, we recommended that TSA ensure that future airport security pilot program evaluation efforts include a well-developed and well-documented evaluation plan, to which DHS concurred. Moreover, although TSA has taken steps to develop biometric worker credentialing, it is unclear to what extent TSA plans to address statutory requirements regarding biometric technology, such as developing or requiring biometric access controls at airports, establishing comprehensive standards, and determining the best way to incorporate these decisions into airports' existing systems.[Footnote 29] To address this issue, we have recommended that TSA develop milestones for meeting statutory requirements for, among other things, performance standards for biometric airport access control systems. DHS concurred with this recommendation. Finally, TSA's efforts to enhance the security of the nation's airports have not been guided by a national strategy that identifies key elements, such as goals, priorities, performance measures, and required resources. To better ensure that airport stakeholders take a unified approach to airport security, we recommended that TSA develop a national strategy that incorporates key characteristics of effective security strategies, such as measurable goals and priorities, to which DHS concurred and stated that TSA is taking action to implement it. Project Newton May Result in New Explosives Testing Standards for TSA's Screening Technology: As we discussed in our October 2009 report, TSA and the DHS Science and Technology Directorate (S&T) are pursuing an effort--known as Project Newton--which uses computer modeling to determine the effects of explosives on aircraft and develop new requirements to respond to emerging threats from explosives.[Footnote 30] Specifically, TSA and S&T are reviewing the scientific basis of their current detection standards for explosives detection technologies to screen passengers, carry-on items, and checked baggage. As part of this work, TSA and S&T are conducting studies to update their understanding of the effects that explosives may have on aircraft, such as the consequences of detonating explosives on board an in-flight aircraft. Senior TSA and DHS S&T officials stated that the two agencies decided to initiate this review because they could not fully identify or validate the scientific support requiring explosives detection technologies to identify increasingly smaller amounts of some explosives over time as required by TSA policy. Officials stated that they used the best available information to originally develop detection standards for explosives detection technologies. According to these officials, TSA's understanding of how explosives affect aircraft has largely been based on data obtained from live-fire explosive tests on aircraft hulls at ground level. Officials further stated that due to the expense and complexity of live-fire tests, the Federal Aviation Administration, TSA, and DHS collectively have conducted only a limited number of tests on retired aircraft, which limited the amount of data available for analysis. As part of this ongoing review, TSA and S&T are simulating the complex dynamics of explosive blast effects on an in- flight aircraft by using a computer model based on advanced software developed by the national laboratories. TSA believes that the computer model will be able to accurately simulate hundreds of explosives tests by simulating the effects that explosives will have when placed in different locations within various aircraft models. As discussed in our October 2009 report, TSA and S&T officials expect that the results of this work will provide a much fuller understanding of the explosive detection requirements and the threat posed by various amounts of different explosives, and will use this information to determine whether any modifications to existing detection standards should be made moving forward. We are currently reviewing Project Newton and will report on it at a later date. Madame Chairwoman, that concludes my statement and I would be happy to answer any questions. Contacts and Acknowledgments: For additional information about this statement, please contact Stephen M. Lord at (202) 512-4379 or lords@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this statement. In addition to the contact named above, staff who made key contributions to this statement were E. Anne Laffoon and Steve D. Morris, Assistant Directors; Nabajyoti Barkakati, Carissa Bryant, Frances Cook, Joseph E. Dewechter, Amy Frazier, Barbara Guffy, David K. Hooper, Richard B. Hung, Lori Kmetz, Linda S. Miller, Timothy M. Persons, Yanina Golburt Samuels, Emily Suarez-Harris, and Rebecca Kuhlmann Taylor. [End of section] Footnotes: [1] Sterile areas are areas of airports where passengers wait after screening to board departing aircraft. [2] See for example, GAO, Homeland Security: Better Use of Terrorist Watchlist Information and Improvements in Deployment of Passenger Screening Checkpoint Technologies Could Further Strengthen Security, [hyperlink, http://www.gao.gov/products/GAO-10-401T] (Washington, D.C.: Jan. 27, 2010); Aviation Security: DHS and TSA Have Researched, Developed, and Begun Deploying Passenger Checkpoint Screening Technologies, but Continue to Face Challenges, [hyperlink, http://www.gao.gov/products/GAO-10-128] (Washington, D.C.: Oct. 7, 2009); Homeland Security: DHS's Progress and Challenges in Key Areas of Maritime, Aviation, and Cybersecurity, [hyperlink, http://www.gao.gov/products/GAO-10-106] (Washington, D.C.: Dec. 2, 2009); Aviation Security: TSA Has Completed Key Activities Associated with Implementing Secure Flight, but Additional Actions Are Needed to Mitigate Risks, [hyperlink, http://www.gao.gov/products/GAO-09-292] (Washington, D.C.: May 13, 2009); Aviation Security: Preliminary Observations on TSA's Progress and Challenges in Meeting the Statutory Mandate for Screening Air Cargo on Passenger Aircraft, [hyperlink, http://www.gao.gov/products/GAO-09-422T] (Washington, D.C.: Mar. 18, 2009); Aviation Security: Vulnerabilities Exposed Through Covert Testing of TSA's Passenger Screening Process, [hyperlink, http://www.gao.gov/products/GAO-08-48T] (Washington, D.C.: Nov. 15, 2007); and Terrorist Watch List Screening: Opportunities Exist to Enhance Management Oversight, Reduce Vulnerabilities in Agency Screening Processes, and Expand Use of the List, [hyperlink, http://www.gao.gov/products/GAO-08-110] (Washington, D.C.: Oct. 11, 2007). [3] [hyperlink, http://www.gao.gov/products/GAO-10-401T]; [hyperlink, http://www.gao.gov/products/GAO-10-128]; [hyperlink, http://www.gao.gov/products/GAO-10-106], and [hyperlink, http://www.gao.gov/products/GAO-09-422T]. [4] For purposes of this statement, the term freight forwarders only includes those freight forwarders that are regulated by TSA, also referred to as indirect air carriers. [5] See generally Aviation and Transportation Security Act, Pub. L. No. 107-71, 115 Stat. 597 (2001). [6] There are about 450 commercial airports in the United States. TSA classifies airports into one of five categories (X, I, II, III, and IV) based on various factors, such as the total number of takeoffs and landings annually, the extent to which passengers are screened at the airport, and other special security considerations. In general, category X airports have the largest number of passenger boardings, and category IV airports have the smallest. [7] TSA stated that it continues to evaluate possible display options that include a "stick figure" or "cartoon-like" form to provide greater privacy protection to the individual being screened while still allowing the unit operator or automated detection algorithms to detect possible threats. DHS is working directly with technology providers to develop advanced screening algorithms for the AIT that would utilize Automatic Target Recognition to identify and highlight possible threats. [8] [hyperlink, http://www.gao.gov/products/GAO-10-128]. [9] Operational testing refers to testing in an operational environment in order to verify that new systems are operationally effective, supportable, and suitable. [10] DHS Acquisition Management Directive 102-01, Jan. 20, 2010. [11] We have previously reported that deploying technologies that have not successfully completed operational testing and evaluation can lead to cost overruns and underperformance. In addition, our reviews have shown that leading commercial firms follow a knowledge-based approach to major acquisitions and do not proceed with large investments unless the product's design demonstrates its ability to meet functional requirements and be stable. The developer must show that the product can be manufactured within cost, schedule, and quality targets and is reliable before production begins and the system is used in day-to-day operations. See [hyperlink, http://www.gao.gov/products/GAO-10-128] and GAO, Best Practices: Using a Knowledge-Based Approach to Improve Weapon Acquisition, [hyperlink, http://www.gao.gov/products/GAO-04-386SP] (Washington, D.C.: Jan. 2004). [12] TSA deployed the ETPs from January to June 2006. [13] The results of TSA's laboratory and operational testing are classified. [14] To estimate the cost of the additional staff needed to operate the AIT machines during their service life as a result of TSA's increased deployment of the AIT, we used information in the President's Budget Request for Fiscal Year 2011 and from interviews with TSA officials. We identified staffing costs to operate each AIT ($369,764) and multiplied this figure by the number of additional AITs that TSA has recently planned to deploy by 2014 (922 units) to calculate the additional staffing costs, which equaled $340,922,408. We then multiplied the additional staffing costs of $340,922,408 by 7 years to calculate the additional staffing cost to operate additional AIT units during their expected service life, which equaled $2,386,456,856. [15] GAO-09-422T. The Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Commission Act) requires that by August 2010, 100 percent of cargo--domestic and inbound--transported on passenger aircraft be physically screened. The 9/11 Commission Act establishes minimum standards for screening air cargo and defines screening for purposes of the air cargo screening mandate as a physical examination or nonintrusive methods of assessing whether cargo poses a threat to transportation security. Solely performing a review of information about the contents of cargo or verifying the identity of the cargo's shipper does not constitute screening for purposes of satisfying the mandate. See Pub. L. No. 110-53, � 1602(a), 121 Stat. 266, 477-79 (codified at 49 U.S.C. � 44901(g)). For the purposes of this statement, domestic air cargo refers to cargo transported by air within the United States and from the United States to a foreign location by both U.S. and foreign-based air carriers; and inbound cargo refers to cargo transported by U.S. and foreign-based air carriers from a foreign location to the United States. [16] See Air Cargo Screening, 74 Fed. Reg. 47672 (Sept. 16, 2009). [17] ETD requires human operators to collect samples of items to be screened with swabs, which are chemically analyzed to identify any traces of explosives material. [18] EDS uses computer-aided tomography X-rays to examine objects inside baggage and identify the characteristic signatures of threat explosives. [19] EMD devices are capable of detecting metallic-based explosives, such as wires, within a variety of perishable commodities at the cargo- piece, parcel, and pallet level. [20] [hyperlink, http://www.gao.gov/products/GAO-09-422T]. [21] For additional information on TSA's staffing study, see GAO, Aviation Security: Status of Transportation Security Inspector Workforce, [hyperlink, http://www.gao.gov/products/GAO-09-123R] (Washington D.C.: Feb. 6, 2009). [22] The term harmonization is used to describe countries' efforts to coordinate their security practices to enhance security and increase efficiency by avoiding duplication of effort. [23] GAO, Aviation Security: A National Strategy and Other Actions Would Strengthen TSA's Efforts to Secure Commercial Airport Perimeters and Access Controls, [hyperlink, http://www.gao.gov/products/GAO-09-399] (Washington, D.C.: Sept. 30, 2009). [24] For the purposes of this statement "secured area" is used generally to refer to areas specified in an airport security program that require restricted access. See 49 C.F.R. �� 1540.5, 1542.201. [25] According to TSA officials, the agency established this program in response to a provision enacted through the Aviation and Transportation Security Act. See Pub. L. No. 107-71 � 106(d), 115 Stat. at 610 (codified at 49 U.S.C. � 44903(c)(3)). [26] [hyperlink, http://www.gao.gov/products/GAO-09-399]. [27] To respond to the threat posed by airport workers, the Explanatory Statement accompanying the DHS Appropriations Act, 2008, directed TSA to use $15 million of its appropriation to conduct a pilot program at seven airports. Explanatory Statement accompanying Division E of the Consolidated Appropriations Act, 2008, Pub. L. No. 110-161, Div. E, 121 Stat. 1844, 2042 (2007), at 1048. While the Statement refers to these pilot programs as airport employee screening pilots, for the purposes of this statement, we use "worker screening" to refer to the screening of all individuals who work at the airport. [28] Transportation Security Administration, Airport Employee Screening Pilot Program Study: Fiscal Year 2008 Report to Congress (Washington, D.C., July 7, 2009). [29] Among other things, the Intelligence Reform and Terrorism Prevention Act of 2004 directed TSA, in consultation with industry representatives, to establish comprehensive technical and operational system requirements and performance standards for the use of biometric identifier technology in airport access control systems. See Pub. L. No. 108-458, � 4011, 118 Stat. 3638, 3712-14 (2004) (codified at 49 U.S.C. � 44903(h)(5)). [30] [hyperlink, http://www.gao.gov/products/GAO-10-128]. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO‘s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO‘s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: