Aviation Security
TSA Is Increasing Procurement and Deployment of the Advanced Imaging Technology, but Challenges to This Effort and Other Areas of Aviation Security Remain
Gao ID: GAO-10-484T March 17, 2010
The attempted bombing of Northwest flight 253 highlighted the importance of detecting improvised explosive devices on passengers. This testimony focuses on (1) the Transportation Security Administration's (TSA) efforts to procure and deploy advanced imaging technology (AIT), and related challenges; and (2) TSA's efforts to strengthen screening procedures and technology in other areas of aviation security, and related challenges. This testimony is based on related products GAO issued from March 2009 through January 2010, selected updates conducted from December 2009 through March 2010 on the AIT procurement, and ongoing work on air cargo security. For the ongoing work and updates, GAO obtained information from the Department of Homeland Security (DHS) and TSA and interviewed senior TSA officials regarding air cargo security and the procurement, deployment, operational testing, and assessment of costs and benefits of the AIT.
In response to the December 25, 2009, attempted attack on Northwest flight 253, TSA revised the AIT procurement and deployment strategy, increasing the planned deployment of AITs from 878 to 1,800 units and using AITs as a primary--instead of a secondary--screening measure where feasible; however, challenges remain. In October 2009, GAO reported on the challenges TSA faced deploying new technologies such as the explosives trace portal (ETP) without fully testing them in an operational environment, and recommended such testing prior to future deployments. TSA officials concurred and stated that, unlike the ETP, operational testing for the AIT was successfully completed late in 2009 before its deployment was fully initiated. While officials said AITs performed as well as physical pat downs in operational tests, it remains unclear whether the AIT would have detected the weapon used in the December 2009 incident based on the preliminary information GAO has received. GAO is verifying that TSA successfully completed operational testing of the AIT. In October 2009, GAO also recommended that TSA complete cost-benefit analyses for new passenger screening technologies. While TSA conducted a life-cycle cost estimate and an alternatives analysis for the AIT, it reported that it has not conducted a cost-benefit analysis of the original deployment strategy or the revised AIT deployment strategy, which proposes a more than twofold increase in the number of machines to be procured. GAO estimates increases in staffing costs alone due to doubling the number of AITs that TSA plans to deploy could add up to $2.4 billion over its expected service life. While GAO recognizes that TSA is attempting to address a vulnerability exposed by the December 2009 attempted attack, a cost-benefit analysis is important as it would help inform TSA's judgment about the optimal deployment strategy for the AITs, and how best to address this vulnerability considering all elements of the screening system. TSA has also taken actions towards strengthening other areas of aviation security but continues to face challenges. For example, TSA has taken steps to meet the statutory mandate to screen 100 percent of air cargo transported on passenger aircraft by August 2010, including developing a program to share screening responsibilities across the air cargo supply chain. However, as GAO reported in March 2009, a number of challenges to this effort exist, including attracting participants to the TSA screening program, completing technology assessments, and overseeing additional entities that it expects to participate in the program. GAO is exploring these issues as part of an ongoing review of TSA's air cargo security program which GAO plans to issue later this year. Further, while TSA has taken a variety of actions to strengthen the security of commercial airports, GAO reported in September 2009 that TSA continues to face challenges in several areas, such as assessing risk and evaluating worker screening methods. In September 2009, GAO also recommended that TSA develop a national strategy to guide stakeholder efforts to strengthen airport perimeter and access control security, to which DHS concurred.
GAO-10-484T, Aviation Security: TSA Is Increasing Procurement and Deployment of the Advanced Imaging Technology, but Challenges to This Effort and Other Areas of Aviation Security Remain
This is the accessible text file for GAO report number GAO-10-484T
entitled 'Aviation Security: TSA Is Increasing Procurement and
Deployment of the Advanced Imaging Technology, but Challenges to This
Effort and Other Areas of Aviation Security Remain' which was released
on March 17, 2010.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as
part of a longer term project to improve GAO products' accessibility.
Every attempt has been made to maintain the structural and data
integrity of the original printed product. Accessibility features,
such as text descriptions of tables, consecutively numbered footnotes
placed at the end of the file, and the text of agency comment letters,
are provided but may not exactly duplicate the presentation or format
of the printed version. The portable document format (PDF) file is an
exact electronic replica of the printed version. We welcome your
feedback. Please E-mail your comments regarding the contents or
accessibility features of this document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Testimony:
Before the Subcommittee on Transportation Security and Infrastructure
Protection, Committee on Homeland Security, House of Representatives:
United States Government Accountability Office:
GAO:
For Release on Delivery:
Expected at 2:00 p.m. EDT:
Wednesday, March 17, 2010:
Aviation Security:
TSA Is Increasing Procurement and Deployment of the Advanced Imaging
Technology, but Challenges to This Effort and Other Areas of Aviation
Security Remain:
Statement of Steve Lord, Director:
Homeland Security and Justice Issues:
GAO-10-484T:
GAO Highlights:
Highlights of GAO-10-484T, a testimony before the Subcommittee on
Transportation Security and Infrastructure Protection, Committee on
Homeland Security, House of Representatives.
Why GAO Did This Study:
The attempted bombing of Northwest flight 253 highlighted the
importance of detecting improvised explosive devices on passengers.
This testimony focuses on (1) the Transportation Security
Administration‘s (TSA) efforts to procure and deploy advanced imaging
technology (AIT), and related challenges; and (2) TSA‘s efforts to
strengthen screening procedures and technology in other areas of
aviation security, and related challenges. This testimony is based on
related products GAO issued from March 2009 through January 2010,
selected updates conducted from December 2009 through March 2010 on
the AIT procurement, and ongoing work on air cargo security. For the
ongoing work and updates, GAO obtained information from the Department
of Homeland Security (DHS) and TSA and interviewed senior TSA
officials regarding air cargo security and the procurement,
deployment, operational testing, and assessment of costs and benefits
of the AIT.
What GAO Found:
In response to the December 25, 2009, attempted attack on Northwest
flight 253, TSA revised the AIT procurement and deployment strategy,
increasing the planned deployment of AITs from 878 to 1,800 units and
using AITs as a primary”instead of a secondary”screening measure where
feasible; however, challenges remain. In October 2009, GAO reported on
the challenges TSA faced deploying new technologies such as the
explosives trace portal (ETP) without fully testing them in an
operational environment, and recommended such testing prior to future
deployments. TSA officials concurred and stated that, unlike the ETP,
operational testing for the AIT was successfully completed late in
2009 before its deployment was fully initiated. While officials said
AITs performed as well as physical pat downs in operational tests, it
remains unclear whether the AIT would have detected the weapon used in
the December 2009 incident based on the preliminary information GAO
has received. GAO is verifying that TSA successfully completed
operational testing of the AIT. In October 2009, GAO also recommended
that TSA complete cost-benefit analyses for new passenger screening
technologies. While TSA conducted a life-cycle cost estimate and an
alternatives analysis for the AIT, it reported that it has not
conducted a cost-benefit analysis of the original deployment strategy
or the revised AIT deployment strategy, which proposes a more than
twofold increase in the number of machines to be procured. GAO
estimates increases in staffing costs alone due to doubling the number
of AITs that TSA plans to deploy could add up to $2.4 billion over its
expected service life. While GAO recognizes that TSA is attempting to
address a vulnerability exposed by the December 2009 attempted attack,
a cost-benefit analysis is important as it would help inform TSA‘s
judgment about the optimal deployment strategy for the AITs, and how
best to address this vulnerability considering all elements of the
screening system.
TSA has also taken actions towards strengthening other areas of
aviation security but continues to face challenges. For example, TSA
has taken steps to meet the statutory mandate to screen 100 percent of
air cargo transported on passenger aircraft by August 2010, including
developing a program to share screening responsibilities across the
air cargo supply chain. However, as GAO reported in March 2009, a
number of challenges to this effort exist, including attracting
participants to the TSA screening program, completing technology
assessments, and overseeing additional entities that it expects to
participate in the program. GAO is exploring these issues as part of
an ongoing review of TSA‘s air cargo security program which GAO plans
to issue later this year. Further, while TSA has taken a variety of
actions to strengthen the security of commercial airports, GAO
reported in September 2009 that TSA continues to face challenges in
several areas, such as assessing risk and evaluating worker screening
methods. In September 2009, GAO also recommended that TSA develop a
national strategy to guide stakeholder efforts to strengthen airport
perimeter and access control security, to which DHS concurred.
What GAO Recommends:
GAO is not making new recommendations. In past reports, GAO has
recommended, among other things, that TSA operationally test screening
technologies prior to deployment and assess costs and benefits of
screening technology investments. DHS concurred and is working to
address the recommendations. DHS provided comments to this statement,
which were incorporated.
View [hyperlink, http://www.gao.gov/products/GAO-10-484T] or key
components. For more information, contact Steve Lord at (202) 512-4379
or lords@gao.gov.
[End of section]
Madame Chairwoman and Members of the Subcommittee,
I am pleased to be here today to discuss the Transportation Security
Administration's (TSA) progress in securing passenger checkpoints and
other areas of commercial aviation. In response to the December 25,
2009, attempted bombing of Northwest flight 253, the Secretary of
Homeland Security announced five corrective actions to improve
aviation security, including accelerating deployment of the advanced
imaging technology (AIT)--formerly called the Whole Body Imager--to
identify materials such as those used in the attempted Christmas Day
bombing. The AITs produce an image of a passenger's body that TSA
personnel use to look for anomalies, such as explosives. TSA is
deploying AITs to airport passenger checkpoints to enhance its ability
to detect explosive devices and other prohibited items on passengers.
Passengers undergo either primary or secondary screening at these
checkpoints. Primary screening is conducted on all airline passengers
before they enter the sterile area of an airport and involves
passengers walking through a metal detector and their carry-on items
being subjected to X-ray screening.[Footnote 1] Secondary screening is
conducted on selected passengers and involves additional screening of
both passengers and their carry-on items. While screening passengers
at the checkpoint is a vital layer of security, it is also important
to ensure the security of other areas of commercial aviation, such as
air cargo transported on passenger aircraft, and airport worker
screening and checked baggage screening.
TSA's passenger checkpoint screening system comprises three elements:
(1) personnel responsible for, among other things, screening
passengers and baggage; (2) the policies and procedures that govern
the different aviation security programs; and (3) the technology used
to screen passengers and baggage. All three elements--people, process,
and technology--collectively help determine the effectiveness and
efficiency of passenger checkpoint screening, and our past work in
this area has addressed all three elements of the system.[Footnote 2]
Similarly, securing the flying public involves tradeoffs between
security, privacy, and the efficient flow of commerce. Striking the
right balance between these three goals is an ongoing challenge facing
TSA.
My testimony today focuses on (1) TSA's plans to procure, deploy, and
test AITs to enhance the security of the passenger checkpoint, and any
challenges TSA faces in this effort; and (2) TSA's efforts to
strengthen screening procedures and technology in other areas of
aviation security, and any related challenges the agency faces in
these areas.
This statement is based on related GAO reports and testimonies we
issued from March 2009 through January 2010, as well as preliminary
observations based on ongoing work--from October 2008 through February
2010--to be completed later this year assessing the progress that DHS
and its component agencies have made in addressing challenges related
to air cargo security.[Footnote 3] To conduct all of this work, we
reviewed relevant documents related to the programs reviewed, and
interviewed cognizant Department of Homeland Security (DHS) and TSA
officials. All of this work was conducted in accordance with generally
accepted government auditing standards, and our previously published
reports contain additional details on the scope and methodology for
those reviews. In addition, this statement contains selected updates
conducted from December 2009 through March 2010 on TSA's effort to
procure and deploy the AIT. For the updates, we obtained information
from DHS and TSA on the AIT and interviewed senior TSA officials
regarding the planned procurement, deployment, operational testing and
evaluation, and assessment of benefits and costs of the AITs. We
conducted these updates in accordance with generally accepted
government auditing standards. Those standards require that we plan
and perform the audit to obtain sufficient, appropriate evidence to
provide a reasonable basis for our findings and conclusions based on
our audit objectives. We believe that the evidence obtained provides a
reasonable basis for our findings based on our audit objectives.
Background:
Airline Passenger Screening Using Checkpoint Technology:
Passenger screening is a process by which screeners inspect
individuals and their property to deter and prevent an act of violence
or air piracy, such as the carrying of any unauthorized explosive,
incendiary, weapon, or other prohibited item on board an aircraft or
into a sterile area. Screeners inspect individuals for prohibited
items at designated screening locations. TSA developed standard
operating procedures for screening passengers at airport checkpoints.
Primary screening is conducted on all airline passengers before they
enter the sterile area of an airport and involves passengers walking
through a metal detector, and carry-on items being subjected to X-ray
screening. Passengers who alarm the walk-through metal detector or are
designated as selectees--that is, passengers selected for additional
screening--must then undergo secondary screening, as well as
passengers whose carry-on items have been identified by the X-ray
machine as potentially containing prohibited items. Secondary
screening involves additional means for screening passengers, such as
by hand wand; physical pat down; or other screening methods such as
the AIT.
Role of DHS Science & Technology Directorate:
Within DHS, both the Science and Technology Directorate (S&T) and TSA
have responsibilities for researching, developing, and testing and
evaluating new technologies, including airport checkpoint screening
technologies. Specifically, S&T is responsible for the basic and
applied research and advanced development of new technologies, while
TSA, through its Passenger Screening Program (PSP), identifies the
need for new checkpoint screening technologies and provides input to
S&T during the research and development of new technologies, which TSA
then procures and deploys. Because S&T and TSA share responsibilities
related to the research, development, test and evaluation (RDT&E),
procurement, and deployment of checkpoint screening technologies, the
two organizations must coordinate with each other and external
stakeholders, such as airport operators and technology vendors.
Air Cargo Security:
Air cargo can be shipped in various forms, including unit load devices
(ULD) that allow many packages to be consolidated into one container
or pallet; wooden crates; or individually wrapped/boxed pieces, known
as loose or break-bulk cargo. Participants in the air cargo shipping
process include shippers, such as manufacturers; freight forwarders,
who consolidate cargo from shippers and take it to air carriers for
transport; air cargo handling agents, who process and load cargo onto
aircraft on behalf of air carriers; and air carriers that load and
transport cargo.[Footnote 4] TSA's responsibilities include, among
other things, establishing security requirements governing domestic
and foreign passenger air carriers that transport cargo and domestic
freight forwarders.
Airport Perimeter Security and Access Control:
Airport perimeter and access control security is intended to prevent
unauthorized access into secured airport areas, either from outside
the airport complex or from within. Airport operators generally have
direct day-to-day responsibility for maintaining and improving
perimeter and access control security, as well as implementing
measures to reduce worker risk. However, TSA has primary
responsibility for establishing and implementing measures to improve
security operations at U.S. commercial airports--that is, TSA-
regulated airports--including overseeing airport operator efforts to
maintain perimeter and access control security.[Footnote 5] Airport
workers may access sterile areas through TSA security checkpoints or
through other access points that are secured by the airport operator.
The airport operator is also responsible, in accordance with its
security program, for securing access to secured airport areas where
passengers are not permitted. Airport methods used to control access
vary, but all access controls must meet minimum performance standards
in accordance with TSA requirements.
Increased Deployment of AIT Highlights the Importance of Operational
Testing and Cost-Benefit Analysis Prior to Deployment:
TSA Plans to Procure and Deploy 1,800 AITs by 2014 and Use Them as a
Primary Screening Measure:
In response to the December 2009 attempted terrorist attack, TSA has
revised its procurement and deployment strategy for the AIT,
increasing the number of AITs it plans to procure and deploy. In
contrast with its prior strategy, the agency now plans to acquire and
deploy 1,800 AITs (instead of the 878 units it had previously planned
to acquire) and to use them as a primary screening measure where
feasible rather than solely as a secondary screening measure.
According to a senior TSA official, the agency is taking these actions
in response to the Christmas Day 2009 terrorist incident. These
officials stated that they anticipate the AIT will provide enhanced
security benefits compared to walk-through metal detectors, such as
enhanced detection capabilities for identifying nonmetallic threat
objects and liquids. TSA officials also stated that the AIT offers
greater efficiencies because it allows TSA to more rigorously screen a
greater number of passengers in a shorter amount of time while
providing a detection capability equivalent to a pat down. For
example, the AIT requires about 20 seconds to produce and interpret a
passenger's image as compared with 2 minutes required for a physical
pat down. A senior official also stated that TSA intends to continue
to offer an alternative but comparable screening method, such as a
physical pat down, for passengers who prefer not to be screened using
the AIT.
The AIT produces an image of a passenger's body that a screener
interprets. The image identifies objects, or anomalies, on the outside
of the physical body but does not reveal items beneath the surface of
the skin, such as implants. TSA plans to procure two types of AIT
units: one type uses millimeter-wave and the other type uses
backscatter X-ray technology. Millimeter-wave technology beams
millimeter-wave radio-frequency energy over the body's surface at high
speed from two antennas simultaneously as they rotate around the body.
The energy reflected back from the body or other objects on the body
is used to construct a three-dimensional image. Millimeter wave
technology produces an image that resembles a fuzzy photo negative.
Backscatter X-ray technology uses a low-level X-ray to create a two-
sided image of the person. Backscatter technology produces an image
that resembles a chalk etching.
As of February 24, 2010, according to a senior TSA official, the
agency has deployed 40 of the millimeter-wave AITs and procured 150
backscatter X-ray units in fiscal year 2009. In early March 2010, TSA
initiated the deployment of these backscatter units starting with two
airports, Logan International Airport in Boston, Massachusetts, and
Chicago O'Hare International Airport in Des Plaines, Illinois. TSA
officials stated that they do not expect these units to be fully
operational, however, until the second or third week of March due to
time needed to hire and train additional personnel. TSA estimates that
the remaining backscatter X-ray units will be installed at airports by
the end of calendar year 2010. In addition, TSA plans to procure an
additional 300 AIT units in fiscal year 2010, some of which it plans
to purchase with funds from the American Recovery and Reinvestment Act
of 2009. In fiscal year 2011, TSA plans to procure 503 AIT units. TSA
projects that a total of about 1,000 AIT systems will be deployed to
airports by the end of December 2011. In fiscal year 2014 TSA plans to
reach full operating capacity, having procured a total of 1,800 units
and deployed them to 60 percent of the checkpoint lanes at Category X,
I, and II airports.[Footnote 6] The current projected full operating
capacity of 1,800 machines represents a more than two-fold increase
from 878 units that TSA had previously planned. TSA officials stated
that the cost of the AIT is about $170,000 per unit, excluding
training, installation, and maintenance costs. In addition, in the
fiscal year 2011 President's budget submission, TSA has requested
$218.9 million for 3,550 additional full-time equivalents (FTE) to
help staff the AITs deployed in that time frame. From 2012 through
2014, as TSA deploys additional units to reach full operating
capacity, additional staff will be needed to operate these units; such
staffing costs will recur on an annual basis. TSA officials told us
that three FTEs are needed to operate each unit.
Because the AIT presents a full body image of a person during the
screening process, concerns have been expressed that the image is an
invasion of privacy. According to TSA, to protect passenger privacy
and ensure anonymity, strict privacy safeguards are built into the
procedures for use of the AIT. For example, the officer who assists
the passenger does not see the image that the technology produces, and
the officer who views the image is remotely located in a secure
resolution room and does not see the passenger. Officers evaluating
images are not permitted to take cameras, cell phones, or photo-
enabled devices into the resolution room. To further protect
passengers' privacy, ways have been introduced to blur the passengers'
images. The millimeter-wave technology blurs all facial features, and
the backscatter X-ray technology has an algorithm applied to the
entire image to protect privacy. Further, TSA has stated that the
AIT's capability to store, print, transmit, or save the image will be
disabled at the factory before the machines are delivered to airports,
and each image is automatically deleted from the system after it is
cleared by the remotely located security officer. Once the remotely
located officer determines that threat items are not present, that
officer communicates wirelessly to the officer assisting the
passenger. The passenger may then continue through the security
process. Potential threat items are resolved through a directed
physical pat down before the passenger is cleared to enter the sterile
area.[Footnote 7] In addition to privacy concerns, the AITs are large
machines, and adding them to the checkpoint areas will require
additional space, especially since the operators are physically
segregated from the checkpoint to help ensure passenger privacy.
Adding a significant number of additional AITs to the existing airport
infrastructure could impose additional challenges on airport operators.
TSA Recently Reported Efforts to Strengthen Its Operational Test and
Evaluation Process, but It Is Not Clear Whether TSA Has Fully
Evaluated the Relative Security Benefits and Costs of the AIT:
In October 2009, we reported that TSA had relied on a screening
technology in day-to-day airport operations that had not been proven
to meet its functional requirements through operational testing and
evaluation, contrary to TSA's acquisition guidance and a knowledge-
based acquisition approach.[Footnote 8] We also reported that TSA had
not operationally tested the AITs at the time of our review, and we
recommended that TSA operationally test and evaluate technologies
prior to deploying them.[Footnote 9] In commenting on our report, TSA
agreed with this recommendation. Although TSA does not yet have a
written policy requiring operational testing prior to deployment, a
senior TSA official stated that TSA has made efforts to strengthen its
operational test and evaluation process and that TSA is now complying
with DHS's current acquisition directive that requires operational
testing and evaluation be completed prior to deployment.[Footnote 10]
According to officials, TSA is now requiring that AIT are to
successfully complete both laboratory tests and operational tests
prior to deployment.
As we previously reported, TSA's experience with the explosives trace
portal (ETP), or "puffers," demonstrates the importance of testing and
evaluation in an operational environment.[Footnote 11] The ETP detects
traces of explosives on a passenger by using puffs of air to dislodge
particles from the passenger's body and clothing that the machine
analyzes for traces of explosives. TSA procured 207 ETPs and in 2006
deployed 101 ETPs to 36 airports, the first deployment of a checkpoint
technology initiated by the agency.[Footnote 12] TSA deployed the ETPs
even though tests conducted during 2004 and 2005 on earlier ETP models
suggested that they did not demonstrate reliable performance.
Furthermore, the ETP models that were subsequently deployed were not
tested to prove their effective performance in an operational
environment, contrary to TSA's acquisition guidance, which recommends
such testing. As a result, TSA procured and deployed ETPs without
assurance that they would perform as intended in an operational
environment. TSA officials stated that they deployed the machines
without resolving these issues to respond quickly to the threat of
suicide bombers. In June 2006 TSA halted further deployment of the ETP
because of performance, maintenance, and installation issues.
According to a senior TSA official, as of December 31, 2009, all but 9
ETPs have been withdrawn from airports, and 18 ETPs remain in
inventory.
Following the completion of our review, TSA officials told us that the
AIT successfully completed operational testing at the end of calendar
year 2009 before its deployment was fully initiated. The official also
stated that the AIT test results were provided and reviewed by DHS's
Acquisition Review Board prior to the board approving the AIT
deployment. According to TSA's threat assessment, terrorists have
various techniques for concealing explosives on their persons, as was
evident in Mr. Abdulmutallab's attempted attack on December 25, when
he concealed an explosive in his underwear. While TSA officials stated
that the laboratory and operational testing of the AIT included
placing explosive material in different locations on the
body,[Footnote 13] it remains unclear whether the AIT would have been
able to detect the weapon Mr. Abdulmutallab used in his attempted
attack based on the preliminary TSA information we have received. We
are in the process of reviewing these operational tests to assess the
AIT's detection capabilities and to verify that TSA successfully
completed operational testing of the AIT.
In addition, while TSA officials stated that the AITs performed as
well as physical pat downs in operational testing, TSA officials also
reported they have not conducted a cost-benefit analysis of the
original or revised AIT deployment strategy. We reported in October
2009 that TSA had not conducted a cost-benefit analysis of checkpoint
technologies being researched and developed, procured, and deployed
and recommended that it do so. DHS concurred with our recommendation.
Cost-benefit analyses are important because they help decision makers
determine which protective measures, for instance, investments in
technologies or in other security programs, will provide the greatest
mitigation of risk for the resources that are available. TSA officials
stated that a cost-benefit analysis was not completed for the AIT
because one is not required under DHS acquisition guidance. However,
these officials reported that they had completed, earlier in the
program, a life-cycle cost estimate and an analysis of alternatives
for the AIT as required by DHS, which, according to agency officials,
provides equivalent information to a cost-benefit analysis. We are in
the process of reviewing the alternatives analysis that was completed
in 2008 and life-cycle cost estimates which TSA provided to us on
March 12, 2010, to determine the extent to which these estimates
reflect the additional costs to staff these units. We estimate that,
based on TSA's fiscal year 2011 budget request and current AIT
deployment strategy, increases in staffing costs due to doubling the
number of AITs that TSA plans to deploy could add up to $2.4 billion
over the expected service life of this investment.[Footnote 14]
While we recognize that TSA is taking action to address a
vulnerability of the passenger checkpoint exposed by the December 25,
2009, attempted attack, we continue to believe that, given TSA's
expanded deployment strategy, conducting a cost-benefit analysis of
TSA's AIT deployment is important. An updated cost-benefit analysis
would help inform TSA's judgment about the optimal deployment strategy
for the AITs, as well as provide information to inform the best path
forward, considering all elements of the screening system, for
addressing the vulnerability identified by this attempted terrorist
attack.
TSA Has Made Progress in Securing Air Cargo and Airport Access, but
Challenges Remain:
TSA Has Made Progress in Meeting the Air Cargo Screening Mandate, but
Faces Participation, Technology, Oversight, and Inbound-Cargo
Challenges:
As we previously reported in March 2009, based on preliminary
observations from ongoing work, TSA has taken several key steps to
meet the statutory mandate to screen 100 percent of air cargo
transported on passenger aircraft by August 2010.[Footnote 15] Among
the steps that TSA has taken to address domestic air cargo screening,
the agency has revised its security programs to require more cargo to
be screened; created the Certified Cargo Screening Program (CCSP), a
voluntary program to allow screening to take place earlier in the
shipping process and at various points in the air cargo supply chain--
including before the cargo is consolidated; issued an interim final
rule, effective November 16, 2009, that, among other things, codifies
the statutory air cargo screening requirements of the 9/11 Commission
Act and establishes requirements for entities participating in the
CCSP;[Footnote 16] established a technology pilot program to
operationally test explosives trace detection (ETD) and X-ray
technology;[Footnote 17] and expanded its explosives detection canine
program.
While these steps are encouraging, TSA faces several challenges in
meeting the air cargo screening mandate. First, although industry
participation in the CCSP is vital to TSA's approach to move screening
responsibilities across the U.S. supply chain, the voluntary nature of
the program may make it difficult to attract program participants
needed to screen the required levels of domestic cargo. Second, while
TSA has taken steps to test technologies for screening and securing
air cargo, it has not yet completed assessments of the various
technologies it plans to allow air carriers and program participants
to use in meeting the August 2010 screening mandate. According to TSA
officials, several X-ray and explosives detection systems (EDS)
technologies successfully passed laboratory testing, and TSA placed
them on a December 2009 list of qualified products that industry can
use to screen cargo after August 2010.[Footnote 18] TSA plans to
conduct field testing and evaluation of these technologies in an
operational environment. In addition, TSA plans to begin laboratory
testing for ETD, Electronic Metal Detection (EMD), and additional X-
ray technologies in early 2010, and anticipates including these
technologies on the list of qualified products the industry can use by
the summer of 2010, before proceeding with operational testing.
[Footnote 19] As we previously reported, based on preliminary
observations from ongoing work, X-ray and ETD technologies, which have
not yet been fully tested for effectiveness, are currently being used
by industry participants to meet air cargo screening requirements.
[Footnote 20] We are examining this issue in more detail as part of
our ongoing review of TSA's air cargo security efforts, to be issued
later this year.
Third, TSA faces challenges overseeing compliance with the CCSP due to
the size of its current Transportation Security Inspector (TSI)
workforce. Under the CCSP, in addition to performing inspections of
air carriers and freight forwarders, TSIs are to also perform
compliance inspections of new regulated entities that voluntarily
become certified cargo screening facilities (CCSF), as well as conduct
additional CCSF inspections of existing freight forwarders. TSA
officials have stated that the agency is evaluating the required
number of TSIs to fully implement and oversee the program. Completing
its staffing study may help TSA determine whether it has the necessary
staffing resources to ensure that entities involved in the CCSP are
meeting TSA requirements to screen and secure air cargo.[Footnote 21]
As part of our ongoing work, we are exploring to what extent TSA is
undertaking a staffing study.
Finally, TSA has taken some steps to meet the screening mandate as it
applies to inbound cargo but does not expect to achieve 100 percent
screening of inbound cargo by the August 2010 deadline. TSA revised
its requirements to, in general, require carriers to screen 50 percent
of nonexempt inbound cargo. TSA also began harmonization of security
standards with other nations through bilateral and quadrilateral
discussions.[Footnote 22] In addition, TSA continues to work with
Customs and Border Protection (CBP) to leverage an existing CBP system
to identify and target high-risk air cargo. However, TSA does not
expect to meet the mandated 100 percent screening level by August
2010. This is due, in part, to challenges TSA faces in harmonizing the
agency's air cargo security standards with those of other nations.
Moreover, TSA's international inspection resources are limited. We
will continue to explore these issues as part of our ongoing review of
TSA's air cargo security efforts, to be issued later this year.
TSA Has Taken Actions to Strengthen Airport Security, but Faces
Challenges That Include Assessing Risk and Evaluating Worker Screening
Methods:
In our September 2009 report on airport security, we reported that TSA
has implemented a variety of programs and protective actions to
strengthen the security of commercial airports.[Footnote 23] For
example, in March 2007, TSA implemented a random worker screening
program--the Aviation Direct Access Screening Program (ADASP)--
nationwide to enforce access procedures, such as ensuring that workers
do not possess unauthorized items when entering secured areas.
[Footnote 24] In addition, TSA has expanded requirements for
background checks and for the population of individuals who are
subject to these checks, and has established a statutorily directed
pilot program to assess airport security technology.[Footnote 25]
As we reported in September 2009, while TSA has taken numerous steps
to enhance airport security, it continues to face challenges in
several areas, such as assessing risk, evaluating worker screening
methods, addressing airport technology needs, and developing a unified
national strategy for airport security.[Footnote 26] For example,
while TSA has taken steps to assess risk related to airport security,
it has not conducted a comprehensive risk assessment based on
assessments of threats, vulnerabilities, and consequences, as required
by DHS's National Infrastructure Protection Plan. To address these
issues, we recommended, among other things, that TSA develop a
comprehensive risk assessment of airport security and milestones for
its completion, and evaluate whether the current approach to
conducting vulnerability assessments appropriately assesses
vulnerabilities. DHS concurred with these recommendations and stated
that TSA is taking actions to implement them.
Our September 2009 report also reported the results of TSA efforts to
help identify the potential costs and benefits of 100 percent worker
screening and other worker screening methods.[Footnote 27] In July
2009 TSA issued a final report on the results and concluded that
random screening is a more cost-effective approach because it appears
"roughly" as effective in identifying contraband items at less cost
than 100 percent worker screening.[Footnote 28] However, the report
also identified limitations in the design and evaluation of the
program and in the estimation of costs, such as the limited number of
participating airports, the limited evaluation of certain screening
techniques, the approximate nature of the cost estimates, and the
limited amount of information available regarding operational effects
and other costs. Given the significance of these limitations, we
reported in September 2009 that it is unclear whether random worker
screening is more or less cost effective than 100 percent worker
screening. In addition, TSA did not document key aspects of the
pilot's design, methodology, and evaluation, such as a data analysis
plan, limiting the usefulness of these efforts. To address this, we
recommended that TSA ensure that future airport security pilot program
evaluation efforts include a well-developed and well-documented
evaluation plan, to which DHS concurred.
Moreover, although TSA has taken steps to develop biometric worker
credentialing, it is unclear to what extent TSA plans to address
statutory requirements regarding biometric technology, such as
developing or requiring biometric access controls at airports,
establishing comprehensive standards, and determining the best way to
incorporate these decisions into airports' existing systems.[Footnote
29] To address this issue, we have recommended that TSA develop
milestones for meeting statutory requirements for, among other things,
performance standards for biometric airport access control systems.
DHS concurred with this recommendation. Finally, TSA's efforts to
enhance the security of the nation's airports have not been guided by
a national strategy that identifies key elements, such as goals,
priorities, performance measures, and required resources. To better
ensure that airport stakeholders take a unified approach to airport
security, we recommended that TSA develop a national strategy that
incorporates key characteristics of effective security strategies,
such as measurable goals and priorities, to which DHS concurred and
stated that TSA is taking action to implement it.
Project Newton May Result in New Explosives Testing Standards for
TSA's Screening Technology:
As we discussed in our October 2009 report, TSA and the DHS Science
and Technology Directorate (S&T) are pursuing an effort--known as
Project Newton--which uses computer modeling to determine the effects
of explosives on aircraft and develop new requirements to respond to
emerging threats from explosives.[Footnote 30] Specifically, TSA and
S&T are reviewing the scientific basis of their current detection
standards for explosives detection technologies to screen passengers,
carry-on items, and checked baggage. As part of this work, TSA and S&T
are conducting studies to update their understanding of the effects
that explosives may have on aircraft, such as the consequences of
detonating explosives on board an in-flight aircraft. Senior TSA and
DHS S&T officials stated that the two agencies decided to initiate
this review because they could not fully identify or validate the
scientific support requiring explosives detection technologies to
identify increasingly smaller amounts of some explosives over time as
required by TSA policy. Officials stated that they used the best
available information to originally develop detection standards for
explosives detection technologies. According to these officials, TSA's
understanding of how explosives affect aircraft has largely been based
on data obtained from live-fire explosive tests on aircraft hulls at
ground level. Officials further stated that due to the expense and
complexity of live-fire tests, the Federal Aviation Administration,
TSA, and DHS collectively have conducted only a limited number of
tests on retired aircraft, which limited the amount of data available
for analysis. As part of this ongoing review, TSA and S&T are
simulating the complex dynamics of explosive blast effects on an in-
flight aircraft by using a computer model based on advanced software
developed by the national laboratories. TSA believes that the computer
model will be able to accurately simulate hundreds of explosives tests
by simulating the effects that explosives will have when placed in
different locations within various aircraft models. As discussed in
our October 2009 report, TSA and S&T officials expect that the results
of this work will provide a much fuller understanding of the explosive
detection requirements and the threat posed by various amounts of
different explosives, and will use this information to determine
whether any modifications to existing detection standards should be
made moving forward. We are currently reviewing Project Newton and
will report on it at a later date.
Madame Chairwoman, that concludes my statement and I would be happy to
answer any questions.
Contacts and Acknowledgments:
For additional information about this statement, please contact
Stephen M. Lord at (202) 512-4379 or lords@gao.gov. Contact points for
our Offices of Congressional Relations and Public Affairs may be found
on the last page of this statement.
In addition to the contact named above, staff who made key
contributions to this statement were E. Anne Laffoon and Steve D.
Morris, Assistant Directors; Nabajyoti Barkakati, Carissa Bryant,
Frances Cook, Joseph E. Dewechter, Amy Frazier, Barbara Guffy, David
K. Hooper, Richard B. Hung, Lori Kmetz, Linda S. Miller, Timothy M.
Persons, Yanina Golburt Samuels, Emily Suarez-Harris, and Rebecca
Kuhlmann Taylor.
[End of section]
Footnotes:
[1] Sterile areas are areas of airports where passengers wait after
screening to board departing aircraft.
[2] See for example, GAO, Homeland Security: Better Use of Terrorist
Watchlist Information and Improvements in Deployment of Passenger
Screening Checkpoint Technologies Could Further Strengthen Security,
[hyperlink, http://www.gao.gov/products/GAO-10-401T] (Washington,
D.C.: Jan. 27, 2010); Aviation Security: DHS and TSA Have Researched,
Developed, and Begun Deploying Passenger Checkpoint Screening
Technologies, but Continue to Face Challenges, [hyperlink,
http://www.gao.gov/products/GAO-10-128] (Washington, D.C.: Oct. 7,
2009); Homeland Security: DHS's Progress and Challenges in Key Areas
of Maritime, Aviation, and Cybersecurity, [hyperlink,
http://www.gao.gov/products/GAO-10-106] (Washington, D.C.: Dec. 2,
2009); Aviation Security: TSA Has Completed Key Activities Associated
with Implementing Secure Flight, but Additional Actions Are Needed to
Mitigate Risks, [hyperlink, http://www.gao.gov/products/GAO-09-292]
(Washington, D.C.: May 13, 2009); Aviation Security: Preliminary
Observations on TSA's Progress and Challenges in Meeting the Statutory
Mandate for Screening Air Cargo on Passenger Aircraft, [hyperlink,
http://www.gao.gov/products/GAO-09-422T] (Washington, D.C.: Mar. 18,
2009); Aviation Security: Vulnerabilities Exposed Through Covert
Testing of TSA's Passenger Screening Process, [hyperlink,
http://www.gao.gov/products/GAO-08-48T] (Washington, D.C.: Nov. 15,
2007); and Terrorist Watch List Screening: Opportunities Exist to
Enhance Management Oversight, Reduce Vulnerabilities in Agency
Screening Processes, and Expand Use of the List, [hyperlink,
http://www.gao.gov/products/GAO-08-110] (Washington, D.C.: Oct. 11,
2007).
[3] [hyperlink, http://www.gao.gov/products/GAO-10-401T]; [hyperlink,
http://www.gao.gov/products/GAO-10-128]; [hyperlink,
http://www.gao.gov/products/GAO-10-106], and [hyperlink,
http://www.gao.gov/products/GAO-09-422T].
[4] For purposes of this statement, the term freight forwarders only
includes those freight forwarders that are regulated by TSA, also
referred to as indirect air carriers.
[5] See generally Aviation and Transportation Security Act, Pub. L.
No. 107-71, 115 Stat. 597 (2001).
[6] There are about 450 commercial airports in the United States. TSA
classifies airports into one of five categories (X, I, II, III, and
IV) based on various factors, such as the total number of takeoffs and
landings annually, the extent to which passengers are screened at the
airport, and other special security considerations. In general,
category X airports have the largest number of passenger boardings,
and category IV airports have the smallest.
[7] TSA stated that it continues to evaluate possible display options
that include a "stick figure" or "cartoon-like" form to provide
greater privacy protection to the individual being screened while
still allowing the unit operator or automated detection algorithms to
detect possible threats. DHS is working directly with technology
providers to develop advanced screening algorithms for the AIT that
would utilize Automatic Target Recognition to identify and highlight
possible threats.
[8] [hyperlink, http://www.gao.gov/products/GAO-10-128].
[9] Operational testing refers to testing in an operational
environment in order to verify that new systems are operationally
effective, supportable, and suitable.
[10] DHS Acquisition Management Directive 102-01, Jan. 20, 2010.
[11] We have previously reported that deploying technologies that have
not successfully completed operational testing and evaluation can lead
to cost overruns and underperformance. In addition, our reviews have
shown that leading commercial firms follow a knowledge-based approach
to major acquisitions and do not proceed with large investments unless
the product's design demonstrates its ability to meet functional
requirements and be stable. The developer must show that the product
can be manufactured within cost, schedule, and quality targets and is
reliable before production begins and the system is used in day-to-day
operations. See [hyperlink, http://www.gao.gov/products/GAO-10-128]
and GAO, Best Practices: Using a Knowledge-Based Approach to Improve
Weapon Acquisition, [hyperlink,
http://www.gao.gov/products/GAO-04-386SP] (Washington, D.C.: Jan.
2004).
[12] TSA deployed the ETPs from January to June 2006.
[13] The results of TSA's laboratory and operational testing are
classified.
[14] To estimate the cost of the additional staff needed to operate
the AIT machines during their service life as a result of TSA's
increased deployment of the AIT, we used information in the
President's Budget Request for Fiscal Year 2011 and from interviews
with TSA officials. We identified staffing costs to operate each AIT
($369,764) and multiplied this figure by the number of additional AITs
that TSA has recently planned to deploy by 2014 (922 units) to
calculate the additional staffing costs, which equaled $340,922,408.
We then multiplied the additional staffing costs of $340,922,408 by 7
years to calculate the additional staffing cost to operate additional
AIT units during their expected service life, which equaled
$2,386,456,856.
[15] GAO-09-422T. The Implementing Recommendations of the 9/11
Commission Act of 2007 (9/11 Commission Act) requires that by August
2010, 100 percent of cargo--domestic and inbound--transported on
passenger aircraft be physically screened. The 9/11 Commission Act
establishes minimum standards for screening air cargo and defines
screening for purposes of the air cargo screening mandate as a
physical examination or nonintrusive methods of assessing whether
cargo poses a threat to transportation security. Solely performing a
review of information about the contents of cargo or verifying the
identity of the cargo's shipper does not constitute screening for
purposes of satisfying the mandate. See Pub. L. No. 110-53, § 1602(a),
121 Stat. 266, 477-79 (codified at 49 U.S.C. § 44901(g)). For the
purposes of this statement, domestic air cargo refers to cargo
transported by air within the United States and from the United States
to a foreign location by both U.S. and foreign-based air carriers; and
inbound cargo refers to cargo transported by U.S. and foreign-based
air carriers from a foreign location to the United States.
[16] See Air Cargo Screening, 74 Fed. Reg. 47672 (Sept. 16, 2009).
[17] ETD requires human operators to collect samples of items to be
screened with swabs, which are chemically analyzed to identify any
traces of explosives material.
[18] EDS uses computer-aided tomography X-rays to examine objects
inside baggage and identify the characteristic signatures of threat
explosives.
[19] EMD devices are capable of detecting metallic-based explosives,
such as wires, within a variety of perishable commodities at the cargo-
piece, parcel, and pallet level.
[20] [hyperlink, http://www.gao.gov/products/GAO-09-422T].
[21] For additional information on TSA's staffing study, see GAO,
Aviation Security: Status of Transportation Security Inspector
Workforce, [hyperlink, http://www.gao.gov/products/GAO-09-123R]
(Washington D.C.: Feb. 6, 2009).
[22] The term harmonization is used to describe countries' efforts to
coordinate their security practices to enhance security and increase
efficiency by avoiding duplication of effort.
[23] GAO, Aviation Security: A National Strategy and Other Actions
Would Strengthen TSA's Efforts to Secure Commercial Airport Perimeters
and Access Controls, [hyperlink,
http://www.gao.gov/products/GAO-09-399] (Washington, D.C.: Sept. 30,
2009).
[24] For the purposes of this statement "secured area" is used
generally to refer to areas specified in an airport security program
that require restricted access. See 49 C.F.R. §§ 1540.5, 1542.201.
[25] According to TSA officials, the agency established this program
in response to a provision enacted through the Aviation and
Transportation Security Act. See Pub. L. No. 107-71 § 106(d), 115
Stat. at 610 (codified at 49 U.S.C. § 44903(c)(3)).
[26] [hyperlink, http://www.gao.gov/products/GAO-09-399].
[27] To respond to the threat posed by airport workers, the
Explanatory Statement accompanying the DHS Appropriations Act, 2008,
directed TSA to use $15 million of its appropriation to conduct a
pilot program at seven airports. Explanatory Statement accompanying
Division E of the Consolidated Appropriations Act, 2008, Pub. L. No.
110-161, Div. E, 121 Stat. 1844, 2042 (2007), at 1048. While the
Statement refers to these pilot programs as airport employee screening
pilots, for the purposes of this statement, we use "worker screening"
to refer to the screening of all individuals who work at the airport.
[28] Transportation Security Administration, Airport Employee
Screening Pilot Program Study: Fiscal Year 2008 Report to Congress
(Washington, D.C., July 7, 2009).
[29] Among other things, the Intelligence Reform and Terrorism
Prevention Act of 2004 directed TSA, in consultation with industry
representatives, to establish comprehensive technical and operational
system requirements and performance standards for the use of biometric
identifier technology in airport access control systems. See Pub. L.
No. 108-458, § 4011, 118 Stat. 3638, 3712-14 (2004) (codified at 49
U.S.C. § 44903(h)(5)).
[30] [hyperlink, http://www.gao.gov/products/GAO-10-128].
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548: