Transportation Security Infrastructure Modernization May Enhance DHS Screening Capabilities, but It Is Too Early to Assess ResultsGao ID: GAO-12-192R December 8, 2011
Securing transportation systems and facilities requires balancing security to address potential threats while facilitating the flow of people and goods that are critical to the U.S. economy and necessary for supporting international commerce. As we have previously reported, transportation systems and facilities are vulnerable and difficult to secure given their size, easy accessibility, large number of potential targets, and proximity to urban areas. The federal government has taken steps to ensure that transportation workers, particularly those who transport hazardous materials or seek unescorted access to secure areas of federally regulated maritime or aviation facilities, are properly vetted to identify whether they pose a security risk. These efforts are intended to reduce the probability of a successful terrorist or other criminal attack on the nation's transportation systems. To help enhance the security of the U.S. transportation system, the Department of Homeland Security (DHS) Transportation Security Administration's (TSA) Transportation Threat Assessment and Credentialing (TTAC) office is responsible for conducting background checks--known as security threat assessments--for various screening and credentialing programs established for maritime, surface, and aviation transportation workers. TSA's programs are largely focused on identifying security threats posed by those individuals seeking to obtain an endorsement, credential, access, and/or privilege (hereafter called a credential) for unescorted access to secure or restricted areas of transportation facilities at maritime ports and airports, and for commercial drivers transporting hazardous materials. These screening and credentialing programs were created under various legal and regulatory authorities, and were established at different times. As a result, according to TSA, these programs and their supporting systems are made up of independent, stand-alone business processes and systems, making it difficult to adapt them to meet expected growth in demand, new requirements, and new capabilities. According to TSA, TTAC screens and/or provides credentials to an estimated 12.5 million individuals per year, and this number is estimated to increase to between 52.5 million to 62.5 million individuals by 2016. However, as indicated in the TTAC Infrastructure Modernization (TIM) program mission needs statement, TTAC does not currently have the capability to support these expanding populations in providing security threat assessment and credentialing services. To address this limitation, TTAC initiated TIM in 2008 to consolidate and standardize TSA's current screening and credentialing systems to better serve transportation worker populations, increase efficiencies, and reduce duplication. DHS has an acquisition management process intended to, among other things, help ensure acquisition programs meet DHS mission needs. As part of this process, the DHS Acquisition Review Board is to conduct systematic reviews of acquisition programs and make recommendations on the appropriate direction for moving forward. The Acquisition Review Board is also expected to provide a consistent method for evaluating an acquisition's progress and status at critical points in the acquisition's life cycle, and is to work with the acquisition decision authority, a member of the Acquisition Review Board, to approve an acquisition to proceed to the next phase in its life cycle. Given the current efforts to coordinate DHS screening and credentialing programs on a departmentwide basis, Congress asked that we evaluate TSA's TIM implementation effort. Specifically, this report addresses how the TIM program is being implemented to leverage and enhance existing DHS screening and credentialing capabilities in accordance with DHS policy and acquisition directive and guidance.
While TSA initially focused on fixing gaps in TSA-managed screening and credentialing operations, it has since modified its TIM strategy to better leverage and enhance departmentwide capabilities, in accordance with DHS's credentialing framework and acquisition directive and guidance. For example, DHS required the TIM program to identify additional opportunities for leveraging DHS capabilities--or enterprise services--and identify cost efficiencies. TSA initially did not select a course of action that would leverage DHS capabilities beyond what TSA already had in place under its existing programs, such as using or establishing a consolidated enrollment service that could be used by TIM and other DHS components. During the course of our review, however, TSA began to identify capabilities that might be leveraged across DHS. For example, in accordance with DHS direction, in August 2011, the TIM program identified several opportunities for leveraging existing DHS background checking and vetting services. For instance, TSA is now working with DHS's Office of the Chief Information Officer and Screening Coordination Office to establish a common vetting service, which could reduce duplication among other DHS services. Eliminating redundant activities across multiple screening and credentialing programs could help support the goals of DHS's credentialing framework initiative. However, as of the date of this report, the programs that are to use this vetting service have not yet been determined. It is therefore too early to tell the extent to which, once implemented, these initiatives would enhance screening and credentialing capabilities across DHS. In commenting on a draft of this report, DHS did not state whether it concurred with the contents but noted that the TIM effort will capitalize on opportunities to leverage and, where possible, consolidate existing DHS capabilities. DHS also provided technical comments, which we have incorporated where appropriate.