This is the accessible text file for GAO report number GAO-06-597T entitled 'Aviation Security: Transportation Security Administration Has Made Progress in Managing a Federal Security Workforce and Ensuring Security at U.S. Airports, but Challenges Remain' which was released on April 4, 2006. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Testimony before the Subcommittee on Federal Workforce and Agency Organization, Committee on Government Reform, House of Representatives: United States Government Accountability Office: GAO: For Release on Delivery Expected at 2:00 p.m. EDT: April 4, 2006: Aviation Security: Transportation Security Administration Has Made Progress in Managing a Federal Security Workforce and Ensuring Security at U.S. Airports, but Challenges Remain: Statement of Cathleen A. Berrick, Director, Homeland Security and Justice Issues: GAO-06-597T: GAO Highlights: Highlights of GAO-06-597T, a testimony before the Subcommittee on Federal Workforce and Agency Organization, Committee on Government Reform, House of Representatives: Why GAO Did This Study: It has been over 3 years since the Transportation Security Administration (TSA) assumed responsibility for passenger and baggage screening at commercial airports. This testimony focuses on the progress TSA is making in strengthening aspects of aviation security and the challenges that remain. Particularly, this testimony highlights (1) progress TSA has made, and challenges it faces, in managing a federalized security workforce—including federal security directors (FSD) and transportation security officers (TSO)—with operational responsibility for ensuring security of passengers and their baggage; and (2) actions TSA has taken, and the challenges it faces, to ensure appropriate regulatory oversight of other airport security activities. What GAO Found: TSA has made progress in managing, deploying, and training a federalized aviation security workforce, including FSDs (the lead authority at U.S. airports) and TSOs (formerly known as screeners). FSDs have, for example, formed partnerships with key federal and private-sector stakeholders at airports engaged in security and operations. We reported, however, that the guidance on FSD authority is outdated and lacks clarity, particularly regarding security incidents when FSDs must coordinate with other stakeholders. Regarding TSOs, TSA has taken and has planned actions to strengthen the management and deployment of the TSO workforce. TSA has, for instance, developed a screening allocation model to determine TSO staffing levels at airports. However, FSDs have reported concerns that despite such a model, attracting, hiring, and retaining an adequate part-time TSO workforce remains a challenge. We have reported that, while TSA has expanded training opportunities for TSOs, insufficient TSO staffing and other problems hinder the ability of TSOs to take training. To evaluate TSO performance, TSA has collected performance data by conducting covert (undercover, unannounced) tests at passenger screening checkpoints. TSA has taken steps to strengthen key areas of aviation security for which it has regulatory and oversight responsibility, including domestic air cargo security, but faces challenges related to oversight and performance measurement. We reported in October 2005, for example, that while TSA had significantly increased the number of domestic air cargo inspections conducted, performance measures to determine to what extent air carriers and others are complying with air cargo security requirements had not been developed. Without such performance measures, and a systematic analysis of these results of air cargo security inspections, TSA’s ability to target its workforce for future inspections, and fulfill oversight responsibilities, will be limited. Further, while TSA has incorporated elements of risk-based decision making into securing air cargo, its efforts are not yet complete. To address these and other issues, TSA officials stated that they plan to compile additional information on air cargo inspections to enhance their ability to conduct compliance inspections of air carriers using covert testing, and to require random inspection of air cargo. Screening Passengers and Cargo Are Aviation Security Concerns: [See PDF for image] [End of figure] What GAO Recommends: In prior reports, GAO has made numerous recommendations designed to strengthen aviation security with respect to aviation workforce planning, deployment, and oversight. TSA generally agreed with our recommendations and is taking actions to implement them. GAO also has ongoing reviews related to TSA staffing models and other aviation security issues, and may make additional recommendations as appropriate. www.gao.gov/cgi-bin/getrpt?GAO-06-597T. To view the full product, including the scope and methodology, click on the link above. For more information, contact Cathleen A. Berrick at (202) 512-3404 or firstname.lastname@example.org. [End of section] Mr. Chairman and Members of the Committee: I appreciate the opportunity to participate in today's hearing to discuss the management and deployment of federal employees charged with securing U.S. commercial airports. After the terrorist attacks of 2001, securing the nation's aviation system--and ensuring that a federal workforce was in place to carry out a wide range of aviation security responsibilities--became a key goal of the administration and the Congress. Among the actions taken to address this need, the Aviation and Transportation Security Act (ATSA) of 2001, which established the Transportation Security Administration (TSA), charged the agency with, among other things, overseeing security operations at the nation's more than 400 commercial airports.[Footnote 1] In TSA, the federal workforce comprises, among others, federal security directors (FSDs)--the ranking authority responsible for leading and coordinating security activities at airports; transportation security officers (TSO), formerly known as screeners; and inspectors responsible for ensuring that air carriers, airport employees and airport vendors comply with established security requirements. My testimony today addresses two separate areas related to the management and oversight of the federal airport security workforce: (1) the progress TSA has made, and the challenges it faces, in managing a federalized security workforce with operational responsibility for ensuring security of passengers and their baggage, and (2) the actions TSA has taken, and the challenges it faces, to ensure appropriate regulatory oversight of other airport security activities. My comments are based on issued GAO reports and testimonies addressing the security of the U.S. commercial aviation system and our ongoing work on TSA's staffing standards for TSOs. We did our work in accordance with generally accepted government auditing standards. Appendix I contains a list of related GAO products issued since September 11, 2001. Summary: While TSA has made progress in managing the federalized aviation security workforce, including its FSDs and TSOs, TSA continues to face challenges in several key areas, including clarifying FSD roles and responsibilities, and managing the deployment and training of its TSO workforce. TSA has made changes to better support and empower the FSD position, including granting greater authority and flexibility to FSDs in carrying out their responsibilities. For example, in carrying out their responsibilities in overseeing security at the nation's airports, FSDs have formed partnerships with key stakeholders and participated in communication and coordination efforts to address a range of issues, including airport security, operations, and coordination. However, while TSA has developed guidance that describes the many roles and responsibilities of FSDs, we recently reported that TSA's primary document outlining FSDs' authority was outdated and lacked clarity regarding FSD authority during security incidents relative to other airport stakeholders with whom FSDs must coordinate closely on aviation security matters. For example, we found instances where confusion or conflicting opinions developed over whether the FSD had the authority to take certain actions during particular security incidents. Regarding its TSOs, TSA has taken and has planned actions to strengthen the management of the TSO workforce, which must be deployed in sufficient numbers and trained and certified in the latest screening procedures and technology to accomplish its security mission. Acknowledging imbalances in the screener workforce, TSA developed standards for determining TSO staffing for all airports at which federal screening is required and developed a Screening Allocation Model (SAM) to determine airport staffing levels. In determining staffing allocations, the SAM takes into account not only flight and passenger data, but also data unique to each airport--including flight schedules, passenger and baggage distribution curves, and TSA passenger and baggage screening configurations. However, FSDs we interviewed had preliminary concerns about the assumptions in the model, noting, among other things, that it has been a challenge to attract, hire, and retain a part-time TSO workforce at the 20 percent level indicated in the model. In addition to having an adequate number of screeners, effective screening involves screeners properly trained to do their job. TSA has taken numerous steps to expand training beyond the basic training requirement to include self-guided courses on its Online Learning Center; a recurrent training requirement of 3 hours per week, averaged over a quarter; and training on threat information, explosives detection, and new screening approaches. However, insufficient TSO staffing and a lack of high-speed Internet/intranet connectivity create impediments to the TSO workforce taking full advantage of training opportunities. With respect to evaluating TSOs, TSA has strengthened its efforts to measure the performance of the various components of the passenger and checked baggage screening systems--people, processes and technology. Specifically, TSA has implemented and strengthened efforts to collect performance data by performing covert (undercover, unannounced) tests, using the Threat Image Projection (TIP) system[Footnote 2] at passenger screening checkpoints, and implementing a congressionally mandated annual TSO recertification program. Despite these efforts, TSA covert testing has identified that weaknesses existed in the ability of TSOs to detect threat objects on passengers, in their carry-on bags, and in checked baggage. TSA has taken steps to strengthen the federal workforce responsible for other key areas of aviation security, including domestic air cargo and airport perimeters and access controls, but it faces additional challenges in each of these areas related to performance measurement and regulatory oversight. We reported in October 2005, for example, that TSA had significantly increased the number of domestic air cargo inspections. We noted, however, that TSA had not developed performance measures to determine to what extent air carriers and indirect air carriers--carriers that consolidate air cargo from multiple shippers and deliver it to air carriers to be transported--are complying with air cargo security requirements, and had not analyzed the results of inspections to systematically target future inspections on those entities that pose a higher security risk to the domestic air cargo system. Without these performance measures and systematic analyses, TSA will be limited in its ability to effectively target its workforce for future inspections and fulfill its oversight responsibilities for this important area of aviation security. In June 2005, TSA officials informed us that in the future they intend to compile information on the number of instances in which specific air cargo security requirements are inspected, and are taking steps to enhance TSA's ability to conduct compliance inspections of indirect air carriers, by, among other things, using undercover testing to identify air cargo security weaknesses. We also found that TSA has made efforts to incorporate risk-based decision making into securing air cargo, but has not conducted assessments of air cargo vulnerabilities or critical assets (cargo facilities and aircraft)--two crucial elements of a risk- based management approach without which TSA may not be able to appropriately focus its resources on the most critical security needs. Moreover, to better allocate resources for air cargo security, TSA established a requirement for random inspection of air cargo to address threats to the nation's aviation transportation system--a reflection of the agency's position that inspecting 100 percent of air cargo was not technologically feasible and would be potentially disruptive to the flow of air commerce. In the area of airport perimeter and access control security, we reported in June 2004 that while background checks were not required for all airport workers, TSA requires most airport workers who perform duties in secured and sterile areas[Footnote 3] to undergo a fingerprint-based criminal history records check. TSA further requires airport operators to compare applicants' names against TSA's aviation security watch lists. Once workers undergo this review, they are granted access to airport areas in which they perform duties. In addition, ATSA mandated that TSA require airport operators and air carriers to develop security awareness training programs for airport workers such as ground crews and gate, ticket, and curbside agents of air carriers. According to TSA, training requirements for these airport workers had not been established because additional training would result in increased costs for airport operators. In the area of security-related training, TSA did not require airport vendors with direct access to the airfield and aircraft to develop security programs, which would include security measures for vendor employees and property, as required by ATSA. In July 2004, in response to our recommendations, TSA made several improvements in these areas, through the issuance of a series of security directives, including requiring enhanced background checks and improved access controls for airport employees who work in restricted airport areas. Background: TSA Operational Responsibilities for Passenger and Checked Baggage Security: Prior to the passage of ATSA, the screening of passengers and checked baggage had been performed by private screening companies under contract to the airlines. The Federal Aviation Administration (FAA) was responsible for ensuring compliance with screening regulations. With the passage of ATSA and the transfer of aviation security responsibilities to TSA, including passenger and checked baggage screening at airports, TSA assigned FSDs--the top-ranking TSA authorities responsible for security at the nation's airports--to one or more commercial airports to oversee security activities. TSA has approximately 157 FSD positions at commercial airports nationwide to lead and coordinate TSA security activities. Although an FSD is responsible for security at each commercial airport, not every airport has an FSD dedicated solely to that airport. Most category X airports[Footnote 4] have an FSD responsible for that airport alone, while at other airports the FSD located at a hub airport has responsibility over one or more spoke airports of the same or smaller size. In addition to establishing TSA and giving it responsibility for passenger and checked baggage screening operations, ATSA also set forth specific enhancements to screening operations for TSA to implement, with deadlines for completing many of them. These requirements include: * assuming responsibility for screeners and screening operations at more than 400 commercial airports by November 19, 2002; * establishing a basic screener training program composed of a minimum of 40 hours of classroom instruction and 60 hours of on-the-job training; * conducting an annual proficiency review of all screeners; * conducting operational testing of screeners;[Footnote 5] * requiring remedial training for any screener who fails an operational test; and: * screening all checked baggage for explosives using explosives detection systems by December 31, 2002.[Footnote 6] As mandated by ATSA, TSA hired and deployed a TSO workforce to assume operational responsibility for conducting passenger and checked baggage screening. Passenger screening is a process by which authorized TSA personnel inspect individuals and property to deter and prevent the carriage of any unauthorized explosive, incendiary, weapon, or other dangerous item onboard an aircraft or into a sterile area. TSOs must inspect individuals for prohibited items at designated screening locations.[Footnote 7] The four passenger screening functions are (1) X- ray screening of property, (2) walk-through metal detector screening of individuals, (3) hand-wand or pat-down screening of individuals, and (4) physical search of property and trace detection for explosives. Checked baggage screening is a process by which authorized TSOs inspect checked baggage to deter, detect, and prevent the carriage of any unauthorized explosive, incendiary, or weapon onboard an aircraft. Checked baggage screening is accomplished through the use of explosive detection systems[Footnote 8] (EDS) or explosive trace detection (ETD) systems,[Footnote 9] and through the use of other means, such as manual searches, canine teams, and positive passenger bag match,[Footnote 10] when EDS and ETD systems are unavailable. TSA Regulatory Responsibilities for Air Cargo and Airport Security: In addition to establishing requirements for passenger and checked baggage screening, ATSA charged TSA with the responsibility for ensuring the security of air cargo, including, among other things, establishing security rules and regulations covering domestic and foreign passenger carriers that transport cargo, domestic and foreign all-cargo carriers, and domestic indirect air carriers--carriers that consolidate air cargo from multiple shippers and deliver it to air carriers to be transported; and overseeing implementation of air cargo security requirements by air carriers and indirect air carriers through compliance inspections. In general, TSA inspections are designed to ensure air carrier compliance with air cargo security requirements, while air carrier inspections focus on ensuring that cargo does not contain weapons, explosives, or stowaways.[Footnote 11] TSA is responsible for inspecting 285 passenger and all-cargo air carriers with about 2,800 cargo facilities nationwide, as well as 3,800 indirect air carriers with about 10,000 domestic locations. In conducting inspections, TSA inspectors review documentation, interview carrier personnel, directly observe air cargo operations, or conduct tests to determine whether air carriers and indirect air carriers are in compliance with air cargo security requirements. In 2004, an estimated 23 billion pounds of air cargo was transported within the United States, with about a quarter of this amount transported on passenger aircraft. Recently, DHS reported that most cargo on passenger aircraft is not physically inspected. ATSA also granted TSA the responsibility for overseeing U.S. airport operators' efforts to maintain and improve the security of commercial airport perimeters, access controls, and airport workers. While airport operators, not TSA, retain direct day-to-day operational responsibilities for these areas of security, ATSA directs TSA to improve the security of airport perimeters and the access controls leading to secured airport areas, as well as take measures to reduce the security risks posed by airport workers. Each airport's security program, which must be approved by TSA, outlines the security policies, procedures, and systems the airport intends to use in order to comply with TSA security requirements. FSDs oversee the implementation of the security requirements at airports. Of TSA's 950 aviation security inspectors located at airports throughout the United States, 750 are considered generalists who conduct a variety of aviation security inspections, and 200 are dedicated to conducting air cargo inspections. The FSD at each airport is responsible for determining the scope and emphasis of the inspections, as well as discretion for how to assign local inspection staff. TSA provides local airport FSDs and inspectors with goals for the number of inspections to be conducted per quarter. TSA Has Taken Steps to Strengthen the Management and Performance of an Aviation Security Workforce, but Continues to Face Challenges: In recent years, TSA has taken numerous actions related to the deployment, training, and performance of their aviation security workforce. TSA has, for example, taken action to support the authority of FSDs at airports, though additional clarification of their roles is needed. TSA also has improved the management and deployment of its TSO workforce with the use of a formal staffing model, though hiring and deployment challenges remain. TSA has also strengthened TSO training, and implemented various approaches to measuring TSO performance related to passenger and baggage screening activities. TSA Has Taken Action to Support FSDs, but Additional Clarification of Roles Is Needed to Support Stakeholder Coordination: In recent years, TSA has taken steps to ensure that FSDs, as the ranking TSA authorities at airports, coordinated their security actions with various airport stakeholders, and had sufficient authority to carry out their responsibilities. In September 2005, we reported on the roles and responsibilities of FSDs and other issues related to the position, including the extent to which they formed and facilitated partnerships with airport stakeholders.[Footnote 12] At that time, we reported that the FSDs and most stakeholders at the seven airports we visited had developed partnerships that were generally working well. TSA recognized that building and maintaining partnerships with airport stakeholders was essential to FSDs' success in addressing security as well as maintaining an appropriate level of customer service. To that end, TSA established general guidance for FSDs to follow in building stakeholder partnerships, but left it to the FSDs to determine how best to achieve effective partnerships at their respective airports. As a part of their security responsibilities, FSDs must coordinate closely with airport stakeholders--airport and air carrier officials, local law enforcement, and emergency response officials--to ensure that airports are adequately protected and prepared in the event of a terrorist attack. FSDs' success in sustaining and ensuring the effectiveness of aviation security efforts is dependent on their ability to develop and maintain effective partnerships with these stakeholders. FSDs need to partner with law enforcement stakeholders, for example, because they do not have a law enforcement body of their own to respond to security incidents. Partnerships can be of mutual benefit to FSDs and airport stakeholders and can enhance customer service. For example, FSDs rely on air carrier data on the number of passengers transiting through checkpoints to appropriately schedule screeners, and air carriers rely on the FSD to provide an efficient screening process to minimize wait times for passengers. At the airports we visited, FSDs and stakeholders cited several ways FSDs maintained partnerships, including being accessible to their stakeholders to help resolve problems and meeting with stakeholders to discuss how to implement new security policies. In addition, a variety of communication and coordination efforts were in place at the airports we visited, and many of these efforts existed before TSA assigned FSDs to airports. Formal mechanisms included security and general airport operations meetings, incident debriefings, and training exercises to help ensure a coordinated response in the event of a security incident. We also found that in response to concerns over FSD authority in responding to airport-specific security needs, in 2004, TSA made a number of changes to better support and empower the FSD. These changes included: * establishing a local hiring initiative that vested more hiring authority with the FSDs to address airport staffing needs, * providing flexibility to offer training locally to screeners, * increasing authority to address performance and conduct problems, * relocating five area director positions from the headquarters to the field in conjunction with establishing a report group to provide operational support and a communication link with headquarters, and: * establishing a mentoring program for newly appointed FSDs or their deputies. Most of the 25 FSDs we interviewed generally viewed these changes favorably. For example, most were satisfied with TSA's new local hiring process that provided more options for FSDs to be involved with hiring screeners, and most said that the new process was better than the more centralized hiring process it replaced. TSA officials concluded, among other things, that TSO candidates selected at airports where the FSD and staff were conducting the hiring process were more selective in accepting offers--leading to lower attrition--because they had more knowledge of what the job would entail than contractors did when they handled the hiring process. In addition, most of the FSDs we interviewed also saw value in the headquarters group TSA established to provide operational support to the field and a communication link among headquarters, field-based area directors, and FSDs. One area where we noted room for improvement at the FSD level was in how the FSD's authority has been defined. In September 2005, we reported that TSA had developed guidance that describes the many roles and responsibilities of FSDs, most of which is associated with securing commercial airports from terrorist threats.[Footnote 13] However, while the guidance clearly defined FSD roles and responsibilities, TSA's primary document outlining FSDs' authority was outdated and lacked clarity regarding FSD authority relative to that of other airport stakeholders with whom FSDs must coordinate closely to help ensure the effectiveness of aviation security efforts. The absence of a clear understanding of the authority of the position had reportedly resulted in confusion during past security incidents and had raised concerns among some stakeholders at both the national and airport levels about possible ambiguity regarding FSDs' authority during incidents. Accordingly, we recommended that steps be taken to update TSA's Delegation of Authority to FSDs to clearly reflect the authority of FSDs relative to that of airport stakeholders during security incidents and communicate the authority of the position, as warranted, to the FSDs and all airport stakeholders. Such action would benefit FSDs by further enabling them to communicate and share consistent information about their authority with their staff and airport stakeholders, including law enforcement agencies. In commenting on our recommendation, DHS stated that a new restatement of the Delegation Order had been drafted by a working group composed of FSDs from the FSD Advisory Council and relevant stakeholders and is being internally coordinated for comment and clearance. TSA Has Taken Steps to Better Manage Its TSO Workforce, but Continues to Face Deployment Challenges: To accomplish its security mission, TSA needs a sufficient number of passenger and checked baggage TSOs trained and certified in the latest screening procedures and technology. We reported in February 2004 that staffing shortages and TSA's hiring process had hindered the ability of some FSDs to provide sufficient resources to staff screening checkpoints and oversee screening operations at their checkpoints without using additional measures such as overtime.[Footnote 14] TSA has acknowledged that its initial staffing efforts created imbalances in the screener workforce and has since been taking steps to address these imbalances over the past 2 years, by, among other things, meeting a congressional requirement to develop a staffing model for TSOs. Specifically, the Intelligence Reform and Terrorism Prevention Act of 2004 required TSA to develop and submit to Congress standards for determining the aviation security staffing for all airports at which screening is required.[Footnote 15] The act also directed GAO to review these standards, which we are doing. These staffing standards are to provide for necessary levels of airport security, while also ensuring that security-related delays experienced by airline passengers are minimized. In June 2005, TSA submitted its report on aviation security staffing standards to Congress. Known as the Screening Allocation Model (SAM), these standards are intended to provide an objective measure for determining TSO airport staffing levels, while staying within the congressionally mandated limit of 45,000 FTE screeners. Whereas TSA's prior staffing model was demand-driven based on flight and passenger data, the SAM model analyzes not only demand data but also data on the flow of passenger and baggage through the airport and the availability of the workforce. In determining the appropriate TSO staffing levels, the SAM first considers the workload demands unique to each individual airport--including flight schedules, load factors and connecting flights, and number of passenger bags. These demand inputs are then processed against certain assumptions about the processing of passengers and baggage--including expected passenger and baggage processing rates, required staffing for passenger lanes and baggage equipment, and equipment alarm rates. Using these and various other data, the SAM determines the daily workforce requirements and calculates a work schedule for each airport. The schedule identifies a recommended mix of full-time and part-time staff and a total number of TSO full-time equivalents (FTE) needed to staff the airport,[Footnote 16] consistent with a goal of 10 minutes maximum wait time for processing passengers and baggage. For fiscal year 2006, the SAM model estimated a requirement of 42,170 TSO FTEs for all airports nationwide. In order to stay within a 43,000 TSO FTE budgetary limit for fiscal year 2006, TSA officials reduced the number of FTEs allocated to airports to 42,056, a level that allowed it to fund the 615 TSO FTEs in the National Screener Force--a force composed of TSOs who provide screening support to all airports--and to maintain a contingency of 329 TSO FTEs in reserve to meet unanticipated demands, such as a new air carrier coming on line at an airport.[Footnote 17] As of January 2006, there were 37,501 full-time TSOs and 5,782 part-time TSOs on board nationwide, representing an annualized rate of 41,085 TSO FTEs. According to TSA headquarters officials, the SAM can be adjusted to account for the uniqueness of particular airport security checkpoints and airline traffic patterns. Further, it is up to the FSDs to ensure that all of the data elements and assumptions are accurate for their airports, and to bring to TSA's attention any factors that should be reviewed to determine if changes to the SAM are appropriate. The President's fiscal year 2007 budget requests a total of 45,121 FTEs under the Passenger and Baggage TSO personnel compensation and benefits categories. As part of our ongoing review of the SAM model, we have identified several preliminary concerns about TSA's efforts to address its staffing imbalances and ensure appropriate coverage at airport passenger and checked baggage screening checkpoints. At the five airports we visited, FSD staff raised concerns about the SAM assumptions as they related to their particular airports.[Footnote 18] Among other things, they noted that the recommendation for 20 percent part-time TSO workforce--measured in terms of FTEs--often could not be reached, the expected processing rates for passenger and baggage screening were not being realized, non-passenger screening at large airports was higher than assumed, and the number of TSO FTEs needed per checkpoint lane and per baggage screening machine was not sufficient for peak periods. Regarding the SAM assumption of a 20 percent part- time TSO FTE level across all airports, FSD staff we visited stated that the 20 percent goal has been difficult to achieve because of, among other things, economic conditions leading to competition for part- time workers, remote airport locations coupled with a lack of mass transit, TSO base pay that has not changed since fiscal year 2002, and part-time workers' desire to convert to full-time status. According to TSA headquarters officials, while the nationwide annual TSO attrition rate is about 23 percent (compared to a rate of 14 percent reported in February 2004), it is over 50 percent for part-time TSOs. TSA has struggled with hiring part-time TSOs since it began actively recruiting them in the summer of 2003. In February 2004, we reported that FSDs at several of the airports we visited stated that they experienced difficulty in attracting needed part-time TSOs, which they believed to be due to many of the same factors, such as low pay and benefits, undesirable hours, the location of their airport, the lack of accessible and affordable parking or public transportation, and the high cost of living in the areas surrounding some airports.[Footnote 19] These FSDs stated that very few full-time TSOs were interested in converting to part-time status--a condition that still exists--and TSA officials stated that attrition rates for part-time TSOs were considerably higher than those for full-time TSOs. At two of the five airports we visited as part of our ongoing review of the SAM model, FSD staff told us that they had not been able to hire up to their authorized staffing levels. In February 2004, we reported that many of the FSDs we interviewed expressed concern that TSA's hiring process was not responsive to their needs and hindered their ability to reach their authorized staffing levels and adequately staff screening checkpoints. Specifically, FSDs expressed concern with the lack of a continuous hiring process to backfill screeners lost through attrition, and their lack of authority to conduct hiring on an as-needed basis. We reported that TSA was taking steps to make the hiring process more responsive to FSDs' needs. Since then, TSA has provided FSDs with more input into the hiring process in an effort to streamline the process and enable FSDs to more quickly meet their staffing needs. During our five airport visits, some FSD staff we interviewed also cited another limitation of the SAM--specifically, that the model does not account for screeners who are performing administrative or other duties. The officials also noted that, because they are not authorized to hire a sufficient number of mission support staff, TSOs are being routinely used--in some cases full time--to carry out non-screening and administrative duties, including supporting payroll, scheduling, uniform supplies, legal support, logistics, and operations center activities. At the five airports we visited in January and February 2006, out of a total of 2,572 TSO full time equivalents (FTE) on-board at those airports, roughly 136 FTEs (just over five percent) were being used for administrative duties. FSD staff stated that some of these TSOs are being used on a part-time basis, while others are used on a full-time basis. The use of TSOs in these support functions could adversely affect the ability of FSDs to adequately staff their screening checkpoints. To compensate for screener shortages and to enable operational flexibility to respond to changes in risk and threat, in October 2003, TSA established a National Screening Force (formerly known as the Mobile Screening Force established in November 2002) to provide screening support to all airports in times of emergency, seasonal demands, or under other special circumstances that require a greater number of screeners than regularly available to FSDs. In February 2004, we reported that the National Screening Force consisted of over 700 full-time passenger and baggage TSOs. TSA officials stated that while these screeners have a home airport to which they are assigned, they travel to airports in need of screening staff approximately 70 percent of the year. TSA budgeted from appropriations received in fiscal year 2006 for 615 FTEs for the National Screening Force. The President's fiscal year 2007 budget request includes $35 million for operational expenses of the National Screening Force (not including salaries and benefits of force members). According to the budget request, in fiscal year 2007, the National Screening Force will generally be deployed only to those airports experiencing significant staffing shortfalls associated with increased seasonal traffic or when a special event, such as a Super Bowl or a large national conference, occurs requiring an immediate influx of additional TSO support. At one category X airport we recently visited, the FSD stated that because of challenges in hiring and retaining TSOs for this airport, he has had to rely on 59 members of the National Screening Force deployed to his airport, and had been relying on this force since 2004. The President's fiscal year 2007 budget request states that TSA will continue to review methods for reducing costs associated with this force, including ensuring that each airport has a sufficient staffing program in place to address short- term needs. In the President's fiscal year 2007 budget request, TSA identified several additional initiatives under way to address the management of the TSO workforce. These efforts include attempts to reduce attrition by creating a performance-based pay system, and establishing retention incentives to include performance bonuses, retention allowances, college credit reimbursement and flexible staffing. TSA also reported efforts to enhance opportunities for career advancement within the TSO job category, reducing on-the-job injuries by reengineering baggage screening areas, and deploying a national nurse care management program at 21 airports to assist TSOs in returning to work in a shorter period of time. TSA Has Strengthened TSO Training, but Faces Challenges in Delivering the Training: Since we reported on TSO training in September 2003, TSA has taken a number of actions designed to strengthen training available to the TSO workforce as part of its efforts to enhance the performance of TSOs.[Footnote 20] In September 2003, we reported that TSA had not fully developed or deployed a recurrent training program for passenger TSOs. At that time, little training was available to TSOs once they completed their basic TSO training. Since then, TSA has expanded training available to the TSO workforce, such as introducing an Online Learning Center that makes self-guided courses available over TSA's intranet and the Internet and expanding training available to supervisory TSOs. TSA also established a recurrent training requirement of 3 hours per week, averaged over a quarter, and provided FSDs with additional tools to facilitate and enhance TSO training, including at least one modular bomb set kit--containing components of an improvised explosive device (IED)--and at least one weapons training kit. TSA has also instituted a program called Threat in the Spotlight that, based on intelligence TSA receives, provides screeners with the latest in threat information regarding terrorist attempts to get threat objects past screening checkpoints. Additionally, in December 2005, TSA reported completing enhanced explosives detection training for over 18,000 TSOs. This training included both classroom and hands-on experiences, and focused particularly on identifying X-ray images of IED component parts, not just a completely assembled bomb. TSA plans for the remaining TSO workforce to receive this training by June 2006 through the Online Learning Center or other delivery methods. TSA also has developed new training curriculums to support new screening approaches. For example, TSA recently developed a training curriculum for TSOs in behavior observation and analysis at the checkpoint to identify passengers exhibiting behaviors indicative of stress, fear, or deception. However, as we reported in May 2005, insufficient TSO staffing and a lack of high-speed Internet/intranet connectivity to access the Online Learning Center have made it difficult for all TSOs screeners at many airports to receive required training and has limited TSO access to TSA training tools.[Footnote 21] As previously discussed, TSA is taking steps to address the TSO staffing challenges. However, it is too soon to determine whether TSA's efforts will address TSA's ability to provide required training while maintaining adequate coverage for screening operations. In terms of access to the Online Learning Center, TSA plans to complete the deployment of high-speed Internet/intranet connectivity to airports during fiscal year 2007. TSA established its Online Learning Center to provide passenger and baggage screeners with online, high-speed access to training courses. However, effective use of the Online Learning Center requires high-speed Internet/intranet access, which TSA has not been able to provide to all airports. In May 2005, we reported that as of October 2004, about 45 percent of the TSO workforce did not have high speed Internet/intranet access to the Online Learning Center. The President's fiscal year 2007 budget request reports that approximately 220 of the more than 400 airport and field locations have full information technology infrastructure installation, to include high-speed network connectivity, while the rest of the airports operate with dial-up access to TSA systems. According to the budget request, TSA will use $120 million in fiscal year 2006 to deploy high-speed connectivity to all category X and I airports and preliminary high-speed connectivity to all category II, III, and IV airports. The budget request includes a request for a total of $90 million to support this effort in fiscal year 2007, of which $54 million is needed to complete the deployment of high-speed connectivity at category II, III, and IV airports.[Footnote 22] TSA Has Implemented Various Approaches to Measuring the Performance of TSOs Conducting Passenger and Baggage Security Screening Activities: TSA has strengthened its efforts to measure the performance of the various components of the passenger and checked baggage screening systems--people, processes, and technology--but results of covert testing identified that weaknesses and vulnerabilities continue to exist. In November 2003, we reported on the need for TSA to strengthen its efforts to measure the performance of its screening functions.[Footnote 23] At that time, TSA had collected limited data on the effectiveness of its aviation security initiatives, to include screening functions. Specifically, limited covert (undercover, unannounced) testing had been performed, the TIP system used to aid TSOs in identifying threat objects within baggage was not fully operational at passenger screening checkpoints and was not available for checked baggage screening systems, and TSA had not fully implemented a congressionally mandated annual TSO proficiency review. Since then, TSA has implemented and strengthened efforts to collect performance data in each of these areas. In the area of covert testing, TSA headquarters increased the amount of passenger and checked baggage screening covert tests it performs and recently changed its approach to covert testing to focus its resources on catastrophic threats--threats that can take down an airplane or blow up an airplane. TSA's Office of Inspections (OI) (formerly the Office of Internal Affairs and Program Review, or OIAPR) conducts unannounced covert tests of TSOs to assess their ability to detect threat objects and to adhere to TSA-approved procedures. These tests, in which undercover OI inspectors attempt to pass threat objects through passenger screening checkpoints and in checked baggage, are designed to measure vulnerabilities in passenger and checked baggage screening systems and to identify systematic problems affecting performance of TSOs in the areas of training, procedures, and technology. OI, which began covert testing in September 2002, conducted 836 tests in fiscal year 2003 and 2,369 tests in fiscal year 2004 using its staff of 183 full-time-equivalents.[Footnote 24] In reporting its covert testing results, OI makes recommendations to TSA leadership that address deficiencies identified during testing and are intended to improve screening effectiveness. As of December 2005, OI had issued 29 reports to management on the results of its checkpoint and checked baggage covert testing. In total, the reports include 19 distinct recommendations related to passenger and checked baggage screening.[Footnote 25] Of these 19 recommendations, 11 relate to screener training. In September 2005, OI began implementing a revamped testing process that included a more risk-based approach and focused its resources on catastrophic threats. OI officials stated that they will continue testing. However, TSA leadership is reviewing the results of the revised testing, and final decisions regarding the structure, content, and frequency of future tests have not yet been made. Our analysis of TSA's covert testing results for tests conducted between September 2002 and September 2005 identified that overall, weaknesses existed in the ability of screeners to detect threat objects on passengers, in their carry-on bags, and in checked baggage. Covert testing results in this analysis cannot be generalized either to the airports where the tests were conducted or to airports nationwide.[Footnote 26] In February 2004, TSA provided protocols to help FSDs conduct their own covert testing of local airport passenger screening activities--a practice that TSA had previously prohibited.[Footnote 27] Between May 2004 and April 2005, FSDs conducted a total of 17,954 local covert tests at 350 airports; as of February 2006, TSA reported that FSDs had conducted a total of 48,826 local covert tests. In February 2005, TSA released a general procedures document for local covert testing at checked baggage screening locations. Between March 2005 and September 2005, 1,370 local tests of EDS screening were conducted at 71 airports. TSA headquarters officials stated that a key challenge FSDs face in conducting local testing is the lack of available federal staff to conduct the testing, particularly at smaller airports. In May 2005, we reported that TSA officials stated that they had not yet begun to use data from local covert testing to identify training and performance needs because of difficulties in ensuring that local covert testing is implemented consistently nationwide.[Footnote 28] TSA officials stated in March 2006, that the data are available for FSDs to use to identify training needs and levels of TSO performance. Covert testing is one method TSA uses to measure the security effectiveness of passenger and checked baggage screening procedures and technologies in the operating environment in addition to other TSA measures that assess the performance of passenger and checked baggage TSOs. One other source of information on TSO performance in detecting threat objects is the results from the TIP system. TIP is designed to test passenger screeners' detection capabilities by projecting threat images, including images of guns, knives, and explosives, onto bags as they are screened during actual operations. TSOs are responsible for identifying the threat image and calling for the bag to be searched. Once prompted, TIP identifies to the screener whether the threat is real and then records the TSO's performance in a database that could be analyzed for performance trends.[Footnote 29] TIP threat detection results in conjunction with OI covert test results and local testing are intended to assist TSA in identifying specific training and performance improvement efforts. In May 2005, we reported that in October 2003 TSA reactivated TIP as planned with an expanded library of 2,400 images at all but one of the more than 1,800 checkpoint lanes nationwide.[Footnote 30] In December 2005, TSA reported that it has further expanded the image library to include additional images of IEDs and IED components as part of its effort to improve TSOs' detection of explosives. Additionally, the President's fiscal year 2007 budget request states that TSA plans to maximize the training benefits of the TIP system by tailoring TIP sessions to address individual TSO weaknesses revealed in user performance data. For example, if a TSO has particular difficulty identifying IEDs, the TIP would trigger the projection of a higher proportion of simulated IEDs while that TSO was operating the machine under standard circumstances. Despite these improvements, TIP is not yet available for checked baggage screening. In April 2004, we reported that TSA officials stated that they were working to resolve technical challenges associated with using TIP for checked baggage screening on explosives detection system (EDS) machines and have started EDS TIP image development.[Footnote 31] However, in December 2004, TSA officials stated that because of severe budget reductions, TSA will be unable to begin implementing a TIP program for checked baggage in fiscal year 2005. Officials did not specify when such a program might begin. Another measure of TSO performance is the results of annual recertification testing. ATSA requires that each TSO receive an annual proficiency review to ensure he or she continues to meet all qualifications and standards required to perform the screening function. To meet this requirement, TSA established a recertification program. The first recertification program--which was conducted during the period October 2003 through March 2004--was composed of two assessment components, one of TSOs' performance and the other of TSOs' knowledge and skills. During the performance assessment component of the recertification program, TSOs are rated on both organizational and individual goals, such as maintaining the nation's air security, vigilantly carrying out duties with utmost attention to tasks that will prevent security threats, and demonstrating the highest levels of courtesy to travelers to maximize their levels of satisfaction with screening services. The knowledge and skills assessment component consists of three modules: (1) knowledge of standard operating procedures, (2) image recognition, and (3) practical demonstration of skills. Across all airports, TSOs performed well on the recertification testing for the first 2 years the program was in place, with about 1 percent of TSOs subject to recertification failing to complete this requirement. In both years, TSOs faced the greatest difficulty on their first attempt to pass the practical demonstration of skills module--a hands- on simulated work sample used to evaluate a screener's knowledge, skill, and ability when performing specific screener tasks along with the ability to provide customer service.[Footnote 32] According to TSA officials, at the completion of recertification at an airport, TSA management has access to reports at both the individual TSO and airport level, which identify the specific areas that were missed during testing. National level reports are also available that isolate areas that need improvement and can be targeted in basic and recurrent training. In fiscal year 2004, TSA established a performance measure for the recertification program.[Footnote 33] During the first year of recertification testing, dual-function TSOs who were actively working as both passenger and checked baggage TSOs were required to take only the recertification test for passenger TSOs. They were therefore not required to take the recertification testing modules required for checked baggage, even though they worked in that capacity.[Footnote 34] TSA's second annual recertification testing, which began in October 2004, included components for dual-function TSOs, but did not include an image recognition module for checked baggage TSOs--which would include dual-function screeners performing checked baggage screening. TSA officials stated that a decision was made to not include an image recognition module for checked baggage TSOs during this cycle because not all checked baggage TSOs would have completed training on the onscreen resolution protocol by the time recertification testing was conducted at their airports.[Footnote 35] In October 2005, TSA released guidance for screener recertification that included an image recognition module for checked baggage and dual- function screeners trained in the onscreen alarm resolution protocol. In addition to enhancing its efforts to measure the performance of TSOs, TSA also has developed two performance indexes to measure the effectiveness of the passenger and checked baggage screening systems. These indexes measure overall performance through a composite of indicators and are derived by combining specific performance measures relating to passenger and checked baggage screening, respectively. Such measures can be useful in identifying shortfalls that might be addressed by initiatives to enhance the workforce, such as providing special training. Specifically, these indexes measure the effectiveness of the screening systems through machine probability of detection and covert testing results;[Footnote 36] efficiency through a calculation of dollars spent per passenger or bag screened; and customer satisfaction through a national poll, customer surveys, and customer complaints at both airports and TSA's national call center. We reported in May 2005 that the screening performance indexes developed by TSA can be a useful analysis tool, but without targets for each component of the index, TSA will have difficulty performing meaningful analyses of the parts that make up the index. For example, without performance targets for covert testing, TSA will not have identified a desired level of performance related to screener detection of threat objects. Performance targets for covert testing would enable TSA to focus its improvement efforts on areas determined to be most critical, as 100 percent detection capability may not be attainable.[Footnote 37] In January 2005, TSA officials stated that the agency planned to track the performance of individual index components and establish performance targets against which to measure these components. Since then, TSA has finalized targets for the indexes, including targets for passenger and checked baggage covert testing. TSA Has Made Progress in Providing Regulatory Oversight of Airport and Air Carrier Security Activities, but it Could Better Target Workforce Resources: TSA has taken steps to strengthen oversight for key areas of aviation security, including domestic air cargo security operations conducted by air carriers, and airport perimeter security operations and access controls carried out by airport operators. For air cargo, TSA has increased the number of inspectors used to assess air carrier and indirect air carrier compliance with security requirements, and has incorporated elements of risk-based decision making to guide air cargo security needs. As of October 2005, however, TSA had not developed performance measures to determine to what extent air carriers and indirect air carriers are complying with air cargo security requirements, limiting TSA's ability to effectively target its workforce for future inspections and fulfill its oversight responsibilities. On airport premises, TSA had, at the time of our 2004 review, begun evaluating the security of airport perimeters and the controls that limit access into secured airport areas, but had not completed actions to ensure that all airport workers employed in these areas were vetted prior to hiring and then trained. Additional Action Needed to Strengthen TSA Inspections and Oversight of Domestic Air Cargo Security: We reported in October 2005 that TSA had significantly increased the number of domestic air cargo inspections conducted of air carrier and indirect air carrier compliance with security requirements.[Footnote 38] We noted, however, that TSA had not developed performance measures to determine to what extent air carriers and indirect air carriers were complying with security requirements, and had not analyzed the results of inspections to systematically target future inspections on those entities that pose a higher security risk to the domestic air cargo system. Without these performance measures and systematic analyses, TSA will be limited in its ability to effectively target its workforce for future inspections and fulfill its oversight responsibilities for this essential area of aviation security. We also reported on other actions that TSA had taken to focus limited resources on the most critical security needs. Our analysis of TSA's inspection records[Footnote 39] showed that between January 1, 2003, and January 31, 2005, TSA conducted 36,635 cargo inspections of air carriers and indirect air carriers and found 4,343 violations.[Footnote 40] Although TSA had compiled this information, the agency had not determined what constitutes an acceptable level of performance or compared air carriers' and indirect air carriers' performance against this standard. Without measures to determine an acceptable level of compliance with air cargo security requirements, TSA cannot assess the performance of individual air carriers or indirect air carriers against national performance averages or goals that would allow TSA to target inspections and other actions on those that fall below acceptable levels of compliance. According to TSA officials, the agency was working on developing short-term and long- term outcome measures for air cargo security, but they did not provide a timetable for when this effort would be completed. In addition, TSA had taken initial steps to compile information on the results of its compliance inspections of air carriers and indirect air carriers and identify the most frequent types of violations found. For example, from January 1, 2003, to January 31, 2005, TSA identified violations committed by air carriers and indirect air carriers involving noncompliance with air cargo security requirements in several areas--such as cargo acceptance procedures, access control to cargo facilities, and physical cargo inspections--that TSA had determined to be high-risk because they would pose the greatest risk to the safety and security of air cargo operations. TSA identified indirect air carriers' failure to comply with their own security programs as the area with the most violations, which according to TSA officials is due, in part, to indirect air carriers' unfamiliarity with air cargo security requirements. While TSA had identified frequently occurring violations, it had not yet determined the specific area of violation for a large number of inspections. In addition, TSA could not identify how many of its 36,635 inspections covered each air cargo security requirement. As a result, TSA could not determine the compliance rate for each specific area inspected. Without complete information on the specific air cargo security requirements that air carriers and indirect air carriers violated, as well as the number of times each topic area was inspected, TSA was limited in its ability to determine the compliance rates for specific air cargo security requirements and effectively target future inspections for air cargo security requirements that were most frequently violated and the air carriers and indirect air carriers that violate them. In June 2005, TSA officials informed us that in the future they intended to compile information on the number of instances in which specific air cargo security requirements were inspected. In addition, while TSA compiled information on the results of its compliance inspections, the agency had not yet systematically analyzed these results to target future inspections on security requirements and entities that pose a higher risk. Analyzing inspection results would be consistent with our internal control standards calling for comparisons of data to identify relationships that could form the basis for corrective actions, if necessary.[Footnote 41] TSA officials and the agency's fiscal year 2005 annual domestic inspection and assessment plan identified the need for such analyses. According to TSA officials, the agency had recently hired one staff person to begin analyzing inspection data. In June 2005, TSA officials also stated that the agency was working to revise its Performance and Results Information System database to allow for more accurate recording of inspection violations. However, the agency had not systematically analyzed the results of its inspections to target future inspections of those entities that pose an increased security risk. Without an analysis of the results of its inspections, TSA had a limited basis to determine how best to allocate its inspection resources. Further, analyzing key program performance data and using the results of this analysis to effectively allocate resources are consistent with elements of a risk management approach. Specifically, analyzing the results of compliance inspection data could help focus limited inspection resources on those entities posing a higher security risk. Such targeting is important because TSA may not have adequate resources to inspect all air carriers and indirect air carriers on a regular basis. For example, as we reported in October 2005, according to TSA inspection data for the period from January 1, 2003, to January 31, 2005, compliance inspections identified a greater incidence of violations by indirect air carriers than by air carriers. In addition, the percentage of inspections of air carriers that did not identify a violation of air cargo security requirements was significantly higher than that for indirect air carriers. According to TSA officials, the agency was taking steps to enhance its ability to conduct compliance inspections of indirect air carriers.[Footnote 42] To further target its inspections, TSA was conducting special emphasis assessments, which include testing to identify air cargo security weaknesses.[Footnote 43] On the basis of its review of compliance inspection results for the period of January 2003 to January 2005, TSA identified 25 indirect air carriers and 11 air carriers with a history of violations related to air cargo security requirements. TSA officials stated that the agency began conducting tests on these air carriers and indirect air carriers in April 2005.[Footnote 44] TSA officials stated that the agency planned to conduct additional tests. However, TSA officials stated that the agency had not yet determined how it will use the results of its testing program to help interpret the results from its other compliance inspection efforts. TSA had also not analyzed inspection results to identify additional targets for future testing. Such analysis could include focusing compliance testing efforts on air carriers and indirect air carriers with a history of air cargo security violations related to high-risk areas. TSA has made efforts to incorporate risk-based decision making into securing air cargo, but has not conducted assessments of air cargo vulnerabilities or critical assets (cargo facilities and aircraft)--two crucial elements of a risk-based management approach without which TSA may not be able to appropriately focus its resources on the most critical security needs. TSA also completed an Air Cargo Strategic Plan in November 2003 that outlined a threat-based risk management approach and identified strategic objectives and priority actions for enhancing air cargo security. Then, in November 2004, TSA issued a proposed air cargo security rule to enhance and improve the security of air cargo transportation.[Footnote 45] When finalized, TSA intends for this rule to implement most of the objectives set forth in the strategic plan. TSA had also not completed a methodology for assessing the vulnerability and criticality of air cargo assets, or established a schedule for conducting such assessments because of competing agency efforts to address other areas of aviation security. TSA had established a centralized Known Shipper database to streamline the process by which shippers (individuals and businesses) are made known to carriers with whom they conduct business. However, the information on the universe of shippers was incomplete because shipper participation was not mandatory and the data had not been thoroughly reviewed. TSA estimated that the database represented less than a third of the total population of known shippers. Further, TSA had not taken steps to identify shippers who may pose a security threat, in part because TSA had incomplete information on known shippers. TSA was attempting to address this limitation by its November 2004 proposed air cargo security rule which would make the Known Shipper database mandatory. This would require air carriers and indirect air carriers to submit information on their known shippers to TSA's Known Shipper database. Finally, TSA plans to take further steps to identify those shippers who may pose a security risk. In addition, TSA established a requirement for random inspection of air cargo to address threats to the nation's aviation transportation system and to reflect the agency's position that inspecting 100 percent of air cargo was not technologically feasible and would be potentially disruptive to the flow of air commerce. However, this requirement, which was revised in 2005 to increase the percentage of inspections required, contained exemptions based on the nature and size of cargo that may leave the air cargo system vulnerable to terrorist attack. TSA's plans for enhancing air cargo security included implementing a system for targeting elevated risk cargo for inspection.[Footnote 46] Although the agency acknowledged that the successful development of this system was contingent upon having complete, accurate, and current targeting information, the agency had not yet completed efforts to ensure information that will be used by the system is reliable. Further, through its proposed air cargo security rule, TSA planned to require air carriers and indirect air carriers to secure air cargo facilities, screen all individual persons boarding all-cargo aircraft, and conduct security checks on air cargo workers. In commenting on the proposed air cargo security rule, industry stakeholders representing air carriers, indirect air carriers and airport authorities stated that several of the proposals, including those mentioned above, may be costly and difficult to implement, and that TSA may have underestimated the costs associated with implementing these proposed measures. Our analysis of TSA's estimate also suggested that it may have been an underestimate. TSA stated that it plans to reassess its cost estimates before issuing its final air cargo security rule. In October 2005, we made several recommendations to assist TSA in strengthening the security of the domestic air cargo transportation system.[Footnote 47] These recommendations included (1) developing a methodology and schedule for completing assessments of air cargo vulnerabilities and critical assets; (2) reexamining the rationale for existing air cargo inspection exemptions; (3) developing measures to gauge air carrier and indirect air carrier compliance with air cargo security requirements; (4) developing a plan for systematically analyzing and using the results of air cargo compliance inspections to target future inspections and identify system wide corrective actions; (5) assessing the effectiveness of enforcement actions in ensuring air carrier and indirect air carrier compliance with air cargo security requirements; (6) and ensuring that the data to be used in the Freight Assessment System are complete, accurate, and current. DHS agreed with our recommendations. We currently have an ongoing review assessing the security of air cargo entering the United States from foreign countries. Further Steps May Be Needed to Strengthen TSA Oversight of Commercial Airport Perimeters and Access Controls: As discussed previously, domestic commercial airport authorities have primary responsibility for securing airport perimeters and restricted areas, whereas TSA conducts regulatory inspections to help ensure that airport authorities are complying with TSA security requirements. We reported in June 2004 on TSA's efforts to strengthen the security of airport perimeters (such as airfield fencing and access gates), the adequacy of controls restricting unauthorized access to secured areas (such as building entry ways leading to aircraft), and security measures pertaining to individuals who work at airports.[Footnote 48] At the time of our review, we found TSA had begun evaluating commercial airport security but needed a better approach for assessing results. In addition, TSA required criminal history records checks and security awareness training for most, but not all, the airport workers called for in ATSA. Further, TSA did not require airport vendors with direct access to the airfield and aircraft to develop security programs, which would include security measures for vendor employees and property, as required by ATSA. TSA is responsible for, and, at the time of our 2004 review, had begun evaluating the security of airport perimeters and the controls that limit access into secured airport areas, but had not yet determined how the results of these evaluations could be used to make improvements to the nation's airport system as a whole. Specifically, we found that TSA had begun conducting regulatory compliance inspections, covert testing of selected security procedures, and vulnerability assessments at selected airports. These evaluations--though not yet completed at the time of our report--identified perimeter and access control security concerns. For example, TSA identified instances where airport operators failed to comply with existing security requirements, including requirements related to access control.[Footnote 49] In addition, TSA identified threats to perimeter and access control security at each of the airports where vulnerability assessments were conducted in 2003. TSA had plans to begin conducting joint vulnerability assessments with the FBI but had not yet determined how it would allocate existing resources between its own independent airport assessments and the new joint assessments, or developed a schedule for conducting future vulnerability assessments. In addition, TSA had not yet determined how to use the results of its inspections in conjunction with its efforts to conduct covert testing and vulnerability assessments to enhance the overall security of the nation's commercial airport system. In June 2004, we also reported that background checks were not required for all airport workers. TSA requires most airport workers who perform duties in secured and sterile areas to undergo a fingerprint-based criminal history records check. TSA further requires airport operators to compare applicants' names against TSA's aviation security watch lists.[Footnote 50] Once workers undergo this review, they are granted access to airport areas in which they perform duties. For example, those workers who have been granted unescorted access to secured areas are authorized access to these areas without undergoing physical screening for prohibited items (which passengers undergo prior to boarding a flight). To meet TSA requirements, airport operators transmit applicants' fingerprints to a TSA contractor, who in turn forwards the fingerprints to TSA, who submits them to the FBI to be checked for criminal histories that could disqualify an applicant for airport employment. In March 2006, that TSA contractor reported that its background clearinghouse system had processed over 2 million criminal history record checks of airport and airline employees. TSA also requires that airport operators verify that applicants' names do not appear on TSA's "no fly" and "selectee" watch lists to determine whether applicants are eligible for employment.[Footnote 51] According to TSA, by December 6, 2002, all airport workers who had unescorted access to secured airport areas--approximately 900,000 individuals nationwide--had undergone a fingerprint-based criminal history records check and verification that they did not appear on TSA's watch lists, as required by regulation. In late 2002, TSA required airport operators to conduct fingerprint-based checks and watch list verifications for an additional approximately 100,000 airport workers who perform duties in sterile areas. As of April 2004, TSA said that airport operators had completed all of these checks. ATSA also mandates that TSA require airport operators and air carriers to develop security awareness training programs for airport workers such as ground crews, and gate, ticket, and curbside agents of air carriers.[Footnote 52] However, while TSA requires such training for these airport workers if they have unescorted access to secured areas, the agency did not require training for airport workers who perform duties in sterile airport areas.[Footnote 53] According to TSA, training requirements for these airport workers have not been established because additional training would result in increased costs for airport operators. Further, TSA had not addressed the act's provision that calls for the agency to require that airport vendors with direct access to the airfield and aircraft develop security programs to address security measures specific to vendor employees (companies doing business in or with the airport).[Footnote 54] TSA said that expanding requirements for background checks and security awareness training for additional workers and establishing requirements for vendor security programs would be costly to implement and would require time-consuming rule- making efforts to assess potential impacts and obtain and incorporate public comment on any proposed regulations. In June 2004, we recommended, and DHS generally agreed, that TSA better justify future decisions on how best to proceed with security evaluations and implement additional measures to reduce the potential security risks posed by airport workers. In July 2004, in response to our recommendations, TSA made several improvements in these areas, through the issuance of a series of security directives, including requiring enhanced background checks and improved access controls for airport employees who work in restricted airport areas.[Footnote 55] Concluding Observations: Since its inception, TSA has achieved significant progress in deploying its federal aviation security workforce to meet congressional mandates related to establishing passenger and checked baggage screening operations. With the initial congressional mandates now largely met, TSA has turned its attention to more systematically deploying its TSO workforce and assessing and enhancing its effectiveness in screening passengers and checked baggage. TSA has developed a staffing model intended to identify the necessary levels of TSOs to support airport screening operations. However, given the challenges TSA faces in determining appropriate staffing levels at airports, it is critical that TSA carefully consider how it strategically hires, deploys and manages its TSO workforce to help strengthen its passenger and checked baggage screening programs. In addition, as threats and technology evolve, it is vital that TSA continue to enhance training for the TSO workforce. Over the past several years, TSA has strengthened its TSO training program in an effort to ensure that TSOs have the knowledge and skills needed to successfully perform their screening functions. However, without addressing the challenges to delivering ongoing training, including installing high-speed connectivity at airport training facilities, TSA may have difficulty maintaining a screening workforce that possesses the critical skills needed to perform at a desired level. The importance of the nation's air cargo security system and the limited resources available to protect it underscore the need for a risk management approach to prioritize security efforts so that a proper balance between costs and security can be achieved. TSA has taken important steps in establishing such a risk management approach, but more work remains to be done to fully address the risks posed to air cargo security, including assessments of systemwide vulnerabilities and critical assets. Without such assessments, TSA is limited in its ability to focus its resources on those air cargo vulnerabilities that represent the most critical security needs. In addition, without performance measures to gauge air carrier and indirect air carrier compliance with air cargo security requirements and analyzing the results of its compliance inspections, TSA cannot effectively focus its inspection resources on those entities posing the greatest risk. In addition, TSA's goal of developing a system to target elevated risk cargo for inspection without impeding the flow of air commerce will be difficult to achieve without ensuring that the information used to target such cargo is complete, accurate, and current. By addressing these areas, TSA would build a better basis for strengthening air cargo security as it moves forward in implementing risk-based security initiatives. Mr. Chairman, this concludes my statement. I would be pleased to answer any questions that you or other members of the Committee may have at this time. Contact Information: For further information on this testimony, please contact at Cathleen A. Berrick, (202) 512-3404 or email@example.com. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this statement. In addition to the contact named above, John Barkhamer, Amy Bernstein, Kristy Brown, Philip Caramia, Kevin Copping, Glenn Davis, Christine Fossett, Thomas Lombardi, Laina Poon, and Maria Strudwick made key contributions to this testimony. [End of section] Appendix I: Related GAO Products: Aviation Security: Significant Management Challenges May Adversely Affect Implementation of the Transportation Security Administration's Secure Flight Program. GAO-06-374T. Washington, D.C.: February 9, 2006. Aviation Security: Federal Air Marshal Service Could Benefit from Improved Planning and Controls. GAO-06-203. Washington, D.C.: November 28, 2005. Aviation Security: Federal Action Needed to Strengthen Domestic Air Cargo Security. GAO-06-76. Washington, D.C.: October 17, 2005. Transportation Security Administration: More Clarity on the Authority of Federal Security Directors Is Needed. GAO-05-935. Washington, D.C.: September 23, 2005. Aviation Security: Flight and Cabin Crew Member Security Training Strengthened, but Better Planning and Internal Controls Needed. GAO-05- 781. Washington, D.C.: September 6, 2005. Aviation Security: Transportation Security Administration Did Not Fully Disclose Uses of Personal Information During Secure Flight Program Testing in Initial Privacy Notes, but Has Recently Taken Steps to More Fully Inform the Public. GAO-05-864R. Washington, D.C.: July 22, 2005. Aviation Security: Better Planning Needed to Optimize Deployment of Checked Baggage Screening Systems. GAO-05-896T. Washington, D.C.: July 13, 2005: Aviation Security: Screener Training and Performance Measurement Strengthened, but More Work Remains. GAO-05-457. Washington, D.C.: May 2, 2005. Aviation Security: Secure Flight Development and Testing Under Way, but Risks Should Be Managed as System Is Further Developed. GAO-05-356. Washington, D.C.: March 28, 2005: Aviation Security: Systematic Planning Needed to Optimize the Deployment of Checked Baggage Screening Systems. GAO-05-365. Washington, D.C.: March 15, 2005. Aviation Security: Measures for Testing the Effect of Using Commercial Data for the Secure Flight Program. GAO-05-324. Washington, D.C.: February 23, 2005. Transportation Security: Systematic Planning Needed to Optimize Resources. GAO-05-357T. Washington, D.C.: February 15, 2005. Aviation Security: Preliminary Observations on TSA's Progress to Allow Airports to Use Private Passenger and Baggage Screening Services. GAO- 05-126. Washington, D.C.: November 19, 2004. General Aviation Security: Increased Federal Oversight Is Needed, but Continued Partnership with the Private Sector Is Critical to Long-Term Success. GAO-05-144. Washington, D.C.: November 10, 2004. Aviation Security: Further Steps Needed to Strengthen the Security of Commercial Airport Perimeters and Access Controls. GAO-04-728. Washington, D.C.: June 4, 2004. Transportation Security Administration: High-Level Attention Needed to Strengthen Acquisition Function. GAO-04-544. Washington, D.C.: May 28, 2004. Aviation Security: Challenges in Using Biometric Technologies. GAO-04- 785T. Washington, D.C.: May 19, 2004. Nonproliferation: Further Improvements Needed in U.S. Efforts to Counter Threats from Man-Portable Air Defense Systems. GAO-04-519. Washington, D.C.: May 13, 2004. Aviation Security: Private Screening Contractors Have Little Flexibility to Implement Innovative Approaches. GAO-04-505T. Washington, D.C.: April 22, 2004. Aviation Security: Improvement Still Needed in Federal Aviation Security Efforts. GAO-04-592T. Washington, D.C.: March 30, 2004. Aviation Security: Challenges Delay Implementation of Computer- Assisted Passenger Prescreening System. GAO-04-504T. Washington, D.C.: March 17, 2004. Aviation Security: Factors Could Limit the Effectiveness of the Transportation Security Administration's Efforts to Secure Aerial Advertising Operations. GAO-04-499R. Washington, D.C.: March 5, 2004. Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges. GAO-04-385. Washington, D.C.: February 13, 2004. Aviation Security: Challenges Exist in Stabilizing and Enhancing Passenger and Baggage Screening Operations. GAO-04-440T. Washington, D.C.: February 12, 2004. The Department of Homeland Security Needs to Fully Adopt a Knowledge- based Approach to Its Counter-MANPADS Development Program. GAO-04-341R. Washington, D.C.: January 30, 2004. Aviation Security: Efforts to Measure Effectiveness and Strengthen Security Programs. GAO-04-285T. Washington, D.C.: November 20, 2003. Aviation Security: Federal Air Marshal Service Is Addressing Challenges of Its Expanded Mission and Workforce, but Additional Actions Needed. GAO-04-242. Washington, D.C.: November 19, 2003. Aviation Security: Efforts to Measure Effectiveness and Address Challenges. GAO-04-232T. Washington, D.C.: November 5, 2003. Airport Passenger Screening: Preliminary Observations on Progress Made and Challenges Remaining. GAO-03-1173. Washington, D.C.: September 24, 2003. Aviation Security: Progress Since September 11, 2001, and the Challenges Ahead. GAO-03-1150T. Washington, D.C.: September 9, 2003. Transportation Security: Federal Action Needed to Enhance Security Efforts. GAO-03-1154T. Washington, D.C.: September 9, 2003. Transportation Security: Federal Action Needed to Help Address Security Challenges. GAO-03-843. Washington, D.C.: June 30, 2003. Federal Aviation Administration: Reauthorization Provides Opportunities to Address Key Agency Challenges. GAO-03-653T. Washington, D.C.: April 10, 2003. Transportation Security: Post-September 11th Initiatives and Long-Term Challenges. GAO-03-616T. Washington, D.C.: April 1, 2003. Airport Finance: Past Funding Levels May Not Be Sufficient to Cover Airports' Planned Capital Development. GAO-03-497T. Washington, D.C.: February 25, 2003. Transportation Security Administration: Actions and Plans to Build a Results-Oriented Culture. GAO-03-190. Washington, D.C.: January 17, 2003. Aviation Safety: Undeclared Air Shipments of Dangerous Goods and DOT's Enforcement Approach. GAO-03-22. Washington, D.C.: January 10, 2003. Aviation Security: Vulnerabilities and Potential Improvements for the Air Cargo System. GAO-03-344. Washington, D.C.: December 20, 2002. Aviation Security: Registered Traveler Program Policy and Implementation Issues. GAO-03-253. Washington, D.C.: November 22, 2002. Airport Finance: Using Airport Grant Funds for Security Projects Has Affected Some Development Projects. GAO-03-27. Washington, D.C.: October 15, 2002. Commercial Aviation: Financial Condition and Industry Responses Affect Competition. GAO-03-171T. Washington, D.C.: October 2, 2002. Aviation Security: Transportation Security Administration Faces Immediate and Long-Term Challenges. GAO-02-971T. Washington, D.C.: July 25, 2002. Aviation Security: Information Concerning the Arming of Commercial Pilots. GAO-02-822R. Washington, D.C.: June 28, 2002. Aviation Security: Vulnerabilities in, and Alternatives for, Preboard Screening Security Operations. GAO-01-1171T. Washington, D.C.: September 25, 2001. Aviation Security: Weaknesses in Airport Security and Options for Assigning Screening Responsibilities. GAO-01-1165T. Washington, D.C.: September 21, 2001. Homeland Security: A Framework for Addressing the Nation's Efforts. GAO- 01-1158T. Washington, D.C.: September 21, 2001. Aviation Security: Terrorist Acts Demonstrate Urgent Need to Improve Security at the Nation's Airports. GAO-01-1162T. Washington, D.C.: September 20, 2001. Aviation Security: Terrorist Acts Illustrate Severe Weaknesses in Aviation Security. GAO-01-1166T. Washington, D.C.: September 20, 2001. FOOTNOTES  ATSA created TSA as an agency within the Department of Transportation (DOT) with responsibility for securing all modes of transportation, including aviation. Pub. L. No. 107-71, § 101, 115 Stat. 597 (2001). The Homeland Security Act of 2002, signed into law on November 25, 2002, transferred TSA from the DOT to the new Department of Homeland Security (DHS). Pub. L. No. 107-296, § 403, 116 Stat. 2135, 2178.  The Threat Image Projection system is designed to test TSOs' detection capabilities by projecting threat images, including images of guns and explosives, into bags as they are screened. TSOs are responsible for positively identifying the threat image and calling for the bag to be searched.  Sterile areas are located within the terminal where passengers wait after screening to board departing aircraft. Access to these areas is generally controlled by TSA screeners at checkpoints where they conduct physical screening of passengers and their carry-on baggage for weapons and explosives.  TSA classifies the commercial airports in the United States into one of five security risk categories (X, I, II, III, IV, and V) based on various factors, such as the total number of takeoffs and landings annually, and other special security considerations. In general, category X airports have the largest number of passenger boardings, and category IV airports have the smallest.  TSA defines an operational screening test as any covert test of a TSO conducted by TSA, on any screening function, to assess the screener's threat item detection ability or adherence to TSA-approved procedures.  Pursuant to the Homeland Security Act, the deadline for screening all checked baggage using explosive detection systems was, in effect, extended until December 31, 2003.  TSOs must deny passage beyond the screening location to any individual or property that has not been screened or inspected in accordance with passenger screening standard operating procedures. If an individual refuses to permit inspection of any item, that item must not be allowed into the sterile area or aboard an aircraft.  Explosive detection systems use probing radiation to examine objects inside baggage and identify the characteristic signatures of threat explosives. EDS equipment operates in an automated mode.  Explosive trace detection works by detecting vapors and residues of explosives. Human operators collect samples by rubbing bags with swabs, which are chemically analyzed to identify any traces of explosive materials.  Positive passenger bag match is an alternative method of screening checked baggage that requires that the passenger be on the same aircraft as the checked baggage.  Domestic passenger air carriers have 11 separate areas of cargo security that are subject to inspection, while indirect air carriers have 12 areas that are subject to inspection. All-cargo carriers that have implemented the voluntary all-cargo security program have 24 areas that are subject to inspection. These areas of inspection include access to cargo, cargo acceptance, including cargo from known shippers, and security training and testing.  GAO, Transportation Security Administration: More Clarity on the Authority of Federal Security Directors Is Needed, GAO-05-935 (Washington D.C.: Sept. 23, 2005).  GAO-05-935.  GAO, Aviation Security: Challenges Exist in Stabilizing and Enhancing Passenger and Baggage Screening Operations, GAO-04-440T (Washington, D.C.: Feb. 12, 2004).  Intelligence Reform and Terrorism Prevention Act of 2004, Pub. L. No. 108-458, § 4023, 118 Stat 3638, 3723-24.  One full-time-equivalent is equal to one work year or 2,080 non- overtime hours.  This budgetary FTE limit is not to be confused with the 45,000 FTE screener cap imposed by Congress in the FY2006 DHS Appropriations Act that limits the total number of FTE screeners available to TSA.  We interviewed FSD staff at 3 category X airports, 1 category I airports, and 1 category III airport.  GAO-04-440T.  GAO, Airport Passenger Screening: Preliminary Observations on Progress Made and Challenges Remaining, GAO-03-1173 (Washington, D.C.: Sept. 24, 2003).  GAO, Aviation Security: Screener Training and Performance Measurement Strengthened but More Work Remains, GAO-05-457 (Washington, D.C.: May 2, 2005).  According to the budget request, the remaining $36 million is needed to support operations and maintenance costs, including recurring costs for routers, switches, circuits, cabinets, racks, and network monitoring.  GAO, Aviation Security: Efforts to Measure Effectiveness and Address Challenges, GAO-04-232T (Washington, D.C.: Nov. 5, 2003).  Covert testing is an ancillary duty and not a full-time assignment for the majority of OI staff. According to OI, 14 full-time-equivalent positions in headquarters are dedicated fully to the covert testing program, which includes covert testing of all modes of transportation, not just airports. These 14 full-time-equivalents are in OI's Special Operations group and form the core of team leaders for the covert testing trips.  Some recommendations appear repeatedly in multiple reports issued by OIAPR.  Test results cannot be generalized because sample tests were not identified using the principles of probability sampling. In a probability sample to assess screener detection of threat objects, each screening of a passenger or baggage would have to have a chance of being selected. A well-designed probability sample would enable failure rates to be generalized to all airports. However, for cost and operational reasons, probability sampling may not be feasible for passenger and checked baggage screening because it would require a very large sample size and an exhaustive examination of each sampled passenger or baggage to determine if there was a threat object to detect.  The local covert testing protocols were updated in June 2004 and August 2004 to provide information on alternative testing methods.  GAO, Aviation Security: Screener Training and Performance Measurement Strengthened but More Work Remains, GAO-05-457 (Washington D.C.: May 2, 2005).  The TIP database records both the TIP hit rate and TIP false alarm rate. These two results are used to determine the probability of detection and probability of false alarms, which determine overall TIP performance. The TIP performance measure is classified as sensitive security information.  GAO-05-457.  GAO, Aviation Security: Private Screening Contractors Have Little Flexibility to Implement Innovative Approaches, GAO-04-505T (Washington, D.C.: April 22, 2004).  We cannot report on the specific results of the recertification testing because they are sensitive security information.  Information related to the measures is sensitive security information.  As of January 7, 2005, TSA reported that its workforce included approximately 25,947 dual-trained screeners who were certified to serve as passenger or baggage screeners.  TSA's onscreen resolution protocol requires that when an EDS machine alarm goes off, indicating the possibility of explosives, TSA TSOs, by reviewing computer-generated images of the inside of the bag, attempt to determine whether or not a suspect item or items are in fact explosive materials. If the TSO is unable to make this determination, the bag is diverted from the main conveyor belt into an area where it receives a secondary screening by a TSO with an ETD machine.  According to TSA, the machine probabilities of detection are established by the certification standards for each particular model of machines, and machines are not deployed unless they have met those standards.  TSA's measures for covert testing are passenger screener covert test results (percentage of TSOs correctly identifying and resolving threat images) and baggage screener covert test results (percentage of TSOs correctly identifying and resolving threat images). The targets for these measures are classified.  GAO, Aviation Security: Federal Action Needed to Strengthen Domestic Air Cargo Security, GAO-06-76 (Washington, D.C.: Oct. 17, 2005).  TSA established an automated Performance and Results Information System (PARIS) to compile the results of cargo inspections and the actions taken when violations are identified. The PARIS database, established in July 2003, provides TSA a Web-based method for entering, storing, and retrieving performance activities and information on TSA- regulated entities, including air carriers and indirect air carriers. PARIS includes profiles for each entity, inspections conducted by TSA, incidents that occur throughout the nation, such as instances of bomb threats, and investigations that are prompted by incidents or inspection findings.  We requested all of TSA's compliance inspection data, starting in November 2001. According to TSA, agency efforts to conduct air cargo compliance inspections during calendar years 2001 and 2002 were minimal. Moreover, documentation of inspection results for that period was problematic in part because of the way the Federal Aviation Administration reported compliance inspection data, which made it difficult to migrate the Federal Aviation Administration's data into TSA's PARIS system.  GAO, Internal Control Management and Evaluation Tool, GAO-01-1008G (Washington, D.C.: August 2001).  Factors accounting for the limited number of TSA compliance inspections of indirect air carrier facilities are sensitive security information and discussed in the restricted version of this report, GAO- 05-446SU.  According to TSA, special emphasis assessments are distinct from agency efforts to conduct covert testing by TSA's Office of Internal Affairs and Program Review. Covert testing is typically done by undercover TSA agents and includes testing the security procedures at passenger check points and airport access controls.  Results of TSA's tests are considered sensitive security information and described in the sensitive security version of this report GAO-05-446SU.  Air Cargo Security Requirements, 69 Fed. Reg. 65,258 (proposed Nov. 10, 2004) (to be codified at 49 C.F.R pts. 1540-48).  This system, referred to as Freight Assessment, would target elevated risk cargo for inspection to minimize the agency's reliance on random inspections. This system is supposed to compare information on individual cargo shipments and shippers, among other things, against targeting criteria to assign a risk level to cargo. This would subject elevated risk cargo to additional inspection through physical searches or non intrusive technology.  GAO-06-76.  GAO, Aviation Security: Further Steps Needed to Strengthen the Security of Commercial Airport Perimeters and Access Controls, GAO-04- 728 (Washington, D.C.: June 4, 2004).  Our evaluation of TSA's covert testing of airport access controls was classified and was discussed in a separate classified report.  49 U.S.C. § 44936 requires airports and air carriers to conduct fingerprint-based criminal history records checks for all workers seeking unescorted access to the Security Identification Display Area. Specifically, no individual may be given unescorted access authority if he or she has been convicted, or found not guilty by reason of insanity, of any of 28 disqualifying offenses during the 10 years before the date of the individual's application for unescorted access authority, or while the individual has unescorted access authority.  TSA's no-fly list contains the names of individuals that pose, or are suspected of posing, a threat to civil aviation or national security. Individuals on this list will not be permitted to board an aircraft. There is also a selectee process by which individuals who meet certain criteria are set aside for additional screening.  Pub. L. No. 107-71, § 106(e), 115 Stat. at 610.  TSA regulations governing security training are virtually the same as those required previously under the regulations as administered by FAA.  See 49 U.S.C. § 44903(h)(4)(d).  TSA has taken other actions that are considered sensitive security information.