This is the accessible text file for GAO report number GAO-07-375 entitled 'Homeland Security: Progress Has Been Made to Address the Vulnerabilities Exposed by 9/11, but Continued Federal Action Is Needed to Further Mitigate Security Risks' which was released on January 24, 2007. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Requesters, House of Representatives: United States Government Accountability Office: GAO: January 2007: Homeland Security: Progress Has Been Made to Address the Vulnerabilities Exposed by 9/11, but Continued Federal Action Is Needed to Further Mitigate Security Risks: GAO-07-375: GAO Highlights: Highlights of GAO-07-375, a report to the Chairman, Committee on the Judiciary, House of Representatives Why GAO Did This Study: Five years after the terrorist attacks of September 11, 2001, GAO is taking stock of key efforts by the President, Congress, federal agencies, and the 9/11 Commission to strengthen or enhance critical layers of defense in aviation and border security that were directly exploited by the 19 terrorist hijackers. Specifically, the report discusses how: (1) commercial aviation security has been enhanced; (2) visa-related policies and programs have evolved to help screen out potential terrorists; (3) federal border security initiatives have evolved to reduce the likelihood of terrorists entering the country through legal checkpoints; and (4) the Department of Homeland Security (DHS) and other agencies are addressing several major post-9/11 strategic challenges. The report reflects conclusions and recommendations from a body of work issued before and after 9/11 by GAO, the Inspectors General of DHS, State, and Justice, the 9/11 Commission, and others. It is not a comprehensive assessment of all federal initiatives taken or planned in response to 9/11. GAO is not making any new recommendations at this time since over 75 prior recommendations on aviation security, the Visa Waiver Program, and US- VISIT, among others, are in the process of being implemented. Continued monitoring by GAO will determine whether further recommendations are warranted. What GAO Found: While the nation cannot expect to eliminate all risks of terrorist attack upon commercial aviation, agencies have made progress since 9/11 to reduce aviation-related vulnerabilities and enhance the layers of defense directly exploited by the terrorist hijackers. In general, these efforts have resulted in better airline passenger screening procedures designed to identify and prevent known or suspected terrorists, weapons, and explosives from being allowed onto aircraft. Nevertheless, the nation’s commercial aviation system remains a highly visible target for terrorism, as evidenced by recent alleged efforts to bring liquid explosives aboard aircraft. DHS and others need to follow through on outstanding congressional requirements and recommendations by GAO and others to enhance security and coordination of passengers and checked baggage, and improve screening procedures for domestic flights, among other needed improvements. GAO’s work indicates that the government has strengthened the nonimmigrant visa process as an antiterrorism tool. New measures added rigor to the process by expanding the name-check system used to screen applicants, requiring in- person interviews for nearly all applicants, and revamping consular officials’ training to focus on counterterrorism. Nevertheless, the immigrant visa process may pose potential security risks and we are reviewing this issue. To enhance security and screening at legal checkpoints (air, land, and sea ports) at the nation’s borders, agencies are using technology to verify foreign travelers’ identities and detect fraudulent travel documents such as passports. However, DHS needs to better manage risks posed by the Visa Waiver Program, whereby travelers from 27 countries need not obtain visas for U.S. travel. For example, GAO recommended that DHS require visa-waiver countries to provide information on lost or stolen passports that terrorists could use to gain entry. We also recommended that DHS provide more information to Congress on how it plans to fully implement US-VISIT—a system for tracking the entry, exit, and length of stay of foreign travelers. While much attention has been focused on mitigating the specific risks of 9/11, other critical assets ranging from passenger rail stations to power plants are also at risk of terrorist attack. Deciding how to address these risks—setting priorities, making trade- offs, allocating resources, and assessing social and economic costs—is essential. Thus, it remains vitally important for DHS to continue to develop and implement a risk-based framework to help target where and how the nation’s resources should be invested to strengthen security. The government also faces strategic challenges that potentially affect oversight and execution of new and ongoing homeland security initiatives, and GAO has deemed three challenges in particular—information sharing, risk management, and transforming DHS as a department—as areas needing urgent attention. DHS and the Department of State reviewed a draft of this report and both agencies generally agreed with the information. Both agencies provided technical comments that were incorporated as appropriate. [Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-375]. To view the full product, including the scope and methodology, click on the link above. For more information, contact Eileen Larence, (202) 512- 8777, or larencee@gao.gov. [End of Section] Contents: Letter: Results in Brief: Background: Stronger Layered Defenses for Aviation Security in Place, Though We Reported More Needs to Be Done to Enhance Passenger Screening Operations and Security of Other Transportation Modes: GAO Concluding Observations--Passenger Prescreening: GAO Concluding Observations--Passenger Checkpoint Screening: GAO Concluding Observations--In-flight Security and Ground-Based Response Efforts: GAO Concluding Observations--Enhancing Security of Layers of Aviation Defense Not Implicated on 9/11: GAO Concluding Observations--Enhancing Security of Other Transportation Modes: Measures to Improve Visa Applicant Screening, Consular Counterterrorism Training, and Fraud Detection Have Strengthened the Visa Process as an Antiterrorism Tool: GAO Concluding Observations--Visa Process: Efforts to Screen and Verify Travelers and Detect Fraudulent Travel Documents Have Enhanced Border Security, but We Have Reported More Work Is Needed to Ensure That Risks Posed by Certain Travelers and Cargo Are Mitigated: GAO Concluding Observations--Visa Waiver Program: GAO Concluding Observations--US-VISIT: GAO Concluding Observations--Border Security: Federal Government Must Address Strategic Challenges of Sharing Terrorism-Related Information, Managing Risk, and Structuring DHS to Meet Its Mission: GAO Concluding Observations--Strategic Challenges: Appendix I: Visas Issued to the September 11, 2001, Terrorist Hijackers: Appendix II: Map of Visa Waiver Program Countries: Appendix III: Related GAO and Inspectors General Products: Appendix IV: Comments from the Department of Homeland Security: Appendix V: GAO Contacts and Staff Acknowledgements: Figures: Figure 1: Selected Federal Departments and Agencies with Security Responsibilities: Figure 2: Passenger Checkpoint Screening Functions: Figure 3: In-line Checked Baggage Screening System: Figure 4: Air Cargo Being Loaded and Inspected Using an Explosive Detection System: Figure 5: Traveler Screening Process: U.S. Visa Holders versus Visa Waiver Program Travelers: Figure 6: Timeline of Visas issued to Hijackers at Overseas Posts, November 1997 through June 2001: Abbreviations: ATSA: Aviation and Transportation Security Act: CBP: Customs and Border Protection: DHS: Department of Homeland Security: DOT: Department of Transportation: EDS: explosive detection systems: ETD: explosive trace detection systems: FAA: Federal Aviation Administration: FRA: Federal Railroad Administration: FTA: Federal Transit Administration: HSPD: Homeland Security Presidential Directive: ICE: Immigration and Customs Enforcement: IED: improvised explosive device: Interpol: International Criminal Police Organization: NORAD: North American Aerospace Defense Command: OGT: Office of Grants and Training: OIG: Office of Inspector General: POE: ports of entry: TSA: Transportation Security Administration: TSO: transportation security officers: TSOC: Transportation Security Operations Center: TWIC: Transportation Workers Identification Credential: US-VISIT: U.S. Visitor and Immigrant Status Indicator Technology: WHTI: Western Hemisphere Travel Initiative: United States Government Accountability Office: Washington, DC 20548: January 24, 2007: The Honorable Lamar Smith, Ranking Minority Member: Committee on the Judiciary: House of Representatives: The Honorable F. James Sensenbrenner, Jr. House of Representatives: The terrorist attacks on September 11, 2001, significantly altered the nation's views on how to secure and protect the people, borders, and assets of the United States, and dramatically highlighted the need to take immediate actions to reduce the likelihood of future attacks of this magnitude taking place on U.S. soil. With the benefit of hindsight, it is apparent that on 9/11, several areas in particular-- the U.S. commercial aviation system, the federal government's approach to compiling and managing terrorist watch lists, the nonimmigrant visa process,[Footnote 1] and mechanisms for screening and recording foreign travelers entering and exiting the United States--were all shown to be vulnerable to exploitation by terrorists intent on gaining entry to the country and wreaking havoc. Clearly, federal action was needed to address these and other weaknesses in our defenses. The federal government simply was not prepared for, and did not anticipate, the ways in which the security measures in place prior to 9/11 would be defeated. As the National Commission on Terrorist Attacks Upon the United States (the 9/11 Commission) noted in its 2004 report,[Footnote 2] none of the security measures adopted by the U.S. government prior to the attacks disturbed or even delayed the progress of the al Qaeda plot. In the 5 years since 19 hijackers commandeered four commercial aircraft and succeeded in destroying the World Trade Center, damaging the Pentagon, and killing almost 3,000 people, Congress and the administration have taken a number of actions to realign homeland security policies, priorities, and resources to help ensure that the 9/ 11 scenario could never be repeated. To this end, our government has in part reorganized by combining vital federal security, immigration, and investigative capabilities within a new Department of Homeland Security (DHS). Parallel efforts also were undertaken to transform the intelligence community in order to provide better information on, and analysis of, terrorist threats--information that could have serious implications for aviation, the visa process, and the border screening and inspection processes undertaken as part of border security. Since 9/11, Congress and the administration, including many federal agencies, have increasingly sought to take a longer-term view of homeland security, recognizing, among other things, that a variety of transportation and border security initiatives are needed, such as improving the mechanisms for screening foreign travelers before they enter the country legally by air, land, or sea ports, and tracking their entry and exit. More recent efforts by terrorists to disrupt society--notably, the alleged attempt by terrorists to bring liquid explosives on board aircraft bound for the United States and terrorist attacks on passenger rail systems in Madrid and London--have further highlighted the need for effective information sharing, proactive planning, and effective risk analysis, in order to identify and mitigate risks to people, national assets, and economic sectors and prioritize resources to address them. In recognition of the fifth anniversary of the 2001 terrorist attacks, you expressed interest in taking stock of some of the efforts by Congress, the administration, and many federal agencies--in concert with state and local governments and the private sector--to identify the nation's security vulnerabilities in key areas and find ways to mitigate them to the fullest extent possible. You asked us to draw upon the growing body of work by us and the Inspectors General that examine many of the key laws, policies, and practices related to homeland security in the post-9/11 period to assess how these security policies and procedures have evolved in response to the actions of the terrorists. While we recognize that it will never be possible to anticipate or mitigate every potential security threat, or to close every gap in our defenses, it is nonetheless important to acknowledge the critical work that has been done to make the country safer--and, looking ahead, to discuss how the government intends to identify, manage, and mitigate risks to domestic security in general, while continuing to protect privacy and the flow of people and commerce. It is also important to review security efforts made to date, in light of Congress' interest in revisiting the recommendations of the 9/11 Commission, including those addressing aviation and border security challenges, as well as challenges related to sharing homeland security information. The information contained in this report is derived from a security sensitive report that we issued in December 2006 on progress made to address vulnerabilities exposed by 9/11.[Footnote 3] That report contained detailed information on specific security vulnerabilities. This report does not undertake a comprehensive assessment of all federal initiatives taken or planned in response to 9/11. Rather, we focus on the progress the nation has made in strengthening or enhancing the critical layers of defense that either were penetrated by the terrorist hijackers of 9/11, or which our work or that of the Inspectors General shows are vulnerable to terrorist exploitation. This critical layered system of defense identifies points of vulnerability wherever they exist, and turns them into targets of opportunity for interdiction. These layers provide a series of independent, overlapping and reinforcing redundancies--domestically, for example, at airports as well as land and sea ports of entry, or outside the country, at consular offices--designed to raise the odds that terrorist activity can be identified and intercepted. This report focuses primarily on three main layers of defense--aviation security, visa security, and border security[Footnote 4]--and to the extent that our body of work allows, this report also addresses the role that information sharing has played in keeping federal officials and key stakeholders informed as these layers of defense are strengthened. In particular, this report discusses the following: (1) In what ways has the security of the nation's commercial aviation system been enhanced since 9/11 to reduce the likelihood that terrorists may carry out new attacks using aircraft? (2) How have visa-related policies and programs evolved since 9/11 to help screen out potential terrorists seeking entry into the United States? (3) How have federal border security efforts evolved since 9/11 to reduce the likelihood that terrorists could enter the United States through legal checkpoints? (4) What are the major strategic challenges facing Congress, DHS, and other federal agencies as the post-9/11 era progresses and decisions are made about prioritizing efforts and allocating finite resources to further enhance homeland security? The overall scope of our review reflects the national layers of defense in place on 9/11, which the terrorists exploited, and other areas with recognized vulnerabilities and security weaknesses where federal actions have been taken and for which we have a body of work. Specifically, the scope of our work encompassed an extensive review of work published by us and others on the conditions leading up to and the actions taken after 9/11 by Congress and federal departments--the departments of Homeland Security, State, and Justice--which now have primary responsibility for establishing and maintaining key layers of national defense (aviation, the visa process, and our borders) exploited by the 9/11 hijackers. To perform our analyses for all the research questions, we reviewed the findings, conclusions, and recommendations from GAO reports, testimonies, and other issued products on security policies and procedures prior to and after 9/11. This review included GAO's work on aviation security, the visa issuance process, and border security initiatives, as well as information on the development and consolidation of federal terrorist watch lists and how this and other sensitive information has been shared among federal agencies, including the Department of Homeland Security, and appropriate state and local personnel, such as law enforcement agencies and private air carriers. We also analyzed our preliminary results from ongoing work related to homeland security that was being conducted at the time of this review (i.e., work that we had under way but had not yet issued) on international aviation passenger prescreening, the U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) border security program, and more. In addition to GAO's work, we analyzed reports and testimonies issued after 9/11 by the Inspectors General for the departments of State, Justice, and Homeland Security and the findings of reports and testimonies issued by the 9/11 Commission. We reviewed key legislation enacted after 9/11, including (but not limited to) the Aviation and Transportation Security Act,[Footnote 5] the Homeland Security Act of 2002,[Footnote 6] the Enhanced Border Security and Visa Entry Reform Act of 2002,[Footnote 7] and the Intelligence Reform and Terrorism Prevention Act of 2004;[Footnote 8] presidential directives, including (but not limited to) Homeland Security Presidential Directive 6 (HSPD-6) on terrorist identification, screening, and tracking and HSPD-7 on critical infrastructure protection responsibilities; and executive orders. In addition to our documentary analysis, we interviewed senior officials at the departments of State and Homeland Security to obtain current information on progress made to implement selected recommendations we had made, and other actions under way by the departments at the time of our review to enhance security in the areas we were addressing-- aviation, visa, and border security. We recognize that there are significant factors that contributed to the terrorists' ability to complete their acts that Congress and the administration have been addressing since 9/11, which we do not discuss in depth in this report. These include vulnerabilities in available intelligence, terrorist financing mechanisms, and the domestic counterterrorism infrastructure in place to address threats within U.S. borders, among others. Nor does our review reflect activities or initiatives not directly related either to strengthening homeland security or to the 9/11 response; thus our review excludes consideration of initiatives aimed at facilitating travel convenience, such as "trusted traveler" programs[Footnote 9] and implementation of a redress process to remedy the problem associated with passengers misidentified on terrorist watch lists. See appendix III for a list of products issued by GAO and the office of Inspectors General within the departments of Homeland Security, State, and Justice related to the events of 9/11 and homeland security; many of these products are referred to in this report. Our work was conducted from September 2005 through October 2006 in accordance with generally accepted government auditing standards. Results in Brief: While the nation cannot expect to eliminate all future risks of terrorist attacks upon commercial aviation, in the 5 years since the attacks of September 11, 2001, progress has been made toward reducing the aviation-related vulnerabilities and enhancing the layers of defense directly exploited by the terrorist hijackers. Nevertheless, federal agencies continue to face the challenge of identifying and addressing the security risks inherent in the nation's commercial aviation system, which plays a vital role in the nation's economy, ferries millions of passengers around the world on a daily basis, and remains a highly visible target for terrorism. DHS and other federal departments are still working to implement congressional requirements and recommendations by us, the 9/11 Commission, and others to address known security weaknesses in commercial aviation and bolster security- related policies and programs already in place. On the positive side, at the direction of the President and the Congress, DHS and other federal departments have taken actions resulting in better airline passenger screening procedures that help to identify and prevent known or suspected terrorists, weapons, and explosives from being allowed onto aircraft. For example, since 9/11, domestic airline passenger prescreening procedures--whereby passengers who may pose a security risk are identified before boarding aircraft--have been enhanced through an identity-matching process that compares prospective passengers' names against an expanded list of terrorist suspects extracted from a consolidated terrorist watch list. This presecreening process has also been enhanced by requiring certain passengers to undergo greater scrutiny prior to boarding. But TSA has not yet met a congressional requirement that it take over responsibility for the passenger identity-matching process from domestic air carriers, in part to improve accuracy in the matching process and to end disclosure of sensitive information on possible terrorists to air carriers. We have recommended that TSA take numerous steps to help meet this requirement and we are monitoring their efforts. Passengers on international flights departing from or traveling to the United States undergo prescreening by DHS's U.S. Customs and Border Protection (CBP). However, this process poses challenges because these flights are allowed to take off before the passenger identity-matching process has been completed by CBP. Such flights therefore remain vulnerable to a terrorist take-over and other risks. CBP is working to address the problem, but a solution has not yet been implemented. We have recently recommended that DHS make key policy and technical decisions necessary to more fully coordinate CBP's international prescreening program with TSA's prospective domestic prescreening program. With respect to passenger checkpoint screening--the physical screening of passengers and their carry-on bags--we have reported that TSA has met congressional mandates related to deploying its federal aviation security workforce and establishing passenger screening operations at over 400 commercial airports. Moreover, passenger checkpoint screening operations have been enhanced with the aid of technology and more rigorous hands-on screening practices, among other things, in order to aid in detecting prohibited items. But as we have also reported, it is important that TSA continue to invest in and develop technologies for better detecting existing and emerging threats involving explosives. This is especially important in light of the alleged August 2006 plot to detonate liquid explosives on board multiple commercial aircraft bound for the United States from the United Kingdom. DHS and TSA have also taken actions to improve the layers of aviation defense not directly implicated in the 9/11 attacks. For instance, 100 percent of airline passengers' checked baggage is now screened, compared to just a fraction before 9/11, and TSA is seeking more cost-effective ways to deploy baggage screening systems at airports for detecting explosives. It is important to note that in light of the nature of the 9/11 attacks, priority federal attention was initially given to aviation security. Therefore, efforts to improve the security of other transportation modes--without losing sight of ongoing needs in aviation--have not progressed to the same extent. TSA and other federal agencies, including the Department of Transportation and the U.S. Coast Guard, have begun to conduct risk assessments within specific transportation modes, including aviation, passenger rail, maritime, and surface transportation in order to better identify critical assets and to prioritize and allocate finite security resources for protecting these assets. However, as we have reported, these efforts are not complete. DHS and other federal agencies have also recognized the importance of coordinating security-related priorities and activities with domestic and international stakeholders and are taking steps to enhance such cooperation. For example, in response to our recommendation to evaluate foreign passenger rail security practices not currently in use in the United States, TSA is working with foreign counterparts in order to share and glean best practices. While it is generally acknowledged that the visa process can never be entirely failsafe, the government has done a creditable job overall since 9/11 in strengthening the visa process as a first line of defense to prevent entry into the country by terrorists. Because citizens of other countries seeking to enter the United States on a temporary basis generally must apply for and obtain a nonimmigrant visa, the visa process is important to homeland security. Before 9/11, U.S. visa operations focused primarily on illegal immigration concerns--whether applicants sought to reside and work illegally in the country. Since the attacks, Congress, the State Department, and DHS have implemented several measures to strengthen the entire visa process as a tool to combat terrorism. New policies and programs have since been implemented based, in part, on our recommendations to enhance visa security, improve applicant screening, provide counterterrorism training to consular officials who administer the visa process overseas, and help prevent the fraudulent use of visas for those seeking to gain entry to the country. For example, the number of records available to check the identities of visa applicants against the consolidated terrorist watch list and criminal records was expanded fivefold by the State Department and other agencies between 2001 and 2005. The State Department also has taken steps to mitigate the potential for visa fraud at consular posts by deploying visa fraud investigators to U.S. embassies and consulates and conducting more in-depth analysis of the visa information collected by consulates to identify patterns that may indicate fraud, among other things. (Notably, 2 of the 19 terrorist hijackers on 9/11 used passports that were manipulated in a fraudulent manner to obtain visas.) State Department and DHS officials acknowledge that, while such actions have been beneficial, another type of visa process-- specifically, immigrant visas issued to those seeking to reside permanently in the United States--may pose security risks, and we have recently begun a review to identify and analyze these potential security risks. Enhancing security and screening at legal checkpoints at the nation's borders has been and remains a daunting task, and our work and that of others indicates that DHS and other agencies continue to need to identify and address security risks at air, land, and sea ports-- critical layers of defense that came under heightened scrutiny after 9/11. One area where security risks remain a challenge is the Visa Waiver Program, which enables citizens from 27 countries to travel to the United States without a visa for business or tourism for 90 days or less. This program carries inherent security, law enforcement, and illegal immigration risks. For example, by design, visa waiver travelers are not subject to the same degree of screening as travelers who must first obtain visas. Convicted 9/11 terrorist Zacarias Moussaoui is among those who carried a passport issued by a visa waiver country. Moreover, lost and stolen passports from visa waiver countries are valuable travel documents for terrorists, criminals, and others who are seeking to hide their true identities to gain entry into the country. Congress, DHS's Office of Inspector General, and we have played a role in DHS's efforts to address these challenges in the context of strengthening border security. Since 2003, DHS has intensified its oversight of visa waiver countries to ensure they comply with the program's statutory requirements, but we have reported that because of staffing challenges, such oversight may not be performed consistently to ensure compliance, and we recently recommended that additional resources be provided for such oversight. To mitigate the misuse of lost or stolen passports--which experts consider the greatest security problem posed by the Visa Waiver Program--DHS provides additional training for CBP officers in fraudulent document detection, and starting on October 26, 2005, passports of visa waiver travelers issued on or after that date, and until October 25, 2006 have to contain a digital photograph as an antifraud measure. Passports issued to visa waiver travelers after October 25, 2006, must be electronic (e-passports). We have recently recommended that DHS take additional steps to mitigate the risks from lost or stolen passports, including requiring all visa waiver countries to provide the United States and Interpol[Footnote 10] (an international police organization) with data on lost or stolen issued passports as well as blank passports; some visa waiver countries have been reluctant to provide this information. Finding ways to address these and other challenges will be important, given that many countries are actively seeking admission into the program. Separately, a border security initiative known as US-VISIT is intended to serve as a comprehensive system for integrating data on the entry and exit, and verifying the identity, of most foreign travelers coming through the nation's air, land, and sea ports, to mitigate the likelihood that terrorists or criminals can enter or exit at will, or that persons stay longer than authorized. Our work indicates that US- VISIT faces operational and strategic challenges. DHS has made considerable progress installing the entry portion of this system, which allows CBP border officers to verify travelers' identities by, among other things, scanning and comparing digital fingerprints and photographs, and checking biographic information against various federal databases, including the consolidated terrorist watch list. But Congress' goal for US-VISIT--to record the entry, reentry, and exit of travelers, including those who overstay their authorized stay--has not been fully achieved. According to DHS, an exit capability using comparable biometric scanning tools is not yet technologically feasible, would be very costly, and is not likely to be developed or deployed for up to 10 years. Without such a capability, the government cannot provide certainty that persons exiting the country are the same as those entering--and thus cannot determine which visitors have overstayed their authorized stay. We recently recommended that, among other things, DHS should finalize a mandated report to Congress describing how a comprehensive biometrically based entry and exit system would work in order to achieve US-VISIT's intended goals. Agencies need to address other border-related vulnerabilities as well. For example, CBP, along with the departments of Energy, Defense, and State, have taken steps to combat the smuggling of hazardous materials and cargo at ports of entry through use of better radiation detection equipment and inter-agency coordination, among other things. But our undercover investigators were nonetheless able within the last year to purchase and bring radioactive material across the border due to weaknesses in federal regulations governing the suppliers of such materials and the failure of CBP officers to detect counterfeit documentation presented during the border inspection process. In response to our work, officials with the Nuclear Regulatory Commission told us that they are aware of the potential problems with counterfeit documentation and are working to resolve these issues. While it may never be possible to ensure that terrorists, criminals, or those violating immigration laws are prevented from entering the country, DHS and other agencies must remain vigilant in developing and implementing programs and policies designed to reduce breaches in national borders and ensure that potential terrorists, as well as hazardous cargo, are interdicted. The aviation and border security vulnerabilities exploited by the 9/11 terrorists--and terrorist threats that have come to light since-- underscore the need for continued vigilance and for ensuring that federal agencies, the private sector, and other stakeholders coordinate their efforts, and deploy their resources, as strategically and cost effectively as possible. While much has been accomplished to mitigate specific risks from terrorism, Congress, DHS, and other federal agencies nevertheless continue to face an array of strategic challenges that potentially affect oversight and execution of the efforts that are under way or planned to enhance homeland security in the wake of 9/11 and new terrorist threats. Choosing an appropriate course of action going forward--setting priorities and making trade-offs, allocating resources, and assessing the social and economic costs of the measures that may be taken governmentwide--is not easy, but is nonetheless essential. One of the most important of these strategic challenges involves improving the sharing of information related to terrorism--a major acknowledged weakness at the time of 9/11. As a member of the 9/ 11 Commission noted, for example, information collected about terrorist suspects by the CIA and FBI at the time of the attacks was not shared with the Federal Aviation Administration (FAA). We designated information sharing for homeland security as a governmentwide high-risk area in 2005--meaning an area that needs urgent attention and transformation to ensure that our national government functions in the most economical, efficient, and effective manner possible. Responding to the lessons of 9/11, Congress and federal departments have taken steps to improve information sharing across the federal government and in conjunction with state and local governments and law enforcement agencies. For example, as we have reported, a consolidated terrorism watch list has been created and more broadly shared among key federal agencies to provide information that can be used to identify terrorists traveling to and within the United States. In addition, the FBI has increased its field-based joint terrorism task forces that bring together personnel from all levels of government to combat terrorism by sharing information and resources. And DHS has implemented homeland security information networks to share relevant information with states and localities. But the government continues to face significant information-sharing challenges. For example, Congress has required establishing an information sharing environment that would combine policies, procedures, and technologies that link people, systems, and information among all appropriate federal, state, local, and tribal entities and the private sector. We have recommended that in planning for this environment, responsible officials identify and address barriers posed by resource needs, among other things. A second strategic challenge facing the nation involves the application of a risk management framework that requires, at the highest level, the balancing of security concerns against other needs, given finite resource levels. Such a framework is needed as a way to consider how much the nation can afford to spend for security improvements in light of other, competing demands for limited funds, such as increasing costs of health care, Social Security, and other domestic problems. In our January 2005 report on high-risk areas in the federal government,we noted the importance of completing comprehensive national threat and risk assessments to guide and prioritize investment decisions--and noted risk management as an emerging area of concern. Much is also at stake when decisions are made about how to allocate limited resources across a large number of programs in multiple agencies. DHS is still in the early stages of adopting a risk-based strategic framework for making important resource decisions involving billions of dollars annually. In part, this is because the process is difficult and complex; requires comprehensive information on risks and vulnerabilities; and employs sophisticated assessment methodologies. The process also requires careful trade-offs that balance security concerns against other needs. With its fiscal year 2007 budget of about $35 billion, DHS has begun conducting risk assessments at individual infrastructure facilities and allocating grants based on risk criteria. But the agency has not completed all of the necessary risk assessments mandated by the Homeland Security Act to set priorities to help focus its resources where most needed. We have made numerous recommendations in these areas, which DHS is in the process of implementing. Finally, DHS faces significant management and organizational transformation challenges as it works to protect the nation from terrorism and implement effective risk management policies. As we have noted, DHS must continue to integrate approximately 180,000 employees from 22 originating agencies, consolidate multiple management systems and processes, and transform into a more effective organization with robust planning, management, and operations. For these reasons, we continue to designate the implementation and transformation of the department as high risk (meaning an area requiring urgent attention), and will continue to monitor and report on its progress. While national needs to reduce vulnerabilities suggest a rapid organization of homeland security functions, we recognize that such dramatic transitions of agencies and programs, as well as the breadth and scope of management support functions that need to be incorporated into the new department, are likely to take time to achieve. We should not expect this effort to be easy or the path forward to be smooth. These activities will require sustained management commitment--and continued involvement, support, and oversight by Congress. Because DHS and other federal agencies are continuing to improve their processes and practices based on many past recommendations by us, the Inspectors General, and others, we are not making new recommendations in this report. For example, we have made over 75 recommendations on aviation security, including actions to enhance the security and improve coordination of airline passenger and checked baggage screening procedures for domestic flights; the Visa Waiver Program, including actions to improve program oversight and mitigate program risks through additional resources and enhanced inter-governmental cooperation; and border screening and inspection processes, including actions need to complete the US-VISIT entry and exit system for foreign travelers, and more. Continued monitoring of these and related areas by us will determine whether further recommendations are warranted. We provided DHS and State with a draft of this report for review and comment. Both agencies generally agreed with the information in the report, and both provided technical comments, which we incorporated as appropriate. In addition, DHS provided clarification in two areas. In response to our assertion that the department has not completed all of the necessary risk assessments mandated by the Homeland Security Act of 2002, DHS stated that the act did not specify how many of such assessments were to be completed. DHS also noted that it believes it has made considerable progress by working on vulnerability assessment methodologies across different economic sectors and by providing tools to public and private sector partners to help identify and mitigate vulnerabilities that had been identified. In response to our reference to a DHS Office of Inspector General report that found that DHS had not yet created a comprehensive national inventory of critical infrastructure assets, DHS stated that it remains committed to developing this tool as an evolving, comprehensive catalog of assets that comprise the nation's infrastructure and that support risk analysis. DHS's comments appear in appendix IV. The State Department did not provide formal written comments. Background: Overview of Key Legislation Enacted After 9/11 Related to Aviation and Border Security: After the attacks of September 11, 2001, Congress and the President enacted several new laws intended to address many of the vulnerabilities exploited by the terrorists by strengthening layers of defense related to aviation and border security. A summary of key legislative efforts follows. To strengthen transportation security, the Aviation and Transportation Security Act (ATSA)[Footnote 11] was signed into law on November 19, 2001, with the primary goal of strengthening the security of the nation's aviation system. To this end, ATSA created the Transportation Security Administration (TSA) as an agency within the Department of Transportation (DOT) with responsibility for securing all modes of transportation, including aviation.[Footnote 12] ATSA included numerous requirements with deadlines for TSA to implement that were designed to strengthen the various aviation layers of defense. For example, ATSA required TSA to create a federal workforce to assume the job of conducting passenger and checked baggage screening from air carriers at commercial airports.[Footnote 13] The act also gave TSA regulatory authority over all transportation modes. After ATSA was enacted, the Homeland Security Act of 2002 consolidated most federal agencies charged with providing homeland security, including securing our nation's borders, into the newly formed Department of Homeland Security (DHS), which was created to improve, among other things, coordination, communication, and information sharing among the multiple federal agencies responsible for protecting the homeland. Legislation also was enacted to enhance various aspects of border security. The Homeland Security Act, for example, generally grants DHS exclusive authority to issue regulations on, administer, and enforce the Immigration and Nationality Act and all other immigration and nationality laws relating to the functions of U.S. consular officers in connection with the granting or denial of visas. The Homeland Security Act authorized DHS, among other things, to assign employees to U.S. embassies and consulates to provide expert advice and training to consular officers regarding specific threats related to the visa process.[Footnote 14] New legislation also was enacted that contained provisions affecting a major border security initiative that had begun prior to 9/11--a system for integrating data on the entry and exit of certain foreign nationals into and out of the United States, now known as US-VISIT (U.S. Visitor and Immigrant Status Indicator Technology). In 2001, the USA PATRIOT Act provided that, in developing this integrated entry and exit data system, the Attorney General (now Secretary of Homeland Security) and Secretary of State were to focus particularly on the utilization of biometric technology (such as digital fingerprints) and the development of tamper-resistant documents readable at ports of entry (either a land, air, or sea border crossing associated with inspection and admission of certain foreign nationals).[Footnote 15] It also required that the system be able to interface with law enforcement databases for use by federal law enforcement to identify and detain individuals who pose a threat to the national security of the United States. In addition, the Enhanced Border Security and Visa Entry Reform Act of 2002[Footnote 16] required that, in developing the integrated entry and exit data system for ports of entry, the Attorney General (now Secretary of Homeland Security) and Secretary of State implement, fund, and use the technology standard that was required to be developed under the USA PATRIOT Act at U.S. ports of entry and at consular posts abroad. The act also required the establishment of a database containing the arrival and departure data from machine-readable visas, passports, and other travel and entry documents possessed by aliens and the interoperability of all security databases relevant to making determinations of admissibility under section 212 of the Immigration and Nationality Act. (For additional information on legislative requirements related to US-VISIT, see GAO, Border Security: US-VISIT Faces Strategic, Technological, and Operational Challenges at Land Ports of Entry, GAO-07-248 [Washington, D.C.: December 2006]). In December 2004, the Intelligence Reform and Terrorism Prevention Act of 2004[Footnote 17] was enacted, containing provisions designed to address many of the transportation and border security vulnerabilities identified, and recommendations made by the 9/11 Commission. It included provisions designed to strengthen aviation security, information sharing, visa issuance, border security, and other areas. For example, the act mandated that TSA develop a passenger prescreening system that would compare passenger information for domestic flights to government watch list information, a function that was at the time, and still is, being performed by air carriers. The act also required the development of risk-based priorities across all transportation modes and a strategic plan describing roles and missions related to transportation security for encouraging private sector cooperation and participation in the implementation of such a plan. In addition, the act required DHS to develop and submit to Congress a plan for full implementation of US-VISIT as an automated biometric entry and exit data system and required the collection of biometric exit data for all individuals required to provide biometric entry data. Overview of Key Presidential Policy Directives Issued After 9/11 Related to Aviation and Border Security: In an effort to increase homeland security following the terrorist attacks on the United States, President Bush issued the National Strategy for Homeland Security in July 2002. The strategy sets forth overall objectives to prevent terrorist attacks within the United States, reduce America's vulnerability to terrorism, minimize the damage and assist in the recovery from attacks that may occur. The strategy is organized into six critical mission areas, including (for purposes of this report) one on border and transportation security. For this mission area, in particular, the strategy specified several objectives, including ensuring the integrity of our borders and preventing the entry of unwanted persons into our country. To accomplish this, the strategy provides for, among other things, reform of immigration services, large-scale modernization of border crossings, and consolidation of federal watch lists. It also acknowledges that accomplishing these goals will require overhauling the border security process. The President has also issued 16 homeland security presidential directives (HSPD), in addition to the strategy that was issued in 2002, providing additional guidance related to the mission areas outlined in the National Strategy. For example, HSPD-6 sets forth policy related to the consolidation of the government's approach to terrorism screening and provides for the appropriate and lawful use of terrorist information in screening processes. HSPD-11 builds upon this directive by setting forth the nation's policy with regard to comprehensive terrorist-related screening procedures through detecting, identifying, tracking, and interdicting people and cargo that pose a threat to homeland security, among other things. Additionally, HSPD-7 establishes a national policy for federal departments and agencies to identify and prioritize critical infrastructure and key resources and to protect them from terrorist attacks. (For additional information on the National Strategy for Homeland Security and related presidential directives, see GAO, Homeland Security: Agency Plans, Implementation, and Challenges Regarding the National Strategy for Homeland Security, GAO-05-33 [Washington, D.C.: January 2005]). Overview of Key Federal Security-Related Roles and Responsibilities in Post-9/11 Era: The federal departments with primary security-related responsibilities for aviation and border security after 9/11--the frontline departments providing key layers of defense--which are included in this report are shown in figure 1. Figure 1: Selected Federal Departments and Agencies with Security Responsibilities: [See PDF for image] Source: GAO. [End of figure] Aviation Security: TSA Has Operational Responsibility for Passenger and Baggage Screening, and Regulatory Responsibility for Air Cargo and Airport Security: The terrorist attacks of September 11, 2001, became the impetus for change in both the way in which airline passengers are screened and the entities responsible for conducting the screening. With the passage of ATSA, TSA assumed responsibility for civil aviation security from the Federal Aviation Administration (FAA), and for passenger and baggage screening from the air carriers.[Footnote 18] As part of this responsibility, TSA oversees security operations at the nation's more than 400 commercial airports, including passenger and checked baggage screening operations. One of the most significant changes mandated by ATSA was the shift from the use of private-sector screeners to perform airport screening operations to the use of federal screeners. Prior to ATSA, passenger and checked baggage screening had been performed by private screening companies under contract to airlines. ATSA required TSA to create a federal workforce to assume the job of conducting passenger and checked baggage screening at commercial airports. The federal workforce was in place, as required, by November 2002. While TSA took over responsibility for passenger checkpoint and baggage screening, air carriers have continued to conduct passenger prescreening (the process of checking passengers' names against federal watch list data at the time after an airline reservation is made). As noted above, the Intelligence Reform and Terrorism Prevention Act requires that TSA take over this responsibility from air carriers. In addition to establishing requirements for passenger and checked baggage screening, ATSA charged TSA with the responsibility for ensuring the security of air cargo. TSA's responsibilities include, among other things, establishing security rules and regulations covering domestic and foreign passenger carriers that transport cargo, domestic and foreign all-cargo carriers, and domestic indirect air carriers--carriers that consolidate air cargo from multiple shippers and deliver it to air carriers to be transported; and overseeing implementation of air cargo security requirements by air carriers and indirect air carriers through compliance inspections. In general, TSA inspections are designed to ensure air carrier compliance with air cargo security requirements, while air carrier inspections focus on ensuring that cargo does not contain weapons, explosives, or stowaways. ATSA also granted TSA the responsibility for overseeing U.S. airport operators' efforts to maintain and improve the security of airport perimeters, the adequacy of controls restricting unauthorized access to secured areas, and security measures pertaining to individuals who work at airports. While airport operators, not TSA, have direct day-to-day operational responsibilities for these areas of security, ATSA directs TSA to improve the security of airport perimeters and the access controls leading to secured airport areas, as well as take measures to reduce the security risks posed by airport workers. Border Security: State Department and DHS's Customs and Border Protection Have Primary Responsibility for Visa Management and Border Inspection: Our nation's current border security process is intended to control the entry and exit of foreign nationals seeking to enter or remain in the United States as well as prevent hazardous cargo or materials from being transported into the country. The primary federal agencies involved in this effort are the Department of State's Bureau of Consular Affairs and DHS's Customs and Border Protection (CBP) and U.S. Immigration and Customs Enforcement (ICE). Managing and Administering the Visa Process: The first layer of border security begins at the State Department's overseas consular posts, where State's consular officers are to adjudicate visa applications for foreign nationals who wish to enter the United States. In deciding to approve or deny a visa, consular officers are on the front line of defense in protecting the United States against potential terrorists and others whose entry would likely be harmful to U.S. national interests. Consular officers must balance this security responsibility against the need to facilitate legitimate travel. The process for determining who will be issued or refused a visa contains several steps, including documentation reviews, in-person interviews, collection of biometrics (fingerprints), and cross- referencing an applicant's name against a name-check database that includes the names of visa applicants to identify terrorists and other aliens who are potentially ineligible for visas based on criminal histories or other reasons specified by federal statute. In addition, State provides guidance, in consultation with DHS, to consular officers regarding visa policies and procedures and has the lead role with respect to foreign policy-related visa issues. While State manages the visa process, DHS is responsible for establishing visa policy, reviewing implementation of the policy, and providing additional direction. In addition, DHS had designated ICE to oversee efforts to review applications and provide expert advice and training to consular officers regarding specific threats related to the visa process at certain overseas posts. Border Screening and Inspection Processes for Ports of Entry: CBP is responsible for conducting immigration and customs inspections for aliens entering the United States at official border crossings (air, land, and sea ports of entry). CBP enforces immigration laws by screening and inspecting international travelers who enter the country through ports of entry. As part of this process, CBP officers verify travelers' identities through inspection of travel documents, screen travelers against terrorist watch lists, and scan or enter passport data into databases to verify travelers' identities. CBP also is responsible for conducting customs-related inspections of cargo at ports of entry and for ensuring that all goods entering the United States do so legally. In addition, CBP conducts prescreening of passengers on international flights bound for or departing from the United States. Specifically, CBP reviews biographical data and passport numbers provided by air carriers and conducts queries against terrorist watch lists and law enforcement and immigration databases to determine whether any passengers are to be referred to secondary inspection (whereby passengers are selected for more in-depth review of their identity and documentation) prior to the arrival of the aircraft at a U.S. port of entry. Federal Use of the Terrorist Watch List to Enhance Aviation and Border Security: The consolidated terrorist watch list is an important tool used by federal agencies to help secure our nation's borders. This list provides decision makers with information about individuals who are known or suspected terrorists, so that these individuals can either be prevented from entering the country, apprehended while in the country, or apprehended as they attempt to exit the country. After 9/11, various government watch lists were consolidated into one watch list, which is maintained by the FBI's Terrorist Screening Center (an entity that has been operational since December 2003 under the administration of the FBI).[Footnote 19] The consolidated watch list maintained by the center is the U.S. government's master repository for all known and suspected international and domestic terrorist records used for watch list- related screening. The consolidated watch list is an important homeland security tool used by federal frontline screening agencies, including the departments of State, Justice, and Homeland Security. Based upon agency-specific policies and criteria, relevant portions of the consolidated watch list can be used in a wide range of security-related screening procedures. For instance, air carriers and CBP use subsets of the consolidated watch list to prescreen passengers; State Department consular officers use the information in the visa application process; CBP officers use watch list data as part of the visitor inspection process at ports of entry, and state and local law enforcement officers use watch list data to screen apprehended individuals during traffic stops and for other purposes. Assessing and Managing Homeland Security Risks Using a Risk Management Approach: In recent years, we, along with Congress (most recently through the Intelligence Reform and Terrorism Prevention Act of 2004); the executive branch (e.g., in presidential directives); and the 9/11 Commission have required or advocated that federal agencies with homeland security responsibilities utilize a risk management approach to help ensure that finite national resources are dedicated to assets or activities considered to have the highest security priority. We have concluded that without a risk management approach, there is limited assurance that programs designed to combat terrorism are properly prioritized and focused. Thus, risk management, as applied in the homeland security context, can help to more effectively and efficiently prepare defenses against acts of terrorism and other threats. A risk management approach entails a continuous process of managing risk through a series of actions, including setting strategic goals and objectives, performing risk assessments, evaluating alternative actions to reduce identified risks by preventing or mitigating their impact, selecting actions to undertake by management, and implementing and monitoring those actions. Stronger Layered Defenses for Aviation Security in Place, Though We Reported More Needs to Be Done to Enhance Passenger Screening Operations and Security of Other Transportation Modes: TSA and other agencies have taken steps to strengthen the various layers of commercial aviation defense--including passenger prescreening (conducted after a reservation is made), passenger checkpoint screening (conducted once passengers are at the airport and proceeding to the gate with any carry-on bags), and in-flight security- -that were exploited by the hijackers on 9/11. Many of the vulnerabilities related to these areas have been addressed through new legislation passed by Congress and policies and procedures taken by various federal agencies, though opportunities exist for additional improvements. For example, passengers selected for additional screening after they make their airline reservations receive greater scrutiny prior to boarding, but we have reported that more work is needed to help ensure the process for identifying passengers who are selected results in accurate identification, and TSA has yet to take full responsibility for this process, as mandated. In other areas, passenger checkpoint screening procedures and technologies have been enhanced to aid in detecting prohibited items, and security measures for preparing or responding to in-flight on-board threats, and coordinating responses from the ground, have been strengthened. In addition, other layers of defense in our aviation system have been strengthened, such as checked baggage and air cargo screening, though challenges remain. In baggage screening, for example, while TSA now screens 100 percent of checked baggage using explosive detection systems, enhancing the effectiveness of current baggage screening technologies--and finding the most cost- effective approaches for deploying baggage screening systems to detect explosives--remains challenging. Finally, because we cannot afford to protect everything against all threats in the post-9/11 era, choices must be made about targeting security priorities. Thus, great care needs to be taken to assign available resources to address the greatest risks, along with selecting those strategies that make the most efficient and effective use of resources--within aviation as well as among other transportation security modes, such as passenger rail and maritime industries. TSA and other federal agencies have begun focusing on identifying and prioritizing security needs in these and other areas using a risk-based approach to guide security-related decision making. In addition, efforts are under way to enhance cooperation with domestic and international partners on a broad array of security concerns. While Many of the Aviation Vulnerabilities of 9/11 Have Been Addressed, TSA and Other Agencies Continue Efforts to Further Strengthen Aviation Security: At the time of the 9/11 attacks, federal and airline industry rules for commercial airline travel reflected a system that sought to balance security concerns with the need to facilitate consumer travel and manage growing demand. The events of that day revealed many ways in which more stringent security measures were needed for a commercial aviation system that was evidently vulnerable to terrorism. In particular, the nation's layered system of defense for aviation-- including passenger prescreening, passenger checkpoint screening, and in-flight security measures--were not designed to stop the terrorist hijackers from boarding and taking control of the aircraft. A review of aviation security conditions in place prior to 9/11, and the many federal actions taken since then to mitigate the known vulnerabilities, suggest that we have come a long way toward making air travel safer. That said, our work, and that of others, has identified additional actions that are needed to resolve strategic and operational barriers to further enhance the layers of defense for the nation's aviation system. Domestic Airline Passenger Prescreening Procedures Have Been Enhanced but We Have Reported That More Work Is Needed to Help Ensure Accuracy in Matching Passengers' Identities against Terrorist Watch Lists: The prescreening of passengers--the process of identifying passengers who may pose a security risk before they board an aircraft--is an important first layer of defense that is intended to help officials focus security efforts on those passengers representing the greatest potential threat. At the time of the attacks, the passenger prescreening process was made up of two components performed by air carriers in conjunction with FAA: (1) a process to compare passenger names with names on a government-supplied terrorist watch list (i.e., the identity-matching process); and (2) a computer-assisted prescreening system that was used to select passengers requiring additional scrutiny. With respect to the first of these passenger prescreening components, after passengers made their airline reservations, the air carriers used the information passengers had provided (such as name and address) to check them against a no-fly list--a government watch list of persons who were considered by the FBI to be a direct threat to U.S. civil aviation, and which was distributed to the U.S. air carriers by FAA. None of the 19 hijackers who purchased their airline tickets for the four 9/11 flights in a short period at the end of August 2001 using credit cards, debit cards, or cash, was on the no-fly list. This list contained the names of just 12 terrorist suspects; the information for the no-fly list came from one source, the FBI. Other government lists in place at the time contained the names of many thousands of known and suspected terrorists--but were not used to prescreen airline passengers. In the aftermath of the terrorist attacks, the federal government recognized that effective prescreening of airline passengers largely depended on obtaining accurate, reliable, and timely information on potential terrorists and gave priority attention to, among other things, developing more comprehensive and consolidated terrorist watch lists. In response, in part, to recommendations by us,[Footnote 20] government watch lists were subsequently consolidated into a terrorist screening database--also known as the consolidated watch list-- maintained by the FBI's Terrorist Screening Center.[Footnote 21] The consolidated watch list maintained by the center is the U.S. government's master repository for all known and suspected international and domestic terrorist records used for watch list- related screening. This watch list database contains records from several sources, including the FBI's list of terrorist organizations and information from the intelligence community on the identity of any known terrorists with international ties.[Footnote 22] For aviation security purposes, a portion of this consolidated watch list is exported by the Terrorist Screening Center and incorporated into TSA's no-fly and selectee lists.[Footnote 23] (While according to TSA, persons on the no-fly list should be precluded from boarding an aircraft bound for, or departing from, the United States, any person on the selectee list is to receive additional screening before being allowed to board.) TSA provides updated lists to air carriers for use in prescreening passengers and provides assistance to air carriers in determining whether passengers are a match with persons on the lists. As of June 2006, the number of records in the consolidated watch list that had been extracted for the no-fly and selectee lists had been increased significantly (up from 12 records available on 9/ 11).[Footnote 24] With respect to the second component of passenger prescreening, a computer-assisted prescreening system was in place on 9/11, in which data related to a passenger's reservation and travel itinerary were compared by the air carriers against behavioral characteristics used to identify passengers who appeared to pose a higher than normal risk, and who therefore would be selected for additional security attention prior to their flights.[Footnote 25] While nine of the 9/11 terrorists were selected for additional scrutiny by the air carriers' computer-assisted prescreening process, there was little consequence to their selection because, at the time, selection only entailed having one's checked baggage screened for explosives or held off the airplane until one had boarded; it was not geared toward identifying the weapons and tactics used by the hijackers.[Footnote 26] The consequences of selection reflected the view that non-suicide bombing was the most substantial risk to domestic aircraft and were designed to identify individuals who might try to bomb a passenger jet using methods similar to those employed in the 1988 bombing of Pan Am Flight 103 over Lockerbie, Scotland, in which a bomb was placed in checked luggage. After the passage of ATSA in November 2001, which created TSA as the agency responsible for ensuring the security of aviation and other transportation modes, TSA took over responsibility for the secondary screening process from the air carriers. TSA subsequently changed the consequences for passengers selected by the prescreening process. Currently, passengers who are selected for secondary prescreening either because they are on TSA's selectee list or because they are selected by an air carrier's computer-assisted passenger prescreening system now receive more comprehensive secondary screening. Specifically, all these selectees not only receive greater passenger- checked baggage screening than nonselectees, as was the case at the time of terrorist attacks, but also receive additional physical screening, such as a hand-search of their luggage and a more thorough physical inspection of their person at the checkpoint. All of these efforts have helped to transform the prescreening process into a more robust layer of defense than existed prior to 9/11. Nevertheless, the federal government still faces challenges related to improving the identity-matching portion of the prescreening process to help ensure that known or suspected terrorists are identified before they can board aircraft. For example, while the process of developing and maintaining terrorist watch lists to be used in the identity- matching process requires continuous effort, and no watch list can ever promise to contain a match for every potential traveler, ensuring the quality of watch list data nevertheless remains a key challenge. Concerns have been raised about the overall quality of the consolidated watch list--in particular, that the quality of data in the watch lists varies, and that the underlying accuracy of the data in the consolidated watch list has not been fully determined. The Department of Justice Inspector General reported in June 2005[Footnote 27] that the Terrorist Screening Center could not ensure the information in the consolidated watch list database maintained by the center was complete and accurate. For example, the database did not contain names that should be included in watch lists, according to the Inspector General, and it contained inaccurate information about some persons who were on the lists. According to the Inspector General's report, the Terrorist Screening Center is working on completing a record-by-record quality assurance review of the watch lists to ensure that each record contains the required data to improve watch list quality. In addition, screening center officials have recently stated that all records on the no-fly list are being re-vetted using newly developed no-fly list inclusion guidance to determine if each individual truly belongs on the list. We have work under way addressing the law enforcement response agencies take when an individual on the watch list is encountered. A second challenge that affects the accuracy of the current identity- matching process relates to the nature of the information available to air carriers and the procedures used to match passenger identities against the no-fly and selectee lists that are part of the consolidated terrorist watch list. Although air carriers are required to compare the information supplied by passengers against the names that appear on the no-fly and selectee lists, there is no uniform identity matching process or common software that all air carriers are required to use to conduct their identity matching procedures. In addition, the technical sophistication of air carrier identity matching techniques also varies. Some identity matching technologies might correctly discriminate between "John Smith" and "John Smythe" when comparing these names against the consolidated terrorist watch list, while others may not. Different identity matching results can lead to a passenger being boarded on one carrier's flight while being denied boarding on another air carrier's flight, including a connecting flight. Although we did not assess the relative accuracy of the various name-matching procedures used to prescreen passengers, inconsistency in these procedures can be problematic for passengers and creates security concerns.[Footnote 28] A third challenge relates to concerns about the disclosure of watch list information outside the federal government. Sharing of watch list data with air carriers, or organizations with whom they contract, creates an opportunity for watch lists to be viewed by parties who may use this information in ways that are detrimental to U.S. interests. For example, if a terrorist group could view the no-fly and selectee lists they would learn which--if any--of their operatives would be able to travel on commercial aircraft to or from the United States unhampered. In addition, the 9/11 Commission stated that there are security concerns with sharing U.S. government watch lists with private firms and foreign countries.[Footnote 29] In an effort to address these security challenges, the commission recommended that TSA take over the domestic watch list identify- matching process from air carriers, and in December 2004, Congress required that the responsibility for the domestic watch list identity- matching process be assumed by TSA.[Footnote 30] While shifting control over the watch list identity-matching process from the airline industry to the federal government should help address some of the limitations of the current process, for over 3 years, TSA has faced significant challenges in developing and implementing a new and more reliable identity-matching process, and has not yet taken this function over from air carriers. TSA's Secure Flight[Footnote 31] program--which is to perform the functions associated with determining whether passengers on domestic flights are on government watch lists--is intended to remedy some of the problems in the current identity-matching process. For example, unlike the current system that operates as part of each air carrier's reservation system, Secure Flight would be operated by TSA--and TSA, rather than the air carriers, would be responsible for matching passengers' names against the no-fly and selectee information maintained in the consolidated watch list (this information is currently transmitted to air carriers) as well as information from other watch lists. This approach would, among other benefits, eliminate the need to distribute terrorist watch list information outside the federal government as part of passenger prescreening. In addition, Secure Flight is intended to address the problem related to the lack of standard procedures among air carriers for obtaining passenger-supplied data by defining what type of passenger information is required. Secure Flight also plans, among other things, to use research analysts to resolve discrepancies in the matching of passenger data to data contained in the database. However, we have reported that, taken as a whole, the development of Secure Flight has not been effectively managed--has not, in fact, been implemented--and is at risk of failure. We have reported on multiple occasions that the Secure Flight program has not met key milestones, or finalized its goals, objectives, and requirements and have recommended that TSA take numerous steps to help to develop the program. For example, to help manage risk associated with Secure Flight's continued development and implementation, we recommended in March 2005 that TSA finalize the system requirements and develop detailed test plans to help ensure that all Secure Flight system functionality is properly tested and evaluated. We also recommended that TSA develop a plan for establishing connectivity among the air carriers, CBP, and TSA to help ensure the secure, effective, and timely transmission of data for use in Secure Flight operations. In early 2006, TSA suspended development of Secure Flight and initiated a reassessment, or rebaselining, of the program, to be completed before moving forward. Our work reviewing air carriers' current processes has identified two air carriers that are enhancing their identity-matching systems, since it remains unclear when TSA will take over the passenger identity-matching function through Secure Flight. However, any improvements made to the accuracy of an individual air carrier's identity-matching system will not apply system-wide and could further exacerbate differences that currently exist among the various air carriers' systems. These differences may result in varying levels of effectiveness in the matching of passenger names against the terrorist watch list. At Congress's request, we are continuing to monitor TSA's progress to develop Secure Flight. (See app. III for a list of GAO products related to domestic passenger prescreening, including Secure Flight.) CBP Faces Challenges Obtaining Data Needed To Prescreen Travelers on International Flights before Takeoff: The ongoing security concerns about prescreening for domestic flights, including disclosure of watch list information outside the government and the quality of information used for the identity-matching process, also pertain to international flights departing from or traveling to the United States. As with domestic passenger prescreening, air carriers conduct an initial match of passenger names against terrorist watch lists--the no-fly and selectee lists--before international flights depart to or from the U.S. using information that passengers supply when they make their reservations. Customs and Border Protection (CBP)--the DHS agency responsible for international passenger prescreening--supplements the identity-matching conducted by air carriers by comparing more reliable passenger information collected from passports against the terrorist watch lists and other government databases for international flights.[Footnote 32] (This information is considered more reliable because passport data is not self-reported.) However, the current process does not require the U.S. government's identity-matching procedures be completed prior to the departure of international flights traveling to or from the United States.[Footnote 33] As a result, passengers thought to be a risk to commercial aviation have successfully boarded flights. For example, in calendar year 2005, a number of passengers previously identified by the U.S. government as direct threats to the security of commercial aviation boarded international flights traveling to or from the United States, according to agency incident reports.[Footnote 34] In seven cases, the resulting risk was deemed high enough to divert the flight from its intended U.S. destination, resulting in costs to the air carriers, delays for passengers, and government intervention. While none of the flights resulted in an attempted hijacking or other security incidents, these flights nevertheless illustrate a continuing vulnerability that high- risk passengers could potentially board international flights and attempt to blow up these aircraft or take control in order to use them as weapons against U.S. interests at home or abroad. To address this vulnerability, as part of the Intelligence Reform and Terrorism Prevention Act of 2004, Congress mandated that DHS issue a proposed plan by February 15, 2005, for completing the U.S. government's identity-matching process before the departure of international flights.[Footnote 35] While CBP did not meet this deadline, the agency issued a proposed rule[Footnote 36] that would eliminate the preliminary screening conducted by air carriers and replace it instead with a process where air carriers select one of two options for transmitting this information earlier to CBP. One option allows air carriers to transmit passport information as each individual passenger checks in. Under this option, CBP would analyze the information against terrorist watch lists, make an immediate (or "real- time") decision about whether the passenger can board the aircraft, and convey this information electronically to the air carrier. Under this approach air carriers could admit passengers for flights up to 15 minutes before departure. The second option allows air carriers to provide all passengers' passport information (in a bulk data transmission) to CBP for verification at least 60 minutes before a flight's departure. Under either option, the government would retain control of the watch lists, resolving this additional security concern. Regardless of which proposed option air carriers choose to pursue, many of CBP's efforts to improve the international prescreening process are still largely in development, and the agency faces several challenges in implementing its proposed solutions. One challenge, in particular, concerns stakeholder coordination. CBP must rely on a variety of stakeholders to provide input or to implement aspects of the prescreening process, including air carriers, industry associations, foreign governments, and other agencies within and outside DHS. One coordination challenge involves aligning international aviation passenger prescreening with TSA's development of its Secure Flight program for prescreening passengers on domestic flights. Ensuring that this coordination effort aligns with Secure Flight is important to air carriers, since passengers may have both a domestic and an international part to their itinerary. If these prescreening processes are not coordinated, passengers may be found to be high-risk on one flight and not high-risk on another flight, resulting in air carrier confusion and a potential security hazard. We have recently recommended that DHS take additional steps and make key policy and technical decisions (in order to determine, for example, the data and identity- matching technologies that will be used) that are necessary to more fully coordinate CBP's international prescreening program with TSA's prospective domestic prescreening program, Secure Flight.[Footnote 37] (See app. III for a list of GAO products related to domestic and international passenger prescreening.) GAO Concluding Observations--Passenger Prescreening: While passenger prescreening represents a more secure layer of defense today than it did on 9/11, there is still a need for DHS, TSA, and CBP to follow through on congressional requirements and recommendations we have made to improve the process. Specifically, TSA must still comply with a congressional requirement for transferring responsibility for the passenger identity-matching process from air carriers to TSA for domestic flights. In addition, we made a recommendation in November 2006, which DHS has taken under consideration, aimed at helping the agency to enhance coordination between CBP's international prescreening program and TSA's prospective domestic prescreening program, Secure Flight. Such efforts are necessary to help ensure that the prescreening process--as a first layer of aviation defense--is accurate and effective in identifying potential terrorists who should be denied boarding or receive additional screening, and in ensuring that watch list data are not at risk of disclosure to those wishing to do harm to U.S. interests. Passenger Checkpoint Screening Threat Detection Capabilities Have Been Strengthened and Efforts to Further Enhance Screener Training, Screening Procedures, and Related Technologies Are Under Way: The layer of aviation security most visible to the general public, as well as to terrorists, is the physical screening of passengers and their carry-on bags at airport checkpoints, known as passenger checkpoint screening. The passenger checkpoint screening process involves the inspection of passengers and their carry-on bags to deter and prevent the carriage of any unauthorized explosive, incendiary, weapon, or other dangerous item on board an aircraft. Checkpoint screening is a critical component of aviation security--and one that has long been subject to security vulnerabilities. Passenger checkpoint screening is comprised of three elements: (1) the people responsible for conducting the screening of airline passengers and their carry-on items; (2) the procedures that must be followed to conduct screening; and (3) the technology used in the screening process. TSA has made progress in implementing security-related measures in all these areas, but there are additional opportunities to further enhance aviation security through the people, processes, and technologies involved in passenger checkpoint screening. Prior to the passage of ATSA, the screening of passengers had been performed by private screening companies under contract to the air carriers. The FAA was responsible for ensuring compliance with screening regulations. As we reported in 2000, since 1978, the FAA and the airline industry have continued to face challenges in improving the effectiveness of airport checkpoint screeners, and we reported that screeners were not detecting dangerous objects, including loaded firearms and, in tests conducted by FAA, simulated explosive devices. We attributed screening detection problems primarily to high turnover rates among screeners, among other things. By the time the terrorist attacks occurred, the FAA was already 2 years behind in issuing a regulation in response to a congressional mandate requiring the companies that employ checkpoint screeners to improve their testing and training through a certification program. As the 9/11 Commission report testified, the terrorist hijackers, having escaped watch-list detection during the prescreening process, had to beat only one layer of security--the security checkpoint process--in order to proceed with their plan. The Commission concluded that at the time of the attacks, while walk-through metal detectors and X-ray machines were in use to stop prohibited items, many potentially deadly and dangerous items--such as the box-cutters carried by the hijackers--did not set off metal detectors or were hard to distinguish in an X-ray machine. Moreover, FAA regulations and guidance did not explicitly prohibit knives with blades under 4 inches long. And the standards for what constituted a deadly or dangerous weapon were "somewhat vague," the commission found, and were left up to the discretion of air carriers and their screening contractors. Moreover, secondary screening--whereby passengers coming through the checkpoint with carry-on bags are selected for additional screening--took place, by and large, only when passengers triggered metal detectors. Even when such trigger events occurred, passengers often were cleared to board. For example, of the 5 hijackers who boarded planes at Washington Dulles International Airport on 9/11, three set off metal detectors; they (and one carry-on bag as well) were hand-wanded, the bag swiped for explosive trace detection, and then they were cleared to board. TSA Has Made Progress in Training and Evaluating a Federalized Workforce for Screening Airline Passengers: After 9/11 and as a result of ATSA, TSA assumed responsibility for screeners and screening operations at more than 400 commercial airports, established a basic screener training program, and has conducted annual proficiency reviews and operational testing of screeners, now known as transportation security officers (TSO). TSA has taken numerous steps to develop and evaluate its screening personnel by, among other things, expanding training beyond the basic training requirement through a self-guided on-line learning center, and by providing additional training on threat information, explosives detection, and new screening approaches. While these efforts and others taken by the agency have helped TSA to develop and evaluate appropriate workforce skills, we have recommended that TSA take additional steps to ensure that this training is delivered. For example, at some airports we have visited, TSOs encountered difficulty accessing and completing recurrent (refresher) training because of technological and staffing constraints. In May 2005, TSA stated that it had a plan for deploying high speed Internet connections at airports. The President's 2007 budget request reported that approximately 220 of the nation's 400 commercial airport and field locations have full information technology infrastructure installation. (See app. III for a list of GAO products related to screener workforce issues.) Passenger Checkpoint Screening Procedures Have Been Enhanced to Improve Security and Procedures Are Regularly Modified to Reflect Current Conditions: In addition to TSA's efforts to train and deploy a federal screener workforce, steps also have been taken to strengthen checkpoint screening polices and procedures to enhance security. One of the most important differences of the current checkpoint screening system compared to the system in place on 9/11 is the additional physical screening that certain passengers selected by the prescreening process, as discussed earlier, must undergo at the checkpoint. In addition, certain screening procedures performed by TSOs, or other authorized TSA personnel, are now mandatory for all passengers. Prior to entering the sterile area of an airport--the area within the terminal where passengers wait to board departing aircraft--all passengers must be screened by a walk-through metal detector and their carry-on items must be X-rayed. Passengers whose carry-on baggage alarms the x-ray machine, passengers who alarm the walk-through metal detectors, or passengers who are selected by the air carriers' passenger prescreening system,[Footnote 38] all receive additional screening. These passengers may be screened by hand-wand or pat-down or have their carry-on items screened for explosive traces or physically searched. Figure 2 shows the functions performed as part of passenger checkpoint screening. Figure 2: Passenger Checkpoint Screening Functions: [See PDF for image] Source: GAO and Nova Development Corporation. Note: ETD refers to explosive trace detection equipment in which bags are swabbed to test for chemical traces of explosives. [End of figure] Because history has shown that terrorists will adapt their tactics and techniques in an attempt to bypass increased security procedures, and are capable of developing increasingly sophisticated measures in an attempt to avoid detection, TSA leadership has emphasized the need to continually test or implement new screening procedures to further enhance security in response to changing conditions. We have ongoing work on how TSA modifies and implements passenger checkpoint screening procedures and plan to issue a report in February 2007. Last year, we testified that TSA security-related proposed changes to checkpoint screening procedures are based on risk-based factors, including previous terrorist incidents, threat information, vulnerabilities of the screening system, as well as operational experience and stakeholder concerns. Recommended modifications to passenger checkpoint screening procedures are also generated based on covert testing conducted by TSA officials and the DHS Office of Inspector General (OIG). Covert tests are designed to assess vulnerabilities in the checkpoint screening system to specific threats, such as vulnerability to the various methods by which terrorists may try to conceal handguns, knives, and improvised explosive devices (IED). We have ongoing work evaluating TSA's covert testing efforts and expect to report our results later this year. TSA Is Exploring New Technologies to Enhance Detection of Explosives and Other Threats: The ever changing terrorist threat also necessitates continued research and development of new technologies and the fielding of these technologies to strengthen aviation security. The President's fiscal year 2007 budget request notes that emerging checkpoint technology may enhance the detection of prohibited items, especially firearms and explosives, on passengers. Furthermore, the DHS OIG has reported that significant improvements in screener performance may not be possible without greater use of new technology, and has encouraged TSA to expedite its technology testing programs and give priority to technologies that will enable screeners to better detect both weapons and explosives.[Footnote 39] TSA has recently put increased focus on the threats posed by IEDs and is investing in technology for this purpose. For example, since the September 11 attacks, 94 explosive- detection-trace portal machines have been installed at 37 airports. (These machines detect vapors and residues of explosives, including IEDs.) In addition, as of May 2006, TSA had conducted, or planned to conduct, evaluations of nine new types of passenger screening technology, including, for example, technology that would screen bottles for liquid explosives. It is important that TSA continue to invest in and develop technologies for detecting explosives This is especially important in light of the alleged August 2006 plot to detonate liquid explosives on board multiple commercial aircraft bound for the United States from the United Kingdom. We are currently evaluating DHS's and TSA's progress in planning for, managing, and deploying research and development programs in support of airport checkpoint screening operations. We expect to report our results later this year. (See app. III for a list of GAO products related to passenger checkpoint screening.) GAO Concluding Observations--Passenger Checkpoint Screening: As with passenger prescreening, the checkpoint screening system in place today is far more robust, reflects more rigorous screening requirements, and deploys better trained staff, than in the years leading up to the terrorist attacks. In its list of recommended actions that the government should take to protect against and prepare for future terrorist attacks, the 9/11 Commission suggested that improving checkpoint screening should be a priority. TSA has largely accomplished this goal, though as with all aspects of aviation security, efforts to further enhance and strengthen procedures are ongoing. For example, new and emerging technologies for detecting threat objects are likely to help enhance the checkpoint screening process. In-flight Security Measures in Preparing For or Responding To On-board Threats, and Coordinating Responses from the Ground, Have Been Strengthened: Security protocols and policies for preparing for or responding to threats that occur on board flights already in progress, and coordinating responses to such security events from the ground, have changed significantly since 9/11. With respect to on-board security measures, the airline cabin and flight crews on duty on 9/11 were neither trained for nor prepared to deal with the events that unfolded once the hijackers were on board. Though in-flight security was regarded as a layer of defense in the commercial aviation system, FAA's security training guidelines at the time did not contemplate suicide hijackers, with aircraft used as guided missiles, as a likely scenario. Flight crews had been taught to cooperate, rather than resist, during an emergency. As with the prescreening and checkpoint screening processes, the ability of the hijackers to manipulate flight crews and penetrate the captain's cockpit revealed serious weaknesses of in- flight security. In-flight security has since been strengthened in several ways to help mitigate the likelihood of terrorists being able take over an aircraft. For example, TSA established the Federal Flight Deck Officer program in 2002. The program trains eligible flight crew members in the use of force to defend against an act of criminal violence or air piracy. These flight deck officers are deputized as federal law enforcement officers, and may transport and carry a TSA-issued firearm, in a manner approved by TSA. In addition, FAA directed air carriers to harden their cockpit doors[Footnote 40] and Congress expanded the decades-old Federal Air Marshal Service by mandating in ATSA the deployment of air marshals, on board all high-security risk flights. Before 9/11, there were 33 air marshals altogether; now there are thousands.[Footnote 41] A key aspect of air marshals' operating procedures is the discreet (semicovert) movement through airports as they check in for their flight, transit screening checkpoints, and board the aircraft. TSA has also taken steps to ensure that flight and cabin crew members- -among the last lines of defense--are prepared to handle potential threat conditions on board commercial aircraft. The revised guidance and standards TSA developed for air carriers to follow in developing and delivering their flight and cabin crew member security training is a positive step forward in strengthening the security on board commercial aircraft. This training includes, among other things, teaching crew members how to search a cabin for explosive devices. Congress also mandated TSA to implement an advanced voluntary crew member self-defense training program for flight and cabin crew members; this training is ongoing. With respect to coordinating responses to on-board threats from the ground, the events of 9/11 revealed the importance of prompt interagency communication to allow for a unified, coordinated response to airborne threats. Once an in-flight security threat is identified, rapid and effective information sharing among agencies on the ground is critical to ensure that each agency can respond according to its mission and that the security threat is handled in the safe manner. The 9/11 Commission Report stated that a weakness in aviation security exploited by the terrorists included a lack of protocols and capabilities in executing a coordinated FAA and military response to multiple hijackings and suicidal hijackers. According to the commission, the response on 9/11 of the Department of Defense's North American Aerospace Defense Command (NORAD), which is responsible for securing U.S. airspace, was hindered in part by lack of real-time communications with FAA and defense and intelligence agencies. For instance, a shootdown authorization was not communicated to the NORAD air defense sector until 28 minutes after United 93 had crashed in Pennsylvania.[Footnote 42] Moreover, the commission noted, planes did not know where to go or what targets they were to intercept. And once the shootdown order was given, it was not communicated to the pilots. To address the communications and coordination problems that were highlighted by 9/11, many federal agencies, including the FAA, DOD, and TSA, have taken action. For example, the FAA--which is responsible for managing aircraft traffic entering into or operating in U.S. airspace- -established an unclassified teleconference system, called the Domestic Events Network, designed to gather and disseminate information for all types of security threats. The network is monitored by approximately 60 users from a variety of federal agencies as well as state and local entities. This network was originally established as a conference call on the morning of 9/11 to coordinate the federal response to the hijacked aircraft and it has remained in existence since then, serving as a basis for interagency cooperation. Any Domestic Events Network user can broadcast information, allowing other agencies on the Network to communicate and monitor a situation in real-time.[Footnote 43] According to FAA officials, domestic air carriers have recently been given the capability to link into the Domestic Events Network, allowing for the air carrier to provide real-time situational updates as they are received from the flight crew onboard the aircraft in question without relying on an intermediary party. Another important interagency communications tool is the Defense Red Switch Network which is a secure, classified network administered by the DOD that allows multiple agencies to discuss intelligence information over a secure line.[Footnote 44] In addition, TSA has established the Transportation Security Operations Center (TSOC), a national center that operates around the clock and coordinates the multi-agency response to in-flight security threats. Air carriers are required to report to TSOC all incidents and suspicious activity that could affect the security of U.S. civil aviation, including any incidents of interference with a flight crew, specific or non-specific bomb threats, and any correspondence received by an aircraft operator that could indicate a potential threat to civil aviation. We have ongoing work analyzing the processes that federal agencies follow to identify, assess, and respond to in-flight security threats and the extent to which interagency coordination problems occurred, if at all, and the steps agencies took to address identified problems. The results of this work, which will be issued in early 2007, will be classified. (See app. III for a list of GAO products related to in-flight security.) GAO Concluding Observations--In-flight Security and Ground-Based Response Efforts: Several actions taken in the months after 9/11--notably, hardened cockpit doors, better emergency response training for airborne flight crews, and the presence of federal air marshals on certain flights-- have helped to ensure that aircraft are both physically safer and better protected from the actions of on-board hijackers or terrorists. Federal actions also have been taken in response to the communications and coordination failures that occurred on 9/11 in order to enhance coordinated responses to onboard security threats from the ground. Our ongoing work will discuss, among other things, the process federal agencies follow to identify, assess, and respond to security threats, and the challenges, if any, that have arisen in agencies' coordination efforts and steps taken to deal with them. Areas of Aviation System Not Exploited by 9/11 Terrorists Also Have Been Strengthened, though Implementation and Resource Challenges Remain: Two aspects of commercial aviation that were not directly implicated in the 9/11 scenario--checked baggage screening and air cargo screening-- are nonetheless recognized as important components of a layered system of aviation defense. Congress and TSA have taken steps to enhance the security of both in the years since 9/11, though resource and technology challenges remain. The infrastructure of commercial airport properties, which can pose risks to security by enabling criminals or terrorists to penetrate sensitive areas (such as boarding areas or baggage facilities), also has received congressional and federal attention. In addition, Congress and federal agencies have taken actions to enhance security in the noncommercial aviation sector, specifically, at the nation's general aviation airports--small airports that are home to flight training schools as well as privately owned aircraft. TSA Has Installed Baggage Screening Explosive Detection Equipment at Most Airports and Has Begun to Identify Costs, Benefits, and Technologies for Further Optimizing Baggage Screening: With respect to checked baggage screening, at the time of the attacks, there was no federal requirement to screen all checked baggage on domestic flights. In some cases, air carriers screened checked baggage on commercial flights for bulk quantities of explosives using X-ray screening equipment similar to that used for medical CAT scans. As the Congressional Research Service reported a month after the attacks, the availability and cost of baggage screening X-ray equipment, along with the time it took to screen a bag, did not permit its use in all airports, on all flights at airports where it was used, or even on all bags on any given flight. In addition, passengers selected by the passenger prescreening process for additional pre-flight scrutiny were either to have their checked bags scanned for explosives or held until they boarded the aircraft. As noted earlier, 5 of the 8 hijackers selected by the passenger prescreening system in place on 9/11 had their checked bags held prior to boarding and three had their bags scanned for explosives. After the attacks, Congress, through ATSA, mandated that all checked baggage at commercial airports be screened using explosive detection systems.[Footnote 45] TSA has worked to overcome equipment challenges, and other challenges, in order to fulfill this mandate, and now reports having the capability to screen 100 percent of checked baggage using two types of screening equipment--explosive detection systems (EDS), which use X-rays to scan bags for explosives, and explosive trace detection systems (ETD), in which bags are swabbed to test for chemical traces of explosives. TSA considers screening with EDS to be superior to screening with ETD because EDS machines process more bags per hour and automatically detect explosives without direct human involvement.[Footnote 46] As of June 2006, in order to screen all checked baggage for explosives at over 400 airports, TSA had procured and installed about 1,600 EDS and 7,200 ETD machines. TSA has begun shifting its focus away from placing these systems primarily in airport lobbies, as had been done initially, because of problems that arose from this configuration. For instance, TSA's placement of stand-alone EDS and ETD machines in airport lobbies resulted in passenger crowding, which presented unsafe conditions and may have added security risks for passengers and airport workers. TSA has begun to focus instead on systematically deploying the configuration of baggage screening equipment that is considered by TSA to be the most efficient, least labor-intensive, and most cost- effective at many airports--in-line EDS. These systems are integrated with airports' baggage conveyor and sorting systems (see fig. 3 for an illustration of the checked-baggage screening system using an in-line EDS machine). TSA has also developed smaller and less expensive stand- alone EDS equipment that may be effective at smaller airports or closer to airline check-in counters. Figure 3: In-line Checked Baggage Screening System: [See PDF for image] Source: GAO and Nova Development Corporation. [End of figure] A TSA cost-benefit analysis of in-line EDS machines being installed at nine airports conducted in May 2004 showed that they could yield significant savings for the federal government and achieve other benefits--including reduced screener staffing requirements and increased baggage throughput (the rate at which bags are processed). Specifically, TSA estimated that in-line baggage screening systems at these nine airports could save the federal government about $1 billion over 7 years. The Intelligence Reform and Terrorism Prevention Act of 2004 mandated and the conference report accompanying the fiscal year 2005 DHS Appropriations Act directed TSA to, among other things, develop a comprehensive plan for expediting the installation of in-line explosive detection systems. To assist TSA in planning for the optimal deployment of checked baggage screening systems, we recommended in March 2005 that TSA systematically evaluate baggage screening needs at airports, including the costs and benefits of installing in-line EDS systems at airports that did not yet have such systems installed. We suggested that such planning should include analyzing which airports should receive federal support for in-line EDS systems based on cost savings that could be achieved from more effective and efficient baggage screening operations and on other factors, including enhanced security. And we recommended that TSA identify and prioritize the airports where the benefits of replacing stand-alone baggage screening systems with in- line systems are likely to exceed the costs of the systems, or where the systems are needed to address security risks or related factors. In February 2006, in response to our recommendation and a legislative requirement to submit a schedule for expediting the installation and use of in-line systems and replacement of ETD equipment with EDS machines,[Footnote 47] TSA provided to Congress its strategic planning framework for its checked baggage screening program. This framework introduced a strategy intended to increase efficiency through deploying EDS to as many airports as practicable, lowering lifecycle costs for the program, minimizing impacts to TSA and airport/ airline operations, and providing a flexible security infrastructure for accommodating growing airline traffic and potential new threats. The framework is an initial step toward: (1) finding the ideal mix of higher-performance and lower-cost alternative screening solutions for the 250 airports with the highest checked baggage volumes, and (2) funding prioritization schedules by airport, by identifying the top 25 airports that should first receive federal funding for projects related to the installation of EDS based on quantitative modeling of security and economic factors, and other factors.[Footnote 48] In addition, partly in response to other recommendations we made, TSA is collaborating with airport operators, air carriers, and other key stakeholders to identify funding and cost sharing strategies (in order to determine how to allocate investments in baggage equipment between the federal government and air carriers) and is focusing its research and development efforts on the next generation of EDS technology. For airports where in-line systems may not be economically justified because of high investment costs, we suggested that a cost- effectiveness analysis be used to determine the benefits of additional stand-alone EDS machines to screen checked baggage in place of the more labor-intensive ETD machines. According to TSA, the agency is conducting an analysis of the airports that rely heavily on ETD machines and determined if they would benefit from also having stand- alone EDS equipment. (See app. III for a list of GAO products related to checked baggage screening.) TSA Has Strengthened Oversight and Inspection of Air Cargo but We Have Reported That More Work Is Needed to Ensure Shippers Comply with Security Requirements and Address Potential Resource Challenges: In the aftermath of the 9/11 terrorist attacks, the security of cargo carried on both passenger and all-cargo aircraft became a growing concern both to the public and to members of Congress. Since the attacks, several instances of human stowaways in the cargo holds of all- cargo aircraft have further heightened the concern over air cargo security by revealing vulnerabilities that could potentially threaten the entire air transportation system. TSA has the responsibility for ensuring the security of air cargo, including, among other things, establishing security rules and regulations covering domestic and foreign passenger carriers that transport cargo, domestic and foreign all-cargo carriers, and domestic indirect air carriers (companies that consolidate air cargo from multiple shippers and deliver it to air carriers to be transported); and has responsibility for overseeing implementation of air cargo security requirements by air carriers and indirect air carriers through compliance inspections. In general, TSA inspections are designed to ensure that air carriers comply with air cargo security requirements, while air carrier inspections focus on ensuring that cargo does not contain weapons, explosives, or stowaways (see fig. 4). Figure 4: Air Cargo Being Loaded and Inspected Using an Explosive Detection System: [See PDF for image] Source: GAO(picture on the left) and TSA(picture on the right). [End of figure] Because safeguarding the nation's air cargo transportation system is a shared public and private sector responsibility, air carriers are generally responsible for meeting TSA's air cargo security requirements, including how employees are to handle and physically inspect cargo. As we reported in October 2005, TSA has implemented a variety of actions intended to strengthen oversight for domestic air cargo security operations conducted by air carriers.[Footnote 49] For air cargo, TSA has increased the number of dedicated air cargo inspectors used to assess air carrier and indirect air carrier compliance with security requirements, issued a regulation in May 2006 to enhance and improve the security of air cargo transportation, and has taken other actions. However, our work identified factors that may limit the effectiveness of these measures. For example: * TSA has primarily relied on its Known Shipper program[Footnote 50] (allowing individuals or businesses with established histories to ship cargo on passenger carriers) to ensure that cargo transported on passenger air carriers is screened in accordance with ATSA, and that unknown shipments are not placed on passenger aircraft. However, at the time of our review, we reported that the Known Shipper program had weaknesses and may not provide adequate assurance that shippers are trustworthy and that air cargo transported on passenger air carriers was secure. For example, the information in TSA's database on known shippers was incomplete because participation was voluntary, and the information in the database may not have been reliable. TSA has addressed this issue through its May 2006 regulation on air cargo security requirements, making it mandatory for air carriers and indirect air carriers to provide information to this database by requiring them to submit data on their known shippers. * TSA established a requirement for random inspection of air cargo reflecting the agency's position that inspecting 100 percent of air cargo was not technologically feasible and would be potentially disruptive to the flow of air commerce. However, this requirement contained exemptions based on the nature and size of cargo that may leave the air cargo system vulnerable to terrorist attack. We recommended in 2005 that TSA reexamine the rationale for existing air cargo inspection exemptions, determine whether such exemptions leave the air cargo system unacceptably vulnerable to terrorist attack, and make any needed adjustments to the exemptions. In September 2006, TSA revised the criteria for exemptions for cargo transported within or from the United States on passenger aircraft. TSA is reviewing the remaining inspection exemptions to determine whether or not they pose an unacceptable vulnerability to the air cargo transportation system. * TSA conducts audits of air carriers and indirect air carriers to ensure that they are complying with existing air cargo security requirements. But TSA has not developed performance measures to determine to what extent air carriers and others are complying with air cargo security requirements. Without performance measures to gauge air carrier and indirect air carrier compliance with air cargo security requirements, TSA cannot effectively focus its inspection resources on those entities posing the greatest risk. In addition, without measures to determine an acceptable level of compliance with air cargo security requirements, TSA cannot assess the performance of individual air carriers or indirect air carriers against national performance averages or goals that would allow TSA to target inspections and other actions on those that fall below acceptable levels of compliance. We recommended that TSA assess the effectiveness of enforcement actions, including the use of civil penalties, in ensuring air carrier and indirect air carrier compliance with air cargo security requirements. We also recommended that TSA develop measures to gauge air carrier and indirect air carrier compliance with air cargo security requirements to assess and address potential security weaknesses and vulnerabilities. * TSA had not analyzed the results of air cargo security inspections to systematically target future inspections on those entities that pose a higher security risk to the domestic air cargo system, or assessed the effectiveness of its enforcement actions in ensuring air carrier compliance with air cargo security requirements. Such targeting is important because TSA may not have adequate resources to inspect all air carriers and indirect air carriers on a regular basis. We recommended that TSA develop a plan for systematically analyzing the results of air cargo compliance inspections and use the results to target future inspections and identify systemwide corrective actions. According to TSA officials, the agency has been working on developing short-term and long-term outcome measures for air cargo security and has begun to analyze inspection results to target future inspections. Finally, with respect to TSA's regulation on air cargo security requirements, in May 2006, TSA estimated that implementing all the provisions in the regulation (including actions already ongoing, such as requiring air carriers to randomly inspect a percentage of air cargo) will cost approximately $2 billion over a 10-year period (2005- 2014). Before the regulation was finalized, industry stakeholders representing air carriers and airport authorities had stated that several of the provisions, such as securing air cargo facilities, screening all individual persons boarding all-cargo aircraft, and conducting security checks on air cargo workers, would be costly to implement. We have not assessed how this regulation, or its costs, may affect TSA or stakeholders. Nor have we undertaken additional work to determine the extent to which TSA's subsequent actions have addressed the weaknesses identified above and our related recommendations. In our work, we concluded that while the cost of enhancing air cargo security can be significant, the potential costs of a terrorist attack, in terms of both the loss of life and property and long-term economic impacts, would also be significant although difficult to predict and quantify. TSA's regulation also covers inbound air cargo security requirements (for cargo originating outside the United States). We currently have an ongoing review assessing the security of inbound air cargo, including the regulation's relevant requirements, and expect to issue this work early this year. Security of Commercial Airport Perimeters and Other Secure Areas Are Being Addressed: Like most other aspects of the aviation system, the security of commercial airport facilities also came under heightened scrutiny after 9/11. Congress included provisions in ATSA to address this aspect of airport security. In particular, ATSA granted TSA the authority to oversee U.S. airport operators' efforts to maintain and improve the security of airport perimeters (such as airfield fencing and access gates), the adequacy of controls restricting unauthorized access to secured areas (such as building entry ways leading to aircraft), and security measures pertaining to individuals who work at airports. Apart from ongoing concerns about the potential for terrorists to gain access to these areas, in 2004, concerns also were raised about security breaches and other illegal activities, such as drug smuggling, taking place at some airports. These events highlighted the importance of strengthening security in these areas. Taken as a whole, airport perimeter security and related areas, along with passenger and baggage screening, comprise key elements of the aviation security environment at commercial airports. We reported in 2004 that TSA had begun evaluating commercial airport security by conducting compliance inspections, among other things, but needed a better approach for assessing how the results of these efforts would be used to make improvements to the entire commercial airport system.[Footnote 51] We also reported that TSA had helped some airport operators to enhance perimeter and access control security by providing funds for security equipment, such as electronic surveillance systems. However, TSA had not, at the time of our review, set priorities for these and other efforts or determined how they were to be funded. We also found that while TSA had taken some steps to reduce the potential security risks posed by airport workers, the agency did not require fingerprint-based criminal history checks for all workers, as ATSA required. To help ensure that TSA is able to articulate and justify future decisions on how best to proceed with security evaluations, fund and implement security improvements (including new security technologies), and implement additional measures to reduce the potential security risks posed by airport workers, we recommended that TSA develop a plan for Congress describing how it would meet the applicable requirements of ATSA. Since our report was issued, TSA made several improvements in these areas, through the issuance of a series of security directives that required enhanced background checks and improved access controls for airport employees who work in restricted airport areas. We have new work planned in this area that will, among other things, examine TSA's further progress in meeting ATSA requirements for reducing the potential security risks posed by airport workers, such as requiring fingerprint-based criminal history checks and security awareness training for all airport workers. We have also recently issued work examining progress toward establishing the Transportation Workers Identification Credential (TWIC) Program.[Footnote 52] TWIC is intended to establish a uniform identification credential for 6 million workers who require unescorted physical or cyber access to secured areas of transportation facilities, including airports. While TWIC was initially intended to meet an ATSA recommendation that TSA consider using biometric access control systems to verify the identity of individuals who seek to enter a secure airport, as of September 2006, TSA had determined that TWIC would be implemented first for workers requiring unescorted access to secure areas at commercial seaports[Footnote 53] and that there were no immediate plans to implement the program in the airport environment. Federal Regulations Issued After 9/11 Requiring Background Checks for Airline Pilots, and Other Measures, Have Enhanced Security at General Aviation Airports: General aviation, as distinguished from commercial aviation, encompasses a wide variety of activities, aircraft types, and airports.[Footnote 54] Federal intelligence agencies have reported in the past that terrorists have considered using general aviation aircraft for terrorist acts--and that the 9/11 terrorists learned to fly at flight schools based at general aviation airports in Florida, Arizona, and Minnesota. We have noted in our work that the extent of general aviation's vulnerability to terrorist attack is difficult to determine. Nevertheless, as we reported in November 2004, TSA and the FAA have taken steps to address security risks to general aviation through regulation and guidance.[Footnote 55] For example, TSA has promulgated regulations requiring background checks of foreign candidates for U.S. flight training schools and has issued security guidelines for general aviation airports. Prior to the September 11 attacks, FAA did not require background checks of anyone seeking a pilot's license. Other measures taken to enhance general aviation security since then include actions by nonfederal general aviation stakeholders who have partnered with the federal government and have individually taken steps to enhance general aviation security. For example, industry associations developed best practices and recommendations for securing general aviation, and have worked with TSA to develop other security initiatives. While these actions represent progress toward enhancing general aviation security, at the time we reported on these efforts, TSA continued to face challenges. Although TSA has issued a limited assessment of threats associated with general aviation, a systematic assessment of threats to, or vulnerabilities of general aviation to determine how to better prepare against terrorist threats, had not been conducted at the time of our November 2004 review because the assessments were considered costly and impractical to conduct at the nearly 19,000 general aviation airports. We recommended that TSA develop and implement a plan to identify threats and vulnerabilities and include, among other things, estimates of funding requirements. Should TSA establish new security requirements for general aviation airports, competing funding needs could challenge the ability of general aviation airport operators to meet these requirements. General aviation airports have received some federal funding for implementing security upgrades since September 11, but have funded most security enhancements on their own. General aviation stakeholders we contacted expressed concern that they may not be able to pay for any future security requirements that TSA may establish. In addition, TSA and FAA are unlikely to be able to allocate significant levels of funding for general aviation security enhancements, given competing priorities of commercial aviation and other modes of transportation. (We made no recommendations related to funding challenges.) We have not undertaken additional work to determine the extent to which subsequent actions taken by DHS or TSA have enhanced general aviation security or have addressed our recommendations. GAO Concluding Observations--Enhancing Security of Layers of Aviation Defense Not Implicated on 9/11: TSA's efforts to address aspects of aviation security other than those directly implicated in the 9/11 attacks have been mixed. On the one hand, TSA has made significant progress in an area where it has direct operational authority--enhancing detection of threat objects in passengers' checked baggage. Thanks to the increased use of technology (explosive detection systems), today's checked baggage undergoes far more scrutiny than before the terrorist attacks. In other areas of aviation, however, where TSA has regulatory and oversight responsibility, but does not take the operational lead, our past work indicates that TSA faced challenges. With respect to air cargo, for example, TSA has implemented a variety of actions intended to strengthen oversight for domestic air cargo security operations conducted by air carriers, including increasing the number of inspectors used to assess air carriers' compliance with air cargo security requirements, but opportunities exist to better ensure that this compliance process is working. Because we do not have recent work on progress made to enhance the security at general aviation airports, we cannot comment further on the extent of progress made in this area. Our ongoing work on airport perimeter security and access controls will allow us to provide an updated assessment of progress later in 2007. Congress and Federal Agencies Are Addressing Security Needs of Transportation Modes in the Post-9/11 Era through Legislation, Risk Management, and Enhanced Cooperation with Domestic and International Partners: In the