Better Planning Needed to Help Ensure an Effective Port Security Assessment Program
GAO-04-1062: Published: Sep 30, 2004. Publicly Released: Sep 30, 2004.
Created in the wake of the September 11, 2001, terrorist attacks, the Port Security Assessment Program was designed to evaluate security at the nation's 55 most economically and militarily strategic ports. Implemented by the U.S. Coast Guard, an agency of the Department of Homeland Security, the program focuses on identifying vulnerabilities, suggesting approaches to minimize them, and making the information available to those responsible for developing and implementing portwide security plans. The program has been under way for more than 2 years and has undergone several sets of changes, including the addition of a geographic information system (GIS). GAO was asked to discuss why and how the program changed and assess the Coast Guard's approach for implementing the program in its current form.
Changes in the Port Security Assessment Program reflect attempts to deal with two main developments since the program's inception: evolving assessment needs at the ports and missteps in how the initial assessments were carried out. The program was designed as a comprehensive assessment of each port and its critical assets, such as passenger terminals, factories, cargo facilities, and bridges. However, the need for comprehensive assessments was diminished when many owners and operators of these critical assets began conducting their own assessments to comply with new regulatory requirements or apply for security grants. The program's assessments also proved more expensive than expected, and a GAO review conducted at the time found shortcomings in their quality and usefulness. The current program's assessments are more targeted in scope and nature, including the opportunity for local Coast Guard officials to request reviews of specific assets they do not know enough about. To help local authorities with security planning and response, the Coast Guard decided to incorporate a GIS. A GIS is a computer mapping system designed to have many information "layers" that can be easily updated and retrieved. The Coast Guard expects to complete the assessments at the 55 ports by February 2005, but no timeline exists for making the GIS component operational. Although the revised program holds promise, the implementation approach is at increased risk because the Coast Guard is not taking sufficient steps in the planning process. Contrary to best practices for technology systems development, the GIS is being developed without sufficient up-front work to identify how the system will be expected to perform. Both the GIS component and the program as a whole also lack a project plan detailing tasks, schedules, and costs. In other federal agencies, GAO has identified similar projects that failed when such steps were not followed. The initial response of local Coast Guard officials to the new, targeted assessments is generally positive. However, the assessments could be of greater benefit if functional requirements for the GIS were more clearly defined, so the Coast Guard could use the assessments to address gaps in security knowledge.
- Review Pending
- Closed - implemented
- Closed - not implemented
Recommendation for Executive Action
Recommendation: To help ensure that the revised Port Security Assessment Program provides the most effective tool possible for security planning and response, the Secretary of Homeland Security should direct the Commandant of the Coast Guard to (1) define and document the GIS functional requirements and (2) develop a long-term project plan for the GIS and the Port Security Assessment Program as a whole (including cost estimates, schedule, and management responsibilities).
Agency Affected: Department of Homeland Security: United States Coast Guard
Status: Closed - Implemented
Comments: In fiscal year 2004, we reviewed and reported on the Coast Guard's program to conduct port security assessments of the nation's most strategic economic and military seaports. Among other things, we reported that the Coast Guard had revised the program to include a geographic information system (GIS) to help local authorities more effectively use the assessments for security planning and response. We also reported that the Coast Guard had also revised the scope of the program to take into account information from maritime stakeholders and provide for more targeted assessments of critical infrastructure within the ports. However, we found that the Coast Guard had not defined the functional requirements of the GIS nor had it developed a long-term project plan for the GIS and the program as a whole. Coast Guard officials reported that in December 2005 they completed the process of defining the new GIS functional requirements. With respect to the development of a long-term project plan, the officials stated that a project plan was not completed since the GIS was added to an existing system that was already in place. As for a project plan for the program, Coast Guard officials stated that the assessments were completed in 2006 and the responsibilities for updating assessments and conducting new ones have since been taken up by other interagency teams and local Coast Guard offices, therefore a program project plan was not completed. However, given that the Coast Guard has defined the functional requirements of the GIS, which is the key part of the program still in existence, the overall intent of the recommendation has been met.