TSA Improved Risk Assessment but Could Further Improve Training and Information Sharing
GAO-11-688T: Published: Jun 14, 2011. Publicly Released: Jun 14, 2011.
Alleged terrorist plots against rail systems in major U.S. cities have increased focus on these systems. The Transportation Security Administration (TSA), within the Department of Homeland Security (DHS), is the primary federal agency responsible for rail security. This testimony addresses the following: (1) the extent that DHS has conducted comprehensive risk assessments for the transportation sector, including for rail, (2) technologies available to enhance rail security, (3) TSA's efforts regarding rail security training, and (4) rail stakeholders' satisfaction with security-related information TSA is providing. GAO's testimony is based on GAO reports issued from March 2009 through September 2010, selected updates conducted in May through June 2011, and preliminary results from ongoing work on information sharing. As part of the ongoing work, GAO surveyed the seven largest freight rail carriers (based on revenue) and interviewed security officials from three of these rail carriers selected for location, as well as TSA officials.
TSA has taken steps to conduct comprehensive risk assessments across the transportation sector and within passenger and freight rail modes that combine the three elements of risk--threat, vulnerability, and consequence. For example, in March 2009, GAO reported that TSA had taken actions to implement a risk management approach but had not conducted comprehensive risk assessments for the transportation sector as a whole, and recommended that TSA do so to help ensure that resources are allocated to the highest-priority risks. DHS concurred and in June 2010 produced the Transportation Sector Security Risk Assessment, which assessed risk as a factor of all three risk elements within and across the transportation sector, including rail. GAO has also made recommendations to strengthen risk assessments within individual modes, such as expanding TSA's efforts to include all security threats in its freight rail assessments, including potential sabotage to bridges, tunnels, and other critical infrastructure. DHS concurred and is addressing the recommendations. Several technologies are available to address rail security, such as security cameras, handheld explosive trace detection systems, x-raying imaging systems, and canines. However, technologies are at varying levels of maturity and involve trade-offs in mobility, cost, and privacy. In July 2010, for example, we reported that the ability of explosives detection technologies to help protect the passenger rail environment depends on detection performance and how effectively they can be deployed. TSA has not issued regulations for public transportation and railroad security training programs, as required by the Implementing Recommendations of the 9/11 Commission Act of 2007. In June 2009, GAO reported that TSA had not implemented the training requirement and recommended that DHS develop a plan with milestones for doing so, as called for by project management best practices. DHS concurred, and in June 2011 TSA stated that it had developed a timeline for uncompleted 9/11 Commission Act requirements. TSA also stated that it is finalizing the security training program regulations and expects to issue a Notice of Proposed Rulemaking for public comment by November 2011. Opportunities exist to streamline security information for transit agencies, and preliminary results of ongoing work indicate that some freight rail agencies do not receive actionable information from TSA. In September 2010, GAO recommended that DHS assess opportunities to streamline information-sharing mechanisms to reduce overlap. DHS concurred, and in response it and the rail industry have developed a streamlined product. However, preliminary observations from GAO's ongoing work indicate that some rail stakeholders would prefer to receive actionable security information and analysis from TSA that could allow them to adjust to potential terrorist threats. TSA officials agreed that improvements are needed in the products and mechanisms by which they alert rail agencies of security-related information. GAO will continue to monitor this issue and expects to issue a report by the end of 2011. GAO has made recommendations in prior work to enhance DHS's and TSA's rail security efforts. DHS generally concurred with the recommendations and has actions under way to address them. DHS generally agreed with the preliminary observations in this statement, and provided technical comments, which were incorporated as appropriate.