Transportation Security Information Sharing:

Stakeholders Generally Satisfied but TSA Could Improve Analysis, Awareness, and Accountability

GAO-12-44: Published: Nov 21, 2011. Publicly Released: Nov 21, 2011.

Additional Materials:

Contact:

Stephen M. Lord
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The U.S. transportation system, comprised of aviation, freight rail, highway, maritime, mass transit and passenger rail, and pipelines, moves billions of passengers and millions of tons of goods each year. Disrupted terrorist attacks involving rail and air cargo in 2010 demonstrate the importance of effective information sharing with transportation security stakeholders. The Transportation Security Administration (TSA) is the lead agency responsible for communicating security-related information with all modes. In response to the Implementing Recommendations of the 9/11 Commission Act of 2007, GAO assessed 1) the satisfaction of transportation stakeholders with the quality of TSA's transportation security information products, 2) satisfaction with mechanisms used to disseminate them, and 3) the extent to which TSA's roles and responsibilities are clearly defined. GAO surveyed 335 aviation, rail, and highway stakeholders (with an 82 percent response rate); reviewed agency planning documents; and interviewed industry associations, transportation stakeholders, and Department of Homeland Security officials. An electronic supplement to this report--GAO-12-67SP--provides survey results.

Transportation stakeholders who GAO surveyed were generally satisfied with TSA's security-related information products, but identified opportunities to improve the quality and availability of the disseminated information. TSA developed a series of products to share security-related information with transportation stakeholders such as annual modal threat assessments that provide an overview of threats to each transportation mode--including aviation, rail, and highway--and related infrastructure. Fifty-seven percent of the stakeholders (155 of 275 who answered this question) indicated that they were satisfied with the products they receive. However, stakeholders who receive these products were least satisfied with the actionability of the information--the degree to which the products enabled stakeholders to adjust their security measures. They noted that they prefer products with more analysis, such as trend analysis of incidents or suggestions for improving security arrangements. Further, not all stakeholders received the products. For example, 48 percent (128 of 264) of the stakeholders reported that they did not receive a security assessment in 2010, such as TSA's annual modal threat assessment. Improving the analysis and availability of security-related information products would help enhance stakeholders' ability to position themselves to protect against threats. Stakeholders who obtained security-related information through TSA's Web-based mechanisms were generally satisfied, but almost 60 percent (158 of 266) of stakeholders GAO surveyed had never heard of the Homeland Security Information Sharing Network Critical Sectors portal (HSIN-CS). DHS views HSIN as the primary mechanism for sharing security-related information with critical sectors, including transportation stakeholders. Forty-three percent of rail stakeholders, 28 percent of highway stakeholders, and 72 percent of aviation stakeholders--who consider TSA's aviation Web Boards as their primary information-sharing mechanism--had not heard of HSIN-CS. Among the 55 stakeholders that had logged on to HSIN-CS, concerns were raised with the ability to locate information using the mechanism. Increasing awareness and functionality of HSIN-CS could help ensure that stakeholders receive security information, including TSA products. Defining and documenting the roles and responsibilities for information sharing among TSA offices could help strengthen information-sharing efforts. Officials from TSA's Office of Intelligence consider TSA's Transportation Sector Network Management offices to be key conduits for providing security-related information directly to stakeholders. However, officials from these offices differed in their understanding of their roles. For instance, officials told GAO that their role was to communicate policy and regulatory information, rather than threat-related information. While TSA officials look to the current Transportation Security Information Sharing Plan for guidance, it does not include key elements of the approach that TSA uses to communicate security-related information to stakeholders. For example, it does not describe the roles of TSA's Field Intelligence Officers, who facilitate the exchange of relevant threat information with local and private entities responsible for transportation security. Clearly documenting roles and responsibilities for sharing security-related information with transportation stakeholders could improve the effectiveness of TSA's efforts and help ensure accountability. GAO recommends that TSA, among other actions, (1) address stakeholder needs regarding the quality of analysis in and availability of its products, (2) increase awareness and functionality of its information sharing mechanisms, and (3) define and document TSA's information sharing roles and responsibilities. DHS concurred with GAO's recommendations.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: In 2013, TSA began publishing a quarterly, multi-modal threat assessment to provide all transportation modes a more up-to-date assessment than the agency's prior assessments of individual modes. According to TSA officials, this assessment is a concise look at the threat to all the modes and is published at both the secret and unclassified levels. As of March 2014, TSA officials stated that the agency's products report trends, tactics, techniques, and procedures to help transportation security owners and operators implement more effective countermeasures. TSA has also integrated intelligence analysis and risk assessment capabilities into its threat analysis, which, according to TSA officials, improved the agency's ability to analyze and share data with its stakeholders. TSA officials also stated that they have added material to their products, such as suspicious activities, current trends and patterns, and indicators and warnings related to each mode, to help stakeholders update and validate their current countermeasures and polices. In April 2014, GAO reviewed examples of TSA transportation security-related information products and found that they included the actionable analysis as described by TSA officials. This recommendation is closed as implemented.

    Recommendation: To help strengthen information sharing with transportation stakeholders and ensure that stakeholders receive security-related information in a timely manner, the Secretary of Homeland Security should direct the Assistant Secretary for the Transportation Security Administration, to the extent possible, to address the need expressed by stakeholders by providing more actionable analysis in TSA's transportation security-related information products.

    Agency Affected: Department of Homeland Security

  2. Status: Open

    Comments: As of March 2014, TSA and DHS officials stated that they continue marketing the Transportation Security Information Sharing Enterprise to federal, state, local, private industry, and international stakeholders. Specifically, TSA officials stated that they have expanded coordination channels based on stakeholder requests and have increased the frequency of stakeholder meetings. However, TSA does not have a plan for targeting this outreach to stakeholders who may be unaware of the security information available through portals on the Homeland Security Information Network. TSA is in the process of developing an information package to raise general HSIN awareness, and has provided its Field Intelligence Officers with information supplied by the HSIN team. In March 2015, TSA stated that it has increased stakeholder awareness and receipt of TSA security-related information products through HSIN since 2012, and provided data showing that annual HSIN views for TSA intelligence products have increased each year since 2012, from almost 14,000 in calendar year 2012 to almost 45,000 in calendar year 2014. While TSA reported that it increased the use of HSIN for TSA security-related information, TSA did not provide evidence of increased outreach efforts to aviation, rail, and highway stakeholders regarding their receipt of security-related information products and their availability on HSIN, as stated in the recommendation. To fully address this recommendation, TSA needs to provide evidence of such outreach efforts.

    Recommendation: To help strengthen information sharing with transportation stakeholders and ensure that stakeholders receive security-related information in a timely manner, the Secretary of Homeland Security should direct the Assistant Secretary for the Transportation Security Administration, in coordination with other DHS components, to conduct targeted outreach efforts to aviation, rail, and highway stakeholders to increase the number of transportation stakeholders who are receiving security-related information products and are made aware of security information available through the HSIN-CS portal.

    Agency Affected: Department of Homeland Security

  3. Status: Closed - Implemented

    Comments: In response to this recommendation, in June 2012, TSA told us it had developed a project plan to enhance information sharing by working with the DHS, TSA, and HSIN user communities to address HSIN portal design and protocols to improve the timeliness and accessibility of information. As of March 2014, TSA had coordinated with DHS in the transition to the Homeland Security Information Network Release 3 (HSIN R3), which was launched in September 2013. As noted in a July 2013 DHS Inspector General Report, the ability to improve the search and retrieval of content using standardized content tagging terms was one of six capability gaps that HSIN R3 was designed to address. TSA also has a full-time Information Sharing Analyst who works with DHS on HSIN R3 compliance. In addition, HSIN and TSA officials stated that they have collaboratively sought to expand reporting capability on stakeholder metrics and to make HSIN more user-friendly. TSA officials stated that HSIN R3 has improved capabilities for retrieving information. This recommendation is closed as implemented.

    Recommendation: To help strengthen information sharing with transportation stakeholders and ensure that stakeholders receive security-related information in a timely manner, the Secretary of Homeland Security should direct the Assistant Secretary for the Transportation Security Administration to coordinate with other DHS components to improve the ability to readily locate information in TSA security-related information products on HSIN-CS.

    Agency Affected: Department of Homeland Security

  4. Status: Closed - Implemented

    Comments: We found that TSA lacked outcome-oriented performance measure to assess the effectiveness of its outreach and security-related product dissemination to transportation stakeholders through HSIN. As a result, we recommended that TSA establish such measures to help assess the results of its efforts to provide useful and timely transportation security information through HSIN. In March 2015, TSA approved the establishment of two performance measures related to its information-sharing efforts, including products disseminated through HSIN. These measures will assess whether customers report satisfaction with TSA's products, and whether customers report that they found the information valuable. These measures are consistent with our recommendation.

    Recommendation: To help strengthen information sharing with transportation stakeholders and ensure that stakeholders receive security-related information in a timely manner, the Secretary of Homeland Security should direct the Assistant Secretary for the Transportation Security Administration to establish outcome-oriented performance measures to help assess the results of efforts to provide useful and timely transportation security information through the HSIN-CS portal.

    Agency Affected: Department of Homeland Security

  5. Status: Open

    Comments: In March 2015, TSA provided documentation that a copy of its 2014 Transportation Security Information Sharing Environment was posted on HSIN, which makes it accessible to transportation stakeholders. According to TSA, the TSISE details TSA's information sharing program, including the divisions involved, dissemination channels, and products. While the 2014 TSISE provides a broad overview of the information-sharing program and the relevant TSA divisions, it does not provide information at a level of detail to address several issues raised in our report. Specifically, we identified instances in which internal TSA offices had different understandings of their roles and responsibilities in the information-sharing program. While the TSISE identifies areas of responsibility at a high level, it does not provide internal direction to TSA offices on their specific roles and responsibilities, or share that type of information with stakeholders. Further, we found that, at the time of our work, TSA did not describe two key information-sharing functions and programs, including Aviation Web Boards, and the Field Intelligence Officer Program. The 2014 TSISE does not describe the Aviation Web Boards, and does not provide a detailed description of the Field Intelligence Officer Program. To fully address this recommendation, TSA needs to provide evidence that these areas have been more clearly documented.

    Recommendation: To help strengthen information sharing with transportation stakeholders and ensure that stakeholders receive security-related information in a timely manner, the Secretary of Homeland Security should direct the Assistant Secretary for the Transportation Security Administration to clearly define and document the specific information-sharing programs, activities, roles, and responsibilities for each TSA division and provide this information to the appropriate stakeholder groups.

    Agency Affected: Department of Homeland Security

 

Explore the full database of GAO's Open Recommendations »

May 26, 2015

May 21, 2015

May 20, 2015

May 18, 2015

Apr 23, 2015

Apr 21, 2015

Apr 14, 2015

Mar 24, 2015

Mar 6, 2015

Mar 4, 2015

Looking for more? Browse all our products here