GAO Reports: Transportation Security

This page lists the most recent reports and testimonies related to transportation security issued since October 2000 organized in three categories: aviation security, maritime security, and surface transportation security.

Aviation Security

http://www.gao.gov/docsearch/featured/transportationsecurity.html Mon, 23 Nov 2009 01:18:51 -0500 GAO http://www.gao.gov/images/title_object.jpg GAO logo http://www.gao.gov/ Feed provided by GAO. Click to visit. Aviation Security: DHS and TSA Have Researched, Developed, and Begun Deploying Passenger Checkpoint Screening Technologies, but Continue to Face Challenges, October 7, 2009 http://www.gao.gov/new.items/d10128.pdf Since fiscal year 2002, the Transportation Security Administration (TSA) and the Department of Homeland Security (DHS) have invested over $795 million in technologies to screen passengers at airport checkpoints. The DHS Science and Technology Directorate (S&T) is responsible, with TSA, for researching and developing technologies, and TSA deploys them. GAO was asked to evaluate the extent to which (1) TSA used a risk-based strategy to prioritize technology investments; (2) DHS researched, developed, and deployed new technologies, and why deployment of the explosives trace portal (ETP) was halted; and (3) DHS coordinated research and development efforts with key stakeholders. To address these objectives, GAO analyzed DHS and TSA plans and documents, conducted site visits to research laboratories and nine airports, and interviewed agency officials, airport operators, and technology vendors. TSA completed a strategic plan to guide research, development, and deployment of passenger checkpoint screening technologies; however, the plan is not risk-based. According to TSA officials, the strategic plan and its underlying strategy for the Passenger Screening Program were developed using risk information, such as threat information. However, the strategic plan and its underlying strategy do not reflect some of the key risk management principles set forth in DHS's National Infrastructure Protection Plan (NIPP), such as conducting a risk assessment based on the three elements of risk--threat, vulnerability, and consequence--and developing a cost-benefit analysis and performance measures. TSA officials stated that, as of September 2009, a draft risk assessment for all of commercial aviation, the Aviation Domain Risk Assessment, was being reviewed internally. However, completion of this risk assessment has been repeatedly delayed, and TSA could not identify the extent to which it will address all three elements of risk. TSA officials also stated that they expect to develop a cost-benefit analysis and establish performance measures, but officials could not provide timeframes for their completion. Without adhering to all key risk management principles as required in the NIPP, TSA lacks assurance that its investments in screening technologies address the highest priority security needs at airport passenger checkpoints. Since TSA's creation, 10 passenger screening technologies have been in various phases of research, development, test and evaluation, procurement, and deployment, but TSA has not deployed any of these technologies to airports nationwide. The ETP, the first new technology deployment initiated by TSA, was halted in June 2006 because of performance problems and high installation costs. Deployment has been initiated for four technologies--the ETP in January 2006, and the advanced technology systems, a cast and prosthesis scanner, and a bottled liquids scanner in 2008. TSA's acquisition guidance and leading commercial firms recommend testing the operational effectiveness and suitability of technologies or products prior to deploying them. However, in the case of the ETP, although TSA tested earlier models, the models ultimately chosen were not operationally tested before they were deployed to ensure they demonstrated effective performance in an operational environment. Without operationally testing technologies prior to deployment, TSA does not have reasonable assurance that technologies will perform as intended. DHS coordinated with stakeholders to research, develop, and deploy checkpoint screening technologies, but coordination challenges remain. Through several mechanisms, DHS is taking steps to strengthen coordination within the department and with airport operators and technology vendors. Wed, 07 Oct 2009 00:00:00 -0400 Aviation Security: A National Strategy and Other Actions Would Strengthen TSA's Efforts to Secure Commercial Airport Perimeters and Access Controls, September 30, 2009 http://www.gao.gov/new.items/d09399.pdf Incidents of airport workers using access privileges to smuggle weapons through secured airport areas and onto planes have heightened concerns regarding commercial airport security. The Transportation Security Administration (TSA), along with airports, is responsible for security at TSA-regulated airports. To guide risk assessment and protection of critical infrastructure, including airports, the Department of Homeland Security (DHS) developed the National Infrastructure Protection Plan (NIPP). GAO was asked to examine the extent to which, for airport perimeters and access controls, TSA (1) assessed risk consistent with the NIPP; (2) implemented protective programs, and evaluated its worker screening pilots; and (3) established a strategy to guide decision making. GAO examined TSA documents related to risk assessment activities, airport security programs, and worker screening pilots; visited nine airports of varying size; and interviewed TSA, airport, and association officials. Although TSA has implemented activities to assess risks to airport perimeters and access controls, such as a commercial aviation threat assessment, it has not conducted vulnerability assessments for 87 percent of the nation's approximately 450 commercial airports or any consequence assessments. As a result, TSA has not completed a comprehensive risk assessment combining threat, vulnerability, and consequence assessments as required by the NIPP. While TSA officials said they intend to conduct a consequence assessment and additional vulnerability assessments, TSA could not provide further details, such as milestones for their completion. Conducting a comprehensive risk assessment and establishing milestones for its completion would provide additional assurance that intended actions will be implemented, provide critical information to enhance TSA's understanding of risks to airports, and help ensure resources are allocated to the highest security priorities. Since 2004, TSA has taken steps to strengthen airport security and implement new programs; however, while TSA conducted a pilot program to test worker screening methods, clear conclusions could not be drawn because of significant design limitations and TSA did not document key aspects of the pilot. TSA has taken steps to enhance airport security by, among other things, expanding its requirements for conducting worker background checks and implementing a worker screening program. In fiscal year 2008 TSA pilot tested various methods to screen airport workers to compare the benefits, costs, and impacts of 100 percent worker screening and random worker screening. TSA designed and implemented the pilot in coordination with the Homeland Security Institute (HSI), a federally funded research and development center. However, because of significant limitations in the design and evaluation of the pilot, such as the limited number of participating airports--7 out of about 450--it is unclear which method is more cost-effective. TSA and HSI also did not document key aspects of the pilot's design, methodology, and evaluation, such as a data analysis plan, limiting the usefulness of these efforts. A well-developed and well-documented evaluation plan can help ensure that pilots generate needed performance information to make effective decisions. While TSA has completed these pilots, developing an evaluation plan for future pilots could help ensure that they are designed and implemented to provide management and Congress with necessary information for decision making. TSA's efforts to enhance the security of the nation's airports have not been guided by a unifying national strategy that identifies key elements, such as goals, priorities, performance measures, and required resources. For example, while TSA's various airport security efforts are implemented by federal and local airport officials, TSA officials said that they have not identified or estimated costs to airport operators for implementing security requirements. GAO has found that national strategies that identify these key elements strengthen decision making and accountability; in addition, developing a strategy with these elements could help ensure that TSA prioritizes its activities and uses resources efficiently to achieve intended outcomes. Wed, 30 Sep 2009 00:00:00 -0400 Federal Air Marshal Service: Actions Taken to Fulfill Core Mission and Address Workforce Issues, July 23, 2009 http://www.gao.gov/new.items/d09903t.pdf By deploying armed air marshals onboard selected flights, the Federal Air Marshal Service (FAMS), a component of the Transportation Security Administration (TSA), plays a key role in helping to protect approximately 29,000 domestic and international flights operated daily by U.S. air carriers. This testimony discusses (1) FAMS's operational approach or "concept of operations" for covering flights, (2) an independent evaluation of the operational approach, and (3) FAMS's processes and initiatives for addressing workforce-related issues. Also, this testimony provides a list of possible oversight issues related to FAMS. This testimony is based on GAO's January 2009 report (GAO-09-273), with selected updates in July 2009. For its 2009 report, GAO analyzed policies and procedures regarding FAMS's operational approach and a July 2006 classified assessment of that approach. Also, GAO analyzed employee working group reports and related FAMS's initiatives for addressing workforce-related issues, and interviewed FAMS headquarters officials and 67 air marshals (selected to reflect a range in levels of experience). Because the number of air marshals is less than the number of daily flights, FAMS's operational approach is to assign air marshals to selected flights it deems high risk--such as the nonstop, long-distance flights targeted on September 11, 2001. In assigning air marshals, FAMS seeks to maximize coverage of flights in 10 targeted high-risk categories, which are based on consideration of threats, vulnerabilities, and consequences. In July 2006, the Homeland Security Institute, a federally funded research and development center, independently assessed FAMS's operational approach and found it to be reasonable. However, the institute noted that certain types of flights were covered less often than others. The institute recommended that FAMS increase randomness or unpredictability in selecting flights and otherwise diversify the coverage of flights within the various risk categories. In its January 2009 report, GAO noted that the Homeland Security Institute's evaluation methodology was reasonable and that FAMS had taken actions (or had ongoing efforts) to implement the institute's recommendations. To address workforce-related issues, FAMS's previous Director, who served until June 2008, established a number of processes and initiatives, such as working groups, listening sessions, and an internal Web site for agency personnel to provide anonymous feedback to management. These efforts have produced some positive results. For example, FAMS revised its policy for airport check-in and aircraft boarding procedures to help protect the anonymity of air marshals in mission status, and FAMS modified its mission scheduling processes and implemented a voluntary lateral transfer program to address certain quality-of-life issues. The air marshals GAO interviewed expressed satisfaction with FAMS's efforts to address workforce-related issues. The current FAMS Director has expressed a commitment to continue applicable processes and initiatives. Also, FAMS has plans to conduct a workforce satisfaction survey of all employees every 2 years, building upon an initial survey conducted in fiscal year 2007. GAO's review found that the potential usefulness of future surveys could be enhanced by ensuring that the survey questions and the answer options are clearly structured and unambiguous and that additional efforts are considered for obtaining the highest possible response rates. To its credit, FAMS has made progress in addressing various operational and quality-of-life issues that affect the ability of air marshals to perform their aviation security mission. However, sustaining progress will require ongoing consideration by FAMS management--and continued oversight by congressional stakeholders--of key questions, such as how to foster career sustainability for air marshals given that maintaining an effective operational tempo can at times be incompatible with supporting a work-life balance. Thu, 23 Jul 2009 00:00:00 -0400 Aviation Weather: FAA and the National Weather Service Are Considering Plans to Consolidate Weather Service Offices, But Face Significant Challenges, July 16, 2009 http://www.gao.gov/new.items/d09887t.pdf The National Weather Service's (NWS) weather products are a vital component of the Federal Aviation Administration's (FAA) air traffic control system. In addition to providing aviation weather products developed at its own facilities, NWS also provides staff onsite at each of FAA's en route centers--the facilities that control high-altitude flight outside the airport tower and terminal areas. Over the last few years, FAA and NWS have been exploring options for enhancing the efficiency of the aviation weather services provided at en route centers. GAO was asked to summarize its draft report that (1) determines the status and plans of efforts to restructure the center weather service units, (2) evaluates efforts to establish a baseline of the current performance provided by these units, and (3) evaluates challenges to restructuring them. NWS and FAA are considering plans to restructure the way aviation weather services are provided at en route centers, but it is not yet clear whether and how these changes will be implemented. In 2005, FAA requested that NWS restructure its services by consolidating operations to a smaller number of sites, reducing personnel costs, and providing services 24 hours a day, seven days a week. NWS developed two successive proposals, both of which were rejected by FAA--most recently because the costs were too high. FAA subsequently requested that NWS develop another proposal by late December 2008. In response, NWS developed a third proposal that involves consolidating 20 of 21 existing center weather service units into 2 locations. NWS sent this proposal to FAA in early June 2009. FAA officials stated that they plan to respond to NWS's proposal in early August 2009. In response to GAO's prior concerns that NWS and FAA lacked performance measures and a baseline of current performance, the agencies have agreed on five measures and NWS has proposed eight others. In addition, the agencies initiated efforts to establish a performance baseline for 4 of 13 potential performance measures. However, the agencies have not established baseline performance for the other 9 measures. NWS officials stated that they are not collecting baseline information on the 9 measures for a variety of reasons, including that some of the measures have not yet been approved by FAA, and that selected measures involve products that have not yet been developed. While 4 of the 9 measures are tied to new products or services that are to be developed if NWS's latest restructuring proposal is accepted, the other 5 could be measured in the current operational environment. For example, both forecast accuracy and customer satisfaction measures are applicable to current operations. It is important to obtain an understanding of the current level of performance in these measures before beginning any efforts to restructure aviation weather services. Without an understanding of the current level of performance, NWS and FAA may not be able to measure the success of any changes they make to the center weather service unit operations. As a result, any changes to the current structure could degrade aviation operations and safety--and the agencies may not know it. NWS and FAA face challenges in their efforts to improve the current aviation weather structure. These include challenges associated with (1) interagency collaboration, (2) defining FAA's requirements, and (3) aligning any changes with the Next Generation Air Transportation System (NextGen)--a long-term initiative to increase the efficiency of the national airspace system. If the restructuring proposal is accepted, the agencies face three additional challenges in implementing it: (1) developing a feasible schedule that includes adequate time for stakeholder involvement, (2) undertaking a comprehensive demonstration to ensure no services are degraded, and (3) effectively reconfiguring the infrastructure and technologies to the new structure. Unless and until these challenges are addressed, the proposed restructuring of aviation weather services at en route centers has a reducedchance of success. Thu, 16 Jul 2009 00:00:00 -0400 International Aviation: Federal Efforts Help Address Safety Challenges in Africa, but Could Benefit from Reassessment and Better Coordination, June 16, 2009 http://www.gao.gov/new.items/d09498.pdf The African continent is important to U.S. economic, strategic, and foreign policy interests, and efforts have been made to improve commerce and connectivity to benefit the two regions. However, the continent has the highest aviation accident rate in the world, which has hindered progress. Recognizing the importance of improving aviation safety in Africa, the United States and the international aviation community have worked to improve aviation safety in Africa. This congressionally requested report discusses (1) challenges in improving aviation safety in Africa, (2) key U.S. efforts to improve aviation safety in Africa and the extent to which they address the identified challenges, and (3) international efforts to improve aviation safety in Africa. To address these issues, GAO synthesized literature and aviation safety data, interviewed federal officials, and visited four African countries. Improving aviation safety in Africa is an important goal for the United States and the international aviation community. However, achieving that goal presents several challenges. The major challenge is the relatively low priority that political leaders in many African countries have accorded aviation safety, in part because of more pressing concerns such as widespread poverty, national health care issues, and a lack of awareness about the potential benefits of an improved aviation system. This relatively low priority placed on improving safety is reflected in the other challenges that were frequently identified in the literature GAO reviewed and by the officials GAO interviewed. These challenges include weak regulatory systems, inadequate infrastructure, and a lack of technical expertise and training capacity. U.S. assistance to improve aviation safety in Africa has helped to address some challenges. For instance, the Department of Transportation's (DOT) Safe Skies for Africa (SSFA) program--created in 1998 as a presidential initiative--is the principal U.S. effort to improve aviation safety. One of the primary goals of the SSFA program is to increase the number of African countries that meet international aviation safety standards. Through memorandums of agreement, the State Department provides funding for the program and DOT manages the program. DOT and the Federal Aviation Administration work to help African countries meet international aviation safety standards by providing technical assistance and training. However, funding for the program has been inconsistent since its inception, with funding levels ranging from a high of $8.5 million from the Department of State's fiscal year 2003 appropriation to zero from its appropriations in fiscal years 2008 and 2009. DOT officials stated that current budgetary and personnel limitations hamper their ability to effectively implement the program. For example, DOT has currently limited SSFA activities to countries making tangible progress in improving safety, rather than directing activities to all participating countries. Given the potential benefits associated with improved aviation systems, two agencies that focus on economic development--the U.S. Trade and Development Agency and the Millennium Challenge Corporation--have also provided funding for aviation safety-related projects in Africa. However, coordination of U.S. efforts on the continent has not been consistent, because of differences in agency missions and program processes, resulting in potential duplication of effort and missed opportunities to leverage limited resources. Several international efforts have been implemented to assist and encourage African countries in improving their civil aviation systems. For example, in response to widespread concerns about the adequacy of aviation safety oversight on the continent, the International Civil Aviation Organization developed the Comprehensive Regional Implementation Plan for Aviation Safety in Africa to help African countries meet their international obligations for safety oversight. The World Bank also provides funding for African countries to address aviation needs and deficiencies. Tue, 16 Jun 2009 00:00:00 -0400 Aviation Security: TSA Has Completed Key Activities Associated with Implementing Secure Flight, but Additional Actions Are Needed to Mitigate Risks, May 13, 2009 http://www.gao.gov/new.items/d09292.pdf To enhance aviation security, the Department of Homeland Security's (DHS) Transportation Security Administration (TSA) developed a program--known as Secure Flight--to assume from air carriers the function of matching passenger information against terrorist watch-list records. In accordance with a mandate in the Department of Homeland Security Appropriations Act, 2008, GAO's objective was to assess the extent to which TSA met the requirements of 10 statutory conditions related to the development of the Secure Flight program. GAO is required to review the program until all 10 conditions are met. In September 2008, DHS certified that it had satisfied all 10 conditions. To address this objective, GAO (1) identified key activities related to each of the 10 conditions; (2) identified federal guidance and best practices that are relevant to successfully meeting each condition; (3) analyzed whether TSA had demonstrated, through program documentation and oral explanation, that the guidance was followed and best practices were met; and (4) assessed the risks associated with not fully following applicable guidance and meeting best practices. As of April 2009, TSA had generally achieved 9 of the 10 statutory conditions related to the development of the Secure Flight program and had conditionally achieved 1 condition (TSA had defined plans, but had not completed all activities for this condition). Also, TSA's actions completed and those planned have reduced the risks associated with implementing the program. Although DHS asserted that TSA had satisfied all 10 conditions in September 2008, GAO completed its initial assessment in January 2009 and found that TSA had not demonstrated Secure Flight's operational readiness and that the agency had generally not achieved 5 of the 10 statutory conditions. Consistent with the statutory mandate, GAO continued to review the program and, in March 2009, provided a draft of this report to DHS for comment. In the draft report, GAO noted that TSA had made significant progress and had generally achieved 6 statutory conditions, conditionally achieved 3 conditions, and had generally not achieved 1 condition. After receiving the draft report, TSA took additional actions and provided GAO with documentation to demonstrate progress related to 4 conditions. Thus, GAO revised its assessment in this report. Related to the condition that addresses the efficacy and accuracy of search tools, TSA had not yet developed plans to periodically assess the performance of the Secure Flight system's name-matching capabilities, which would help ensure that the system is working as intended. GAO will continue to review the Secure Flight program until all 10 conditions are generally achieved. Wed, 13 May 2009 00:00:00 -0400 Aviation Security: Preliminary Observations on TSA's Progress and Challenges in Meeting the Statutory Mandate for Screening Air Cargo on Passenger Aircraft, March 18, 2009 http://www.gao.gov/new.items/d09422t.pdf The Implementing Recommendations of the 9/11 Commission Act of 2007 mandates the Department of Homeland Security (DHS) to establish a system to physically screen 50 percent of cargo transported on passenger aircraft by February 2009 and 100 percent of such cargo by August 2010. This testimony provides preliminary observations on the Transportation Security Administration's (TSA) progress in meeting the mandate to screen cargo on passenger aircraft and the challenges TSA and industry stakeholders may face in screening such cargo. GAO's testimony is based on products issued from October 2005 through August 2008, and its ongoing review of air cargo security. GAO reviewed TSA's air cargo security programs, interviewed program officials and industry representatives, and visited two large U.S. airports. TSA has made progress in meeting the air cargo screening mandate as it applies to domestic cargo. TSA has taken steps that will allow screening responsibilities to be shared across the air cargo supply chain--including TSA, air carriers, freight forwarders (which consolidate cargo from shippers and take it to air carriers for transport), and shippers--although air carriers have the ultimate responsibility for ensuring that they transport cargo screened at the requisite levels. TSA has taken several key steps to meet the mandate, including establishing a new requirement for 100 percent screening of cargo transported on narrow-body aircraft; revising or eliminating most screening exemptions for domestic cargo; creating the Certified Cargo Screening Program (CCSP) to allow screening to take place at various points in the air cargo supply chain; and establishing a screening technology pilot. Although TSA estimates that it achieved the mandated 50 percent screening level by February 2009 as it applies to domestic cargo, the agency cannot yet verify that the requisite levels of cargo are being screened. It is working to establish a system to do so by April 2009. Also, TSA's screening approach could result in variable percentages of screened cargo on passenger flights. TSA and industry stakeholders may face a number of challenges in meeting the screening mandate, including attracting participants to the CCSP, and technology, oversight, and inbound cargo challenges. TSA's approach relies on the voluntary participation of shippers and freight forwarders, but it is unclear whether the facilities needed to meet TSA's screening estimates will join the CCSP. In addition, TSA has taken some steps to develop and test technologies for screening air cargo, but the agency has not yet completed assessments of these technologies and cannot be assured that they are effective in the cargo environment. TSA's limited inspection resources may also hamper its ability to oversee the thousands of additional entities that it expects to participate in the CCSP. Finally, TSA does not expect to meet the mandated 100 percent screening deadline as it applies to inbound air cargo, in part due to existing inbound screening exemptions and challenges it faces in harmonizing security standards with other nations. Wed, 18 Mar 2009 00:00:00 -0400 Aviation Security: Status of Transportation Security Inspector Workforce, February 6, 2009 http://www.gao.gov/new.items/d09123r.pdf This report was written in response to House Report 110-181, accompanying H.R. 2638, the Department of Homeland Security Appropriations Bill, 2008. In accordance with direction in that report, we are reporting on the operation of the transportation security inspector (TSI) program since it has been located at the Transportation Security Administration (TSA) within the Department of Homeland Security, including the size of the TSI workforce, the roles and responsibilities of TSIs, and the extent to which TSA has a reasonable basis for determining the size of the workforce needed to achieve inspection goals. Fri, 06 Feb 2009 00:00:00 -0500 Aviation Security: Federal Air Marshal Service Has Taken Actions to Fulfill Its Core Mission and Address Workforce Issues, but Additional Actions Are Needed to Improve Workforce Survey, January 14, 2009 http://www.gao.gov/new.items/d09273.pdf By deploying armed air marshals onboard selected flights, the Federal Air Marshal Service (FAMS), a component of the Transportation Security Administration (TSA), plays a key role in helping to protect approximately 29,000 domestic and international flights operated daily by U.S. air carriers. GAO was asked to examine (1) FAMS's operational approach or "concept of operations" for covering flights, (2) to what extent this operational approach has been independently evaluated, and (3) the processes and initiatives FAMS established to address workforce-related issues. GAO analyzed documented policies and procedures regarding FAMS's operational approach and a July 2006 classified report based on an independent evaluation of that approach. Also, GAO analyzed employee working group reports and other documentation of FAMS's processes and initiatives for addressing workforce-related issues, and interviewed the FAMS Director, other senior officials, and 67 air marshals (selected to reflect a range in levels of experience). This report is the public version of a restricted report (GAO-09-53SU) issued in December 2008. Because the number of air marshals is less than the number of daily flights, FAMS's operational approach is to assign air marshals to selected flights it deems high risk--such as the nonstop, long-distance flights targeted on September 11, 2001. In assigning air marshals, FAMS seeks to maximize coverage of flights in 10 targeted high-risk categories, which are based on consideration of threats, vulnerabilities, and consequences. In July 2006, the Homeland Security Institute, a federally funded research and development center, independently assessed FAMS's operational approach and found it to be reasonable. However, the institute noted that certain types of flights were covered less often than others. The institute recommended that FAMS increase randomness or unpredictability in selecting flights and otherwise diversify the coverage of flights within the various risk categories. As of October 2008, FAMS had taken actions (or had ongoing efforts) to implement the Homeland Security Institute's recommendations. GAO found the institute's evaluation methodology to be reasonable. To address workforce-related issues, FAMS's previous director, who served until June 2008, established a number of processes and initiatives--such as working groups, listening sessions, and an internal Web site--for agency personnel to provide anonymous feedback to management on any topic. These efforts have produced some positive results. For example, FAMS revised its policy for airport check-in and aircraft boarding procedures to help protect the anonymity of air marshals in mission status, and FAMS adjusted its flight scheduling process for air marshals to support a better work-life balance. The air marshals GAO interviewed expressed satisfaction with FAMS efforts to address workforce-related issues. Further, the current FAMS Director, after being designated in June 2008 to head the agency, issued a broadcast message to all employees, expressing a commitment to continue applicable processes and initiatives. Also, FAMS has plans to conduct a workforce satisfaction survey of all employees every 2 years, building upon an initial survey conducted in fiscal year 2007. Although the 2007 survey indicated positive changes since the prior year, it was answered by 46 percent of the workforce, well short of the 80-percent response rate that the Office of Management and Budget (OMB) encourages for ensuring that results reflect the views of the target population. OMB guidance gives steps, such as extending the cut-off date for responding, that could improve the response rate of future surveys. Also, several of the 2007 survey questions were ambiguous, and response options were limited. Addressing these design considerations could enhance future survey results. Wed, 14 Jan 2009 00:00:00 -0500 Aviation Security: TSA's Cost and Performance Study of Private-Sector Airport Screening, January 9, 2009 http://www.gao.gov/new.items/d0927r.pdf This report formally responds to Congress' request that GAO review the Transportation Security Administration's (TSA) Screening Partnership Program (SPP). In accordance with the Aviation and Transportation Security Act, TSA created the SPP to allow commercial airports an opportunity to apply to TSA to use private sector screeners through qualified private-screening contractors approved by TSA. In February 2008, TSA issued a report on its study comparing the cost and performance of screening services at SPP and non-SPP airports. Our briefing addresses the following questions: (1) To what extent did the design of TSA's study of the cost and performance of passenger and checked baggage screening services at selected SPP and non-SPP airports affect the usefulness of the study? (2) To what extent has TSA taken actions to identify and eliminate any unnecessary overhead/supervisory redundancies at SPP airports between TSA and contractor personnel? (3) What factors do airport operators cite as having contributed to airports' decisions about whether to participate in the SPP? We are recommending that if TSA plans to rely on its comparison of costs and performance of SPP and non-SPP airports for future decision making, the agency update its study to address the limitations we identified, for example, by including various cost elements that were excluded and conducting statistical tests to determine the level of confidence in any observed differences in screening performance. TSA generally agreed with our findings and recommendation. Fri, 09 Jan 2009 00:00:00 -0500 Transportation Security Administration's Suspension of the Butane Lighter Ban Onboard Commercial Aircraft, December 5, 2008 http://www.gao.gov/new.items/d09177r.pdf This letter formally transmits the briefing in response to the explanatory statement accompanying the Department of Homeland Security Appropriations Act, 2008 (Public Law 110-161, Division E). The statement directed the Comptroller General to report on its assessment of the Transportation Security Administration's (TSA) report to the Committees on Appropriations of the Senate and House of Representatives on the anticipated security benefits and vulnerabilities associated with TSA's decision to suspend enforcement of the prohibition on butane lighters onboard aircraft. Fri, 05 Dec 2008 00:00:00 -0500 Responses to Questions for the Record; September 2008 Hearing on the Next Generation Air Transportation System: Status and Issues, October 20, 2008 http://www.gao.gov/new.items/d09130r.pdf This letter responds to Congress' September 26, 2008, request that GAO address questions submitted for the record by Members of the Committee related to the September 11, 2008, hearing entitled The Next Generation Air Transportation System: Status and Issues. Mon, 20 Oct 2008 00:00:00 -0400 Aviation Security: TSA Is Enhancing Its Oversight of Air Carrier Efforts to Screen Passengers against Terrorist Watch-List Records, but Expects Ultimate Solution to Be Implementation of Secure Flight, September 9, 2008 http://www.gao.gov/new.items/d081136t.pdf Domestic air carriers are responsible for checking passenger names against terrorist watch-list records to identify persons who should be denied boarding (the No Fly List) or who should undergo additional security scrutiny (the Selectee List). The Transportation Security Administration (TSA) is to assume this function through its Secure Flight program. However, due to program delays, air carriers retain this role. This testimony discusses (1) TSA's requirements for domestic air carriers to conduct watch-list matching, (2) the extent to which TSA has assessed compliance with watch-list matching requirements, and (3) TSA's progress in developing Secure Flight. This statement is based on GAO's report on air carrier watch-list matching (GAO-08-992) being released today and GAO's previous and ongoing reviews of Secure Flight. In conducting this work, GAO reviewed TSA security directives and TSA inspections guidance and results, and interviewed officials from 14 of 95 domestic air carriers. TSA's requirements for domestic air carriers to conduct watch-list matching include a requirement to identify passengers whose names are either identical or similar to those on the No Fly and Selectee lists. Similar-name matching is important because individuals on the watch list may try to avoid detection by making travel reservations using name variations. According to TSA, there have been incidents of air carriers failing to identify potential matches by not successfully conducting similar-name matching. However, until revisions were initiated in April 2008, TSA's security directives did not specify what types of similar-name variations were to be considered. Thus, in interviews with 14 air carriers, GAO found inconsistent approaches to conducting similar-name matching, and not every air carrier reported conducting similar-name comparisons. In January 2008, TSA conducted an evaluation of air carriers and found deficiencies in their capability to conduct similar-name matching. Thus, in April 2008, TSA revised the No Fly List security directive to specify a baseline capability for conducting watch-list matching and reported that it planned to similarly revise the Selectee List security directive. While recognizing that the new baseline capability will not address all vulnerabilities, TSA emphasized that establishing the baseline capability should improve air carriers' performance of watch-list matching and is a good interim solution pending the implementation of Secure Flight. TSA has undertaken various efforts to assess domestic air carriers' compliance with watch-list matching requirements; however, until 2008, TSA had conducted limited testing of air carriers' similar-name-matching capability. In 2005, for instance, TSA evaluated the capability of air carriers to identify names that were identical--but not similar--to those in terrorist watch-list records. Also, TSA's internal guidance did not specifically direct inspectors to test air carriers' similar-name-matching capability, nor did the guidance specify the number or types of name variations to be assessed. Records in TSA's database for regular inspections conducted during 2007 made reference to name-match testing in only 61 of the 1,145 watch-list-related inspections that GAO reviewed. During the course of GAO's review, and prompted by findings of the evaluation conducted in January 2008, TSA reported that its guidance for inspectors would be revised to help ensure air carriers' compliance with security directives. Although TSA has plans to strengthen its oversight efforts, it is too early to determine the extent to which TSA will provide oversight of air carriers' compliance with the revised security directives. In February 2008, GAO reported that TSA has made progress in developing Secure Flight but that challenges remained, including the need to more effectively manage risk and develop more robust cost and schedule estimates (GAO-08-456T). If these challenges are not addressed effectively, the risk of the program not being completed on schedule and within estimated costs is increased, and the chances of it performing as intended are diminished. TSA plans to begin assuming watch-list matching from air carriers in January 2009. Tue, 09 Sep 2008 00:00:00 -0400 Aviation Security: TSA Is Enhancing Its Oversight of Air Carrier Efforts to Identify Passengers on the No Fly and Selectee Lists, but Expects Ultimate Solution to Be Implementation of Secure Flight, September 9, 2008 http://www.gao.gov/new.items/d08992.pdf Air carriers remain a front-line defense against acts of terrorism that target the nation's civil aviation system. A key responsibility of air carriers is to check passengers' names against terrorist watch-list records to identify persons who should be prevented from boarding (the No Fly List) or who should undergo additional security scrutiny (the Selectee List). Eventually, the Transportation Security Administration (TSA) is to assume this responsibility through its Secure Flight program. However, due to program delays, air carriers retain this role. You asked GAO to review domestic air carriers' watch-list-matching processes. GAO examined (1) the watch-list-matching requirements air carriers must follow that have been established by TSA, and (2) the extent to which TSA has assessed air carriers' compliance with these requirements. GAO reviewed TSA's security directives, internal guidance used by TSA's inspectors to assess air carriers' compliance with requirements, and inspection results, as well as interviewed staff from 14 of 95 domestic air carriers (selected to reflect a range in operational sizes). This report is the public version of a restricted report (GAO-08-453SU) issued in July 2008. TSA's requirements for domestic air carriers to conduct watch-list matching include a requirement to identify passengers whose names are either identical or similar to those on the No Fly and Selectee lists. Similar-name matching is important because individuals on the watch list may try to avoid detection by making travel reservations using name variations. According to TSA's Office of Intelligence, there have been incidents of air carriers failing to identify potential matches by not successfully conducting similar-name matching. However, until revisions were initiated in April 2008, TSA's security directives did not specify what types of similar-name variations were to be considered by air carriers. Thus, in interviews with 14 air carriers GAO found inconsistent approaches to conducting similar-name matching. Due to such inconsistency, a passenger could be identified as a match by one air carrier and not by another. In addition, not every air carrier reported conducting similar name comparisons. Further, in January 2008, TSA conducted an evaluation of air carriers and found deficiencies in their capability to conduct similar-name matching. Shortly thereafter, in April 2008, TSA revised the No Fly List security directive to specify a baseline capability for conducting watch-list matching, and TSA reported that it planned to similarly revise the Selectee List security directive. Because the baseline capability requires that air carriers compare only the types of name variations specified in the directive, TSA recognizes that the new baseline capability will not address all vulnerabilities. However, TSA emphasized that establishing the baseline capability should improve air carriers' performance of watch-list matching and, in TSA's view, is the best interim solution pending the implementation of Secure Flight. TSA has undertaken various efforts to assess domestic air carriers' compliance with watch-list matching requirements; however, until 2008, TSA had conducted limited testing of air carriers' similar-name-matching capability. In 2005, for instance, TSA conducted an evaluation to determine whether air carriers had the capability to identify names that were identical--but not similar--to those on the No Fly List. Also, regarding regularly conducted inspections, TSA's guidance did not specifically direct inspectors to test air carriers' similar-name-matching capability, nor did the guidance specify the number or types of name variations to be assessed. Records in TSA's database for regular inspections conducted during 2007 made reference to name-match testing in 61 of the 1,145 watch-list-related inspections that GAO reviewed. Without criteria or standards for air carriers to follow in comparing name variations, TSA did not have a uniform basis for assessing compliance and addressing deficiencies. However, during the course of GAO's review and prompted by findings of the evaluation conducted in January 2008, TSA reported that its guidance for inspectors would be revised to help ensure air carriers' compliance with security directives. Although TSA has plans to strengthen its oversight of air carriers' compliance with the revised security directives, it is too early to assess the extent of such oversight since TSA's efforts are ongoing and not completed. Tue, 09 Sep 2008 00:00:00 -0400 Review of the Transportation Security Administration's Air Cargo Screening Exemptions Report, August 15, 2008 http://www.gao.gov/new.items/d081055r.pdf This report formally transmits the attached briefing in response to section 1602(b) of the Implementing Recommendations of the 9/11 Commission Act of 2007. The act requires the Comptroller General to provide an assessment of the methodology used by the Secretary of Homeland Security for maintaining, changing or eliminating an exemption under 49 U.S.C. 44901(i)(1). We provided the mandated reporting committees with a restricted version of this briefing in July 2008. Based on the results of our review, we are not making any recommendations for congressional consideration or agency action. All information considered Sensitive Security Information by the Transportation Security Administration has been removed from this product. Fri, 15 Aug 2008 00:00:00 -0400 Transportation Security: TSA Has Developed a Risk-Based Covert Testing Program, but Could Better Mitigate Aviation Security Vulnerabilities Identified Through Covert Tests, August 8, 2008 http://www.gao.gov/new.items/d08958.pdf The Transportation Security Administration (TSA) uses undercover, or covert, testing to approximate techniques that terrorists may use to identify vulnerabilities in and measure the performance of airport security systems. During these tests, undercover inspectors attempt to pass threat objects through passenger and baggage screening systems, and access secure airport areas. In response to a congressional request, GAO examined (1) TSA's strategy for conducting covert testing of the transportation system and the extent to which the agency has designed and implemented its covert tests to achieve identified goals; and (2) the results of TSA's national aviation covert tests conducted from September 2002 to June 2007, and the extent to which TSA uses the results of these tests to mitigate security vulnerabilities. To conduct this work, GAO analyzed covert testing documents and data and interviewed TSA and transportation industry officials. TSA has designed and implemented risk-based national and local covert testing programs to achieve its goals of identifying vulnerabilities in and measuring the performance the aviation security system, and has begun to determine the extent to which covert testing will be used in non-aviation modes of transportation. TSA's Office of Inspection (OI) used information on terrorist threats to design and implement its national covert tests and determine at which airports to conduct tests based on the likelihood of a terrorist attack. However, OI did not systematically record the causes of test failures or practices that resulted in higher pass rates for tests. Without systematically recording reasons for test failures, such as failures caused by screening equipment not working properly, as well as reasons for test passes, TSA is limited in its ability to mitigate identified vulnerabilities. OI officials stated that identifying a single cause for a test failure is difficult since failures can be caused by multiple factors. TSA recently redesigned its local covert testing program to more effectively measure the performance of passenger and baggage screening systems and identify vulnerabilities. However, it is too early to determine whether the program will meet its goals since it was only recently implemented and TSA is still analyzing the results of initial tests. While TSA has a well established covert testing program in commercial aviation, the agency does not regularly conduct covert tests in non-aviation modes of transportation. Furthermore, select domestic and foreign transportation organizations and DHS components use covert testing to identify security vulnerabilities in non-aviation settings. However, TSA lacks a systematic process for coordinating with these organizations. TSA covert tests conducted from September 2002 to June 2007 have identified vulnerabilities in the commercial aviation system at airports of all sizes, and the agency could more fully use the results of tests to mitigate identified vulnerabilities. While the specific results of these tests and the vulnerabilities they identified are classified, covert test failures can be caused by multiple factors, including screening equipment that does not detect a threat item, Transportation Security Officers (TSOs), formerly known as screeners, not properly following TSA procedures when screening passengers, or TSA screening procedures that do not provide sufficient detail to enable TSOs to identify the threat item. TSA's Administrator and senior officials are routinely briefed on covert test results and are provided with test reports that contain recommendations to address identified vulnerabilities. However, TSA lacks a systematic process to ensure that OI's recommendations are considered and that the rationale for implementing or not implementing OI's recommendations is documented. Without such a process, TSA is limited in its ability to use covert test results to strengthen aviation security. TSA officials stated that opportunities exist to improve the agency's processes in this area. In May 2008, GAO issued a classified report on TSA's covert testing program. That report contained information that was deemed either classified or sensitive. This version of the report summarizes our overall findings and recommendations while omitting classified or sensitive security information. Fri, 08 Aug 2008 00:00:00 -0400 Aviation Security: Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation Security Programs, but More Work Remains, July 24, 2008 http://www.gao.gov/new.items/d081024t.pdf Since its inception in November 2001, the Transportation Security Administration (TSA) has focused much of its efforts on aviation security, and has developed and implemented a variety of programs and procedures to secure the commercial aviation system. TSA funding for aviation security has totaled about $26 billion since fiscal year 2004. This testimony focuses on TSA's efforts to secure the commercial aviation system through passenger screening, strengthening air cargo security, and watch-list matching programs, as well as challenges that remain. It also addresses crosscutting issues that have impeded TSA's efforts in strengthening security. This testimony is based on GAO reports and testimonies issued from February 2004 through July 2008 including selected updates obtained from TSA officials in June and July 2008. DHS and TSA have undertaken numerous initiatives to strengthen the security of the nation's commercial aviation system, including actions to address many recommendations made by GAO. TSA has focused its efforts on, among other things, more efficiently allocating, deploying, and managing the Transportation Security Officer (TSO) workforce--formerly known as screeners; strengthening screening procedures; developing and deploying more effective and efficient screening technologies; strengthening domestic air cargo security; and developing a government operated watch-list matching program, known as Secure Flight. For example, in response to GAO's recommendation, TSA developed a plan to periodically review assumptions in its Staffing Allocation Model used to determine TSO staffing levels at airports, and took steps to strengthen its evaluation of proposed procedural changes. TSA also explored new passenger checkpoint screening technologies to better detect explosives and other threats, and has taken steps to strengthen air cargo security, including increasing compliance inspections of air carriers. Finally, TSA has instilled more discipline and rigor into Secure Flight's systems development, including preparing key documentation and strengthening privacy protections. While these efforts should be commended, GAO has identified several areas that should be addressed to further strengthen security. For example, TSA made limited progress in developing and deploying checkpoint technologies due to planning and management challenges. In addition, TSA faces resource and other challenges in developing a system to screen 100 percent of cargo transported on passenger aircraft in accordance with the Implementing Recommendations of the 9/11 Commission Act of 2007. GAO further identified that TSA faced program management challenges in the development and implementation of Secure Flight, including developing cost and schedule estimates consistent with best practices; fully implementing the program's risk management plan; developing a comprehensive testing strategy; and ensuring that information security requirements are fully implemented. A variety of crosscutting issues have affected DHS's and TSA's efforts in implementing its mission and management functions. For example, TSA can more fully adopt and apply a risk-management approach in implementing its security mission and core management functions, and strengthen coordination activities with key stakeholders. For example, while TSA incorporated risk-based decision making when modifying checkpoint screening procedures, GAO reported that TSA's analyses that supported screening procedural changes could be further strengthened. DHS and TSA have strengthened their efforts in these areas, but more work remains. Thu, 24 Jul 2008 00:00:00 -0400 Aviation Security: Transportation Security Administration May Face Resource and Other Challenges in Developing a System to Screen All Cargo Transported on Passenger Aircraft, July 15, 2008 http://www.gao.gov/new.items/d08959t.pdf The Implementing Recommendations of the 9/11 Commission Act of 2007 requires the Transportation Security Administration (TSA) to implement a system to physically screen 100 percent of cargo on passenger aircraft by August 2010. To fulfill these requirements, the Department of Homeland Security's (DHS) TSA is developing the Certified Cargo Screening Program (CCSP), which would allow the screening of cargo to occur prior to placement on an aircraft. This testimony addresses four challenges TSA may face in developing a system to screen 100 percent of cargo: (1) deploying effective technologies; (2) changing TSA air cargo screening exemptions; (3) allocating compliance inspection resources to oversee CCSP participants; and (4) securing cargo transported from a foreign nation to the United States. GAO's comments are based on GAO products issued from October 2005 through February 2008, including selected updates conducted in July 2008. DHS has taken steps to develop and test technologies for screening and securing air cargo; however, TSA has not completed assessments of the technologies it plans to use as part of the CCSP. TSA has reported that there are several challenges that must be overcome to effectively implement any of these technologies, including the nature, type, and size of cargo to be screened and the location of air cargo facilities. In addition, the air cargo industry voiced concern about the costs associated with purchasing the screening equipment. GAO will likely review this issue in future work. TSA plans to revise and eliminate screening exemptions for some categories of air cargo, thereby reducing the percentage of cargo transported on passenger aircraft that is subject to alternative methods of screening. However, TSA plans to continue to exempt some types of domestic and outbound cargo (cargo transported by air from the United States to a foreign location) after August 2010. TSA based its determination regarding the changing of exemptions on professional judgment and the results of air cargo vulnerability assessments. However, TSA has not completed all of its air cargo vulnerability assessments, which would further inform its efforts. TSA officials stated there may not be enough compliance inspectors to oversee implementation of the CCSP and is anticipating requesting an additional 150 inspectors for fiscal year 2010. They further stated that they have not formally assessed the number of inspectors the agency will need. Without such an assessment, TSA may not be able to ensure that CCSP entities are meeting TSA requirements to screen and secure cargo. To ensure that existing air cargo security requirements are being implemented as required, TSA conducts audits, referred to as compliance inspections, of air carriers that transport cargo. The compliance inspections range from a comprehensive review of the implementation of all security requirements to a review of at least one security requirement by an air carrier or freight forwarder (which consolidates cargo from many shippers and takes it to air carriers for transport). GAO reported in October 2005 that TSA had conducted compliance inspections on fewer than half of the estimated 10,000 freight forwarders nationwide and, of those, had found violations in over 40 percent of them. GAO also reported that TSA had not analyzed the results of compliance inspections to systematically target future inspections. GAO reported in April 2007 that more work remains for TSA to strengthen the security of cargo transported from a foreign nation to the United States, referred to as inbound air cargo. Although TSA is developing a system to screen 100 percent of domestic and outbound cargo, TSA officials stated that it does not plan to include inbound cargo because it does not impose its security requirements on foreign countries. TSA officials said that vulnerabilities to inbound air cargo exist and that these vulnerabilities are in some cases similar to those of domestic air cargo, but stated that each foreign country has its own security procedures for flights coming into the United States. Tue, 15 Jul 2008 00:00:00 -0400 Transportation Security: Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation and Surface Transportation Security Programs, but More Work Remains, May 13, 2008 http://www.gao.gov/new.items/d08487t.pdf Since its inception, the Transportation Security Administration (TSA) has focused much of its efforts on aviation security, and has developed and implemented a variety of programs and procedures to secure commercial aviation. More recently, TSA has taken actions to secure the nation's surface transportation modes. TSA funding for aviation security has totaled about $26 billion since fiscal year 2004, and for surface transportation security activities, about $175 million since fiscal year 2005. This testimony focuses on TSA's efforts to secure the commercial aviation system-- through passenger screening, air cargo, and watch-list matching programs--and the nation's surface transportation modes. It also addresses challenges remaining in these areas. GAO's comments are based on GAO products issued from February 2004 through April 2008 including selected updates obtained in February through April 2008. DHS and TSA have undertaken numerous initiatives to strengthen the security of the nation's transportation system, including actions to address many recommendations made by GAO. With respect to aviation security, TSA has focused its efforts on, among other things, more efficiently allocating, deploying, and managing the Transportation Security Officer (TSO) workforce--formerly known as screeners; strengthening screening procedures; developing and deploying more effective and efficient screening technologies; strengthening domestic air cargo security; and developing a government operated watch-list matching program, known as Secure Flight. For example, in response to GAO's recommendation, TSA developed a plan to periodically review assumptions in its Staffing Allocation Model, and took steps to strengthen its evaluation of proposed procedural changes. TSA has also explored new passenger checkpoint screening technologies to better detect explosives and other threats, and has taken steps to strengthen air cargo security, including conducting compliance inspections of air carriers. Finally, TSA has instilled more discipline and rigor into Secure Flight's systems development, including preparing key documentation and strengthening privacy protections. With regard to surface transportation security, TSA has, among other things, taken steps to develop a strategic approach for securing mass transit, passenger and freight rail, commercial vehicles, and highways; established security standards for certain transportation modes; and conducted threat, criticality, and vulnerability assessments of surface transportation assets, particularly related to passenger and freight rail. While these efforts should be commended, GAO has identified several areas that should be addressed to further strengthen transportation security. For example, TSA has made limited progress in developing and deploying checkpoint technologies due to planning and management challenges. In addition, TSA has not revised screening exemptions for air cargo transported into the United States that may leave the air cargo system unacceptably vulnerable. GAO further identified that TSA experienced some program management challenges in the development of Secure Flight, including developing cost and schedule estimates consistent with best practices; fully implementing the program's risk management plan; developing a comprehensive testing strategy; and ensuring that information security requirements are fully implemented. In addition, DHS and TSA lack performance measures to fully evaluate the effectiveness of current processes for passengers who apply for redress due to inconveniences experienced during the check-in and screening process. GAO recently made recommendations to address these issues. Additionally, although TSA has recently taken actions in a number of areas to help secure surface modes of transportation, particularly passenger and freight rail, the agency has not fully defined its role with respect to securing other transportation modes, such as commercial vehicles and highway infrastructure. We are continuing to assess TSA's efforts to secure surface modes of transportation as part of our ongoing work and will report on our results later this year. Tue, 13 May 2008 00:00:00 -0400 Transportation Security: Efforts to Strengthen Aviation and Surface Transportation Security Continue to Progress, but More Work Remains, April 15, 2008 http://www.gao.gov/new.items/d08651t.pdf Within the Department of Homeland Security (DHS), the Transportation Security Administration's (TSA) mission is to protect the nation's transportation network. Since its inception in 2001, TSA has developed and implemented a variety of programs and procedures to secure commercial aviation and surface modes of transportation. Other DHS components, federal agencies, state and local governments, and the private sector also play a role in transportation security. GAO has examined (1) the progress TSA and other DHS components have made in securing the nation's aviation and surface transportation systems, and the challenges that remain, and (2) crosscutting issues that have impeded TSA's efforts in strengthening security. This testimony is based on GAO reports and testimonies issued from February 2004 to February 2008 and ongoing work regarding the security of the nation's aviation and surface transportation systems, as well as selected updates to this work conducted in April 2008. To conduct this work, GAO reviewed documents related to TSA security efforts and interviewed TSA and transportation industry officials. DHS, primarily through TSA, has made progress in securing the aviation and surface transportation networks, but more work remains. With regard to commercial aviation, TSA has undertaken efforts to strengthen airport security; hire, train, and measure the performance of it screening workforce; prescreen passengers against terrorist watch lists; and screen passengers, baggage, and cargo. With regard to surface transportation modes, TSA has taken steps to develop a strategic approach for securing mass transit, passenger and freight rail, commercial vehicles, and highways; establish security standards for certain transportation modes; and conduct threat, criticality, and vulnerability assessments of surface transportation assets, particularly passenger and freight rail. TSA also hired and deployed compliance inspectors and conducted inspections of passenger and freight rail systems. While these efforts have helped to strengthen the security of the transportation network, DHS and TSA still face a number of key challenges in further securing these systems. For example, regarding commercial aviation, although TSA has made significant progress in its development of an advanced passenger prescreening system, known as Secure Flight, challenges remain, including unreliable program cost and schedule estimates, among other things. In addition, TSA's efforts to enhance perimeter security at airports may not be sufficient to provide for effective security. For example, TSA has initiated efforts to evaluate the effectiveness of security-related technologies, such as biometric identification systems, but has not developed a plan for guiding airports with respect to future technology enhancements. While TSA is pursuing the procurement of several checkpoint technologies to address key existing vulnerabilities, it has not deployed technologies on a wide-scale basis, and has not yet developed and implemented technologies needed to screen air cargo. Further, TSA's efforts to develop security standards for surface transportation modes have been limited to passenger and freight rail, and TSA has not determined what its regulatory role will be with respect to commercial vehicles or highway infrastructure. A number of crosscutting issues have impeded DHS's and TSA's efforts to secure the transportation network, including the need to strengthen strategic planning and performance measurement, and more fully adopt and apply risk-based principles in the pursuit of its security initiatives. Tue, 15 Apr 2008 00:00:00 -0400 Aviation Security: Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation Security Programs, but More Work Remains, February 28, 2008 http://www.gao.gov/new.items/d08456t.pdf Transportation Security Administration (TSA) funding for aviation security has totaled about $26 billion since fiscal year 2004. This testimony focuses on TSA's efforts to secure the commercial aviation system through passenger screening, air cargo, and watch-list matching programs, and challenges remaining in these areas. GAO's comments are based on GAO products issued between February 2004 and April 2007, including selected updates in February 2008. This testimony also addresses TSA's progress in developing the Secure Flight program, based on work conducted from August 2007 to January 2008. To conduct this work, GAO reviewed systems development, privacy, and other documentation, and interviewed Department of Homeland Security (DHS), TSA, and contractor officials. DHS and TSA have undertaken numerous initiatives to strengthen the security of the nation's commercial aviation system, including actions to address many recommendations made by GAO. TSA has focused its efforts on, among other things, more efficiently allocating, deploying, and managing the Transportation Security Officer (TSO) workforce--formerly known as screeners; strengthening screening procedures; developing and deploying more effective and efficient screening technologies; strengthening domestic air cargo security; and developing a government operated watch-list matching program, known as Secure Flight. Specifically, TSA developed and implemented a Staffing Allocation Model to determine TSO staffing levels at airports that reflect current operating conditions, and proposed and implemented modifications to passenger checkpoint screening procedures based on risk information. However, GAO reported that some assumptions in TSA's Staffing Allocation Model did not accurately reflect airport operating conditions, and that TSA could improve its process for evaluating the effectiveness of proposed procedural changes. In response, TSA developed a plan to review Staffing Allocation Model assumptions and took steps to strengthen its evaluation of proposed procedural changes. TSA has also explored new passenger checkpoint screening technologies to better detect explosives and other threats and has taken steps to strengthen air cargo security, including conducting vulnerability assessments at airports and compliance inspections of air carriers. However, TSA has not developed an inspection plan that included performance goals and measures to determine whether air carriers transporting cargo into the United States were complying with security requirements. In response to GAO's recommendations, TSA has since established a working group to strengthen its compliance activities. Finally, TSA has instilled more discipline and rigor into Secure Flight's systems development, including preparing key documentation and strengthening privacy protections. While these efforts should be commended, GAO has identified several areas that should be addressed to further strengthen aviation security. For example, TSA has made limited progress in developing and deploying checkpoint technologies due to planning and management challenges. Further, TSA continues to face some program management challenges in developing Secure Flight. Specifically, TSA has not (1) developed program cost and schedule estimates consistent with best practices; (2) fully implemented its risk management plan; (3) planned for system end-to-end testing in test plans; and (4) ensured that information security requirements are fully implemented. If these challenges are not addressed effectively, the risk of the program not being completed on schedule and within estimated costs is increased, and the chances of it performing as intended are diminished. DHS and TSA lack performance measures to fully evaluate the effectiveness of current processes for passengers who apply for redress due to inconveniences experienced during the check-in and screening process. Without such measures, DHS and TSA lack a sound basis to monitor the effectiveness of the redress process. Thu, 28 Feb 2008 00:00:00 -0500 Aviation Weather: Services at Key Aviation Facilities Lack Performance Measures, but Improvement Efforts Are Under Way, February 26, 2008 http://www.gao.gov/new.items/d08491t.pdf The National Weather Service (NWS), an agency under the Department of Commerce's National Oceanic and Atmospheric Administration (NOAA), provides staff on-site at each of the Federal Aviation Administration's (FAA) en route centers--the facilities that control high-altitude flight outside the airport tower and terminal areas. This group of NWS meteorologists provides air traffic managers with forecasts and briefings on regional conditions such as turbulence and icing. Over the last few years, FAA has been exploring options for enhancing the efficiency of the aviation weather services provided by these NWS meteorologists. In late December 2007, FAA delivered revised requirements and associated performance measures to NWS to improve these services. GAO was asked to summarize key segments of its report being released today, including its assessment of NWS and FAA efforts to ensure the quality of aviation weather services at en route centers, and its recommendations to improve these efforts. In addition, GAO was asked to provide an update on FAA's recent efforts to establish aviation weather requirements and performance measures, and NWS's plans for responding to these requirements. To do so, GAO summarized segments of its report, reviewed FAA's recently released requirements, and interviewed the official responsible for NWS's response. Although interagency agreements between NWS and FAA state that both agencies have responsibilities for assuring and controlling the quality of aviation weather observations, neither agency consistently does so for weather products and services produced at the en route centers. Specifically, neither agency has developed and implemented performance measures and metrics, regularly evaluated weather service unit performance, or provided feedback to improve these aviation weather products and services. Because of this lack of performance tracking and oversight, NWS cannot demonstrate the quality or value of its services, and FAA cannot ensure the quality of the services it funds. Until both agencies are able to measure and ensure the quality of the aviation weather products at the en route centers, FAA may not be getting the information it needs to effectively manage air traffic. In its report being issued today, GAO is making recommendations to the Secretaries of Commerce and Transportation to ensure that NWS and FAA develop performance measures, evaluate the services against those measures, and provide feedback to NWS. Commerce agreed with the recommendations and stated that NOAA would work with FAA to develop methods for performance monitoring and evaluation. Transportation did not agree or disagree with the recommendations, but stated that FAA's revised requirements would establish performance measures and evaluation procedures, and that FAA would negotiate with NWS to implement them. FAA has begun to address GAO's recommendations. In late December 2007, FAA finalized its new requirements, including performance measures and methods for evaluating performance and providing feedback to NWS. In doing so, FAA provides its overall vision for aviation weather services, reiterates its need for existing products and services, provides revisions to existing requirements, and defines a new product. FAA directed NWS to respond by May 2008 and include plans in its response for three operational concepts--in its existing configuration located at the 21 en route centers, through remote services provided by a reduced number of regional facilities, and through remote services provided by a single centralized facility. FAA stated that NWS should assume a transition time of 90 days for the existing configuration, 180 days for regionalized services, and 1 year for a single facility. NWS plans to respond to FAA by the May 2008 deadline, but FAA's estimated time frames for transitioning to a new operational concept may be overly ambitious. Given the importance of accurate and timely weather information in air traffic control, it will be important for NWS to conduct a thorough evaluation before it transitions to a new operational concept in order to ensure that there are no impacts on the continuity of air traffic operations and no degradation of weather service. Tue, 26 Feb 2008 00:00:00 -0500 Runway Safety: Progress on Reducing Runway Incursions Impeded by Leadership, Technology, and Other Challenges, February 13, 2008 http://www.gao.gov/new.items/d08481t.pdf While aviation accidents in the United States are relatively infrequent, recent incidents have heightened concerns about safety on airport runways. As the nation's aviation system becomes more crowded every day, increased congestion at airports may exacerbate ground safety concerns. This statement discusses (1) the trends in runway incursions, (2) what FAA has done to improve runway safety, and (3) what more could be done. This statement is based on GAO's November 2007 report issued to this committee on runway safety. GAO's work on that report included surveying experts on the causes of runway incidents and accidents and the effectiveness of measures to address them, reviewing safety data, and interviewing agency and industry officials. This statement also contains information from FAA on recent incursions and actions taken since November 2007. Recent data indicate that runway incursions, which are precursors to aviation accidents, are growing. Although the number and rate of incursions declined after reaching a peak in fiscal year 2001 and remained relatively constant for the next 5 years, they show a recent upward trend. From fiscal year 2006 through fiscal year 2007, the number and rate of incursions increased by 12 percent and both were nearly as high as their 2001 peak. Furthermore, the number of serious incursions--where collisions are narrowly or barely avoided--increased from 2 during the first quarter of fiscal year 2007 to 10 during the same quarter in fiscal year 2008. FAA has taken steps to address runway safety, but further progress has been impeded by the lack of leadership and coordination, technology challenges, lack of data, and human factors-related issues. FAA's actions have included deploying and testing technology designed to prevent runway collisions and promoting changes in airport layout, markings, signage, and lighting. However, until recently, FAA's Office of Runway Safety did not have a permanent director. Also, FAA has not updated its national runway safety plan since 2002, despite agency policy that such a plan be prepared every 2 to 3 years, resulting in uncoordinated efforts within the agency. Moreover, runway safety technology currently being installed, which is designed to provide air traffic controllers with the position and identification of aircraft on the ground and alerts of potential collisions, is behind schedule and experiencing cost increases and operational difficulties with its alerting function. FAA also lacks reliable runway safety data and the mechanisms to ensure that the data are complete. Furthermore, air traffic controller fatigue, which may result from regularly working overtime, continues to be a matter of concern for the National Transportation Safety Board (NTSB) and others. FAA could take additional measures to improve runway safety. These measures include implementing GAO's recommendations to prepare a new national runway safety plan, address controller overtime and fatigue, and start a nonpunitive, confidential, voluntary program for air traffic controllers to report safety risks in the national airspace system, which would be similar to a program that FAA has already established for pilots and others in the aviation community. Such a program could help the agency to understand the causes and circumstances regarding runway safety incidents. Additional improvements, suggested by experts and NTSB, include developing and deploying technology to provide alerts directly to pilots. Wed, 13 Feb 2008 00:00:00 -0500 Aviation Weather: FAA Is Reevaluating Services at Key Centers; Both FAA and the National Weather Service Need to Better Ensure Product Quality, January 11, 2008 http://www.gao.gov/new.items/d08258.pdf The National Weather Service's (NWS) weather products are a vital component of the Federal Aviation Administration's (FAA) air traffic control system. In addition to providing aviation weather products developed at its own facilities, NWS also provides staff on-site at each of FAA's en route centers. This group of NWS meteorologists--called a center weather service unit--provides air traffic managers with forecasts and briefings on regional conditions including turbulence, icing, and freezing precipitation. GAO agreed to (1) determine the status of NWS's plans for restructuring the offices that provide aviation weather services at FAA's en route centers, (2) identify FAA's requirements and its alternative sources for these services, and (3) evaluate both agencies' current abilities to ensure the consistency and quality of these services. To do so, GAO evaluated agency plans for restructuring offices, defining requirements, and ensuring quality products, and interviewed agency officials. NWS developed a proposal for restructuring the offices that provide aviation weather services at FAA's en route centers, but these plans are currently on hold. In 2005, FAA requested that NWS restructure its center weather service units by consolidating offices, providing remote services, and reducing personnel costs. In response, NWS conducted a prototype that demonstrated that the services the center weather service units currently provide could be provided remotely by the closest weather forecast office. It subsequently proposed to implement this prototype, but FAA declined this proposal. NWS may reconsider its proposal or other alternative organizational structures as it works to meet FAA's needs in the future. FAA considers its existing requirements governing the center weather service units to be too broad to ensure the efficiency and cost-effectiveness of the services, so the agency worked for several months to redefine its requirements. By September 2007, FAA had developed draft requirements that specified the products and services to be performed by meteorologists at the en route center, including conducting weather briefings and developing local icing and turbulence forecasts. FAA finalized a more expansive set of requirements at the end of December 2007, and expects NWS to respond within 120 days on its ability to fulfill the requirements. FAA has stated that, if NWS is unable to meet the requirements, it will consider using alternative sources such as private industry or government laboratories to meet the requirements. Although interagency agreements between NWS and FAA state that both agencies have responsibilities for assuring and controlling the quality of aviation weather observations, neither agency consistently does so for weather products and services produced at the en route centers. Specifically, neither agency has developed performance measures and metrics, regularly evaluated weather service unit performance, or provided feedback to improve these aviation weather products and services. Because of this lack of performance tracking and oversight, NWS cannot demonstrate the quality or value of its services, and FAA cannot ensure the quality of the services it funds. Until both agencies are able to measure and ensure the quality of the aviation weather products at the en route centers, FAA may not be getting the information it needs to effectively manage air traffic. Fri, 11 Jan 2008 00:00:00 -0500 Border Security: Despite Progress, Weaknesses in Traveler Inspections Exist at Our Nation's Ports of Entry, January 3, 2008 http://www.gao.gov/new.items/d08329t.pdf U.S. Customs and Border Protection (CBP) is responsible for keeping terrorists and other dangerous people from entering the country while also facilitating the cross-border movement of millions of travelers. CBP carries out this responsibility at 326 air, sea, and land ports of entry. In response to a congressional request, GAO examined CBP traveler inspection efforts, the progress made, and the challenges that remain in staffing and training at ports of entry, and the progress CBP has made in developing strategic plans and performance measures for its traveler inspection program. To conduct its work, GAO reviewed and analyzed CBP data and documents related to inspections, staffing, and training, interviewed managers and officers, observed inspections at eight major air and land ports of entry, and tested inspection controls at eight small land ports of entry. GAO's testimony is based on a report GAO issued November 5, 2007. CBP has had some success in identifying inadmissible aliens and other violators, but weaknesses in its operations increase the potential that terrorists and inadmissible travelers could enter the country. In fiscal year 2006, CBP turned away over 200,000 inadmissible aliens and interdicted other violators. Although CBP's goal is to interdict all violators, CBP estimated that several thousand inadmissible aliens and other violators entered the country though ports of entry in fiscal year 2006. Weaknesses in 2006 inspection procedures, such as not verifying the citizenship and admissibility of each traveler, contribute to failed inspections. Although CBP took actions to address these weaknesses, subsequent follow-up work conducted by GAO months after CBP's actions found that weaknesses such as those described above still existed. In July 2007, CBP issued detailed procedures for conducting inspections including requiring field office managers to assess compliance with these procedures. However, CBP has not established an internal control to ensure field office managers share their assessments with CBP headquarters to help ensure that the new procedures are consistently implemented across all ports of entry and reduce the risk of failed traveler inspections. CBP developed a staffing model that estimates it needs up to several thousand more staff. Field office managers said that staffing shortages affected their ability to carry out anti-terrorism programs and created other vulnerabilities in the inspections process. CBP recognizes that officer attrition has impaired its ability to attain budgeted staffing levels and is in the process of developing a strategy to help curb attrition. CBP has made progress in developing training programs; however, it does not measure the extent to which it provides training to all who need it and whether new officers demonstrate proficiency in required skills. CBP issued a strategic plan for operations at its ports of entry and has collected performance data that can be used to measure its progress in achieving its strategic goals. However, current performance measures do not gauge CBP effectiveness in apprehending inadmissible aliens and other violators, a key strategic goal. Thu, 03 Jan 2008 00:00:00 -0500 Aviation Runway and Ramp Safety: Sustained Efforts to Address Leadership, Technology, and Other Challenges Needed to Reduce Accidents and Incidents, November 20, 2007 http://www.gao.gov/new.items/d0829.pdf While aviation accidents in the United States are relatively infrequent, recent incidents have heightened concerns about safety on airport runways and ramps. As the nation's aviation system becomes more crowded every day, increased congestion at airports may exacerbate ground safety concerns. To safely handle the anticipated larger volumes of air traffic, the Federal Aviation Administration (FAA) is implementing the Next Generation Air Transportation System (NextGen) to better manage air traffic both in the air and on the ground. GAO was asked to evaluate (1) the progress being made in addressing runway safety and what additional measures, if any, could be taken and (2) the factors affecting progress in improving ramp safety and what is being done by FAA and others to address those factors. We reviewed runway and ramp safety data, interviewed agency officials and industry stakeholders, and surveyed experts. FAA and aviation stakeholders have taken steps to address runway and ramp safety, including deploying and testing technology designed to prevent runway incursions, which occur when aircraft enter the runway without authorization, and overruns, which occur when aircraft run off the ends of runways; helping to change airport layout, markings, signage, and lighting; and providing training for pilots and air traffic controllers. In addition, FAA has made progress in addressing runway overruns and reports that 70 percent of the runways at U.S. commercial airports substantially comply with runway safety area standards, up from 55 percent in 2000. However, the rate of runway incursions has not decreased over the last 5 years. In addition, FAA has not prepared a national runway safety plan since 2002, despite agency policy that it be updated every 2 to 3 years, resulting in uncoordinated efforts within the agency. Runway safety technology currently being installed is experiencing some operational difficulties with its alerting function, while additional technology to prevent runway collisions is years away from deployment. FAA also lacks data on runway overruns that could be used to analyze the causes and circumstances of such incidents. Air traffic controller fatigue, which may result from regularly working overtime, continues to be a matter of concern for the National Transportation Safety Board (NTSB), which investigates transportation accidents, and other aviation stakeholders. Efforts to improve safety in airport ramp areas, where departing and arriving aircraft are serviced by baggage, catering, and fueling personnel, are hindered by a lack of complete accident data and standards for ground handling, but the aviation industry is taking steps to address these problems with the goal of reducing ramp accidents. Data from 2001 through 2006 from the Occupational Safety and Health Administration (OSHA), which investigates occupational accidents, NTSB, and FAA indicated that these agencies had investigated 29 fatal ramp accidents during that time. The majority of the fatalities in these accidents were ramp workers. GAO found no comprehensive nonfatal injury data on ramp accidents and neither federal nor industrywide standards for ramp operations. The federal government has generally taken an indirect role overseeing ramp safety; airlines and airports typically control the ramp areas using their own policies and procedures. Meanwhile, some airlines and airports have initiated their own efforts to address ramp safety, and aviation organizations have begun collecting ramp accident data. Tue, 20 Nov 2007 00:00:00 -0500 Aviation Security: Vulnerabilities Exposed Through Covert Testing of TSA's Passenger Screening Process, November 15, 2007 http://www.gao.gov/new.items/d0848t.pdf In August 2006, the Transportation Security Administration (TSA) substantially modified its passenger screening policies based on the alleged transatlantic bomb plot uncovered by British authorities. With the aim of closing security gaps revealed by the alleged plot, the revised policies severely restricted the amount of liquids, gels, and aerosols TSA allowed passengers to bring through the checkpoint. At the Committee's request, GAO tested whether security gaps exist in the passenger screening process. To perform this work, GAO attempted to (1) obtain the instructions and components needed to create devices that a terrorist might use to cause severe damage to an airplane and threaten the safety of passengers and (2) test whether GAO investigators could pass through airport security checkpoints undetected with all the components needed to create the devices. GAO conducted covert testing at a nonrepresentative selection of 19 airports across the country. After concluding its tests, GAO provided TSA with two timely briefings to help it take corrective action. In these briefings, GAO suggested that TSA consider several actions to improve its passenger screening program, including aspects of human capital, processes, and technology. GAO is currently performing a more systematic review of these issues and expects to issue a comprehensive public report with recommendations for TSA in early 2008. GAO investigators succeeded in passing through TSA security screening checkpoints undetected with components for several improvised explosive devices (IED) and an improvised incendiary device (IID) concealed in their carry-on luggage and on their persons. The components for these devices and the items used to conceal the components were commercially available. Specific details regarding the device components and the methods of concealment GAO used during its covert testing were classified by TSA; as such, they are not discussed in this testimony. Using publicly available information, GAO investigators identified two types of devices that a terrorist could use to cause severe damage to an airplane and threaten the safety of passengers. The first device was an IED made up of two parts--a liquid explosive and a low-yield detonator. Although the detonator itself could function as an IED, investigators determined that it could also be used to set off a liquid explosive and cause even more damage. In addition, the second device was an IID created by combining commonly available products (one of which is a liquid) that TSA prohibits in carry-on luggage. Investigators obtained the components for these devices at local stores and over the Internet for less than $150. Tests that GAO performed at a national laboratory in July 2007, in addition to prior tests in February 2006 that GAO performed in partnership with a law enforcement organization in the Washington, D.C., metro area, clearly demonstrated that a terrorist using these devices could cause severe damage to an airplane and threaten the safety of passengers. Investigators then devised methods to conceal the components for these devices from TSA transportation security officers, keeping in mind TSA policies related to liquids and other items, including prohibited items. By using concealment methods for the components, two GAO investigators demonstrated that it is possible to bring the components for several IEDs and one IID through TSA checkpoints and onto airline flights without being challenged by transportation security officers. In most cases, transportation security officers appeared to follow TSA procedures and used technology appropriately; however, GAO uncovered weaknesses in TSA screening procedures and other vulnerabilities as a result of these tests. For example, although transportation security officers generally enforced TSA's policies, investigators were able to bring a liquid component of the IID undetected through checkpoints by taking advantage of weaknesses identified in these policies. These weaknesses were identified based on a review of public information. TSA determined that specific details regarding these weaknesses are sensitive security information and are therefore not discussed in this testimony. GAO did not notice any difference between the performance of private screeners and transportation security officers during our tests. Thu, 15 Nov 2007 00:00:00 -0500 Aviation Security: DHS Has Made Progress in Securing the Commercial Aviation System, but Key Challenges Remain, October 16, 2007 http://www.gao.gov/new.items/d08139t.pdf Within the Department of Homeland Security (DHS), the Transportation Security Administration's (TSA) mission is to protect the nation's transportation network. Since its inception in 2001, TSA has developed and implemented a variety of programs and procedures to secure commercial aviation. GAO examined (1) the progress DHS and TSA have made in securing the nation's commercial aviation system, and (2) challenges that have impeded the Department's efforts to implement its mission and management functions. This testimony is based on issued GAO reports and testimonies addressing the security of the nation's commercial aviation system, including a recently issued report (GAO-07-454) that highlights the progress DHS has made in implementing its mission and management functions. In August 2007, GAO reported that DHS had made moderate progress in securing the commercial aviation system, but that more work remains. Specifically, DHS generally achieved 17 of the 24 performance expectations that GAO identified in the area of aviation security but had generally not achieved 7 of them. DHS and TSA have made progress in many areas related to securing commercial aviation. For example, to meet congressional mandates to screen airline passengers and 100 percent of checked baggage, TSA initially hired and deployed a federal workforce of over 50,000 passenger and checked baggage screeners and installed equipment at the nation's more than 400 commercial airports to provide the capability to screen all checked baggage using explosive detection systems. TSA has since turned its attention to, among other things, strengthening passenger prescreening; more efficiently allocating, deploying, and managing the transportation security officer (TSO)------formerly known as screener------workforce; strengthening screening procedures; developing and deploying more effective and efficient screening technologies; and improving domestic air cargo security. While these efforts have helped strengthen the security of the commercial aviation system, DHS and TSA still face a number of key challenges in further securing this system. For example, TSA has faced difficulties in developing and implementing its advanced passenger prescreening system, known as Secure Flight, and has not yet completed development efforts. In addition, DHS's efforts to enhance perimeter security at airports may not be sufficient to provide for effective security. TSA has also initiated efforts to evaluate the effectiveness of security-related technologies, such as biometric identification systems, but has not developed a plan for implementing new technologies to meet the security needs of individual airports. TSA has also not yet effectively deployed checkpoint technologies to address key existing vulnerabilities, and has not yet developed and implemented technologies needed to screen air cargo. GAO also reported that a number of issues have impeded DHS's efforts in implementing its mission and management functions, including not always implementing effective strategic planning or fully adopting and applying a risk management approach with respect to commercial aviation security. Tue, 16 Oct 2007 00:00:00 -0400 Transportation Security: Efforts to Strengthen Aviation and Surface Transportation Security are Under Way, but Challenges Remain, October 16, 2007 http://www.gao.gov/new.items/d08140t.pdf Within the Department of Homeland Security (DHS), the Transportation Security Administration's (TSA) mission is to protect the nation's transportation network. Since its inception in 2001, TSA has developed and implemented a variety of programs and procedures to secure commercial aviation and surface modes of transportation, including passenger and freight rail, mass transit, highways, commercial vehicles, and pipelines. Other DHS components, federal agencies, state and local governments, and the private sector also play a role in transportation security. GAO examined (1) the progress DHS and TSA have made in securing the nation's aviation and surface transportation systems, and (2) challenges that have impeded the department's efforts to implement its mission and management functions. This testimony is based on issued GAO reports and testimonies addressing the security of the nation's aviation and surface transportation systems, including a recently issued report (GAO-07-454) that highlights the progress DHS has made in implementing its mission and management functions. In August 2007, GAO reported that DHS had made moderate progress in securing the aviation and surface transportation networks, but that more work remains. Specifically, of the 24 performance expectations GAO identified in the area of aviation security, GAO reported that DHS had generally achieved 17 of these expectations and had generally not achieved 7 expectations. With regard to the security of surface modes of transportation, GAO reported that DHS generally achieved three performance expectations and had generally not achieved two others. DHS and TSA have made progress in many areas related to securing commercial aviation. For example, TSA has undertaken efforts to strengthen airport security; provide and train a screening workforce; prescreen passengers against terrorist watch lists; and screen passengers, baggage, and cargo. With regard to surface transportation modes, TSA has taken steps to develop a strategic approach for securing mass transit, passenger and freight rail, commercial vehicles, highways, and pipelines; establish security standards for certain transportation modes; and conduct threat, criticality, and vulnerability assessments of surface transportation assets, particularly passenger and freight rail. TSA also hired and deployed compliance inspectors and conducted inspections of passenger and freight rail systems. While these efforts have helped to strengthen the security of the transportation network, DHS and TSA still face a number of key challenges in further securing these systems. For example, regarding commercial aviation, TSA has faced difficulties in developing and implementing its advanced passenger prescreening system, known as Secure Flight, and has not yet completed development efforts. In addition, TSA's efforts to enhance perimeter security at airports may not be sufficient to provide for effective security. TSA has also initiated efforts to evaluate the effectiveness of security-related technologies, such as biometric identification systems, but has not developed a plan for implementing new technologies to meet the security needs of individual airports. TSA has also not yet effectively deployed checkpoint technologies to address key existing vulnerabilities, and has not yet developed and implemented technologies needed to screen air cargo. Further, while TSA has initiated efforts to develop security standards for surface transportation modes, these efforts have been limited to passenger and freight rail, and have not addressed commercial vehicles or highway infrastructure, including bridges and tunnels. GAO also reported that a number of issues have impeded DHS's efforts in implementing its mission and management functions, including not always implementing effective strategic planning, or fully adopting and applying a risk management approach with respect to transportation security. Tue, 16 Oct 2007 00:00:00 -0400 Aviation Security: Federal Coordination for Responding to In-flight Security Threats Has Matured, but Procedures Can Be Strengthened, July 31, 2007 http://www.gao.gov/new.items/d07891r.pdf Five years after the terrorist attacks of September 11, 2001, concerns continue to be raised about the nation's system for protecting commercial aviation. Past disclosures of terrorists' plans for smuggling liquids onboard aircraft to construct a bomb in flight highlighted the continued need to examine this key aspect of homeland security. One layer of the aviation security system involves the ability of the federal government to respond to actual or potential security threats while a commercial aircraft is in flight. These security threats can include the following: (1) Passengers considered to be security risks to aviation are found to be onboard flights bound for or leaving the United States. (2) Situations develop while the aircraft is in flight--for example, a passenger becomes disruptive or acts suspiciously, a bomb threat is received, or an unidentified package is found onboard the aircraft. (3) A commercial aircraft transmits a signal designed to alert authorities that a hijacking is in process. Procedures for addressing these in-flight security threats involve a wide range of federal agencies and entities. The Department of Homeland Security (DHS) is responsible for taking much of the lead in responding to these incidents, and the Transportation Security Administration (TSA) was established to ensure the security of all modes of transportation--including aviation. Responding to an in-flight threat, however, involves many agencies beyond DHS and TSA. Depending on the nature of the threat, managing and responding to in-flight threats can involve extensive coordination among more than 15 federal agencies and agency components, each with its own set of responsibilities that may influence the threat response. For example, another DHS component, Customs and Border Protection's (CBP) National Targeting Center (NTC), is responsible for comparing names and other identifying information of passengers onboard commercial aircraft flying to or from the United States with terrorist watch lists of persons considered to be potential security risks. If a passenger is determined to match an identity listed on a terrorist watch list, the Federal Bureau of Investigation (FBI), a Department of Justice (DOJ) agency, is often involved in conducting a risk assessment of the threat posed by that passenger while the flight is en route. Further, the Department of Transportation's (DOT) Federal Aviation Administration (FAA) becomes involved with in-flight threats as it monitors aircraft traffic entering into and operating within U.S. airspace to ensure safe operations, while the Department of Defense's (DOD) North American Aerospace Defense Command (NORAD)--a bi-national command established by agreement between the governments of the United States and Canada--becomes involved with the situation as it ensures the air sovereignty and air defense of U.S. airspace. Since these security incidents involve aircraft that are already in flight, timely and effective coordination among these agencies and components is paramount. Congress asked that we examine in-flight security threats and current federal efforts to respond collaboratively to them. In response, on February 28, 2007, we issued a classified report addressing the following questions: (1) What were the number and types of in-flight security incidents that occurred onboard commercial aircraft during 2005 that were reported to TSA, and to what extent did these threats result in aircraft being diverted? (2) What is the process that federal agencies follow to identify, assess, and respond to in-flight security threats? (3) To what extent did interagency coordination problems occur during 2005, if at all, and what steps did the involved agencies take to address any identified problems? Aviation security consists of multiple layers. The Aviation and Transportation Security Act, enacted in November 2001, created TSA as the agency responsible for securing all modes of transportation, including aviation.4 Since then, TSA has worked with other stakeholders to develop a layered approach to ensure the security of commercial aviation, involving multiple diverse and coordinated measures. These measures include enhancing passenger and checked baggage screening, offering security training for flight and cabin crews to handle potential threats onboard aircraft, expanding the Federal Air Marshal Service (FAMS) to place more federal air marshals on domestic and international commercial flights, and training pilots on commercial passenger and cargo aircraft on how to use lethal force against an intruder on the flight deck through the Federal Flight Deck Officers (FFDO) Program. Many agencies are involved in resolving in-flight security threats. this effort requires a significant degree of interagency collaboration and coordination because it involves many different aspects of homeland security, aviation operations, and law enforcement--everything from examining thousands of passenger lists for inbound and outbound international flights to ensure that suspected terrorists are not boarding aircraft, to diverting flights to alternative airports--and, if needed, mobilizing military fighter jets to intercept threatening aircraft. Four main departments are involved in this interagency effort: Homeland Security, Justice, Transportation, and Defense. Additionally, the National Counterterrorism Center (NCTC), a component of the new Office of the Director of National Intelligence, may also be involved. Agencies use interagency communication tools to coordinate during in-flight security threats. Relatively few in-flight incidents were reported during 2005, with a small percentage resulting in aircraft diversions. Process for resolving in-flight security threats requires extensive agency coordination and typically involves four main stages. The four process stages are (1) identifying the threat and notifying affected agencies; (2) sharing pertinent information and collaboratively assessing the severity of the threat; (3) deciding on and carrying out the appropriate in-flight response, such as initiating a diversion; and (4) if necessary, completing the law enforcement response when the flight has landed. Agencies experienced relatively few coordination problems in resolving in-flight security threats and took steps to address them, but opportunities exist to further strengthen coordination. Tue, 31 Jul 2007 00:00:00 -0400 Aviation Security: Efforts to Strengthen International Passenger Prescreening are Under Way, but Planning and Implementation Issues Remain, May 16, 2007 http://www.gao.gov/new.items/d07346.pdf Passenger prescreening--a process that includes matching passengers' identifying information against records extracted from the U.S. government terrorist watch list--is one of several security measures in place to help ensure the safety of commercial flights traveling to or from the United States. DHS has several efforts underway to strengthen international aviation passenger prescreening. This report focuses on certain elements of the passenger prescreening process as well as some of the actions that DHS is taking or has planned to strengthen prescreening procedures. This report is a limited version of the original November 2006 report as various agencies that we reviewed deemed some of the information in the original report to be security sensitive. GAO's work included interviewing officials and assessing relevant documentation from federal agencies, U.S. and foreign air carriers, industry groups, and several foreign countries. Customs and Border Protection (CBP), the Department of Homeland Security (DHS) agency responsible for international passenger prescreening, has planned or is taking several actions designed to strengthen the aviation passenger prescreening process. One such effort involves CBP stationing U.S. personnel overseas to evaluate the authenticity of the travel documents of certain high-risk passengers prior to boarding U.S.-bound flights. Under this pilot program, called the Immigration Advisory Program (IAP), CBP officers personally interview some passengers deemed to be high-risk and evaluate the authenticity and completeness of these passengers' travel documents. IAP officers also provide technical assistance and training to air carrier staff on the identification of improperly documented passengers destined for the United States. The IAP has been tested at several foreign airports and CBP is negotiating with other countries to expand it elsewhere and to make certain IAP sites permanent. Successful implementation of the IAP rests, in part, on CBP clearly defining the goals and objectives of the program through the development of a strategic plan. A second aviation passenger prescreening effort designed to strengthen the passenger prescreening process is intended to align international passenger prescreening with a similar program (currently under development) for prescreening passengers on domestic flights. The Transportation Security Administration (TSA)--a separate agency within DHS--is developing a domestic passenger prescreening program called Secure Flight. If CBP's international prescreening program and TSA's Secure Flight program are not effectively aligned once Secure Flight becomes operational, this could result in separate implementation requirements for air carriers and increased costs for both air carriers and the government. CBP and TSA officials stated that they are taking steps to coordinate their prescreening efforts, but they have not yet made all key policy decisions. In addition to these efforts to strengthen certain international aviation passenger prescreening procedures, one other issue requires consideration in the context of these efforts. This issue involves DHS providing the traveling public with assurances of privacy protection as required by federal privacy law. Federal privacy law requires agencies to inform the public about how the government uses their personal information. Although CBP officials have stated that they have taken and are continuing to take steps to comply with these requirements, the current prescreening process allows passenger information to be used in multiple prescreening procedures and transferred among various CBP prescreening systems in ways that are not fully explained in CBP's privacy disclosures. If CBP does not issue all appropriate disclosures, the traveling public will not be fully aware of how their personal information is being used during the passenger prescreening process. Wed, 16 May 2007 00:00:00 -0400 Aviation Security: Foreign Airport Assessments and Air Carrier Inspections Help Enhance Security, but Oversight of These Efforts Can Be Strengthened, May 11, 2007 http://www.gao.gov/new.items/d07729.pdf The Transportation Security Administration's (TSA) efforts to evaluate the security of foreign airports and air carriers that service the United States are of great importance, particularly considering that flights bound for the United States from foreign countries continue to be targets of coordinated terrorist activity, as demonstrated by the alleged August 2006 liquid explosives terrorist plot. For this review, GAO evaluated the results of foreign airport and air carrier evaluations; actions taken and assistance provided by TSA when security deficiencies were identified; TSA's oversight of its foreign airport and air carrier evaluation programs; and TSA's efforts to address challenges in conducting foreign airport and air carrier evaluations. To conduct this work, GAO reviewed foreign airport and air carrier evaluation results and interviewed TSA officials, foreign aviation security officials, and air carrier representatives. Of the 128 foreign airports that TSA assessed during fiscal year 2005, TSA found that about 36 percent complied with all applicable security standards, while about 64 percent did not comply with at least one standard. The security deficiencies identified by TSA at two foreign airports were such that the Secretary of Homeland Security notified the public that the overall security at these airports was ineffective. Of the 529 overseas air carrier inspections conducted during fiscal year 2005, for about 71 percent, TSA did not identify any security violations, and for about 29 percent, TSA identified at least one security violation. TSA took enforcement action--warning letters, correction letters, or monetary fines--for about 18 percent of the air carrier security violations. TSA addressed most of the remaining 82 percent of security violations through on-site consultation. TSA assisted foreign officials and air carrier representatives in addressing identified deficiencies through on-site consultation, recommendations for security improvements, and referrals for training and technical assistance. However, TSA's oversight of the foreign airport assessment and air carrier inspection programs could be strengthened. For example, TSA did not have adequate controls in place to track whether scheduled assessments and inspections were actually conducted, deferred, or canceled. TSA also did not always document foreign officials' progress in addressing security deficiencies identified by TSA. Further, TSA did not always track what enforcement actions were taken against air carriers with identified security deficiencies. TSA also did not have outcome-based performance measures to assess the impact of its assessment and inspection programs on the security of U.S.-bound flights. Without such controls, TSA may not have reasonable assurance that the foreign airport assessment and air carrier inspection programs are operating as intended. TSA is taking action to address challenges that have limited its ability to conduct foreign airport assessments and air carrier inspections, including a lack of available inspectors, concerns regarding the resource burden placed on host governments as a result of frequent airport visits by TSA and others, and host government concerns regarding sovereignty. In October 2006, TSA began implementing a risk-based approach to scheduling foreign airport assessments, which should allow TSA to focus its limited inspector resources on higher-risk airports. TSA is also exploring opportunities to conduct joint airport assessments with the European Commission and use the results of airport assessments conducted by the European Commission to potentially adjust the frequency of TSA airport visits. Fri, 11 May 2007 00:00:00 -0400 Aviation Security: TSA's Change to Its Prohibited Items List Has Not Resulted in Any Reported Security Incidents, but the Impact of the Change on Screening Operations Is Inconclusive, April 25, 2007 http://www.gao.gov/new.items/d07623r.pdf The alleged August 2006 terrorist plot to detonate liquid explosives onboard multiple commercial aircraft bound for the United States from the United Kingdom has highlighted both the continued importance of securing the civil aviation system and the potential that improvised explosive devices (IED) may be smuggled onboard passenger aircraft. The Transportation Security Administration (TSA) has primary responsibility for ensuring the security of civil aviation, which includes the safety of passengers and flight crew. One measure TSA uses to protect the aviation system is prohibiting individuals from carrying items that it determines to be a threat to the aircraft and its passengers into an airport sterile area or onboard an aircraft either in their carry-on bag or on their person. To implement this measure, TSA maintains a prohibited items list that informs both the Transportation Security Officers (TSO) who conduct passenger screening and the traveling public of items that will not be allowed into an airport sterile area or onboard an aircraft. In December 2005, TSA revised its prohibited items list to allow passengers to carry: (1) metal scissors with pointed tips and a blade 4 inches or less in length as measured from the fulcrum; and (2) tools--such as pliers, screwdrivers, and wrenches--7 inches or less in length (excluding crowbars, drills, hammers, and saws). TSA considers any incident that threatens the security or safety of an aircraft or its passengers and flight crew to be a security incident. These could include a range of activities onboard an aircraft such as disruptive passenger behavior, violence against a passenger or crew member, hijacking attempts, or the use of an improvised explosive device. By examining the security impacts of the change to the prohibited items list, this report considers the impacts that could result from a passenger attempting to use scissors or tools to hijack an aircraft or to commit other forms of violence onboard a flight. Such actions fall within TSA's statutory responsibility to ensure the safety and security of passengers and crew aboard aircraft. In accordance with Conference Report 109-699, which accompanied the fiscal year 2007 Department of Homeland Security (DHS) appropriations act, this report addresses the following questions: (1) What was TSA's basis for removing certain scissors and tools from the prohibited items list and what are stakeholder views on the change? (2) What have been the impacts, if any, of the removal of certain scissors and tools from the prohibited items list on the security of aircraft passengers and flight crew and on the effectiveness of checkpoint screening operations? TSA's stated purpose in removing certain scissors and tools from the prohibited items list was to shift TSO focus from items considered by TSA to pose a low threat (including certain scissors and tools) to items considered to pose a high threat, such as explosives. The change also was intended to better allocate TSA resources to implement other security measures that target explosives--a change supported by the majority of aviation industry stakeholders that we interviewed. TSA's decision to remove these items from the prohibited items list was based on the professional judgment of TSA officials that these items do not pose a significant threat to the security of the cockpit or to passengers and flight crew as well as internal studies that sought to examine, among other things, risks to flight security and considerations of customer concerns and screening efficiencies. Based on our review of TSA security incident reports from the time period following the prohibited items list change (December 2005 through February 2007), there have been no reported security incidents onboard an aircraft involving the use of small scissors or tools. However, the impact of the prohibited items list change on security is uncertain because the absence of an event occurring involving the use of these items does not preclude the possibility that future occurrences could happen. In addition, with respect to the effectiveness of the change on checkpoint screening operations, it is not possible to determine this because the available data are inconclusive. As we reported in March 2007, TSA conducted informal studies 30, 60, and 90 days following the change and concluded that TSO time was freed up to focus on high-threat items, but our analysis of TSA data does not support this conclusion. TSA agrees that the agency could have conducted a more methodologically sound evaluation of the impact of the prohibited items list change, but continues to believe that the change nevertheless significantly contributed to the agency's efforts to free up TSO resources to focus on detecting high-threat items, such as explosives. It also is not clear whether the change had any impact on TSOs' ability to detect explosives--a key goal of the change. One way TSA measures the effectiveness of the passenger screening system in detecting threat items, such as explosives, is the results of threat image projection testing. However, TSA does not claim nor do the data definitively support that TSA's change to the prohibited items list had any impact on threat image projection results because TSA implemented other changes to checkpoint screening operations at or around the same time as the prohibited items list change. With regard to TSA's efforts to increase training for identifying explosives as part of its overall effort to become a more risk-based organization, TSA data between October 2004 and January 2007 show an increase in the average number of hours spent in training per TSO, but this trend began before the change to the prohibited items list and there are other factors that may have contributed to this increase. Wed, 25 Apr 2007 00:00:00 -0400 Aviation Security: Risk, Experience, and Customer Concerns Drive Changes to Airline Passenger Screening Procedures, but Evaluation and Documentation of Proposed Changes Could Be Improved, April 16, 2007 http://www.gao.gov/new.items/d07634.pdf The Transportation Security Administration's (TSA) most visible layer of commercial aviation security is the screening of airline passengers at airport checkpoints, where travelers and their carry-on items are screened for explosives and other dangerous items by transportation security officers (TSO). Several revisions made to checkpoint screening procedures have been scrutinized and questioned by the traveling public and Congress in recent years. For this review, GAO evaluated (1) TSA's decisions to modify passenger screening procedures between April 2005 and December 2005 and in response to the alleged August 2006 liquid explosives terrorist plot, and (2) how TSA monitored TSO compliance with passenger screening procedures. To conduct this work, GAO reviewed TSA documents, interviewed TSA officials and aviation security experts, and visited 25 airports of varying sizes and locations. Between April 2005 and December 2005, proposed modifications to passenger checkpoint screening standard operating procedures (SOP) were made for a variety of reasons, and while a majority of the proposed modifications--48 of 92--were ultimately implemented at airports, TSA's methods for evaluating and documenting them could be improved. SOP modifications were proposed based on the professional judgment of TSA senior-level officials and program-level staff. TSA considered the daily experiences of airport staff, complaints and concerns raised by the traveling public, and analysis of risks to the aviation system when proposing SOP modifications. TSA also made efforts to balance the impact on security, efficiency, and customer service when deciding which proposed modifications to implement, as in the case of the SOP changes made in response to the alleged August 2006 liquid explosives terrorist plot. In some cases, TSA tested proposed modifications at selected airports to help determine whether the changes would achieve their intended purpose. However, TSA's data collection and analyses could be improved to help TSA determine whether proposed procedures that are operationally tested would achieve their intended purpose. For example, TSA officials decided to allow passengers to carry small scissors and tools onto aircraft based on their review of threat information, which indicated that these items do not pose a high risk to the aviation system. However, TSA did not conduct the necessary analysis of data it collected to assess whether this screening change would free up TSOs to focus on screening for high-risk threats, as intended. TSA officials acknowledged the importance of evaluating whether proposed screening procedures would achieve their intended purpose, but cited difficulties in doing so, including time pressures to implement needed security measures quickly. Finally, TSA's documentation on proposed modifications to screening procedures was not complete. TSA documented the basis--that is, the information, experience, or event that encouraged TSA officials to propose the modifications--for 72 of the 92 proposed modifications. In addition, TSA documented the reasoning behind its decisions for half (26 of 44) of the proposed modifications that were not implemented. Without more complete documentation, TSA may not be able to justify key modifications to passenger screening procedures to Congress and the traveling public. TSA monitors TSO compliance with passenger checkpoint screening procedures through its performance accountability and standards system and through covert testing. Compliance assessments include quarterly observations of TSOs' ability to perform particular screening functions in the operating environment, quarterly quizzes to assess TSOs' knowledge of procedures, and an annual knowledge and skills assessment. TSA uses covert tests to evaluate, in part, the extent to which TSOs' noncompliance with procedures affects their ability to detect simulated threat items hidden in accessible property or concealed on a person. TSA airport officials have experienced resource challenges in implementing these compliance monitoring methods. TSA headquarters officials stated that they are taking steps to address these challenges. Mon, 16 Apr 2007 00:00:00 -0400 Aviation Security: Cost Estimates Related to TSA Funding of Checked Baggage Screening Systems at Los Angeles and Ontario Airports, March 30, 2007 http://www.gao.gov/new.items/d07445.pdf To meet the mandate to screen all checked baggage for explosives by December 31, 2003, the Transportation Security Administration (TSA) placed minivan-sized explosive detection systems (EDS) and other screening equipment in airport lobbies. However, these interim lobby solutions have caused operational inefficiencies, in part because they require a large number of screeners. According to TSA, in-line baggage screening--where EDS machines are integrated with an airport's baggage conveyor system--can be a more cost-effective and efficient alternative to lobby-based, stand-alone equipment. For example, in-line systems can increase the efficiency of airport, airline, and TSA operations, and lower costs by reducing the number of screeners. Moreover, in-line explosive detection systems can enhance security because they reduce congestion in airport lobbies, thus removing a potential target for terrorists. However, installing in-line systems can have large up-front costs, related to the need for airport modifications. To help defray these costs, in 2003, Congress authorized TSA to reimburse airports up to 75 percent of the cost to install these systems by entering "letter of intent" (LOI) agreements. An LOI, though not a binding commitment of federal funding, represents TSA's intent to provide the agreed-upon funds in future years if the agency receives sufficient appropriations to cover the agreement. TSA has issued eight letters of intent to help defray the costs of installing in-line systems at nine airports as of February 2007, but none since February 2004. In September 2003, TSA and the City of Los Angeles signed an LOI and an attached memorandum of agreement (LOI/MOA) in which TSA agreed to pay an amount not to exceed 75 percent of the agreed upon estimated total project cost of $341 million (about $256 million) to install in-line checked baggage screening systems at both Los Angeles (LAX) and Ontario (ONT) International Airports. However, in December 2003, officials from the City of Los Angeles' airport authority--Los Angeles World Airports (LAWA)--informed TSA that aspects of the design concept were infeasible and that additional construction modifications would be needed. LAWA subsequently submitted a revised cost estimate to TSA in April 2005 and requested that TSA amend the LOI/MOA to increase the federal reimbursement by about $122 million. TSA has not amended the LOI to provide for additional reimbursements; however, as of February 2007, TSA had obligated the $256 million for the City of Los Angeles LOI/MOA in accordance with the schedule agreed to in the LOI and had reimbursed LAWA for about $26 million in expenses. Senate Report 109-273 directs us to review the reasons for the differences between the original 2003 cost estimate and the revised 2005 cost estimate submitted by LAWA. In response and as agreed with committee offices, we identified the key factors that contributed to the differences between the two cost estimates. On January 23, 2007, we briefed staff of the Senate Subcommittee on Homeland Security, Committee on Appropriations, on the results of our work. A key reason for the difference between the 2003 total project cost estimate and the revised 2005 estimate to install in-line baggage screening systems at LAX and ONT was that the 2003 estimate was developed at an early stage in the design process and was therefore based on preliminary data and assumptions that were subject to change. Consequently, the estimate did not adequately foresee some of the costs of retrofitting new systems into existing buildings or allow for sufficient space for the EDS machines, baggage inspection rooms, and conveyor belts. LAWA officials stated that they were under a tight timeframe to apply for the LOI because TSA had told them that federal funding was limited and that 17 other airports were competing for the funding. The 2003 total project cost estimate used concepts and construction estimates developed in about 12 weeks by Boeing, TSA's contractor. According to TSA and LAWA officials, both TSA and Los Angeles signed the LOI/MOA knowing the preliminary nature of the cost estimate. According to construction industry guidance, an estimate's accuracy depends on the quality of information known about the project at the time the estimate is prepared. The 2003 estimate was made at the "concept development" stage where the final project cost can be expected to range from 50 percent under to 100 percent over the estimated cost, according to this guidance. The 2005 revised estimate was made at the "design development" stage where the range of the final project cost estimate can be expected to be more accurate--from 20 percent under to 30 percent over the estimated cost. In December 2003, LAWA presented TSA with a summary of inadequacies it had found in the original Boeing concept and the associated potential cost and scheduling impacts. LAWA then began an engineering study to update the in-line system concepts at LAX and ONT, the results of which it presented to TSA in September 2004. TSA reviewed these updated concepts and determined that they would meet its performance requirements; however, TSA's review did not address cost issues. LAWA used these updated concepts to develop its 2005 estimate, which was based on more definitive information about terminal design requirements than the 2003 estimate. According to LAWA, new construction and excavation included in the 2005 designs increased the estimated costs. Among the design changes, LAWA determined that the placement of EDS machines in the 2003 concepts was infeasible in five of nine of the LAX terminals and both ONT terminals. In addition, the 2005 estimate included 20 additional baggage inspection rooms, 9 rooms for on-screen resolution of EDS alarms, and 10 computer rooms at LAX and ONT terminals. The 2005 estimate also included over $11 million in computer networking costs and costs associated with on-screen resolution of EDS alarms, which the 2003 estimate did not foresee. TSA also highlighted two additional factors that caused differences between the two estimates--cost increases due to the delay in beginning construction of the project and the escalation of construction costs between 2003 and 2005. LAWA also determined that TSA's contractor and subcontractor made a mathematical error in the 2003 concept development estimate: construction costs were only included for one of the two baggage screening facilities and neither of the connected tunnels at ONT. TSA officials told us in January 2007 they were not able to substantiate this error. Fri, 30 Mar 2007 00:00:00 -0400 Aviation Security: TSA's Staffing Allocation Model Is Useful for Allocating Staff among Airports, but Its Assumptions Should Be Systematically Reassessed, February 28, 2007 http://www.gao.gov/new.items/d07299.pdf Over 600 million people travel by air each year in the United States, and the screening of airline passengers and their carry-on and checked baggage is vital to securing our transportation security system. The Aviation and Transportation Security Act, enacted in November 2001, established the Transportation Security Administration (TSA) and significantly changed how passenger and checked baggage screening is conducted in the United States. This act removed screening responsibility from air carriers and the contractors who conducted screening for them, and placed this responsibility with TSA. As a result, TSA hired and deployed about 55,000 federal passenger and baggage Transportation Security Officers (TSO)--formerly known as screeners--to more than 400 airports nationwide based largely on the number of screeners that the air carrier contractors had employed. Since August 2002, however, TSA has been statutorily prohibited from exceeding 45,000 full-time equivalent positions available for screening. The Intelligence Reform and Terrorism Prevention Act of 2004, enacted in December 2004, required TSA to develop and submit to the Senate Committee on Commerce, Science, and Transportation, and the House of Representatives Committee on Transportation and Infrastructure, standards for determining the aviation security staffing for all airports at which TSA provides or oversees screening services by March 2005. These standards are to provide the necessary levels of aviation security and ensure that the average aviation security related delay experienced by passengers is minimized. TSA submitted these standards, which form the basis of TSA's Staffing Allocation Model on June 22, 2005. The purpose of this optimization model, as identified by TSA, is to estimate the most efficient balance of TSOs needed to ensure security and minimize wait times. Models, in general, are expected to approximate the real world. These approximations must be validated to assure model users that their predictions are credible within the bounds of specific situations, environments, and circumstances. The Intelligence Reform and Terrorism Prevention Act also mandated that we conduct an analysis of TSA's staffing standards. In particular, the congressional committees to which TSA submitted the staffing standards were interested in how TSA is using the Staffing Allocation Model to identify the number of TSOs needed across the more than 400 commercial airports and how the model ensures that TSA has the right number of TSOs at the right checkpoints at the right times. This report addresses the following questions: (1) How does TSA ensure that its Staffing Allocation Model provides a sufficient number of TSOs to perform passenger and checked baggage screening at each airport and what challenges has it faced while implementing the model? (2) How does TSA deploy its TSO allocation and what factors affect the model's effectiveness in helping TSA accomplish this deployment? TSA aims to ensure that its Staffing Allocation Model provides a sufficient number of TSOs to perform passenger and checked baggage screening by: (1) building assumptions into its allocation model that are designed to calculate the necessary levels of TSOs to ensure security and minimize wait times, and (2) employing multiple monitoring mechanisms for the sufficiency of the model's outputs. However, TSA faces some challenges to effective implementation of the model, primarily in ensuring that the model's key assumptions reflect operating conditions across airports. The model determines the annual TSO allocation for each airport by first considering the workload demands unique to each airport based on an estimate of each airport's peak passenger volume. This input is then processed against certain TSA assumptions about screening passengers and checked baggage--including expected processing rates, required staffing for passenger lanes and baggage equipment based on standard operating procedures, and historical equipment alarm rates. To monitor the sufficiency of the model's allocation outputs, TSA has both field and headquarters-driven mechanisms in place. However, TSA does not have a mechanism, such as a documented plan, for selecting and prioritizing which assumptions to review each year and for assuring that all assumptions are periodically reviewed to help ensure that they are current with and reflect actual operating conditions. Without a plan for periodically validating all of the assumptions, TSA is at risk of assumptions becoming outdated, which could result in TSO allocations that do not reflect operating conditions. TSA has vested its FSDs with responsibility for deploying and managing to their TSO allocation in light of local circumstances, including those that might affect scheduling and pose challenges to most efficiently deploying their resource allocations. After receiving the annual staffing allocation from TSA headquarters, FSDs must prepare work schedules, which may include use of the Staffing Allocation Model's optional scheduling tool, to deploy TSO staff to meet screening demand. However, Federal Security Directors (FSD) we interviewed identified several challenges they faced in deploying their TSO workforce. These challenges involve factors outside the model's determination of overall TSO staffing levels and affect FSDs' ability to effectively deploy their TSO staff regardless of their allocation. Specifically, FSDs cited difficulties in achieving a 20 percent part-time TSO workforce, which the model has identified as the optimal ratio for scheduling efficiency; recruiting and retaining sufficient TSOs (both full-time and part-time) to reach their full allocations as determined by the model; staffing checkpoints appropriately given that some TSOs are unavailable due to absenteeism and injuries; and managing competing demands on TSOs' time, particularly with regard to operational support functions sometimes performed by TSOs and TSO training requirements. FSDs also had to manage around physical infrastructure limitations at some airports, such as lack of room for additional lanes or baggage check areas despite demand levels that would justify such added capacity. TSA headquarters officials and FSDs we interviewed reported having several efforts underway to help address challenges they face in deploying the TSO workforce. TSA officials at individual airports we visited are also working to address these challenges. TSA human capital officials told us that they plan to evaluate the effects of their workforce initiatives and use the results of the evaluations to make any needed changes to their approach. Wed, 28 Feb 2007 00:00:00 -0500 Aviation Security: Progress Made in Systematic Planning to Guide Key Investment Decisions, but More Work Remains, February 13, 2007 http://www.gao.gov/new.items/d07448t.pdf The Transportation Security Administration (TSA), established in November 2001, has developed and implemented a variety of programs to secure the commercial aviation system. To implement these efforts, TSA funding related to aviation security has totaled about $20 billion since fiscal year 2004. Other Department of Homeland Security (DHS) components, such as the U.S. Customs and Border Protection (CBP) and the Science and Technology Directorate (S&T), also play roles in securing commercial aviation. In this testimony, we address the efforts TSA has taken or planned to strengthen aviation security, and the challenges that remain, in three key areas: airline passenger prescreening, airline passenger and checked baggage screening, and air cargo screening. GAO's comments are based on issued GAO reports and testimonies and our preliminary observations from ongoing work on TSA's passenger checkpoint screening procedures and technologies, and staffing standards for Transportation Security Officers (TSO). DHS and TSA have undertaken numerous initiatives to strengthen the security of the nation's aviation system, and should be commended for these efforts. However, more work remains. Meeting the congressional mandates to screen airline passengers and checked baggage alone was a tremendous challenge. Since that time, TSA has turned its attention to, among other things, strengthening passenger prescreening; more efficiently allocating, deploying, and managing the TSO workforce; strengthening screening procedures; developing and deploying more effective and efficient screening technologies; and improving domestic air cargo security. Some of the actions taken by TSA in these areas were in response to GAO recommendations. For example, consistent with GAO's recommendation to strengthen checked baggage screening, TSA has developed a strategic planning framework and identified several funding and financing strategies for installing optimal checked baggage screening systems. While TSA has undertaken numerous efforts to strengthen aviation security, GAO found that DHS and TSA could strengthen their risk-based decision-making efforts and collaboration with stakeholders. For example, as TSA moves forward with Secure Flight--TSA's prospective domestic passenger prescreening program--it will need to employ a range of program management disciplines, which we previously found missing, to control program cost, schedule, performance, and privacy risks. TSA has put in place a new management team, but it is too early to know how this change will affect the program's development. In addition, while TSA has tested some proposed modifications to passenger screening procedures at airports to help determine whether to implement the changes, GAO identified that TSA's data collection and analyses could be improved. GAO also found that limited progress has been made in developing and deploying technologies due to planning and funding challenges. For example, limited progress has been made in fielding explosives detection technology at passenger screening checkpoints, and while TSA has begun to systematically plan for the optimal deployment of checked baggage screening systems and to identify funding and financing strategies for installing these systems, the agency has identified that under current investment levels, installation of optimal checked baggage screening systems will not be completed until approximately 2024. Additionally, the federal government and the air cargo industry face several challenges that must be overcome to effectively implement technologies to inspect air cargo, such as ensuring that air cargo can be inspected in a timely manner to meet the delivery time frames of air carriers. GAO also found that more work is needed to fully implement a risk-based approach to securing air cargo, including finalizing a methodology and schedule for completing assessments of air cargo vulnerabilities and critical assets. TSA stated that the agency intends to perform a vulnerability assessment of U.S. air cargo operations and activities, as recommended by GAO, and plans to complete this assessment in 2007. Tue, 13 Feb 2007 00:00:00 -0500 Homeland Security: Progress Has Been Made to Address the Vulnerabilities Exposed by 9/11, but Continued Federal Action Is Needed to Further Mitigate Security Risks, January 24, 2007 http://www.gao.gov/new.items/d07375.pdf Five years after the terrorist attacks of September 11, 2001, GAO is taking stock of key efforts by the President, Congress, federal agencies, and the 9/11 Commission to strengthen or enhance critical layers of defense in aviation and border security that were directly exploited by the 19 terrorist hijackers. Specifically, the report discusses how: (1) commercial aviation security has been enhanced; (2) visa-related policies and programs have evolved to help screen out potential terrorists; (3) federal border security initiatives have evolved to reduce the likelihood of terrorists entering the country through legal checkpoints; and (4) the Department of Homeland Security (DHS) and other agencies are addressing several major post-9/11 strategic challenges. The report reflects conclusions and recommendations from a body of work issued before and after 9/11 by GAO, the Inspectors General of DHS, State, and Justice, the 9/11 Commission, and others. It is not a comprehensive assessment of all federal initiatives taken or planned in response to 9/11. GAO is not making any new recommendations at this time since over 75 prior recommendations on aviation security, the Visa Waiver Program, and U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT), among others, are in the process of being implemented. Continued monitoring by GAO will determine whether further recommendations are warranted. While the nation cannot expect to eliminate all risks of terrorist attack upon commercial aviation, agencies have made progress since 9/11 to reduce aviation-related vulnerabilities and enhance the layers of defense directly exploited by the terrorist hijackers. In general, these efforts have resulted in better airline passenger screening procedures designed to identify and prevent known or suspected terrorists, weapons, and explosives from being allowed onto aircraft. Nevertheless, the nation's commercial aviation system remains a highly visible target for terrorism, as evidenced by recent alleged efforts to bring liquid explosives aboard aircraft. DHS and others need to follow through on outstanding congressional requirements and recommendations by GAO and others to enhance security and coordination of passengers and checked baggage, and improve screening procedures for domestic flights, among other needed improvements. GAO's work indicates that the government has strengthened the nonimmigrant visa process as an antiterrorism tool. New measures added rigor to the process by expanding the name-check system used to screen applicants, requiring in-person interviews for nearly all applicants, and revamping consular officials' training to focus on counterterrorism. Nevertheless, the immigrant visa process may pose potential security risks and we are reviewing this issue. To enhance security and screening at legal checkpoints (air, land, and sea ports) at the nation's borders, agencies are using technology to verify foreign travelers' identities and detect fraudulent travel documents such as passports. However, DHS needs to better manage risks posed by the Visa Waiver Program, whereby travelers from 27 countries need not obtain visas for U.S. travel. For example, GAO recommended that DHS require visa-waiver countries to provide information on lost or stolen passports that terrorists could use to gain entry. We also recommended that DHS provide more information to Congress on how it plans to fully implement US-VISIT--a system for tracking the entry, exit, and length of stay of foreign travelers. While much attention has been focused on mitigating the specific risks of 9/11, other critical assets ranging from passenger rail stations to power plants are also at risk of terrorist attack. Deciding how to address these risks--setting priorities, making trade-offs, allocating resources, and assessing social and economic costs--is essential. Thus, it remains vitally important for DHS to continue to develop and implement a risk-based framework to help target where and how the nation's resources should be invested to strengthen security. The government also faces strategic challenges that potentially affect oversight and execution of new and ongoing homeland security initiatives, and GAO has deemed three challenges in particular--information sharing, risk management, and transforming DHS as a department--as areas needing urgent attention. DHS and the Department of State reviewed a draft of this report and both agencies generally agreed with the information. Both agencies provided technical comments that were incorporated as appropriate. Wed, 24 Jan 2007 00:00:00 -0500 Department of Homeland Security and Department of State: Documents Required for Travelers Departing From or Arriving in the United States at Air Ports-of-Entry From Within the Western Hemisphere, December 6, 2006 http://www.gao.gov/decisions/majrule/d07250r.pdf GAO reviewed the Department of Homeland Security (DHS) and the Department of State's (DOS) new rule on documents required for travelers departing or arriving in the United States at air ports-of-entry from within the Western hemisphere. GAO found that (1) the rule contains the first phase of a joint plan known as the Western Hemisphere Travel Initiative, which implements new documentation requirements for certain U.S. citizens and nonimmigrant aliens entering the United States; and (2) DHS and DOS complied with the applicable requirements in promulgating the rule. Wed, 06 Dec 2006 00:00:00 -0500 Aviation Security: TSA Oversight of Checked Baggage Screening Procedures Could Be Strengthened, July 28, 2006 http://www.gao.gov/new.items/d06869.pdf The Transportation Security Administration (TSA) is responsible for screening all checked baggage in U.S. airports for explosives and has deployed explosive detection systems and developed standard procedures for their use. TSA also allows alternative screening procedures to be used for short-term, special circumstances. This report addresses (1) how TSA prioritized the use of checked baggage screening procedures and identified trade-offs in security effectiveness and operational efficiencies; (2) how TSA reported use of the procedures and ensured that standard procedures are used whenever possible; and (3) what steps TSA took to reduce airports' need to use alternative screening procedures and to establish performance measures to monitor their use. To address these issues, GAO interviewed TSA officials, reviewed information from TSA's database on checked baggage screening operations; and conducted airport site visits. TSA has prioritized standard and alternative checked baggage screening procedures based on legislative requirements and TSA officials' judgment of the procedures' effectiveness. Use of various procedures to screen checked baggage has involved trade-offs in security effectiveness, which vary by the type of procedure used and the circumstances of its use. It is TSA's policy to use standard procedures whenever possible because TSA officials determined that these procedures provide the most effective detection of explosives. TSA policy also allows the use of alternative screening procedures when volumes of baggage awaiting screening pose security vulnerabilities or when TSA airport officials determine that there is a security risk associated with large concentrations of passengers in an area waiting for their baggage to be screened. Regarding operational efficiencies, TSA has not fully determined the throughput and costs of the various alternative screening procedures in part because it does not count the number of bags screened using these procedures. TSA has conducted covert tests (undercover, unannounced) of standard procedures, but has not conducted this testing for alternative screening procedures. TSA cited logistical difficulties in conducting covert tests for alternative screening procedures. However, by not doing so, TSA is not collecting data that could provide useful information in determining the security effectiveness of the procedures in an operational setting and how to improve their effectiveness. TSA cannot identify the percentage of checked baggage screened using standard versus alternative screening procedures because TSA records standard procedures in terms of the number of bags screened in its management information system, but records alternative procedures in terms of the number of occasions and hours of use. However, TSA officials estimated that a low percentage of checked baggage is screened using alternative screening procedures. To assess the extent that standard screening procedures are used whenever possible, TSA has established internal controls to monitor the use of standard and alternative screening procedures; however, these controls were not always implemented to ensure the gathering of complete and accurate information. This may limit TSA managers' ability to assess the effect of using alternative screening procedures and determine what should be done to minimize the use of the procedures. TSA headquarters officials stated that they are working with TSA airport staff to correct such reporting problems. TSA has taken steps to reduce the need to use alternative screening procedures at airports, including anticipating factors that could increase passenger and baggage volume and acting to address these factors. However, TSA has not developed performance measures and targets to assess its progress in minimizing the need to use the procedures. By creating performance measures, TSA could gauge whether it is making progress toward minimizing the need to use alternative screening procedures at airports. Performance targets for the procedures would be an indicator of how much risk TSA is willing to accept in using the procedures. Fri, 28 Jul 2006 00:00:00 -0400 Aviation Security: TSA Has Strengthened Efforts to Plan for the Optimal Deployment of Checked Baggage Screening Systems, but Funding Uncertainties Remain, June 29, 2006 http://www.gao.gov/new.items/d06875t.pdf The Transportation Security Administration (TSA) has deployed two types of baggage screening equipment: explosive detection systems (EDS), which use X-rays to scan bags for explosives, and explosive trace detection systems (ETD), in which bags are swabbed to test for chemical traces of explosives. TSA considers screening with EDS to be superior to screening with ETD because EDS machines process more bags per hour and automatically detect explosives without direct human involvement. In March 2005, GAO reported that while TSA had made progress in deploying EDS and ETD machines, it had not conducted a systematic, prospective analysis of the optimal deployment of these machines to achieve long-term savings and enhanced efficiencies and security. GAO's testimony today updates our previous report and discusses TSA's (1) deployment of EDS and ETD systems and the identified benefits of in-line systems, and (2) planning for the optimal deployment of checked baggage screening systems and efforts to identify funding and financing options. Since its inception in November 2001 through June 2006, TSA has procured and installed about 1,600 EDS machines and 7,200 ETD machines to screen checked baggage for explosives at over 400 airports. However, initial deployment of EDS machines in a stand-alone mode--usually in airport lobbies--and ETD machines resulted in operational inefficiencies and security risks as compared with using EDS machines integrated in-line with airport baggage conveyor systems. For example, TSA's use of stand-alone EDS and ETD machines required a greater number of screeners and resulted in screening fewer bags for explosives each hour. In March 2005, we reported that at nine airports where TSA has agreed to help fund the installation of in-line EDS systems, TSA estimated that screening with in-line EDS machines could save the federal government about $1.3 billion over 7 years. In February 2006, TSA reported that many of the initial in-line EDS systems did not achieve the anticipated savings. However, recent improvements in the design of the in-line EDS systems and EDS screening technology now offer the opportunity for higher-performance and lower-cost screening systems. Finally, screening with in-line EDS systems may result in security benefits by reducing the need for TSA to use alternative screening procedures, such as screening with explosives detection canines and physical bag searches, which involve trade-offs in security effectiveness. TSA has begun to systematically plan for the optimal deployment of checked baggage screening systems, but resources have not been made available to fund the installation of in-line EDS systems on a large-scale basis. In February 2006, TSA released its strategic planning framework for checked baggage screening aimed at increasing security through deploying more EDS machines, lowering program life-cycle costs, minimizing impacts to TSA and airport and airline operations, and providing a flexible security infrastructure. As part of this effort, TSA identified the 25 airports that should first receive federal funding for the installation of in-line EDS systems, and the optimal checked baggage screening solutions for the 250 airports with the highest checked baggage volumes. In February 2006, TSA estimated that installing and operating the optimal checked baggage screening systems will cost about $22.4 billion over 20 years and reported that under current investment levels, installation of optimal baggage screening systems would not be completed until approximately 2024. TSA is collaborating with airport operators, airlines, and other key stakeholders to identify funding and cost sharing strategies and is focusing its research and development efforts on the next generation of EDS technology. Thu, 29 Jun 2006 00:00:00 -0400 Aviation Security: Management Challenges Remain for the Transportation Security Administration's Secure Flight Program, June 14, 2006 http://www.gao.gov/new.items/d06864t.pdf After the events of September 11, 2001, the Transportation Security Administration (TSA) assumed the function of passenger prescreening--or the matching of passenger information against terrorist watch lists to identify persons who should undergo additional security scrutiny--for domestic flights, which is currently performed by the air carriers. To do so, TSA has been developing Secure Flight. This testimony covers TSA's progress and challenges in (1) developing, managing, and overseeing Secure Flight; (2) coordinating with key stakeholders critical to program operations; (3) addressing key factors that will impact system effectiveness; and (4) minimizing impacts on passenger privacy and protecting passenger rights. For over 3 years, TSA has faced challenges in developing and implementing the Secure Flight program, and in early 2006, it suspended Secure Flight's development to reassess, or rebaseline, the program. TSA's rebaselining effort is currently under way, and final decisions regarding the future direction of the program have not been made. In our most recent report and testimony, we noted that TSA had made some progress in developing and testing the Secure Flight program, but had not followed a disciplined life cycle approach to manage systems development or fully defined system requirements. We also reported that TSA was proceeding to develop Secure Flight without a program management plan containing program schedule and cost estimates. Oversight reviews of the program had also raised questions about program management. Secure Flight officials stated that as they move forward with the rebaselined program, they will be following a more rigorous and disciplined life cycle process for Secure Flight. We support TSA's rebaselining effort, and believe that the agency should not move forward with the program until it has demonstrated that a disciplined life cycle process is being followed. We also reported that TSA had taken steps to collaborate with Secure Flight stakeholders whose participation is essential to ensuring that passenger and terrorist watch list data are collected and transmitted to support Secure Flight. However, key program stakeholders--including the U.S. Customs and Border Protection, the Terrorist Screening Center, and air carriers--stated that they needed more definitive information about system requirements from TSA to plan for their support of the program. In addition, we reported that several activities that will affect Secure Flight's effectiveness were under way or had not yet been decided. For example, TSA conducted name-matching tests that compared passenger and terrorist screening database information to determine what type of passenger data would be needed for Secure Flight's purposes. However, TSA had not yet made key policy decisions that could significantly impact program operations, including what passenger data it would require air carriers to provide and the name-matching technologies it would use. Further, Secure Flight's system development documentation did not fully identify how passenger privacy protections were to be met, and TSA had not issued the privacy notices that described how it would protect passenger data once Secure Flight became operational. As a result, it was not possible to assess how TSA is addressing privacy concerns. Secure Flight officials stated that they plan to address privacy issues and finalize its redress polices in conjunction with rebaselining the program. Wed, 14 Jun 2006 00:00:00 -0400 Aviation Security: Further Study of Safety and Effectiveness and Better Management Controls Needed If Air Carriers Resume Interest in Deploying Less-than-Lethal Weapons, May 26, 2006 http://www.gao.gov/new.items/d06475.pdf The Transportation Security Administration (TSA) has authority to approve air carrier requests to deploy less-than-lethal weapons, including electric stun devices, onboard commercial aircraft to thwart an attack. Since the terrorist attacks of 2001, one air carrier received approval to deploy electric stun devices. To address concerns regarding reports of injuries after the use of these devices and to ensure that the impacts of these devices onboard aircraft have been fully evaluated, this report answers the following: (1) What analyses has the federal government conducted to assess the safety and effectiveness of these devices onboard commercial aircraft? (2) What controls does TSA have in place to help ensure uniform and timely review of air carrier requests to deploy these devices onboard commercial aircraft? The Transportation Security Administration and the Federal Aviation Administration (FAA) have conducted reviews addressing the effect of electric stun devices on aircraft. Plus, various federal as well as other organizations examined the health effects that electric stun devices have on individuals. But, no studies of health effects have been conducted in an in-flight environment. Moreover, according to NIJ, although electric stun devices have been used successfully many times to subdue suspects, certain compromised populations, such as the elderly and those with a history drug and alcohol abuse, may be at risk for negative outcomes. In April 2002, NIJ concluded that the use of electric stun devices in accordance with appropriate policies and training may be an effective means for flight deck crews to thwart an attack but should not be deployed without further testing. Similarly, in a 2003 report to Congress, TSA generally concurred with NIJ's conclusions. But, neither review included in-flight testing or empirical testing of these devices that would demonstrate that they would enhance security. TSA's position is that empirical data, particularly in an aircraft environment, is necessary to determine if these devices can be used safely and effectively. TSA lacks key internal controls, to help ensure uniformity in decision making and a transparent process to review requests to deploy electric stun devices onboard commercial aircraft. Specifically, TSA (1) lacks a well-defined organizational area with responsibility to receive and review requests, (2) has not established formal criteria for decision making to approve requests and has not communicated criteria to external stakeholders, and (3) maintained little documentation of its decision making and activities to account for its handling of past requests. Without clearly defined approval criteria and a point of contact, TSA cannot reasonably assure that its decision making is uniform and consistent, nor can it provide a transparent request and approval process for air carriers. Fri, 26 May 2006 00:00:00 -0400 Aviation Security: Enhancements Made in Passenger and Checked Baggage Screening, but Challenges Remain, April 4, 2006 http://www.gao.gov/new.items/d06371t.pdf Securing commercial aviation is a daunting task--with hundreds of airports, thousands of aircraft, and thousands of flights daily carrying millions of passengers and pieces of checked baggage. It has been over 3 years since the Transportation Security Administration (TSA) assumed responsibility for passenger and baggage screening at commercial airports. This testimony focuses on the progress TSA is making in strengthening airline passenger and checked baggage screening and the challenges that remain. Particularly, this testimony highlights TSA's efforts to (1) enhance the performance, management, and deployment of the transportation security officer (TSO) workforce; (2) strengthen procedures for screening passengers and checked baggage; and (3) leverage and deploy screening technologies. TSA has taken steps to enhance the TSO workforce's performance, management, and deployment, yet continues to face challenges in allocating staff and ensuring that training is available. For example, TSA developed a Screening Allocation Model to determine TSO staffing levels at commercial airports. However, some assumptions in the model--such as that 20 percent of the TSO workforce will be part-time--may be flawed, given that federal security directors (the lead TSA authorities at U.S. airports) have had difficulty filling this quota and some said they have not been able to hire up to their authorized staffing levels. In addition, while TSA has taken steps to improve the training offered to its TSO workforce, insufficient staffing and a lack of electronic connectivity to access on-line learning have prevented TSOs from taking full advantage of training opportunities. TSA is proposing changes to its screening procedures to enhance detection capabilities in part based on risk assessments, as GAO has previously advocated. Since April 2005, TSA has gathered, vetted, and tested a variety of new procedures for passenger and baggage screening. Some passenger screening procedure changes are based on risk-related factors, including results of covert (undercover, unannounced) tests that are designed to reveal system vulnerabilities. Our ongoing work on how TSA makes these changes indicates that TSA could do more evaluation to ensure the changes achieve the desired results. TSA has taken steps to develop and deploy technologies to strengthen commercial aviation security; however, challenges in funding and planning have created impediments to implementation. For example, TSA has deployed explosives detection systems--either stand-alone or incorporated in-line with baggage conveyor systems--to detect explosives in checked baggage. A TSA cost-benefit analysis of the in-line systems being installed at 9 airports showed that they could yield significant savings for the federal government. However, their deployment has been hampered by a lack of planning and funding strategies. TSA is currently assessing financing options to support the deployment of in-line systems and has begun prioritizing which airports would benefit from their deployment. Tue, 04 Apr 2006 00:00:00 -0400 Aviation Security: Transportation Security Administration Has Made Progress in Managing a Federal Security Workforce and Ensuring Security at U.S. Airports, but Challenges Remain, April 4, 2006 http://www.gao.gov/new.items/d06597t.pdf It has been over 3 years since the Transportation Security Administration (TSA) assumed responsibility for passenger and baggage screening at commercial airports. This testimony focuses on the progress TSA is making in strengthening aspects of aviation security and the challenges that remain. Particularly, this testimony highlights (1) progress TSA has made, and challenges it faces, in managing a federalized security workforce--including federal security directors (FSD) and transportation security officers (TSO)--with operational responsibility for ensuring security of passengers and their baggage; and (2) actions TSA has taken, and the challenges it faces, to ensure appropriate regulatory oversight of other airport security activities. TSA has made progress in managing, deploying, and training a federalized aviation security workforce, including FSDs (the lead authority at U.S. airports) and TSOs (formerly known as screeners). FSDs have, for example, formed partnerships with key federal and private-sector stakeholders at airports engaged in security and operations. We reported, however, that the guidance on FSD authority is outdated and lacks clarity, particularly regarding security incidents when FSDs must coordinate with other stakeholders. Regarding TSOs, TSA has taken and has planned actions to strengthen the management and deployment of the TSO workforce. TSA has, for instance, developed a screening allocation model to determine TSO staffing levels at airports. However, FSDs have reported concerns that despite such a model, attracting, hiring, and retaining an adequate part-time TSO workforce remains a challenge. We have reported that, while TSA has expanded training opportunities for TSOs, insufficient TSO staffing and other problems hinder the ability of TSOs to take training. To evaluate TSO performance, TSA has collected performance data by conducting covert (undercover, unannounced) tests at passenger screening checkpoints. TSA has taken steps to strengthen key areas of aviation security for which it has regulatory and oversight responsibility, including domestic air cargo security, but faces challenges related to oversight and performance measurement. We reported in October 2005, for example, that while TSA had significantly increased the number of domestic air cargo inspections conducted, performance measures to determine to what extent air carriers and others are complying with air cargo security requirements had not been developed. Without such performance measures, and a systematic analysis of these results of air cargo security inspections, TSA's ability to target its workforce for future inspections, and fulfill oversight responsibilities, will be limited. Further, while TSA has incorporated elements of risk-based decision making into securing air cargo, its efforts are not yet complete. To address these and other issues, TSA officials stated that they plan to compile additional information on air cargo inspections to enhance their ability to conduct compliance inspections of air carriers using covert testing, and to require random inspection of air cargo. Tue, 04 Apr 2006 00:00:00 -0400 Aviation Security: Progress Made to Set Up Program Using Private-Sector Airport Screeners, but More Work Remains, March 31, 2006 http://www.gao.gov/new.items/d06166.pdf In November 2004, as required by law, the Transportation Security Administration (TSA) began allowing all commercial airports to apply to use private screeners in lieu of federal screeners as part of its Screening Partnership Program (SPP). GAO's prior work found that airports and potential private screening contractors had concerns about the SPP, including whether they would be liable in the event of a terrorist attack and how roles and responsibilities would be divided among TSA airport staff and private screening contractors. This report addresses TSA's efforts to (1) provide liability protection to private screening contractors and airports and address other SPP stakeholder concerns; (2) achieve cost-savings through the SPP; and (3) establish performance goals and measures for the SPP. DHS and Congress have begun to address whether liability protection may be offered to current and prospective private screening contractors and airports using private screeners. DHS has already provided some liability protection to three of the four current private screening contractors. However, DHS officials stated that they cannot provide additional coverage, which would render contractors virtually immune from all pertinent claims, because TSA has not finalized performance standards that would allow DHS to determine if contractors will perform as intended--a criterion that must be satisfied before providing such additional protection. Recently enacted legislation shields airports from virtually all liability resulting from the negligence or wrongdoing committed by a private screening company or its employees. TSA has also taken action to improve the screener hiring process by granting contractors and TSA airport officials more input and flexibility in the hiring process. Additionally, TSA has defined the roles and responsibilities for SPP stakeholders--TSA airport staff and private screening contractors, among others--in its August 2005 SPP transition plan. However, the details in this plan have not been shared with private screening contractors, and all four contractors we interviewed were unclear about TSA staff roles and responsibilities at the airports they served. TSA has stated that the SPP will operate at a cost that is competitive with equivalent federal operations and will achieve cost-savings where possible. Over the last 3 years, TSA has awarded cost-reimbursement contracts with an award fee component for screening services at four of the five airports currently using private screeners. The award fee is based, in part, on contractor cost-savings. However, opportunities for TSA cost-savings may be limited because under the cost-reimbursement contracts TSA bears most of the cost risk--the risk of paying more than it expected. TSA plans to shift more cost risk to contractors by competitively awarding fixed-price-award fee contracts for screening services at the four smallest airports that will participate in the SPP. TSA also plans to competitively award fixed-price contracts for screening services at larger airports, but stated that they cannot do so for up to 2 years--when officials believe that screening costs at larger airports will be better known. TSA has developed performance goals and has begun drafting related measures and targets to assess the performance of private screening contractors under the SPP in the areas of security, customer service, costs, workforce management, and innovation. For example, one of the measures would require contractors to ensure that new hires receive required training. TSA's related target for this measure is that 100 percent of new hires will complete required training. These same measures and targets will also be used by DHS to assess whether to award full liability coverage under the SAFETY Act. TSA officials stated that DHS must approve the draft performance measures and targets before they can be finalized. As of January 2006, DHS had not yet completed its review. Fri, 31 Mar 2006 00:00:00 -0500 Aviation Security: Significant Management Challenges May Adversely Affect Implementation of the Transportation Security Administration's Secure Flight Program, February 9, 2006 http://www.gao.gov/new.items/d06374t.pdf After the events of September 11, 2001, Congress created the Transportation Security Administration (TSA) and directed it to assume the function of passenger prescreening--or the matching of passenger information against terrorist watch lists to identify persons who should undergo additional security scrutiny--for domestic flights, which is currently performed by the air carriers. To do so, TSA is developing Secure Flight. This testimony covers TSA's progress and challenges in (1) developing, managing, and overseeing Secure Flight; (2) coordinating with key stakeholders critical to program operations; (3) addressing key factors that will impact system effectiveness; and (4) minimizing impacts on passenger privacy and protecting passenger rights. This testimony includes information on areas of congressional interest that GAO has previously reported on. TSA has made some progress in developing and testing the Secure Flight program. However, TSA has not followed a disciplined life cycle approach to manage systems development, or fully defined system requirements. Rather, TSA has followed a rapid development method intended to develop the program quickly. This process has been ad hoc, resulting in project activities being conducted out of sequence, requirements not being fully defined, and documentation containing contradictory information or omissions. Further, while TSA has taken steps to implement an information security management program for protecting information and assets, its efforts are incomplete. Finally, TSA is proceeding to develop Secure Flight without a program management plan containing program schedule and cost estimates. Oversight reviews of the program have also raised questions about program management. Without following a more rigorous and disciplined life cycle process, including defining system requirements, the Secure Flight program is at serious risk of not meeting program goals. Over the past year, TSA has made some progress in managing risks associated with developing Secure Flight, and has recently taken actions that recognize the need to install more rigor and discipline into the development process. TSA has also taken steps to collaborate with Secure Flight stakeholders whose participation is essential to ensuring that passenger and terrorist watch list data are collected and transmitted to support Secure Flight. However, key program stakeholders--including the U.S. Customs and Border Protection, the Terrorist Screening Center, and air carriers--stated that they need more definitive information about system requirements from TSA to plan for their support of the program. In addition, several activities that will affect Secure Flight's effectiveness are under way, or have not yet been decided. For example, TSA conducted name-matching tests, which compared passenger and terrorist screening database data, to evaluate the ability of the system to function. However, TSA has not yet made key policy decisions which could significantly impact program operations, including what passenger data it will require air carriers to provide and the name-matching technologies it will use. Further, Secure Flight's system development documentation does not fully explain how passenger privacy protections are to be met, and TSA has not issued the privacy notices that describe how it will protect passenger data once Secure Flight becomes operational. As a result, it is not possible to assess how TSA is addressing privacy concerns. TSA is also determining how it will provide for redress, as mandated by Congress, to provide aviation passengers with a process to appeal determinations made by the program and correct erroneous information contained within the prescreening process. However, TSA has not finalized its redress polices. Thu, 09 Feb 2006 00:00:00 -0500 Aviation Security: Federal Air Marshal Service Could Benefit from Improved Planning and Controls, November 28, 2005 http://www.gao.gov/new.items/d06203.pdf The U.S. Federal Air Marshal Service (FAMS) has undergone a number of changes in recent years, including a 2003 transfer from the Transportation Security Administration (TSA) to the U.S. Immigration and Customs Enforcement Bureau (ICE), and a 2005 transfer from ICE back to TSA. A key aspect of federal air marshals' operating procedures is the discreet movement through airports as they check in for their flight, transit screening checkpoints, and board the aircraft. This report discusses FAMS's (1) transfer to ICE and key practices that could facilitate its return to TSA, and (2) management of mission-related incidents that affect air marshals' ability to operate discreetly. DHS made limited progress in achieving the intended objectives of its transfer of FAMS to ICE, which included (1) developing a "surge" capacity through cross-training ICE agents, and (2) enhancing federal air marshals' career opportunities. Specifically, DHS had developed some surge capacity by cross-training a number of ICE agents but suspended these efforts in October 2004 in response to congressional concerns that the cross-training was an ineffective use of resources and training. DHS indicated that it would continue to support the surge effort, but had not determined whether and when it would resume cross-training to support this initiative. Further, although DHS recognized that federal air marshals' career opportunities were limited, it had not developed plans to expand them through investigative or other duties. Moreover, DHS had not determined how these transition objectives would be met because it had not developed an overall strategy to include implementation goals, measures, and a timeline to help target performance shortfalls and suggest midcourse corrections--a key practice for a successful transformation. DHS also had not developed a communication strategy to create shared expectations and report related progress on the transition to employees and other stakeholders--another key practice. With its return of FAMS to TSA, DHS's prior experience in transferring FAMS to ICE can provide useful information on key practices to consider in effecting a successful transition. FAMS lacks adequate management controls to help ensure that mission-related incidents that affect air marshals' ability to operate discreetly are recorded, tracked, and addressed. For example, FAMS has not developed a written policy that establishes criteria for when and how federal air marshals are to complete mission reports on incidents they encounter during their missions. In addition, FAMS lacks adequate controls to ensure that the outcome of actions taken to address these incidents was communicated to the federal air marshals who originally reported them. Not providing such information may serve to discourage federal air marshals from submitting future reports. FAMS officials have acknowledged that FAMS lacks written policies to govern the use and management of mission reports and stated that FAMS plans to develop such policies in the near future. Mon, 28 Nov 2005 00:00:00 -0500 Aviation Security: Federal Action Needed to Strengthen Domestic Air Cargo Security, October 17, 2005 http://www.gao.gov/new.items/d0676.pdf In 2004, an estimated 23 billion pounds of air cargo was transported within the United States, about a quarter of which was transported on passenger aircraft. Within the Department of Homeland Security (DHS), the Transportation Security Administration (TSA) is responsible for ensuring the security of commercial aviation, including the transportation of cargo by air. To evaluate the status of TSA's efforts to secure domestic air cargo, GAO examined (1) the extent to which TSA used a risk management approach to guide decisions on securing air cargo, (2) the actions TSA has taken to ensure the security of air cargo and the factors that may limit their effectiveness, and (3) TSA's plans for enhancing air cargo security and the challenges TSA and industry stakeholders face in implementing these plans. TSA has taken initial steps toward applying a risk-based management approach to address air cargo security. A risk-based management approach entails a continuous process of managing risk through a series of actions, including setting strategic goals and objectives and assessing risk through the identification and evaluation of threats, vulnerabilities, and critical assets. In November 2003, TSA completed an air cargo strategic plan that outlined a threat-based, risk management approach to secure the air cargo system by, among other things, targeting elevated risk cargo for inspection. TSA also completed an updated threat assessment in April 2005. However, TSA has not yet established a methodology and schedule for completing assessments of air cargo vulnerabilities and critical assets--two crucial elements of a risk-based management approach without which TSA may not be able to appropriately focus its resources on the most critical security needs. TSA has taken a number of actions intended to strengthen air cargo security, but factors exist that may limit their effectiveness. For example, TSA established a centralized database on people and businesses that routinely ship air cargo to improve information on known shippers. However, we identified problems with the reliability of the information in the database, and how TSA is using the information to identify shippers who may pose a risk. TSA has also established requirements for air carriers to randomly inspect air cargo, but has exempted some cargo from inspection, potentially creating security weaknesses. Further, TSA conducts audits of air carriers and indirect air carriers to ensure that they are complying with existing air cargo security requirements. However, TSA has not developed measures to assess the adequacy of air carrier and indirect air carrier compliance, systematically analyzed these audit results to target future inspections, or assessed the effectiveness of its enforcement actions to ensure compliance with air cargo security requirements. TSA's plans for enhancing air cargo security focus on implementing a system for targeting and inspecting elevated risk cargo, and requiring air carriers to conduct security threat assessments on thousands of cargo workers, among other efforts. However, these plans may pose financial, operational, and technological challenges to the agency and air cargo industry stakeholders. For example, stakeholders are concerned, and our analysis identified, that TSA may have underestimated the cost of its proposed measures. Mon, 17 Oct 2005 00:00:00 -0400 Transportation Security Administration: More Clarity on the Authority of Federal Security Directors Is Needed, September 23, 2005 http://www.gao.gov/new.items/d05935.pdf The Transportation Security Administration (TSA) assigned Federal Security Directors (FSD) to oversee security, including the screening of passengers and their baggage, at the nation's more than 440 commercial airports. FSDs must work closely with stakeholders to ensure that airports are adequately protected and prepared in the event of a terrorist attack. This report addresses (1) the roles and responsibilities of FSDs and the clarity of their authority relative to that of other airport stakeholders during security incidents, (2) the extent to which FSDs formed and facilitated partnerships with airport stakeholders, and (3) FSDs' views of key changes TSA made to better support or empower the FSD position. TSA has issued guidance that clearly defines FSDs' roles and responsibilities. However, TSA's guidance related to FSDs' authority is outdated and lacks clarity regarding FSD authority relative to other airport stakeholders. TSA's document that delegates authority to FSDs gives them authority to supervise and deploy a TSA law enforcement force that was never established. Also, it does not clearly address FSD authority during a security incident relative to other parties with airport security responsibilities. At airports GAO visited, stakeholders said that this information had never been communicated to them and they were not always clear on the FSDs' authority in such situations. For example, confusion arose at one airport over whether the FSD had the authority to take certain actions during a security incident. In August 2005, TSA officials stated that they were updating guidance on FSDs' authority but had not finalized their revisions prior to this report's issuance. All of the FSDs and most stakeholders at the airports GAO visited reported developing partnerships that were generally working well. Communication and coordination were taking place among stakeholders at these airports, including meetings, briefings, and training exercises. According to TSA, partnerships with airport stakeholders are essential to FSDs' success in addressing aviation security and customer service needs. For example, FSDs rely on law enforcement stakeholders during security incidents since they do not have their own law enforcement resources. FSDs also rely on air carriers for passenger volume information to schedule screeners, and air carriers rely on FSDs for efficient screening that minimizes passenger wait times. TSA made changes in 2004 to better support or empower the FSD position, and most of the 25 FSDs we interviewed generally viewed these changes favorably. For example, most of the FSDs we interviewed were satisfied with TSA's new local hiring process that provided more options for FSDs to be involved in hiring screeners, and most said that the new process was better than the more centralized hiring process it replaced. Most FSDs we interviewed also saw value in the headquarters group TSA established to provide operational support to the field and a communication link among headquarters, field-based Area Directors, and FSDs. Fri, 23 Sep 2005 00:00:00 -0400 Aviation Security: Flight and Cabin Crew Member Security Training Strengthened, but Better Planning and Internal Controls Needed, September 6, 2005 http://www.gao.gov/new.items/d05781.pdf Training flight and cabin crew members to handle potential threats against domestic aircraft is an important element in securing our nation's aviation system. The responsibility for ensuring that crew members are prepared to handle these threats is a shared responsibility between the private sector--air carriers--and the federal government, primarily the Transportation Security Administration (TSA). This report addresses (1) actions TSA has taken to develop guidance and standards for flight and cabin crew member security training and to measure the effectiveness of the training, (2) how TSA ensures domestic air carriers comply with the training guidance and standards, and (3) efforts TSA has taken to develop and assess the effectiveness of its voluntary self-defense training program. Since the terrorist attacks of September 11, 2001, TSA enhanced guidance and standards for flight and cabin crew member security training with input from stakeholders. Specifically, TSA revised the guidance and standards to include additional training elements required by law and to improve the organization and clarity of the guidance and standards. Some stakeholders we interviewed and our own review generally found that the revised guidance and standards improved upon previous versions in terms of organization and clarity of the information provided. However, some stakeholders identified concerns about, for example, the reasonableness of applying parts of the guidance and standards to both flight and cabin crew members and the difficulty in implementing some of the standards without additional information or training tools from TSA. Additionally, TSA has not established strategic goals and performance measures for assessing the effectiveness of the training because it considers its role in the training program as regulatory. In this regard, TSA views the individual air carriers as responsible for establishing performance goals and measures for their training programs, but has not required them to do so. Without goals and measures, TSA and air carriers will be limited in their ability to fully assess accomplishments and target associated improvements. TSA recently took steps to strengthen its efforts to oversee air carriers' flight and cabin crew security training to ensure they are complying with the required guidance and standards. For example, in January 2005, TSA added staff with expertise in designing training programs to review air carriers' crew member security training curriculums and developed a standard form for staff to use to conduct their reviews. However, TSA lacks adequate controls for monitoring and reviewing air carriers' crew member security training, including written procedures for conducting and documenting these reviews. TSA plans to develop written procedures, but has not established a timeframe for completing this effort. TSA has developed an advanced voluntary self-defense training program with input from stakeholders and implemented the program in December 2004, as required by law. However, stakeholders and our own analysis identified concerns about the training design and delivery, such as the lack of recurrent training and the lack of a realistic training environment. Also, TSA has not yet established performance measures for the program or established a time frame for evaluating the program's effectiveness. Tue, 06 Sep 2005 00:00:00 -0400 Aviation Safety: Oversight of Foreign Code-Share Safety Program Should Be Strengthened, August 5, 2005 http://www.gao.gov/new.items/d05930.pdf U.S. airlines are increasingly relying on code-share partnerships with foreign carriers to provide additional sources of revenue. Code-sharing is a marketing arrangement in which an airline places its designator code on a flight operated by another airline and sells and issues tickets for that flight. To determine whether the foreign code-share partners of U.S. airlines meet an acceptable level of safety, in 2000, the Department of Transportation (DOT) established the Code-Share Safety Program, which requires U.S. airlines to conduct safety audits of their foreign code-share partners as a condition of code-share authorization. GAO's objective was to assess the federal government's efforts to provide reasonable assurance of safety and security on foreign code-share flights. GAO reviewed (1) the extent to which DOT's code-share authorization process is designed to consider safety and security, (2) the Federal Aviation Administration's (FAA) management of the Code-Share Safety Program, and (3) the implementation of the program by airlines and the results. In considering U.S. airlines' requests to establish code-share arrangements with foreign carriers, DOT's Office of International Aviation reviews, among other things, any safety and security objections from FAA and TSA. FAA assesses the safety of foreign civil aviation authorities and reviews reports of the safety audits that U.S. carriers have conducted of their foreign airline partners. From fiscal years 2000 through 2004, DOT (1) authorized U.S. airlines to establish or maintain code-share arrangements with foreign carriers 270 times and (2) did not suspend any arrangements because of known safety concerns. According to FAA, however, U.S. airlines occasionally have decided not to pursue code-share arrangements with foreign carriers because they expected FAA would object, and FAA sometimes puts its reviews of proposed code-share arrangements on hold if the agency has safety concerns. FAA and TSA did not object to any of the authorizations during that period for safety or security reasons. Although not involved in the code-share authorization process, the Department of Defense (DOD) reviews the safety of foreign airlines that transport DOD personnel. For their separate programs, FAA and DOD are reviewing many of the same safety audit reports on foreign carriers. The Code-Share Safety Program, which calls for U.S. airlines to conduct periodic safety audits of their foreign code-share partners, incorporates selected government auditing standards involving independence, professional judgment, and competence. However, FAA's reviews of the safety audit reports lacked management controls for reviewers' qualifications, documenting the closure of safety audit findings, verifying corrective actions taken in response to findings, and documenting reviews. Eight U.S. airlines with foreign code-share partners have implemented the DOT program by conducting safety audits of their foreign partners. According to our review of a random sample of audit reports that FAA reviewed from fiscal years 2000 through 2004, the largest numbers of safety findings identified were in the categories of (1) flight operations and (2) maintenance and engineering. GAO estimates that for 68 percent of the findings, the documentation was insufficient to demonstrate that the findings were closed or were resolved. Airlines are beginning to adopt a new safety audit program that requires the documentation of findings and corrective actions. Fri, 05 Aug 2005 00:00:00 -0400 Aviation Security: Transportation Security Administration Did Not Fully Disclose Uses of Personal Information During Secure Flight Program Testing in Initial Privacy Notes, but Has Recently Taken Steps to More Fully Inform the Public, July 22, 2005 http://www.gao.gov/new.items/d05864r.pdf We have been reviewing the Department of Homeland Security's (DHS) Transportation Security Administration's (TSA) efforts to develop and implement the Secure Flight program. The purpose of Secure Flight is to compare information on domestic airline passengers against information on known or suspected terrorists to identify passengers who should undergo additional security scrutiny. As we reported in February and March 2005, to develop Secure Flight, TSA has been conducting tests to compare data from airline reservation systems, such as name and flight number, with data from the government's consolidated terrorist watch lists, which include names of known and suspected terrorists. We also reported that TSA has been testing the use of selected data available from commercial data sources--private companies that maintain records on individual names, addresses, phone numbers, and other information--as a means of verifying the accuracy of passenger-provided data. In this letter, we report on key aspects of TSA's disclosure of its use of personal information during commercial data testing for Secure Flight as required by the Privacy Act, and TSA's actions to more fully disclose its use of personal information. We will continue our assessment of Secure Flight privacy protections as part of our ongoing review of the Secure Flight program. During the course of our ongoing review of the Secure Flight program, we found that TSA did not fully disclose to the public its use of personal information in its fall 2004 privacy notices as required by the Privacy Act. In particular, the public was not made fully aware of, nor had the opportunity to comment on, TSA's use of personal information drawn from commercial sources to test aspects of the Secure Flight program. In September 2004 and November 2004, TSA issued privacy notices in the Federal Register that included descriptions of how such information would be used. However, these notices did not fully inform the public before testing began about the procedures that TSA and its contractors would follow for collecting, using, and storing commercial data. In addition, the scope of the data used during commercial data testing was not fully disclosed in the notices. Specifically, a TSA contractor, acting on behalf of the agency, collected more than 100 million commercial data records containing personal information such as name, date of birth, and telephone number without informing the public. As a result of TSA's actions, the public did not receive the full protections of the Privacy Act. On June 10, 2005, we briefed TSA on our concerns about privacy protection issues related to Secure Flight testing. TSA officials stated that they recognized the merits of GAO's concerns, and on June 22, 2005, the agency published revised privacy notices to more fully disclose the nature of tests being conducted. The revised notices clarified the purpose of commercial data testing for Secure Flight and expanded the categories of records and individuals covered by the system of records as it applied to commercial data tests. In moving forward, TSA officials stated that they will put procedures in place to ensure that prior to making any change in testing procedures, the TSA Privacy Officer and TSA counsel would be consulted to determine whether a change to TSA's privacy notices would be required to inform the public. TSA officials also stated that no adverse consequences resulted from the use of commercial data because the data were used only in a test environment and not to make passenger prescreening decisions prior to actual flights. TSA officials further stated that data collected from commercial sources will not be used during the initial operation of Secure Flight, which is expected to begin in late 2005 or early 2006. TSA is, however, considering the use of such data in the future, if the data can be shown to improve the ability of Secure Flight to identify known or suspected terrorists. Fri, 22 Jul 2005 00:00:00 -0400 Homeland Security: Agency Resources Address Violations of Restricted Airspace, but Management Improvements Are Needed, July 21, 2005 http://www.gao.gov/new.items/d05928t.pdf Securing and defending U.S. airspace is an interagency mission that depends on close interagency coordination and information sharing. GAO was asked to review (1) the threat assessment for U.S. aviation, (2) violations of restricted airspace since September 11, 2001, (3) agencies' individual or coordinated steps to secure U.S. aviation, and (4) interagency policies and procedures to manage the response to restricted airspace violations. GAO will issue a classified report responding to this request later this year. To keep this testimony unclassified, GAO focused on the latter three questions. The Federal Aviation Administration reported about 3,400 violations of restricted airspace from September 12, 2001, to December 31, 2004, most of which were committed by general aviation pilots. Violations can occur because (1) pilots may divert from their flight plan to avoid bad weather, (2) the Administration may establish newly restricted airspace with little warning, and pilots in the air may be unaware of the new restrictions, or (3) pilots do not check for notices of restrictions, as required. Also, terrorists may deliberately enter restricted airspace to test the government's response or carry out an attack. Federal agencies have acted individually or have coordinated to enhance aviation security. For example, the Transportation Security Administration (TSA) established a national operations center that disseminates operational- and intelligence-related information, and has enhanced passenger and checked baggage screening, secured cockpit doors, and assessed the risk to some, but not all, commercial airports. Also, few general aviation airport owners have conducted risk assessments. The North American Aerospace Defense Command's mission was expanded to include monitoring domestic air traffic and conducting air patrols. Collectively, the agencies are operating the National Capital Region Coordination Center to secure the National Capital Region. GAO identified gaps in the simultaneous, time-critical, multi-agency response to airspace violations. While it may not be possible to prevent all violations or deter all attacks, GAO identified some gaps in policies and procedures. Specifically, the agencies were operating without (1) an organization in the lead, (2) fully developed interagency policies and procedures for the airspace violations response teleconferencing system, (3) information sharing protocols and procedures, or (4) accepted definitions of a violation. As a result, opportunities may be missed to enhance the security of U.S. aviation. Thu, 21 Jul 2005 00:00:00 -0400 International Air Passengers: Staffing Model for Airport Inspections Personnel Can Be Improved, July 15, 2005 http://www.gao.gov/new.items/d05663.pdf While the Enhanced Border Security and Visa Protection Act repealed a 45 minute standard for inspecting international passengers, minimizing wait times at airports remains an area of concern for U.S. Customs and Border Protection (CBP). Shortly after its creation in March 2003, CBP assumed inspection functions from the Immigration and Naturalization Service, the U.S. Customs Service, and the Department of Agriculture. The new agency's priority missions are to prevent terrorism and to facilitate travel and trade. To assess CBP's efforts to minimize wait times for international air passengers while ensuring security, this report answers the following questions: (1) What are the wait times at the 20 U.S. international airports that receive most of the international traffic and what factors affect wait times? (2) What steps have airports and airlines taken to minimize passenger wait times? (3) How has CBP managed staffing to minimize wait times across airports? The amount of time passengers from international locations have to wait before completing CBP inspections to enter the United States varies within and across airports. On average, CBP processed passengers within 45 minutes during the 2-month period for which data were available, although some flights had significantly longer wait times. Based on our observations and analysis as well as our discussions with airport and CBP officials, we determined that the primary factors affecting wait time are passenger volume, the number of inspection stations available at an airport, and the number of CBP officers available to conduct inspections. These factors, in different combinations at each airport, affect passenger wait times. Three of the five international airports we visited had built new or expanded federal inspection facilities to accommodate future growth in passenger volume and minimize wait times for internationally arriving passengers. Additionally, some airports assigned staff to assist passengers in preparing documentation to minimize wait times. Airline officials we spoke to acknowledged that large volumes of arriving passengers may increase wait times, but said that, to accommodate market demand, airlines do not spread flight arrivals throughout the day. CBP, in its efforts to minimize passenger wait times at airports, has taken steps to increase the efficient use of existing staff at airports. For example, CBP is cross-training its officers so that they can conduct different types of inspections. CBP is also developing a staffing model to allocate staff among its ports. However, the new model fails to address weaknesses identified in assessments of staffing models used previously by Customs and INS, such as not including wait times as a performance measure. CBP also has not developed milestones for completing its staffing model and cross-training program at all ports. Until these weaknesses are addressed, CBP will be hampered in forming a basis for management decision-making concerning staff allocation and staff needs and providing budget justifications. Fri, 15 Jul 2005 00:00:00 -0400 Aviation Security: Better Planning Needed to Optimize Deployment of Checked Baggage Screening Systems, July 13, 2005 http://www.gao.gov/new.items/d05896t.pdf Mandated to screen all checked baggage using explosive detection systems at airports by December 31, 2003, the Transportation Security Administration (TSA) deployed two types of screening equipment: explosives detection systems (EDS), which use computer-aided tomography X-rays to recognize the characteristics of explosives, and explosives trace detection (ETD) systems, which use chemical analysis to detect traces of explosive material vapors or residues. This testimony discusses (1) TSA's deployment of EDS and ETD systems and the impact of initially deploying these systems, (2) TSA and airport actions to install EDS machines in-line with baggage conveyor systems, and the federal resources made available for this purpose, and (3) actions taken by TSA to optimally deploy checked baggage screening systems. TSA has made substantial progress in installing EDS and ETD systems at the nation's more than 400 airports to provide the capability to screen all checked baggage using explosive detection systems, as mandated by Congress. However, in initially deploying EDS and ETD equipment, TSA placed stand-alone ETD and the minivan-sized EDS machines--mainly in airport lobbies--that were not integrated in-line with airport baggage conveyor systems. TSA officials stated that the agency's ability to initially install in-line systems was limited because of the high costs and the time required for airport modifications. These interim lobby solutions resulted in operational inefficiencies, including requiring a greater number of screeners, as compared with using EDS machines in-line with baggage conveyor systems. TSA and airport operators are taking actions to install in-line baggage screening systems to streamline airport and TSA operations, reduce screening costs, and enhance security. Eighty-six of the 130 airports we surveyed either have, are planning to have, or are considering installing full or partial in-line systems. However, resources have not been made available to fund these capital-intensive systems on a large-scale basis. Also, the overall costs of installing in-line baggage screening systems at each airport are unknown, the availability of future federal funding is uncertain, and perspectives differ regarding the appropriate role of the federal government, airport operators, and air carriers in funding these systems. TSA has not conducted a systematic, prospective analysis to determine at which airports it could achieve long-term savings and enhanced efficiencies and security by installing in-line systems or, where in-line systems may not be economically justified, by making greater use of stand-alone EDS systems rather than relying on the labor-intensive and less efficient ETD screening process. However, at nine airports where TSA has agreed to help fund the installation of in-line baggage screening systems, TSA conducted a retrospective cost-benefit analysis which showed that these in-line systems could save the federal government about $1 billion over 7 years. TSA further estimated that it could recover its initial investment in the in-line systems at these airports in a little over 1 year. Wed, 13 Jul 2005 00:00:00 -0400 Taser Weapons: Use of Tasers by Selected Law Enforcement Agencies, May 26, 2005 http://www.gao.gov/new.items/d05464.pdf Emerging domestic and international threats have generated a growing interest in the use of less-than-lethal weapons by government and law enforcement agencies and other entities such as commercial airlines. One such weapon--the Taser--is a hand-held weapon that delivers an electric shock via two stainless steel barbs, effectively incapacitating an individual. According to the manufacturer--Taser International, Incorporated (Taser International)--Tasers are currently used by over 7,000 of the 18,000 law enforcement agencies in the United States, with more than 140,000 Tasers in use by police officers in the field and an additional 100,000 Tasers owned by civilians worldwide. Tasers have been used on over 100,000 volunteers, including individuals involved in training seminars and research experiments, and involved in over 70,000 actual field uses during police encounters. In light of the expanding interest in the Taser, GAO was asked to provide information on (1) the policies and procedures related to the issues of "use-of-force," training, operations, and safety for selected law enforcement agencies that have purchased and used Tasers and (2) federal, state, and local laws that specifically address Tasers, including the Transportation Security Administration's (TSA) authority to regulate Tasers on aircraft. The seven law enforcement agencies we contacted have established use-of-force policies, training requirements, operational protocols, and safety procedures to help ensure the proper use of Tasers. Although none of the agencies have separate use-of-force policies that specifically address Tasers, all seven agencies include the use of Tasers into their existing policies. Taser training is required for officers who use the weapons, and agency officials said that training for officers and other non-law enforcement persons who are allowed to use Tasers is critically important to help ensure their safe use. Operational protocols require that Tasers be visually inspected daily, appropriately safeguarded, and, in some cases, tested weekly or at the beginning of an officer's shift. Safety procedures require that Tasers not be used on children, pregnant suspects, or near bystanders or flammable liquids and that individuals hit in specific body areas with Taser barbs, such as the neck or face, be examined by a physician. Some federal, state, and local jurisdictions have laws that address Tasers but requirements differ. For example, at the federal level, the Army prohibits Tasers from being brought into selected military installations in Georgia. Also, TSA may approve the use of Tasers on aircraft but must prescribe training rules and guidance on appropriate circumstances for using Tasers. At the state and local levels, the state of Indiana and the city of Chicago, Illinois, regulate the sale or possession of Tasers by non-law enforcement persons by subjecting Tasers to the same restrictions that apply to firearms. Other states, such as California, prohibit Tasers from being carried into public facilities such as airports. GAO observes that as the Taser becomes more widely used, especially by non-law enforcement persons, training is critical to help ensure its safe, effective, and appropriate use. TSA, Taser International, and the seven law enforcement agencies we contacted generally agreed with the information in this report. Thu, 26 May 2005 00:00:00 -0400 Aviation Security: Screener Training and Performance Measurement Strengthened, but More Work Remains, May 2, 2005 http://www.gao.gov/new.items/d05457.pdf The screening of airport passengers and their checked baggage is a critical component in securing our nation's commercial aviation system. Since May 2003, GAO has issued six products related to screener training and performance. This report updates the information presented in the prior products and incorporates results from GAO's survey of 155 Federal Security Directors--the ranking Transportation Security Administration (TSA) authority responsible for the leadership and coordination of TSA security activities at the nation's commercial airports. Specifically, this report addresses (1) actions TSA has taken to enhance training for passenger and checked baggage screeners and screening supervisors, (2) how TSA ensures that screeners complete required training, and (3) actions TSA has taken to measure and enhance screener performance in detecting threat objects. TSA has initiated a number of actions designed to enhance screener training, such as updating the basic screener training course. TSA also established a recurrent training requirement and introduced the Online Learning Center, which makes self-guided training courses available over TSA's intranet and the Internet. Even with these efforts, Federal Security Directors reported that insufficient screener staffing and a lack of high-speed Internet/intranet connectivity at some training facilities have made it difficult to fully utilize training programs and to meet the recurrent training requirement of 3 hours per week, averaged over a quarter year, within regular duty hours. TSA acknowledged that challenges exist in recurrent training delivery and is taking steps to address these challenges, including factoring training into workforce planning efforts and distributing training through written materials and CD-ROMs. However, TSA has not established a plan prioritizing the deployment of high-speed Internet/intranet connectivity to all airport training facilities to facilitate screener access to training materials. TSA lacks adequate internal controls to provide reasonable assurance that screeners receive legislatively mandated basic and remedial training, and to monitor its recurrent training program. Specifically, TSA policy does not clearly specify the responsibility for ensuring that screeners have completed all required training. In addition, TSA officials have no formal policies or methods for monitoring the completion of required training and were unable to provide documentation identifying the completion of remedial training. TSA has implemented and strengthened efforts to measure and enhance screener performance. For example, TSA has increased the number of covert tests it conducts at airports, which test screeners' ability to detect threat objects on passengers, in their carry-on baggage, and in checked baggage. These tests identified that overall, weaknesses and vulnerabilities continue to exist in passenger and checked baggage screening systems at airports of all sizes, at airports with federal screeners, and at airports with private-sector screeners. While these test results are an indicator of performance, they cannot solely be used as a comprehensive measure of any airport's screening performance or any individual screener's performance. We also found that TSA's efforts to measure and enhance screener performance have primarily focused on passenger screening, not checked baggage screening. For example, TSA only uses threat image software on passenger screening X-ray machines, and the recertification testing program does not include an image recognition module for checked baggage screeners. TSA is taking steps to address the overall imbalance in passenger and checked baggage screening performance data. TSA also established performance indexes for the passenger and checked baggage screening systems, to identify an overall desired level of performance. However, TSA has not established performance targets for each of the component indicators that make up the performance indexes, including performance targets for covert testing. TSA plans to finalize these targets by the end of fiscal year 2005. Mon, 02 May 2005 00:00:00 -0400 Aviation Fees: Review of Air Carriers' Year 2000 Passenger and Property Screening Costs, April 18, 2005 http://www.gao.gov/new.items/d05558.pdf The Aviation and Transportation Security Act (ATSA) authorized the Transportation Security Administration (TSA) to impose an Aviation Security Infrastructure Fee (ASIF) on air carriers to help pay for the costs of aviation security services. To impose the ASIF, TSA issued an Interim Final Rule (IFR) and required air carriers to report their passenger and property screening costs incurred in 2000 on an attachment to the IFR referred to as Appendix A. The 2000 screening costs reported by air carriers were going to be used to establish the ASIF. Based on industry estimates of $1 billion, TSA had estimated that the costs incurred by air carriers in 2000 were $750 million, but the amounts reported by air carriers totaled $319 million, significantly less than expected. To provide the Congress with an independent assessment, the Department of Homeland Security Appropriations Act, 2005 required GAO to review the amount of passenger and property screening costs incurred by air carriers in 2000. We estimate at a 95 percent confidence level that the amount of passenger and property screening costs incurred by air carriers in 2000 for the 3 major cost components were between $425 million and $471 million, with a midpoint estimate of $448 million. The difference between our midpoint estimate and what the air carriers reported on the Appendix A and subsequently paid to TSA is $129 million. Determining exact cost amounts was not feasible and assumptions were required for several reasons including the following: (1) 5 years have passed since the costs were incurred, (2) the air carriers' accounting systems were not designed to capture specific passenger and property screening costs, and (3) certain cost categories required the application of assumptions to identify, categorize, or allocate cost. We focused on estimating for 2000 the three primary screening cost components. Costs associated with the use of private screening contractors (or airline employees if they performed the screening function directly)--these were the most significant costs to the air carriers in 2000. Air carriers typically contracted with private screening companies to perform screening on their behalf, and the rates charged combined costs such as background checks, training, and uniforms. We estimated that air carriers incurred $334 million for this cost component, compared to $293 million reported by air carriers on the Appendix A. Airport costs related to passenger and property screening--the two major screening-related cost categories that airports charged air carriers, were costs for law enforcement officers and real estate costs for security checkpoints. Based on information obtained from a sample of airports, we estimated that air carriers incurred $80 million for this cost component, compared to $5 million reported on the Appendix A. Air carriers' internal costs--these include, among other things, installation, operation, maintenance, and testing of screening equipment; ground security coordinators; security program management and contract administration; and legal and accounting support. Based on an analysis of the Appendix A and on information obtained through interviews, we estimated that the air carriers incurred $34 million in screening costs, compared to $21 million reported in the Appendix A. Mon, 18 Apr 2005 00:00:00 -0400 Aviation Security: Secure Flight Development and Testing Under Way, but Risks Should Be Managed as System Is Further Developed, March 28, 2005 http://www.gao.gov/new.items/d05356.pdf Among its efforts to strengthen aviation security, the Transportation Security Administration (TSA) is developing a new passenger prescreening system--known as Secure Flight. As required by Congress, TSA is planning to assume, through Secure Flight, the prescreening function currently performed by the air carriers. This report assesses the (1) status of Secure Flight's development and implementation, (2) factors that could influence the effectiveness of Secure Flight, (3) processes used to oversee and manage the Secure Flight program, and (4) efforts taken to minimize the impacts on passengers and protect passenger rights. In conducting this assessment, we addressed the 10 specific areas of congressional interest related to Secure Flight outlined in Public Law 108-334. TSA is making progress in addressing each of the key areas of congressional interest related to the development and implementation of Secure Flight, including developing and testing the system. However, TSA has not yet completed these efforts or fully addressed these areas, due largely to the current stage of the system's development. For example, while TSA has drafted a concept of operations and system requirements, it has not finalized these key documents or completed test activities that will need to be accomplished before Secure Flight becomes operational. Until requirements are defined, operating policies are finalized, and testing is completed--scheduled for later in the system's development--we cannot determine whether Secure Flight will fully address these areas of interest. TSA also initiated a number of actions designed to improve the ability of Secure Flight to identify passengers who should undergo additional security scrutiny, in place of the prescreening currently conducted by air carriers. Specifically, TSA officials stated that recently completed initial testing identified improvements over the current prescreening system, and TSA plans to use intelligence analysts to increase the accuracy of data matches. However, the effectiveness of Secure Flight in identifying passengers who should undergo additional security scrutiny has not been fully determined. For example, TSA has not resolved how passenger data will be transmitted from air carriers to TSA to support Secure Flight operations. Further, the ability of Secure Flight to make accurate matches between passenger data and data contained in the terrorist screening database is dependent on the quality of the data used, which has not been determined. TSA has also strengthened the oversight and management of Secure Flight, and has established relationships with key program stakeholders. However, air carriers expressed concerns regarding the uncertainty of system requirements, and the impact these requirements may have on the airline industry in terms of system modifications and costs. Additionally, TSA has taken steps to minimize potential impacts on passengers and to protect passenger rights during Secure Flight testing. However, TSA has not yet clearly defined the privacy impacts of the operational system or all of the actions TSA plans to take to mitigate potential impacts. Mon, 28 Mar 2005 00:00:00 -0500 Aviation Security: Systematic Planning Needed to Optimize the Deployment of Checked Baggage Screening Systems, March 15, 2005 http://www.gao.gov/new.items/d05365.pdf Mandated to screen all checked baggage using explosive detection systems at airports by December 31, 2003, the Transportation Security Administration (TSA) deployed two types of screening equipment: explosives detection systems (EDS), which use computer-aided tomography X-rays to recognize the characteristics of explosives, and explosives trace detection (ETD) systems, which use chemical analysis to detect traces of explosive material vapors or residues. This report assesses (1) TSA's use of budgeted funds to install EDS and ETD systems and the impact of initially deploying these systems, (2) TSA and airport actions to install EDS machines in-line with baggage conveyor systems, and the federal resources made available for this purpose, and (3) actions taken by TSA to optimally deploy checked baggage screening systems. TSA has made substantial progress in installing EDS and ETD systems at the nation's more than 400 airports to provide the capability to screen all checked baggage using explosive detection systems, as mandated by Congress. However, in initially deploying EDS and ETD equipment, TSA placed stand-alone ETD and the minivan-sized EDS machines--mainly in airport lobbies--that were not integrated in-line with airport baggage conveyor systems. TSA officials stated that the agency's ability to initially install in-line systems was limited because of the high costs and the time required for airport modifications. These interim lobby solutions resulted in operational inefficiencies, including requiring a greater number of screeners, as compared with using EDS machines in-line with baggage conveyor systems. TSA and airport operators are taking actions to install in-line baggage screening systems to streamline airport and TSA operations, reduce screening costs, and enhance security. Eighty-six of the 130 airports we surveyed either have, are planning to have, or are considering installing full or partial in-line systems. However, resources have not been made available to fund these capital-intensive systems on a large-scale basis. Also, the overall costs of installing in-line baggage screening systems at each airport are unknown, the availability of future federal funding is uncertain, and perspectives differ regarding the appropriate role of the federal government, airport operators, and air carriers in funding these systems. Moreover, TSA has not conducted a systematic, prospective analysis to determine at which airports it could achieve long-term savings and enhance efficiencies and security by installing in-line systems or, where in-line systems may not be economically justified, by making greater use of stand-alone EDS systems rather than relying on the labor-intensive and less efficient ETD screening process. However, at nine airports where TSA has agreed to help fund the installation of in-line baggage screening systems, TSA conducted a retrospective cost-benefit analysis which showed that these in-line systems could yield significant savings for the federal government. TSA further estimated that it could recover its initial investment in the in-line systems at these airports in a little over 1 year. Tue, 15 Mar 2005 00:00:00 -0500 Aviation Security: Measures for Testing the Impact of Using Commercial Data for the Secure Flight Program, February 23, 2005 http://www.gao.gov/new.items/d05324.pdf The Transportation Security Administration (TSA) is developing a new passenger prescreening program, known as Secure Flight. Under the Secure Flight program, TSA plans to take over, from commercial airlines, the responsibility for comparing identifying information of domestic airline passengers against information on known or suspected terrorists. TSA is also considering using commercial data as part of Secure Flight if the data are shown, through testing, to improve the results of these comparisons. In the 2005 Homeland Security Appropriations Act, Congress mandated that, prior to testing the use of commercial data for Secure Flight, TSA develop measures to assess the impacts of using commercial data on aviation security, and that GAO review the measures. In response to that mandate, we reviewed TSA's measures for commercial data testing and briefed congressional staff on January 11, 2005, on our findings. This report documents the results of our review, which we presented in that briefing. GAO found that TSA developed a concept test to determine the utility of using commercial data for Secure Flight as a first step in determining its impact on aviation security. The results of this test are intended to provide TSA the basis for refining performance measures identifying impacts on aviation security prior to subsequent testing, should DHS and TSA decide to pursue the use of commercial data. TSA also developed initial measures for commercial data concept testing that are intended to provide information related to impacts on aviation security, including improvements in false positive and false negative rates. Next, TSA, in coordination with the contractor, plans to refine these measures during concept testing--to include the establishment of performance targets--and prior to operationally testing the system, should DHS and TSA decide to pursue the use of commercial data. TSA measures developed to date for commercial data testing do not, and were not designed to, provide information on overall Secure Flight system operations (i.e., system response time, connectivity with air carriers, security, and privacy) or identify impacts of using commercial data on aviation security in an operational environment. Accordingly, the measures do not generally reflect attributes of successful performance measures for this purpose. Additional work reviewing TSA's refined measures, should DHS and TSA decide to pursue the use of commercial data for Secure Flight, would be needed to determine if the measures are designed to identify relevant impacts on aviation security, and reflect attributes of successful performance measures for that purpose. Wed, 23 Feb 2005 00:00:00 -0500 Transportation Security: Systematic Planning Needed to Optimize Resources, February 15, 2005 http://www.gao.gov/new.items/d05357t.pdf Critical transportation systems crisscross the nation and extend beyond our borders to move millions of passengers and tons of freight each day, making them both attractive targets to terrorists and difficult to secure. Securing these systems is further complicated by the need to balance security with the expeditious flow of people and goods through these systems. The Transportation Security Administration (TSA) faces the daunting challenge of determining how to allocate its finite resources to manage risks while addressing threats and enhancing security across all transportation modes. To assist the Congress and TSA in focusing resources on the areas of greatest need, we were asked to describe Department of Homeland Security (DHS) and TSA efforts in managing risks and allocating resources across aviation and surface transportation modes, and in integrating screening, credentialing, and research and development (R&D) efforts to achieve efficiencies. TSA has undertaken numerous initiatives to strengthen transportation security, particularly in aviation, and its efforts should be commended. For example, since September 11, 2001, TSA has installed explosive detection systems at most of the nation's commercial airports to provide the capability to screen all checked baggage for explosives; expanded screener training and developed performance measures and indicators for the screening systems; and evaluated the security of airport perimeters and access controls and provided funding for security equipment. While these efforts are commendable, we found that TSA has not consistently implemented a risk management approach or conducted the systematic analysis needed to inform its decision-making processes and to prioritize security improvements. Our work has shown that a risk management approach can help inform decision makers in allocating finite resources to the areas of greatest need. For example, we found that since initially deploying equipment to screen checked baggage for explosive at airports in response to congressional mandates, TSA has not conducted the systematic planning needed to optimize the deployment and integration of this equipment. Limited analysis of nine airports showed that the integration of this equipment in-line with airport baggage conveyor systems--rather than continuing to maintain the equipment in a stand-alone mode--could result in significant savings for the federal government. We also found that TSA's efforts to implement a comprehensive risk management approach for its air cargo and rail security programs are ongoing. The President's fiscal year 2006 budget request proposes two key DHS organizational changes designed to leverage resources and increase the efficiency and effectiveness of various screening, credentialing, and R&D programs. While we applaud DHS's efforts, it will be important for DHS to address several program challenges as the integration moves forward because restructuring alone will not resolve all existing challenges or ensure the successful integration and achievement of DHS's goals. These challenges including developing regulations identifying eligibility requirements for the Transportation Workers Identification Credential, establishing goals with measurable objectives in research and development strategic plans, and using risk assessments to select and prioritize research and development efforts. Tue, 15 Feb 2005 00:00:00 -0500 Aviation Security: Preliminary Observations on TSA's Progress to Allow Airports to Use Private Passenger and Baggage Screening Services, November 19, 2004 http://www.gao.gov/new.items/d05126.pdf Beginning on November 19, 2004, the Transportation Security Administration (TSA) is required by law to begin allowing commercial airports to apply to use private contractors to screen passengers and checked baggage. A federal workforce has performed this work since November 2002, in response to a congressional mandate that the federal government take over screening services after the terrorist attacks of September 11, 2001. A 2-year pilot program at five airports testing the effectiveness of private sector screening in a post-September 11 environment concluded on November 18, 2004. This report contains GAO's preliminary observations related to TSA's progress in developing a private-sector screening program that allows airports to apply to opt out of using federal screeners. GAO assessed: (1) the status of TSA's efforts to develop policies and procedures for the opt-out program, including operational plans and guidelines for selecting airports and contractors that may participate; (2) guidance about the opt-out program that TSA has provided to airport operators and other stakeholders, or plans to develop, and how the information is communicated; and (3) TSA's efforts to develop performance measures for evaluating the opt-out program and contractor performance. As of November 2004, TSA has completed or is developing key policies and procedures for the opt-out program. Specifically, TSA has completed and released guidelines for determining how and when private screening contractors will be evaluated and selected to participate in the opt-out program. TSA also has released supplemental information for evaluating potential contractors, such as their financial capabilities. TSA also has prepared a draft technical statement of work for the private screening contractors operating at five pilot program airports, which is to serve as a basis for contractors seeking to serve other airports. In addition, TSA has developed, or is currently developing, internal guidance for managing the opt-out program, such as a transition plan for helping airports to move from federal to private screeners. TSA expects to complete the remaining policies and procedures by mid-2005. TSA is taking steps to communicate with stakeholders about the opt-out program by developing informational guidance and soliciting information and suggestions from them. For instance, since releasing initial summary guidance about the program in June 2004, TSA has posted an opt-out program application for airport operators that asks, among other things, the primary reason for wanting to participate in the opt-out program and the preferred timeline for transitioning to private screening operations. TSA also has posted lists of frequently asked questions and answers on its Web site, in response to questions from stakeholders about the airport application and contracting process. However, some airport operators, private screening contractors, and aviation industry representatives told GAO that they need additional information about how much leeway airports and contractors would have to manage the program, liability protection, and costs related to participating in the opt-out program. TSA is developing performance measures both to assess the screening performance of airports that will participate in the opt-out program and individual contractors performing the screening services, but specific performance measures have not been finalized. TSA said measures for the opt-out program will be based on measures already developed by an independent consulting firm for the five airports participating in the opt-out pilot program. These measures include how well screeners detect test threat objects, such as guns and knives, during screening operations. TSA is also developing performance measures to evaluate how well private screening contractors comply with the terms of their contracts, which will become part of a quality assurance plan. TSA expects to implement contractor-related performance measures in mid-2005, as contracts are being awarded. A draft of this report was provided to TSA. TSA officials generally agreed with our findings and provided technical comments that have been incorporated as appropriate. Fri, 19 Nov 2004 00:00:00 -0500 General Aviation Security: Increased Federal Oversight Is Needed, but Continued Partnership with the Private Sector Is Critical to Long-Term Success, November 10, 2004 http://www.gao.gov/new.items/d05144.pdf Federal intelligence agencies have reported that in the past, terrorists have considered using general aviation aircraft (all aviation other than commercial and military) for terrorist acts, and that the September 11th terrorists learned to fly at general aviation flight schools. The questions GAO answered regarding the status of general aviation security included (1) What actions has the federal government taken to identify and assess threats to, and vulnerabilities of, general aviation; and communicate that information to stakeholders? (2) What steps has the federal government taken to strengthen general aviation security, and what, if any, challenges does the government face; and (3) What steps have non-federal stakeholders taken to enhance the security of general aviation? The federal and state governments and general aviation industry all play a role in securing general aviation operations. While the federal government provides guidance, enforces regulatory requirements, and provides some funding, the bulk of the responsibility for assessing and enhancing security falls on airport operators. Although TSA has issued a limited threat assessment of general aviation, and the FBI identified that terrorists have considered using general aviation to conduct attacks, a systematic assessment of threats has not been conducted. In addition, to assess airport vulnerabilities, TSA plans to issue a self-assessment tool for airport operators' use, but it does not plan to conduct on-site vulnerability assessments at all general aviation airports due to the cost and vastness of the general aviation network. Instead, TSA intends to use a systematic and analytical risk management process, which is considered a best practice, to assess the threats and vulnerabilities of general aviation. However, TSA has not yet developed an implementation plan for its risk management efforts. TSA and the Federal Aviation Administration (FAA) have taken steps to address security risks to general aviation through regulation and guidance, but still face challenges in their efforts to further enhance security. For example, TSA has promulgated regulations requiring background checks of foreign candidates for U.S. flight training schools and has issued security guidelines for general aviation airports. However, we found limitations in the process used to conduct compliance inspections of flight training programs. In addition, FAA, in coordination with TSA and other federal agencies, has implemented airspace restrictions over certain landmarks and special events. However, FAA has not established written policies or procedures for reviewing and revalidating the need for flight restrictions that limit access to airspace for indefinite periods of time and could negatively affect the general aviation industry. Non-federal general aviation stakeholders have partnered with the federal government and have individually taken steps to enhance general aviation security. For example, industry associations developed best practices and recommendations for securing general aviation, and have partnered with TSA to develop security initiatives such as the Airport Watch Program, similar to a neighborhood watch program. Some state governments have also provided funding for enhancing security at general aviation airports, and many airport operators GAO surveyed took steps to enhance security such as installing fencing and increasing police patrols. Wed, 10 Nov 2004 00:00:00 -0500 Aviation Security: Further Steps Needed to Strengthen the Security of Commercial Airport Perimeters and Access Controls, June 4, 2004 http://www.gao.gov/new.items/d04728.pdf In the 2 years since passage of the Aviation and Transportation Security Act (ATSA), the Transportation Security Administration (TSA) has primarily focused its efforts on improving aviation security through enhanced passenger and baggage screening. The act also contained provisions directing TSA to take actions to improve the security of airport perimeters, access controls, and airport workers. GAO was asked to assess TSA's efforts to: (1) evaluate the security of airport perimeters and the controls that limit access into secured airport areas, (2) help airports implement and enhance perimeter security and access controls by providing them funding and technical guidance, and (3) implement measures to reduce the potential security risks posed by airport workers. TSA has begun evaluating the security of airport perimeters and the controls that limit access into secured airport areas. Specifically, TSA is conducting compliance inspections and vulnerability assessments at selected airports. These evaluations--though not complete--have identified perimeter and access control security concerns. While TSA officials acknowledged that conducting these airport security evaluations is essential to identifying additional perimeter and access control security measures and prioritizing their implementation, the agency has not determined how the results will be used to make improvements to the entire commercial airport system. TSA has helped some airport operators enhance perimeter and access control security by providing funds for security equipment, such as electronic surveillance systems. TSA has also begun efforts to evaluate the effectiveness of security-related technologies, such as biometric identification systems. However, TSA has not begun to gather data on airport operators' historical funding of security projects and current needs to aid the agency in setting funding priorities. Nor has TSA developed a plan for implementing new technologies or balancing the costs and effectiveness of these technologies with the security needs of individual airport operators and the commercial airport system as a whole. TSA has taken some steps to reduce the potential security risks posed by airport workers. However, TSA had elected not to fully address all related ATSA requirements. In particular, TSA does not require fingerprint-based criminal history checks and security awareness training for all airport workers, as called for in ATSA. Further, TSA has not required airport vendors to develop security programs, another ATSA requirement. TSA said expanding these efforts would require a time-consuming rulemaking process and impose additional costs on airport operators. Finally, although not required by ATSA, TSA has not developed a plan detailing when and how it intends to address these challenges. Fri, 04 Jun 2004 00:00:00 -0400 Transportation Security Administration: High-Level Attention Needed to Strengthen Acquisition Function, May 28, 2004 http://www.gao.gov/new.items/d04544.pdf The Transportation Security Administration (TSA), within the Department of Homeland Security, was established to secure the nation's transportation systems, beginning with commercial airports. To meet its mission, TSA has awarded over $8.5 billion in contracts since its creation in 2001. Spending on contracts accounted for 48 percent of TSA's fiscal year 2003 budget. Because of TSA's reliance on contracts to carry out its mission, its acquisition infrastructure-- including oversight, policies and processes, acquisition workforce, and information about its acquisitions--is critical. GAO was asked to review TSA's acquisition infrastructure to assess how well TSA is positioned to carry out its acquisition function. Since its inception, TSA has been focused on meeting an urgent mandate to deploy more than 55,000 airport passenger and baggage screening personnel and equipment to secure the nation's airways. To do so, it created basic organizational and acquisition infrastructures. However, our review of TSA's acquisition function and inspector general reports identified a number of challenges in each of the four areas we assessed. Organizational alignment and leadership: TSA's Office of Acquisition is at an organizational level too low to oversee the acquisition process, coordinate acquisition activities, and enforce acquisition policies effectively. The position of the office hinders its ability to help ensure that TSA follows acquisition processes that enable the agency to get the best value on goods and services. Policies and processes: TSA's acquisition policies and processes emphasize personal accountability, good judgment, justifiable business decisions, and integrated acquisition teams. However, effective implementation of TSA's policies and processes has been hindered by several factors. For example, TSA has not effectively communicated its acquisition policies throughout the agency. TSA also lacks internal controls to identify and address implementation issues and performance measures to determine whether acquisition policies are achieving desired results. Human capital: TSA risks an imbalance in the size and capabilities of its acquisition workforce that could diminish the performance of the acquisition function throughout the agency. TSA's Office of Acquisition worked closely with the Department of Homeland Security to develop and begin implementing an acquisition workforce plan. However, TSA's Human Resource Office, which is responsible for recruiting and hiring the acquisition workforce agencywide, did not participate in developing the acquisition workforce plan. Without input from the Human Resources Office, it is not clear that the workforce plan can be effectively implemented throughout the agency. In addition, the Office of Acquisition reports that it is having difficulty attracting, developing, and retaining a workforce with the acquisition knowledge and skills required to accomplish TSA's mission. Knowledge and information management: while TSA is participating in the Department of Homeland Security's efforts to develop requirements for an enterprisewide solution, TSA does not currently have the strategic information needed to support effective acquisition management decisions. To manage on a day-to-day basis, program and acquisition managers are relying on data derived from informal, ad-hoc systems. TSA is in the process of adopting the Coast Guard's procurement and financial systems as interim solutions until the Department of Homeland Security implements a departmentwide system. However, near-term improvement in acquisition outcomes will be difficult because TSA does not have the data needed to analyze and improve its acquisition processes. Fri, 28 May 2004 00:00:00 -0400 Aviation Security: Challenges in Using Biometric Technologies, May 19, 2004 http://www.gao.gov/new.items/d04785t.pdf One of the primary functions of any security system is the control of people moving into or out of protected areas, such as physical buildings, information systems, and our national border. Technologies called biometrics can automate the identification of people by one or more of their distinct physical or behavioral characteristics. The term biometrics covers a wide range of technologies that can be used to verify identity by measuring and analyzing human characteristics--relying on attributes of the individual instead of things the individual may have or know. Since the September 11, 2001, terrorist attacks, laws have been passed that require a more extensive use of biometric technologies in the federal government. In 2002, GAO conducted a technology assessment on the use of biometrics for border security. GAO was asked to testify about the issues that it raised in the report, the current state of the technology, and the application of biometrics to aviation security. Biometric technologies are available today that can be used for aviation security. Biometric technologies vary in complexity, capabilities, and performance, and can be used to verify or establish a person's identity. Leading biometric technologies include facial recognition, fingerprint recognition, hand geometry, and iris recognition. The Federal Aviation Administration (FAA), and subsequently, the Department of Homeland Security (DHS) and the Transportation Security Administration (TSA), has been examining the use of biometrics for aviation security for several years. TSA has three current pilot projects that will study the use of biometrics to enhance aviation security: the Transportation Worker Identification Credential (TWIC), registered traveler, and an access control pilot program designed to secure sensitive areas of an airport. It is important to bear in mind that effective security cannot be achieved by relying on technology alone. Technology and people must work together as part of an overall security process. Weaknesses in any of these areas diminish the effectiveness of the security process. The security process needs to account for limitations in biometric technology. For example, some people cannot enroll in a biometrics system because they lack the appropriate body part. Similarly, errors sometimes occur during matching operations. Exception processing that is not as good as biometric-based primary processing could be exploited as a security hole. Further, non-technological processes for enrollment are critical to the success of a biometrics-based identity management system. Before a person is granted a biometric credential, the issuing authority needs to assure itself that the person is eligible to receive such a credential. We have found that three key considerations need to be addressed before a decision is made to design, develop, and implement biometrics into a security system: (1) decisions must be made on how the technology will be used; (2) a detailed cost-benefit analysis must be conducted to determine that the benefits gained from a system outweigh the costs; and (3) a trade-off analysis must be conducted between the increased security, which the use of biometrics would provide, and the effect on areas such as privacy and convenience. Security concerns need to be balanced with practical cost and operational considerations as well as political and economic interests. A risk management approach can help federal agencies identify and address security concerns. To develop security systems with biometrics, the high-level goals of these systems need to be defined, and the concept of operations that will embody the people, process, and technologies required to achieve these goals needs to be developed. With these answers, the proper role of biometric technologies in aviation security can be determined. Wed, 19 May 2004 00:00:00 -0400 Aviation Security: Private Screening Contractors Have Little Flexibility to Implement Innovative Approaches, April 22, 2004 http://www.gao.gov/new.items/d04505t.pdf The terrorist attacks of September 11, 2001, resulted in fundamental changes in the way the United States screens airport passengers and their property. One of the most significant changes was the shift from using private screeners to using federal screeners at all but five commercial airports in the United States. These five airports are part of a pilot program, where private screeners perform screening functions. The mission of the Private Screening Pilot Program, as defined by the Transportation Security Administration (TSA), is to test the effectiveness of increased operational flexibility at the airport level that contractors may provide. GAO was asked to describe (1) the challenges and limitations of the private screening pilot program, (2) the operational flexibilities TSA has provided to the private screening companies, and (3) the performance of private and federal screeners in detecting threat objects. This testimony is based on our prior and ongoing work on TSA airport passenger and baggage screeners. A key limitation of the private screening pilot program is that it was not established in a way to enable an effective evaluation of the differences in the performance of federal and private screening and the reasons for those differences. TSA provided the screening contractors with little opportunity to demonstrate innovations, achieve efficiencies, and implement initiatives that go beyond the minimum requirements of the Aviation and Transportation Security Act. TSA officials said they had not granted contract officials more flexibility because they wanted to ensure that procedures were standardized, well coordinated, and consistently implemented throughout all airports to achieve consistent security. However, TSA recently requested input from the private screening contractors about the additional flexibilities they would like to implement. Although TSA has provided private screening contractors with only limited operational flexibility, it has allowed them to implement some airport-specific practices. These practices include screening candidates before they are hired through the assessment centers, hiring baggage handlers in order to utilize baggage screeners more efficiently, and, during the initial hiring, selecting screener supervisors from within their screener workforce rather than relying on the decisions of TSA's hiring contractors. These practices have enabled the private screening contractors to achieve efficiencies that are not currently available at airports with federal screeners. Little performance data are currently available to compare the performance of private screeners and federal screeners in detecting threat objects. The primary source of available performance data is the results of the covert tests performed by TSA's Office of Internal Affairs and Program Review, in which TSA undercover agents attempt to pass threat objects through screening checkpoints. Although the test results cannot be generalized either to the airports where the tests have been conducted or to airports nationwide, they provide an indicator of screener performance in detecting threat objects and indicate that, in general, private and federal screeners performed similarly. Specifically, the testing identified weaknesses in the ability of both private and federal screeners to detect threat objects. TSA recognized the need to improve screener performance and has taken steps in this direction, including enhancing its training programs. Thu, 22 Apr 2004 00:00:00 -0400 Aviation Security: Improvement still Needed in Federal Aviation Security Efforts, March 30, 2004 http://www.gao.gov/new.items/d04592t.pdf The security of the nation's commercial aviation system has been a long-standing concern. Following the events of September 11, 2001, Congress enacted numerous aviation security improvements designed to strengthen aviation security, including the development of a passenger prescreening system and the federalization of airport screeners. Despite these changes, challenges continue to face the Department of Homeland Security (DHS) and the Transportation Security Administration (TSA) efforts to improve aviation security. GAO was asked to summarize the results of previous and ongoing aviation security work. These include: (1) the development of CAPPS II to assist in identifying high-risk passengers, (2) the management of passenger and baggage screening programs, (3) the operations of the Federal Air Marshal Service, and (4) other aviations security related efforts, such as cargo, that remain a concern. Numerous challenges continue to face TSA in its efforts to improve the nation's aviation security system. First, key activities in the development of CAPPS II have been delayed and TSA has not yet completed important system planning activities. TSA is behind schedule in testing and developing initial increments of CAPPS II due to delays in obtaining needed passenger data for testing from air carriers because of privacy concerns and has not established a complete plan identifying specific system functionality to be delivered, the schedule for delivery, and estimated costs. TSA also has not fully addressed seven of eight issues identified by Congress as key elements related to the development, operation, and public acceptance of CAPPS II. Additionally, three other major challenges--international cooperation, program mission expansion, and identity theft--need to be adequately addressed to ensure CAPPS II's successful implementation. Second, TSA continues to face challenges in hiring, deploying, and training its screener workforce. Staffing shortages and TSA's hiring process continue to hinder its ability to fully staff screening checkpoints without using additional measures, such as mandatory overtime. Further, TSA continues to have difficulty deploying and leveraging screening equipment and technologies because of competing priorities in a tight budget environment. Third, the rapid expansion of the Federal Air Marshal Service has encountered a number of operational and management problems. To accommodate the expansion, the Service revised and abbreviated its training curriculum. The Service developed an advanced training course for newly hired marshals to provide additional skills but funding cutbacks have delayed completion of this training for all air marshals. Most recently, budget constraints have not permitted the Service to reach its target staffing levels and are delaying efforts to develop its field location infrastructure and its automated system to schedule air marshal missions. Fourth, DHS and TSA face other challenges as they continue to address threats to the nation's aviation system. Significant challenges include developing measures to counter the growing concerns over portable surface-to-air missiles, improving airport perimeter and access controls, and addressing security concerns related to air cargo and general aviation. Tue, 30 Mar 2004 00:00:00 -0500 Aviation Security: Challenges Delay Implementation of Computer-Assisted Passenger Prescreening System, March 17, 2004 http://www.gao.gov/new.items/d04504t.pdf The security of U.S. commercial aviation is a long-standing concern, and substantial efforts have been undertaken to strengthen it. One such effort is the development of a new Computer-Assisted Passenger Prescreening System (CAPPS II) to identify passengers requiring additional security attention. The development of CAPPS II has raised a number of issues, including whether individuals may be inappropriately targeted for additional screening and whether data accessed by the system may compromise passengers' privacy. GAO was asked to summarize the results of its previous report that looked at (1) the development status and plans for CAPPS II; (2) the status of CAPPS II in addressing key developmental, operational, and public acceptance issues; and (3) additional challenges that could impede the successful implementation of the system. Key activities in the development of CAPPS II have been delayed, and the Transportation Security Administration (TSA) has not yet completed important system planning activities. TSA is currently behind schedule in testing and developing initial increments of CAPPS II, due in large part to delays in obtaining needed passenger data for testing from air carriers because of privacy concerns. TSA also has not established a complete plan identifying specific system functionality that will be delivered, the schedule for delivery, and estimated costs. The establishment of such plans is critical to maintaining project focus and achieving intended results within budget. Without such plans, TSA is at an increased risk of CAPPS II not providing the promised functionality, of its deployment being delayed, and of incurring increased costs throughout the system's development. TSA also has not completely addressed seven of the eight issues identified by the Congress as key areas of interest related to the development, operation, and public acceptance of CAPPS II. Although TSA is in various stages of progress on addressing each of these eight issues, as of January 1, 2004, only one--the establishment of an internal oversight board to review the development of CAPPS II--has been completely addressed. However, concerns exist regarding the timeliness of the board's future reviews. Other issues, including ensuring the accuracy of data used by CAPPS II, stress testing, preventing unauthorized access to the system, and resolving privacy concerns have not been completely addressed, due in part to the early stage of the system's development. GAO identified three additional challenges TSA faces that may impede the success of CAPPS II. These challenges are developing the international cooperation needed to obtain passenger data, managing the possible expansion of the program's mission beyond its original purpose, and ensuring that identity theft--in which an individual poses as and uses information of another individual--cannot be used to negate the security benefits of the system. GAO believes that these issues, if not resolved, pose major risks to the successful deployment and implementation of CAPPS II. Wed, 17 Mar 2004 00:00:00 -0500 Aviation Security: Factors Could Limit the Effectiveness of the Transportation Security Administration's Efforts to Secure Aerial Advertising Operations, March 5, 2004 http://www.gao.gov/new.items/d04499r.pdf After the terrorist attacks of September 11, 2001, the Federal Aviation Administration (FAA) issued flight restrictions to prevent flights over certain areas, to include stadiums, in response to increased concerns about the threat posed by terrorists using aircraft as a weapon. Beginning in December 2001, FAA's Air Traffic Division Director of Air Traffic Services, and later the Transportation Security Administration (TSA), implemented processes to allow certain pilots and aircraft to operate over these events by waiving flight restrictions. However, in February 2003, Congress passed legislation that for 1 year prevented aerial advertising pilots from flying near stadium airspace during certain sporting events by suspending the waiver process. In January 2004, Congress passed legislation continuing this restriction indefinitely. In the event that the restriction on waivers for aerial advertising near stadiums is repealed, the House Appropriations Committee, Subcommittee on Homeland Security, asked that we (1) describe the results of FAA and TSA threat assessments conducted relevant to aerial advertising operations and (2) identify FAA's and TSA's processes for mitigating the identified threat, determine whether established processes were followed, and identify factors that may limit their effectiveness. While TSA does not believe aerial advertising aircraft pose a significant threat, TSA's summary assessment of general aviation concluded that a variety of factors made general aviation vulnerable to terrorist attacks. TSA identified that these factors, as well as the ability of terrorist organizations such as al-Qaeda to adopt new and creative methods of attack, highlight the need for security of all operations using general aviation aircraft and airports, including aerial advertisers. To mitigate this threat, TSA plans to coordinate with an industry-led initiative to study security vulnerabilities associated with general aviation aircraft and also plans to issue a set of "best practices," or recommended guidelines to improve security at general aviation airports, as well as a self-assessment guide for general aviation airport managers to use. After assuming responsibility for processing waivers for aerial advertisers to fly over restricted stadium airspace from FAA, TSA began to strengthen and implement additional processes to enhance security, including strengthening background checks on aerial advertisers. Although we generally found documentation identifying that background checks were conducted, we identified certain factors that could limit the effectiveness of these checks. In addition, inconsistency in the manner in which information was collected to identify pilots and match them to the results of the checks conducted made it difficult to verify that the background checks were conducted as required. Further, FAA and TSA reported that they used additional processes to reduce the threat of aerial advertising operations. However, we found that these processes were not formalized in agency policies or procedures, and thereby, may not have been consistently applied. To address the factors we identified that could limit TSA's effectiveness to secure aerial advertising operations, we recommended that, in the event that waiver restrictions are repealed, the Administrator of TSA should determine whether more comprehensive background checks are warranted to further reduce the threat of aerial advertising operations; ensure that documents supporting waivers granted for temporary flight restrictions are systematically and fully maintained; and disseminate policies defining the process and procedures for issuing waivers, conducting background checks, and defining the circumstances under which TSA will take additional steps to ensure verification that pilots flying over restricted stadium airspace have been properly cleared. Fri, 05 Mar 2004 00:00:00 -0500 Aviation Security: Computer-Assisted Passenger Prescreening System Faces Significant Implementation Challenges, February 13, 2004 http://www.gao.gov/new.items/d04385.pdf The security of U.S. commercial aviation is a long-standing concern, and substantial efforts have been undertaken to strengthen it. One of these efforts is the development of a new Computer-Assisted Passenger Prescreening System (CAPPS II) to identify passengers requiring additional security attention. The development of CAPPS II has raised a number of issues, including whether individuals may be inappropriately targeted for additional screening, and whether data accessed by the system may compromise passengers' privacy. GAO was asked to determine (1) the development status and plans for CAPPS II; (2) the status of CAPPS II in addressing key developmental, operational, and public acceptance issues; and (3) other challenges that could impede the successful implementation of the system. Key activities in the development of CAPPS II have been delayed, and the Transportation Security Administration (TSA) has not yet completed important system planning activities. TSA is currently behind schedule in testing and developing initial increments of CAPPS II, due in large part to delays in obtaining needed passenger data for testing from air carriers because of privacy concerns. TSA also has not established a complete plan identifying specific system functionality that will be delivered, the schedule for delivery, and estimated costs. The establishment of such plans is critical to maintaining project focus and achieving intended results within budget. Without such plans, TSA is at an increased risk of CAPPS II not providing the promised functionality, of its deployment being delayed, and of incurring increased costs throughout the system's development. TSA also has not completely addressed seven of the eight issues identified by the Congress as key areas of interest related to the development, operation, and public acceptance of CAPPS II. Although TSA is in various stages of progress on addressing each of these eight issues, as of January 1, 2004, only one--the establishment of an internal oversight board to review the development of CAPPS II--has been fully addressed. However, concerns exist regarding the timeliness of the board's future reviews. Other issues, including ensuring the accuracy of data used by CAPPS II, stress testing, preventing unauthorized access to the system, and resolving privacy concerns have not been completely addressed, due in part to the early stage of the system's development. The following table is a summary of TSA's status in addressing the eight key issues. GAO identified three additional challenges TSA faces that may impede the success of CAPPS II. These challenges are developing the international cooperation needed to obtain passenger data, managing the possible expansion of the program's mission beyond its original purpose, and ensuring that identity theft--in which an individual poses as and uses information of another individual--cannot be used to negate the security benefits of the system. GAO believes that these issues, if not resolved, pose major risks to the successful deployment and implementation of CAPPS II. Fri, 13 Feb 2004 00:00:00 -0500 Aviation Security: Challenges Exist in Stabilizing and Enhancing Passenger and Baggage Screening Operations, February 12, 2004 http://www.gao.gov/new.items/d04440t.pdf Securing commercial aviation is a daunting task--with hundreds of airports and thousands of flights daily carrying millions of passengers and pieces of baggage. In an effort to strengthen the security of commercial aviation, the Transportation Security Administration (TSA) was created and charged with making numerous enhancements to aviation security, including federalizing passenger and baggage screening and screening checked baggage using explosive detection systems. To assess the progress of passenger and baggage screening operations, GAO was asked to describe TSA's efforts to (1) hire and deploy passenger and baggage screeners, (2) train the screening workforce, (3) measure screener performance in detecting threat objects, and (4) leverage and deploy screening equipment and technologies. TSA met its mandate to establish a federal screener workforce by November 2002, but continues to face challenges in hiring and deploying passenger and baggage screeners. Staffing shortages at some airports and TSA's hiring process have hindered TSA's ability to fully staff screening checkpoints without using additional measures, such as overtime. In addition, while TSA has taken steps to enhance its screener training programs, staffing shortages and lack of high-speed connectivity at airport training facilities have made it difficult for screeners at some airports to fully utilize these programs. TSA has also undertaken several initiatives to measure the performance of passenger screeners in detecting threat objects. These efforts include increasing covert testing at screening checkpoints and conducting annual recertifications of screeners. While TSA is making progress in measuring the performance of passenger screeners, it has collected limited performance data related to its baggage screening operations. However, TSA has begun collecting additional performance data related to its baggage screening operations, and plans to increase these efforts in the future. TSA also continues to face challenges in deploying and leveraging screening equipment and technologies. TSA deployed Explosive Detection Systems and Explosive Trace Detection equipment to all airports to screen checked baggage. However, TSA has been unable to fully utilize this equipment to screen 100 percent of checked baggage due to screener shortages, and equipment out of service for maintenance and/or repairs. When this equipment is not available, TSA continues to screen checked baggage using alternative means. TSA also has ongoing initiatives designed to increase the efficiency of screening checked baggage, including implementing in-line baggage screening systems and streamlining screening processes. TSA is also conducting research and development (R&D) activities to strengthen passenger and baggage screening. These efforts are designed to improve detection capability, performance, and efficiency for current technologies, and to develop next generation screening equipment. TSA faces a number of challenges with its R&D program, including balancing funding with competing priorities, and working with other components of the Department of Homeland Security to develop a strategy for merging their R&D programs. Thu, 12 Feb 2004 00:00:00 -0500 Posthearing Questions Related to Aviation and Port Security, December 12, 2003 http://www.gao.gov/new.items/d04315r.pdf This letter responds to a Congressional request that we provide answers to questions relating to our September 9, 2003, testimony on transportation security. The Department of Homeland Security's (DHS) plan does not explicitly address the adequacy of the current immigration, customs, and air marshal workforces to address concurrent high threats to border, ground, and aviation security. Rather, the plan provides for temporarily enhancing the air marshal workforce to respond to high threats to aviation. Specifically, according to Secretary Ridge, cross-training immigration and customs officers in air marshal tactics would give DHS greater flexibility to adjust its law enforcement resources according to varying threats and provide a surge capacity during periods of high threats to aviation. The immigration and customs officers would not be used as air marshals during every high-threat period; they would be used as such only when there was a high risk to aviation. New air marshals are currently being hired and provided basic training at the rate of about one class per month, a rate sufficient to offset attrition and maintain the current number of air marshals. According to the Federal Air Marshals Service, there is no surge in hiring or training forecasted because the goal for hiring air marshals set by the Secretary of Transportation after September 11, 2001, was met in July 2002, as planned. Effective maritime security requires the ability to put preventive systems, controls, and infrastructure in place. According to transportation security experts and state and local government and industry representatives we contacted, funding is the most pressing challenge to accomplishing this task. While some security improvements are inexpensive, most require substantial funding. Additionally, given the large number of assets to protect, the sum of even relatively less expensive investments can be cost prohibitive. According to Coast Guard estimates, the cost of implementing the new International Maritime Organization security code and the security provisions in the Maritime Transportation Security Act (MTSA) of 2002 will be approximately $1.5 billion for the first year and $7.4 billion over the succeeding decade. These costs are substantial sums, but it is not clear at this point how the costs will be paid. Fri, 12 Dec 2003 00:00:00 -0500 Aviation Security: Efforts to Measure Effectiveness and Strengthen Security Programs, November 20, 2003 http://www.gao.gov/new.items/d04285t.pdf Commercial aviation has been a long-standing target for terrorists. Since the tragic attacts of September 11, 2001, substantial changes have been made to enhance security--including the creation of the Transportation Security Administration (TSA) and the federalization of the passenger screener workforce. However, despite these changes, vulnerabilities in aviation security continue to exist. Accordingly, GAO was asked to describe TSA's efforts to (1) measure the effectiveness of its aviation security initiatives, (2) strengthen its passenger screening program, and (3) address additional challenges in further enhancing aviation security. TSA has implemented numerous initiatives designed to enhance aviation security, but has collected limited information on the effectiveness of these initiatives in protecting commercial aircraft. Our recent work on passenger screening found that little testing or other data exist that measure the performance of screeners in detecting threat objects. However, TSA is taking steps to collect additional data, including developing a 5-year performance plan detailing numerous performance measures, as well as fielding the Threat Image Projection system and increasing screener testing. In addition to collecting performance data, TSA could further strengthen passenger screening by fully deploying recurrent and supervisory training programs, determining the appropriate levels of screeners at the nation's airports, and improving oversight of the contract screener pilot program. Although TSA has developed and deployed basic and remedial training programs, it has not fully developed or deployed recurrent or supervisory training programs. In addition, TSA acknowledged that its initial staffing efforts created imbalances at the nation's airports, and that it has taken limited action to assess the performance of the pilot airports using private, versus federal, screeners. TSA is undertaking a number of actions to address these concerns, including strengthening its training program and awarding contracts to assess its staffing model and the performance of the contract pilot airports. TSA faces a number of other challenges as it continues to enhance aviation security. Significant challenges include implementing the Computer-Assisted Passenger Prescreening System (CAPPS II), as well as strengthening baggage screening, airport perimeter and access controls, and air cargo and general aviation security. In implementing CAPPS II, TSA must ensure it addresses concerns surrounding travelers' privacy rights, the accuracy of databases used by CAPPS II, and obtaining international cooperation needed for the system to be fully operational. Additional challenges include integrating explosive detection systems into airport's in-line baggage handling systems, identifying cost-effective perimeter security technologies, effectively targeting air cargo for screening, and improving security at general aviation airports. Further, TSA faces challenges in funding increased aviation security measures and ensuring that these costs are controlled. Thu, 20 Nov 2003 00:00:00 -0500 Aviation Security: Federal Air Marshal Service Is Addressing Challenges of Its Expanded Mission and Workforce, but Additional Actions Needed, November 19, 2003 http://www.gao.gov/new.items/d04242.pdf To help strengthen aviation security after the September 11, 2001, terrorist attacks, the Congress expanded the size and mission of the Federal Air Marshal Service (the Service) and located the Service within the newly created Transportation Security Administration (TSA). Between November 2001 and July 1, 2002, the Service grew from fewer than 50 air marshals to thousands, and its mission expanded to include the protection of domestic as well as international flights. In March 2003, the Service, with TSA, merged into the new Department of Homeland Security (DHS); and in November 2003, it was transferred from TSA and merged into DHS's Bureau of Immigration and Customs Enforcement (ICE). GAO looked at operational and management control issues that emerged during the rapid expansion of the Service, specifically addressing its (1) background check procedures and training; (2) management information, policies, and procedures; and (3) challenges likely to result from its mergers into DHS and ICE. To deploy its expanded workforce by July 1, 2002, a deadline set by the Deputy Secretary of Transportation, the Service used expedited procedures to obtain interim secret security clearances for air marshal candidates and provided abbreviated training for them. These procedures allowed candidates with interim clearances to work until they received their final top-secret clearances. Because of a governmentwide demand for clearances, nearly a quarter of the active air marshals had not received their top-secret clearances as of July 2003; but by October 2003, only about 3 percent were awaiting their top-secret clearances. To train its expanded workforce before the Deputy Secretary's deployment deadline, the Service incrementally revised and abbreviated its curriculum. The Service has begun to develop management information, policies, and procedures to support its expanded workforce and mission, but it has not yet completed this major effort. For example, it replaced a manual system for scheduling flight duty with an automated system, but it has not yet developed an automated means to monitor the effectiveness of its scheduling controls designed to prevent air marshals' fatigue. In addition, it has gathered and used information on potential security incidents and on air marshals' reasons for separation from the Service to improve its operations and workforce management. However, some of this information is not clear or detailed enough to facilitate follow-up. Finally, the Service has implemented policies needed to support its expansion. The Service is likely to face challenges in implementing changes resulting from its mergers into DHS and ICE, including changes to its roles, responsibilities, and training and to its procedures for coordinating with TSA's security organizations, as well as administrative changes. GAO's recent work on mergers and organizational transformations proposes several key practices--set implementation goals, establish a communication strategy, and involve employees to obtain their ideas--and associated implementation steps that could help the Service implement such changes. Wed, 19 Nov 2003 00:00:00 -0500 Aviation Security: Efforts to Measure Effectiveness and Address Challenges, November 5, 2003 http://www.gao.gov/new.items/d04232t.pdf It has been 2 years since the attacks of September 11,2001, exposed vulnerabilities in the nation's aviation system. Since then, billions of dollars have been spent on a wide range of initiatives designed to enhance the security of commercial aviation. However, vulnerabilities in aviation security continue to exist. As a result, questions have been raised regarding the effectiveness of established initiatives in protecting commercial aircraft from threat objects, and whether additional measures are needed to further enhance security. Accordingly, GAO was asked to describe the Transportation Security Administration's (TSA) efforts to (1) measure the effectiveness of its aviation security initiatives, particularly its passenger screening program; (2) implement a risk management approach to prioritize efforts and focus resources; and (3) address key challenges to further enhance aviation security. TSA has implemented numerous initiatives designed to enhance aviation security, but has collected limited information on the effectiveness of these initiatives in protecting commercial aircraft. Our recent work on passenger screening found that little testing or other data exist that measures the performance of screeners in detecting threat objects. However, TSA is taking steps to collect data on the effectiveness of its security initiatives, including developing a 5-year performance plan detailing numerous performance measures, as well as implementing several efforts to collect performance data on the effectiveness of passenger screening--such as fielding the Threat Image Projection System and increasing screener testing. TSA has developed a risk management approach to prioritize efforts, assess threats, and focus resources related to its aviation security initiatives as we previously recommended, but has not yet fully implemented this approach. A risk management approach is a systematic process to analyze threats, vulnerabilities, and the criticality (or relative importance) of assets to better support key decisions. TSA is developing and implementing both a criticality and a vulnerability assessment tool to provide a basis for risk-based decision-making. TSA is currently using some components of these tools and plans to fully implement its risk management approach by the summer 2004. TSA faces a number of programmatic and management challenges as it continues to enhance aviation security. These include the implementation of the new computer-assisted passenger prescreening system, as well as strengthening baggage screening, airport perimeter and access controls, air cargo, and general aviation security. TSA also must manage the costs associated with aviation security and address human capital challenges, such as sizing its workforce as efficiency is improved with security-enhancing technologies--including the integration of explosive detection systems into in-line baggage-handling systems. Further challenges in sizing its workforce may be encountered if airports are granted permission to opt out of using federal screeners. Wed, 05 Nov 2003 00:00:00 -0500 Airport Passenger Screening: Preliminary Observations on Progress Made and Challenges Remaining, September 24, 2003 http://www.gao.gov/new.items/d031173.pdf Passenger screening is critical to the security of our nation's aviation system, particularly in the aftermath of the September 11, 2001, terrorist attacks. The Transportation Security Administration (TSA) is tasked with securing all modes of transportation, including the screening of airline passengers. TSA has met numerous requirements in this regard, such as deploying more than 50,000 federal screeners at over 440 commercial airports nationwide. To determine whether TSA's passenger screening program is achieving its intended results, GAO is conducting an ongoing evaluation of TSA's efforts to (1) ensure that passenger screeners are effectively trained and supervised, (2) measure screener performance in detecting threat objects, and (3) implement and evaluate the contract screening pilot program. The Transportation Security Administration (TSA) was tasked with the tremendous challenge of building a large federal agency responsible for securing all modes of transportation, while simultaneously meeting ambitious deadlines to enhance the security of the nation's aviation system. Although TSA has made significant progress related to its passenger screening program, challenges remain. TSA recognized that ongoing training of screeners on a frequent basis, and effective supervisory training, is critical to maintaining and enhancing skills. However, TSA has not fully developed or deployed recurrent or supervisory training programs. Although TSA has not yet deployed these programs, it has taken steps in establishing recurrent and supervisory training, including developing six recurrent training modules that will soon be deployed to all airports, as well as working with the U.S. Department of Agriculture (USDA) Graduate School to tailor its off-the-shelf supervisory course to the specific training needs of TSA's screening supervisors. TSA currently collects little information regarding screener performance in detecting threat objects. The primary source of information collected on screener's ability to detect threat objects is covert testing conducted by TSA's Office of Internal Affairs and Program Review. However, TSA does not consider the results of these tests as a measure of screener performance, but rather a "snapshot" of a screener's ability to detect threat objects at a particular point in time. Additionally, TSA does not currently use the Threat Image Projection system, which places images of threat objects on x-ray screens during actual operations and records whether screeners identify the threat. However, TSA plans to fully activate the Threat Image Projection system with significantly more threat images than previously used, as well as implement an annual screener certification program in October 2003. TSA also recently completed a screener performance improvement study and is taking steps to address the deficiencies identified during the study. As required by the Aviation and Transportation Security Act, TSA implemented a pilot program using contract screeners in lieu of federal screeners at 5 commercial airports. However, TSA has not yet determined how to evaluate and measure the performance of the pilot program airports, or prepare for airports potentially applying to opt-out of using federal screeners, as allowed by the act, beginning in November 2004. Although TSA has not begun evaluating the performance of the pilot program airports, it plans to award a contract by October 1, 2003, to compare the performance of pilot screeners with federal screeners and determine the reasons for any differences. Numerous airport operators have contacted TSA to express an interest in obtaining more information to assist in their decision regarding opting-out of using federal screeners. Wed, 24 Sep 2003 00:00:00 -0400 Aviation Security: Progress Since September 11, 2001, and the Challenges Ahead, September 9, 2003 http://www.gao.gov/new.items/d031150t.pdf In the 2 years since the terrorist attacks of September 11, 2001, the security of our nation's civil aviation system has assumed renewed urgency, and efforts to strengthen aviation security have received a great deal of congressional attention. On November 19, 2001, the Congress enacted the Aviation and Transportation Security Act (ATSA), which created the Transportation Security Administration (TSA) within the Department of Transportation (DOT) and defined its primary responsibility as ensuring security in aviation as well as in other modes of transportation. The Homeland Security Act, passed on November 25, 2002, transferred TSA to the new Department of Homeland Security, which assumed overall responsibility for aviation security. GAO was asked to describe the progress that has been made since September 11 to strengthen aviation security, the potential vulnerabilities that remain, and the longer-term management and organizational challenges to sustaining enhanced aviation security. Since September 11, 2001, TSA has made considerable progress in meeting congressional mandates designed to increase aviation security. By the end of 2002, the agency had hired and deployed about 65,000 passenger and baggage screeners, federal air marshals, and others, and it was using explosives detection equipment to screen about 90 percent of all checked baggage. TSA is also initiating or developing efforts that focus on the use of technology and information to advance security. One effort under development, the next-generation Computer-Assisted Passenger Prescreening System (CAPPS II), would use national security and commercial databases to identify passengers who could pose risks for additional screening. Concerns about privacy rights will need to be addressed as this system moves toward implementation. Although TSA has focused on ensuring that bombs and other threat items are not carried onto planes by passengers or in their luggage, vulnerabilities remain in air cargo, general aviation, and airport perimeter security. Each year, an estimated 12.5 million tons of cargo are transported on all-cargo and passenger planes, yet very little air cargo is screened for explosives. We have previously recommended, and the industry has suggested, that TSA use a risk-management approach to set priorities as it works with the industry to determine the next steps in strengthening aviation security. TSA faces longer-term management and organizational challenges to sustaining enhanced aviation security that include (1) developing and implementing a comprehensive risk management approach, (2) paying for increased aviation security needs and controlling costs, (3) establishing effective coordination among the many entities involved in aviation security, (4) strategically managing its workforce, and (5) building a results-oriented culture within the new Department of Homeland Security. TSA has begun to respond to recommendations we have made addressing many of these challenges, and we have other studies in progress. Tue, 09 Sep 2003 00:00:00 -0400 Transportation Security: Federal Action Needed to Enhance Security Efforts, September 9, 2003 http://www.gao.gov/new.items/d031154t.pdf The economic well being of the United States is dependent on the expeditious flow of people and goods through the transportation system. The attacks on September 11, 2001, illustrate the threats to and vulnerabilities of the transportation system. Prior to September 11, the Department of Transportation (DOT) had primary responsibility for the security of the transportation system. In the wake of September 11, Congress created the Transportation Security Administration (TSA) within DOT and gave it primary responsibility for the security of all modes of transportation. TSA was recently transferred to the new Department of Homeland Security (DHS). GAO was asked to examine the challenges in securing the transportation system and the federal role and actions in transportation security. Securing the nation's transportation system is fraught with challenges. The transportation system crisscrosses the nation and extends beyond our borders to move millions of passengers and tons of freight each day. The extensiveness of the system as well as the sheer volume of passengers and freight moved makes it both an attractive target and difficult to secure. Addressing the security concerns of the transportation system is further complicated by the number of transportation stakeholders that are involved in security decisions, including government agencies at the federal, state, and local levels and thousands of private sector companies. Further exacerbating these challenges are the financial pressures confronting transportation stakeholders. For example, the sluggish economy has weakened the transportation industry's financial condition by decreasing ridership and revenues. The federal government has provided additional funding for transportation security since September 11, but demand has far outstripped the additional amounts made available. It will take the collective effort of all transportation stakeholders to meet existing and future transportation challenges. Since September 11, transportation stakeholders have acted to enhance security. At the federal level, TSA primarily focused on meeting aviation security deadlines during its first year of existence and DOT launched a variety of security initiatives to enhance the other modes of transportation. For example, the Federal Transit Administration provided grants for emergency drills and conducted security assessments at the largest transit agencies, among other things. TSA has recently focused more on the security of the maritime and land transportation modes and is planning to issue security standards for all modes of transportation. DOT is also continuing their security efforts. However, the roles and responsibilities of TSA and DOT in securing the transportation system have not been clearly defined, which creates the potential for overlap, duplication, and confusion as both entities move forward with their security efforts. Tue, 09 Sep 2003 00:00:00 -0400 Federal Law Enforcement: Selected Issues in Human Capital Management, July 23, 2003 http://www.gao.gov/new.items/d031034t.pdf Many federal agencies in the Washington, D.C., metropolitan area have their own police forces to ensure the security and safety of the persons and property within and surrounding federal buildings. In the executive branch, for example, the Secret Service has over 1,000 uniformed officers protecting the White House, the Treasury Building, and other facilities used by the Executive Office of the President. The Interior Department's Park Police consists of more than 400 officers protecting parks and monuments in the area. The Pentagon Force Protection Agency has recently increased its force to over 400 officers. Even the Health and Human Services Department maintains a small police force on the campus of the National Institutes of Health (NIH) in Bethesda, Maryland. In addition, there are federal uniformed police forces in both the Legislative and Judicial Branches of the federal government. We have continued to examine the transformation of 22 agencies with an estimated 160,000 civilian employees into the Department of Homeland Security. After the terrorist attacks of September 11, 2001, and the government's subsequent efforts to increase airline security, many of these local police forces began experiencing difficulties in recruiting and retaining officers. Police force officials raised concerns that the newly created Transportation Security Administration (TSA) and its Federal Air Marshal Program were luring many prospective and experienced officers by offering better starting pay and law enforcement retirement benefits. Former Congresswoman Morella asked us to look into these concerns. Most forces reported experiencing recruitment difficulties. Officials at 8 of the 13 forces told us they experienced moderate to very great recruiting difficulties. Despite this, none of the 13 forces used available human capital flexibilities, such as recruitment bonuses or student loan repayments in fiscal year 2002, to try to improve their recuiting efforts. In fiscal year 2002, many of the local forces experienced sizable increases in turnover, mostly due to voluntary separations. About half of the officers who left voluntarily went to the TSA. Some of the forces provided retention allowances and incentive awards to try to retain more of their officers. Entry-level pay at the 13 agencies during fiscal year 2002 ranged from $28,801 to $39,427, a gap that narrowed for some of the forces in fiscal year 2003 because officers at 12 of the 13 agencies received increased entry-level pay. However, information we have gathered since we issued our report indicates that turnover in most of the police forces has dropped significantly during fiscal year 2003. The increase in turnover that occurred at 12 of the 13 police forces during fiscal year 2002 appears to be associated with the concurrent staffing of the TSA Federal Air Marshal Program. TSA's hiring of air marshals during fiscal year 2003 has been pared back. Wed, 23 Jul 2003 00:00:00 -0400 Transportation Security: Federal Action Needed to Help Address Security Challenges, June 30, 2003 http://www.gao.gov/new.items/d03843.pdf The economic well being of the U.S. is dependent on the expeditious flow of people and goods through the transportation system. The attacks on September 11, 2001, illustrate the threats and vulnerabilities of the transportation system. Prior to September 11, the Department of Transportation (DOT) had primary responsibility for the security of the transportation system. In the wake of September 11, Congress created the Transportation Security Administration (TSA) within DOT and gave it primary responsibility for the security of all modes of transportation. TSA was recently transferred to the new Department of Homeland Security (DHS). GAO was asked to examine the challenges in securing the transportation system and the federal role and actions in transportation security. Securing the nation's transportation system is fraught with challenges. The transportation system crisscrosses the nation and extends beyond our borders to move millions of passengers and tons of freight each day. The extensiveness of the system as well as the sheer volume of passengers and freight moved makes it both an attractive target and difficult to secure. Addressing the security concerns of the transportation system is further complicated by the number of transportation stakeholders that are involved in security decisions, including government agencies at the federal, state, and local levels, and thousands of private sector companies. Further exacerbating these challenges are the financial pressures confronting transportation stakeholders. For example, the sluggish economy has weakened the transportation industry's financial condition by decreasing ridership and revenues. The federal government has provided additional funding for transportation security since September 11, but demand has far outstripped the additional amounts made available. It will take a collective effort of all transportation stakeholders to meet existing and future transportation challenges. Since September 11, transportation stakeholders have acted to enhance security. At the federal level, TSA primarily focused on meeting aviation security deadlines during its first year of existence and DOT launched a variety of security initiatives to enhance the other modes of transportation. For example, the Federal Transit Administration provided grants for emergency drills and conducted security assessments at the largest transit agencies, among other things. TSA has recently focused more on the security of the maritime and land transportation modes and is planning to issue security standards for all modes of transportation starting this summer. DOT is also continuing their security efforts. However, the roles and responsibilities of TSA and DOT in securing the transportation system have not been clearly defined, which creates the potential for overlap, duplication, and confusion as both entities move forward with their security efforts. Mon, 30 Jun 2003 00:00:00 -0400 Transportation Security Research: Coordination Needed in Selecting and Implementing Infrastructure Vulnerability Assessments, May 1, 2003 http://www.gao.gov/new.items/d03502.pdf The events of September 11, 2001, increased attention on efforts to assess the vulnerabilities of the nation's transportation infrastructure and develop needed improvements in security. The Department of Transportation's (DOT) Research and Special Programs Administration (RSPA) had already begun research in this area in June 2001. The goals of RSPA's Transportation Infrastructure Assurance program are to identify, and develop ways to mitigate the impact of, threats to the nation's transportation infrastructure. DOT's Office of Intelligence and Security is responsible for defining the requirements for transportation infrastructure protection, ensuring that vulnerability assessments of transportation infrastructure are conducted, and taking action to mitigate those vulnerabilities. The House Committee on Appropriations asked GAO to determine (1) the status and anticipated results of the Transportation Infrastructure Assurance (TIA) program, and (2) the extent to which RSPA and the Office of Intelligence and Security have coordinated their activities in selecting the vulnerabilities to be assessed and implementing the vulnerability assessments for the program. DOT and RSPA officials reviewed a draft of the report, agreed with its contents, and provided technical clarifications that we incorporated. The Transportation Infrastructure Assessment program is scheduled to end in December 2003 after the completion of four transportation vulnerability assessments. Congress appropriated $1 million in each of the fiscal years from 2001 through 2003 to RSPA for the program. RSPA plans to disseminate reports, conduct workshops, and post information on the Internet to inform decision-makers in the transportation community about the results. Prior to March 2003, RSPA did not fully coordinate their activities with the Office of Intelligence and Security in selecting the vulnerabilities to be assessed, or in implementing the assessments for the program. We discussed this problem with officials from both offices who agreed that closer coordination would be beneficial, particularly to discuss options for addressing the challenges facing program researchers in conducting the program's vulnerability assessments. In March 2003, officials from both offices began regular meetings to facilitate this coordination. Thu, 01 May 2003 00:00:00 -0400 Federal Aviation Administration: Reauthorization Provides Opportunities to Address Key Agency Challenges, April 10, 2003 http://www.gao.gov/new.items/d03653t.pdf Much has changed since the Wendell H. Ford Aviation Investment and Reform Act for the 21st Century (AIR-21) reauthorized the Federal Aviation Administration's (FAA) programs 3 years ago. At that time, air traffic was increasing, and concerns about congestion and flight delays were paramount. Since then, the downturn in the nation's economy, the terrorist attacks of September 11, 2001, and, most recently, the war in Iraq have taken a heavy toll on aviation. Analysts nonetheless expect the demand for air travel to rebound, and the nation's aviation system must be ready to accommodate the projected growth safely and securely. The current reauthorization of FAA's programs provides an opportunity for the Congress and the administration to focus on challenges in increasing aviation capacity, efficiency, and safety and in controlling aviation program costs. Increasing capacity and service in the national airspace system poses several challenges. While airports currently receive enough funding to cover FAA's estimate of their planned capital development costs, a declining surplus in the trust fund that helps to support development and the need to spend up to $5 billion over the next 5 years for security-related capital improvements make the financial outlook for the next 5 to 8 years uncertain. Runway development, the principal means of increasing capacity, is now taking 10 to 14 years to complete, in large part because of time-consuming environmental reviews and community concerns. Providing air service for small communities is also becoming more difficult as costs increase and passenger ticket revenues decline. Intermodal alternatives may hold promise. Efforts to improve the efficiency of the national airspace system by modernizing the air traffic control system face challenges despite actions taken by the Congress and the administration to eliminate the cost overruns, schedule delays, and performance shortfalls that have plagued FAA's modernization efforts. Overall, FAA is improving its management of the air traffic modernization program and has implemented some systems, but key projects continue to experience problems. To enhance aviation safety, FAA and the aviation industry have undertaken an initiative to reduce the fatal accident rate, and FAA is working to strengthen its safety inspections of airlines' operations. Interagency coordination of aviation safety and aviation security activities has emerged as a challenge with the transfer of aviation security responsibilities from FAA to the Transportation Security Administration. FAA faces challenges in implementing controls over its costs. Although it has partially implemented a new cost accounting system that enables it to track 70 percent of its air traffic services costs, this system lacks internal controls over $3.1 billion in labor costs, according to the Department of Transportation's Inspector General. Congressional oversight is important to ensure that FAA implements controls and spends its resources effectively. Thu, 10 Apr 2003 00:00:00 -0400 Transportation Security: Post-September 11th Initiatives and Long-Term Challenges, April 1, 2003 http://www.gao.gov/new.items/d03616t.pdf This testimony responds to the request of the National Commission on Terrorist Attacks Upon the United States for information on GAO's work in transportation security. It addresses (1) transportation security before September 2001; (2) what the federal government has done since September 11th to strengthen transportation security, particularly aviation, mass transit, and port security; and (3) what long-term institutional challenges face the federal agencies responsible for transportation security. The testimony is based on a body of work that GAO has performed over the years. Before September 2001, GAO's work in transportation security focused largely on aviation security, which was then the responsibility of the Federal Aviation Administration, within the Department of Transportation. This work often demonstrated the existence of significant, long-standing vulnerabilities in aviation security. Among these vulnerabilities were airport screeners' inadequate detection of threats when screening passengers and their carry-on bags prior to their boarding aircraft; the absence of any requirement to screen checked baggage on domestic flights; inadequate controls for limiting access to secure areas at airports; and inadequate security for air traffic control computer systems and facilities. Since September 2001, securing the nation's transportation systems from terrorist attacks has assumed great urgency. The Congress and the administration have reorganized the federal agencies responsible for transportation security, transferring them to the new Department of Homeland Security, and the agencies are attempting to enhance security without unduly inhibiting the movement of goods and people. The Transportation Security Administration, which was created in November 2001 and has assumed overall responsibility for transportation security, has made considerable progress in addressing aviation security challenges. By the end of December 2002, the agency had hired and deployed a workforce of over 60,000, including passenger and baggage screeners and federal air marshals, and was screening about 90 percent of all checked baggage for explosives. In addition, local mass transit agencies have assessed vulnerabilities, increased training for emergency preparedness, and conducted emergency drills. The Coast Guard has also performed initial risk assessments of ports, established new security guidelines, and initiated a comprehensive assessment of security conditions at 55 U.S. ports. The Customs Service and the Immigration and Naturalization Service have actions under way to strengthen port security. Nevertheless, air cargo shipments, general aviation airports, and mass transit systems remain vulnerable to attack, and an effective port security environment may be many years away. The Departments of Transportation and Homeland Security face long-term transportation security challenges that include (1) developing a comprehensive transportation risk management approach; (2) ensuring that transportation security funding needs are identified and prioritized and that costs are controlled; (3) establishing effective coordination among the many public and private entities responsible for transportation security; (4) ensuring adequate workforce competence and staffing levels; and (5) implementing security standards for transportation facilities, workers, and security equipment. We have issued reports and made recommendations that address many of these challenges, and in response some actions are under way. Tue, 01 Apr 2003 00:00:00 -0500 Airport Finance: Past Funding Levels May Not Be Sufficient to Cover Airports' Planned Capital Development, February 25, 2003 http://www.gao.gov/new.items/d03497t.pdf Since Congress enacted the Wendell H. Ford Aviation Investment and Reform Act for the 21 Century (AIR-21) 3 years ago, much has changed. At that time, the focus was on reducing congestion and flight delays. Today, flights are being canceled for lack of business, two major air carriers are in bankruptcy, and attention has shifted from increasing the capacity of the national airspace system to enhancing aviation security. Furthermore, as the federal budget deficit has increased, competition for federal resources has intensified, and the costs of airport capital development are growing, especially with the new requirements for security. Nonetheless, analysts expect the demand for air traffic services to rebound. Until that time, the unexpected slump in air traffic creates a window of opportunity to improve the safety and efficiency of the national airport system. Although there is general consensus among stakeholders that maintaining the integrity of the national airport system requires continual capital investment, estimates vary as to the type and cost of planned airport capital development required to ensure a safe and efficient system. For 2001 through 2005, the Federal Aviation Administration (FAA) has estimated annual planned capital development costs of about $9 billion, while the Airport Council International (ACI), a key organization representing the airport industry, has estimated annual costs of about $15 billion for 2002 through 2006. The estimates differ primarily because FAA's includes only projects that are eligible for federal funding, whereas ACI's includes projects that may or may not be eligible for federal funding. Neither FAA's nor ACI's estimate covers the airport terminal modifications needed to accommodate the new explosives detection systems required to screen checked baggage. According to ACI, the total cost of these modifications could be $3 billion to $5 billion over the next 5 years. From 1999 through 2001, airports received an average of about $12 billion a year for planned capital development. The primary source of this funding was bonds, which accounted for almost $7 billion, followed by federal grants and passenger facility charges, which accounted for $2.4 billion and $1.6 billion, respectively. The amounts and types of funding also varied by airport type. Of the $12 billion, large- and medium-hub airports received over $9 billion, and smaller airports received over $2 billion. If airports continue to receive about $12 billion a year for planned capital development, they would be able to fund all of the projects included in FAA's estimate, but they would not be able to fund about $3 billion in planned development estimated by ACI. While this projected shortfall could change with revisions in future funding, planned development, or both, it nevertheless indicates where funding differences may be the greatest. Options are available to increase or make better use of the funding for airport development, and these options would benefit different types of airports to varying degrees. For example, raising the current cap on passenger facility charges would primarily benefit larger airports, while increasing or redistributing Airport Improvement Program grant funds would be more likely to help smaller airports. Tue, 25 Feb 2003 00:00:00 -0500 Transportation Security Administration: Actions and Plans to Build a Results-Oriented Culture, January 17, 2003 http://www.gao.gov/new.items/d03190.pdf Never has a results-oriented focus been more critical than today, when the security of America's citizens depends on the outcomes of many federal programs. In response to the September 11 terrorist attacks, the Congress passed the Aviation and Transportation Security Act (ATSA) that created the Transportation Security Administration (TSA) and made it responsible for transportation security. ATSA requires TSA to implement specific practices that are intended to make it a results-oriented organization. In its first year, TSA has simultaneously started to build the infrastructure of a large organization as it focused primarily on meeting its aviation security deadlines. As TSA begins to take responsibility for security in the maritime and surface modes of transportation, its current and future challenge is to continue to build, sustain, and institutionalize the organizational capacity to help it achieve its current and future goals. In this regard, TSA has made an impressive start in implementing practices that can create a results-oriented culture. These practices--leadership commitment, strategic planning, performance management, collaboration and communication, and public reporting and customer service--are shown below. Such practices are especially important when TSA moves into the newly created Department of Homeland Security. Fri, 17 Jan 2003 00:00:00 -0500 Aviation Security: Vulnerabilities and Potential Improvements for the Air Cargo System, December 20, 2002 http://www.gao.gov/new.items/d03344.pdf U.S. air carriers transport billions of tons of cargo each year in both passenger planes and all-cargo planes. Typically, about one-half of the hull of each passenger aircraft is filled with cargo. As a result, any vulnerabilities in the air cargo security system potentially threaten the entire air transport system. GAO agreed to determine the security vulnerabilities that have been identified in the air cargo system, the status of key recommendations that have been made since 1990 to improve air cargo security, and ways in which air cargo security can be improved in the near-and long-term. Numerous government and industry studies have identified vulnerabilities in the air cargo system. These vulnerabilities occur in the security procedures of some air carriers and freight forwarders and in possible tampering with freight at various handoffs that occur from the point when cargo leaves a shipper to the point when it is loaded onto an aircraft. As a result, any weaknesses in this program could create security risks. FAA or the Transportation Security Administration (TSA), which now has responsibility for ensuring air cargo security, has implemented a number of key recommendations and mandates to improve air cargo security made since 1990 by numerous government organizations. For example, FAA and the air cargo industry developed security training guides for air carriers and ground personnel who handle air cargo. However, a few recommendations by those groups, such as conducting research and operational tests of technology to screen cargo for explosives, are ongoing and not yet completed by TSA, or have not been implemented. Federal reports, industry groups, and security experts have identified operational and technological measures that have the potential to improve air cargo security in the near-term. Examples of the measures include checking the identity of individuals making cargo deliveries and implementing a computerized cargo profiling system. In addition, long-term improvements, such as developing a comprehensive cargo-security plan, have been recommended by the above sources, but not implemented by TSA. Each potential improvement measure, however, needs to be weighed against other issues, such as costs and the effects on the flow of cargo. Without a comprehensive plan that incorporates a risk management approach and sets deadlines and performance targets, TSA and other federal decisionmakers cannot know whether resources are being deployed as effectively and efficiently as possible in implementing measures to reduce the risk and mitigate the consequences of a terrorist attack. Fri, 20 Dec 2002 00:00:00 -0500 Aviation Security: Registered Traveler Program Policy and Implementation Issues, November 22, 2002 http://www.gao.gov/new.items/d03253.pdf The aviation industry and business traveler groups have proposed the registered traveler concept as a way to reduce long waits in airport security lines caused by heightened security screening measures implemented after the September 11 terrorist attacks. In addition, aviation security experts have advocated this concept as a way to better target security resources to those travelers who might pose greater security risks. The Aviation and Transportation Security Act of November 2001 allows the Transportation Security Administration (TSA) to consider developing a registered traveler program as a way to address these two issues. GAO completed this review to inform Congress and TSA of policy and implementation issues related to the concept of a registered traveler program. Under a variety of approaches related to the concept of a registered traveler program proposed by industry stakeholders, individuals who voluntarily provide personal background information and who clear background checks would be enrolled as registered travelers. Because these individuals would have been pre-screened through the program enrollment process, they would be entitled to expedited security screening procedures at the airport. Through a detailed literature review and interviews with stakeholders, GAO found that a registered traveler program is intended to reduce the inconvenience many travelers have experienced since September 11 and improve the quality and efficiency of airport security screening. Although GAO found support for this program among many stakeholders, GAO also found concerns that such a program could create new aviation security vulnerabilities. GAO also identified a series of key policy and program implementation issues that affect the program, including (1) Criteria for program eligibility; (2) Level of background check required for participation; (3) Security-screening procedures for registered travelers; (4) Technology options, including the use of biometrics to verify participants; (5) Program scope, including the numbers of participants and airports; and (5) Program cost and financing options. Stakeholders offered many different options on how best to resolve these issues. Finally, GAO identified several best practices that Congress and TSA may wish to consider in designing and implementing a registered traveler program. GAO concluded that a registered traveler program is one possible approach for managing some of the security vulnerabilities in our nation's aviation systems. However, decisions concerning key issues are needed before developing and implementing such a program. TSA felt that GAO's report offered a good overview of the potential and the challenges of a registered traveler program. The agency affirmed that there are no easy answers to some of the issues that GAO raised and that these issues need more study. Fri, 22 Nov 2002 00:00:00 -0500 Airport Finance: Using Airport Grant Funds for Security Projects Has Affected Some Development Projects, October 15, 2002 http://www.gao.gov/new.items/d0327.pdf The events of September 11, 2001 created several new challenges for the aviation industry in ensuring the safety and security of the national airport system. Chief among them is deciding to what extent Airport Improvement Program (AIP) grant funds should be used to finance the new security requirements at the nation's airports. Although many in the aviation industry believe that funding security projects has become even more important in the aftermath of September 11, they also recognize the need to continue funding other airport development projects, such as those designed to enhance capacity in the national airport system. During fiscal year 2002, the Federal Aviation Association (FAA) awarded a total of $561 million, 17 percent of the $3.3 billion available for grants, in AIP grant funds to airports for security projects related to the events of September 11, 2001. This amount is the largest amount awarded to airports for security projects in a single year since the program began in 1982. Based on data provided by FAA, all of the security projects funded with AIP grants since the events of September 11, 2001, met the legislative and program eligibility requirements. The projects, which range from access control systems to terminal modifications, qualified for AIP funding either under eligibility requirements in effect before September 11, 2001, or under subsequent statutory and administrative changes. Although FAA Airport Planning and Programming officials stated that they were able to comply with statutory requirements, set-asides, and other program priorities, the $504 million increase in AIP grand funds for new security projects in fiscal year 2002 has affected the amount of funds available for some airport development projects in comparison with the distribution of AIP grand funds awarded in fiscal year 2001. FAA was able to fully fund these projects, in part, because of a record level of carryover apportionments, which totaled $355 million, and the $84 million in grant funds that were recovered from prior-year projects. However, there were reductions in AIP funding awarded to nonsecurity projects in fiscal year 2002, as compared with fiscal year 2001. Tue, 15 Oct 2002 00:00:00 -0400 Aviation Security: Transportation Security Administration Faces Immediate and Long-Term Challenges, July 25, 2002 http://www.gao.gov/new.items/d02971t.pdf Since September 11, the safety and security of the nation's civil aviation system have taken on greater urgency. GAO found that the newly created Transportation Security Administration (TSA) has assumed responsibility for aviation security and has focused on meeting congressionally mandated deadlines for strengthening aviation security. So far, TSA has developed plans and implemented procedures for using federal employees to conduct security screening at more than 400 commercial airports; hired and begun to train nearly 4,000 key security personnel; and undertaken more rigorous background checks of workers with access to secure areas at airports. TSA faces immediate challenges in assuming responsibility for security in other modes of transportation, improving the performance of screeners, and addressing aviation security issues not covered by the Aviation and Transportation Security Act's current-year deadlines. TSA also faces long-term organizational challenges, including strategically managing its workforce, controlling costs, and sharing threat information. Thu, 25 Jul 2002 00:00:00 -0400 Information Concerning the Arming of Commercial Pilots, June 28, 2002 http://www.gao.gov/new.items/d02822r.pdf Although pilots and other crew members are currently prohibited from carrying weapons on-board aircraft, the Aviation and Transportation Security Act raises the possibility of arming pilots in the future. In responses to a congressional request, GAO provided information on reasons for and against allowing pilots to carry firearms in the cockpit; questions to be addressed if pilots were armed; and possible alternatives to arming pilots, such as providing them with less than lethal weapons. Proponents' and opponents' views on firearms in the cockpit fall into four categories: the potential effectiveness, risk, and cost-effectiveness of pilots carrying weapons, and policy issues that would arise if pilots were allowed to carry weapons. GAO concluded that without additional research, the potential benefits, risks, and costs of using weapons on aircraft cannot be fully determined. Fri, 28 Jun 2002 00:00:00 -0400 Aviation Security: Vulnerabilities in, and Alternatives for, Preboard Screening Security Operations, September 25, 2001 http://www.gao.gov/new.items/d011171t.pdf A safe and secure civil aviation system is critical to the nation's overall security, physical infrastructure, and economy. Billions of dollars and countless programs and policies have gone into developing such a system. Although many of the specific factors contributing to the terrible events of September 11 are still unclear, it is apparent that our aviation security system is plagued by serious weaknesses that can have devastating consequences. Last year, as part of an undercover investigation, GAO special agents used fake law enforcement badges and credentials to gain access to secure areas at two airports. They were also issued tickets and boarding passes, and could have carried weapons, explosives, or other dangerous items onto the aircraft. GAO tests of airport screeners also found major shortcomings in their ability to detect dangerous items hidden on passengers or in carry-on luggage. These weaknesses have raised questions about the need for alternative approaches. In assessing alternatives, five outcomes should be considered: improving screener performance, establishing accountability, ensuring cooperation among stakeholders, moving people efficiently, and minimizing legal and liability issues. Tue, 25 Sep 2001 00:00:00 -0400 Aviation Security: Weaknesses in Airport Security and Options for Assigning Screening Responsibilities, September 21, 2001 http://www.gao.gov/new.items/d011165t.pdf A safe and secure civil aviation system is a critical component of the nation's overall security, physical infrastructure, and economic foundation. Billions of dollars and a myriad of programs and policies have been devoted to achieving such a system. Although it is not fully known at this time what actually occurred or what all the weaknesses in the nation's aviation security apparatus are that contributed to the horrendous terrorist acts of Semptember 11, 2001, it is clear that serious weaknesses exist in the nation's aviation security system and that their impact can be far more devastating than previously imagined. There are security concerns with (1) airport access controls, (2) passenger and carry-on baggage screening, and (3) alternatives to current screening practices, including practices in selected other countries. Controls for limiting access to secure areas, including aircraft, have not always worked as intended. In May of 2000, special agents used counterfeit law enforcement badges and credentials to gain access to secure areas at two airports, bypassing security checkpoints and walking unescorted to aircraft departure gates. In June 2000, testing of screeners showed that significant, long-standing weaknesses--measured by the screeners' abilities to detect threat objects located on passengers or contained in their carry-on luggage--continue to exist. More recent results show that as tests more closely approximate how a terrorist might attempt to penetrate a checkpoint--screeners' performance declines significantly. Weaknesses in screening and controlling access to secure are as have left questions concerning alternative approaches. In assessing alternatives, respondents identified five important criteria: improving screening performance, establishing accountability, ensuring cooperation among stakeholders, moving people efficiently, and minimizing legal and liability issues. Fri, 21 Sep 2001 00:00:00 -0400 Homeland Security: A Framework for Addressing the Nation's Efforts, September 21, 2001 http://www.gao.gov/new.items/d011158t.pdf The United States now faces increasingly diverse threats that put great destructive power into the hands of small states, groups, and individuals. These threats range from cyber attacks on critical infrastructure to terrorist incidents involving weapons of mass destruction or infectious diseases. Efforts to combat this threat will involve federal agencies as well as state and local governments, the private sector, and private citizens. GAO believes that the federal government must address three fundamental needs. First, the government needs clearly defined and effective leadership with a clear vision carry out and implement a homeland security strategy and the ability to marshal the necessary resources to get the job done. Second, a national homeland security strategy should be based on a comprehensive assessment of national threats and risks. Third, the many organizations that will be involved in homeland security must have clearly articulated roles, responsibilities, and accountability mechanisms. Any strategy for homeland security must reduce risk where possible, assess the nation's vulnerabilities, and identify the critical infrastructure most in need of protection. To be comprehensive, the strategy should include steps to use intelligence assets or other means to identify attackers and prevent attacks before they occur, harden potential targets to minimize the damage from an attack, and effectively manage the consequences of an incident. Fri, 21 Sep 2001 00:00:00 -0400 Aviation Security: Terrorist Acts Demonstrate Urgent Need to Improve Security at the Nation's Airports, September 20, 2001 http://www.gao.gov/new.items/d011162t.pdf A safe and secure civil aviation system is a critical component of the nation's overall security, physical infrastructure, and economic foundation. Billions of dollars and myriad programs and policies have been devoted to achieving such a system. Although it is not fully known at this time what actually occurred or what all the weaknesses in the nation's aviation security apparatus are that contributed to the horrendous events on September 11, 2001, it is clear that serious weaknesses exist in our aviation security system and that their impact can be far more devastating than previously imagined. As reported last year, GAO's review of the Federal Aviation Administration's (FAA) oversight of air traffic control (ATC) computer systems showed that FAA had not followed some critical aspects of its own security requirements. Specifically, FAA had not ensured that ATC buildings and facilities were secure, that the systems themselves were protected, and that the contractors who access these systems had undergone background checks. Controls for limiting access to secure areas, including aircraft, have not always worked as intended. GAO's special agents used fictitious law enforcement badges and credentials to gain access to secure areas, bypass security checkpoints at two airports, and walk unescorted to aircraft departure gates. Tests of screeners revealed significant weaknesses as measured in their ability to detect threat objects located on passengers or contained in their carry-on luggage. Screening operations in Belgium, Canada, France, the Netherlands, and the United Kingdom--countries whose systems GAO has examined--differ from this country's in some significant ways. Their screening operations require more extensive qualifications and training for screeners, include higher pay and better benefits, and often include different screening techniques, such as "pat-downs" of some passengers. Thu, 20 Sep 2001 00:00:00 -0400 Aviation Security: Terrorist Acts Illustrate Severe Weaknesses in Aviation Security, September 20, 2001 http://www.gao.gov/new.items/d011166t.pdf A safe and secure civil aviation system is critical to the nation's security, physical infrastructure, and economy. Billions of dollars and myriad programs and policies have been devoted to achieving such a system. Although it is not fully known at this time what actually occurred or what all the weaknesses in the nation's aviation security apparatus are that contributed to the horrendous events on September 11, 2001, it is clear that serious weaknesses exist in our aviation security system and that their impact can be far more devastating than previously imagined. As reported last year, GAO's review of the Federal Aviation Administration's (FAA) oversight of air traffic control (ATC) computer systems showed that FAA had not followed some critical aspects of its own security requirements. Specifically, FAA had not ensured that ATC buildings and facilities were secure, that the systems themselves were protected, and that the contractors who use these systems had undergone background checks. Controls for limiting access to secure areas, including aircraft, have not always worked as intended. GAO's special agents used fictitious law enforcement badges and credentials to gain access to secure areas, bypass security checkpoints at two airports, and walk unescorted to aircraft departure gates. Tests of screeners revealed significant weaknesses in their ability to detect threat objects on passengers or in their carry-on luggage. Screening operations in Belgium, Canada, France, the Netherlands, and the United Kingdom--countries whose systems GAO has examined--differ from this country's in some significant ways. Their screening operations require more extensive qualifications and training for screeners; include higher pay and better benefits; and often include different screening techniques, such as "pat-downs" of some passengers. Thu, 20 Sep 2001 00:00:00 -0400 Responses of Federal Agencies and Airports We Surveyed About Access Security Improvements, August 31, 2001 http://www.gao.gov/new.items/d011069r.pdf Earlier this year, in response to concerns about the use of stolen or counterfeit law enforcement badges or credentials to gain access to secure government buildings and airports, GAO conducted an undercover operation during which GAO special agents gained entry into many federal sites and two commercial airports in the Washington, D.C., area and in Orlando, Florida. GAO surveyed these federal facilities and airports, along with 23 other major federal agencies, about any security improvements that they may have taken as a result of GAO's investigation. All 43 agencies and airports queried responded to GAO's survey, and many said that they had either started or completed a security assessment of existing security policies and procedures. GAO has not verified whether the reported specific security enhancements have actually been implemented. Fri, 31 Aug 2001 00:00:00 -0400