This is the accessible text file for GAO report number GAO-13-469T 
entitled 'Homeland Security: DHS and TSA Continue to Face Challenges 
Developing and Acquiring Screening Technologies' which was released on 
May 8, 2013. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: GAO: 

Testimony: 

Before the Subcommittee on Transportation Security, Committee on 
Homeland Security, House of Representatives: 

For Release on Delivery: 
Expected at 1:30 p.m. EDT: 
Wednesday, May 8, 2013: 

Homeland Security: 

DHS and TSA Continue to Face Challenges Developing and Acquiring 
Screening Technologies: 

Statement of Stephen M. Lord, Director: Forensic Audits and 
Investigative Services: 

GAO-13-469T: 

GAO Highlights: 

Highlights of GAO-13-469T, a testimony before the Subcommittee on 
Transportation Security, Committee on Homeland Security, House of 
Representatives. 

Why GAO Did This Study: 

TSA acquisition programs represent billions of dollars in life cycle 
costs and support a range of aviation security programs, including 
technologies used to screen passengers and checked baggage. Within 
DHS, TSA is responsible for establishing requirements for testing and 
deploying transportation system technologies. Since 2010, GAO has 
reported that DHS and TSA faced challenges in managing acquisition 
efforts, including deploying technologies that did not meet 
requirements and were not appropriately tested and evaluated. As 
requested, this testimony discusses (1) the extent to which TSA 
addressed challenges relating to developing and meeting program 
requirements, testing new screening technologies, and delivering 
capabilities within cost and schedule estimates for selected programs, 
and (2) DHS efforts to strengthen oversight of component acquisition 
processes. This testimony is based on GAO products issued from January 
2010 through January 2013, including selected updates conducted in 
March 2013 on TSA’s efforts to implement GAO’s prior recommendations 
and preliminary observations from ongoing work. To conduct the updates 
and ongoing work, GAO analyzed documents, such as the AIT road map, 
and interviewed TSA officials. 

What GAO Found: 

The Transportation Security Administration (TSA) has taken and is 
taking steps to address challenges related to developing, testing, and 
delivering screening technologies for selected aviation security 
programs, but challenges remain. For example, in January 2012, GAO 
reported that TSA faced challenges developing and meeting key 
performance requirements for the acquisition of advanced imaging 
technology (AIT)—-i.e., full-body scanners. Specifically, GAO found 
that TSA did not fully follow Department of Homeland Security (DHS) 
acquisition policies when acquiring AIT, which resulted in DHS 
approving nationwide AIT deployment without full knowledge of TSA’s 
revised specifications. DHS required TSA to notify DHS’s Acquisition 
Review Board (ARB) if AIT could not meet any of TSA’s five key 
performance parameters or if TSA changed a key performance parameter 
during testing. However, GAO found that the ARB approved TSA for full- 
scale production without reviewing the changed parameter. DHS 
officials said that the ARB should have formally reviewed this change 
to ensure that TSA did not change it arbitrarily. GAO recommended that 
TSA develop a road map that outlines vendors’ progress in meeting all 
key performance parameters. DHS agreed, and developed a road map to 
address the recommendation, but faces challenges implementing it-— 
e.g., due to vendor delays. Additionally, in January 2013, GAO 
reported that TSA faced challenges related to testing and deploying 
passenger screening canine teams. Specifically, GAO concluded that TSA 
began deploying these canine teams to airport terminals in April 2011 
prior to determining the canine teams’ operational effectiveness. In 
June 2012, DHS and TSA began conducting operational assessments to 
help demonstrate canine teams’ effectiveness. Also, TSA began 
deploying teams before it had completed an assessment to determine 
where within the airport the canine teams would be most effectively 
utilized. GAO recommended that on the basis of DHS assessment results, 
TSA expand and complete testing to assess the effectiveness of canine 
teams in areas of the airport deemed appropriate. DHS agreed and 
officials said that as of April 2013, TSA had concluded testing in 
collaboration with DHS of canine teams in airport sterile areas—-in 
general, areas of an airport for which access is controlled through 
screening of persons and property-—and is testing teams on its own in 
airport sterile and public areas. 

DHS has some efforts under way to strengthen its oversight of 
component investment and acquisition processes, but additional actions 
are needed. In September 2012, GAO reported that while DHS had 
initiated efforts to address the department’s acquisition management 
challenges, most of DHS’s major acquisition programs continue to cost 
more than expected, take longer to deploy than planned, or deliver 
less capability than promised. GAO identified 42 DHS programs that 
experienced cost growth, schedule slips, or both, with 16 of the 
programs’ costs increasing from a total of $19.7 billion in 2008 to 
$52.2 billion in 2011—an aggregate increase of 166 percent. GAO 
concluded that DHS recognized the need to implement its acquisition 
policy more consistently, but that significant work remained. GAO 
recommended that DHS modify acquisition policy to better reflect key 
program and portfolio management practices and ensure acquisition 
programs fully comply with DHS acquisition policy. DHS agreed, and in 
September 2012 officials stated that it was in the process of revising 
its policy to more fully reflect key program management practices. 

What GAO Recommends: 

GAO has made recommendations to DHS and TSA in prior reports to help 
strengthen its acquisition processes and oversight. DHS and TSA 
generally concurred and are taking actions to address them. 

View [hyperlink, http://www.gao.gov/products/GAO-13-469T]. For more 
information, contact Steve Lord at (202) 512-4379 or lords@gao.gov. 

[End of section] 

United States Government Accountability Office: GAO: 
441 G St. N.W. 
Washington, DC 20548: 

Chairman Hudson, Ranking Member Richmond, and members of the committee: 

I am pleased to be here today to discuss our work examining the 
Transportation Security Administration's (TSA) efforts to develop and 
acquire new technologies to address homeland security needs. Within 
the Department of Homeland Security (DHS), TSA is responsible for 
securing the nation's transportation systems. TSA's acquisition 
programs represent billions of dollars in life cycle costs and support 
a wide range of aviation security missions and investments, including 
technologies used to screen passengers, checked baggage, and air 
cargo, among others. For example, technologies used to screen 
passengers include advanced imaging technology (AIT), commonly 
referred to as full-body scanners, that screen passengers for metallic 
and nonmetallic threats such as weapons, explosives, and other objects 
concealed under layers of clothing, and passenger screening canines 
trained to detect explosives being carried or worn by passengers. 
[Footnote 1] In addition, technologies used to screen checked baggage 
include explosives detection systems (EDS), which use X-rays with 
computer-aided imaging to automatically measure the physical 
characteristics of objects in baggage.[Footnote 2] Consistent with its 
responsibility, TSA establishes requirements for testing and deploying 
these technologies to, for example, screen airline passengers and 
their property. 

Since 2010, we have reported that DHS and TSA have experienced 
challenges in managing their multibillion-dollar acquisition efforts, 
including implementing technologies that did not meet intended 
requirements and were not appropriately tested and evaluated, and not 
consistently completing analyses of costs and benefits before 
technologies were deployed for operational use. As requested, my 
testimony provides an update on that work, including (1) the extent to 
which TSA has addressed challenges relating to developing and meeting 
program requirements, testing new screening technologies, and 
delivering capabilities within agreed-upon cost and schedule estimates 
for select programs, and (2) DHS efforts to strengthen its oversight 
of component investment and acquisition processes. 

This statement is based on GAO reports and testimonies issued from 
January 2010 through January 2013, including selected updates 
conducted in March 2013 on TSA's efforts to implement our prior 
recommendations.[Footnote 3] Specifically, to conduct these updates, 
we obtained information from TSA on the status of the current EDS 
acquisition and upgrades to existing systems, as well as on testing of 
passenger screening canine teams. Our previous reports incorporated 
information we obtained and analyzed from TSA and DHS officials on 
efforts to manage, test, acquire, deploy, and oversee various 
technology programs, including program schedules, planning documents, 
testing reports, and other acquisition documentation. Our previously 
published products contain additional details on the scope and 
methodology of our reports. 

In addition, this statement includes preliminary observations based on 
ongoing work we conducted during the winter of 2013 at your request, 
assessing the effectiveness of AIT equipped with automated target 
recognition (ATR) software.[Footnote 4] As part of this ongoing work, 
we analyzed documents and interviewed TSA officials on the status of 
AIT development and deployment efforts and milestones. All of our work 
was conducted in accordance with generally accepted government 
auditing standards. Those standards require that we plan and perform 
the audit to obtain sufficient, appropriate evidence to provide a 
reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a 
reasonable basis for our findings and conclusions based on our audit 
objectives. For new information that was based on work not previously 
reported, we obtained TSA's views on our findings and incorporated 
technical comments where appropriate. 

Background: 

In 2003, we designated implementing and transforming DHS as high risk 
because DHS had to transform 22 agencies--several with major 
management challenges--into one department.[Footnote 5] Further, 
failure to effectively address DHS's management and mission risks 
could have serious consequences for U.S. national and economic 
security. Given the significant effort required to build and integrate 
a department as large and complex as DHS, our initial high-risk 
designation addressed the department's initial transformation and 
subsequent implementation efforts, to include associated management 
and programmatic challenges. At that time, we reported that the 
creation of DHS was an enormous undertaking that would take time to 
achieve, and that the successful transformation of large 
organizations, even those undertaking less strenuous reorganizations, 
could take years to implement. 

As DHS continued to mature, and as we reported in our assessment of 
DHS's progress and challenges 10 years after the terrorist attacks of 
September 11, 2001, we found that the department implemented key 
homeland security operations and achieved important goals in many 
areas to create and strengthen a foundation to reach its potential. 
[Footnote 6] As a result, we narrowed the scope of the high-risk area 
and changed the name from Implementing and Transforming the Department 
of Homeland Security to Strengthening the Department of Homeland 
Security Management Functions. Recognizing DHS's progress in 
transformation and mission implementation, our 2011 high-risk update 
focused on the continued need to strengthen DHS's management functions 
(acquisition, information technology, financial management, and human 
capital) and integrate those functions within and across the 
department, as well as the impact of these challenges on the 
department's ability to effectively and efficiently carry out its 
missions. 

The Aviation and Transportation Security Act (ATSA) established TSA as 
the federal agency with primary responsibility for securing the 
nation's civil aviation system, which includes the screening of all 
passengers and property transported to, from, and within the United 
States by commercial passenger aircraft.[Footnote 7] In response to 
the December 25, 2009, attempted terrorist attack on Northwest 
Airlines Flight 253, TSA revised its procurement and deployment 
strategy for AIT, commonly referred to as full-body scanners, 
increasing the number of AIT units it planned to procure and deploy. 
TSA stated that AIT provides enhanced security benefits compared with 
walk-through metal detectors, such as enhanced detection capabilities 
for identifying nonmetallic threat objects and liquids. In July 2011, 
TSA began installing ATR software on deployed AIT systems designed to 
address privacy concerns by eliminating passenger-specific images. As 
of May 2013, TSA had deployed about 750 AIT systems to more than 200 
airports, most of which were equipped with ATR software. In January 
2012, we issued a classified report on TSA's procurement and 
deployment of AIT that addressed the extent to which (1) TSA followed 
DHS acquisition guidance when procuring AIT and (2) deployed AIT units 
are effective at detecting threats. Pursuant to the FAA Modernization 
and Reform Act of 2012, TSA was mandated to ensure that all AIT 
systems used to screen passengers are equipped with and employ ATR 
software by June 1, 2012.[Footnote 8] Consistent with provisions of 
the law, TSA subsequently extended this deadline to June 1, 2013. 
[Footnote 9] 

TSA Has Taken Some Steps to Address Challenges Identified in 
Developing, Testing, and Delivering Select Screening Technologies: 

While TSA has taken some steps and is taking additional steps to 
address challenges related to developing, testing, and delivering 
screening technologies for selected aviation security programs, 
additional challenges remain. 

Developing and Meeting Key Performance Requirements for TSA Screening 
Technologies: 

As we have reported in the past few years, it is difficult to fully 
assess program performance without establishing valid baseline 
requirements in key foundation documents at the program start. 
According to best practices established in prior work on major 
acquisitions, without the development, review, and approval of key 
acquisition documents, such as the mission need statement and the 
operational requirements document, agencies are at risk of having 
poorly defined requirements that can negatively affect program 
performance and contribute to increased costs.[Footnote 10] 
Specifically, we have reported in the past few years that TSA has 
faced challenges in developing and meeting program requirements in 
some of its aviation security programs. For example: 

AIT. In January 2012 we concluded that TSA did not fully follow DHS 
acquisition policies when acquiring AIT, which resulted in DHS 
approving full AIT deployment without full knowledge of TSA's revised 
specifications.[Footnote 11] Specifically, DHS's Acquisition 
Management Directive 102-01 (AD 102) required TSA to notify DHS's 
Acquisition Review Board (ARB) if AIT could not meet any of TSA's five 
key performance parameters or if TSA changed a key performance 
parameter during qualification testing.[Footnote 12] Senior TSA 
officials acknowledged that TSA did not comply with the directive's 
requirements, but stated that TSA still reached a "good decision" in 
procuring AIT and that the ARB was fully informed of the program's 
changes to its key performance parameters. Further, TSA officials 
stated that the program was not bound by AD 102 because it was a new 
acquisition process and they believed that the ARB was not fully 
functioning at the time.[Footnote 13] DHS officials stated that the 
ARB discussed the changed key performance parameter but did not see 
the documents related to the change and determined that TSA must 
update the program's key acquisition document, the Acquisition Program 
Baseline, before TSA could deploy AIT systems. However, we concluded 
that, according to a February 2010 acquisition decision memorandum 
from DHS, the ARB gave approval to TSA for full-scale production 
without reviewing the changed key performance parameter. DHS officials 
stated that the ARB should have formally reviewed changes made to the 
key performance parameter to ensure that TSA did not change it 
arbitrarily. According to TSA, it should have submitted its revised 
requirements for approval, but it did not because there was confusion 
as to whether DHS should be informed of all changes. Acquisition best 
practices state that programs procuring new technologies with 
fluctuating requirements pose challenges to agencies ensuring that the 
acquisition fully meets program needs.[Footnote 14] DHS acquisition 
oversight officials agreed that changing key requirements is not a 
best practice for system acquisitions already under way. As a result, 
we found that TSA procured and deployed a technology that met evolving 
requirements, but not the initial requirements included in its key 
acquisition requirements document that the agency initially determined 
were necessary to enhance aviation security. We recommended that TSA 
develop a road map that specifies development milestones for AIT and 
have DHS acquisition officials approve the road map. DHS agreed with 
our recommendation and has taken actions to address it, which we 
discuss below. 

EDS. In July 2011, we found that TSA revised its EDS requirements to 
better address current threats, and had plans to implement these 
requirements in a phased approach.[Footnote 15] However, we found that 
some number of EDS machines in TSA's checked baggage screening fleet 
were configured to detect explosives at the levels established in 2005 
and that the remaining EDS machines are configured to detect 
explosives at levels established in 1998.[Footnote 16] When TSA 
established the 2005 requirements, it did not have a plan with the 
appropriate time frames needed to deploy EDS machines that meet the 
requirements. To help ensure that TSA's checked baggage-screening 
machines are operating most effectively, we recommended that TSA 
develop a plan to deploy EDSs that meet the most recent explosive 
detection requirements established in 2010 and ensure that new 
machines, as well as machines already deployed in airports, will be 
operated at the levels established in those requirements. DHS 
concurred with our recommendation and has begun taking action to 
address it. Specifically, in April 2012, TSA reported that it had 
awarded contracts to vendors to implement detection upgrades across 
the currently deployed EDS fleet to meet the 2010 requirements. In 
March 2013, TSA reported that it plans to complete upgrading the 
currently deployed fleet by the end of fiscal year 2013. However, our 
recommendation is intended to ensure that EDS machines in use at 
airports meet the most recent detection requirements--both previously 
deployed units as well as newly procured machines. Until TSA develops 
such a plan, it will be difficult for the agency to provide reasonable 
assurance that its upgrade approach is feasible or cost-effective. 

Testing New Screening Technologies: 

As we have reported in the past few years, TSA has not always resolved 
problems discovered during testing, which has led to costly redesign 
and rework at a later date, as shown in the following examples. We 
concluded that addressing such problems before moving to the 
acquisition phase can help agencies better manage costs. Specifically: 

Canines. In January 2013, we found that TSA began deploying passenger 
screening canine teams to airport terminals in April 2011 prior to 
determining the teams' operational effectiveness.[Footnote 17] 
According to TSA officials, operational assessments did not need to be 
conducted prior to deployment because canines were being used to 
screen passengers by other entities, such as airports in the United 
Kingdom. In June 2012, the DHS Science and Technology Directorate 
(S&T) and TSA began conducting operational assessments to help 
demonstrate the effectiveness of passenger screening canine teams. 
[Footnote 18] We recommended that on the basis of the results of DHS's 
assessments, TSA expand and complete operational assessments of 
passenger screening canine teams, including a comparison with 
conventional explosives detection canine teams before deploying 
passenger screening canine teams on a nationwide basis to determine 
whether they are an effective method of screening passengers in the 
U.S. airport environment, particularly since they cost the federal 
government more than TSA's conventional canine teams.[Footnote 19] 
Additionally, we found that TSA began deploying passenger screening 
canine teams before it had completed an assessment to determine where 
within the airport (i.e., the public, checkpoint, or sterile areas) 
the teams would be most effectively utilized.[Footnote 20] TSA 
leadership focused on initially deploying passenger screening canine 
teams to a single location within the airport--the sterile area-- 
because it thought it would be the best way to foster stakeholders' 
acceptance of the teams. However, aviation stakeholders we interviewed 
at the time raised concerns about this deployment strategy, stating 
that passenger screening canine teams would be more effectively 
utilized in nonsterile areas of the airport, such as curbside or in 
the lobby areas. DHS concurred with our recommendation to expand and 
complete testing to assess the effectiveness of the teams in areas of 
the airport deemed appropriate. As of April 2013, TSA concluded 
testing with DHS S&T of passenger screening canine teams in the 
sterile areas of airports, and TSA is still in the process of 
conducting its own testing of the teams in the sterile and public 
areas of the airports. 

EDS. In July 2011, we found that TSA experienced challenges related to 
collecting explosives data needed by vendors to develop EDS detection 
software.[Footnote 21] These data are also needed by TSA for testing 
the machines to determine whether they meet established requirements 
prior to their procurement and deployment to airports. In the course 
of collecting data, TSA officials encountered problems associated with 
safely handling and consistently formulating some explosives, which 
contributed to delays in providing vendors with the data needed to 
develop the explosives detection software. These delays, in turn 
resulted in delays to TSA's planned EDS acquisition schedule, which 
involved implementing the 2010 requirements in phases. We recommended 
that TSA develop a plan to ensure that it has the explosives data 
needed for each of the planned phases of the 2010 EDS requirements 
before starting the procurement process for new EDSs or upgrades 
included in each applicable phase. DHS stated that TSA modified its 
strategy for the EDS's competitive procurement in July 2010 in 
response to challenges working with the explosives by removing the 
data collection from the procurement process. In April 2012, TSA 
reported that it had begun using a Qualified Products List for its 
acquisition of EDS, which would separate the need for explosives data 
from future procurements, and would require that EDS be certified to 
meet detection requirements prior to beginning acquisitions of EDS to 
meet those requirements.[Footnote 22] 

Delivering Capabilities within Schedule and Cost Estimates: 

According to best practices established in prior work on major 
acquisitions, realistic program baselines with stable requirements for 
cost, schedule, and performance are important to delivering 
capabilities within schedule and cost estimates.[Footnote 23] Our 
prior work has found that program performance metrics for cost and 
schedule can provide useful indicators of program health and can be 
valuable tools for improving oversight of individual programs. 
According to DHS's acquisition guidance, the program baseline is the 
contract between the program and departmental oversight officials and 
must be established at program start to document the program's 
expected cost, deployment schedule, and technical performance. Best 
practices guidance states that reliable and realistic cost, schedule, 
and performance estimates help ensure that a program will deliver 
capabilities on time and within budget.[Footnote 24] However, as we 
have reported in the past few years and on the basis of our 
preliminary observations from our ongoing work, TSA has not always 
developed accurate baselines for establishing cost, schedule, and 
performance estimates. 

AIT. In January 2012, we found that TSA did not have clear plans to 
require AIT vendors to meet milestones used during the AIT 
acquisition. On the basis of our findings, we recommended that TSA 
develop a road map that outlines vendors' progress in meeting all key 
performance parameters because it is important that TSA convey 
vendors' progress in meeting those requirements and full costs of the 
technology to decision makers when making deployment and funding 
decisions. While TSA reported that it hoped vendors would be able to 
gradually improve meeting key performance parameters for AIT over 
time, we concluded that TSA would have more assurance that limited 
taxpayer resources are used effectively by developing a road map that 
specifies development milestones for the technology and having DHS 
acquisition officials approve this road map. DHS agreed with our 
recommendation and has taken actions to address it. For example, in 
February 2012, TSA developed a road map that specifies development and 
deployment milestones, including the addition of ATR to existing 
deployed systems, continued development of enhanced detection 
capabilities, and acquisition plans for the next generation of AIT 
systems (AIT-2).[Footnote 25] In July 2012, DHS acquisition officials 
reviewed the AIT road map. However, on the basis of our preliminary 
observations from our ongoing work conducted in March 2013, we found 
that TSA has fallen behind schedule as outlined in the AIT road map to 
install ATR software upgrades to existing deployed AIT systems because 
of one of the vendors' inability to develop this software in time for 
the installation of ATR software on all units by June 2013. TSA 
subsequently decided to terminate its contract with this vendor and 
remove all deployed units from airports. TSA has also fallen behind 
schedule as outlined in the AIT road map to acquire and test AIT-2 
systems because of vendors' inability to provide required 
documentation verifying that contractual requirements have been met 
and the units are ready to begin testing. Although TSA updated the AIT 
road map in October 2012, it subsequently missed some of the key 
deadlines specified in the updated version as well. We currently have 
ongoing work related to this area and we plan to report the results in 
the fall of 2013.[Footnote 26] 

EDS. In July 2011, we found that TSA had established a schedule for 
the acquisition of EDS machines but it did not fully comply with 
leading practices, and TSA had not developed a plan to upgrade its EDS 
fleet to meet the current explosives detection requirements.[Footnote 
27] These leading practices state that the success of a large-scale 
system acquisition, such as TSA's EDS acquisition, depends in part on 
having a reliable schedule that identifies when the program's set of 
work activities and milestone events will occur, amongst other things. 
However, we reported that the schedule for the EDS acquisition is not 
reliable because it does not reflect all planned program activities 
and does not include a timeline to deploy EDSs or plans to procure 
EDSs to meet subsequent phases of explosive detection requirements. On 
the basis of our findings, we concluded that developing a reliable 
schedule would help TSA better monitor and oversee the progress of the 
EDS acquisition. DHS concurred with our recommendation to develop and 
maintain a schedule for the entire Electronic Baggage Screening 
Program in accordance with the leading practices we identified for 
preparing a schedule.[Footnote 28] In July 2011, DHS commented that 
TSA had already begun working with key stakeholders to develop and 
define requirements for a schedule and to ensure that the schedule 
aligns with the best practices we outlined. TSA reported in March 2013 
that it plans to have an updated integrated master schedule by 
September 2013. 

Electronic Baggage Screening Program. In April 2012, we found that 
TSA's methods for developing life cycle cost estimates for the 
Electronic Baggage Screening Program did not fully adhere to best 
practices for developing these estimates.[Footnote 29] According to 
best practices, a high-quality, reliable cost estimation process 
provides a sound basis for making accurate and well-informed decisions 
about resource investments, budgets, assessments of progress, and 
accountability for results and thus is critical to the success of a 
program.[Footnote 30] We found that TSA's estimates partially met 
three characteristics and minimally met one characteristic of a 
reliable cost estimate.[Footnote 31] DHS concurred with our 
recommendation that TSA ensure that its life cycle cost estimates 
conform to cost-estimating best practices, and identified efforts 
under way to address it. DHS also acknowledged the importance of 
producing life cycle cost estimates that are comprehensive, well 
documented, accurate, and credible so that they can be used to support 
DHS funding and budget decisions. In April 2013, TSA reported it plans 
to have an updated integrated master schedule and revised life cycle 
cost estimate by September 2013, which, when completed, will allow it 
to update its cost estimate for the Electronic Baggage Screening 
Program. 

DHS Has Efforts Under Way to Strengthen Oversight of Component 
Acquisitions: 

In part because of the challenges we have highlighted in DHS's 
acquisition process, strengthening DHS's management functions remains 
on our high-risk list. However, DHS has efforts under way to 
strengthen its oversight of component acquisition processes. 

We found in September 2012 that while DHS has initiated efforts to 
address the department's acquisition management challenges, most of 
the department's major acquisition programs continue to cost more than 
expected, take longer to deploy than planned, or deliver less 
capability than promised.[Footnote 32] We identified 42 programs that 
experienced cost growth, schedule slips, or both, with 16 of the 
programs' costs increasing from a total of $19.7 billion in 2008 to 
$52.2 billion in 2011--an aggregate increase of 166 percent. Moreover, 
we reported that DHS leadership has authorized and continued to invest 
in major acquisition programs even though the vast majority of those 
programs lack foundational documents demonstrating the knowledge 
needed to help manage risks and measure performance. For example, we 
found that DHS leadership--through the Investment Review Board or its 
predecessor body, the ARB--has formally reviewed 49 of the 71 major 
programs. We found that DHS permitted 43 of those programs to proceed 
with acquisition activities without verifying the programs had 
developed the knowledge in key acquisition documents as required by AD 
102.[Footnote 33] DHS officials reported that DHS's culture has 
emphasized the need to rapidly execute missions more than sound 
acquisition management practice and that DHS could not approve the 
documents in a timely manner. On the basis of our findings, we 
concluded that DHS recognized the need to implement its acquisition 
policy more consistently, but that significant work remains. We 
recommended that DHS modify acquisition policy to better reflect key 
program and portfolio management practices and ensure acquisition 
programs fully comply with DHS acquisition policy. DHS concurred with 
our recommendations and reported taking actions to address some of 
them. For example, in September 2012, DHS stated that it was in the 
process of revising its policy to more fully reflect key program 
management practices to enable DHS to more rapidly respond to 
programs' needs by facilitating the development, approval, and 
delivery of more specific guidance for programs. 

In March 2012, we found that to enhance the department's ability to 
oversee major acquisition programs, DHS realigned the acquisition 
management functions previously performed by two divisions within the 
Office of Chief Procurement Officer to establish the Office of Program 
Accountability and Risk Management (PARM) in October 2011. PARM, which 
is responsible for program governance and acquisition policy, serves 
as the Management Directorate's executive office for program execution 
and works with DHS leadership to assess the health of major 
acquisitions and investments. To help with this effort, PARM is 
developing a database, known as the Decision Support Tool, intended to 
improve the flow of information from component program offices to the 
Management Directorate to support its oversight and management 
efforts. However, we reported in March 2012 that DHS executives were 
not confident enough in the data to use the Decision Support Tool to 
help make acquisition decisions.[Footnote 34] On the basis of our 
findings, we concluded that DHS had limited plans to improve the 
quality of the data because PARM planned to check the data quality 
only in preparation for key milestone meetings in the acquisition 
process. We reported that this could significantly diminish the 
Decision Support Tool's value because users cannot confidently 
identify and take action to address problems meeting cost or schedule 
goals prior to program review meetings. 

In February 2013, we reported that DHS updated its Integrated Strategy 
for High Risk Management in June 2012, which includes management 
initiatives and corrective actions to address acquisition management 
challenges, among other management areas.[Footnote 35] In the June 
2012 update, DHS included, for the first time, performance measures 
and progress ratings for all of the management initiatives. The June 
2012 update also identified the resources needed to implement most of 
its corrective actions, although we found that DHS needs to further 
identify its resource needs and communicate and mitigate critical 
gaps. On the basis of our findings, we concluded that the strategy, if 
implemented and sustained, will provide a path for DHS to be removed 
from our high risk list. Going forward, DHS needs to continue 
implementing its Integrated Strategy for High Risk Management and show 
measurable, sustainable progress in implementing its key management 
initiatives and corrective actions and achieving outcomes including 
those related to acquisition management. We will continue to monitor 
DHS's efforts to determine if the actions and outcomes are achieved. 

Chairman Hudson, Ranking Member Richmond, and members of the 
committee, this concludes my prepared statement. I look forward to 
responding to any questions that you may have. 

GAO Contact and Staff Acknowledgments: 

For questions about this statement, please contact Steve Lord at (202) 
512-4379 or lords@gao.gov. Contact points for our Offices of 
Congressional Relations and Public Affairs may be found on the last 
page of this statement. Individuals making key contributions to this 
statement include Dave Bruno, Assistant Director; Carissa Bryant; 
Susan Czachor; Emily Gunn; and Tom Lombardi. Key contributors for the 
previous work that this testimony is based on are listed within each 
individual product. 

[End of section] 

Related GAO Products: 

High-Risk Series: Government-wide 2013 Update and Progress Made by the 
Department of Homeland Security. [hyperlink, 
http://www.gao.gov/products/GAO-13-444T]. Washington, D.C.: March 21, 
2013. 

High-Risk Series: An Update. [hyperlink, 
http://www.gao.gov/products/GAO-13-283]. Washington, D.C.: February 
14, 2013. 

TSA Explosives Detection Canine Program: Actions Needed to Analyze 
Data and Ensure Canine Teams Are Effectively Utilized. [hyperlink, 
http://www.gao.gov/products/GAO-13-239]. Washington, D.C.: January 31, 
2013. 

Homeland Security: DHS Requires More Disciplined Investment Management 
to Help Meet Mission Needs. [hyperlink, 
http://www.gao.gov/products/GAO-12-833]. Washington, D.C.: September 
18, 2012. 

Homeland Security: DHS and TSA Face Challenges Overseeing Acquisition 
of Screening Technologies. [hyperlink, 
http://www.gao.gov/products/GAO-12-644T]. Washington, D.C.: May 9, 
2012. 

Checked Baggage Screening: TSA Has Deployed Optimal Systems at the 
Majority of TSA-Regulated Airports, but Could Strengthen Cost 
Estimates. [hyperlink, http://www.gao.gov/products/GAO-12-266]. 
Washington, D.C.: April 27, 2012. 

Transportation Security Administration: Progress and Challenges Faced 
in Strengthening Three Key Security Programs. [hyperlink, 
http://www.gao.gov/products/GAO-12-541T]. Washington, D.C.: March 26, 
2012: 

Aviation Security: TSA Has Made Progress, but Additional Efforts Are 
Needed to Improve Security. [hyperlink, 
http://www.gao.gov/products/GAO-11-938T]. Washington, D.C.: September 
16, 2011. 

Department of Homeland Security: Progress Made and Work Remaining in 
Implementing Homeland Security Missions 10 Years after 9/11. 
[hyperlink, http://www.gao.gov/products/GAO-11-881]. Washington, D.C.: 
September 7, 2011. 

Homeland Security: DHS Could Strengthen Acquisitions and Development 
of New Technologies. [hyperlink, 
http://www.gao.gov/products/GAO-11-829T]. Washington, D.C.: July 15, 
2011. 

Aviation Security: TSA Has Taken Actions to Improve Security, but 
Additional Efforts Remain. [hyperlink, 
http://www.gao.gov/products/GAO-11-807T]. Washington, D.C.: July 13, 
2011. 

Aviation Security: TSA Has Enhanced Its Explosives Detection 
Requirements for Checked Baggage, but Additional Screening Actions Are 
Needed. [hyperlink, http://www.gao.gov/products/GAO-11-740]. 
Washington, D.C.: July 11, 2011. 

High-Risk Series: An Update. [hyperlink, 
http://www.gao.gov/products/GAO-11-278]. Washington, D.C.: February 
16, 2011. 

Department of Homeland Security: Assessments of Selected Complex 
Acquisitions. [hyperlink, http://www.gao.gov/products/GAO-10-588SP]. 
Washington, D.C.: June 30, 2010. 

Defense Acquisitions: Managing Risk to Achieve Better Outcomes. 
[hyperlink, http://www.gao.gov/products/GAO-10-374T]. Washington, 
D.C.: January 20, 2010. 

[End of section] 

Footnotes: 

[1] Although canines are not considered a technology, they have been 
included in this testimony as one of the layers TSA relies on to 
screen passengers, baggage, and air cargo for explosives odor. 

[2] An EDS automatically triggers an alarm when objects that exhibit 
the physical characteristics of explosives are detected. 

[3] See the related GAO products list at the end of this statement. 

[4] We plan to issue a report with the results from this work in the 
fall of 2013. AIT systems equipped with ATR software display anomalies 
that could pose a threat using a generic figure for all passengers. 

[5] GAO, High-Risk Series: Government-wide 2013 Update and Progress 
Made by the Department of Homeland Security, [hyperlink, 
http://www.gao.gov/products/GAO-13-444T] (Washington, D.C.: Mar. 21, 
2013). 

[6] GAO, Department of Homeland Security: Progress Made and Work 
Remaining in Implementing Homeland Security Missions 10 Years after 
9/11, [hyperlink, http://www.gao.gov/products/GAO-11-881] (Washington, 
D.C.: Sept. 7, 2011). 

[7] See Pub. L. No. 107-71, 115 Stat. 597 (2001). For purposes of this 
testimony, "commercial passenger aircraft" refers to a U.S.-or 
foreign- flagged air carrier operating under TSA-approved security 
programs with regularly scheduled passenger operations to or from a 
U.S. airport. 

[8] See Pub. L. No. 112-95, § 826, 126 Stat. 11, 132-33 (2012) 
(codified at 49 U.S.C. § 44901(l)). 

[9] On March 26, 2013, TSA published a Notice of Proposed Rulemaking 
in the Federal Register soliciting public comment on the use of AIT as 
a primary means for screening passengers. See 78 Fed. Reg. 18,287 
(Mar. 26, 2013). 

[10] GAO, Best Practices: An Integrated Portfolio Management Approach 
to Weapon System Investments Could Improve DOD's Acquisition Outcomes, 
[hyperlink, http://www.gao.gov/products/GAO-07-388] (Washington, D.C.: 
Mar. 30, 2007). The mission need statement outlines the specific 
functional capabilities required to accomplish DHS's mission and 
objectives, along with deficiencies and gaps in these capabilities. 
The operational requirements document includes key performance 
parameters and describes the mission, capabilities, and objectives to 
provide needed capabilities. 

[11] In January 2012, we issued a classified report on TSA's 
procurement and deployment of AIT at airport checkpoints. 

[12] AD 102 (effective November 7, 2008) and its associated 
instruction manual establish the department's policies and processes 
for managing major acquisition programs. DHS generally defines major 
programs as those expected to cost at least $300 million over their 
respective life cycles, and many are expected to cost more than $1 
billion. The ARB, now called the Investment Review Board, is the 
cross- component board within DHS that determines whether a proposed 
acquisition has met the requirements of key phases in the acquisition 
life cycle framework and is able to proceed to the next phase and 
eventual full production and deployment. Key performance parameters 
(KPP) are system characteristics that are considered critical or 
essential. Failure to meet a KPP could be the basis to reject a system 
solution. 

[13] DHS's Undersecretary for Management issued a memorandum on 
November 7, 2008, requiring compliance with the directive at the 
program's next formal decision point, but no later than 6 months from 
the date of the directive (by May 2009). DHS acquisition officials 
stated that enforcing compliance with the new policy took almost 1 
year, but that it worked with TSA to make the directive's requirements 
known. However, DHS's previous directive--Management Directive 1400, 
which AD 102 superseded --also required component agencies to follow a 
similar process whereby programs were reviewed by DHS's Investment 
Review Board. Accordingly, the Investment Review Board began reviewing 
TSA's AIT program (at that time called the Whole Body Imager) as early 
as 2008. 

[14] GAO, Defense Acquisitions: Managing Risk to Achieve Better 
Outcomes, [hyperlink, http://www.gao.gov/products/GAO-10-374T] 
(Washington, D.C.: Jan. 20, 2010). 

[15] GAO, Aviation Security: TSA Has Enhanced Its Explosives Detection 
Requirements for Checked Baggage, but Additional Screening Actions Are 
Needed, [hyperlink, http://www.gao.gov/products/GAO-11-740] 
(Washington, D.C.: Jul. 11, 2011). 

[16] Details on the number of EDS machines were omitted because TSA 
deemed them Sensitive Security Information, which must be protected 
from public disclosure pursuant to 49 C.F.R. part 1520. 

[17] GAO, TSA Explosives Detection Canine Program: Actions Needed to 
Analyze Data and Ensure Canine Teams Are Effectively Utilized, 
[hyperlink, http://www.gao.gov/products/GAO-13-239] (Washington, D.C.: 
Jan. 31, 2013). 

[18] The results were deemed sensitive security information by TSA. 
DHS S&T has responsibility for coordinating and conducting basic and 
applied research, development, demonstration, testing, and evaluation 
activities relevant to DHS components. 

[19] TSA's conventional explosives detection canines are trained to 
detect explosives in stationary objects (e.g., baggage and vehicles). 

[20] The sterile area of an airport is the portion in an airport, 
defined in the airport's security program, that provides passengers 
access to boarding aircraft and to which the access generally is 
controlled through the screening of persons and property. See 49 
C.F.R. § 1540.5. 

[21] [hyperlink, http://www.gao.gov/products/GAO-11-740]. 

[22] Technologies that successfully pass independent and operational 
evaluation are added to a list of qualified products. 

[23] [hyperlink, http://www.gao.gov/products/GAO-07-388]. 

[24] [hyperlink, http://www.gao.gov/products/GAO-07-388]. 

[25] In February 2012, TSA issued a request for vendors to provide a 
second generation of AIT system, referred to as AIT-2. In September 
2012, TSA made contract awards to purchase and test AIT-2 systems from 
three vendors. All AIT-2 systems are required to be equipped with ATR, 
have a smaller footprint than previous systems, and be capable of 
meeting enhanced detection requirements, among other things. 

[26] In response to your request, we have initiated a review of AIT 
that will examine the effectiveness of AIT systems equipped with ATR. 

[27] [hyperlink, http://www.gao.gov/products/GAO-11-740]. 

[28] TSA's Electronic Baggage Screening Program, one of the largest 
acquisition programs within DHS, certifies and acquires systems used 
to screen checked baggage at TSA-regulated airports throughout the 
United States. 

[29] GAO, Checked Baggage Screening: TSA Has Deployed Optimal Systems 
at the Majority of TSA-Regulated Airports, but Could Strengthen Cost 
Estimates, [hyperlink, http://www.gao.gov/products/GAO-12-266] 
(Washington D.C.: Apr. 27, 2012). 

[30] GAO, GAO Cost Estimating and Assessment Guide: Best Practices for 
Developing and Managing Capital Program Costs, [hyperlink, 
http://www.gao.gov/products/GAO-09-3SP] (Washington, D.C.: Mar. 2 
2009). 

[31] We reported that the estimate was partially comprehensive, 
partially documented, partially accurate, and minimally credible when 
compared against the criteria in our Cost Estimating and Assessment 
Guide. 

[32] GAO, Homeland Security: DHS Requires More Disciplined Investment 
Management to Help Meet Mission Needs, [hyperlink, 
http://www.gao.gov/products/GAO-12-833], (Washington, D.C.: Sept. 18, 
2012). 

[33] We surveyed all of DHS's 77 major acquisition programs from 
January to March 2012, and received a 92 percent response rate. DHS 
originally identified 82 major acquisition programs in the 2011 major 
acquisition oversight list, but 5 of those programs were subsequently 
canceled in 2011. Seventy-one program managers responded to the survey. 

[34] GAO, Department of Homeland Security: Continued Progress Made 
Improving and Integrating Management Areas, but More Work Remains, 
[hyperlink, http://www.gao.gov/products/GAO-12-365T] (Washington, 
D.C.: Mar. 1, 2012). 

[35] GAO, High-Risk Series: An Update, [hyperlink, 
http://www.gao.gov/products/GAO-13-283] (Washington, D.C.: Feb. 2013). 

[End of section] 

GAO’s Mission: 

The Government Accountability Office, the audit, evaluation, and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the 
performance and accountability of the federal government for the 
American people. GAO examines the use of public funds; evaluates 
federal programs and policies; and provides analyses, recommendations, 
and other assistance to help Congress make informed oversight, policy, 
and funding decisions. GAO’s commitment to good government is 
reflected in its core values of accountability, integrity, and 
reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each 
weekday afternoon, GAO posts on its website newly released reports, 
testimony, and correspondence. To have GAO e-mail you a list of newly 
posted products, go to [hyperlink, http://www.gao.gov] and select “E-
mail Updates.” 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of 
production and distribution and depends on the number of pages in the 
publication and whether the publication is printed in color or black 
and white. Pricing and ordering information is posted on GAO’s 
website, [hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or 
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card, 
MasterCard, Visa, check, or money order. Call for additional 
information. 

Connect with GAO: 

Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe 
to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO 
on the web at [hyperlink, http://www.gao.gov]. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 
Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-
mail: fraudnet@gao.gov; 
Automated answering system: (800) 424-5454 or (202) 512-7470. 

Congressional Relations: 

Katherine Siggerud, Managing Director, siggerudk@gao.gov: (202) 512-
4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, DC 20548. 

Public Affairs: 
Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, DC 20548. 

[End of document]