Securing All Transportation Modes

Figure 5: Airline Passengers Being Screened and Cargo Being Loaded on a Commercial Aircraft

DHS has made considerable progress in strengthening the security of commercial aviation and seaports since September 11, 2001, but must continue to adapt security measures to counter evolving threats, balance resources across missions and enhance technologies to strengthen security, and increase its focus on securing surface modes of transportation, including mass transit. Intelligence demonstrates that the transportation network continues to be a key and attractive target for those wishing to harm U.S. interests and that the terrorist threat continues to evolve. As such, the Transportation Security Administration (TSA), Coast Guard, and U.S. Customs and Border Protection (CBP) must continue to work to mitigate vulnerabilities that currently exist in these and other areas.

• TSA revised explosives detection system (EDS) explosives detection requirements in January 2010 to better address current threats and plans to implement these requirements in a phased approach. The first phase, which includes implementation of the previous 2005 requirements, is to take years to fully implement. However, deploying EDSs that meet 2010 requirements could prove difficult given that TSA did not begin deployment of EDSs meeting 2005 requirements until 4 years later in 2009. Developing a plan to deploy and operate EDSs to meet the most recent requirements could help ensure EDSs are operating most effectively and should improve checked-baggage screening. Further, TSA has established a schedule for the current EDS acquisition, but it does not fully comply with best practices, and TSA has not developed a plan to upgrade its EDS fleet. For example, the schedule is not reliable because it does not reflect all planned program activities and does not include a timeline to deploy EDSs or plans to procure EDSs to meet subsequent phases of the 2010 requirements. Developing a reliable schedule would help TSA better monitor and oversee the progress of the EDS acquisition.
  Highlights of GAO-11-740 (PDF)
• Within DHS, the Transportation Security Administration and the U.S. Coast Guard manage the Transportation Worker Identification Credential (TWIC) program, which requires maritime workers to complete background checks and obtain a biometric identification card to gain unescorted access to secure areas of regulated maritime facilities. TSA designed TWIC program processes to facilitate the issuance of TWICs to maritime workers. However, TSA did not assess the internal controls designed and in place to determine whether they provided reasonable assurance that the program could meet defined mission needs for limiting access to only qualified individuals. We found that internal controls in the enrollment and background checking processes are not designed to provide reasonable assurance that (1) only qualified individuals can acquire TWICs; (2) adjudicators follow a process with clear criteria for applying discretionary authority when applicants are found to have extensive criminal convictions; or (3) once issued a TWIC, TWIC-holders have maintained their eligibility. Further, DHS has not assessed the TWIC program's effectiveness at enhancing security or reducing risk for regulated facilities and vessels. DHS has not demonstrated that TWIC, as currently implemented and planned, is more effective than prior approaches used to limit access to ports and facilities, such as using facility specific identity credentials with business cases. In addition, DHS did not conduct a risk-informed cost-benefit analysis that considered existing security risks, and it has not yet completed a regulatory analysis for the upcoming rule on using TWIC with card readers.
  Highlights of GAO-11-657 (PDF)

The Coast Guard has assessed the risk—including threats, vulnerabilities, and consequences—to ferries in accordance with DHS guidance on risk assessment. Federal agencies, ferry operators, and law enforcement entities reported taking various actions to enhance the security of ferries and facilities, but the Coast Guard may be missing opportunities to enhance ferry security. For example, the Coast Guard had not evaluated and, if determined warranted, acted on all findings and recommendations resulting from five agency-contracted studies on ferry security completed in 2005 and 2006. Reports from these studies included several recommendations for standardizing and enhancing screening across ferry operators.

Key challenges include the following:

• To enhance aviation security, the TSA initiated its Screening of Passengers by Observation Techniques (SPOT) program in which Behavior Detection Officers (BDO) work to identify persons who pose a risk to aviation security by focusing on behavioral and appearance indicators. Although DHS is in the process of validating some aspects of the SPOT program, TSA deployed SPOT nationwide without first validating the scientific basis for identifying suspicious passengers in an airport environment. A scientific consensus does not exist on whether behavior detection principles can be reliably used for counterterrorism purposes, according to the National Research Council of the National Academy of Sciences. DHS plans to review aspects of SPOT, such as whether the program is more effective at identifying threats than random screening. Nonetheless, DHS's current plan to assess SPOT is not designed to fully validate whether behavior detection can be used to reliably identify individuals in an airport environment who pose a security risk. TSA is also experiencing implementation challenges, including not fully utilizing the resources it has available to systematically collect and analyze the information obtained by BDOs on passengers who may pose a threat to the aviation system. In addition, although TSA has some performance measures related to SPOT, it lacks outcome-oriented measures to evaluate the program's progress toward reaching its goals.
  
  Highlights of GAO-10-763 (PDF)
• The Transportation Worker Identification Credential (TWIC) program requires maritime workers who access secure areas of transportation facilities to obtain a biometric identification card to access these facilities.  TSA is conducting a pilot program to test the use of TWICs with biometric card readers.  While TSA has made progress in incorporating management best practices to execute the TWIC pilot, TSA faces management challenges in ensuring the successful execution of the pilot test aimed at informing Congress and the development of the second TWIC regulation. For example, TSA and the Coast Guard have not developed an evaluation plan that fully identifies the scope of the pilot and specifies how the information from the pilot will be analyzed.
  
  Highlights of GAO-10-43 (PDF)
• From fiscal years 2006 through 2008, the DHS has allocated about $755 million dollars to transit agencies through its Transit Security Grant Program to protect transit systems and the public from terrorist attacks. DHS met the statutory timeline requirements for allocating and awarding grants, but the two agencies that manage the program-TSA and FEMA-lack defined roles and responsibilities. Specifically, there is no documentation articulating the roles and responsibilities of the agencies, and grant information has not been passed between the two agencies which affected TSA’s ability to share grant status information with transit agencies. In addition, although FEMA has taken initial efforts to develop measures to assess the effectiveness of its grant programs, TSA and FEMA lack a plan and related milestones for developing measures specifically for the Transit Security Grant Program, and thus DHS does not have the capability to measure the effectiveness of the program or its investments. Furthermore, while FEMA is responsible for the financial controls and audits of the program, it does not have a mechanism to systematically collect data and track grant projects throughout the grant process. As a result, FEMA cannot assess whether awards are timely or funds are being used effectively to reduce risk and increase transit system security.
  Highlights of GAO-09-491 (PDF)
• TSA has taken some actions but has not fully implemented a risk management approach to inform the allocation of resources across the transportation modes (aviation, mass transit, highway, freight rail, and pipeline). For example, TSA collected information related to threat, vulnerability, and consequence within the transportation modes but has not conducted risk assessments that integrate these three components for each mode or the transportation sector as a whole.
  Highlights of GAO-09-492 (PDF)
• TSA's Pipeline Security Division (PSD) has identified the 100 most critical pipeline systems and developed a pipeline risk assessment model based on threat, vulnerability, and consequence, but could improve the model's consequence component and better prioritize its efforts. The consequence component takes into account the economic impact of a possible pipeline attack, but not other possible impacts such as public health and safety, as called for in the Department of Homeland Security's (DHS) risk management guidance. PSD plans to improve its model by adding more vulnerability and consequence data, but has no time frames for doing so. Establishing a plan with time frames, as called for by standard management practices, could help PSD enhance the data in, and use of, its risk assessment model.
  
  Highlights of GAO-08-867 (PDF)
• TSA has not fully defined or implemented its strategy for securing surface modes of transportation—including mass transit, passenger and freight rail, highways and commercial vehicles, and pipeline, including determining what, if any, its regulatory role will be. TSA has also encountered problems in building and maintaining partnerships with transportation operators that retain primary responsibility for securing these systems.
  
  Highlights of GAO-08-651T (PDF)
• While TSA and DHS’s Science and Technology Directorate (S&T) have explored and tested new screening technologies to enhance the detection of explosives and other threats at airport security checkpoints, limited progress has been made in developing and deploying these technologies due to technical and management challenges, as well coordination breakdowns between TSA and S&T.
  
  Highlights of GAO-08-1024T (PDF) and Highlights of GAO-08-651T (PDF)
• TSA and CBP face significant resource and other challenges in developing a strategy and system to screen 100 percent of cargo transported on passenger aircraft by August 2010 and in to ensure that 100 percent of oceangoing containers bound for the United States are scanned overseas by July 2012, as mandated by law. With regard air cargo screening, TSA has made progress in meeting the air cargo screening mandate as it applies to domestic cargo, but faces challenges in doing so that highlight the need for a contingency plan. For example, TSA has increased required domestic cargo screening levels, increased the amount of cargo subject to screening by eliminating many domestic screening exemptions, created a voluntary program to allow screening to take place at various points in the air cargo supply chain, conducted outreach to familiarize industry stakeholders with screening requirements, and tested air cargo screening technologies. However, TSA faces several challenges in developing and implementing a system to screen 100 percent of domestic air cargo, and it is questionable, based on reported screening rates, whether 100 percent of such cargo will be screened by August 2010 without impeding the flow of commerce. For example, TSA has not completed a staffing study to determine the number of inspectors needed to oversee the screening program, and TSA does not verify the self-reported data submitted by screening participants. With regard to oceangoing containers, in particular, CBP has made limited progress in scanning containers at the initial ports participating in its Secure Freight Initiative program, leaving the feasibility of 100 percent scanning largely unproven. Since the inception of the program, CBP has not been able to achieve 100 percent scanning at any participating port. CBP has a strategy to expand the Secure Freight Initiative to select ports where it will mitigate the greatest risk of weapons of mass destruction entering the United States. However, CBP has not developed a plan to scan 100 percent of U.S.-bound container cargo by 2012, conducted a feasibility analysis of expanding 100 percent scanning, or developed a complete estimate of Secure Freight Initiative program costs.
  
  Highlights of GAO-10-446 (PDF), Highlights of GAO-10-12 (PDF), Highlights of GAO-08-959T (PDF), Highlights of GAO-08-1055R (PDF), Highlights of GAO-07-660 (PDF), Highlights of GAO-08-533T (PDF), and Highlights of GAO-08-538 (PDF)
• DHS has conducted research and development for four container security technology projects, but has not yet developed performance standards for them. From 2004 through 2009, S&T spent approximately $60 million and made varying levels of progress in the research and development of its four container security technology projects. Until the container security technologies are tested and evaluated consistent with all of the operational scenarios DHS identified for potential implementation, S&T cannot provide reasonable assurance that the technologies will effectively function as the Office of Policy Development and CBP intend to implement them.
  
  Highlights of GAO-10-887
• Although TSA and the Coast Guard have taken actions to enhance perimeter security and to restrict access to secure areas at airports and seaports, they have made limited progress in determining the need for additional security requirements to reduce the risks posed by employees, including assessing the feasibility of screening 100 percent of these workers; implementing biometric identification systems; and conducting compliance inspections at seaports.
  
  Highlights of GAO-08-651T (PDF), Highlights of GAO-04-728 (PDF), and Highlights of GAO-08-12 (PDF)
• The Coast Guard has not fully assessed its requirements for both its security and traditional—such as maritime safety and environmental stewardship—missions, to provide a baseline for prioritizing and balancing resource needs.
  
  Highlights of GAO-08-494T
• DHS has revised its approach to managing and overseeing Deepwater by making the program subject to its recently finalized acquisition directive, which establishes a number of review points to provide insight into such key documents as baselines and test reports. DHS has also increased the number of its reviews of individual Deepwater assets. The Coast Guard's own management policies are generally aligned with DHS directives, although operational testing policies are still being revised, and it has developed additional guidance on completion of key requirements documents. However, costs could continue to grow as four assets currently lack revised cost baselines; among them is the largest cost driver in the Deepwater Program, the Offshore Patrol Cutter.
  
  Highlights of GAO-10-790 (PDF))
• Although TSA and the Coast Guard have implemented an extensive regime of security measures involving commercial aviation, domestic and international ports, maritime facilities, and vessels, they have faced challenges in strengthening and completing these efforts; adapting security strategies to counter evolving threats; and ensuring that these measures are sustainable in the long term.
  
  Highlights of GAO-08-651T (PDF), Highlights of GAO-08-126T (PDF), and Highlights of GAO-08-494T (PDF)

^ Back to topWhat Needs to Be Done

• DHS needs to develop a plan to ensure that new machines, as well as those machines currently deployed in airports, will be operated at the levels in established requirements, collect explosives data before initiating new procurements, and develop a reliable schedule.
  Highlights of GAO-11-740 (PDF)
• DHS needs to assess TWIC program internal controls to identify needed corrective actions, assess TWIC's effectiveness, and use the information to identify effective and cost-efficient methods for meeting program objectives.
  Highlights of GAO-11-657 (PDF)
• The Coast Guard should evaluate the findings and recommendations from the Coast Guard's 2005 and 2006 ferry security reports and take appropriate actions to address the findings and recommendations identified in these reports.
  Highlights of GAO-11-207 (PDF)
• TSA needs to use an independent panel of experts to assist in validating SPOT, enhance SPOT data collection and analysis, fully utilize TSA resources to identify possible threats, and establish a plan to develop more outcome-oriented measures for SPOT.
  
  Highlights of GAO-10-763 (PDF)
• TSA and Coast Guard should develop a detailed evaluation plan to help ensure that needed information on biometrics will result from the pilot.
  
  Highlights of GAO-10-43 (PDF)
• CBP and S&T needs to test and evaluate the container security technologies consistent with all of the operational scenarios DHS identified for potential implementation, before S&T provides performance standards to the Office of Policy Development and CBP.
  Highlights of GAO-10-887 (PDF)
• DHS needs to define TSA’s and FEMA’s respective roles and responsibilities for managing the Transit Security Grant Program, develop a cost-effective plan for monitoring the use of grant funds once projects have been implemented, develop an interim solution to systematically collect data and track grant activities until FEMA’s grants management system can perform these functions, and develop a plan and milestones for measuring the effectiveness of the program and its administration.
  
  Highlights of GAO-09-491 (PDF)
• TSA needs to develop a comprehensive risk assessment of airport security and milestones for its completion, and a national strategy for airport security that includes key characteristics, such as goals and priorities.
  Highlights of GAO-09-399 (PDF)
• TSA needs to work with DHS to validate its risk management approach and conduct comprehensive risk assessments.
  
  Highlights of GAO-09-492 (PDF)
• TSA needs to strengthen risk assessments for surface modes of transportation, and use this information to inform its security strategies; determine whether it will pursue voluntary standards or regulations to secure these systems, and issue relevant standards or regulations; and clearly define its security strategy to state, local, and private-sector operators that are responsible for securing and maintaining these systems.
  
  Highlights of GAO-08-651T (PDF)
• TSA needs to develop risk-based strategic and deployment plans to guide its efforts for acquiring and deploying checkpoint screening technologies, complete risk assessments to inform procurement decisions, fully test technologies before they are deployed, and continue to strengthen coordination with DHS S&T
  
  Highlights of GAO-08-1024T (PDF)
• TSA and CBP need to develop and implement their respective approaches for screening 100 percent of cargo transported on passenger aircraft and oceangoing cargo containers, including assessing the effectiveness of technologies that can be used to screen cargo, determining inspection resources needed to oversee the system, garnering domestic and international stakeholder participation, and determining how they will secure cargo transported into the United States from other countries. TSA needs to establish milestones for a staffing study, verify the accuracy of all reported screening data, and develop a contingency plan for screening domestic cargo CBP and also needs to complete a feasibility assessment, cost estimates, and cost-benefit analysis for the Secure Freight Initiative.
  
  Highlights of GAO-10-446 (PDF), Highlights of GAO-10-12 (PDF), Full Report of GAO-08-1055R (PDF, 26 pages), Highlights of GAO-07-660 (PDF), Highlights of GAO-08-533T (PDF), and Highlights of GAO-08-538 (PDF)
• TSA should continue to assess vulnerabilities that currently exist at commercial airports, work closely with airports in identifying and supporting their technology needs, and finalize its strategy for protecting commercial aviation from the security risk posed by airport workers.
  
  Highlights of GAO-08-959T (PDF), Highlights of GAO-08-651T (PDF), and Highlights of GAO-04-728 (PDF)
• The Coast Guard needs to assess its requirements for both its security and traditional missions and provide a baseline for prioritizing and balancing resources across all of its missions.
  
  Highlights of GAO-08-494T (PDF)
• The Coast Guard should complete, and present to Congress, a comprehensive review of the Deepwater Program that clarifies the overall cost, schedule, quantities, and mix of assets that are needed to meet mission needs and what trade-offs need to be made considering fiscal constraints, given that the currently approved Deepwater baseline is no longer feasible.
  
  Highlights of GAO-10-790 (PDF)
• TSA and the Coast Guard should continue to strengthen and complete key security efforts, including those directed at mass transit systems, the highway network, and ports and vessels; adapt programs and initiatives to address evolving threats; and ensure the sustainability of these measures in the long-term.
  Highlights of GAO-08-651T (PDF), Highlights of GAO-08-126T (PDF), Highlights of GAO-08-494T (PDF)

^ Back to topKey Reports

Transportation Worker Identification Credential

Transportation Worker Identification Credential

Transportation Security

Transportation

Transit Security Grant Program

Supply Chain Security

Supply Chain Security

Transportation

Pipeline Security

Maritime Security

Maritime Security

Maritime Security

Highway Infrastructure

Coast Guard

Coast Guard

Aviation Security

Aviation Security

Aviation Security

Aviation Security

Aviation Security

Aviation Security

Aviation Security

Aviation Security

More Reports