Over 9 million passengers departed from U.S. ports on cruise ships in 2008, and according to agency officials, cruise ships are attractive terrorist targets. GAO was asked to review cruise ship security, and this report addresses the extent to which (1) the Coast Guard, the lead federal agency on maritime security, assessed risk in accordance with the Department of Homeland Security's (DHS) guidance and identified risks; and (2) federal agencies, cruise ship and facility operators, and law enforcement entities have taken actions to protect cruise ships and their facilities. GAO reviewed relevant requirements and agency documents on maritime security, analyzed 2006 through 2008 security operations data, interviewed federal and industry officials, and made observations at seven ports. GAO selected these locations based on factors such as the number of sailings from each port. Results of the visits provided additional information on security, but were not projectable to all ports.

The Coast Guard has assessed the risks to cruise ships in accordance with DHS guidance--which requires that the agency analyze threats, vulnerabilities, and consequences--and, with other maritime stakeholders, identified some concerns. Specifically, agency officials reported in January 2010 that there had been no credible threats against cruise ships in the prior 12 months, but also noted the presence of terrorist groups that have the capability to attack a cruise ship. The Coast Guard, cruise ship and facility operators, and law enforcement officials generally believe waterside attacks are a concern for cruise ships. Agency officials and terrorism researchers also identified terrorists boarding a cruise ship as a concern. The Coast Guard has also identified the potential consequences of an attack, which would include potential loss of life and economic effects. Federal agencies, cruise ship and facility operators, and law enforcement entities have taken various actions to enhance the security of cruise ships and their facilities and implement related laws, regulations, and guidance, and additional actions are under way. DHS and component agencies have taken security measures such as the Coast Guard providing escorts of cruise ships during transit, and CBP's review of passenger and crew data to help target passenger inspections. Cruise ship and cruise ship facility operators' security actions have included developing and implementing security plans, among other things. The Coast Guard is also in the process of expanding a program to deter and prevent small vessel attacks, and is developing additional security measures for cruise ships. In addition, CBP's 2005-2010 Strategic Plan states that CBP should seek to improve identification and targeting of potential terrorists through automated advanced information. CBP, however, has not assessed the cost and benefit of requiring cruise lines to provide passenger reservation data, which in the aviation mode, CBP reports to be useful for the targeting of passengers for inspection. GAO's previous work identified evaluations as a way for agencies to explore the benefits of a program. If CBP conducted a study to determine whether collecting additional passenger data is cost effective and addressed privacy implications, CBP would be in a better position to determine whether additional actions should be taken to augment security.

Status Legend:

Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

• In Process
• Open
• Closed - implemented
• Closed - not implemented

Recommendations for Executive Action

Recommendation: To enhance the existing screening process for cruise ship passengers, the CBP Commissioner should conduct a study to determine whether requiring cruise lines to provide automated Passenger Name Record data to CBP on a systematic basis would benefit homeland security, and if found to be of substantial benefit, determine the appropriate mechanism through which to issue this requirement. The scope of the study should include potential benefits to security, any need for additional authority and international agreements, resource implications for CBP and the cruise industry, privacy concerns, and any implementation issues related to the automated transfer of Passenger Name Record data from the cruise lines to CBP.

Agency Affected: Department of Homeland Security: United States Customs and Border Protection

Status: Open

Comments: In GAO-10-400 we reviewed efforts to prevent terrorist attacks on cruise ships and recommennded that Customs and Border Protection (CBP) conduct a study to determine whether requiring cruise lines to provide automated Passenger Name Record data to CBP on a systematic basis would benefit homeland security. In response, CBP has begun, among other actions, site surveys at three locations to determine their current use of cruise line reservation systems, identification of potential benefits to homeland security based on the use of reservation data, determing available computer network options for cruise lines to report data, and determining if establishing the needed network connections would be cost effective. CBP has set a due date for their full evaluation of these issues of June 30, 2011.