[Senate Hearing 111-1015]
[From the U.S. Government Publishing Office]



                                                       S. Hrg. 111-1015

     SAFE PORT ACT REAUTHORIZATION: SECURING OUR NATION'S CRITICAL 
                             INFRASTRUCTURE

=======================================================================

                                HEARING

                               before the

                         COMMITTEE ON COMMERCE,
                      SCIENCE, AND TRANSPORTATION
                          UNITED STATES SENATE

                     ONE HUNDRED ELEVENTH CONGRESS

                             SECOND SESSION

                               __________

                             JULY 21, 2010

                               __________

    Printed for the use of the Committee on Commerce, Science, and 
                             Transportation









                  U.S. GOVERNMENT PRINTING OFFICE
67-271 PDF                WASHINGTON : 2011
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001




       SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION

                     ONE HUNDRED ELEVENTH CONGRESS

                             SECOND SESSION

            JOHN D. ROCKEFELLER IV, West Virginia, Chairman
DANIEL K. INOUYE, Hawaii             KAY BAILEY HUTCHISON, Texas, 
JOHN F. KERRY, Massachusetts             Ranking
BYRON L. DORGAN, North Dakota        OLYMPIA J. SNOWE, Maine
BARBARA BOXER, California            JOHN ENSIGN, Nevada
BILL NELSON, Florida                 JIM DeMINT, South Carolina
MARIA CANTWELL, Washington           JOHN THUNE, South Dakota
FRANK R. LAUTENBERG, New Jersey      ROGER F. WICKER, Mississippi
MARK PRYOR, Arkansas                 GEORGE S. LeMIEUX, Florida
CLAIRE McCASKILL, Missouri           JOHNNY ISAKSON, Georgia
AMY KLOBUCHAR, Minnesota             DAVID VITTER, Louisiana
TOM UDALL, New Mexico                SAM BROWNBACK, Kansas
MARK WARNER, Virginia                MIKE JOHANNS, Nebraska
MARK BEGICH, Alaska
                    Ellen L. Doneski, Staff Director
                   James Reid, Deputy Staff Director
                   Bruce H. Andrews, General Counsel
                 Ann Begeman, Republican Staff Director
             Brian M. Hendricks, Republican General Counsel
                  Nick Rossi, Republican Chief Counsel
















                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on July 21, 2010....................................     1
Statement of Senator Rockefeller.................................     1
Statement of Senator Hutchison...................................     3
    Prepared statement...........................................     4
Statement of Senator Lautenberg..................................     5
Statement of Senator Klobuchar...................................    38
Statement of Senator Cantwell....................................    40
Statement of Senator LeMieux.....................................    42

                               Witnesses

Admiral Robert J. Papp, Commandant, U.S. Coast Guard, Department 
  of Homeland Security...........................................     5
    Prepared statement...........................................     8
Hon. Alan Bersin, Commissioner, U.S. Customs and Border 
  Protection, Department of Homeland Security....................    15
    Prepared statement...........................................    17
Stephen L. Caldwell, Director, Homeland Security and Justice 
  Issues, U.S. Government Accountability Office..................    21
    Prepared statement...........................................    23

                                Appendix

Response to written questions submitted to Admiral Robert J. Papp 
  by:
    Hon. John D. Rockefeller IV..................................    53
    Hon. Frank R. Lautenberg.....................................    60
    Hon. Barbara Boxer...........................................    61
    Hon. Maria Cantwell..........................................    62
    Hon. Kay Bailey Hutchison....................................    64
    Hon. David Vitter............................................    69
Response to written questions submitted to Hon. Alan Bersin by:
    Hon. John D. Rockefeller IV..................................    70
    Hon. Frank R. Lautenberg.....................................    76
    Hon. Barbara Boxer...........................................    76
    Hon. Bill Nelson.............................................    78
    Hon. Maria Cantwell..........................................    79
    Hon. Mark Pryor..............................................    81
    Hon. Kay Bailey Hutchison....................................    82
Response to written questions submitted to Stephen L. Caldwell 
  by:
    Hon. John D. Rockefeller IV..................................    83
    Hon. Kay Bailey Hutchison....................................    83
    Hon. John D. Rockefeller IV..................................    85
    Hon. Kay Bailey Hutchison....................................    94
    Hon. Bill Nelson.............................................    95
    Hon. Frank R. Lautenberg.....................................    95
    Hon. Amy Klobuchar...........................................    97

 
                     SAFE PORT ACT REAUTHORIZATION:
                         SECURING OUR NATION'S
                        CRITICAL INFRASTRUCTURE

                              ----------                              


                        WEDNESDAY, JULY 21, 2010

                                       U.S. Senate,
        Committee on Commerce, Science, and Transportation,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 2:40 p.m. in room 
SR-253, Russell Senate Office Building, Hon. John D. 
Rockefeller IV, Chairman of the Committee, presiding.

       OPENING STATEMENT OF HON. JOHN D. ROCKEFELLER IV, 
                U.S. SENATOR FROM WEST VIRGINIA

    The Chairman. All right, this hearing will come to order.
    You have the brains of the Committee before you.
    [Laughter.]
    The Chairman. Actually, the brains of the Committee is 
sitting behind us.
    [Laughter.]
    Senator Hutchison. Right, exactly.
    The Chairman. Every day, terrorists are hard at work at 
hatching new plans to do America harm. As the former Chairman 
and current member of the Intelligence Committee, I have a very 
special way of knowing that, and I can tell you, the threats 
are very real--and, of course, you all know that--and that they 
continue and they expand and become more malicious.
    In the last year alone, we have seen one terrorist try to 
blow up an airplane on Christmas Day, and we've seen another 
try to turn his SUV into a bomb near Times Square. No matter 
how many plots we disrupt, more will replace them, and history 
has shown us that one of the greatest security challenges we 
face is securing our free and open transportation system.
    Although our aviation security system is the most visible 
part of our Nation's homeland security system, DHS is working 
to secure all aspects of our transportation infrastructure. 
Today, we're going to talk about a huge challenge we have in 
making our ports more secure. The very size, location, and 
constant movement at ports makes them vulnerable to a potential 
terrorist attack. In fact, a fairly easy terrorist attack.
    If terrorists were to shut down a major port, the economic 
disruption to our economy would be incalculable, as it would be 
to the psyche of Americans. Maritime security is more than just 
protecting our ports from attack; it's protecting our ships, 
both military and commercial, preventing attacks on our 
communities, and keeping extremely hazardous materials from 
being used as weapons.
    Welcome, Senator Lautenberg.
    Senator Lautenberg. Thank you.
    The Chairman. For example, small vessels can carry 
explosives, as they did in the 2000 USS Cole attack, or smuggle 
terrorists, as they did in Mumbai, India, in 2008. Preventing 
terrorists from using our maritime transportation system to 
smuggle weapons or people into this country is very important 
to our economic security, and our national psyche.
    I think, as a West Virginian--of chemical plants on the 
Ohio River, right between West Virginia and Ohio--it's called 
the Ohio River, but we own it, which means we have to pay to 
build the bridges. That's just a small thing, which is not 
really a part of this hearing. Anyway, it's lined with chemical 
plants, and it's lined with powerplants, all the way from 
Pittsburgh all the way down to Cincinnati. And I think the 
Coast Guard is only able, at this point, because of funding 
problems, et cetera, to supply, at the most, three, but, up 
until recently, only two armed speedboats to patrol that 200 
miles. It's like an open, free chance for anybody.
    Many people may not know this, but West Virginia is 
actually home to the seventh-largest port--and that includes 
San Diego, San Francisco, New York, et cetera--in the country, 
and it's called Huntington, West Virginia. It connects all the 
way from the Atlantic to the Gulf, and it's just an 
unbelievable sight of transference of cargo. Over 77 million 
tons move through that port annually, 30 of which is petroleum 
and chemical products. If terrorists attacked a chemical plant 
adjacent to the Port of Huntington, the resulting toxic plume 
would be devastating. It can happen any day. It has not, but it 
could.
    Make no mistake, the challenges before us are very great. 
Two of our witnesses today will discuss the enormously 
difficult task of balancing the need to protect our maritime 
transportation system with the efficient flow of commerce.
    For example, in 2007, Congress required 100-percent 
scanning of all oceanborne cargo containers entering the United 
States. Last year, the Secretary of Homeland Security told this 
committee that she doubted that DHS could meet that challenge. 
It will be expensive. Very expensive.
    If we cannot meet this mandate, then I believe we need to 
find a different way to address this threat. I look forward to 
hearing from you and having a discussion about that. What is 
possible, what is not; If we stretched, did something 
different, what difference could we make? As I have discussed 
already with Admiral Papp, the Coast Guard has too few 
resources to meet all of its missions, and that is 
unacceptable. I believe the Coast Guard needs more resources 
and more support to do its job, period. One can argue about 
debt, deficits, and all the rest of it, but protecting the 
American people ought to be, pretty much, preemptive, I would 
think.
    So, just as the Committee has jurisdiction over maritime 
issues, we also have a primary role of making sure our maritime 
sector is, itself, secure. So, in the coming days, we're going 
to introduce legislation that builds on provisions in the 
Security and Accountability For Every Port Act of 2006, or the 
SAFE Port Act, and the Maritime Transportation Security Act of 
2002, bills this committee passed to strengthen maritime 
security.
    The SAFE Port Act of 2006 furthered the preparedness of our 
ports by requiring national and regional security plans and 
mandating Coast Guard-approved incident response plans for all 
vessels, ports, and facilities on and adjacent to waterways 
that are engaged in maritime transportation.
    This bill that I introduced will do the following: focus 
resources on critical needs, critical small vessel security--we 
need to talk about that--especially hazardous cargo, and the 
security of the global supply chain; reauthorize the Port 
Security Grant Program to ensure that adequate resources exist 
to secure our airport facilities; and, most importantly, seek 
to address key security gaps and lessons learned from the past 
4 years.
    I look forward to hearing from our witnesses today and as 
we go to several things: evaluate the current state of port 
security, reflect on the implementation of previous port 
security bills, and discuss how we can improve going ahead.
    I thank everybody for being here, and I turn now to my 
extremely distinguished Co-Chair, Kay Bailey Hutchison.

            STATEMENT OF HON. KAY BAILEY HUTCHISON, 
                    U.S. SENATOR FROM TEXAS

    Senator Hutchison. Well, thank you very much, Mr. Chairman.
    And it is such an important part of our responsibility--
port security. It has been 4 years since this committee passed 
the port security legislation, which became the SAFE Port Act 
of 2006. And, as many of these provisions in the bill begin to 
expire, we look forward to working together, the Chairman and I 
and other members, to reauthorize this important legislation.
    The maritime transportation system in the United States is 
a vital asset to our Nation's economy, employing more than 13 
million workers. The cargo that passes through our ports and 
waterways contributes approximately three-quarters of a 
trillion dollars to the U.S. gross domestic product.
    In my home State of Texas--I'm going to brag on my port--
the Port of Houston continues to rank first in the country in 
U.S. imports, first in foreign waterborne tonnage, and is home 
to one of the largest petrochemical complexes in the world, as 
well as part of the U.S. Strategic Petroleum Reserve.
    The Houston ship-channel businesses account for almost 
800,000 jobs and have an economic impact of close to $120 
billion. The Port of Houston is just one of the ports in our 
Gulf Coast, in Texas. We go from Brownsville all the way up the 
coast, through Port Arthur, in Beaumont. So, we do have a huge 
amount of waterborne commerce in my State, and there is no 
question that this is a security issue, just as any part of our 
transportation and commerce system is.
    The Brookings Institution estimated that a detonated weapon 
of mass destruction at an American port could cost $1 trillion 
to the national economy. So, it is the job of the Department of 
Homeland Security, with assistance from other entities in the 
Administration--certainly the Coast Guard, as well--Congress, 
State and local governments, and industry stakeholders, to be 
able to work seamlessly together. It's going to take the 
contribution of all of these entities to prevent any kind of 
devastating terrorist activity in our ports.
    I am interested to hear what the three of you are going to 
say, and I hope that you will elaborate on any ideas that you 
have, going forward, for us to be able to pass a bill that will 
make a difference in our ports' security. I'm interested in 
ways that the government agencies, both State, local, as well 
as the different Federal agencies, can work seamlessly with 
each other, and cooperatively with the private sector, and 
efficiently, to make sure that risk management is the best that 
we can do to secure our Nation's transportation systems.
    So, thank you for being here, and thank you, Mr. Chairman, 
for continuing to focus on this important issue.
    [The prepared statement of Senator Hutchison follows:]

  Prepared Statement of Hon. Kay Bailey Hutchison, U.S. Senator from 
                                 Texas
    Mr. Chairman, thank you for holding today's hearing on port 
security, a critical element of our Nation's national security efforts.
    It has been almost 4 years since this committee passed port 
security legislation, which became the SAFE Port Act of 2006. As many 
of the provisions in that bill begin to expire, I look forward to 
working with the Chairman and the other members to reauthorize this 
important legislation.
    The maritime transportation system in the United States is a vital 
asset to the Nation's economy, employing more than 13 million workers. 
The cargo that passes through this country's ports and waterways 
contributes approximately three-quarters of a trillion dollars to the 
U.S. gross domestic product.
    In my home state of Texas, the Port of Houston continues to rank 
first in the country in U.S. imports, first in foreign waterborne 
tonnage, and is home to one of the world's largest petrochemical 
complexes, as well as the U.S. Strategic Petroleum reserve.
    The Houston shipping channel businesses account for almost 800,000 
jobs and have an economic impact of close to $120 billion.
    Clearly, our Nation's economy and the flow of commerce can be 
affected significantly by an unforeseen event, which I am concerned we 
are not adequately prepared. A terrorist incident at a major U.S. port 
could cause a devastating loss of life and deliver a huge blow to our 
economy.
    For example, the Brookings Institution estimated that a detonated 
weapon of mass destruction (WMD) at an American port could cost $1 
trillion to the national economy.
    And so, it is the job of the Department of Homeland Security, with 
assistance from other entities within the Administration, as well as 
Congress, State and Local governments and industry stakeholders, to 
help put systems in place to prevent these devastating types of events 
from occurring and disrupting the delicate equilibrium of the flow of 
commerce and the sanctity of our way of life.
    Therefore, I am particularly interested to hear what assessment our 
witnesses will provide of the state of our Nation's maritime security. 
In addition, I hope that our witnesses will elaborate on innovative 
ideas to help better secure our Nation's ports. I am especially 
interested in ways in which government agencies can work seamlessly 
with each other, work cooperatively with the private sector, and most 
importantly, work efficiently, so as not to expend precious financial 
resources on ineffective projects. Risk management is fundamental to 
securing our Nation's transportation systems.
    Thank you and I look forward to hearing from our witnesses on these 
very important issues.

    The Chairman. Thank you, Senator Hutchison.
    And now to the distinguished Senator Frank Lautenberg.

            STATEMENT OF HON. FRANK R. LAUTENBERG, 
                  U.S. SENATOR FROM NEW JERSEY

    Senator Lautenberg. Thanks, Mr. Chairman.
    And your reminder that your landlocked State has such an 
important port is an important focus on what our ports mean to 
us, and certainly to your State, as you mentioned. My home 
State of New Jersey is, unfortunately, a prime terrorist 
target. In fact, the most at-risk area in the entire country 
for a terrorist attack is the 2-mile stretch from Newark 
Liberty International Airport to the Port of Newark.
    And yesterday, I stood in that port with leaders of the 
Port Authority and those who labor there to provide for 
themselves and their family, and I was reminded again why the 
port is so critical. I'm very familiar with the port there. I 
was a commissioner of the Port Authority, and I ran a good-
sized company in New Jersey, and was aware of the revenue and 
the energy provided by the port. And that port is so critical 
and attractive to those who want to hurt us. They know that the 
lifeblood of not just our region's economy, but our Nation's 
economy exists there.
    The Port of Newark is the largest port on the East Coast, 
generating $20 billion a year in economic activity. An attack 
on this port, or any of the Nation's ports, would be 
devastating. Billions of tons of domestic, important import and 
export cargo pass through American ports and waterways each 
year. And for example, when the Port of Long Beach in 
California shut down because of a labor dispute in 2001, it 
cost the economy a billion dollars a day. The Brookings 
Institution estimated that a detonated weapon of mass 
destruction at any one of our ports could cost the American 
economy a trillion dollars. It's a major responsibility of 
ours--Mr. Chairman, and you wear that mantle well--of ours to 
make sure our ports remain secure.
    The 9/11 Commission underscored that obligation when it 
noted that opportunities to do harm are as great or greater in 
maritime and surface transportation than in aviation. When it 
comes to preventing future terrorist attacks, we dare not leave 
anything to chance. And that's why we passed the SAFE Port Act 
in 2006. That law set out a clear roadmap for the Department of 
Homeland Security to make sure our ports were protected.
    Unfortunately, we're not yet at our destination. We've got 
more work to do. And I'm looking forward to hearing from our 
witnesses about the progress that has been made to meet the 
benchmarks set by that law, and the challenges that remain.
    I'm delighted to have these witnesses here, Mr. Chairman. I 
congratulate you for having this hearing.
    The Chairman. Thank you, Senator.
    And now I think we should move in the direction of 
admirals. Admiral Papp, we look forward to hearing from you.

  STATEMENT OF ADMIRAL ROBERT J. PAPP, COMMANDANT, U.S. COAST 
             GUARD, DEPARTMENT OF HOMELAND SECURITY

    Admiral Papp. Thank you, Mr. Chairman, good afternoon. And, 
to Ranking Member Senator Hutchison, good afternoon to you, 
ma'am, and Senator Lautenberg, our long-time supporter. It's 
good to see you again, sir.
    I'm pleased to appear before you today to discuss this very 
important topic of maritime, homeland, and port security. I 
have an extensive written statement that I've submitted for the 
record, and I would just ask to do a short oral statement to 
open up.
    The Chairman. All statements are in the record.
    Admiral Papp. Thank you.
    I have three issues--three brief issues to address, here. 
First and foremost, the topic of this hearing, which is port 
security, of course. And while we've worked successfully with 
our Federal, State, local, foreign, and international partners 
to construct a robust maritime homeland and port security 
architecture, one of the things that concerns me the most, and 
one of the reasons I'm most grateful for this hearing today, is 
my concerns about complacency.
    One of the things, as the Atlantic Area Commander, that I 
put up on our operations brief every morning, is the number 
3,119. That's the number of days that transpired between the 
first attack on the World Trade Center, in February 1993, and 
then the events of September 11, 2001. And each day, we counted 
the increasing numbers of days that have passed since 9/11. 
Fortunately, we're up, now, to 3,235, so we've surpassed the 
period between the first attack and second attack on the Trade 
Center. But, what that tells me is, as we go longer and longer 
away from that event, we run the risk of our public becoming 
complacent.
    So, Mr. Chairman, you drawing attention to this very 
important topic is good for us, and good for the Nation, and I 
thank you for that.
    As I stated, 3,235 days have passed since 9/11. And while 
we've worked tirelessly to enhance our maritime, homeland, and 
port security, we must not let our guard down. We need to be 
looking to undertake initiatives that will tighten the security 
net in our ports, particularly with respect to the threat posed 
by small vessels. These initiatives include, amongst others, 
continuing to strengthen an already robust Federal, State, and 
local partnerships, working to formalize programs like 
America's Waterways Watch to incorporate the presence of 
professional mariners and recreational boaters into a 
coordinated effort. More vessels on the water can only mean 
greater security.
    Since 9/11, the Coast Guard has exercised its versatile, 
adaptable ships, boats, and aircraft--and, I would say, 
versatile and adaptable people, as well--along with our 
authorities, partnerships, and capabilities, to create a 
layered security triad consisting of maritime security regimes, 
maritime domain awareness, and maritime security operations. 
This maritime triad, as I refer to it, is like a three-legged 
stool; if you forget one of those legs, you're going to subject 
yourself to a lack of success. So, we have to concentrate on 
all three.
    The first leg of the ``stool,'' as I refer to it, is the 
maritime security regimes. Maritime security regimes include 
domestic and international statutes, regulations, and 
agreements. Maritime security regimes constitute the framework 
for coordinating partnerships and establishing enforceable 
maritime security standards. Examples of that, of course, 
include the Maritime Transportation Security Act, the 
international maritime organizations, international ship and 
port facility code, and, of course, the SAFE Port Act.
    The second leg of the ``stool,'' as I refer to it, is 
maritime domain awareness. Interagency operation centers, the 
nationwide automatic identification system, and long-range 
identification and tracking systems, Blue Force Tracking, and 
the America's Waterways Watch Initiative, are also important to 
maritime domain awareness efforts. These initiatives are the 
means to collect, fuse, analyze, and disseminate a common 
operating picture and information, not just to the Coast Guard, 
but to our partners, as well, and to make us all stronger.
    The third leg of this ``stool'' is the Maritime Security 
and Response Operations, or MSRO. These elements include 
coastal and waterway deterrence patrols, high-risk vessel 
escorts, response to threats, and recovery from attacks that 
may occur. The MSRO encompasses military outload security, 
enforcement of fixed security zones, control of port access 
activity and movement, and also includes waterborne security 
boardings, airborne use of force, underwater port security, and 
deliberate contingency and recovery plans and exercises focused 
on regional surge operations.
    Ensuring the availability of the--of our Coast Guard 
cutters, aircraft, boats, and supporting systems and 
infrastructure to conduct these activities has become 
increasingly challenging. As Commandant, I'm committed to 
aggressively recapitalizing our assets to sustain fleet 
readiness and ensure future mission success. This is a top 
priority for me, moving forward.
    Of the three concerns I listed, my second concern is my 
goal of steadying the service. Among other things, consummating 
our modernization effort and consolidating our command-and-
control and mission-support structure within the Coast Guard. 
To complete this modernization effort, which was started under 
my predecessor, we, of course, need the authorization act. You 
giving focus to this and working with the Coast Guard to 
continue the authorization act, moving forward, is deeply 
appreciated, and I look forward to working with you and the 
Committee to complete this very important initiative so that we 
can continue and finalize the structure of our Coast Guard.
    And my last concern is actually a statement of pride. I 
want to tell you how absolutely proud I am of the men and women 
of the Coast Guard. We're now 3 months into the Deepwater 
Horizon response, and a tremendous number of our Reserve and 
active-duty personnel, ships, and aircraft, those same 
versatile and adaptable assets and people I spoke of earlier, 
are deployed to the Gulf in support of the National Incident 
Commander. Our most important mission is to continue our all-
hands-on-deck effort to protect the Gulf, its people, and their 
way of life.
    As a force provider to the National Incident Commander, 
it's my duty, however, to closely monitor the impact of this 
response on our people and our assets. Our Coast Guard men and 
women are focused and committed to accomplishing this all-
important mission. Coastguardsmen were first on scene, 
performing search-and-rescue operations when the Deepwater 
Horizon rig exploded, resulting in the tragic loss of life of 
11 people. And our versatile and adaptable people and assets 
transitioned as this incident evolved into the largest and most 
extensive environmental disaster that our Nation has faced, and 
we are proud that we are leading, along with the Department of 
Homeland Security and across the entire interagency, the 
largest and most comprehensive response. We will be in the Gulf 
until our mission is completed.
    In conclusion, while much has been accomplished, much 
remains to be done. Opportunities remain to strengthen 
relationships, improve maritime domain awareness, recapitalize 
our fleet, enhance public vigilance, and refine collaborative 
security regimes. The Coast Guard, as a component of the 
Department of Homeland Security, is committed to working hand-
in-hand with our many partners to ensure the safety of American 
citizens and our ports and waterways.
    Again, I look forward to working with this committee to 
understand the challenges and to earn your support. I thank you 
for the opportunity to testify today, and I look forward to 
your questions.
    Thank you.
    [The prepared statement of Admiral Papp follows:]

       Prepared Statement of Admiral Robert J. Papp, Commandant, 
           U.S. Coast Guard, Department of Homeland Security
    Good afternoon, Chairman Rockefeller, Ranking Member Hutchison and 
distinguished members of the Committee. I am Robert Papp, Commandant of 
the Coast Guard and I am pleased to be here today to discuss the Coast 
Guard's critical role in protecting one of our Nation's most important 
economic and strategic lifelines, our Marine Transportation System 
(MTS). As the lead Federal agency for U.S. maritime security, the Coast 
Guard works with its port partners to build resiliency into the U.S. 
MTS. We have come a long way in protecting this system and its users; 
however, security challenges remain, and they demand an agile and 
technologically advanced Coast Guard.
Port Security: Mission and Scope
    The Coast Guard's enduring value to the Nation resides in our 
multi-mission authorities, resources and capabilities. The ability to 
field versatile assets and personnel with broad authority is perhaps 
the Federal Government's most important strength in the maritime 
security environment. While each of the Coast Guard's eleven mission 
programs primarily supports safety, security or stewardship, all of our 
missions can serve additional roles. For example, when Coast Guard 
personnel conduct vessel safety inspections, their activities include 
verification of immigration documents and validation of crew manifests. 
The Coast Guard's safety and security authorities are fully integrated, 
providing a suite of unrivaled capabilities to address security in the 
maritime and port environment.


    The Coast Guard primarily addresses MTS security through its Port, 
Waterways and Coastal Security (PWCS) mission, which is carried out 
using the Coast Guard's broad authorities and multi-mission assets. 
PWCS also benefits from other Coast Guard missions, including: Marine 
Safety, Illegal Drug and Migrant Interdiction, Defense Readiness, and 
Aids to Navigation missions.
    The Coast Guard's holistic approach to port security protects 
against internal and cross-border threats, builds versatility, and 
supports the safe flow of lawful travel and commerce. Our efforts are 
focused on preventing and disrupting terrorist attacks and subversive 
acts in the maritime domain and the MTS. Should an attack occur, Coast 
Guard resources and competencies are prepared to contribute to a swift 
response and recovery.
    Critical infrastructure, key resources and large population centers 
within or near America's ports represent vulnerabilities that 
terrorists may seek to exploit. As such, our port security efforts 
leverage the capabilities of the private sector, other Government 
agencies, including the Maritime Administration, and the public to 
multiply our defenses.
    The Coast Guard helps secure over 95,000 miles of coastline, over 
300 ports and over 10,000 miles of navigable waterways. Coast Guard and 
its port partners provide security for myriad landside connections that 
allow the various transportation modes to move people and goods to, 
from, and on the water. More than $958 billion of international 
commerce, including 1.4 billion tons of cargo, is carried within the 
MTS. The Coast Guard regulates protection of more than 8 million cruise 
ship and ferry passengers, accounting for more than 65 million 
passenger-miles a year. The Coast Guard also regulates waterway 
security for numerous boaters operating almost 13 million registered 
recreational vessels. Finally, the Coast Guard protects the movement of 
numerous high-value military vessels and maritime cargo in support of 
ongoing overseas contingency operations.
    The demand for maritime escort and security services continues to 
grow. Over the last few years, for example, Liquefied Natural Gas (LNG) 
imports have doubled, from 1.5 percent to 3 percent of gas used, and 
are estimated to rise to more than 15 percent by 2025. This demand has 
triggered increased applications for facilities and development of new 
facilities, which, in turn, will likely result in an increased number 
of LNG vessel transits. Our challenge is to manage risk and deploy our 
limited assets where they achieve the greatest effect, and to both 
implement effective security measures while supporting the smooth flow 
of legitimate commerce. Under the current policies for Coast Guard 
asset utilization, growth in the maritime industry will increase the 
demand for Coast Guard capabilities, capacity and partnerships.
Mission Elements
    The Coast Guard's role as Lead Federal Agency (LFA) for maritime 
security is embedded within the overarching system of maritime 
governance. The Coast Guard's systematic, maritime governance model for 
port security consists of maritime security regimes, domain awareness, 
and maritime security and response operations, which are carried out in 
a unified effort by international, governmental, and private 
stakeholders. The Coast Guard exercises unique competencies, 
capabilities, authorities, and partnerships in an attempt to help 
reduce the risk of terrorism and related nefarious acts. It also 
engages the private sector through Area Maritime Security Committees, 
implementation of the DHS Small Vessel Security Strategy (SVSS), 
America's Waterway Watch (AWW), and local and regional exercises. The 
SVSS proactively recognizes that small vessels are a potential means 
for exploitation by terrorists, smugglers of weapons of mass 
destruction (WMDs), narcotics, aliens, and other contraband, and other 
criminals and addresses near-shore security concerns and provides a 
coherent framework to improve maritime security and safety.


A System of Maritime Governance
    The Coast Guard has extensive statutory authority, presence, 
command and control capability, and experience in maritime safety and 
security. The Coast Guard employs a holistic layered approach to 
maritime security that is designed to detect, deter, and prevent the 
methods of terror and terrorists as early as possible in the event 
chain. This approach requires rigorous analysis of the terrorist threat 
and corresponding risk-reduction strategies and tactics. It facilitates 
early warning of maritime-related threats originating in other nations 
by way of offshore regions routing into the U.S. For example, through 
the 96-hour advanced notice of arrival process, the Coast Guard is able 
to screen vessels for potential threats far from the Nation's ports. 
Another example of a ``far-from-the-homeland'' element of this layered 
security system is the International Port Security (IPS) Program, which 
verifies that effective antiterrorism measures have been instituted in 
foreign ports to help reduce the risk to U.S. ports.
Port Security--A layered system


    The three major elements of the Coast Guard's maritime security 
strategy are Maritime Security Regimes, Maritime Domain Awareness, and 
Maritime Security and Response Operations.
Maritime Security Regimes
    The Maritime Security Regimes element of the Coast Guard's maritime 
security strategy includes domestic statutes and regulations, and 
international agreements and codes. It is comprised of the ``rules'' to 
coordinate partnerships and establish maritime security standards. 
Regimes represent the framework that complements efforts to conduct 
effective MDA activities and maritime operations. All of the regimes 
associated with all Coast Guard missions also support port security 
effectiveness.
    The 2002 Maritime Transportation Security Act (MTSA) requires that 
ships and port facilities assess their vulnerabilities and develop 
measures to reduce them. The MTSA also requires that the Coast Guard 
periodically assess the effectiveness of antiterrorism measures in both 
U.S. and foreign ports and take action in cases in which effective 
anti-terrorism measures are not in place. In accordance with the 
provisions of the MTSA, the U.S. helped lead the International Maritime 
Organization in the development of an international code, designated 
the International Ship and Port Facility Security Code (ISPS). The ISPS 
Code contains security-related requirements for governments, port 
authorities and shipping companies, together with a series of 
guidelines and recommendations for meeting those requirements. The 
Coast Guard's IPS Program engages with foreign governments and visits 
foreign ports to assess their compliance with the ISPS Code and to 
improve security through dialogue.
    Additionally, MTSA required the development and implementation of 
strategic, regional, vessel and facility security plans to enhance 
maritime transportation security. Area Maritime Security Plans are 
created by committees established by the Coast Guard and comprised of 
Federal, state, tribal, and local agencies and industry 
representatives. The Transportation Workers Identification Credential 
(TWIC) program, a Transportation Security Administration (TSA) 
initiative primarily enforced by the Coast Guard that helps to ensure 
that only properly vetted individuals have access to secure areas at 
ports, furthers the multilayered approach to the safeguarding of U.S. 
ports and maritime critical infrastructure and key resources.
    Various programs and strategies have been developed to address 
specific threats and risks. The SVSS helps to reduce the small vessel 
security threat, and our strategy establishes the rules by which other 
vessels are identified as having a potential terrorism threat.
Maritime Domain Awareness
    Maritime Domain Awareness (MDA), the second major element of the 
Coast Guard's maritime security strategy, supports the development of 
maritime regimes and effective Maritime Security and Response 
Operations. MDA requires that all-source intelligence and broad 
situational awareness be collected, fused, analyzed, and disseminated, 
enabling the United States and other nations to understand activities, 
events, and trends that could threaten their security in the maritime 
and port environment. MDA consists of what is observable and known as 
well as what is anticipated or suspected. Improving MDA requires 
continued development of intelligence capabilities and broader maritime 
situational awareness that leverages Command, Control, Communications, 
Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR) 
capabilities. MDA provides the key Common Operating Picture (COP) of 
conditions and activity across the maritime domain. The COP includes 
information about vessels, cargo, passengers and crew, and shore-side 
infrastructure. As an example of the need for awareness, the Coast 
Guard is keenly interested in the real-time location and movements of 
certain vessels. These include all High Interest Vessels (which may 
pose a threat), High Value Units (certain military vessels), Certain 
Dangerous Cargo Vessels, and High Capacity Passenger Vessels. The 
Maritime Security Risk Analysis Model (MSRAM) is used to analyze and 
calculate risk to maritime critical infrastructure and key resources 
using threat factors provided by the intelligence community. MSRAM 
evaluates the consequence and vulnerability judgments in the field at 
the local, regional and national levels to enhance security risk 
analysis by informing the Common Operating Picture (COP) at the 
tactical, operational and strategic levels.


    Interagency Operations Centers, the Nationwide Automatic 
Identification System, the Long Range Identification and Tracking 
(LRIT) system, and Blue Force Tracking support the MDA effort. These 
initiatives provide high-tech means to collect, fuse, analyze, and 
disseminate COP information and intelligence. Every Coast Guard unit 
has MDA responsibilities and serves as a sensor to increase awareness 
and knowledge of the maritime domain. The AWW initiative enlists public 
support to report suspicious activity on or near ports, docks, marinas, 
riversides, beaches, waterfront communities, or maritime 
infrastructure.
Maritime Security and Response Operations (MSRO)
    The third major element of the Coast Guard's maritime security 
strategy is Maritime Security and Response Operations (MSRO). Ground, 
waterborne, and airborne prevention and response operations are 
conducted to prevent, disrupt and recover from attacks.
    Recognizing that the Coast Guard and its partners cannot be 
everywhere all of the time, the Coast Guard conducts Maritime Security 
and Response Operations based on risk-informed decision-making models.
    Coast Guard forces are trained and equipped to perform MSRO 
activities to enhance the Nation's ability to prevent and respond to 
maritime terrorism events. Specifically, Deployable Operations Group 
(DOG) forces were created to support operational and tactical 
commanders, including DOD and other Federal agencies. DOG forces 
include Maritime Safety and Security Teams, the Maritime Security 
Response Team, Tactical Law Enforcement Teams, Canine Explosive 
Detection Teams, and the National Strike Force.


    MSRO elements include coastal and waterway deterrence patrols, 
high-risk vessel escorts, response to threats, and recovery from 
attacks. MSRO encompasses Military Out-Load security support, 
enforcement of fixed security zones, and control of port access, 
activity, and movement. MSRO also includes waterborne security 
boardings, Airborne Use of Force, underwater port security, deliberate, 
contingency, and recovery planning and exercises, and focused regional 
surge operations. A key element of the offshore portion of the MSRO is 
persistent presence of Coast Guard cutters and aircraft that are 
regularly engaged in multi-mission operations, such as at-sea 
interdiction and enforcement. As appropriate, MSRO forces are being 
equipped to respond to chemical, biological, radiological, nuclear, and 
high-yield explosive threats. The Area Maritime Security Training and 
Exercise Program is also an element of MSRO.
FY 2009 Mission Accomplishments
   The Coast Guard conducted 49,276 armed waterborne patrols 
        projecting presence near maritime critical infrastructure or 
        key resources, 18,690 security boardings of small vessels in 
        and around U.S. ports, waterways, and coastal regions, 4,000 
        escorts of high-capacity passenger vessels, such as ferries and 
        cruise ships, 1,855 security boardings of High Interest Vessels 
        (designated as posing a greater-than-normal risk to the U.S.), 
        1,429 escorts of high-value U.S. naval vessels transiting U.S. 
        waterways, and 660 escorts of vessels carrying Certain 
        Dangerous Cargoes (CDCs).

   In support of Overseas Contingency Operations, the Coast 
        Guard provided waterside security and escorts for 192 military 
        outloads throughout the system of 20 predesignated commercial 
        and military strategic U.S. seaports.

   The Coast Guard's MSRAM continued to support risk management 
        decisions in the execution of the PWCS mission. MSRAM helps 
        prioritize security risk from terrorist attacks by assessing 
        the risk between vastly different critical infrastructure 
        facilities and key resources. MSRAM supported port security 
        grant funding decisions by enabling DHS to compare various 
        ports and determine which ports have the highest risk.

   The Coast Guard expanded its global vessel track picture 
        through Long Range Identification and Tracking (LRIT) for 
        vessels greater than 300 gross tons and improved Automatic 
        Identification System (AIS) data. LRIT began operation in 2008 
        and to date over 750 U.S.-flagged vessels have been certified 
        for carriage. The Coast Guard operates an International Data 
        Exchange (IDE) that routes vessel positioning data among all 
        participating LRIT national and regional data centers, as well 
        as the U.S. national data center. At any given time, the Coast 
        Guard tracks approximately 2,500 foreign flagged LRIT-equipped 
        vessels en route to the U.S. or sailing within 1,000 nautical 
        miles of U.S. territory, as well as U.S. ships around the 
        globe.

   The Coast Guard conducted over 60 international port 
        security visits/evaluations. These visits ensure foreign nation 
        compliance with port and facility protocols to increase the 
        security of commerce bound for the U.S. The Coast Guard also 
        published eight Port Security Advisories (PSAs) to provide 
        guidance to the maritime community on security issues related 
        to piracy.

   The Coast Guard equipped and trained additional air stations 
        around the country to increase its Airborne Use of Force (AUF) 
        capability. AUF-capable helicopters offer a rapid and potent 
        deterrence and response to terrorist threats.

   As of July 15, 2010, the Transportation Security 
        Administration (TSA) has issued nearly 1.5 million 
        Transportation Worker Identification Credential (TWIC). The 
        Coast Guard began full-time enforcement of TWIC regulations 
        nation-wide on April 15, 2009. Since then, the Coast Guard 
        inspected TWICs in port facilities throughout the U.S.

   The Coast Guard updated the Nation's 43 Area Maritime 
        Security Plans in coordination with respective Area Maritime 
        Security Committees. The revisions incorporate lessons learned 
        from recent hurricanes to enhance the recovery of the MTS. Per 
        SAFE Port Act requirements, the plans now integrate the DHS 
        Strategy to Enhance International Supply Chain Security and 
        Salvage Response Plans. The new plans align Coast Guard 
        exercises with the Homeland Security Exercise and Evaluation 
        Program.

   Coast Guard FORCECOM training teams conducted PWCS Weapons 
        of Mass Destruction (WMD) equipment training. 3,826 Coast Guard 
        personnel assigned to boarding teams learned how to use 
        detection gear and properly wear and maintain protective 
        clothing.

   At 12 designated, key seaports, the Coast Guard developed 
        Underwater Terrorism Preparedness Plans. The preparation, 
        maintenance and exercising of these plans increases the Coast 
        Guard's ability to deter and respond to the threat of 
        underwater attack.

   Coast Guard Maritime Force Protection Units (MFPUs) Bangor, 
        WA, and Kings Bay, GA, each received a new 87-foot cutter and 
        64-foot escort boat and crews. MFPUs protect Navy ballistic 
        missile submarines from terrorist and other threats.

   Coast Guard conducted over 14,000 inspections on U.S.-
        flagged vessels.

   Coast Guard conducted 6,900 dockside safety exams on 
        commercial fishing vessels.

   Coast Guard screened over 75,000 foreign vessel arrivals and 
        conducted over 9,500 Safety of Life at Sea (SOLAS) safety 
        compliance exams and over 8,700 ISPS security compliance exams.

   Coast Guard issued 73,168 credentials to qualified merchant 
        mariners, ensuring the safe, secure, and efficient navigation 
        of ships.
Conclusion
    Port security and the resiliency of the MTS rely on an integrated 
approach to safety and security in order to prevent, disrupt or respond 
to terrorist attacks or major marine incidents. The Coast Guard's 
operational model is flexible, adaptive, efficient and capable of 
succeeding in various maritime scenarios to achieve these goals.
    While much has been accomplished to protect the MTS, there is also 
much more to be done. Opportunity remains to strengthen partnerships, 
improve maritime domain awareness through existing sensor integration 
and interagency cooperation, enhance public vigilance, and refine 
collaborative security regimes. The Coast Guard is committed to working 
hand-in-hand with international partners and domestic stakeholders, 
including recreational waterway users, commercial maritime interests 
and law enforcement partners, to ensure a resilient MTS and the safety 
of American citizens. Thank you for the opportunity to testify today. I 
welcome your questions.

    The Chairman. Thank you, Admiral, very much.
    And now Alan Bersin, who is Commissioner of U.S. Customs 
and Border Protection, Homeland Security.

          STATEMENT OF HON. ALAN BERSIN, COMMISSIONER,

              U.S. CUSTOMS AND BORDER PROTECTION,

                DEPARTMENT OF HOMELAND SECURITY

    Mr. Bersin. Good afternoon, Mr. Chairman, Madam Ranking 
Member, Senator Lautenberg.
    As the Commissioner of Customs and Border Protection, it's 
a privilege to appear before you as you take on the important--
indeed, critical--task of taking a look at the SAFE Port Act of 
2006 and preparing for its reauthorization.
    We know that the central challenge here is to secure the 
flow of goods in and out of the United States, and to do so in 
ports that are safe and secure. It seems to us that there is a 
central challenge we must confront, and that will take up much 
of the dialogue we have here this afternoon; which is that we 
must find a way to both enhance the security of our ports and 
the flow of our goods at the same time that we provide for an 
economically prosperous America and an economically competitive 
America.
    From the perspective of Customs and Border Protection, we 
understand the task to consist of two major dimensions: first, 
risk management, and understanding and taking risk management 
and its associated concepts to the next level; and second, 
building on the partnerships that will be essential between the 
private sector and the government to ensure the kind of 
security and facilitation we seek.
    Preventing and disrupting terrorist threats, including 
chemical, radiological, biological, and nuclear attacks, are at 
the core of the CBP mission. We pursue a comprehensive and 
global strategy, as part of the DHS family of agencies, to 
secure containerized cargo. While inspections and operations at 
our ports are a key component of our strategy, to fully meet 
our responsibilities, we must identify and stop threats before 
they arrive at American ports. This requires that we secure the 
flow of cargo at each stage of the supply chain--at the port of 
origin, while in transit, and when it arrives in the United 
States. To accomplish this, CBP pursues a multilayered approach 
to security, using a risk management approach that allows us to 
apply resources to prioritize enforcement objectives.
    At the core of our approach to risk management is the 
notion that our borders are not merely juridical lines on a 
map--they're not simply the physical barriers that separate us 
from foreign nations--but, rather, borders need to be 
conceptualized as the flow of goods and people, and it is the 
job of CBP, in the concert with other agencies in the 
government, to stop dangerous people and dangerous things from 
approaching the homeland and entering our country, doing harm 
to our people.
    At the same time, we have an important role to play in 
trade facilitation, in building an economically prosperous 
America. Although often presented as being in tension or 
conflict, our security and trade facilitation missions, indeed, 
are mutually supportive. By utilizing risk-based strategies and 
applying a multilayered approach, we can focus our time and 
resources on the small percentage of goods that are high-risk 
or about which we know the least, which, in turn, allows us to 
expedite trade that is low-risk or about which we already know 
a great deal.
    Our multilayered approach is based on the following core 
elements: obtaining information about the cargo, and those 
involved in moving it, early in the process; using advanced 
targeting techniques and sophisticated logarithms to assess 
risk in building a knowledge base about the people and the 
companies involved in the supply chain; partnering with the 
private sector to secure that supply chain; collaborating with 
other Federal agencies and departments, such as the U.S. Coast 
Guard, the Food and Drug Administration, the Consumer Product 
Safety Commission, Immigration and Customs Enforcement, and the 
Department of Agriculture, among 40 other agencies for which 
CBP serves as the executive agent at our ports of entry--
seaports, landports, and airports; working with foreign 
governments to foster an effective working relationship between 
and among customs regimes; and maintaining robust inspection 
regimes, including non-intrusive inspection equipment and 
radiation detection technologies, at our ports of entry.
    As detailed in my written statement, which the Chairman has 
deemed accepted, we're pursuing a number of different 
initiatives as part of our approach to secure containerized 
cargo. Some of the more notable are trusted-shipper programs, 
the Customs-Trade Partnership Against Terrorism, C-TPAT, and 
the prescreening programs, Container Security Initiative, and 
the Secure Freight Initiative.
    Frankly, Mr. Chairman, Ranking Member Hutchison, it's time 
that we look at these programs, brilliantly conceived and 
supported by the Congress, that need to get to the next 
generation. We need to get to the next level of Secure Freight 
Initiative, CSI, and C-TPAT.
    We must also leverage the unique capabilities of the 
National Targeting Center Cargo to proactively analyze advance 
cargo information using the Automated Targeting System before 
shipments reach the United States.
    As you know, CBP requires advance electronic cargo 
information for all inbound shipments in all modes of 
transportation, and then uses advance targeting to identify 
potential threats. This is the essence of the risk management 
process.
    We require the electronic transmission of data, as mandated 
by the SAFE Port Act, through the Importer Security Filing and 
Additional Carrier Requirements rule, the so-called ``10 plus 
2,'' which went into full effect in January of this year. With 
10 additional data elements from the importer and 2 from the 
carrier regarding the stowage plan, ``10 plus 2'' allows CBP 
targeting specialists to identify risk factors earlier in the 
supply chain and further in time and space from the U.S. 
homeland.
    And finally, I know that the 100-percent scanning 
requirement, as a matter of law, remains of interest to this 
Congress and to our Department. We have been advancing the 
screening requirement through pilot projects at five foreign 
seaports. We've learned much from these pilots, but they have 
also demonstrated a number of significant challenges to the 
100-percent requirement. These include limitations with 
currently available technology, logistical challenges with the 
design and layout of foreign ports, and the high cost of 
implementation. As Secretary Napolitano has informed the 
Congress, the Department will need to seek the time extensions 
authorized by law as we work with the Congress to a more 
permanent solution to the issues of security at our ports. The 
Secretary, as you know, is committed to working with the 
Congress on this issue.
    Mr. Chairman, members of the Committee, thank you again for 
this opportunity. I look forward to our dialogue and to 
responding to your questions regarding the terms and conditions 
of the reauthorization of the SAFE Port Act.
    Thank you, sir.
    [The prepared statement of Mr. Bersin follows:]

Prepared Statement of Hon. Alan Bersin, Commissioner, U.S. Customs and 
           Border Protection, Department of Homeland Security
    Chairman Rockefeller, Ranking Member Hutchison, esteemed members of 
the Committee, it is a privilege and an honor to appear before you 
today to discuss U.S. Customs and Border Protection's (CBP) work to 
secure the flow of goods into and out of the United States--preventing 
smuggling and protecting the country from dangerous shipments while 
expediting legitimate commerce. CBP pursues a multilayered approach to 
security, using a risk management approach that allows us to 
strategically apply resources to prioritized enforcement objectives and 
threats.
    CBP is at the frontline of protecting the Nation from threats, 
including those posed by containerized cargo. At the core of that 
mission is preventing chemical, radiological, biological, and nuclear 
threats, and preventing and disrupting terrorist attacks arising from 
border crossings. We also stem the illegal flow of drugs, contraband 
and people, protect our agricultural and economic interests from 
harmful pests and diseases, protect American businesses from theft of 
their intellectual property, enforce textile agreements, determine and 
track import safety violations, regulate and facilitate international 
trade, collect import duties, facilitate legitimate travel, and enforce 
U.S. trade laws. In Fiscal Year 2009, CBP screened 100 percent of the 
maritime containers arrived at our seaports through our multilayered 
approach--9.8 million in all.
    While security is our core mission, CBP also has important trade 
responsibilities. Our security and trade facilitation missions are 
mutually supportive: by utilizing risk-based strategies, and applying a 
multilayered approach, we can focus our time and resources on the small 
percentage of goods that are high-risk or about which we know the 
least, which in turn allows us to expedite trade that is low-risk or 
about which we already know a great deal.
Overview of CBP Approach
    We are operating in the age of integrated global supply chains, and 
our approach to this environment must be equally comprehensive and 
global. While inspections and operations at our ports are a key 
component of our strategy, to fully meet our responsibilities, we must 
identify and stop threats before they arrive at American ports. This 
requires that we secure the flow of cargo at each stage of the supply 
chain--at the point of origin, while in transit, and when it arrives in 
the United States.
    Our multilayered security approach involves:

   Obtaining information about cargo and those involved in 
        moving it early in the process;

   Using advanced targeting techniques to assess risk and 
        building a knowledge base about the people and companies 
        involved in the supply chain;

   Fostering partnerships with the private sector and 
        collaborating with other Federal agencies and departments, such 
        as the U.S. Coast Guard, Department of Health and Human 
        Services, the Consumer Product Safety Commission, Immigration 
        and Customs Enforcement, and the Department of Agriculture, and 
        with foreign governments, including through information 
        sharing;

   Expanding enforcement efforts to points earlier in the 
        supply chain than simply our borders; and

   Maintaining robust inspection regimes, including non-
        intrusive inspection equipment and radiation detection 
        technologies, at our ports of entry.

    We have asked the trade community to assume its fair share of the 
burden as well, to exercise reasonable care in customs matters, to 
provide information to better understand the parties to a transaction, 
and to invest in the resources necessary to keep up with current 
requirements. CBP strives to provide an environment built upon 
predictability, transparency, and uniformity in the importing process. 
We weigh the cumulative costs of our decisions on business and, when 
possible, provide for simplified commercial processing. CBP and the 
trade community must be partners, leveraging both parties' expertise.
    In addition to addressing security concerns, CBP has also been 
aggressive in addressing other public safety concerns, such as product 
safety. CBP has established the Commercial Targeting and Analysis 
Center (CTAC), which is solely dedicated to import safety concerns. The 
Import Safety CTAC serves as a fusion center for CBP and other 
government agencies--including the Consumer Product Safety Commission, 
the Food and Drug Administration and the Food Safety Inspection 
Service--to combine resources and manpower to protect the American 
public from harm that could be caused by unsafe imported products. CBP 
looks forward to the expansion of this targeting center to include the 
participation of additional agencies.
    With that background, I would like to discuss the operational 
initiatives that help us fulfill the security, trade and public safety 
missions I have outlined.
Advance Information
    CBP requires advanced electronic cargo information, as mandated in 
the Trade Act of 2002 (24-Hour Rule, through regulations), for all 
inbound shipments in all modes of transportation. CBP requires the 
electronic transmission of additional data, as mandated by the SAFE 
Port Act, through the Importer Security Filing and Additional Carrier 
Requirements rule (Security Filing ``10+2''), which became effective as 
an Interim Final Rule on January 26, 2009, and went into full effect on 
January 26, 2010. Under the Security Filing ``10+2'' rule, importers 
are responsible for supplying CBP with ten trade data elements 24 hours 
prior to vessel lading, and ocean carriers are required to provide 
their vessel stow plans no later than 48 hours after departure and 
their container status messages no later than 24 hours after creation 
or receipt. This advance data allows CBP targeting specialists to 
identify risk factors earlier in the supply chain. Security Filing 
``10+2'' joins the 24 hour rule, and the C-TPAT program and CSI 
discussed below, in collecting advanced information to improve CBP's 
targeting efforts.
    As part of CBP's layered targeting strategy, the National Targeting 
Center--Cargo (NTC-C) proactively analyzes advance cargo tactical and 
strategic information using the Automated Targeting System (ATS) before 
shipments reach the United States. ATS provides uniform review of cargo 
shipments for identification of the highest threat shipments, and 
presents data in a comprehensive, flexible format to address specific 
intelligence threats and trends. Through targeting rules, the ATS 
alerts the user to data that meets or exceeds certain predefined 
criteria. National targeting rule sets have been implemented in ATS to 
provide threshold targeting for national security risks for all modes 
of transportation--sea, truck, rail, and air. ATS is a decision support 
tool for CBP officers working in the NTC-C and in Advanced Targeting 
Units at our ports of entry and CSI ports abroad.
    Once NTC-C has analyzed the advanced information using ATS and 
other tools, intelligence briefs are created and disseminated to 
officers in the field. This information is used by CBP and other 
agencies to support enforcement actions, such as seizures and arrests.
    NTC-C has established partnerships and liaisons with other 
agencies, both domestically and abroad. Partnerships with Immigration 
and Customs Enforcement, the Drug Enforcement Administration, the 
Financial Crimes Enforcement Network, the Department of Commerce, and 
the Department of Health and Human Services promote information sharing 
and the exchange of best practices, while collaboration with foreign 
governments results in seizures and detection of threats at our borders 
and in foreign ports.
Customs Trade Partnership Against Terrorism (C-TPAT)
    CBP works with the trade community through the Customs Trade 
Partnership Against Terrorism (C-TPAT), a voluntary public-private 
partnership program wherein some members of the trade community adopt 
tighter security measures throughout their international supply chain 
and in return are afforded benefits such as reduced exams, front of 
line examination privileges to the extent possible and practical, and 
an assigned Supply Chain Security Specialist who helps them maintain 
compliance. C-TPAT has enabled CBP to leverage private sector resources 
to enhance supply chain security.
    Prospective C-TPAT members submit basic company information and a 
security profile through an Internet-based portal system. CBP conducts 
records checks on the company in its law enforcement and trade 
databases and ensures the company meets the security criteria for its 
particular business sector. Members who pass extensive vetting are 
certified into the program. Using a risk-based approach, CBP Supply 
Chain Security Specialists conduct on-site visits of foreign and 
domestic facilities to confirm that the security practices are in place 
and operational.
    C-TPAT has been a success--membership in the program has grown from 
7 companies in its first year to 9,897 as of July 8, 2010. C-TPAT's 
certified partners include 4,416 importers, 2,739 carriers, 843 
brokers, 809 consolidators/third-party logistic providers, 59 Marine 
Port Authority and Terminal Operators, and 1,031 foreign manufacturers. 
C-TPAT has conducted 15,207 onsite validations of manufacturing and 
logistics facilities in 90 countries. Of those in the program, 313 C-
TPAT importer partners have been granted the highest level of program 
benefits having qualified for Tier 3 status, which means that these 
companies have exceeded C-TPAT's security requirements.
    Additionally, CBP is working with foreign partners to establish bi-
national recognition and enforcement of C-TPAT. CBP currently has 
signed mutual recognition agreements with New Zealand (2007), Canada 
(2008), Jordan (2008), Japan (2009), and Korea (2010). We are 
continuing to work toward similar recognition with the European Union 
and other countries.
Container Security Initiative
    CBP partners with foreign governments through the Container 
Security Initiative (CSI) to prevent and deter terrorist threats before 
they reach American ports. CSI enables CBP to identify and inspect 
high-risk U.S.-bound cargo containers at foreign ports prior to 
departure. Through CSI, CBP stations multidisciplinary teams of 
officers to work with host country counterparts to identify and examine 
containers that are determined to pose a high risk for terrorist 
activity. CSI, the first program of its kind, was announced in January 
2002 and is currently operational in 58 foreign seaports--covering more 
than 80 percent of the maritime containerized cargo shipped to the 
United States.
    CBP officers stationed at CSI ports, with assistance from CSI 
targeters at the National Targeting Center-Cargo (NTC-C), review 100 
percent of the manifests originating and/or transiting those foreign 
ports for containers that are destined for the United States. In this 
way, CBP identifies and examines high risk containerized maritime cargo 
prior to lading at a foreign port and before shipment to the United 
States. In FY 2009, CBP officers stationed at CSI ports reviewed over 9 
million bills of lading and conducted over 56,000 exams in conjunction 
with their host country counterparts.
    As the CSI program has matured, CBP looked for opportunities to 
increase efficiencies and reduce costs by shifting functions to the 
NTC-C. CBP's ability to target high risk containers has progressed to 
the point that much of the work can be done from CBP's U.S. location 
rather than through a physical presence overseas. CBP is exploring 
opportunities to utilize emerging technology in some locations, which 
will allow the program to become more efficient and less costly. In 
January 2009, CBP began to reduce the number of personnel stationed 
overseas who perform targeting functions, increasingly shifting the 
targeting of high risk containers to personnel stationed at the NTC-C. 
This shift in operations reduces costs without diminishing the 
effectiveness of the CSI program. CBP will remain operational in all 58 
locations in Fiscal Year 2011 with sufficient personnel in country to 
conduct the examinations of high risk shipments with the host 
government and to maintain relationships with their host-country 
counterparts.
Secure Freight Initiative
    The Secure Freight Initiative (SFI) is an effort to enhance the 
U.S. government's ability to scan containers for nuclear and 
radiological materials at seaports worldwide and better assess the risk 
of inbound containers. This initiative is the culmination of our work 
with other Federal agencies, foreign governments, the trade community, 
and vendors of cutting-edge technology. SFI provides carriers of 
maritime containerized cargo greater confidence in the security of the 
shipment they are transporting, and increases the likelihood of an 
uninterrupted and secure flow of commerce.
    In advancing the goal of 100 percent scanning, the Secure Freight 
Initiative (SFI) deploys networks of radiation detection, provided by 
the Department of Energy, our partner in SFI, and imaging equipment at 
five overseas pilot ports. This advanced pilot has encountered a number 
of serious challenges to implementing the 100 percent scanning mandate.
    Certain challenges are logistical. Many ports simply do not have 
one area through which all the cargo passes; there are multiple points 
of entry, and cargo is ``transshipped,'' meaning it is moved 
immediately from vessel to vessel within the port. These ports are not 
configured to put in place detection equipment or to provide space for 
secondary inspections. At these ports, scanning 100 percent of cargo 
with current systems is currently unworkable without seriously 
hindering the flow of shipments or redesigning the ports themselves, 
which would require huge capital investment.
    Other challenges are the limitations that are inherent in available 
technology. DHS currently uses both passive radiation detection and 
active x-ray scanning to look for radioactive material in cargo. An 
important obstacle is the absence of x-ray scanning technology which 
can effectively and automatically detect suspicious anomalies within 
cargo containers that should trigger additional inspection. Currently, 
DHS personnel visually inspect screens for possible anomalies, but the 
scale and the variety of container cargo make this process challenging 
and time-consuming. In addition, current x-ray systems have limited 
penetration capability; this can limit their ability to find a device 
in very dense cargo.
    While DHS is pursuing technological solutions to these problems, 
expanding screening with available technology would slow the flow of 
commerce and drive up costs to consumers without bringing significant 
security benefits.
    Finally, and on that note, the costs of 100 percent scanning pose a 
great challenge, particularly in a struggling economy. Deploying SFI-
type scanning equipment would cost about $8 million per lane for the 
more than 2,100 shipping lanes at more than 700 ports around the world 
that ship to the United States. On top of these initial costs, 
operating costs would be very high. These include only DHS expenses, 
not the huge costs that would have to be borne by foreign governments 
or industry. It is also important to keep in mind that about 86 percent 
of the cargo shipped to the United States is sent from only 58 of those 
more than 700 ports. Installing equipment and placing personnel at all 
of these ports--even the tiny ones--would strain government resources 
without a guarantee of results.
    Thus, in order to implement the 100 percent scanning requirement by 
the 2012 deadline, DHS would need significant resources for greater 
manpower and technology, technologies that do not currently exist, and 
the redesign of many ports. As Secretary Napolitano has indicated, 
these are all prohibitive challenges that will require the Department 
to seek the time extensions authorized by law.
Non Intrusive Inspection/Radiation Detection Technology
    The deployment of imaging systems and radiation detection equipment 
has made a tremendous contribution to CBP's progress in securing the 
supply chains that bring goods into the United States from around the 
world against exploitation by terrorist groups. Non-Intrusive 
Inspection (NII) technology serves as a force multiplier that allows 
officers to detect possible anomalies between the contents of a 
container and the manifest. CBP's use of NII allows us to work smarter 
and more efficiently in recognizing potential threats.
    CBP has aggressively deployed NII and RPM technology. Prior to 9/
11, not a single Radiation Portal Monitor (RPM), and only 64 large-
scale NII systems, were deployed to our country's borders. Today, CBP 
uses RPMs to scan 99 percent of all cargo arriving in the U.S. by land 
and sea. CBP, in partnership with the DHS Domestic Nuclear Detection 
Office (DNDO) and Pacific Northwest National Laboratory (PNNL), has 
deployed 493 RPMs at northern border land ports of entry; 392 RPMs at 
southern border land ports of entry; 451 RPMs at seaports; and 52 RPMs 
at mail facilities. Currently, CBP has 267 large-scale NII systems 
deployed. Additionally, CBP has deployed over 1,700 Radiation Isotope 
Identifier Devices (RIIDs) and over 20,000 Personal Radiation Detectors 
(PRDs). These devices allow CBP to examine 100 percent of all 
identified high-risk cargo. To date, CBP has used the deployed NII 
systems to conduct over 42 million examinations, resulting in over 
8,300 narcotic seizures, with a total weight of over 2.6 million 
pounds, and over $28.6 million in undeclared currency seizures. Since 
RPM program inception in 2002, CBP has scanned over 438 million 
conveyances for radiological contraband, resulting in over 2.7 million 
alarms. CBP's Laboratories and Scientific Services 24/7 Teleforensic 
Center spectroscopy group at the National Targeting Center has 
responded to over 23,000 requests from the field for technical 
assistance in resolving alarms. To date, 100 percent of alarms have 
been successfully adjudicated as innocent, legitimate trade, legitimate 
transportation, or non-terrorism related.
Conclusion
    Mr. Chairman, Members of the Committee, thank you again for this 
opportunity to testify about CBP's commitment to enhancing cargo 
security. We look forward to continuing to work with the Committee on 
this issue. I will be happy to answer any of your questions.

    The Chairman. Thank you, sir.
    And then, finally, we hear from Stephen Caldwell, who is 
Director, Homeland Security and Justice Issues, working in the 
U.S. Government Accountability Office, known as the GAO.


          STATEMENT OF STEPHEN L. CALDWELL, DIRECTOR,

             HOMELAND SECURITY AND JUSTICE ISSUES,

             U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Caldwell. Thank you very much, Chairman Rockefeller. 
And nice to be here, Senator Hutchison and Senator Lautenberg.
    Let me summarize my written statement, which has four main 
topics: risk management, the small vessel threat, foreign port 
security, and container security.
    Risk management, as required by the Homeland Security Act, 
should continue to be the guiding principle, in terms of 
protecting our ports and the seas beyond. Since GAO's original 
work looking at risk management used in ports and for other 
infrastructure, the Coast Guard has made a great deal of 
progress in developing models and methodologies that can be 
used, not only to assess risk, but to adjust operations and 
make resource decisions.
    I think the important thing for all of us to remember about 
risk management is it's about managing risks, not eliminating 
them. Risk management will still require some level of judgment 
by our government officials and other maritime stakeholders. We 
won't be able to prevent all threats at all times. At the 
Committee's request, we plan to conduct additional work at 
ports, which, among other things, will look at how the Coast 
Guard is using MSRAM to adjust risks, and even reduce them.
    In terms of the small vessel threat, this continues to be 
one of the most vexing problems in security in our ports and 
coastal areas. Our small boats are large in number, anonymous 
in their movement, and ominous in their capabilities.
    Current systems for tracking vessels, in some ways, are 
geared more for tracking the vessels as targets than they are 
for tracking the small vessels that might be attacking them. 
While the Coast Guard has activities in place to provide 
waterborne escorts to protect cruise ships and hazardous 
tankers, the Coast Guard does not have the resources to escort 
all of them. Even in places with robust State and local law 
enforcement assistance, it would be very difficult to prevent 
an unexpected attack by a determined terrorist group using 
small vessels. Some steps to mitigate the risks have already 
been mentioned, such as expanding America's Waterway Watch 
Program, and another one would be to expand District 11's 
``Operation Focused Lens'' Program. It has now been 2 years 
since DHS issued its Small Vessel Security Strategy, so we look 
forward for the Department to issue the implementation plan to 
go with it.
    Security in our home ports begins at the foreign ports, 
where crews and cargoes and passengers are loaded on vessels 
that are bound for the United States. The Coast Guard's program 
for assessing the security at foreign ports has matured 
considerably, as they are now in their third round of visits. 
Despite the progress, there will always be some inherent 
challenges in this program, related to foreign nation 
sovereignty as well as their own resource limitations. Coast 
Guard visits to these nations are always going to be somewhat 
limited in scope and duration, so they will remain a snapshot 
of security in place at the ports we visit and when we visit.
    As we indicated in our earlier report, this is an area 
where the Coast Guard could benefit from risk management, 
concentrating its efforts on nations where perhaps risks are 
the greatest.
    Regarding container security, the statutory requirement to 
double-scan 100 percent of all inbound containers continues to 
be a difficult issue, as Mr. Bersin has already noted. While 
two of the Secure Freight Initiative pilot ports achieved 
relatively high levels of scanning, the other pilot ports ran 
into a number of implementation problems.
    In its most recent budget, CBP proposed to downgrade three 
of the SFI ports to the CSI level, and the budget did not have 
any new funds for the Strategic Trade Corridor, which the 
Secretary had previously approved as one potential way to 
advance toward 100-percent scanning.
    Our most recent report on SFI made recommendations to CBP 
to conduct feasibility analysis, improve some of their cost 
estimates, conduct certain economic analysis, and provide 
different alternatives to Congress. And this hearing may, in 
some ways, help advance that last recommendation.
    Some of the alternative solutions suggested by CBP to the 
100-percent scanning, such as ``10 plus 2'' and improved 
technologies, for both containers themselves and for the 
scanning equipment, are being pursued. We have work underway on 
all of these efforts, and will complete those reports later 
this year.
    In closing, thank you very much for letting me appear here, 
and I'm happy to answer any questions about GAO's work on 
maritime security.
    Thank you.
    [The prepared statement of Mr. Caldwell follows:]

Prepared Statement of Stephen L. Caldwell, Director, Homeland Security 
       and Justice Issues, U.S. Government Accountability Office
    Mr. Chairman and members of the Committee:
    I am pleased to be here today to discuss port security issues and 
their related challenges. Ports, waterways, and vessels are part of an 
economic engine handling more than $700 billion in merchandise 
annually, according to the Department of Homeland Security (DHS), and 
an attack on this system could have a widespread impact on global 
shipping, international trade, and the global economy. Balancing 
security concerns with the need to facilitate the free flow of people 
and commerce remains an ongoing challenge for the public and private 
sectors alike. Within DHS, component agencies have responsibility for 
securing the maritime environment. The U.S. Coast Guard is responsible 
for protecting the public, the environment, and U.S. economic and 
security interests in any maritime region in which those interests may 
be at risk, including America's coasts, ports, and inland waterways. 
U.S. Customs and Border Protection (CBP) is responsible for keeping 
terrorists and their weapons out of the United States, securing and 
facilitating trade, and cargo container security.
    Various laws have been enacted since the September 11, 2001 
terrorist attacks to strengthen port security. The Homeland Security 
Act of 2002 \1\ charges DHS with establishing a risk management 
framework across the Federal Government to protect the Nation's 
critical infrastructure and key resources. In addition, much of a new 
port security framework was set in place by the Maritime Transportation 
Security Act of 2002 (MTSA).\2\ Enacted in November 2002, MTSA was 
designed, in part, to help protect the Nation's ports and waterways 
from terrorist attacks by requiring a wide range of security 
improvements. Among the requirements included in MTSA were: (1) 
conducting vulnerability assessments for port facilities and vessels; 
(2) developing security plans to mitigate identified risks for the 
national maritime system, ports, port facilities, and vessels; and (3) 
establishing a process to assess foreign ports from which vessels 
depart on voyages to the United States. The Security and Accountability 
For Every (SAFE) Port Act of 2006 later directed the Secretary of 
Homeland Security to, among other things, increase the security of 
container cargo bound for the United States by requiring CBP to 
establish a pilot program to test the feasibility of scanning 100 
percent of U.S.-bound containers at foreign ports.\3\ Further, in 
August 2007, the Implementing Recommendations of the 9/11 Commission 
Act were enacted and provide, among other things, that by July 2012, a 
container loaded on a vessel in a foreign port shall not enter the 
United States unless that container is scanned before it is loaded onto 
the vessel.\4\
---------------------------------------------------------------------------
    \1\ Pub. L. No. 107-296,  201, 116 Stat. 2135, 2144 (2002).
    \2\ Pub. L. No. 107-295, 116 Stat. 2064 (2002).
    \3\ Pub. L. No. 109-347,  231, 120 Stat. 1884, 1915-16 (2006).
    \4\ Pub. L. No. 110-53,  1701(a), 121 Stat. 266, 489-90 (2007). 
The law defines scanning to be an examination with both nonintrusive 
imaging equipment and radiation detection equipment. In addition, while 
the law states that cargo containers are not to enter the United States 
unless they were scanned at a foreign port, actual participation in the 
program by sovereign foreign governments and ports is voluntary.
---------------------------------------------------------------------------
    My statement today is based on related GAO reports and testimonies 
issued from December 2005 through June 2010 addressing risk management 
and port security, and also includes selected updates--conducted in 
July 2010--to the information provided in these products and on the 
actions agencies have taken to address recommendations made in these 
products that are also discussed in this statement. These products 
include our assessment of the progress that DHS and its component 
agencies have made to strengthen port security, the challenges that 
remain, and recommendations for improvement.\5\ The details on the 
scope and methodology for those reviews are available in our published 
products. The selected updates include a review of: (a) the Coast 
Guard's and CBP's Fiscal Year 2011 Congressional budget justification 
and (b) CBP's Fiscal Year 2010 Report to Congress on supply chain 
security. In particular, my statement addresses the extent to which DHS 
and its component agencies have made progress and face challenges 
regarding: (1) strengthening risk management, (2) reducing the risk of 
small-vessel threats,\6\ (3) implementing foreign port assessments, and 
(4) enhancing supply chain security. We conducted this work in 
accordance with generally accepted government auditing standards.
---------------------------------------------------------------------------
    \5\ See the list of related GAO products at the end of this 
statement.
    \6\ According to DHS's Small Vessel Security Strategy, ``small 
vessels'' are characterized as any watercraft--regardless of method of 
propulsion--less than 300 gross tons, and used for recreational or 
commercial purposes.
---------------------------------------------------------------------------
    In summary, DHS and its components agencies--the Coast Guard and 
CBP--have taken various actions to implement port security legislation 
and enhance port security. These efforts include: (1) the Coast Guard's 
development of a risk assessment model to help prioritize limited 
resources; (2) DHS and the Coast Guard's development of a strategy and 
programs to reduce the risks associated with small vessels, such as a 
community outreach program, vessel tracking systems, and security 
operations; (3) the Coast Guard's implementation of the International 
Port Security Program to assess security measures in foreign ports; and 
(4) CBP's efforts to scan U.S.-bound cargo containers. Although these 
initiatives have helped to improve port security, challenges remain, 
including resource constraints; the lack of technology to track and 
identify small vessels; sovereignty concerns over the Coast's Guard's 
visits to foreign ports; and a variety of political, logistical, and 
technological barriers to scanning all cargo containers. We have made 
recommendations to DHS in prior reports to help address these 
challenges, and DHS generally concurred with our recommendations in 
these reports.
The Coast Guard Has Made Progress in Improving Its Risk Management
    In December 2005, we reported that risk management, a strategy for 
helping policymakers make decisions about assessing risks, allocating 
resources, and taking actions under conditions of uncertainty, had been 
endorsed by Congress and the President as a way to strengthen the 
Nation against possible terrorist attacks against ports and other 
infrastructure.\7\ Risk management has long been used in such areas as 
insurance and finance, but at the time its application to domestic 
terrorism had no precedent. We noted that unlike storms and accidents, 
terrorism involves an adversary with deliberate intent to destroy, and 
the probabilities and consequences of a terrorist act are poorly 
understood and difficult to predict. The size and complexity of 
homeland security activities and the number of organizations involved--
both public and private--add another degree of difficulty to the task.
---------------------------------------------------------------------------
    \7\ GAO, Risk Management: Further Refinements Needed to Assess 
Risks and Prioritize Protective Measures at Ports and Other Critical 
Infrastructure, GAO-06-91 (Washington, D.C.: Dec. 15, 2005).
---------------------------------------------------------------------------
    We have examined Coast Guard efforts to implement risk management 
for a number of years, noting how the Coast Guard's risk management 
framework developed and evolved. In 2005, we reported that of the three 
components GAO reviewed--the Coast Guard, the Office for Domestic 
Preparedness (this office's function is now within the Federal 
Emergency Management Agency), and the Information Analysis and 
Infrastructure Protection Directorate (now the National Protection and 
Preparedness Directorate)--the Coast Guard had made the most progress 
in establishing a foundation for using a risk management approach. 
While the Coast Guard had made progress in all five risk management 
phases,\8\ its greatest progress had been made in conducting risk 
assessments--that is, evaluating individual threats, the degree of 
vulnerability in maritime facilities, and the consequences of a 
successful attack.\9\ However, we reported that those assessments were 
limited because they could not compare and prioritize relative risks of 
various infrastructures across ports. At the time the Coast Guard had 
actions under way to address the challenges it faced in each risk 
management phase and we did not make recommendations in those areas 
where the Coast Guard had actions well under way. Several of these 
actions were based, in part, on briefings GAO held with agency 
officials. Our recommendations were designed to spotlight those areas 
in which additional steps were most needed to implement a risk 
management approach to Coast Guard port security activities. We 
recommended that the Coast Guard take action to:
---------------------------------------------------------------------------
    \8\ The five phases of the risk management framework developed by 
GAO are: (1) setting strategic goals and objectives, and determining 
constraints; (2) assessing the risks; (3) evaluating alternatives for 
addressing these risks; (4) selecting the appropriate alternatives; and 
(5) implementing the alternatives and monitoring the progress made and 
results achieved.
    \9\ Risk assessment is a function of: (1) threat--the likelihood 
that a particular asset, system, or network will suffer an attack or an 
incident; (2) vulnerability--the likelihood that a characteristic of, 
or flaw in, an asset's, system's, or network's design, location, 
security posture, process, or operation renders it susceptible to 
destruction, incapacitation, or exploitation by terrorist or other 
intentional acts, mechanical failures, and natural hazards; and (3) 
consequence--the negative effects on public health and safety, the 
economy, public confidence in institutions, and the functioning of 
government, both direct and indirect, that can be expected if an asset, 
system, or network is damaged, destroyed, or disrupted by a terrorist 
attack, natural disaster, or other incident.

   establish a stronger linkage between local and national risk 
        assessment efforts--an action that could involve, for example, 
        strengthening the ties between local assessment efforts, such 
        as area maritime security plans, and national risk assessment 
---------------------------------------------------------------------------
        activities; and

   ensure that procedures for evaluating alternatives and 
        making management decisions consider the most efficient use of 
        resources--actions that could entail, for example, refining the 
        degree to which risk management information is integrated into 
        the annual cycle of program and budget review.

    Since we made those recommendations, both DHS and the Coast Guard 
have made progress implementing a risk management approach toward 
critical infrastructure protection. In 2006, DHS issued the National 
Infrastructure Protection Plan (NIPP), which is DHS's base plan that 
guides how DHS and other relevant stakeholders should use risk 
management principles to prioritize protection activities within and 
across each critical infrastructure sector in an integrated and 
coordinated fashion.\10\ In 2009, DHS updated the NIPP to, among other 
things, increase its emphasis on risk management, including an expanded 
discussion of risk management methodologies and discussion of a common 
risk assessment approach that provided core criteria for these 
analyses.\11\ For its part, the Coast Guard has made progress assessing 
risks and integrating the results of its risk management efforts into 
resource allocation decisions. Regarding risk assessments, the Coast 
Guard transitioned its risk assessment model from the Port Security 
Risk Assessment Tool (PS-RAT) to the Maritime Security Risk Assessment 
Model (MSRAM). In 2005 we reported that the PS-RAT was designed to 
allow ports to prioritize resource allocations within, not between, 
ports to address risk most efficiently. However, the new MSRAM can 
assess risk across ports and is used by every Coast Guard unit and 
assesses the risk--threats, vulnerabilities, and consequences--of a 
terrorist attack based on different scenarios; that is, it combines 
potential targets with different means of attack, as recommended by the 
NIPP. The Coast Guard uses the model to help implement its strategy and 
concentrate maritime security activities when and where relative risk 
is believed to be the greatest. According to the Coast Guard, the 
model's underlying methodology is designed to capture the security risk 
facing different types of targets, allowing comparison between 
different targets and geographic areas at the local, regional, and 
national levels. We have also reported that the Federal Emergency 
Management Agency has included MSRAM results in its Port Security Grant 
Program guidelines as one of the data elements included in determining 
grant awards to assist in directing grants to the ports of greatest 
concern or at highest risk.
---------------------------------------------------------------------------
    \10\ Critical infrastructure are systems and assets, whether 
physical or virtual, so vital to the United States that their 
incapacity or destruction would have a debilitating impact on national 
security, national economic security, national public health or safety, 
or any combination of those matters. Homeland Security Presidential 
Directive 7 divided up the critical infrastructure in the United States 
into 17 industry sectors, such as transportation, energy, and 
communications, among others. In 2008, DHS established an 18th sector--
Critical Manufacturing.
    \11\ The framework for the updated NIPP includes six components: 
(1) set goals and objectives; (2) identify assets, systems, and 
networks; (3) assess risks; (4) prioritize; (5) implement programs; and 
(6) measure effectiveness. See GAO, Critical Infrastructure Protection: 
Update to National Infrastructure Protection Plan Includes Increased 
Emphasis on Risk Management and Resilience, GAO-10-296 (Washington, 
D.C.: Mar. 5, 2010).
---------------------------------------------------------------------------
    With regard to the integration of risk management results into the 
consideration of risk mitigation alternatives and the management 
selection process, Coast Guard officials stated that the Coast Guard 
uses MSRAM to inform allocation decisions, such as the deployment of 
local resources and grants. We have also reported that at the national 
level, the Coast Guard uses MSRAM results for: (1) long-term strategic 
resource planning, (2) identifying capabilities needed to combat future 
terrorist threats, and (3) identifying the highest-risk scenarios and 
targets in the maritime domain. For example, Coast Guard officials 
reported that results are used to refine the Coast Guard's requirements 
for the number of required vessel escorts and patrols of port 
facilities. At the local level, the Captain of the Port \12\ can use 
MSRAM as a tactical planning tool. The model can help identify the 
highest risk scenarios, allowing the Captain of the Port to prioritize 
needs and better deploy security assets.\13\ The 2011 Congressional 
Budget Justification showed that the Coast Guard uses risk or relative 
risk to direct resources to the mitigation of the highest risk. For 
example, the use of risk management in the allocation of resources that 
is specific to port security concerns the Ports, Waterways, and Coastal 
Security program. This program has a performance goal to manage terror-
related risk in the U.S. Maritime Domain to an acceptable level. The 
Coast Guard uses a program measure to direct resources to the programs 
that reduce risk the most based on the amount invested. Based on the 
development of the MSRAM assessment process and the use of risk 
management analysis results in its allocation of resources, we believe 
that the Coast Guard has addressed the recommendations discussed 
earlier concerning risk management.\14\
---------------------------------------------------------------------------
    \12\ The Captain of the Port is the Coast Guard officer designated 
by the Commandant of the Coast Guard to enforce within his or her 
respective areas port safety and security and marine environmental 
protection regulations, including, without limitation, regulations for 
the protection and security of vessels, harbors, and waterfront 
facilities.
    \13\ For more information on the use of MSRAM see GAO, Maritime 
Security: Varied Actions Taken to Enhance Cruise Ship Security, but 
Some Concerns Remain, GAO-10-400 (Washington, D.C.: Apr. 9, 2010).
    \14\ We have work planned for this committee to address a request 
concerning port security planning that will include a more detailed 
examination of MSRAM.
---------------------------------------------------------------------------
DHS and the Coast Guard Have Taken Several Actions to Address the 
        Small-Vessel Threat but Challenges Remain in Mitigating the 
        Risk
    In recent years, we reported that concerns had arisen about the 
security risks posed by small vessels. In its April 2008 Small Vessel 
Security Strategy, DHS identified the four gravest risk scenarios 
involving the use of small vessels for terrorist attacks, which include 
the use of a small vessel as: (1) a waterborne improvised explosive 
device, (2) a means of smuggling weapons into the United States, (3) a 
means of smuggling humans into the United States, and (4) a platform 
for conducting a standoff attack--an attack that uses a rocket or other 
weapon launched at a sufficient distance to allow the attackers to 
evade defensive fire.\15\ According to the Commandant of the Coast 
Guard, small vessels pose a greater threat than shipping containers for 
nuclear smuggling.\16\ Some of these risks have been shown to be real 
through attacks conducted outside U.S. waters, but--as we reported in 
December 2009--no small-vessel attacks have taken place in the United 
States. Many vessels frequently travel among small vessels that operate 
with little scrutiny or notice, and some have suffered waterborne 
attacks overseas by terrorist or pirates who operated from small 
vessels. For example, at least three cruise ships have been attacked by 
pirates on small boats while armed with automatic weapons and rocket 
propelled grenades, although the three vessels were able to evade the 
pirates by either maneuvering or fighting back.\17\ Oil tankers have 
also been attacked. For example, in October 2002, a small vessel filled 
with explosives rammed the side of an oil tanker off the coast of 
Yemen.\18\ The concern about small-vessel attacks is exacerbated by the 
fact that some vessels, such as cruise ships, sail according to precise 
schedules and preplanned itineraries that could provide valuable 
information to terrorists in preparing for and carrying out an attack 
against a vessel.
---------------------------------------------------------------------------
    \15\ Department of Homeland Security, Small Vessel Security 
Strategy (Washington, D.C., April 2008).
    \16\ From testimony delivered by Vice Admiral Thad Allen, Chief of 
Staff, United States Coast Guard, during a hearing on the Coast Guard 
role in border and maritime security, before the Committee on 
Appropriations, Subcommittee on Homeland Security, U.S. Senate (Apr. 6, 
2006).
    \17\ For more information on cruise ship security, see GAO-10-400.
    \18\ GAO, Maritime Security: Federal Efforts Needed to Address 
Challenges in Preventing and Responding to Terrorist Attacks on Energy 
Commodity Tankers, GAO-08-141 (Washington, D.C.: December 10, 2007).
---------------------------------------------------------------------------
    DHS and the Coast Guard have developed a strategy and programs to 
reduce the risks associated with small vessels; however, they face 
ongoing challenges related to some of these efforts. The following 
discusses some of our key findings with regard to reducing the risks 
associated with small vessels:

   Small Vessel Security Strategy. DHS released its Small 
        Vessel Security Strategy in April 2008, as part of its effort 
        to mitigate the vulnerability of vessels to waterside attacks 
        from small vessels, and the implementation plan for the 
        strategy is under review. According to the strategy, its intent 
        is to reduce potential security and safety risks posed by small 
        vessels through operations that balance fundamental freedoms, 
        adequate security, and continued economic stability.\19\ After 
        review by DHS, the Coast Guard, and CBP, the draft 
        implementation plan was forwarded to the Office of Management 
        and Budget in April 2010, but the release of the plan has not 
        been approved by the Office of Management and Budget.
---------------------------------------------------------------------------
    \19\ The goals of the Small Vessel Security Strategy are to: (1) 
develop and leverage a strong partnership with the small-vessel 
community and public and private sectors; (2) enhance maritime security 
and safety; (3) leverage technology to enhance the ability to detect, 
determine intent, and when necessary, interdict small vessels; and (4) 
enhance coordination, cooperation, and communications between Federal, 
state, local, and tribal stakeholders, the private sector, and 
international partners.

   Community Outreach. Consistent with the Small Vessel 
        Security Strategy's goal to develop and leverage strong 
        partnerships with the small-vessel community, the Coast Guard, 
        as well as other agencies--such as the New Jersey State Police, 
        have several outreach efforts to encourage the boating 
        community to share threat information; however, the Coast Guard 
        program faces resource limitations. For example, the Coast 
        Guard's program to conduct outreach to the boating community 
        for their help in detecting suspicious activity, America's 
        Waterway Watch, lost the funding it received through a 
        Department of Defense readiness training program for military 
        reservists in Fiscal Year 2008. Now it must depend on the 
        activities of the Coast Guard Auxiliary, a voluntary 
        organization, for most of its outreach efforts. In addition to 
        America's Waterway Watch, the Coast Guard piloted a regional 
        initiative--Operation Focused Lens--to increase public 
        awareness of suspicious activity in and around U.S. ports, and 
        direct additional resources toward gathering information about 
        the most likely points of origin for an attack, such as 
        marinas, landings, and boat ramps. According to Coast Guard 
        officials, the agency views Operation Focused Lens to be a best 
        practice, and the agency is considering plans to expand the 
---------------------------------------------------------------------------
        program or integrate it into other existing programs.

   Vessel Tracking. In December 2009, we reported that the 
        Coast Guard was implementing two major unclassified systems to 
        track a broad spectrum of vessels; however, these systems 
        generally could not track small vessels.\20\ The Coast Guard 
        and other agencies have other technology systems, though--
        including cameras and radars--that can track small vessels 
        within ports, but these systems were not installed at all ports 
        or did not always work in bad weather or at night. Even with 
        systems in place to track small vessels, there was widespread 
        agreement among maritime stakeholders that it is very difficult 
        to detect threatening activity by small vessels without prior 
        knowledge of a planned attack.
---------------------------------------------------------------------------
    \20\ For more information on vessel tracking systems, see GAO, 
Maritime Security: Vessel Tracking Systems Provide Key Information, but 
the Need for Duplicate Data Should Be Reviewed, GAO-09-337 (Washington, 
D.C.: Mar. 17, 2009).

   Nuclear Material Detection Efforts. DHS has developed and 
        tested equipment for detecting nuclear material on small 
        vessels; however, efforts to use this equipment in a port area 
        have been limited to pilot programs. DHS is currently 
        conducting 3-year pilot programs to design, field test, and 
        evaluate equipment and is working with CBP, the Coast Guard, 
        state, local, tribal officials, and others as they develop 
        procedures for screening. These pilot programs are scheduled to 
        end in 2010, when DHS intends to decide the future path of 
        screening of small vessels for nuclear and radiological 
        materials. According to DHS officials, initial feedback from 
        Federal, state, and local officials involved in the pilot 
        programs has been positive. DHS hopes to sustain the 
        capabilities created through the pilot programs through Federal 
        grants to state and local authorities through the port security 
        grant program.\21\
---------------------------------------------------------------------------
    \21\ For more information, see GAO, Combating Nuclear Smuggling: 
DHS Has Made Some Progress but Not Yet Completed a Strategic Plan for 
Its Global Nuclear Detection Efforts or Closed Identified Gaps, GAO-10-
883T (Washington, D.C.: June 30, 2010).

   Security Activities. The Coast Guard also conducts various 
        activities to provide waterside security including boarding 
        vessels, escorting vessels into ports, and enforcing fixed 
        security zones, although they are not always able to meet 
        standards related to these activities. Through its Operation 
        Neptune Shield, the Coast Guard sets the standards for local 
        Coast Guard units to meet for some of these security 
        activities. Although the Coast Guard units may receive some 
        assistance from other law enforcement agencies in carrying out 
        these security activities, Coast Guard data indicates that some 
        units are not able to meet these standards due to resource 
        constraints. However, the Coast Guard's guidance allows the 
        Captain of the Port the latitude to shift resources to other 
        priorities when deemed necessary, for example when resources 
        are not available to fulfill all missions simultaneously. The 
        planned decommissioning of five Maritime Safety and Security 
        Teams--a domestic force for mitigating and responding to 
        terrorist threats or incidents--may continue to strain Coast 
        Guard resources in meeting security requirements. Although 
        remaining teams are to maintain readiness to respond to 
        emerging events and are to continue performing routine security 
        activities, such as vessel escorts, their ability to support 
        local units in meeting operational activity goals may be 
        diminished.
The Coast Guard Has a Program in Place to Assess the Security of 
        Foreign Ports, but Challenges Remain in Implementing the 
        Program
    The security of domestic ports also depends upon security at 
foreign ports where cargoes bound for the United States originate. To 
help secure the overseas supply chain, MTSA required the Coast Guard to 
assess security measures in foreign ports from which vessels depart on 
voyages to the United States and, among other things, recommend steps 
necessary to improve security measures in those ports. In response, the 
Coast Guard established a program, called the International Port 
Security Program, in April 2004. Under this program, the Coast Guard 
and host nations review the implementation of security measures in the 
host nations' ports against established security standards, such as the 
International Maritime Organization's International Ship and Port 
Facility Security (ISPS) Code.\22\ Coast Guard teams have been 
established to conduct country visits, discuss security measures 
implemented, and collect and share best practices to help ensure a 
comprehensive and consistent approach to maritime security in ports 
worldwide. Subsequently, in October 2006, the SAFE Port Act required 
the Coast Guard to reassess security measures at such foreign ports at 
least once every 3 years.
---------------------------------------------------------------------------
    \22\ The International Port Security Program uses the ISPS Code as 
the benchmark by which it measures the effectiveness of a country's 
antiterrorism measures in a port. The code was developed after the 
September 11 attacks and established measures to enhance the security 
of ships and port facilities with a standardized and consistent 
security framework. The ISPS Code requires facilities to conduct an 
assessment to identify threats and vulnerabilities and then develop 
security plans based on the assessment. The requirements of this code 
are performance-based; therefore compliance can be achieved through a 
variety of security measures.
---------------------------------------------------------------------------
    As we reported in October 2007, Coast Guard officials told us that 
challenges exist in implementing the International Port Security 
Program.\23\ Reluctance by some countries to allow the Coast Guard to 
visit their ports due to concerns over sovereignty was a challenge 
cited by program officials in completing their first round of port 
visits. According to these officials, before permitting Coast Guard 
officials to visit their ports, some countries insisted on visiting and 
assessing a sample of U.S. ports. The Coast Guard was able to 
accommodate their request through the program's reciprocal visit 
feature in which the Coast Guard hosts foreign delegations to visit 
U.S. ports and observe ISPS Code implementation in the United States. 
This subsequently helped gain the cooperation of the countries in 
hosting a Coast Guard visit to their own ports. However, as Coast Guard 
program officials stated, sovereignty concerns may still be an issue, 
as some countries may be reluctant to host a comprehensive country 
visit on a recurring basis because they believe the frequency is too 
high.
---------------------------------------------------------------------------
    \23\ GAO, Maritime Security. The SAFE Port Act. Status and 
Implementation One Year Later, GAO-08-126T (Washington, D.C.: Oct. 30, 
2007).
---------------------------------------------------------------------------
    Another challenge program officials cited is having limited ability 
to help countries build on or enhance their capacity to implement the 
ISPS Code requirements. Program officials stated that while their 
visits provide opportunities for them to identify potential areas to 
improve or help sustain the security measures put in place, other than 
sharing best practices or providing presentations on security 
practices, the program does not currently have the resources to 
directly assist countries, particularly those that are poor, with more 
in-depth training or technical assistance. To overcome this, program 
officials have worked with other agencies (e.g., the Departments of 
Defense and State) and international organizations (e.g., the 
Organization of American States) to secure funding for training and 
assistance to countries where port security conferences have been held 
(e.g., the Dominican Republic and the Bahamas).
CBP Has Established a Program to Scan U.S.-Bound Cargo Containers, but 
        Challenges to Expanding the Program Remain
    Another key concern in maritime security is the effort to secure 
the supply chain to prevent terrorists from shipping weapons of mass 
destruction (WMD) in one of the millions of cargo containers that 
arrive at U.S. ports each year. CBP has developed a layered security 
strategy to mitigate the risk of an attack using cargo containers. 
CBP's strategy is based on a layered approach of related programs that 
attempt to focus resources on potentially risky cargo shipped in 
containers while allowing other cargo containers to proceed without 
unduly disrupting commerce into the United States. The strategy is 
based on obtaining advanced cargo information to identify high-risk 
containers, utilizing technology to examine the content of containers, 
and partnerships with foreign governments and the trade industry. One 
of the programs in this layered security strategy is the Secure Freight 
Initiative (SFI). In December 2006, in response to SAFE Port Act 
requirements, DHS, and the Department of Energy (DOE) jointly announced 
the formation of the SFI pilot program to test the feasibility of 
scanning 100 percent of U.S.-bound container cargo at three foreign 
ports (Puerto Cortes, Honduras; Qasim, Pakistan; and Southampton, 
United Kingdom). According to CBP officials, while initiating the SFI 
program at these ports satisfied the SAFE Port Act requirement, CBP 
also selected the ports of Busan, South Korea; Hong Kong; Salalah, 
Oman; and Singapore to more fully demonstrate the capability of the 
integrated scanning system at larger, more complex ports. As of April 
2010, SFI has been operational at five of these seven seaports.
    In October 2009, we reported that CBP has made some progress in 
working with the SFI ports to scan U.S.-bound cargo containers; but 
because of challenges to expanding scanning operations, the feasibility 
of scanning 100 percent of U.S.-bound cargo containers at over 600 
foreign seaports remains largely unproven.\24\ CBP and DOE have been 
successful in integrating images of scanned containers onto a single 
computer screen that can be reviewed remotely from the United States. 
They have also been able to use these initial ports as a test bed for 
new applications of existing technology, such as mobile radiation 
scanners. However, the SFI ports' level of participation, in some 
cases, has been limited in terms of duration (e.g., the Port of Hong 
Kong participated in the program for approximately 16 months) or scope 
(e.g., the Port of Busan, Korea, allowed scanning in one of its eight 
terminals). In addition, the Port of Singapore withdrew its agreement 
to participate in the SFI program and, as of April 2010, the Port of 
Oman had not begun scanning operations. Furthermore, since the 
inception of the SFI program in October 2007, no participating port has 
been able to achieve 100 percent scanning. While 54 to 86 percent of 
the U.S.-bound cargo containers were scanned at three comparatively 
low-volume ports that are responsible for less than 3 percent of 
container shipments to the United States, sustained scanning rates 
above 5 percent have not been achieved at two comparatively larger 
ports--the type of ports that ship most containers to the United 
States. Scanning operations at the SFI ports have encountered a number 
of challenges--including safety concerns, logistical problems with 
containers transferred from rail or other vessels, scanning equipment 
breakdowns, and poor-quality scan images. Both we and CBP had 
previously identified many of these challenges, and CBP officials are 
concerned that they and the participating ports cannot overcome 
them.\25\ In October 2009, we recommended that DHS conduct a 
feasibility analysis of implementing the 100 percent scanning 
requirement in light of the challenges faced.\26\ DHS concurred with 
our recommendation.
---------------------------------------------------------------------------
    \24\ GAO, Supply Chain Security: Feasibility and Cost-Benefit 
Analysis Would Assist DHS and Congress in Assessing and Implementing 
the Requirement to Scan 100 Percent of U.S.-Bound Containers, GAO-10-12 
(Washington, D.C.: Oct. 30, 2009).
    \25\ GAO, Supply Chain Security: Challenges to Scanning 100 Percent 
of U.S.-Bound Cargo Containers, GAO-08-533T (Washington, D.C.: June 12, 
2008).
    \26\ GAO-10-12.
---------------------------------------------------------------------------
    CBP and DOE spent approximately $100 million through June 2009 on 
implementing and operating the SFI program, but CBP has not developed a 
comprehensive estimate for future U.S. program costs, or conducted a 
cost-benefit analysis that compares the costs and benefits of the 100 
percent scanning requirement with other alternatives. The SAFE Port Act 
requires CBP to report on costs for implementing the SFI program at 
foreign ports, but CBP has not yet estimated total U.S. program costs 
because of both the lack of a decision by DHS on a clear path forward 
and the unique set of challenges that each foreign port presents. While 
uncertainties exist regarding a path forward for the program, a 
credible cost estimate consistent with cost estimating best practices 
could better aid DHS and CBP in determining the most effective way 
forward for SFI and communicating the magnitude of the costs to 
Congress for use in annual appropriations. To address this, in October 
2009, we recommended that CBP develop comprehensive and credible 
estimates of total U.S. program costs.\27\ DHS concurred with our 
recommendation.
---------------------------------------------------------------------------
    \27\ GAO-10-12.
---------------------------------------------------------------------------
    CBP and DOE have paid the majority of SFI costs for operating the 
SFI program. The SAFE Port and 9/11 Commission Acts do not address the 
issue of who is expected to pay the cost of developing, maintaining, 
and using the infrastructure, equipment, and people needed for the 100 
percent scanning requirement, but implementing the requirement would 
entail costs beyond U.S. Government program costs, including those 
incurred by foreign governments and private terminal operators, and 
could result in higher prices for American consumers. CBP has not 
estimated these additional economic costs, though they are relevant in 
assessing the balance between improving security and maintaining trade 
capacity and the flow of cargo. To address this, in October 2009, we 
recommended that DHS conduct a cost-benefit analysis to evaluate the 
costs and benefits of achieving 100 percent scanning as well as other 
alternatives for enhancing container security.\28\ Such an analysis 
could provide important information to CBP and to Congress to determine 
the most effective way forward to enhance container security. DHS 
agreed in part with our recommendation that it develop a cost-benefit 
analysis of 100 percent scanning, acknowledging that the recommended 
analyses would better inform Congress, but stated the recommendations 
should be directed to the Congressional Budget Office. While the 
Congressional Budget Office does prepare cost estimates for pending 
legislation, we think the recommendation is appropriately directed to 
CBP. Given its daily interaction with foreign customs services and its 
direct knowledge of port operations, CBP is in a better position to 
conduct any cost-benefit analysis and bring results to Congress for 
consideration.
---------------------------------------------------------------------------
    \28\ GAO-10-12.
---------------------------------------------------------------------------
    Senior DHS and CBP officials acknowledge that most, if not all 
foreign ports, will not be able to meet the July 2012 target date for 
scanning all U.S.-bound cargo. Recognizing the challenges to meeting 
the legislative requirement, DHS expects to grant a blanket extension 
to all foreign ports pursuant to the statue, thus extending the target 
date for compliance with this requirement by 2 years, to July 2014. In 
addition, the Secretary of Homeland Security approved the ``strategic 
trade corridor strategy,'' an initiative to scan 100 percent of U.S.-
bound containers at selected foreign ports where CBP believes it will 
mitigate the greatest risk of WMD entering the United States. According 
to CBP, the data gathered from SFI operations will help to inform 
future deployments to strategic locations. CBP plans to evaluate the 
usefulness of these deployments and consider whether the continuation 
of scanning operations adds value in each of these locations, and 
potential additional locations that would strategically enhance CBP 
efforts. While the strategic trade corridor strategy may improve 
container security, it does not achieve the legislative requirement to 
scan 100 percent of U.S.-bound containers. According to CBP, it does 
not have a plan for full-scale implementation of the statutory 
requirement by July 2012 because challenges encountered thus far in 
implementing the SFI program indicate that implementation of 100 
percent scanning worldwide by the 2012 deadline will be difficult to 
achieve. However, CBP has not performed a feasibility analysis of 
expanding 100 percent scanning, as required by the SAFE Port Act. To 
address this, in October 2009, we recommended that CBP conduct a 
feasibility analysis of implementing 100 percent scanning and provide 
the results, as well as alternatives to Congress, in order to determine 
the best path forward to strengthen container security.\29\ DHS 
concurred with our recommendation.
---------------------------------------------------------------------------
    \29\ GAO-10-12.
---------------------------------------------------------------------------
    In DHS's Congressional Budget Justification FY 2011, CBP requested 
to decrease the SFI program's $19.9 million budget by $16.6 million. 
According to the budget justification, in Fiscal Year 2011, SFI 
operations will be discontinued at three SFI ports--Puerto Cortes, 
Honduras; Southampton, United Kingdom; Busan, South Korea--and the SFI 
program will be established at the Port of Karachi, Pakistan. 
Furthermore, CBP's budget justification did not request any funds to 
implement the strategic trade corridor strategy.
    Mr. Chairman, this completes my prepared statement. I would be 
happy to respond to any questions you or other Members of the Committee 
may have at this time.
Related GAO Products
    Combating Nuclear Smuggling: DHS Has Made Some Progress but Not Yet 
Completed a Strategic Plan for Its Global Nuclear Detection Efforts or 
Closed Identified Gaps. GAO-10-883T. Washington, D.C.: June 30, 2010.
    Maritime Security: Varied Actions Taken to Enhance Cruise Ship 
Security, but Some Concerns Remain. GAO-10-400. Washington, D.C.: April 
9, 2010.
    Coast Guard: Deployable Operations Group Achieving Organizational 
Benefits, but Challenges Remain. GAO-10-433R. Washington, D.C.: April 
7, 2010.
    Critical Infrastructure Protection: Update to National 
Infrastructure Protection Plan Includes Increased Emphasis on Risk 
Management and Resilience. GAO-10-296. Washington, D.C.: March 5, 2010.
    Coast Guard: Observations on the Requested Fiscal Year 2011 Budget, 
Past Performance, and Current Challenges. GAO-10-411T. Washington, 
D.C.: February 25, 2010.
    Supply Chain Security: Feasibility and Cost-Benefit Analysis Would 
Assist DHS and Congress in Assessing and Implementing the Requirement 
to Scan 100 Percent of U.S.-Bound Containers. GAO-10-12. Washington, 
D.C.: October 30, 2009.
    Transportation Security: Comprehensive Risk Assessments and 
Stronger Internal Controls Needed to Help Inform TSA Resource 
Allocation. GAO-09-492. Washington, D.C.: March 27, 2009.
    Maritime Security: Vessel Tracking Systems Provide Key Information, 
but the Need for Duplicate Data Should Be Reviewed. GAO-09-337. 
Washington, D.C.: March 17, 2009.
    Risk Management: Strengthening the Use of Risk Management 
Principles in Homeland Security. GAO-08-904T. Washington, D.C.: June 
25, 2008.
    Supply Chain Security: Challenges to Scanning 100 Percent of U.S.-
Bound Cargo Containers. GAO-08-533T. Washington, D.C., June 12, 2008.
    Highlights of a Forum: Strengthening the Use of Risk Management 
Principles in Homeland Security. GAO-08-627SP. Washington, D.C.: April 
15, 2008.
    Maritime Security: Federal Efforts Needed to Address Challenges in 
Preventing and Responding to Terrorist Attacks on Energy Commodity 
Tankers. GAO-08-141. Washington, D.C.: December 10, 2007.
    Maritime Security: The SAFE Port Act: Status and Implementation One 
Year Later. GAO-08-126T.T Washington, D.C.: October 30, 2007.
    Maritime Security: The SAFE Port Act and Efforts to Secure Our 
Nation's Ports. GAO-08-86T. Washington, D.C.: October 4, 2007.
    Information on Port Security in the Caribbean Basin. GAO-07-804R. 
Washington, D.C.: June 29, 2007.
    Risk Management: Further Refinements Needed to Assess Risks and 
Prioritize Protective Measures at Ports and Other Critical 
Infrastructure. GAO-06-91. Washington, D.C.: December 15, 2005.

    The Chairman. Thank you, Mr. Caldwell.
    I'll start the questioning with, actually, one of the last 
questions I was going to ask. Admiral, I'm going to ask this to 
you.
    It's interesting, in aviation--and Kay Bailey Hutchison and 
I have been working on an aviation bill for a long time, and we 
hope to get it done--and one of the interesting things there 
are, there are so many more general aviation--I'm making a 
small-boat comparison, okay?--general aviation planes that are 
in the air at any given moment than there are commercial 
flights, but they only pay a very small percentage of keeping 
up the air traffic control system. In fact, it used to be as 
little as 8 percent. I think it's now something like 14 
percent.
    What is my point? I'm talking, basically, about larger 
jets. But, you have a real problem in small vessels. There are 
more than 17 million small watercraft operating in U.S. waters, 
and that is one extraordinary security threat. It wasn't that 
long ago that a one-engine airplane flew into a building in New 
York, and it didn't get a whole lot of attention. New York 
City. And it was just a pilot who fell asleep, or something. 
But, I happen to care about that one, because it happened, and 
second, my son was living in that building. And he is okay, and 
the building's okay, because it was a small, one-engine plane. 
But, it says what the possibility of small numbers of ships or 
craft on the water can mean.
    So, my question to you is, To what extent is this a 
problem, from a monitoring point of view, from a national 
security point of view? I mean, it's my understanding that you 
can have a small aircraft or a small boat carry a very heavily 
loaded series of briefcases into port, and nobody's going to 
notice. So, how do you monitor? How do you do that? Or is it, 
in fact, financially entirely out of your scope?
    Admiral Papp. Mr. Chairman, it's certainly a problem that 
has concerned me----
    The Chairman. I don't mean your scope, but your ability to 
do something about it, because of resources.
    Admiral Papp. Well, I think there's something we can do 
about it. And what I would do is go back through my own 
experience. Shortly after 9/11, I was the 9th District 
Commander, up in the Great Lakes. And I have to think that, 
when I looked out my window across Lake Erie and saw all those 
small boats out there, that half of those 17 million might be 
just on Lake Erie. The fact of the matter was, there are about 
7 million boats up in the Great Lakes, and then you throw in 
another, maybe, 3 million from the Canadian side and 
international waters, it's quite a challenge.
    And I think, as I went up there and started confronting the 
problem after 9/11, I looked at those small boats as the enemy. 
In other words, every one of them's a threat. The truth of the 
matter is, the vast majority of them are our friends, and can 
be used as sensors, and can enable us to provide us better 
maritime domain awareness.
    So, a great example of making effective use of this, at 
very small cost, is the America's Waterways Watch Program, 
where we go out, we engage the boating community. We make them 
part of the system, instead of having them the enemy, and they 
will help us, they will inform us and become a part of our 
system of maritime domain awareness.
    So, I think continuing those sorts of efforts--outreach, 
making sure that the boating community doesn't get--share the 
same complacency that I was talking about, informing them that 
there is the potential for threats out there and we need them 
to help us in doing our job, I think goes a long ways toward 
doing that.
    I visited, up the Gulf of Maine, with Senator Snowe, back a 
few months ago, and just from my own personal experience 
sailing in the waters off New England, most of those lobstermen 
up there, or the fishermen on Georges Banks, they know who are 
supposed to be out there, they know each other, they sometimes 
even fight each other out--trying to protect their own special 
areas. They know strangers when they come in there, they know 
behavior that is not normal, and if they have an avenue to be 
able to report this to the Coast Guard, it helps us in our 
situational awareness. We can share that, and investigate it.
    So, I think there are ways of using that large group of 
small vessels, that were, in the past, perceived as a threat, 
to help enable us to take care of what might be a threat out 
there.
    The Chairman. Two very quick questions. When you say you're 
making outreach to those people so that we look upon them as 
the enemy, but you're looking to make outreach and to get them 
to be alert and not be complacent, and the rest of it, which, 
by definition, means that you are talking to, or being 
responded to, by those who want to cooperate with you. That 
doesn't talk about those who actually might have, or 
circumstantially might have, explosive devices put upon their 
small craft, and not even know it. So, I'm comforted by the 
lobstermen knowing, you know, who the friendlies and the 
unfriendlies are, the strangers are, but, outside of the 
fishing community--17 million--that's a very large number.
    Admiral Papp. Sure.
    The Chairman. And my understanding is that you and Homeland 
Security--that the Coast Guard and Homeland Security are 
preparing a new strategy as to how to approach small vessels, 
in terms of security. And I'm interested to know, how is that 
coming along? Are we going to be able to get that, and see it?
    Admiral Papp. Yes, Mr. Chairman. That's in the final stages 
of review by the Secretary right now. And I don't know what 
their timeline is, in terms of approval by the Secretary, but, 
across components, we've been working on that. It has to be a 
layered response. There is outreach to the boating community. 
And in that regard, the adaptability, the multimission 
structure of the Coast Guard, our continuing involvement in 
boating safety over the years, our Coast Guard auxiliarists 
that number over 30,000 people across the country, help enable 
us to reach out to those people, to inform them of the program, 
and to get them to help us out.
    But, it really boils down to the--its other aspects, as 
well. Good intelligence is clearly essential to the small-boat 
problem. And the Coast Guard, as a member of the intelligence 
community, is constantly looking out for trends, for 
activities, for other things that might indicate a challenge or 
a potential threat within the country. When we know that, or 
when we have events, that's when we don't rely just upon other 
people in the area; we have Captain of the Port authorities 
that can set up security zones. We can do escorts. We can put 
resources out there, and not just Coast Guard resources, but 
CBP resources or local, State, and--or other Federal agencies, 
to help us, in the event of a----
    The Chairman. Admiral, I thank you. I just, in turning to 
Senator Hutchison, would need to comment that it seems to me 
you're talking about the reach out being kind of like driver 
education, ``You've got to be safe, you've got to do this, 
you've got to do that.'' People who don't want to be safe, who 
want to do this, can be incredibly safe, but very destructive. 
And that's kind of the problem that I'm getting at. How do you 
reach those people? And, I guess, in this document, I'm going 
to learn something about that.
    In any event, thank you.
    And I turn now to Senator Hutchison.
    Senator Hutchison. Well, thank you very much.
    I would just like to ask the three of you--in the issue of 
port security, obviously we have foreign ships coming in, 
containers coming in, and we've increased our capabilities with 
containers, and put seals on them after they've been inspected 
in a foreign port. But, my question is, What have you found 
that we can do that would be more and better coordinated with 
all of the different entities that can contribute to security 
to make our ports as secure as possible, with all of the 
foreign tonnage coming in?
    I'll just start with you and just go down the way.
    Admiral Papp. Senator, I think, first and foremost, it's 
pushing it as far offshore as possible. And, in that regard, 
our International Port Security Program--I've been really 
pleased, over the last couple of years, in the advances that 
we've made. As the Atlantic Area Commander for the Coast Guard, 
all the international port--or, all the international port 
security liaison officers were working under the Atlantic Area 
staff. We programmed them, we scheduled them. We've made visits 
to 150 of 154 countries to validate their security regimes 
within their ports. That's really the first step, is making 
sure that they are complying with the same security standards 
that are required throughout the world, and trying to normalize 
that so that we can trust the ports in which the cargo is 
loaded.
    With that, the experts on cargo security--or ``the'' 
expert--is sitting right next to me.
    But, the Coast Guard will assure the standards of security 
within the port. The handling of cargo is taken care of by my 
partner's organization.
    Mr. Bersin. Precisely so. In addition to the security 
dimensions of the port, Senator, we see it as an issue of risk 
management. And the segmentation of traffic between those 
cargoes and containers about which we know something adverse, 
and distinguish those from which we know may present a lower 
risk. Unless we can actually separate out those containers as 
far away in time and space from the American homeland, we have 
a difficult time to move lawful traffic in the way in which we 
need for an economically competitive America.
    Senator Hutchison. Are you talking about specific types of 
cargo, or the ports from which they came being a different risk 
assessment, or the companies that are transporting being a 
different risk assessment? Is that a----
    Mr. Bersin. All of----
    Senator Hutchison.--part of your----
    Mr. Bersin.--the above. I mean, in terms of being able to 
distinguish containers that we need to look at more carefully 
from those in which we can expedite--in effect, looking for 
that needle in a haystack, both by having intelligence about 
the ones we need--where we might pluck out the needle that 
would cause us harm, but also reducing the size of the 
haystack. So, this is about increasing the information about 
the container, the importer, the shipper, the freight 
consolidator, every part of the supply chain, so that we can 
actually do this segmentation of traffic----
    Senator Hutchison. And do you think we effectively do that?
    Mr. Bersin. We are in a position, compared to 2006, with 
much more information, a more effective way of managing that 
information. I believe a more----
    Senator Hutchison. With the capability to do the transfers 
away from the ports?
    Mr. Bersin. In terms of, for example, having more 
information before a container arrives at the American port, 
yes. The ``10 plus 2,'' the importer filing--safety filing, 
security filing--has permitted us to gather much more 
information than we did before that, so that we can do the risk 
management and the assessment while the containerized cargo is 
coming toward the American port.
    So, the answer to that is yes. And we also have more 
sophisticated targeting rules, which incorporate threat streams 
so that we can actually both separate out that cargo that 
presents low risk from that cargo that is either high risk or 
about which we know very little.
    Senator Hutchison. Thank you.
    From the GAO?
    Mr. Caldwell. Thank you, Senator Hutchison.
    While GAO is probably not in the position to be able to 
come up with the path forward and ``Where do we go from here?'' 
Our work has found that there is a fairly robust and layered 
regime of programs for port security out there. And the details 
of these programs are already in the statements of the two 
gentlemen here.
    I think where we come in, our contribution, is to look at 
the execution and the implementation of those programs, and a 
lot of times we have found weaknesses in those areas. But, I 
have to say that both Coast Guard and CBP have generally been 
very responsive to our recommendations. It's not always an easy 
fix, the things that we're asking them to improve, but they 
have generally been responsive to the recommendations that 
we've made.
    So, while I agree with the Commandant that complacency is 
one of the issues, I think these programs need to continue to 
mature--the programs in place while the programs that we're 
discussing--or even ``10 plus 2'' is relative new, in terms of 
that program being fully implemented. One of the bigger issues 
we see right now is, obviously, the 100-percent scanning 
requirement. We're at a little bit of an impasse here between 
what the statute actually says and, I think, what can actually 
be accomplished by the Department. Our Department's pretty much 
made that clear, and I think that foreign governments and 
companies have as well. It's something that would be very 
difficult to implement because the technology is just not there 
right now.
    Another question has arisen from that is, How does that fit 
into the layered strategy? Aspects of that requirement may 
detract from some of the existing programs out there. Countries 
may be less willing to participate in CSI if everything's going 
to be scanned, anyway. Companies may be less willing to 
participate in C-TPAT, and foreign governments that have AEO 
programs, may be less willing to have them if their containers 
are going to get scanned anyway.
    It is a question of trying to balance across these 
different programs. And, hopefully, these programs will 
continue to mature and improve.
    Senator Hutchison. Mr. Chairman, thank you. And my time is 
up, but I do have another couple of questions for a second----
    The Chairman. Well, go ahead.
    Senator Hutchison.--round.
    The Chairman. Look, we can----
    Senator Hutchison. No----
    The Chairman.--be a little informal here----
    Senator Hutchison. No, no, there are other members here. 
I'd----
    The Chairman.--right? You want more time?
    Senator Hutchison.--prefer----
    The Chairman. Seven minutes?
    Senator Hutchison. No. I'd prefer----
    The Chairman. No?
    Senator Hutchison.--to let----
    The Chairman. OK.
    Senator Hutchison.--them go, but I would like a second 
round.
    Senator Lautenberg. We have great respect and admiration 
for Senator Hutchison, and part of the admiration is her grace 
and her willingness----
    The Chairman. To yield to the Senator----
    Senator Hutchison. To let Mr. Lautenberg----
    The Chairman.--from New Jersey.
    Senator Hutchison.--speak.
    [Laughter.]
    The Chairman. Senator Lautenberg.
    Senator Lautenberg. Thank you very much, Mr. Chairman.
    And when we look at the witness table here, and we see the 
responsibilities that are covered by these three people, 
they're enormous. And Admiral Papp just mentioned in his 
remarks--that I'm a strong supporter, as I know both of you 
are--each of you is, as well--with the Coast Guard. And when we 
look at the assignments they have, it needs a constant reminder 
about the fact that they cover so many bases, and that they 
continue to respond positively, bravely, and courageously to 
new assignments without always getting--without almost ever 
getting the resources that accompany the additional 
responsibilities.
    And right now, with the attention that's given to the Coast 
Guard--and I congratulate you, Admiral Papp, for your ascending 
to the leadership of the Coast Guard; you've earned it. It's a 
wonderful organization and they're lucky to have you as their 
leader. We all feel that way. But, I want to just take a moment 
to say that, in the bill that I now have in my chairmanship on 
the Appropriations Committee--and that is the DHS bill--we 
increased the Coast Guard budget by $221 million from last 
year. We were happy to do it, and know how vital it was that 
you get the additional support that you need as your 
responsibilities in your organization contains.
    Mr. Bersin, also, you know, people often forget how broad 
the responsibility of your organization is. And when we look at 
Customs, we think about people that we see more often at the 
airport and the most visible places. But, you've got an array 
of things, going from agriculture interests and have a--
intellectual property theft, preventing and disrupting 
terrorist attacks, a lot going on there.
    One of the things that you mentioned, and has been on our 
mind and our screen, was that--you mentioned this--the 
screening that's supposed to have taken place. Three years ago, 
Congress acted to require 100-percent scanning of all 
containers coming to the country. However, last year the GAO 
found out that we were only scanning less than 5 percent of all 
U.S.-bound containers, and that 100-percent screening has not 
been achieved at even a single port.
    Now, what has the Department done to improve this leap 
ahead from the 5-percent scanning rate? Where is it?
    Mr. Bersin. Senator, first, to distinguish between the 
scanning for the RPMs, the radiological scanning is taking 
place with regard to maritime cargo. With regard to the gamma-
ray or X-ray scanning, you're correct that we have not 
instituted a 100-percent scanning. As I indicated in my 
statement, and as the Secretary has indicated to the Congress, 
while we have completed the pilot project at the five ports 
designated in the SAFE Port Act of several years ago, the 
lessons we've learned there suggest that we need to continue to 
do work with regard to developing a security regime that takes 
into account the problems that I indicated in the statement.
    Senator Lautenberg. How many ports--or, how many 
containers--percentage of containers do we cover, in terms of 
your responsibility?
    Mr. Bersin. The--there are approximately, last year, just 
under 10 million containers, and we are----
    Senator Lautenberg. That's out of how many?
    Mr. Bersin. Ten million containers that are coming to the 
United States, and we are scanning 4 to 5 percent of those, 
sir.
    Senator Lautenberg. Four to 5 percent, OK. I got the 
number--I jumped ahead of you on the numbers.
    Mr. Bersin. And----
    Senator Lautenberg. So, we're still far behind the 
objectives that we set for ourself at this point in time.
    Mr. Bersin. Measured by the 100-percent standard, yes, sir.
    Senator Lautenberg. Yes. We have a deadline, 2012, for 100-
percent scanning of all incoming shipping containers. But, 
we're a long way from that point. And when I look ahead to a 
year and a half, or two, at the most--do you think we can 
possibly meet that standard?
    Mr. Bersin. As you know, and as the Secretary has advised 
Congress, Senator Lautenberg, the Department is working on a 
proposal that, first, would actually provide the documentation, 
as the GAO has requested, that would indicate what it would 
take to do the scanning, in terms of cost and logistical 
outlay.
    Senator Lautenberg. What's your estimate Mr. Bersin? What 
do you think? When do you think, if we can possibly, at all, 
reach that goal that we set for 2012?
    Mr. Bersin. Frankly, Senator, I think that we're going to 
need to develop an alternative approach that provides us with 
the security that is sought by the 100-percent scanning, but to 
do so in a way that incorporates risk management and recognizes 
the difficulties----
    Senator Lautenberg. Right.
    Mr. Bersin.--of trying to do it all----
    Senator Lautenberg. But----
    Mr. Bersin.--at once.
    Senator Lautenberg.--we're a long way away, and--I don't 
want to cut you off, but--I come from a position that says, 
okay, here's A, there's B; What's the difference between A and 
B? And the difference here is that we're significantly behind 
the goal that we'd like to have. And I think it's important 
that we recognize this, Mr. Chairman, in this committee.
    Admiral Papp, the SAFE Port Act required that the Coast 
Guard establish an Interagency Operation Command Center at all 
the high-priority ports, and that was to be done by last 
October. Unfortunately, the Coast Guard has not yet begun to 
construct a center for the Port of New York/New Jersey, the 
largest port on the East Coast. Why hasn't an IOCC been 
established for the New York/New Jersey region? And when might 
the Coast Guard move forward on this project?
    Admiral Papp. Well, you're absolutely right, Senator, there 
is nothing that is called the IOC, or Interagency Operations 
Center, in the Port of New York, but we have been working, 
across the country, in 35 critical ports to develop IOCs. There 
are probably three components of that. First of all, is getting 
the software to be able to consolidate the sensors, and then to 
set up the structure within which to work, which we think we 
can do, based upon the work we do in our Area Maritime Security 
Committees. And then, third, and probably the thing that has 
probably confounded us the most is having a facility where you 
gather.
    But, we've been focused on things like the buildings we've 
put up in Seattle or the buildings that we've--that we're now 
building in New Orleans, and focusing on them as Interagency 
Operations Centers. It's tough to come up with the resources to 
be able to construct buildings.
    So, what we've been working on is virtual--virtually 
bringing people together. We have implemented a piece of 
software called Watchkeeper, which brings various sensors and 
other databases together, which we can share with the 
interagency in each one of those ports. We've fielded that in 
Charleston, and we expect to have all 35 of the ports, 
basically our sector command centers, using Watchkeeper within 
the next year.
    The next step is to share that with the other interagency 
partners across the port. And then, the third step would be to 
provide the facilities, either virtual or physical facilities, 
to bring all the interagency together within those command 
centers.
    I will tell you, though, in our Area Maritime Security 
Committees, in terms of developing plans, the Coast Guard has 
constantly been involved in outreach across the interagency. In 
the Port of New York, at Sector New York, they have room within 
their command center, where, in times of operations, we bring 
in Commissioner Kelly's people or Ports Authority people or the 
interagency, and we work together.
    So, while we may not be able to reach out and identify a 
building as an Interagency Operations Center, we've certainly 
been working within the spirit to bring the interagency 
together so that we can have greater synergies in providing 
security in the ports.
    Senator Lautenberg. Mr. Chairman, I wind up with an 
observation, if I might, to you, sir, and that is that we have 
these responsibilities, and there are serious people here, with 
strong staff and strong commitment, but yet have not come close 
to the goals that we've set out. And some of this is a division 
of resources. And we have to recognize that defending ourselves 
at home from terrorism is not really less important than 
defending ourselves in far distant places for our security, 
that security at home, here, whether it's in the ports or in 
the airports, that we have to have resources to do it with. And 
we spend $650 billion each and every year on defense, and it's 
appropriate that we have to have something at least comparable 
to honestly present our people with the resources they need.
    I thank you very much.
    The Chairman. Thank you, Senator Lautenberg.
    And now Senator Klobuchar.

               STATEMENT OF HON. AMY KLOBUCHAR, 
                  U.S. SENATOR FROM MINNESOTA

    Senator Klobuchar. Thank you very much, Mr. Chairman.
    Thank you, to all of you.
    Admiral Papp, the SAFE Port Act strengthened the Maritime 
Transportation Security Act by adding a requirement that the 
Coast Guard conduct two inspections annually and one being 
unannounced. Have those unannounced inspections helped? Have 
they been effective in improving compliance?
    Admiral Papp. Yes, ma'am, I believe they have. And I'm--in 
the interest of transparency, I'm trying to search my mind for 
our success rate in terms of those. We've devoted an awful lot 
of resources and inspectors toward completing those inspections 
and unannounced visits, and conducting exercises. And as we 
have reviewed all the plans--and we go through 3,200 security 
plans across the country--and I'm sure you're talking about the 
domestic security plans----
    Senator Klobuchar. Yes.
    Admiral Papp.--that's a large task to take on, but we're 
very proud of the fact that we have completed those, and we 
have updated them, in accordance with the Act. And I think that 
it is a success story for us.
    Senator Klobuchar. Very good. And maybe you can follow up 
when you can get some of the data and things in writing, but I 
appreciate that.
    Commissioner Bersin, as part of CBP's layering targeting 
strategy, you discussed the role of a National Targeting Center 
in sharing local officers, the information and intelligence 
that you gather on incoming cargo. And I'm a former prosecutor, 
so I'm always concerned that local law enforcement be properly 
looped in on issues. And I know this has sometimes been an 
issue in the past. Could you talk about your efforts in that 
regard?
    Mr. Bersin. As a former prosecutor myself, I appreciate the 
value added by State and local authorities. And I know, with 
regard to CBP, there are numerous instances in which CBP field 
officers in our seaports and airports, and our Border Patrol 
Agents on the northern and southern borders, are in constant 
communication with the State, local, and tribal law enforcement 
authorities.
    With regard to the cargo, containerized cargo security, 
that information ordinarily would not be directed to local law 
enforcement. That is to say, we don't have, usually, the local 
or county interest in inspecting containerized cargo that would 
come to the ports. But, there are numerous instances in which 
incidents take place at our ports, in which CBP relies upon the 
partnerships that exist, whether they're the JTTF, the Joint 
Terrorism Task Forces, or more conventional law enforcement 
alliances.
    Senator Klobuchar. Speaking of cargo, you also mentioned in 
your testimony about the work you've done with the Consumer 
Product Safety Commission and the FDA and the Food Safety 
Inspection Service to prevent unsafe products from entering our 
country. I've been active on a lot of those product issues, as 
have other people on this committee. Could you talk about how 
you're working with other agencies at the border to weed out 
dangerous products?
    Mr. Bersin. Yes. Earlier this spring, Senator, CBP, Customs 
and Border Protection, entered into a memorandum agreement, a 
working agreement, with the Consumer Product Safety Commission, 
in which we opened up, formally, the Commercial Targeting and 
Analysis Center, which is a trade version of our national 
security targeting system. The database of the--uses the same 
database information as our national security targeting, but 
it's focused on issues such as import safety, food and drug 
safety, intellectual property rights protection, and other 
trade enforcement issues. FDA is a member of that group, and we 
expect to hold a conference, in the fall, in which we will be 
inviting our major other government agency partners to 
participate as full members of the CTAC and also of the--to 
build on the so-called International Trade Data System group, 
which are the government agencies involved at the ports of 
entry.
    Senator Klobuchar. Thank you. I think that's going to be 
very important as we see some of these products coming in.
    I'm also interested--my last question--in your discussion 
of the Customs-Trade Partnership Against Terrorism, the public-
private partnership program that allows participating trade 
groups to receive expedited service at ports, in exchange for 
maintaining a higher level of personal security. So, you're 
working in partnership, acknowledging that some businesses and 
trade groups are going to do a better job of having higher 
security. And you mentioned that CBP is working with foreign 
partners to establish binational recognition and enforcement. 
Could you elaborate on that?
    Mr. Bersin. We cannot do our job, Senator, without 
segmenting the traffic between, as I indicated in my statement, 
traffic we know something about from traffic we know nothing 
about or about which we have derogatory information. The C-TPAT 
Program, the Trusted Shipper Program, the Trusted Broker 
Program, the Trusted Freight Consolidator Program, is 
essential--an essential public-public partnership that actually 
offers some assurance of supply chain security so that we can 
offer benefits of expediting trade to the members of that 
partnership.
    In the same way as you suggest, our partnerships with 
foreign governments in which they have the so-called AEO or 
trust--AEO programs, or trusted programs--when we can do a 
mutual recognition with those countries, we actually multiply 
our presence. So far, we have five agreements of mutual 
recognition, with Japan, Korea, Canada, Jordan, and--I always 
forget the fifth one----
    Senator Klobuchar. You can supplement the record.
    Mr. Bersin.--and I always forget the----
    Senator Klobuchar. Oh, they're so quietly advising you back 
there, I didn't notice.
    Mr. Bersin. And I always forget New Zealand, the first one, 
as I'm reminded, and the one on which we rely for so much of 
our commodity import. But, of those five countries, we actually 
have a mutual-recognition regime.
    Just recently at the World Customs Organization, we 
negotiated, with the European Union, a process by which we 
trust, over the course of a year, we will have mutual 
recognition between the United States and the 27 nations of the 
European Union.
    Senator Klobuchar. Very good. And I can put my question in 
writing for you, Director Caldwell, about some of the issues 
with some of the foreign ports and the recent Coast Guard 
estimate about 15 countries not maintaining their effective 
antiterrorism measures. But, I think I'm out of time, and I'll 
just put that in writing. All right? Thank you.
    Thank you, to all of you.
    The Chairman. Senator Cantwell.

               STATEMENT OF HON. MARIA CANTWELL, 
                  U.S. SENATOR FROM WASHINGTON

    Senator Cantwell. Thank you, Mr. Chairman, and thanks for 
holding this important hearing.
    Admiral Papp, good to see you. I'm looking at the FY-2011 
budget for the Coast Guard, and I see that there's a 3.3 
proposed decrease, about $75 million. And do you have any idea 
what that means, as far as how you're going to realize those 
budget cuts? And I know, also, that there's a GAO report that 
the FY-2011 budget cites decreases in port funding in waterways 
and coastal security, and has a cut of about 6 percent. So, I'm 
just trying to understand how we're going to make these cuts 
and how we're going to keep our ports safe in the process.
    Admiral Papp. Yes, ma'am. Obviously, some very difficult 
decisions were made when putting together the 2011 budget. 
There were tradeoffs made to continue the recapitalization of 
our infrastructure, the--those versatile and adaptable 
aircraft, boats, and ships that I talked about earlier, and to 
sustain some short-term reductions in other activities in order 
to pay for that.
    Where it manifests itself, probably most visibly for this 
particular hearing, are the five Maritime Safety and Security 
Teams that were reduced in that budget. I've done a lot of 
talking about the versatile and adaptable resources that we 
have. For instance, one of the MSSTs that was to be reduced is 
in the Port of New York. We have increased Station New York and 
Sector New York general-purpose forces, almost double over the 
last 8 years or so. For--as an example, Station New York used 
to have 45 people, they have 90 people there right now that can 
do daily missions within the Port of New York; whereas, the 
MSST, as a single-focus security force--I love having them, but 
their utility, in terms of providing day-to-day security was 
not as much as the stations that were there. So, when 
confronted with the choices of, ``How do we balance our forces 
to provide the services to our country?'' we stuck with the 
versatile, adaptable general forces, to sustain them as much as 
we could, while recapitalizing some of those ships, boats, and 
planes that we so desperately need, as well.
    Senator Cantwell. I'm not sure I followed all of that, but 
I also want to ask you, because in this line of making ends 
meet, obviously ports are a key part of our security regime. I 
had asked Secretary Napolitano about the semisubmersible 
vessels and what we were doing to repair--and I know that there 
has been, recently--a submersible vessel that was recently 
discovered in Ecuador, so this whole issue of their involvement 
in drug trafficking--so, what are the plans to fully combat 
these submersibles?
    Admiral Papp. Well, ma'am, the first thing is good 
intelligence. We need to cooperate with the countries of South 
and Central America, particularly our friends in Colombia, who 
have really done a complete turnaround down there and have 
assisted us and really been strong partners in this drug war.
    We work the intelligence side very hard, through many 
methods, so that we can detect these semisubmersibles as 
they're leaving. If we don't know when they're leaving, then it 
makes the equation even much more difficult, because of their 
profile. With the vast expanses in both the eastern Pacific and 
in the Caribbean, they're very difficult to detect. We have 
marine aviation patrols out there. We work with the Navy, and 
we work with other Central and South American countries, as 
well, to try and detect them. And then, of course, we have our 
own patrol vessels down there.
    Senator Cantwell. And what about small-vessel threats 
that--I know there was a pilot program that both Seattle and 
San Diego participated in, as it related to nuclear detection 
for small vessels--is that--I think the Coast Guard was 
involved in that--and do you think that we need to expand that 
program? Are we going to expand that program----
    Admiral Papp. The----
    Senator Cantwell.--into--you know, into major port areas?
    Admiral Papp. We--as mentioned earlier, the small-vessel 
threat is one that deeply concerns me, just based upon the 
magnitude, the sheer numbers, of recreational boaters and 
fishing boats that are out there. As I talked about before, we 
perceived all of them as a threat, at one time, and what we've 
done now is actually saw them as a--see them as a force 
multiplier. So, outreach through education, some of the 
programs that we've had out in the 13th Coast Guard District, 
and our America Waterways Watch Program, have been very 
beneficial to us, in terms of bringing that recreational and 
fishing-boat public in to act as additional sensors for us on 
the water to provide us maritime domain awareness.
    Senator Cantwell. So, do you think the program's going to 
expand?
    Admiral Papp. Well, it's certainly one that I want to 
sustain. Right now, it's a very low-cost project for us, the 
America's Waterways Watch Program. It's slightly in excess of a 
million dollars, which is basically to provide and conduct 
outreach, both through Active Duty Coast Guard people and our 
Coast Guard Auxiliary. That's certainly a program that we could 
expand upon. And then, we're also--we have our small vessel 
security----
    Senator Cantwell. That's more what----
    Admiral Papp.--strategy that is on its way, that's----
    Senator Cantwell. That----
    Admiral Papp.--currently under review by the Secretary.
    Senator Cantwell. OK, that's more what I was referring to, 
so I'll----
    Admiral Papp. Yes, ma'am.
    Senator Cantwell.--look forward to seeing that plan and 
what you're going to do about small vessel detection.
    Admiral Papp. Yes, ma'am.
    Senator Cantwell. Thank you.
    Thank you, Mr. Chairman.
    The Chairman. Thank you, Senator Cantwell.
    Senator LeMieux.

             STATEMENT OF HON. GEORGE S. LeMIEUX, 
                   U.S. SENATOR FROM FLORIDA

    Senator LeMieux. Thank you, Mr. Chairman.
    Thanks all of you, for your service.
    Commandant, it's great to have you here, and 
congratulations on your new position. I had a chance to visit 
before you officially came on, and very pleased that you're 
leading the Coast Guard. And we had a great discussion about 
what the Coast Guard means to Florida. So, I am proud of you, 
proud of the work that all the Coast Guard folks have done in 
the Gulf. This has been an extremely difficult and trying time, 
and I know your folks are working very long hours. And I just 
wanted to let you know, and please pass along, how much we 
appreciate the good work they've done.
    Admiral Papp. Oh, thank you, sir, they'll appreciate that.
    Senator LeMieux. I want to talk about port security, and I 
want to talk about two areas. I want to follow on what Senator 
Lautenberg said about this container issue. Five percent's not 
acceptable. And if the law says 100 percent, then we have to 
get toward 100 percent. And although that may be a very 
difficult task, frankly and respectfully, it's your job to get 
there. If you can't get there and that is an unreasonable 
requirement, then we need to change the law. But, if the law is 
that you're at 100 percent, we need to try to get to 100 
percent, and 5 percent is very far from 100 percent.
    We've got, as you know, 14 deepwater ports in Florida. The 
ports are our lifeblood. They are where the cruise ships come 
in, and they are where we do our trade. So, I have been 
concerned for a long time, even prior to my time here in the 
Senate, when I worked in the attorney general's office in 
Florida, about port security. I'm concerned about it because of 
what may come in on a ship, but I'm also concerned about it 
because, like many cities, our port--most of our ports are 
embedded in our downtown areas, and they are--you know, as a 
place of entry, they are so close to our civilian populations 
and our city centers. So, I worry, as I know you do, about 
worst-case scenarios and what could come in on a ship. And I'm 
very pleased to see that you're doing, what, nearly 100 percent 
on the screening for radioactive materials, and I commend you 
for that. But, the screening that has to happen on the rest of 
these containers--there are a lot of things that could come in 
on them, and it's not just the dangers everyone thinks about 
it. In Florida, it can be exotic plants and animals that come 
in and get in our waterways and cause tremendous environmental 
damage. So, there are a lot of things that can come in on a 
container, and a lot of containers come through Florida, as you 
know, not just for Florida's use, but for the entire eastern 
part of our country.
    But, specifically on ports, I wanted to ask you if--what 
focus you're having on trying to secure the ports, not on the 
container side, but just on the physical property of the ports. 
And I'll tell you what worries me. I'm from Fort Lauderdale, 
and we have Port Everglades there. And Port Everglades is our 
fuel port. They do cruise ships and other things, too. But, we 
have these huge fuel containers, that store gasoline and oil, 
that are basically right in our downtown. And you can see them, 
and you can drive by them on Federal Highway. And I've always 
been worried about what someone with bad intentions could do to 
something like that. And there are other places in Florida, as 
well--in Tampa, in other places, where the port is right near 
the city center.
    So, if you could address that for me a little, sir, and 
then we can talk a little bit more about containers.
    Mr. Bersin. Let me start with the containers, because----
    Senator LeMieux. Whatever your preference.
    Mr. Bersin.--if I might. The--because I don't like being in 
the position, because I do appreciate, and I know the Secretary 
appreciates, the threat, and also the fact that 100-percent 
scanning is the law, and that, in fact, being at 5 percent, 
there is a huge gap there, and it has been, actually, an issue 
that has been delayed and deferred each year, as the 
legislation permits. So, I think, in fact, we need to come to 
grips with that, and I suggest to you, Senator, and commit to 
you, that that process is underway, which is to take the very 
significant challenges that we face, in terms of cost and 
logistics of a 100-percent scanning regime.
    And it's our obligation, I think, to do two things. One is 
to provide a complete statement of what it would take, in cost, 
to meet the law, and in terms of the arrangements, and whether 
or not we could do that, all things being equal, which 
oftentimes they're not. And if we cannot do that, then we come 
up with a regime, in consultation and concert with Congress, 
that gets us a level of security that is satisfactory to the 
American people.
    So, I understand the Senator's concern. I share it. And I 
know that the Secretary is committed to the Congress to work 
through a series of proposals if, in fact, the 100-percent 
cannot be met.
    Senator LeMieux. OK.
    Mr. Bersin. With regard to port security, let me lay the 
scenario up, because this is something that would be in a 
partnership with the Coast Guard--in some cases, the Navy--and 
mostly, actually, with the Port Authorities that control the 
ports, such as the one, Fort Lauderdale, that you refer to. 
These are county or State authorities that actually have the 
bonding authority and do the construction. Usually, with regard 
to CBP, CBP would be consulted as to the specifications for the 
necessary customs inspection facilities, but the port security 
layout is ordinarily an issue, frankly, that we would not have 
control over. We would be consulted, as I believe the Coast 
Guard would, but ultimately it's a local decision as to how, in 
fact, to construct the facility.
    I will say, in the wake of 2001, and certainly even the 
Port--the SAFE Port Act, there are much more--there's much more 
consultation. Before coming into this job, I was the Chairman 
of a Regional Airport Authority, which is comparable to the 
authority you suggest that runs the ports at Fort Lauderdale 
and elsewhere in Florida. And we certainly consulted with our 
Federal partners. But, at the end of the day, it was a decision 
of the Airport Authority as to what steps would we take and 
where the construction would take place. So, I'm not avoiding 
the responsibility; it's just not within our authority, 
although we are always willing to consult, as I know the Coast 
Guard is.
    Senator LeMieux. I mean, I know there's a shared governance 
issue. But, as you know, these ports were built a long time 
ago, most of them, and they were built in a pre-9/11 
environment. And I've been appreciative of the heightened 
security requirements. When you go into these ports now, 
there's usually a checkpoint and there are other things that 
you have to do so that there's some monitoring of people who 
are going in and out. But, I worry about their proximity to 
city centers. I worry most about the ones that have fuel. And I 
don't know what the answer is, but I wanted to raise the topic, 
because I wanted you all to be focused on it.
    Mr. Bersin. I appreciate that, sir.
    Senator LeMieux. Admiral, you want to speak to that point?
    Admiral Papp. Oh, yes, Senator, surely.
    This is where the versatility and the authorities the Coast 
Guard has really comes into play, in earnest. We have Area 
Maritime Security Committees, which brings together the 
Federal, State, and municipal authorities, the interagency, all 
under the authority of the Captain of the Port. And our Captain 
of the Ports are now the area maritime security coordinators 
under MTSA. Every one of those facilities has to have a 
facility security plan reviewed, approved, drilled, and 
exercised, and inspected by the Coast Guard. So, none of these 
things are done in isolation or unilaterally, they're all done 
under cooperation and with a multilayered review when they are 
put in.
    And I know, down in Fort Lauderdale, we have extensive 
Coast Guard oversight down there, we work in partnership with 
the local communities, and are continually reviewing it.
    Senator LeMieux. Appreciate that.
    Thank you, Mr. Chairman.
    The Chairman. Thank you, Senator LeMieux.
    I guess I'm a little bit frustrated, because there's a lot 
of, kind of, intelligence-speak, security-speak, government-
speak going on here. And the basic--the base--I sort of come 
back to the boats, the little boats. And Senator LeMieux was 
referring to that, and others were.
    The 100-percent--you've got to get to 100 percent. That's 
very much in the minds of people, very much in the minds of 
Congress. If that's not doable, we need to know about that, and 
we need to change the law, as just has been suggested. But, to 
hold out a promise--see, in the world of coal mining, where you 
have disasters on a fairly regular basis, we have--and that's 
very complex in--it's a sort of hidden secret world, et cetera, 
deep in--you know, a mile underground, all this kind of thing--
we have a mantra, that all accidents are preventable. A little 
bit, I get the feeling that ``We're doing the best we can'' 
from you. That totally makes sense, just as you could say ``All 
accidents are preventable'' can't be true, since accidents can 
occur in various ways and--but, you know, I think that the 
mantra of ``All accidents are preventable'' is the one that we 
have to have, because that's what drives us toward speaking 
rationally and realistically to each other.
    I mean, the Washington Post is carrying, I think, a 
fascinating article--and I'm, you know, on the Intelligence 
Committee--about the world of intelligence, how it has gone up 
by enormous numbers, and enormous numbers of dollars, and it's 
sort of horrifying as you look at all the charts and the way 
everything is spread, and DHS has, you know, tons and tons of 
things, and--Is DHS really working properly? And can it work? 
Was it put together properly?
    I think we're going into an era where we have to deal with 
a new toughness about budget. I know that the Republicans are 
talking very much about a very severe attitude toward budget 
deficits, reducing it dramatically, reducing resources 
available in very, very important programs. The whole concept 
of the military getting the amount of money that it gets, I 
think, is beginning to wear on the American people just a bit, 
because it's--in the President's budget cut, it was exempted--
it was exempted--as, in fact, was intelligence. Well, that's 
good, because we're still in a post-9/11 way of thinking--and 
we are, very much so--that we've got to stop everything. And 
therefore, you have to grow, grow, grow.
    But, at some point, you also have to make what you are 
doing work. And so, I come back to the little boats. Secretary 
Napolitano was here some time ago, and she's got this--you all 
have this test-radiation-detection-equipment thing going on to 
find out radiation devices, containers, whatever, that are 
found in relatively small pleasure boats or commercial boats. 
Now, you can't, sort of, board each one of these things, 
because they'd tip over. So, you have, sort of, drive-by or 
motor-by detection devices, trying to figure out, Are these 
enemies, or not? You don't really care whether they like 
America or not, but you care very much about whether they have 
onboard something which is--could go off in a port, anywhere. 
And Senator Lautenberg was describing, and Senator LeMieux, how 
close these ports are to hundreds of thousands, millions of 
people.
    So, I just want to press you on this question, Admiral 
Papp, of the--you know, what do you know about these little 
boats? That's something that can be done. I'm not interested 
in, Do they like us? I'm not interested in outreach, sort of 
driver education, ``Drive--do it safely,'' all that. I'm 
interested in your response to matters relating to terrorism 
and destruction in America.
    And to you, Mr. Bersin, these are paramount.
    So, now, your world is going to be one--and you have a lot 
of helicopter problems, you have a lot of helicopter crashes. 
You didn't used to, but you've got old equipment. Your ice 
cutters are 45 years old now, right? No money to fix them up. 
Your Merchant Marine Academy needs a lot of repair. It takes 
money. I'm not sure the money is going to be there in the 
future. I'm not sure of that.
    So, what--how do you take all of these things that you have 
to keep your mind on, in terms of being secure--you each have 
intelligence agencies--I don't think the GAO does, but I may be 
wrong--but you have intelligence agencies. I don't know how 
much you share with other intelligence agencies, or whether 
they share it with you, or whether there's any attempt to make 
all of that going on. But, we've got to find efficient ways of 
protecting people. And, in the case--I'm just using small boats 
sort of symbolically--but that's something we ought to be able 
to do. It's like----
    Why am I offended that I can get on a general aviation 
aircraft without going through one inch of security, and the 
pilots can do exactly the same? And I can carry anything I want 
onto a general aviation plane, and nobody pays any attention. I 
just go out to Dulles, get on a general aviation plane--don't 
do it very often, but I can do it and nobody pays any 
attention. That is not acceptable, in terms of national 
security. That is unacceptable. There are agencies that allow 
that, agencies that could stop that.
    We could do the same with small boats. I'm not saying small 
boats are the whole issue, but it is an issue, and it's the one 
that I'm picking on.
    So, what about these motor-by radiation detector things? I 
don't think they're working very well. I could be wrong. And if 
you've got 17 million, where do you start? Do you start in 
Houston? Do you start in Newark? Do you start in Fort 
Lauderdale? You know, it isn't just a question of--you know, 
coming to hearings must be awful for you. You must hate doing 
it. But, we have to get a sense of how money is being spent, 
and what the results we are getting from that money are.
    I'm a huge fan of the Coast Guard--you ask Admiral Allen--
huge fan of the Coast Guard. But, the Coast Guard has to 
perform. It doesn't matter whether I like them or don't like 
them; they have to perform. And you can't come up here and say, 
``Well, we're doing the best we can. And yes, there's a long 
distance between 5 percent and 100 percent.'' And if we can't 
do 100 percent, or you don't--we could, but--if you had the 
money, but you don't have the money, then you do need to tell 
us that so we do change the law, which is at least being square 
with the American people.
    Now, you understand what I'm saying, and I don't have to 
ramble on, here. But, I feel very strongly about this, that 
we--we talk to each other in acronyms, we talk to each other 
in, sort of, statements of certainty, of effort, of 
aspirations, and yet, when it gets down to, what are the 
results, really, and what are the reasons those results can't 
be better? Is it a matter of money? Is it a matter of 
personnel?
    And then again, you run into budget problems in the future. 
I think we're going to have substantial budget problems in the 
future. In fact, I guarantee you we're going to have 
substantial budget problems in the future.
    So, just taking what I've said, and picking out whatever 
little morsel you want, please respond.
    Admiral Papp. Yes, sir. Thank you, Mr. Chairman.
    You know, you're absolutely right. It is a tremendously 
vexing and challenging problem. Seventeen million boaters. But, 
you know, it's analogous to--I don't know how many cars are in 
this country. I would venture to say--well, I won't even 
venture to say. There are many, many more, by magnitudes--cars, 
trucks. And we know that people have used car bombs and/or 
truck bombs. You only have to look back as far as Oklahoma City 
to see that that method has been used. Can we keep people off 
the streets? Can we prevent another car bomb from happening? I 
think that's quite a challenge. And I think it's an--analogous 
to what we're trying to do.
    Now, we have authorities. We can shut down--our Captain of 
the Ports have authorities to shut down waterways, take all the 
boats off. Now, we do that from time to time. If there's a 
major security event, whether it's an inauguration, whether 
it's a Super Bowl game that's alongside the Detroit River, we 
will shut down waterways because of the increased threat and 
potential for something to happen.
    The Chairman. But, you know what? I don't count that. I'm 
not going to let you get away with that, because----
    Admiral Papp. OK.
    The Chairman.--those are predictably dangerous situations; 
and so, of course everybody, you know, goes around with Uzis 
and AK-47s and although--I mean, sure, we load up, we have 
absolute protection, and we shut the waterways down. But, there 
are the under--the other 364 days a year, where there aren't 
large events, and there are small ports or large ports and 
millions of people, and 17 million boats. Didn't mean to 
interrupt you, but I did.
    Admiral Papp. No, sir. And you're absolutely right. We put 
in an awful lot of effort on those events. And what I call them 
is low-probability/high-consequence events, with the amount of 
structure we put around them, it's unlikely that an event is 
going to occur, because we have strengthened and fortified that 
particular event.
    The Chairman. But, don't you understand----
    Admiral Papp. What concerns me is----
    The Chairman. That's why I don't like your----
    Admiral Papp. Yes, sir.
    The Chairman.--answer, because that's a special situation.
    Admiral Papp. Yes, sir.
    The Chairman. I'm talking about the other 364 days, because 
that's when something's going to happen.
    Admiral Papp. Well, the vast majority of those 17 million 
boaters are law-abiding citizens of the United States who, by 
our nature, are resistant to discipline, structure, and regimes 
that prevent them from enjoying what they perceive as their 
right to enjoy the waterway. And therein lies the problem. What 
sort of strictures, what structure, what discipline, what laws 
do we put into place that might penalize those--the vast 
majority of that 17 million while we're trying to find someone 
who, we don't know for sure is out there?
    And that's why I keep on going back to strengthening our 
intelligence regimes. We have discovered much more through 
intelligence, where we can track people, where we look at 
what's being purchased, whether it has the makings for a bomb, 
whether it's somebody that perhaps has not used the water 
before, someone becomes suspicious because they buy a large 
boat, with capacity for carrying things, and they may exhibit 
behaviors that would indicate that they're not mariners, but 
might have some nefarious purpose. That's where I see us. 
Unless we want to have a Coast Guard that is, I don't know, 
100,000 people, so that we can have every waterway picketed 
with our boats out there, I don't know that the country can 
afford that.
    So, given what I have, in terms of resources, I employ them 
to the best effect that I can, which is leveraging 
intelligence, strengthening partnerships with--through our Area 
Maritime Security Committees, and doing the best we can with 
the resources that we have. And sometimes, yes, sir, knocking 
on wood, keeping my fingers crossed that there's nothing out 
there that we haven't detected or that we're not going to be 
able to get to.
    So, I understand, and I fully comprehend--you know, 
sometimes when I speak to groups, they say, ``You're just 
being--that's just paranoia.'' For me, is it paranoia or is it 
possible? And if you come down on the side it's possible, then 
who is responsible for it, and who is doing something about it?
    The Chairman. OK. I----
    Admiral Papp. It's my responsibility----
    The Chairman.--hear you, and my time is----
    Admiral Papp. Yes, sir.
    The Chairman.--like 3 days over.
    Admiral Papp. Yes, sir.
    The Chairman. But, my approach would be--if I were you, I 
would take some of those--in Fort Lauderdale or Houston, I 
would take some of those ships, and those commercial pleasure 
craft, and I'd stop them, and they'd be furious at you, and you 
wouldn't care, because you have a job to do, which is far 
greater than the pleasure which they're experiencing. You're 
worried about destruction. I'd stop them, and I'd go through 
them, and you don't have to do it everywhere, you don't have 
the personnel to do it everywhere, but the word gets around. 
The word gets around. And that helps. Rather than saying, ``The 
vast majority of Americans are good, law-abiding citizens.'' 
That doesn't do much for my conscience.
    Admiral Papp. Yes, sir. Well, I'm sorry, if I haven't been 
informative enough. When I talk about maritime security 
operations, that's where these versatile adaptable forces come 
in. We are doing boardings constantly. We do random boardings.
    The Chairman. You just said, ``But, we don't want to 
interrupt people in their pleasure.''
    Admiral Papp. Well, not the vast majority, but we do 
random. And that is part of our Operation Neptune Shield 
philosophy, is to do random and scheduled patrols and boardings 
throughout our areas of responsibility. That's ongoing, every 
day. We have thousands of boardings that go on, to inspect 
vessels for safety, but, once we have people onboard, and we're 
inspecting for safety, if there is some indication of other 
activity, whether it's drinking or use of drugs, we carry that 
inspection further.
    The truth of the matter is, in the years since 9/11, we 
have not lost one single person due to terrorism out on the 
waters of the United States, but every year we lose about 1,000 
people for not wearing life jackets and drunk boating.
    The Chairman. That is right.
    Admiral Papp. Yes, sir.
    The Chairman. But, that's also a way that you avoid 
answering a question, in Washington-speak. ``Nothing has 
happened.'' Well, the fact of the matter, a great deal has been 
attempted, and has been interdicted, which you can't talk 
about. But, you know, if somebody hadn't been there--I'm just--
I'm going to stop talking. OK? Because I want to let these 
others, if they have other questions, to ask them. But, I just 
want you to read me.
    Admiral Papp. Yes, sir, absolutely.
    Senator Hutchison. Well, thank you, Mr. Chairman.
    I want to ask you something, because I have been concerned, 
as I think many people know, because I introduced a bill in 
response to the administration not waiving the Jones Act 
immediately after the oil spill. And my question is, Do you 
believe that it would have been more expeditious if we could 
have gotten the help from the foreign skimmers into the 3-mile 
limit more quickly? And, if no, why not? And maybe you'll say 
``no,'' but why wasn't it done immediately, on an expedited 
basis, rather than the processes that you have to go through, 
that the Coast Guard has the control over, to waive the Jones 
Act on a piecemeal basis?
    Admiral Papp. Well, thanks, Senator, for that question, 
because, quite frankly, I've just not understood why people 
have been concerned about this, because it hasn't delayed 
anything from getting there. The Jones Act did not even come 
into play--the spill location being that far offshore, there 
was no implications to the Jones Act. We had foreign skimmers 
and ships that came in. They weren't involved in trade between 
ports in the United States, so as long as they stayed that 
distance offshore, there was no need to provide a waiver, 
because the Jones Act just did not apply.
    Senator Hutchison. But, why----
    Admiral Papp. Now, there was the potential----
    Senator Hutchison.--once the oil was going into the 3-mile 
limit, then it was going to be going on the shore. So, why 
wouldn't you want the full capability that those well-equipped 
foreign skimmers could have given and were offered?
    Admiral Papp. Well, most of the skimmers that were ordered 
were ocean skimmer--or, offered--were ocean skimmers. That's 
where we needed them, out close to the source. We needed to 
collect as much oil as we could out at the source, at the well. 
And we've been very successful at doing that. And there was 
never any delay in getting any of those foreign skimmers 
because of any Jones Act considerations. And, in fact, they've 
been helping us out greatly.
    Now, to bring in smaller in-shore skimmers, we've just--we 
have had, between the skimmers we have, organically, in the 
United States, the thousands of vessels of opportunity that we 
had step forward in the Gulf, that were employed in the 
skimming operations, there was just no need for any 
additional--to my knowledge; now, this is one of the details 
the National Incident Commander could get into--but, to my 
recollection, there was no need for smaller, in-shore foreign 
skimmers to come in, which would not--if they did, it would 
require a waiver. I know Secretary Napolitano was ready and 
willing to provide a waiver, if needed, but there just was no 
need for it.
    Senator Hutchison. And you feel that there were sufficient 
numbers--it's sort of a disconnect, from what was being 
reported and what you're saying, about the numbers of skimmers 
within the 3-mile limit being sufficient. Do you feel that you 
had the sufficient number within the 3-mile limit?
    Admiral Papp. In terms of the breakdown in 
responsibilities--and I have to go back to Senator Rockefeller, 
because I feel badly, because this is the first time I've ever 
been accused of Washington-speak in my career, so I'm trying to 
be as clear and frank as possible--I--the--Admiral Allen is the 
National Incident Commander. It's my role, as the Commandant of 
the Coast Guard, to support him with Coast Guard people and 
forces. So, to that extent, we have given 100-percent support 
to Admiral Allen in that effort, using Coast Guard forces, 
Coast Guard people. I've been involved, peripherally, because 
I've sent some of my admirals, my flag officers, down there to 
work within the National Incident Command process, so I get 
some feedback, and my feedback is that we've had sufficient 
resources down there, that the National Incident Commander, 
Admiral Allen, has received everything that he has asked for. 
And so, I have not seen the problem.
    Senator Hutchison. Well, you are getting into Washington-
speak, because I understand what Admiral Allen's role is. There 
is a disconnect between what we read and see, versus seeming 
like we're not making the maximum use, in the most efficient 
way, of the offers that were given.
    Let me ask a final question, and that is, the Houston Ship 
Channel Security District has put in place a fee structure that 
would allow port tenants and also the Federal dollars to be 
able to be pooled for port security to be done on a portwide 
basis. Is this unique among the other ports, this model? And 
are others doing it? What's good about it? And is it being 
implemented in a positive way, which we think is the case, 
but--is it unique?
    Admiral Papp. I think my friend, the Commissioner, is 
itching to answer, here, but I have learned about it recently, 
and I'm encouraged by it. I think it's a great way--and 
actually, it works within our Area Maritime Secure Committee, 
that effort--the Coast Guard Captain of the Port in Houston 
works with the district. And I've received some very 
encouraging reports. It's exactly what we're looking for, in 
terms of not just Federal forces providing for security, but 
the community, the port, and the State all coming together so 
that--none of us can do it fully on our own; all together, we 
can do a much better job.
    Senator Hutchison. Is it a value added, Mr. Bersin?
    Mr. Bersin. If I might--absolutely. In the--it's not 
unique. What makes the Houston Ship Channel so--makes it one-
of-a-kind are the number of jurisdictions that are around the 
particular area. But, in fact, multi-jurisdictional 
participation in joint harbor commands or the kinds of 
interagency and intergovernmental bodies that the Admiral spoke 
about before, I think, is the way in which we get the greatest 
leverage out of every--all the governmental authorities. So, 
that particular model is not unique, but it's very effective.
    And I know, on the CBP side, all of the Federal agencies 
are gathering together to work with the many jurisdictions on 
the channel to build a common security plan, and then to have 
the financing to see that it's implemented effectively.
    Senator Hutchison. Thank you.
    Thank you, Mr. Chairman.
    The Chairman. Thank you very much, Senator Hutchison.
    I thank all three of you very much. This has been a very 
informative hearing. And I'm sorry more members didn't come 
out, but these are strange days in the Senate.
    And this hearing is adjourned.
    [Whereupon, at 4:20 p.m., the hearing was adjourned.]
                            A P P E N D I X

Response to Written Questions Submitted by Hon. John D. Rockefeller IV 
                       to Admiral Robert J. Papp
    Question 1. In spite of the recent economic downturn, the rate of 
global commerce is forecasted to increase over the next few years. As 
trade and the economy improve, a significant portion--more than 80 
percent by some accounts--of goods entering the United States will come 
through our domestic ports. Given the economic importance of ports, 
vessels, and waterways, their security is absolutely critical. Where do 
you see the greatest port security risks? What are you doing to 
mitigate those risks? How do you believe S. 3639 addresses these 
concerns?
    Answer. The tremendous amount of CIKR and population within or near 
America's waterways provides terrorists potential opportunities to 
conduct physical and psychological damage. The Coast Guard makes a 
determined effort to provide security for about 95,000 miles of 
coastline. It is responsible for protecting over 300 ports and over 
10,000 miles of navigable waterways. It provides security for a myriad 
of landside connections which allow the various transportation modes to 
move people and goods to, from, under, and on the water. More than $958 
billion of international commerce, including 1.4 billion tons of cargo, 
is transported within the MTS. Most cargo is carried by foreign vessels 
and crews that the Coast Guard cannot as easily scrutinize for security 
threats as it can U.S. flag vessels. The Coast Guard is challenged to 
protect more than 8 million cruise ship and ferry passengers as part of 
a transportation segment that logs more than 65 million passenger-miles 
a year (a 21 percent increase above the average just 6 years earlier). 
The Coast Guard secures waterways for numerous boaters operating almost 
13 million registered recreational vessels. Additionally, the Coast 
Guard protects the domestic movement of numerous high value military 
vessels and maritime cargo for national defense and national security. 
The vast and complex CIKR and MTS of this Nation and its citizenry is 
exposed to an extremely unpredictable and diverse set of terrorist and 
other security threats.
    U.S. Marine Transportation System components (i.e., ports, 
waterways, maritime critical infrastructure and key resources (CIKR), 
and vessels) are potentially vulnerable to a myriad of maritime and 
shore-based attack methods (e.g., underwater swimmers, mines, stand-off 
weapons, small vessel \1\ attacks, vehicle and waterborne improvised 
explosive devices (VBIED/WBIED), etc.).
---------------------------------------------------------------------------
    \1\ Small vessels are characterized as any watercraft, regardless 
of method of propulsion, less than 300 gross tons. Small vessels can 
include commercial fishing vessels, recreational boats and yachts, 
towing vessels, uninspected passenger vessels, or any other commercial 
vessels involved in foreign or U.S. voyages.
---------------------------------------------------------------------------
    The Intelligence Community reports no credible indications exist 
that terrorists are planning to use small vessels in an attack on the 
United States. However, among the viable maritime attack methods, the 
direct and indirect use of small vessels generates the greatest 
concern.
    The Coast Guard and other law enforcement agencies face the 
challenge of distinguishing between the vast number of legitimate 
vessel operators and the relatively few individuals engaged in illicit 
and potential terrorist activities. The challenge is immense, as it 
involves nearly 13 million registered U.S. recreational vessels, 82,000 
fishing vessels, and 100,000 other small commercial vessels. On any 
given day, a considerable number of these boats share waterways with 
commercial deep draft and military vessel traffic, operating in 
hundreds of U.S. ports and in the immediate vicinity of maritime 
critical infrastructure and key resources.
    Overall, S. 3639, if enacted, could facilitate or assist the 
fulfillment of some of maritime security by increasing the transparency 
associated with owners and operators of recreational vessels, enhancing 
maritime domain awareness, mitigating small vessel security risk and 
increasing cooperation and coordination amongst stakeholders.

    Question 2. As the U.S. Coast Guard's responsibilities and role in 
safety and security issues continues to broaden, questions have 
surfaced about whether the Coast Guard has sufficient resources to 
adequately execute its missions. Do you believe that we should look to 
assessing a port security user fee to help manage the growing cost 
associated with port security? Should the cargo and shipping industries 
along with other users be required to pay a similar fee?
    Answer. A fee-based structure could be appropriate to fund security 
services that benefit specific users of port facilities. A review of 
existing fees would be an important first step in making that 
determination.

    Question 3. The Coast Guard is currently examining technologies to 
test radiation detection equipment, but thus far it appears the results 
indicate that the technology has operational issues (i.e., is not 
operating at high speed or far distances). Is this the case and are you 
confident that the technology works? What alternative technologies are 
you considering? Will the U.S. Coast Guard commit to coordinating with 
DOE going forward? Please provide a summary of findings to-date on the 
tests, the determination of the viability of the technology, and what 
plans Coast Guard has formulated to address the deficiencies.
    Answer. The Coast Guard is not leading any efforts to examine 
technologies to test radiation detection equipment. The current 
radiation detection/identification equipment deployed by the Coast 
Guard is adequate and meets or exceeds Coast Guard Maritime Radiation 
Detection Program mission requirements. The Coast Guard currently uses 
human portable systems which typically require boarding team and 
inspectors to physically board a vessel. Future goals of the Coast 
Guard Maritime Radiation and Nuclear Detection Program are to minimize 
the need to board each vessel through the use of stand-off detection 
and identification technologies. However, based on a review of the 
results from recently completed testing by the DHS Domestic Nuclear 
Detection Office (DNDO), stand-off detection/identification is in the 
embryonic stage of development and the technology does not currently 
exist to resolve this problem in the short-term.
    DHS Domestic Nuclear Detection Office (DNDO) has the lead for the 
research, development, testing, evaluation, and acquisition of 
radiological/nuclear detection and identification equipment to ensure 
that it is fully aligned with their Global Nuclear Detection 
Architecture (GNDA). USCG has worked with DNDO on the development of 
requirements for next-generation detectors to ensure that they meet 
USCG maritime domain requirements. As the lead in detection 
architecture development, DNDO would be in a much better position to 
provide a summary of findings to-date concerning tests and technology 
viability.
    The Coast Guard has a long-standing relationship with the 
Department of Energy (DOE) and the National Nuclear Security Agency 
(NNSA) and will continue to coordinate our maritime radiation detection 
program efforts with DOE for technical support. In the event that Coast 
Guard detects and/or identifies a potential or actual radiological 
material threat, Coast Guard operational protocol provides mechanisms 
for requesting the technical services of the DOE/NNSA Radiological 
Assistance Program (RAP) Teams or the Nuclear/Radiological Advisory 
Team (NRAT).

    Question 4. The Coast Guard is required to perform 2 inspections at 
MTSA-regulated facilities each year, with one of these being an 
unannounced inspection. Is an unannounced spot check a sufficient gauge 
of facility compliance with MTSA? How does it differ from an announced 
inspection? Is the Coast Guard finding greater non-compliance during 
unannounced inspections? Coast Guard staff who conduct facility 
inspectors are often assigned multiple duties while they are 
responsible for facilities that are growing in size and number.
    Answer. Yes, unannounced spot checks, as part of a compliance 
program, are an effective port security tool. During the spot check, 
Coast Guard personnel are able to carry out inspections until they are 
satisfied that the facility has met the Maritime Transportation Safety 
Act (MTSA) requirements.
    Typically, announced inspections are MTSA Annual Compliance Exams. 
These exams may take days to complete, will involve the Facility 
Security Officer (FSO) as well as other facility personnel, and cover 
the entire Facility Security Plan in detail. The Coast Guard 
traditionally schedules MTSA Annual Compliance Exams with the FSO to 
ensure that the necessary facility personnel are present for the 
examination and have set aside the requisite amount of time from their 
daily responsibilities. If a facility has not met the level of security 
required by MTSA the Captain of the Port (COTP) may conduct additional 
unannounced MTSA annual compliance examinations.
    Between January 1, 2010 and August 4, 2010, there have been 1,358 
announced MTSA Annual Compliance Exams conducted. Out of those exams, 
18 facilities, or approximately 1.3 percent, did not meet inspection 
compliance, of the 1,789 unannounced security spot checks there were 6 
facilities, or approximately 0.3 percent, which did not meet 
compliance.

    Question 5. Has the Coast Guard conducted any analysis of their 
inspection requirements to ensure that staffing needs are met and 
inspections meet their stated goals?
    Answer. The Coast Guard has developed and continues to refine a 
Sector Staffing Model (SSM) to examine several critical factors such as 
mission hours and activity levels as well as personnel, skill sets, 
qualifications, experience level, etc., in determining the appropriate 
number of personnel in key facility inspection positions for various 
mission areas. The Coast Guard's Marine Safety Improvement Plan is the 
Service's multi-year plan to enhance performance of the Marine Safety 
mission through various initiatives including increasing the number of 
marine inspectors.

    Question 6. Coast Guard port security procedures establish specific 
activity goals, known as Operation Neptune Shield (ONS)--in support of 
the agency's strategic plan for ports, waterways and coastal security. 
There are well documented shortages of resources, including GAO reports 
noting that Coast Guard's inability to meet its own standards. Does the 
Coast Guard have sufficient resources to handle elevated threat levels?
    Answer. The Coast Guard employs risk-based decisionmaking to 
allocate resources. Using the Maritime Security Risk Analysis Model 
(MSRAM), the Coast Guard identifies the highest risk vessels, maritime 
critical infrastructure and key resources (CIKR) within the threatened 
region, port(s), or National Infrastructure Protection Plan Sector(s). 
These risk-based results help guide the Coast Guard operational 
commanders' application of their resources to mitigate the highest 
maritime risk.
    In response to elevated maritime threat levels, the Department of 
Homeland Security (DHS) may elevate the Homeland Security Advisory 
System (HSAS) Threat Condition. The Coast Guard Commandant in 
coordination with the Secretary of DHS, may set elevated MARSEC Levels 
2 or 3 nationwide, regionally, by port(s), or by National 
Infrastructure Protection Plan (NIPP) Sector(s), (e.g., Transportation 
Systems, Energy, Chemical, etc.). DHS and the Coast Guard endeavor to 
apply the HSAS Threat Condition and MARSEC Levels in a targeted manner 
to balance the need for additional security measures against the 
impacts of those security measures upon the U.S. Marine Transportation 
System, maritime commerce, and recreational activities in ports and on 
waterways.
    To meet the MARSEC Level 2 and MARSEC Level 3 performance 
standards, Area Commanders may relocate existing resources from outside 
of the affected areas and may surge resources from other missions. The 
ONS OPORD contains provisions to mitigate the impact of surging 
resources on the Coast Guard's other missions. The ONS OPORD authorizes 
Area Commanders to adjust the other mission's performance standards.
    Sustained MARSEC Level 2 or MARSEC Level 3 operations may justify 
the recall of Coast Guard Reserve forces under the Secretary of DHS's 
authority found in 14 U.S.C. 712. Reservists recalled under Title 14 
may be issued orders for up to 60 days. Since 2008, the Coast Guard has 
annually obtained pre-approval from the Secretary of DHS for the 
Commandant to involuntarily recall up to a pre-designated number of 
Coast Guard Reservists under Title 14 to ``. . . aid in prevention or 
response to an imminent catastrophe, act of terrorism, or 
transportation security incident. . . .'', thus enhancing our 
mobilization readiness and the Coast Guard's ability to respond with 
minimum delay. The use of Coast Guard Reserve forces is subject to 
certain limitations, particularly the ``dwell time'' required between 
periods of active duty.

    Question 7. The number of vessel arriving into U.S. ports has 
generally increased over the past few years and this trend is expected 
to continue in the near future. What challenges does this increased 
workload pose to the Coast Guard in terms of its ability to carry out 
it mission to board and inspect foreign vessels, especially those 
deemed high-risk?
    Answer. The Coast Guard uses a risk-based approach to mitigate 
resource gaps, and identify and inspect high risk vessels. As a result 
of a 2007 comprehensive Marine Safety program review, the Coast Guard 
identified opportunities to improve capacity and competency through 
development of the Marine Safety and Improvement Plan. Through 
development of this Plan, the Coast Guard established a roadmap to 
improve the effectiveness, consistency, and responsiveness of the 
program to promote safe, secure, and environmentally sound marine 
transportation. This roadmap includes reinvigorating industry 
partnerships, improving technical competencies, increasing the number 
of inspectors, engineers and investigators, and expanding rulemaking 
capability to ensure the Coast Guard meets current and future program 
needs.

    Question 8. What steps has the Coast Guard taken to ensure it has 
the capability and resources to fully carry out its port state control 
and security boarding responsibilities even as the potential number of 
vessels needing to be examined or boarded continues to increase?
    Answer. The Coast Guard has taken several steps to effectively 
manage capability and resources to carry out Port State Control (PSC) 
and security boarding responsibilities. Examples include:

   2006--New PSC targeting matrix for better targeting of high 
        risk vessels and reduced targeting of low risk vessels;

   2007--New PSC Training Regime with new courses and improved 
        qualification standards;

   2008--New High Interest Vessel (security) targeting matrix 
        refined targeting of high risk vessels, reduced targeting of 
        low or no risk vessels; and

   2010--Maritime Enforcement Specialist (ME) Rating 
        established, and the ME school and qualification procedures 
        established.

    Additionally, through the development of the Marine Safety 
Improvement Plan (MSIP), provided to Congress in October 2007, the 
Coast Guard developed a multi-year plan to increase the core 
capabilities of the marine safety program to support and infuse the 
needed resources to address the growth of responsibilities for the 
boarding and examination of foreign vessels arriving and operating in 
U.S. waters.
    The Coast Guard is in the process of implementing this multi-year 
plan. The MSIP provides a roadmap to improve the effectiveness, 
consistency, and responsiveness of the program to promote safe, secure, 
and environmentally sound marine transportation. This roadmap includes 
reinvigorating industry partnerships, improving technical competencies, 
increasing the number of inspectors, engineers and investigators, and 
expanding rulemaking capability to ensure the Coast Guard meets current 
and future program needs.

    Question 9. The Coast Guard has formal MOUs or other agreements 
with state and local law enforcement authorities in some ports for 
sharing security resources in an elevated MARSEC situation. To what 
extent have these agreements been formalized to leverage other 
stakeholder's resources for ensuring port security?
    Answer. The legal framework for providing maritime security 
consists of the overarching Security and Accountability for Every 
(SAFE) Port and Maritime Transportation Security (MTSA) Acts supported 
by three statutory pillars: The Magnuson Act (50 U.S.C. 191 et seq.), 
the Ports and Waterways Safety Act (PWSA) of 1972 (33 USC 1221 et 
seq.), and Coast Guard operating authorities contained in Title 14, 
U.S. Code. Collectively and through the implementation of scalable 
requirements driven by Maritime Security (MARSEC) Levels, this 
architecture establishes risk-based maritime security burden sharing 
for federally-regulated waterfront facilities and vessels among 
Federal, State, and local government entities and industry. Layered 
security is a manifestation of this shared maritime security 
responsibility. The initial responsibility for State and local 
government entities is to resource the activities that they are 
executing for their portion of the layered security. State and local 
government may share resources with and provide assistance to the Coast 
Guard.
    Pursuant to requirements within the MTSA as amended by the Security 
and Accountability for Every Port (SAFE Port) Act of 2006, Coast Guard 
Captains of the Port (COTP) serving as Federal Maritime Security 
Coordinators (FMSC) worked in conjunction with their port partners to 
establish and convene Area Maritime Security (AMS) Committees, conduct 
AMS Assessments, and to develop required formal AMS Plans. These very 
comprehensive AMS Plans serve as Coast Guard-coordinated, port 
community-oriented maritime antiterrorism preplanning of joint 
deterrence efforts for transportation security incidents (TSI). The AMS 
Plans provide a strategy for coordinated and scalable actions to 
detect, deter, and prevent threats at varying threat levels throughout 
the respective COTP zones.
    In August 2009, the Coast Guard completed the first formal five-
year update of the Nation's 43 AMS Plans in coordination with 
respective AMS Committees, as required by MTSA. The FMSCs and AMS 
Committees use the Coast Guard's Maritime Security Risk Analysis Model 
to conduct AMS Assessments as required by MTSA implementing regulations 
in 33 CFR 103.400 to 103.410. The FMSCs/AMS Committees use the results 
of the AMS Assessments to identify the top three types of 
Transportation Security Incidents (TSI) most likely to occur in their 
port areas. All the AMS Plans include procedures and steps to be taken 
for prevention, protection, security response, and recovery from the 
identified TSI planning scenarios should such an attack be threatened 
or actually occur (elevated threat levels). As stated in the Navigation 
and Vessel Inspection Circular No. 09-02, Change 3 (Guidelines for 
Development of Area Maritime Security Committees and Area Maritime 
Security Plans Required for U.S. Ports), ``. . . these Plans may be 
viewed as unofficial Memorandums of Agreement (MOAs) within the port to 
ensure key players understand what activities each agency will take, 
and what resources each will bring for the given scenario.''
    The AMS Plans are required to be exercised annually, as part of the 
Coast Guard's Area Maritime Security Training Exercise Program 
(AMSTEP). The AMS Plans and the required AMSTEP exercises are critical 
elements of the Nation's maritime security preparedness and enable, at 
minimum, an annual opportunity for Coast Guard, Federal, state and 
local law enforcement, tribal and industry representatives, and other 
governmental agencies to validate the AMS Plans and resource 
sufficiency and stakeholder responsibilities in light of on-going risk 
analysis.
    In addition numerous Coast Guard operational commanders and State 
and local government entities have found it beneficial to enter into 
memoranda of agreement (MOAs) or memoranda of understanding (MOUs). 
MOAs and MOUs are detailed and have a narrower focus than AMS Plans. 
They vary in content, based on local resources and needs. They often 
address tactical specifics such as use of force policy, communications, 
training, reporting, etc. Several of the existing MOAs and MOUs 
specifically address elevated Maritime Security (MARSEC) Levels. With 
respect to the actual sharing of resources, these MOAs and MOUs are 
considered non-binding on the signatory parties. The State and local 
government entities may decline requests for resource support from the 
Coast Guard on the basis of risk-based decisions made to mitigate their 
share of the maritime security risk or to mitigate higher priority, 
non-maritime security risks. When elevated Homeland Security Advisory 
System Threat Conditions or MARSEC Levels are set, it is highly likely 
that State and local government entity resources may already be fully 
engaged and therefore unavailable to the Coast Guard. Within an 
Incident Commander or Area Commander command structure established to 
manage the incident or event prompting the elevated MARSEC Level, 
particularly MARSEC Level 3, State and local resources will likely be 
applied per the approved Incident Action Plan.

    Question 10. The Coast Guard--through its International Port 
Security Program--has completed several rounds of visits to foreign 
countries to make sure that they meet established port security 
standards. What standards does the Coast Guard use to make these 
assessments? How do these standards compare to those used in 
assessments of domestic U.S. ports?
    Answer. The Coast Guard uses a country's implementation of the 
mandatory provisions of an international security standard, the 
International Ship and Port Facility Security (ISPS) Code, as the 
primary indicator of whether effective anti-terrorism measures are in 
place. We also consider intelligence information to validate our 
observations and to ascertain the terrorist threat posed by the 
country. Regulations issued pursuant to the Maritime Transportation and 
Security Act (MTSA), 33 CFR Parts 101 through 106, are the standard 
used to inspect domestic ports. These regulations were developed in 
conjunction with and are representative of the standards set forth in 
the ISPS Code. MTSA regulations, however, are more comprehensive, 
specific, and detailed than the minimum requirements established in the 
ISPS Code.

    Question 11. Every 2-3 years the Coast Guard must inspect 
facilities in approximately 150 countries participating in the 
International Port Security Program. How does the Coast Guard determine 
which ports and facilities it should assess in each country? Does the 
Coast Guard have the necessary resources to carry out these 
inspections?
    Answer. The Coast Guard uses a risk based approach to determine the 
port facilities it will visit. The greater the risk the country poses, 
the more facilities in that country the Coast Guard visits. In general, 
the Coast Guard seeks to visit a representative sample of large, 
medium, and small International Ship and Port Facility Security Code 
regulated facilities that reflect the trading patterns of the country 
with the U.S. Emphasis is placed on visiting those facilities that have 
direct trade with the U.S., port facilities that have not yet been 
visited, and facilities previously visited at which the Coast Guard 
identified security deficiencies.
    The Coast Guard has sufficient resources to visit an adequate 
sampling of facilities in all countries that conduct maritime trade 
with the U.S.

    Question 12. What has Coast Guard determined will be the impact of 
rotation length for International Port Security Program personnel, 
given the training and experience needed for effective observations of 
facility security during country visits?
    Answer. The Coast Guard has determined that its rotation policy has 
no significant impact on the ability of the International Port Security 
Program (IPS) to conduct its mission. IPS Program personnel receive 
specific training upon being assigned to the program and continue to 
advance their skills through on-the-job training with more experienced 
program personnel. In addition, the program has a cadre of civilian 
personnel that provide continuity.

    Question 13. The Coast Guard continues its visits to the ports of 
foreign maritime trading partners to assess the effectiveness of 
antiterrorism measures in those countries' ports. Recognizing that some 
countries may not be receptive to an expectation that they provide the 
Coast Guard with periodic access to their ports every few years for a 
visit, what steps is the Coast Guard taking to address the concerns of 
those countries and gain their cooperation? Does S. 3639 provide 
sufficient authority to assist countries in meeting this requirement?
    Answer. Due to sovereignty concerns, it is becoming increasingly 
difficult to gain access to countries for re-assessments. The Coast 
Guard offers what it calls ``reciprocal visits'' in which the Coast 
Guard hosts representatives from the Designated Authority of foreign 
countries to observe how the Coast Guard implements the international 
security standard, the International Ship and Port Facility Security 
Code.
    While there is a requirement for the Coast Guard to assess 
countries, there is no requirement for those countries to be assessed. 
The Coast Guard is dependent on the country granting access to allow 
the observation of the security conditions. As noted above, this is 
becoming increasingly difficult. S. 3639 would clarify and strengthen 
the Coast Guard's ability to make a finding that effective anti-
terrorism measures are not in place in such cases where countries 
refuse to grant us access. Where possible, the Coast Guard works with 
other agencies, such as the State Department, to provide capacity 
building assistance in order to overcome security deficits when a 
country is having difficulty implementing the international security 
standard.

    Question 14. To carry out the security boardings of high interest 
vessels, some field units rely on the Maritime Safety and Security 
Teams (MSSTs) and their related assets. However, these teams and their 
assets may become unavailable to carry out these boardings if they are 
deployed to respond to a natural disaster or national security threat 
that may require them to conduct security activities other than 
security boardings. Under such circumstances, to what extent will these 
Coast Guard units be able to conduct security boardings? What actions 
does the Coast Guard plan to take to ensure that those field units can 
carry out their required boardings or otherwise mitigate the potential 
risks?
    Answer. The Maritime Transportation Security Act of 2002 directed 
the creation of Maritime Safety and Security Teams (MSSTs) to enhance 
the domestic maritime security capability of the United States. MSSTs 
are deployable specialized forces that are not dedicated to a specific 
port, and routinely deploy in support of a designated national security 
event or in response to a natural disaster. When not deployed, MSSTs do 
augment local forces by conducting some operational activities under 
Operation Neptune Shield (ONS), such as escorts of high capacity 
passenger vessels. However, MSSTs perform a relatively small percentage 
of the high interest vessel security boardings in their respective 
homeports. Coast Guard Sectors will continue to be the backbone of 
Coast Guard security efforts in a port, including security boardings of 
high interest vessels. Therefore, deployment of MSSTs will not have a 
significant impact on a Sector Commander's ability to conduct security 
boardings.

    Question 15. In November 2009, a group of terrorists in small 
vessels arrived in Mumbai, India and attacked multiple targets, killing 
more than 100 people. With regards to the United States, are we just as 
vulnerable to foreign terrorists in small vessels, perhaps arriving 
from the Caribbean, attacking our cities or maritime infrastructure? 
Does DHS have any programs that would be able to track and prevent such 
small vessels from carrying out such an attack?
    Answer. While the Intelligence Community reports no credible 
indications exist that terrorists are planning to use small vessels in 
an attack on the United States, their use overseas (such as in Mumbai, 
India in November 2009) is a clear indicator of a capability.
    The Department of Homeland Security (DHS) is concerned about 
security risks associated with small vessels and has taken steps to 
mitigate such risk.
    The DHS Small Vessel Security Strategy (SVSS) was developed in an 
effort to mitigate potential risks associated with small vessels. 
Numerous activities supporting the Strategy are already being 
implemented or have been completed. For example:

   Maritime Domain Awareness initiatives:

     The Citizen Action Network (CAN), which has long 
            served the Puget Sound area, and Focused Lens (FL), 
            developed in California ports to systematically increase 
            maritime patrol presence and effectiveness, have begun 
            working with the America's Waterway Watch (AWW) program to 
            develop a model for upgraded suspicious activity 
            information collection. This coordinated set of programs 
            was tested with Canadian partners during the 2010 Winter 
            Olympics and plans are being formulated to roll it out 
            nationally.

     Under the combined leadership of the United States, 
            the United Kingdom, and Japan, the International Maritime 
            Organization (IMO) developed and issued Non-Mandatory 
            Guidelines on Security Aspects of the Operation of Vessels 
            Which Do Not Fall within the Scope of SOLAS Chapter XI-2 
            and the International Ship and Port Facility Security 
            (ISPS) Code. These guidelines are being included in the 
            National Association of State Boating Law Administrators' 
            standards of training for boat operators, and in the U.S. 
            Power Squadrons' training materials.

     Our primary system to track vessels today is the 
            Nationwide Automatic Identification System (NAIS). 
            Currently, as per national and international regulations, 
            AIS is required to be carried on commercial vessels greater 
            than 300 gross tons. However, a Notice of Proposed 
            Rulemaking (December 2008) proposed to mandate AIS carriage 
            on smaller commercial vessels, fulfilling the requirements 
            of the Maritime Transportation Security Act of 2002 (MTSA) 
            and addressing a considerable number of small craft.

     Our Vessel Traffic Services track vessels by radar, 
            AIS, and in some cases by camera, in several major 
            commercial ports, and by various sensors employed by U.S. 
            Coast Guard (USCG) Sector or Interagency Operations 
            Centers.

   We have expanded upon the requirements of the MTSA directed 
        Area Maritime Security Plans (AMSP), Vessel Security Plans, and 
        Facility Security Plans to require planners specifically 
        address potential small vessel risks, with plan revisions 
        completed at the appropriate 5 year revision cycle (in most 
        cases, in 2009).

    A key function of our tactical methods to address small vessel 
threats are addressed through Maritime Security and Response Operations 
programs, under the Coast Guard's Operation Neptune Shield. This is a 
tiered system, which aligns with and supports DHS' Homeland Security 
Advisory System (HSAS) and represents a diverse set of operational 
activities, many of which directly relate to small vessel security 
risks:

   Waterborne, airborne, and shoreside patrols and visits to 
        critical infrastructure.

   Security boardings of small vessels--Operation Neptune 
        Shield has a specific requirement for each Sector Commander to 
        conduct a minimum number of security boardings of small vessels 
        (<300 GT) each month.

   Vessel escorts of:

     High Value military ships;

     Vessels carrying high consequence cargoes; and

     A percentage of high capacity passenger vessels (e.g., 
            cruise ships, ferries)

    Taken as a whole, these awareness programs, regimes, and 
operational measures are intended to provide layered security against 
small vessel and other security risks in the maritime domain.

    Question 16. In April 2008 DHS issued its Small Vessel Security 
Strategy and is now developing a more detailed implementation plan. 
When will that detailed implementation plan be completed and approved? 
Will DHS be seeking more authorities or resources to implement the 
plan? If not, how will the strategy and plan have any impact on the 
potential threat of small vessel attacks?
    Answer. As described in the response to Question 12, numerous 
activities supporting the Strategy are already being implemented or 
have been completed. While there is no formal implementation plan, DHS 
has prepared a security-sensitive internal document (referred to as an 
implementation plan) to help guide small vessel security investments by 
Department and its components. Additionally, DHS will soon finalize a 
document for release to the public that provides examples of planned 
and ongoing activities, especially those that depend on cooperative 
efforts and public engagement.
                                 ______
                                 
Response to Written Questions Submitted by Hon. Frank R. Lautenberg to 
                         Admiral Robert J. Papp
    Question 1. The SAFE Port Act required that the Coast Guard 
establish Interagency Operation Command Centers at all high priority 
ports by October 2009. Why hasn't an IOCC been established in the New 
York/New Jersey region and when will the Coast Guard move forward?
    Answer. The WatchKeeper information management software will be 
deployed to Sector New York in Fiscal Year 2011. Interagency Operations 
Centers (IOCs) are being established in 35 high priority ports 
nationwide with one IOC centrally located within the geographic area of 
responsibility in each of the Coast Guard's 35 Sectors. For each 
location to officially achieve designation as an IOC, at a minimum, the 
following must be in place:

        1. A regular schedule of coordination meetings with Federal, 
        state, and local port partners, as appropriate.

        2. Shared awareness of the operational schedules of maritime 
        assets between IOC member agencies.

        3. IOC member agencies have direct access to WatchKeeper 
        information sharing capabilities.

        4. Joint awareness and coordination between Coast Guard and 
        U.S. Customs and Border Protection of planned vessel inspection 
        activities.

        5. The IOC operates under a Unified Command structure and 
        members adhere to best practices.

    To support these IOCs, the Coast Guard established the IOC 
Acquisition Project to provide the means for collaboration and 
consensus-building needed to enhance unity of effort among maritime 
stakeholders.

    Question 2. Last September, the DHS Inspector General issued a 
highly critical report on the Department's efforts to address small 
vessel security. The IG stated that the Department has not provided a 
comprehensive strategy for addressing threats from small vessels, such 
as those used in the USS Cole and Mumbai attacks. Since this report was 
issued, what additional steps has the Coast Guard taken to address 
small vessel security?
    Answer. The Coast Guard played a critical role in the Department of 
Homeland Security's (DHS's) development of the Small Vessel Security 
Strategy (SVSS). The Coast Guard has already implemented and expanded a 
number of measures to address security threats posed by small vessels. 
For example:

   Maritime Domain Awareness initiatives:

     America's Waterways Watch;

     Citizens' Action Network

     Automatic Identification System (AIS) carriage 
            requirements; and

     Robust intelligence gathering and analysis, including 
            Field Intelligence Support Teams at each Coast Guard 
            Sector.

   Security Regimes:

     Area Maritime Security Plans (AMSP), which conform to 
            the Maritime Transportation Security Act (MTSA), include 
            actions to mitigate small vessel attacks;

     Coast Guard approved security plans are required for 
            MTSA regulated vessels and facilities; and

     Coast Guard Captains of the Port (COTPs) possess broad 
            authorities to control port access, movement, and activity.

   Maritime Security and Response Operations:

     The Coast Guard utilizes a tiered risk-based system, 
            which aligns with and supports DHS' Homeland Security 
            Advisory System;

     A diverse set of operational activities, including;

     Waterborne, airborne, and shoreside patrols and visits to 
            critical infrastructure; and

     Security boardings of small vessels.

   Vessel escorts of:

     High Value military ships;

     Vessels carrying high consequence cargoes; and

     High capacity passenger vessels (e.g., cruise ships, 
            ferries).

    Question 3. The Port Authority of New York and New Jersey is unable 
to move forward on a number of projects to improve the security of the 
port because of the twenty-five percent cost share requirement for port 
security grants. It is my understanding that waiving this requirement 
is a long, arduous process that is rarely successful. What should be 
done about this cost-share requirement so that it does not impede the 
security of our ports?
    Answer. The cost-share requirement is a statutory requirement 
mandated under 46 U.S.C.  70107 (c). The Secretary of Homeland 
Security does have the authority (again, pursuant to statute) to reduce 
the cost-share requirement for Port Security Grant Program (PSGP) 
projects.
    FEMA issued Information Bulletin No. 322 on July 15, 2009 to define 
the process grantees should follow to submit requests for cost-share 
waivers for FY 2007, 2008, and 2009 PSGP grants. Cost-share waiver 
requests are evaluated on a project-by-project basis and generally not 
granted for an entire award. Each waiver request must contain a strong 
justification from the prime recipient, proof of written notice to the 
local Captain of the Port and Area Maritime Security Committee (AMSC), 
assurance that granting the waiver will not change the security 
compliance requirements the grantee is required to operate under within 
their approved security plan, and a revised budget.
    All cost-share waiver requests are considered by FEMA, USCG, and 
DHS leadership. All requests for waivers under this process that have 
been presented to the Secretary for consideration have been approved 
thus far.

    Question 4. Over a million maritime workers have gone through 
background checks and obtained TWIC cards, to gain access to secure 
areas of our ports. The Port Authority of New York/New Jersey is one of 
the sites testing these TWIC cards. However, this technology has been 
fraught with challenges and has not been working as intended. How do 
the challenges with the TWIC program affect the security of our ports?
    Answer. The Transportation Worker Identification Credentials (TWIC) 
program is an additional layer of security that builds upon the sound 
security regime currently in place under the Maritime Transportation 
Security Act (MTSA). The Security and Accountability For Every (SAFE) 
Port Act of 2006 requires the Department of Homeland Security (DHS) to 
conduct a TWIC pilot program in at least five distinct geographic 
locations to test the business processes, technology, and operational 
impacts required to deploy transportation security card readers. 
Currently, there are 24 TWIC pilot program participants in 10 different 
geographic locations representing a broad sampling of MTSA regulated 
facility and vessel operations. The Port Authority of New York/New 
Jersey is one of the pilot participants.
    As of September 27, 2010, TWICs have been successfully issued to 
over 1.5 million individuals who have gone through an extensive 
Security Threat Assessment (STA). All personnel requiring unescorted 
access to secure areas of MTSA regulated facilities and vessels, and 
all mariners holding Coast Guard issued credentials have been vetted 
and determined not to pose a security risk to the maritime 
transportation system. Although the use of readers for checking TWICs 
has not yet been instituted by regulation, TWICs are required to be 
used as a visual identification card. Based on the STA and visual 
inspection of the TWIC, the TWIC program has strengthened DHS' 
multilayered approach to the safeguarding of our Nation's ports and 
critical maritime infrastructure.
    TSA is working closely with TWIC pilot program participants, the 
Coast Guard, NIST and industry on technological challenges related to 
the TWIC reader pilot. Specifically with the Port Authority of New 
York/New Jersey, there are site visits and weekly calls to assist them 
troubleshoot issues, some of which are related to requirements they 
have for their specific implementation of the TWIC.
    Verification of the TWIC through the use of readers is the ultimate 
end state for the TWIC program; it is an additional layer which will 
build upon a very sound security regime currently in place under MTSA.
   Response to Written Questions Submitted by Hon. Barbara Boxer to 
                         Admiral Robert J. Papp
    Question 1. The security of our Nation's ports is a major priority 
for me. Forty percent of our Nation's goods go through the Ports of Los 
Angeles and Long Beach. California ports from West Sacramento to 
Oakland and San Diego are economic engines in my state, generating 
billions of dollars of revenue for our localities. With difficulties 
and delays in implementing the 100 percent cargo scanning requirement 
required by law (The Implementing Recommendations of the 9/11 
Commission Act of 2007), what other steps are being taken to ensure 
that maritime cargo does not pose a security or safety threat?
    Answer. In order to ensure the security and integrity of maritime 
cargo entering the U.S., CBP employs a layered, risk based approach to 
security. This includes the use of targeting tools such as the 
Automated Targeting System (ATS) to review in bound cargo and identify 
potentially high risk shipments. ATS is utilized by CBP officers at 
U.S. ports of entry as well as the National Targeting Center--Cargo and 
at various ports around the world under the auspices of the Container 
Security Initiative (CSI). Under CSI, bills of lading are reviewed at 
overseas ports and any potential high risk shipments are examined 
overseas prior to lading aboard U.S. bound vessels. In FY 2009, CSI 
officers reviewed over nine million bills of lading and conducted 
approximately 57,000 examinations of high risk cargo while over 80 
percent of all U.S. bound cargo is currently screened at a CSI port 
prior to lading aboard U.S. bound vessels.
    Additionally, CBP is engaged with the trade community through the 
Customs Trade Partnership Against Terrorism (C-TPAT), another key 
component in the layered approach to security. Through C-TPAT, CBP 
works with the various components of the trade (carriers, importers, 
manufacturers, etc.) to ensure the safety and security of their cargo 
as well as to ensure a robust security process is in place as goods 
move through the supply chain. This allows CBP to facilitate legitimate 
trade while focusing resources on those components and entities which 
may pose a threat to maritime cargo.
    In addition to targeting tools and methodologies and working with 
the trade community, CBP has deployed or installed an array of Non-
Intrusive Inspection (NII) technology such as x-ray or gamma ray 
equipment (both mobile and fixed site) and radiation detection 
equipment. Such NII is deployed or installed at U.S. ports of entry as 
well as the 58 ports around the world which are designated as CSI 
ports. The use of such equipment allows CBP to quickly and effectively 
examine potentially high risk cargo at various points along the supply 
chain, either prior to lading in a foreign location or upon arrival at 
U.S. ports of entry.
    CBP is also working with foreign governments and through 
organizations such as the World Customs Organization to promote 
enhanced standards for supply chain security globally. Our capacity 
building efforts include partnerships with other nations to improve the 
effectiveness and professionalism of customs administrations world-
wide. Such activities allow CBP to foster relationships that increase 
the likelihood that threats to the global supply chain in general and 
the U.S. in particular will be discovered and addressed.

    Question 2. I was concerned to see the FY11 President's Budget 
decreased funding for Coast Guard's overall budget and eliminated five 
Maritime Safety and Security Teams (MSSTs), including the San Francisco 
based team. The San Francisco Bay Area has many critical infrastructure 
and tourist assets, including several bridges such as the Golden Gate 
Bridge and Bay Bridge, and two ports--the Port of Oakland and the Port 
of San Francisco. Can you assure the people of the Bay Area that the 
elimination of the MSST will not place the Bay Area at risk?
    Answer. Yes. Coast Guard Sectors continue to be the backbone of 
Coast Guard security efforts in a port, including the Port of Oakland 
and the Port of San Francisco. Marine Safety and Security Teams (MSSTs) 
are deployable specialized forces that are not dedicated to a specific 
port, and routinely deploy in support of a designated national security 
event or in response to a natural disaster. When not deployed, MSSTs do 
augment local forces by conducting some operational activities under 
Operation Neptune Shield (ONS), such as escorts of high capacity 
passenger vessels. However, MSSTs perform a relatively small percentage 
of the high interest vessel security boardings in their respective 
homeports.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Maria Cantwell to 
                         Admiral Robert J. Papp
    Question 1. Thank you for your response to my question regarding 
the detection of semi-submersibles and submersibles vessels used in 
drug smuggling. As a follow-up question, are the challenges of 
detecting and interdicting semi-submersible and submersible vessels of 
the type used in drug smuggling being addressed in the Department's 
Small Vessel Security Strategy with respect to port security?
    Answer. Yes. Objective 1 of Goal B of the Department of Homeland 
Security's Small Vessel Security Strategy is to ``Improve detection and 
tracking capabilities to better identify small vessels operating in or 
near U.S. waters.''

    Question 2. The Port Security Grant Program has played a vital role 
in funding key security projects to help detect and prevent terrorist 
attacks. It is my understanding that FEMA has indicated that it is 
interested in funding projects under the program that address maritime 
resiliency and business continuity but is seeking Coast Guard 
endorsement before adding the relevant language to the grant guidance 
material. What are your thoughts about making maritime resiliency and 
business continuity projects eligible under the Port Security Grant 
Program?
    Answer. Federal Emergency Management Agency (FEMA) is the grant 
administrator of the Port Security Grant Program. The Coast Guard 
assists FEMA by providing subject matter expertise on maritime security 
issues. Since 2007, FEMA policy has required Port Wide Risk Management/
Mitigation and Business Continuity/Resumption of Trade Plans for Group 
I and Group II port areas. These documents represent a five-year plan 
that supports each port's Area Maritime Security Plan and lays out a 
strategy and series of actions that must be undertaken to address the 
prevention of, protection against, response to, and recovery from major 
security incidents. The Coast Guard, in close collaboration with 
maritime industry through Area Maritime Security Committees, has 
assisted FEMA in developing these plans with the goal of closing 
maritime security risk vulnerability gaps.

    Question 3. It is my understanding that current law and regulation 
allow an individual to be escorted to their job while they are waiting 
to receive their TWIC card. However, longshoremen tell me that 
``escorting'' is not occurring in the state of Washington. Workers who 
file waivers or appeals wait months for their cases to be adjudicated. 
As a result, some workers are unable to financially support themselves 
through the process.
    a. Are there actions the Coast Guard can take today to improve the 
TWIC escort process?
    b. Going forward, do you believe the Coast Guard should take a more 
pro-active role in formulating escort policies and procedures with 
waterfront employers so that workers and their families will be able to 
support themselves while waiting on their TWIC card?
    Answer. Throughout the implementation of the Transportation Worker 
Identity Credential (TWIC) program, the Coast Guard has been pro-active 
in formulating TWIC escort policies and procedures. Specifically, the 
Coast Guard provided the following TWIC escort related documents to 
industry (available at: https://homeport.uscg.mil/TWIC):

   Navigation and Inspection Circular 03-07 ``Guidance for the 
        Implementation of the TWIC Program in the Maritime Sector;''

   TWIC Program: Small Entity Guide of Applicants;

   TWIC Program: Small Entity Guide for Owners and Operators; 
        and

   Five TWIC/Maritime Transportation Security Act (MTSA) Policy 
        Advisory Council (PAC) Decisions related to escorting (PAC 02-
        07, 02-08, 03-08, 02-09, 03-09)

    The TWIC Program aims to enhance security by requiring that all 
personnel needing unescorted access to secure areas of MTSA regulated 
facilities and vessels and all mariners holding Coast Guard issued 
credentials have passed a Security Threat Assessment.
    A facility owner/operator is responsible for informing workers, 
including longshoremen, whether they will need a TWIC to perform their 
job (i.e., whether they will need unescorted access to secure areas at 
that facility). If a longshoreman needs access to a secure area of a 
facility, but does not have a TWIC, the facility owner/operator has the 
authority to provide an escort. The Coast Guard guidance to the 
maritime industry provides facility operators with options to meet 
escort requirements; however, the TWIC escort provisions are not 
intended to be used in lieu of the TWIC for workers requiring frequent 
access to MTSA regulated facilities and vessels. Therefore, the 
facility operator may choose to not provide escorting procedures for 
these workers and thereby limit their access.

    Question 4. Both the Puget Sound Area and the San Diego Harbor Area 
were chosen for the Department of Energy Domestic Nuclear Detection 
Office (DNDO) pilots focused on Small Vessel threats. The pilots, which 
included participation by the Coast Guard and Pacific Northwest 
National Laboratories, have provided an opportunity for state and local 
authorities in Puget Sound to better understand its current prevention 
and detection capabilities and limitations.
    a. From the Coast Guard's perspective what are the most important 
lessons learned from the two pilot projects?
    b. Based on the results of the pilots, would you recommend that 
DNDO conduct additional pilots or turn the pilot into a program?
    Answer. The West Coast Maritime Preventive Radiological/Nuclear 
Detection (PRND) Pilot Project was a Department of Homeland Security/
Domestic Nuclear Detection Office (DNDO)-sponsored effort in full 
partnership with the Coast Guard. Department of Energy's (DOE) Pacific 
Northwest Laboratory (PNNL) supported the Puget Sound Pilot while DOE's 
Lawrence Livermore National Laboratory (LLNL) supported the San Diego 
Pilot. In addition to the Coast Guard and DNDO, other Federal, State, 
Local and Tribal Law Enforcement agencies were full participants.
    Lessons Learned--The most important lessons learned from the two 
pilots include:

        A radiological/nuclear Subject Matter Expert serving as an 
        advisor to the Command Staff is a critical factor in overall 
        program success.

        The pilots and the resultant Full-Scale Exercises reaffirmed 
        the necessity for comprehensive planning and coordination.

        Standardized Equipment and training are essential and are 
        critical factors for implementing a successful program. The 
        need for standardized communications systems and their 
        effective use are critical factors in overall program success.

    In response to question b., the capability demonstrated in the West 
Coast Maritime Pilot should be implemented in other port regions. 
However, the mechanisms for implementation will require continuing 
consideration.

    Question 5. There are still identified security issues at foreign 
ports that, at worst, threaten our national security, and at best, slow 
our ability to receive cargo. When Senator Snowe and I introduced our 
amendment to the SAFE PORTS Act, the Coast Guard was then inspecting 
select foreign ports at a rate of once every 4 to 5 years.
    a. What inspection rate does the current level of Coast Guard 
resources afford with respect to number of foreign ports covered and 
frequency of inspections? Are these resource allocation decisions risk-
based?
    b. Does the proposed FY 2011 budget allow for increasing inspection 
rates to once every 2 years, as originally designed in my amendment?
    c. I believe the security of our homeland is improved when we are 
able to extend our security borders as far out as possible. I view the 
inspection of foreign posts as part of a layered approach to homeland 
security. Do you believe the Coast Guard requires additional resources 
in order to carry out its foreign port inspection mission?
    Answer.

   The Coast Guard generally conducts assessments on a 2-year 
        cycle attempting to visit approximately 70+ countries each 
        year. A small number of country assessments go beyond the 2-
        year cycle mostly because the country's Designated Authority 
        requested to reschedule or delay the visit.

   Resource allocation for foreign port inspections are based 
        on a risk methodology that considers threat, a country's 
        internal stability, and volume of trade.

   The Proposed FY 2011 budget does allow for an inspection 
        rate of once every 2 years.

   The Coast Guard is currently able to perform our foreign 
        port inspections.

   Those inspections depend on the consent of foreign 
        governments and in some cases, there has been increasing 
        difficulty in gaining access, despite reciprocal visits being 
        offered.

   Coast Guard capacity building assistance, while limited, is 
        often requested by countries to assist in enhancing their port 
        security.
                                 ______
                                 
Response to Written Questions Submitted by Hon. Kay Bailey Hutchison to 

                         Admiral Robert J. Papp
    Question 1. Various ports across the Nation have indicated that the 
port security grant process is confusing, and that the distribution of 
funds is very slow, with FEMA and the USCG still working on delivering 
funds from 2007. What percentage of the Port Security Grant funds has 
not been distributed, and why?
    Answer. Please see Table 1. 39 percent of total PSGP funding is 
currently available for grantees to draw down. This percentage has 
increased significantly from only 5 months ago when it was 21 percent. 
The expedited release of PSGP funds is a priority and the rate at which 
these funds become available is expected to increase significantly. Of 
note, although FEMA has released 39 percent of funding, grantees have 
only drawn down 7.4 percent of available funds. FEMA does not have the 
authority to mandate when grantees draw down funds.

 Table 1.--Port Security Grant Program (PSGP) FY 2007 through FY 2009 Funding, Obligation,  and Availability Summary, Including ARRA Funding for FY 2009
--------------------------------------------------------------------------------------------------------------------------------------------------------
                    Amount
Fiscal Year      Appropriated      Amount  Allocated      Obligation         Current Holds      Available Funds      Award Balance        Draw Downs
                (Source: GD&A)      (Source: GD&A)      (Source: IFMIS)     (Source: PARS)      (Source: PARS)      (Source: IFMIS)     (Source: IFMIS)
--------------------------------------------------------------------------------------------------------------------------------------------------------
     2007         $320,000,000        $311,170,000        $310,429,718         $51,793,028        $258,636,690        $239,476,664         $70,953,054
     2008         $400,000,000        $388,600,000        $387,999,310        $301,769,730         $86,229,580        $377,910,595         $10,088,715
     2009         $400,000,000        $388,600,000        $388,353,557        $347,167,061         $41,186,496        $386,745,388          $1,608,169
     ARRA         $150,000,000        $150,000,000        $150,000,000         $57,943,799         $92,056,201        $141,525,804          $8,474,196
--------------------------------------------------------------------------------------------------------------------------------------------------------
    Total                           $1,238,370,000      $1,236,782,585        $758,673,618        $478,108,967      $1,145,658,451         $91,124,134
--------------------------------------------------------------------------------------------------------------------------------------------------------
Total Available Funds as a Percentage of Obligation Amount: 39 percent
Total Draw Downs as a Percentage of Obligation Amount: 7.37 percent


    Additionally, some grantees have expressed concern about the 
grantees' ability to meet the legislated cost share requirement for FY 
2007 through FY 2009 (FY 2009 ARRA and FY 2010 PSGP cost share 
requirements were congressionally waived). Uncertainty about the cost 
share requirement resulted in a degree of hesitancy by grantees to 
expend funds and has led to some significant delays in commencing 
approved projects. To help alleviate this concern, FEMA issued 
Information Bulletin (IB) No. 322 to provide grantees with an 
understanding of what a cost share waiver is and how to request one. If 
a grantee requests a cost share waiver, the FEMA Program Analyst 
assigned to that award works closely with the authorized representative 
of the award to ensure that the request meets all criteria outlined in 
the IB and that all appropriate information is provided to allow the 
Secretary of Homeland Security to make an informed decision to approve 
or deny the request.
    The reasons for delays in releasing funding are provided in the 
response to the following question.

    Question 2. How can the distribution of grant funds be accelerated?
    Answer. Since Fiscal Year (FY) 2007, the Department of Homeland 
Security (DHS) has awarded over $1.2 billion in Port Security Grant 
Program (PSGP) funding. Of this amount, approximately $91 million has 
been drawn down by recipients through FEMA's electronic Payment and 
Reporting System (PARS). This equates to approximately 7.4 percent of 
the total awarded funds drawn down by recipients. Although this is a 
relatively low percentage, drawdown figures should not be the sole 
gauge of a programs progress.
    The release of PSGP grant funds can take several months or even 
years to complete due to numerous mandatory grant administration 
processes that must be met prior to a grantee spending grant funds. 
Many of these requirements are statutorily required. Often, due to the 
nature of their projects, these requirements have the greatest impact 
on the larger, higher risk port areas. These are also the port areas 
which receive the majority of PSGP funds. These processes include: 
development of a Concept of Operations (CONOPS) and a Port-Wide Risk 
Management Plan (PWRMP) for each port area; local and national review 
of proposed projects; creation, review and approval of award documents; 
review of project budget submissions, and compliance with a number of 
environmental and historic preservation laws which requires reviews of 
Environmental and Historic Preservation (EHP) impacts of approved 
projects.
    Further, in FY 2007 and FY 2009 the PSGP received additional 
appropriations, essentially creating two rounds of grants for these 
years. The double appropriations doubled FEMA's workload.
    Over the past several years, the combination of time consuming 
procedural and process requirements, increased workload, and other 
factors have contributed to delays in the release of PSGP funds.
    The requirement for Group 1 and 2 port areas (i.e., largest ports 
with significant grant awards) to develop a CONOPS and PWRMP was issued 
by FEMA with the FY 2007 Supplemental PSGP grants guidance. These 
deliverables can take 12--18 months to complete and grant funds may be 
used in their development (without any cost-share requirement). 
Development and approval of a typical PWRMP requires completion of a 
comprehensive vulnerability assessment for the port and identification 
of port area priorities by the Area Maritime Security Committee (AMSC) 
and the USCG Captain of the Port (COTP). The PWRMP takes into 
consideration the port priorities and vulnerabilities, existing 
resources and capabilities, and available funding options to produce a 
5-year spend plan outlining how the anticipated port area funds will be 
expended. The PWRMP is then approved by the COTP, and submitted and 
approved by FEMA. Plans that do not meet the established criteria are 
returned for modifications as needed. Now that the majority of ports 
have completed these deliverables the process of identifying, 
prioritizing, and approving PSGP projects is significantly more 
objective and efficient--the time saved has been clearly evident.
    Once these deliverables are approved by FEMA, the port Fiduciary 
Agent (FA), FEMA's grantee, submits projects for review and approval. 
Even before FEMA receives the projects, they are reviewed and 
prioritized at the field level by the local COTP and AMSC. This process 
has evolved since the FY 2007 Supplemental appropriation, resulting in 
many process improvements and additional time savings. Soon after the 
congressional appropriations are finalized, FEMA provides guidance and 
outreach in person and via national conference calls. FEMA staff 
explains PSGP funding constraints, programmatic requirements, and 
various other aspects of the program in an effort to facilitate the 
submission of investment justifications, budgetary documents, EHP 
information, as well as required reports. Based on stakeholder 
feedback, the guidance is updated each year. The improved guidance has 
made it easier for the grant applicants/awardees to meet program 
requirements in terms of both quality and timeliness of their 
submissions, which has in turn reduced the need for time consuming 
resubmissions. Additionally, FEMA now places greater emphasis on the 
input and prioritizations provided by the AMSC and COTP. Rather than 
second guess the expertise of the port-level reviewers, the national 
level review focuses primarily on verifying that proposed projects fall 
within program constraints. This improvement to the review process 
saves time by minimizing redundant project scrutiny. It also improves 
the objectivity of the overall review process.
    FEMA continues to find ways to improve its grant administration 
processes to accelerate the distribution of funds. Some delays however, 
are beyond our control. Once FEMA releases funds (either partial by 
project or the entire award), the recipient is notified and may draw 
down against the grant through the Payment and Reporting System (PARS). 
Of the $1.2 billion in PSGP funding awarded from FY 2007 to present, 
$478 million or 39 percent of total funding has been released to 
grantees. FEMA does not control or dictate when recipients must 
drawdown funds. Each recipient follows their local protocols, some of 
which can be quite burdensome and time consuming; for example, when the 
project and/or allocation of funds must be reviewed and approved by 
state or local government officials. Funds may be drawn down anytime 
during the award period and up to 90 days following the end of the 
award period. Because each FA is on a different timetable, FEMA 
continually receives project submissions and must reconvene panels of 
subject matter experts from across DHS for their review. These panel 
sessions are necessary to the approval and distribution of PSGP funds.
    Among the more significant changes, beginning with the FY 2010 
PSGP, all FA projects submissions were due to FEMA 45 days after the 
application period closed. In July, FEMA reviewed all projects during a 
single session by a panel of subject matter experts. This approach puts 
all FAs on the same timetable going forward and eliminates the 
inefficient practice of reviewing projects on a rolling basis. Although 
FEMA clearly set a deadline for FY 2010 project submissions, there were 
still some ports that did not adhere to this deadline. Nevertheless, 
FEMA realized significant efficiency gains through this process 
improvement. For FY 2011, FEMA will require all applicants to submit 
projects at time of application to further reduce delays.
    As mentioned with the PSGP guidance development process, FEMA 
routinely engages with port stakeholders to listen to concerns and 
suggestions for improving the program. This past fall, FEMA invited all 
of the PSGP FAs to Washington, DC for a two-day workshop on how to 
improve the efficiency of the program.
    A significant concern among grantees includes the multiple 
disparate systems a grantee and FEMA staff must use in managing a 
single grant. FEMA plans to deploy a new grants management system, ND-
Grants in FY 2011, with the end goal of having a single grants 
management system for the entire grants lifecycle. This system, in 
conjunction with a newly developed programmatic grant monitoring tool 
will provide a greater ability to document, justify, and report 
progress toward achieving the priorities of the PSGP.
    The budget review process has also been improved. A budget detailed 
worksheet and instructions for its use is provided with the PSGP 
guidance and submitted by the grantee, either with their application or 
when projects are submitted. If the project(s) are approved for 
funding, the Grants Management Division (GMD) commences the budget 
review. GMD checks the budget for allowable expenditures and 
appropriate cost categories for funding, as well as to ensure that the 
submitted budget accurately reflects the awarded amount. If the award 
was adjusted, or if discrepancies exist within the budget, GMD contacts 
the grantee to request clarifications and/or revisions. There are 
frequent delays in grantee responsiveness, which can further slow the 
budget review process. If a grantee is un-responsive to numerous 
inquiries from GMD, GMD refers the matter to the PSGP Program Analyst 
for assistance in coordinating with the grantee and gathering the 
required information. This process helps ensure that outstanding budget 
issues are resolved in a timely manner.
    A similar, streamlined approach is employed for the Environmental 
and Historic Preservation Compliance Review (EHP). Federal EHP laws and 
Executive Orders (EOs) provide the basis and direction for the 
implementation of Federal EHP review requirements for FEMA-funded 
projects. These laws and EOs are aimed at protecting our Nation's 
water, air, coastal, wildlife, land, agricultural, historic, and 
cultural resources, as well as minimizing potential adverse effects to 
children, and low-income and minority populations. FEMA, through its 
EHP program, engages in a review process to ensure that FEMA-funded 
activities comply with those laws. The current EHP compliance review 
process includes a preliminary screening of all projects to identify 
further information that may be required to complete an EHP compliance 
review and determination, if any. Those projects that do not require 
further information to complete a review may be approved for EHP 
compliance at that time. If additional information is needed, grantees 
are notified of further data requirements. This information is 
necessary to support a determination of compliance with EHP laws and 
regulations. An EHP Screening Form and a formal submission process have 
been developed, and technical assistance made available, in order to 
assist grantees in identifying and providing the necessary information 
with their applications. Furthermore, FEMA has developed and finalized 
a Programmatic Environmental Assessment (PEA) that analyzed the EHP 
impacts of all projects funded by GPD. This PEA defined those project 
types that would not have any impact to the environment, as well as 
those that would require further study. For those project types defined 
as having no impacts, no further EHP information would be required. To 
date, this process has been very successful, and FEMA has received 
positive feedback from its stakeholders.
    In summary, FEMA has made significant strides in releasing PSGP 
funding in a timely manner. Thanks to dedicated contract support 
personnel, the EHP backlog has been cleared. Additionally, it has been 
a priority of PSGP staff to review projects in a timely manner, release 
partial funds as projects are approved, and provide feedback to FAs as 
to status, particularly if projects are sent back requiring additional 
work. Finally, the majority of CONOPS and PRWMPs have been submitted 
and approved by FEMA, which now allows FEMA to concentrate on reviewing 
and approving projects.

    Question 3. Is FEMA's role in financial oversight of the grants 
sufficient?
    Answer. The financial grants management of PSGP awards is performed 
by FEMA's Grants Management Division (GMD), which acts as a centralized 
financial management and business support for all FEMA grant programs, 
which is comprised of several branches. The Operations Branch, 
comprised of trained Grants Management Specialists, performs all pre-
award and award grant administration functions, and provides procedural 
and technical business support to award recipients. The Systems and 
Business Support Branch oversees development, implementation, 
maintenance, user support and training for the Agency's suite of grants 
management information systems. The Accountability, Management, and 
Oversight Branch develops and manages Agency-wide grant policies and 
operating procedures to assist Headquarters program offices and the 
Regions in the implementation, award, and management of FEMA grant 
programs. Together the GMD branches work with internal and external 
stakeholders to coordinate and manage the full financial grant 
lifecycle.
    Each Grants Management Specialist (GMS) is trained to provide 
expert guidance and instruction for pre and post award financial grants 
management which includes: planning, awarding, and administration of 
FEMA grants and cooperative agreements. The Specialists work closely 
with grantees and the Program Office to provide financial grants 
management technical assistance and financial support with a strong 
concentration on providing high quality customer service to internal 
and external stakeholders. In order to provide continued guidance, the 
GMS's stay current on new grant policies, legal authority, and 
regulations to determine how changes will impact internal policies, 
procedures, and systems.
    Both the Federal staff and contract support staff continually 
review and improve processes to ensure timely processing of pre and 
post award activity, while maintaining compliance with Federal laws 
governing financial grants management. One improvement that has largely 
impacted the grantees' ability to access award funds was the 
implementation of the Special Conditions-Release of Funds (SC-ROF) 
process in early FY 2009. This process was designed to accelerate the 
removal of Special Conditions stipulated in the award and allow 
grantees quicker access to draw down on grant funds. The SC-ROF process 
involves the expertise of the GMS's who review and approve the grantee 
pre-award financial budget documents for compliance with FEMA financial 
reporting and fiscal integrity, while ensuring that all documents 
adhere to the Program Guidance, OMB Circulars, and Administrative 
Requirements. The success of this process is augmented by a well 
established coordination effort between GMD Operations staff and the 
Program Office to ensure full compliance with the terms and conditions 
of the award and financial reporting.
    The extensive knowledge of financial grants management and combined 
experience of Federal staff, rooted in a dynamic environment that 
promotes openness for collaboration, pushes GMD forward to continue 
providing quality cradle-to-grave grant management service to internal 
and external stakeholders.

    Question 4. Would the ports be better served if the Coast Guard 
handled distribution of grant funding?
    Answer. FEMA is the grant administrator of the Port Security Grant 
Program (PSGP), and the Coast Guard assists FEMA by providing subject 
matter expertise on maritime security risk mitigation issues. The ports 
are best served by this collaborative relationship, whereby FEMA 
leverages its expertise in grant administration and financial 
management, and the Coast Guard leverages its expertise in maritime 
security. Further, the Coast Guard does not have the experience to 
function as the grant administrator of the PSGP. As a regulator of the 
maritime industry, it may also be considered a conflict of interest for 
the Coast Guard to serve as the grant administrator and would further 
complicate its coordination and facilitation role with maritime 
stakeholders.
    Additionally, FEMA is now better staffed to manage the increased 
PSGP workload. In FY07, PSGP comprised of a staff of one Acting Section 
Chief and three program analysts, which was a significant strain at 
that time. Over the past year the staff has been expanded to include 
two full time Section Chiefs and eight program analysts. A contract 
support team is also available to provide surge support under direct 
Federal supervision as needed.

    Question 5. The Coast Guard is responsible for securing 361 ports 
and 95,000 miles of coastline and navigable waterways. It also has 10 
other missions, including maritime drug interdiction, search and 
rescue, immigration law enforcement at sea, and serving as the lead 
Federal agency responding to the Deepwater Horizon oil spill, and all 
of this with only 42,000 Active Duty personnel. Is the Coast Guard 
adequately staffed to secure our ports and fulfill all of its other 
responsibilities?
    Answer. The Coast Guard's systematic, maritime governance model for 
port security consists of maritime security regimes, domain awareness, 
and maritime security and response operations and is a layered security 
approach that shares responsibilities with partners to provide a 
credible deterrence (while employing risk-informed decisionmaking).
    Regarding general maritime security activities (escorts, patrols, 
and boardings), the Coast Guard's guidance to field commanders, 
Operation NEPTUNE SHIELD, prioritizes these activities based on risk 
and the availability of resources. Higher risk, higher consequence 
activities are provided with more attention and consideration than 
lower risk and consequence activities.
    In responding to a maritime security threat, the Coast Guard 
employs threat-based, risk-managed principles, matching protective/
preventative efforts to the threat's nature, i.e., attack method, 
target, etc. By using these principles, the Coast Guard implements 
Maritime Security (MARSEC) level increases that are focused on a single 
or few Sectors or, if nationwide, only on the targeted type of maritime 
critical infrastructure and key resources (e.g., maritime mass 
transit--ferries or vessels carrying Certain Dangerous Cargoes). The 
Coast Guard approaches its risk-informed decision-making methodology 
through the use of the Maritime Security Risk Analysis Model and has 
been used to prioritize security activities as well as validate 
applications for the Port Security Grant Program. The Coast Guard 
leverages the support of other government agencies and ensures that 
maritime industry stakeholders have increased their security efforts in 
accordance with their Coast Guard-approved facility and vessel security 
plans. Coast Guard Sector Commanders carrying out the operational 
security measures dictated by increased MARSEC levels may request 
additional resources, i.e., deployable specialized forces, from the 
Deployable Operations Group via their Area Commander.
    Maritime security and response operations as well as Maritime 
Transportation Security Act and the implementing regulations are not 
static efforts and should and will be modified to meet emerging threats 
and/or further reduce vulnerabilities as we refine risk mitigation 
strategies.

    Question 6. Since the terrorist attacks of September 11, 2001, 
maritime security efforts have focused primarily on large commercial 
vessels, cargoes, and crew. Efforts to address the small vessel 
environment have largely been limited to traditional safety and basic 
law enforcement concerns. Small vessels are, however, readily available 
for potential exploitation by terrorists, smugglers of weapons of mass 
destruction (WMDs), narcotics, aliens, and other contraband, and other 
criminals. Small vessels have also been successfully employed overseas 
by terrorists to deliver Waterborne Improvised Explosive Devices 
(WBIEDs).
    What efforts is the Coast Guard making to address security threats 
posed by small vessels?
    What is the Coast Guard doing to develop and leverage partnerships 
with recreational boaters and professional mariners who operate small 
vessels to increase awareness about security threats posed by smaller 
vessels?
    Answer. Small vessels generally operate with great autonomy. The 
Department of Homeland Security (DHS) and the Coast Guard have taken 
numerous steps to address possible risks associated with small vessels 
while also recognizing the importance of preserving the traditional 
freedoms enjoyed by the boating public.
    As described in our response to Question 12, numerous programs and 
activities supporting the SVS Strategy are already being implemented or 
have been completed. including:

   Maritime Domain Awareness initiatives:

     America's Waterways Watch;

     Citizens' Action Network;

     Automatic Identification System (AIS) carriage 
            requirements; and

     Robust intelligence gathering and analysis, including 
            Field Intelligence Support Teams at each Coast Guard 
            Sector.

   Security Regimes:

     Area Maritime Security Plans (AMSP), which conform to the 
            Maritime Transportation Security Act (MTSA), include 
            actions to mitigate small vessel attacks;

     Coast Guard approved security plans are required for MTSA 
            regulated vessels and facilities; and

     Coast Guard Captains of the Port (COTPs) possess broad 
            authorities to control port access, movement, and activity.

   Maritime Security and Response Operations:

     The Coast Guard utilizes a tiered risk-based system, which 
            aligns with and supports DHS' Homeland Security Advisory 
            System.

     A diverse set of operational activities, including:

     Waterborne, airborne, and shoreside patrols and visits to 
            critical infrastructure; and

     Security boardings of small vessels.

   Vessel escorts of:

     High Value military ships;

     Vessels carrying high consequence cargoes; and

     High capacity passenger vessels (e.g., cruise ships, 
            ferries).

    The Coast Guard's numerous measures, together with port partner 
efforts, provide layered security against small vessel and other 
security risks in the maritime domain. Where appropriate, many of these 
measures include partnerships with recreational boaters and 
professional mariners who operate small vessels, such as America's 
Waterways Watch and Citizens' Action Network. DHS and the Coast Guard 
will continue to work hand in hand with industry and the public to 
ensure they are part of the solution.
                                 ______
                                 
    Response to Written Question Submitted by Hon. David Vitter to 
                         Admiral Robert J. Papp
    Question. The SAFE Port Act required the Coast Guard, within 180 
days, to ``update and finalize the rulemaking on notice of arrival for 
foreign vessels on the Outer Continental Shelf '' (sec. 109 of P.L. 
109-347). As I understand it, nothing has happened regarding this 
matter since the notice of proposed rulemaking was issued on June 22, 
2009. Please explain how you will ensure that this requirement from the 
bill is completed.
    Answer. The SAFE Port Act (Section 109) requires the promulgation 
of regulations detailing notice of arrival (NOA) procedures for foreign 
vessels planning to engage in Outer Continental Shelf (OCS) activities. 
The Coast Guard published the NOA on the OCS notice of proposed 
rulemaking on June 22, 2009. The Coast Guard proposes to enhance 
maritime domain safety and security awareness on units and personnel 
engaging in activities on the Outer Continental Shelf by regulations 
which will require notice of arrival for units planning to engage in 
Outer Continental Shelf activities. The proposed rules would implement 
provisions of the Security and Accountability for Every Port Act of 
2006 and increase overall maritime domain awareness by requiring owners 
or operators of United States and foreign flag floating facilities, 
mobile offshore drilling units, and vessels to submit notice of arrival 
information to the National Vessel Movement Center prior to engaging in 
Outer Continental Shelf activities.
    The Coast Guard received and reviewed two detailed sets of comments 
and recommendations from trade associations (the International 
Association of Drilling Contractors and the Offshore Marine Service 
Association) in response to the NPRM. These comments are part of the 
public record and are being considered in the process of drafting a 
final rule.
                                 ______
                                 
Response to Written Questions Submitted by Hon. John D. Rockefeller IV 
                          to Hon. Alan Bersin
    Question 1. Will the 100 percent scanning requirement apply to 
cargo containers destined for Canada and Mexico ports which are 
subsequently transshipped by truck and rail to the United States?
    Answer. Section 232 of the SAFE Port Act, as amended, requires 100 
percent scanning of containers at all foreign ports that ultimately 
ship containers to the U.S. A container is considered U.S-bound if it 
is destined to a U.S. port. If the destination is Canada or Mexico, 
then it is not considered U.S.-bound, therefore not subjected to the 
100 percent scanning mandate. Those containers that are unladed in 
Canada and Mexico and subsequently shipped to the U.S. via rail or 
truck are screened, targeted and if necessary examined at the U.S. 
ports of entry.

    Question 2. Do you believe that we should look to assessing a port 
security user fee to help manage the growing cost associated with port 
security? We have seen a similar fee in the aviation context to defray 
the enormous costs associated with security. Should the cargo and 
shipping industries along with other users be required to pay a similar 
fee?
    Answer. The significant cost and scope of work that benefits the 
facilitation of legitimate trade would certainly warrant additional 
research to determine if a fee structure could be created to defray 
some or all of the costs associated with port security. Determining 
which port security-related activities should give rise to fees is a 
prerequisite to the development of a fee structure. Currently, there 
are user fees that exist to support some of these activities. To move 
forward, U.S. Customs and Border Protection (CBP) would need to 
identify which port security-related activities do not currently 
receive fee funding and which activities CBP should seek to receive 
reimbursement, and determine whether the complete fee structure should 
be reworked or if it is sufficient to impose additional fees for 
services that are not covered by the existing fee structure.

    Question 3. On December 2 of last year, Secretary Napolitano said 
that prohibitive challenges would require DHS to seek more time in the 
implementation of the 100 percent scanning mandate. S. 3639 extends the 
deadline to 2015 and clarifies the requirement to include either RPM or 
NII scanning. Do you support this approach?
    Answer. CBP recognizes that 100 percent scanning may play a role in 
certain trade corridors where the scan data can provide additional 
information to improve the security of that particular supply chain but 
believes a risk-based approach should also be considered. CBP 
understands the need to proceed with future deployments in a 
responsible, fiscally sound manner that best achieves the goal of 
maximizing the security of U.S. bound maritime cargo while maintaining 
an effective risk-based strategy. CBP is currently identifying multiple 
options, including the resources needed to implement these options, 
that would scan 100 percent of all cargo prior to departure from a 
foreign port.
    CBP notes however that the requirement to scan all cargo at foreign 
ports presents challenges in that some foreign governments view the 
requirement as extraterritorial and an affront to their sovereignty. 
They have indicated the likelihood of instituting reciprocal 
requirements for U.S. exports to their countries. Even countries that 
are cooperative are concerned about the feasibility on the basis of 
port efficiency, logistical limitations, and associated costs of 
implementation and operation.

    Question 4. What is causing the delay for issuing technical 
standards for foreign-inspection equipment?
    Answer. U.S. Customs and Border Protection (CBP) does not ``issue'' 
technical standards to foreign governments, so there is no delay. All 
equipment currently utilized in foreign environments under the Secure 
Freight Initiative (SFI) is CBP owned and thus meets current CBP 
minimum standards when initially deployed.
    Should foreign governments pursue the purchase of their own 
equipment for a port under the Container Security Initiative (CSI), and 
information is requested during negotiations, CBP may provide the 
foreign government or equipment companies with current technical 
specifications that meet CBP minimum standards, ensuring compliance 
with CBP standards for participation in a CBP program. These standards 
are normally open source and accepted by the World Customs Organization 
and the international community. CSI keeps an inventory and matrix of 
all NII equipment that is utilized in CSI ports. Some of the NII 
equipment is owned by CBP or was previously owned by CBP and thus meets 
CBP standards. CBP cannot dictate to foreign governments from which 
vendors they must purchase equipment, but much of the foreign owned 
equipment is from the same vendors CBP purchases equipment and 
therefore meets CBP standards. Other foreign owned equipment meets or 
exceeds the penetration levels of CBP equipment. Also, CBP Officers are 
present during the examination of containers selected by CSI Officers 
and review the NII image for anomalies.
    CBP's mission to combat terrorism and facilitate legitimate trade 
relies on many types of technology, used in combination, to promote a 
layered enforcement strategy. An example of CBPs layered enforcement 
strategy includes the scanning of sea-cargo containers at foreign 
seaports under SFI. Section 232(b)(1) of the SAFE Port Act, as amended 
by the Implementing Recommendations of the 9/11 Commission Act, states, 
``A container that was loaded on a vessel in a foreign port shall not 
enter the United States (either directly or via a foreign port) unless 
the container was scanned by non intrusive equipment and radiation 
detection equipment at a foreign port before it was loaded on a 
vessel.''
    Through the Office of Information and Technology, CBP has developed 
standards for both non-intrusive inspection (NII) equipment and 
radiation portal monitors (RPM) used for scanning containers in the 
sea-cargo environment. Although there is a varying degree of industry 
sophistication in commercial-off-the-shelf NII equipment and RPM 
technology, the technical requirements listed in this document provide 
a guideline for a complete scanning system that combines NII equipment, 
RPMs and optical character recognition (OCR) technology into one 
integrated system. This integrated system would have a very small 
footprint and would be easily deployed, in a ``turn-key'' delivery, to 
any seaport environment in the world. The specifications listed should 
be used as minimum standards and are not all inclusive.
    NII equipment technical specifications:

   System should have a minimum footprint and easily integrate 
        with RPMs and OCR technology.

   Penetration of a minimum of 300 mm of steel.

   Minimum source strength not less then 6 MeV.

   Have low dose rate emissions per inspection.

   Capability to scan 20-53 foot chassis-mounted sea containers 
        in a drive through capacity.

   System should scan a minimum 85 containers per hour and 
        preferably up to 150 containers per hour.

   System should be able to transmit images to a designated 
        location in the United States via the N-25 format (N-25 
        baseline version 1.4) and be N-25 complaint.

   Operate as an automated drive-through system.

   Must be integrated with redundant safety features.

   Must provide for radiation safety of operators, workers, 
        stevedores and by-standers while maintaining a minimum 
        footprint.

   Ability to operate effectively in extreme temperatures and 
        accommodate worldwide deployment conditions.

   Ability to operate on universally accepted power standards.

   Must be compliant with all country deployed safety and 
        certification requirements.

   Resolution requirements shall be .125 inches, preferred, but 
        not less than .5 inches.

   Workstation and Interface System to include an Operator 
        Console and all operating systems, software, cameras, controls 
        and displays to depict a video and radiographic image of the 
        target.

   Capable of capturing and displaying the radiographic and 
        visible spectrum (video) images of the target to the Operator 
        simultaneously.

    RPM equipment technical specifications:

   System should have a minimum footprint and easily integrate 
        with NII and OCR technology.

   RPMs should be able to detect gamma and neutron radiation 
        using plastic scintillator (gross gamma counting) and helium 
        three tube neutron detectors.

   Scintillator panels and neutron detectors should be mounted 
        vertically.

   RPMs should at a minimum meet American National Standards 
        Institute (ANSI), International Atomic Energy Agency (IAEA) and 
        U.S. Department of Energy standards on detecting radiological 
        material and shielded and un-shielded special nuclear material 
        (SNM).

   RPMs should be able to detect heavily shielded SNM with a 
        very low false alarm rate.

   RPM installations should be sensitive and capable of 
        detecting radioactive material at a range of heights to 
        intercept illicit material hidden in a multitude of cargo 
        types, with detectors deployed on both sides of a monitored 
        lane.

   System should be able to transmit RPM data to a designated 
        location in the United States via the N-25 format (N-25 
        baseline version 1.4) and be N-25 complaint.

   RPM systems should consist of radiation sensor panels with 
        presence sensors, stands, control units, annunciators (as 
        needed), cameras/license plate readers (as needed) and alarm 
        station displays.

   Ability to operate effectively in extreme temperatures and 
        accommodate worldwide deployment conditions.

   Ability to operate on universally accepted power standards.

   Must be compliant with all country deployed safety and 
        certifications requirements.

   Workstation and Interface System to include an Operator 
        Console and all operating systems, software, cameras, controls 
        and displays to depict a video and radiographic image of the 
        target.

    OCR equipment technical specifications:

   System should have a minimum footprint and easily integrate 
        with NII and RPM technology.

   OCR component must automatically identify a sea-cargo 
        container number (to include two TEU units on one chassis) as 
        they are scanned.

   OCR technology must have a very low false alarm rate.

    RPM, NII and OCR data should be integrated in near ``real-time'' so 
that personnel can quickly view images and adjudicate any radiological 
alarms. All technology should also integrate easily, via the N-25 
format, with CBP systems. The Operator Console System should be 
deployed in a central alarm station that includes all operator work 
stations, servers, etc., and must have the capability to send data to a 
multitude of locations, to include transmission of scanning images/
radiation spectra, from a foreign location to the United States. 
Additionally, all equipment must be installed so that it is easily 
accessible for maintenance and calibration.
    System acquisition should provide operator training, on all 
equipment, in the English language with the potential for foreign 
language training. System acquisition should provide on-site 
maintenance, to include the potential for 24/7 on-site maintenance 
technicians. All proposals should also include ``over height sensors,'' 
signage, drop bars and any other safety equipment as deemed necessary 
by CBP.
    As CBP moves forward with the deployment of technology and as the 
number of manufactures, models and designs continue to increase, CBP 
will work in a steadfast manner to ensure equipment performs to needed 
specifications. Additionally, as new technology develops and improves, 
CBP will work with both vendors and the scientific community to ensure 
that the most efficient, effective and state-of-art equipment is 
utilized, acquired and deployed.

    Question 5. With the Secure Freight Initiative (SFI) and 
requirement for 100 percent scanning of U.S.-bound cargo containers, 
the U.S. security strategy may become more dependent upon foreign 
governments to scan cargo containers. Containers scanned by foreign 
governments are not generally scanned again when they arrive in the 
United States. Does CBP systematically review or examine the 
inspections practices or training of host government customs services 
that conduct inspections of high risk U.S. bound containers?
    Answer. No. However, U.S. Customs and Border Protection (CBP) has 
conducted targeting and interdiction training for a number of foreign 
Customs administrations. Further, in Container Security Initiative 
(CSI) ports where CBP staff is present, CBP officers participate in and 
witness the inspections of high-risk U.S. bound containers that are 
conducted by host government personnel and may request further 
inspection.

    Question 6. What strategies does CBP employ to ensure foreign 
customs officials are sufficiently trained and that the cargo 
inspections are performed in accordance with U.S. standards?
    Answer. CBP does not systematically review training of host 
government customs services that conduct inspection of high-risk U.S.-
bound containers. However, CBP has conducted targeting and interdiction 
training for a number of foreign Customs administrations. In CSI ports 
where CBP staff are present, CBP officers participate in and witness 
the inspections of high-risk U.S. bound containers that are conducted 
by host government personnel and may request further inspection (i.e., 
a physical exam of the container's contents) if necessary. In the port 
of Qasim, Pakistan, no CBP personnel are on the ground. However, Vetted 
Foreign Service Nationals perform the inspections and transmit the data 
to the National Targeting Center-Cargo (NTC-C) for further review and 
scrutiny in real time. In this situation, the CBP officers at the NTC-C 
make the final decision to release the container or request further 
examination.

    Question 7. CBP officials responsible for managing the CSI program 
have reported that overall there has been a high level of cooperation 
at CSI seaports, though they acknowledged that the degree of 
involvement and participation that CBP officers have with foreign 
customs officials during the examination of high-risk cargo varies by 
country. How often do CBP personnel participate in or witness 
inspections of high-risk cargo bound for the United States at these 
foreign seaports?
    Answer. CBP personnel regularly participate in and witness 
inspections of high-risk cargo at all CSI foreign ports with the 
exception of the two Container Security Initiative (CSI) ports in 
Mainland China.

    Question 8. Are there any countries that restrict CSI teams from 
participating or viewing examinations of high-risk cargo?
    Answer. Yes, the two CSI ports in Mainland China.

    Question 9. CBP officials at the National Targeting Center: (1) 
assist the CSI teams at high-volume seaports to ensure all containers 
that pass through CSI seaports are targeted to identify high-risk 
container cargo; (2) carry out targeting responsibilities for CSI 
seaports that do not have CBP officials stationed there; and (3) 
conduct targeting for U.S.-bound container cargo that does not pass 
through CSI seaports using advance information (24-hour rule and 10+2) 
to identify high-risk container cargo. What are the advantages and 
disadvantages of conducting targeting from the United States versus 
targeting at CSI seaports?
    Answer. The advantages of targeting at overseas Container Security 
Initiative (CSI) seaports are control, immediate access to the 
containers before they are laden on the vessels, and access to local 
host country intelligence in regards to trade entities. The primary 
disadvantage of targeting at overseas CSI seaports is the significant 
cost of staffing, data transmission and equipment. Conversely, 
targeting from the U.S. would allow for a lower cost of staffing, data 
transmission, and equipment. Targeting from the National Targeting 
Center-Cargo (NTC-C) also brings with it capabilities to receive highly 
classified intelligence, and close interaction with a multitude of 
other Federal agencies.
    When CSI was first launched in 2002, the most practical and 
advantageous method of execution was to provide staffing to physically 
target cargo at the foreign CSI seaport locations. During that time, 
the relationships and reciprocal agreements with the host countries 
were in the development stage. Over the past 8 years, the program has 
evolved and matured to include global cooperation and the development 
of measures which improve shipping security for the U.S. and its 
partners. The nurturing of host government relationships along with the 
combined assets of CSI NTC-C and its hosts provides CSI a comprehensive 
network of intelligence to draw upon to in order evaluate manifest 
data. These factors may now tip the balance in favor of performing more 
of the targeting functions from the U.S. while maintaining a minimum 
staffing of U.S. Customs and Border Protection (CBP) Officers at the 
CSI ports to witness exams and collaborate with host nation officials.

    Question 10. In DHS's Congressional Budget Justification FY 2011, 
CBP requested a $50 million decrease for the CSI program shift CSI 
personnel currently stationed overseas, at the CSI ports, back to the 
U.S. at the National Targeting Center. What security impacts do you 
anticipate from transitioning personnel back to the United States?
    Answer. While shifting some of the officers overseas to the 
National Targeting Center (NTC), U.S. Customs and Border Protection 
(CBP) would look to station a minimum number of officers in Container 
Security Initiative (CSI) ports overseas to continue to foster 
relationships and information sharing with host counterparts and to 
witness inspections. With this proposal, there would not be a 
significant impact on security.
    When CSI was first launched in 2002, the most practical and 
advantageous method of execution was to provide staffing to physically 
target cargo at the foreign CSI seaport locations. During that time, 
the relationships and reciprocal agreements with the host countries 
were in the development stage. Over the past 8 years, the program has 
evolved and matured to include global cooperation and the development 
of measures which improve shipping security for the U.S. and its 
partners. The nurturing of host government relationships along with the 
combined assets of CSI, National Targeting Center-Cargo (NTC-C) and its 
hosts provides CSI a comprehensive network of intelligence to draw on 
in order evaluate manifest data. These factors may now tip the balance 
in favor of performing more of the targeting functions from the U.S. 
while maintaining a minimum staffing of CBP Officers at the CSI ports 
to witness exams and collaborate with host nation officials.

    Question 11. Many of our imports come from China--which in the past 
did not allow CBP officials into the country to validate C-TPAT 
members' supply chains. During 2007, CBP undertook a pilot project to 
use third party contractors to validate the supply chain security of 
U.S. importers in China. In that pilot, only 14 of 307 eligible C-TPAT 
members had indicated an interest in using a third party to validate 
their security practices and only 1 had actually been validated. Why 
were C-TPAT members importing from China willing to forego the added 
benefits of validation as a Tier 2 or Tier 3 participant rather than 
submit to validation by a third party? Why did so few of the eligible 
C-TPAT members agree to cooperate in the pilot and what would be 
necessary to gain their support?
    Answer. There are several possible explanations for the low number 
of volunteers participating in the project. First, in accordance with 
the SAFE Port Act the member was required to incur the cost associated 
with the third party validator. Second, members were concerned about 
sharing proprietary information with the third party entities. Finally, 
invited companies may have decided to see how the CBP--China Customs 
joint validation initiative progresses before incurring the cost 
associated with a third party validation. Engaging the services of a 
third party is an individual company decision which is based upon a 
cost/benefit comparison.

    Question 12. CBP does not directly test C-TPAT members' security 
practices, but generally discusses security with officials, observes 
physical security, and reviews policies and procedures to validate 
members' security practices. Additionally, CBP has yet to identify 
outcome based performance measures to indicate C-TPAT's effectiveness 
at enhancing supply chain security. Absent direct testing and outcome 
based performance measures, what information is available to support 
that the C-TPAT program has enhanced the security of the international 
supply chain?
    Answer. Custom-Trade Partnership Against Terrorism (C-TPAT) has 
positively impacted the security of the international supply chain 
through adherence to the program's security criteria and this impact is 
reflected in a series of performance measures. C-TPAT has developed a 
comprehensive validation strategy to ensure that strong security 
measures have been adopted by members throughout their supply chain. 
The member's security profile is closely reviewed by highly trained 
Supply Chain Security Specialist (SCSS) and subsequently subjected to 
rigorous on-site reviews. SCSS closely examine records such as 
container inspection and seal logs, personnel files, and business 
partner screening records. U.S. Customs and Border Protection (CBP) 
documents the records reviewed and all vulnerabilities including 
physical security deficiencies. CBP grants members 90 days to implement 
needed corrective actions which SCSS confirm through a variety of 
methods such as digital photos, invoices and physical onsite 
confirmation. Members which fail to implement the required enhancements 
are suspended from the program. C-TPAT data shows that members are on 
average 95 percent compliant in meeting the program's security 
criteria. In addition members must conduct an annual self-assessment 
where they are required to review, correct and/or update their 
previously submitted security profile. Failure to do so also results in 
suspension or removal from the program.
    To further enhance the program's performance measures C-TPAT 
recently created a validation scorecard to measure how well companies 
are implementing supply chain security procedures. The scorecard 
measures how a company performed during the validation; it may also be 
used as a tool to show improvements or patterns of predictability over 
time such as potential supply chain security risks.
    C-TPAT's security criteria and strong on-site validation procedures 
have been replicated around the world to the point that they have 
become the global standards for supply chain security. The governments 
of Canada, Jordan, Japan, South Korea, and New Zealand developed or 
improved their own business partnership programs to align with and be 
at the same level as C-TPAT. By setting and maintaining high standards, 
C-TPAT has in essence become the security program that foreign Customs 
Administrations want and need to replicate, particularly if they 
envision signing a Mutual Recognition arrangement with CBP.

    Question 13. The 10+2 program was developed, in large part, to 
improve the quality of shipping information used by the ATS system to 
identify high risks containers. What are CBP's plans for collecting and 
analyzing information on how the 10+2 data are being used for targeting 
purposes and determining whether the data have a clear impact on CBP's 
ability to target high-risk containers?
    Answer. The advanced data provided by the Importer Security Filing 
(``10+2'') significantly increases the scope and accuracy of 
information gathered on the goods, conveyances and entities involved in 
the shipment of cargo to the U.S. via vessel. This additional advance 
data allows U.S. Customs and Border Protection (CBP) to make earlier 
and much better informed targeting decisions prior to cargo arrival in 
the U.S.
    CBP continuously collects information about the frequency of the 
risk indicators identified in the importer security filing data set; 
risk indicators that may or may not have been previously identified by 
the manifest (bill of lading) and/or entry data sets. CBP periodically 
conducts structured analyses of its targeting methodology to measure 
its effectiveness. One aspect of that analysis is a measurement that a 
given data attribute predicts an outcome. Each of the targeting 
concepts developed from the ``10+2'' data will be measured using this 
analysis. While the ``10+2'' program is still in the early stages, 
there have been several instances which highlight the effectiveness and 
necessity of this new data.
    For instance, real time analysis of the Imposter Security Filing 
(ISF) data enables CBP to identify potentially mis-manifested 
containers scheduled to arrive into U.S. waters by comparing the 
container numbers that are declared in the carriers' vessel stow plans 
against the containers derived from the 24 hour manifest data for the 
same shipments.
    Based upon the ``10+2'' data alone, CBP Officers are now able to 
identify and timely mitigate any risk from potentially mis-manifested 
containers, while avoiding needless delays to the movement of all other 
cargo.
    A second preliminary measure of the effectiveness of the ``10+2'' 
data is the earlier and much more precise identification of lower-risk 
parties involved in the supply chain. Prior to the collection of the 
``10+2'' importer security filing data, CBP was unable to identify, 
with any high degree of confidence, that a party was indeed a trusted 
C-TPAT participant solely from the manifest data. Today, C-TPAT 
participants are identified immediately through their importer security 
filings and given their respective targeting ``credit'', which 
significantly reduces the chances of a shipment being targeted for an 
enforcement examination. Prior to ``10+2'', it was not uncommon for C-
TPAT companies to undergo numerous domestic non-intrusive inspection 
(NII) exams due to questionable manifest data.
    Lastly, CBP is able to identify and mitigate the presence of 
higher-risk entities earlier in the supply chain due to more precise 
information that is supplied as part of the ``10+2'' data. Over the 
course of the past 2 years, the Automated Targeting System (ATS) has 
identified hundreds of potential high-risk entities from the ``10+2'' 
data; matches that CBP would not have known about based on the manifest 
data alone. While an inconclusive or conclusive match is not 
necessarily indicative of the presence of dangerous cargo, it does 
allow CBP to gain valuable intelligence on the nature of the shipments 
being shipped or imported by these potentially terrorist-related 
subject matches.

    Question 14. Are any of the 10+2 requirements to be used for 
purposes other than assessment of terrorist threat, such as detecting 
other illegal contraband?
    Answer. The usage of the ``10+2'' data is not strictly limited to 
anti-terrorism efforts. In fact, U.S. Customs and Border Protection 
(CBP) targeters and analysts routinely use the ``10+2'' data to help 
identify the presence of shipments containing illegal contraband such 
as narcotics and other illegally smuggled goods--the same techniques 
used to introduce contraband into the U.S. may also be used by 
terrorists to smuggle in weapons of mass effects. However, at this 
time, the Trade Act of 2002 and the SAFE Port Act of 2006 expressly 
forbid CBP from using the ``10+2'' data for pure trade compliance or 
trade enforcement purposes.

    Question 15. Has CBP officially adopted a position that 10+2 will 
alleviate the need for 100 percent scanning?
    Answer. U.S. Customs and Border Protection (CBP) has not adopted 
the position that 10+2 alleviates the need for 100 percent scanning.

    Question 16. If so, what type of analysis was done to support this 
position and what reductions in what types of risk are expected as a 
result 10+2?
    Answer. U.S. Customs and Border Protection (CBP) has not adopted 
the position that 10+2 alleviates the need for 100 percent scanning. 
However, CBP's Importer Security Filing (ISF) initiative, also known as 
``10+2", forms a critical enhancement to the advanced data component of 
CBP's layered security strategy in the ocean cargo environment. The 
application of the advanced data from the ISF to CBP's targeting 
process enhances the utility of the agency's risk analysis 
exponentially. The level of detail provides greater transparency into 
individual transactions and the parties involved, enabling CBP's 
targeters to more accurately identify high-risk and potentially 
problematic shipments while facilitating truly low-risk cargo. When 
combined with CBP's currently deployed imaging and radiation detection 
technology and the expertise of our National Targeting Center and port 
targeters, ISF forms a cornerstone of an effective risk-based, layered 
security strategy.
                                 ______
                                 
Response to Written Questions Submitted by Hon. Frank R. Lautenberg to 
                            Hon. Alan Bersin
    Question 1. Three years ago, Congress acted to require one hundred 
percent scanning of all containers coming to the U.S. However, last 
year the GAO found we are only scanning less than 5 percent of all 
U.S.-bound containers and that one hundred percent screening has not 
been achieved at even one port. Is the Department scanning more than 5 
percent of the containers prior to arriving in the United States? If 
so, what is the percentage of containers that are now being scanned?
    Answer. U.S. Customs and Border Protection (CBP) continues to scan 
less than 5 percent (collectively in Container Security Initiative 
(CSI) and Secure Freight Initiative (SFI) ports) of containerized 
maritime cargo before it is laden on a vessel bound for the U.S. CBP 
continues to screen 100 percent of all cargo manifests utilizing the 
Automated Targeting System and intelligence databases. One hundred 
percent of those shipments that are deemed high risk are scanned 
utilizing NII and radiation technology.
    CBP defines scanning as examining cargo to both an x-ray image for 
anomalies and radiation screening for the presence of radiation. CBP 
defines screening as analyzing all cargo manifests utilizing the 
Automated Targeting System to identify high risk cargo.

    Question 2. Although it was recommended the by Government 
Accountability Office (GAO), the Department of Homeland Security has 
not yet completed a feasibility or cost benefit analysis of the one 
hundred percent scanning requirement or any other alternative program. 
When will the Department conduct such an analysis so that we can 
determine the most effective way to move forward on container security?
    Answer. U.S. Customs and Border Protection (CBP) has conducted 
initial research into the feasibility and cost benefit analysis of one 
hundred percent scanning. A complete cost of the SFI pilot ports has 
been documented in the bi-annual reports to Congress. CBP is currently 
identifying multiple options, including the resources needed to 
implement these options, for scanning 100 percent of all maritime cargo 
prior to departure from foreign ports. Once the analysis is completed, 
we will be pleased to provide a briefing on the results.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Barbara Boxer to 
                            Hon. Alan Bersin
    Question 1. Several ports in my state have expressed concern about 
the 25 percent cost share for ports to participate in the Port Security 
Grant program because they believe it has been difficult to come up 
with the local match in this tough economy. Why does DHS continue to 
maintain a need for a cost share for the port security grant program 
when other Homeland Security grant programs such as the Transit 
Security Grant Program and the Urban Area Security Initiative (UASI) 
grant program do not have a required local cost share? Are you aware of 
ports that have had to scale back or abandon port security projects 
because of the inability to come up with the local cost share due to 
decreased revenues in this tough economy? Do you believe this could be 
putting our ports at risk?
    Answer. Cost-sharing is an effective way to ensure buy-in by a 
grant recipient, while incentivizing the recipient to leverage its own 
ongoing and planned investments in homeland security. The cost-share 
requirement is Congressionally-mandated under 46 U.S.C.  70107(c). 
Although the cost-share is statutorily required, the Secretary of 
Homeland Security does have the statutory authority to reduce the cost-
share for Port Security Grant Program (PSGP) projects in certain 
circumstances. The cost share requirement for FY 2009 ARRA and FY 2010 
PSGP awards were congressionally waived, but the FY 2010 Homeland 
Security Appropriations Act conference report language (P.L. 111-83) 
specifically indicated that the cost share requirement for the PSGP is 
not expected to be waived in the future, except at the discretion of 
the Secretary. Some port representatives have expressed concern about 
the cost share requirement for FY 2007 through FY 2009 grants. Several 
fiduciary agents have informed us of difficulties in soliciting project 
proposals because sub-recipients are unable to cover the cost match in 
this current economic climate. However, we have no evidence to suggest 
that previously approved port security projects are being abandoned due 
to this concern.
    Additionally, FEMA issued Information Bulletin (IB) No. 322 on July 
15, 2009 to define the process grantees should follow to submit cost-
share waiver requests for FY 2007, 2008, and 2009 PSGP grants. Such 
requests are evaluated on a project-by-project basis and generally not 
granted for an entire award. FEMA Program Analysts work closely with 
the authorized award representatives to ensure the request meets all 
criteria outlined in the IB. Each waiver request must contain a strong 
justification from the prime recipient, proof of written notice to the 
local Captain of the Port and Area Maritime Security Committee (AMSC), 
assurance that granting the waiver will not change the security 
compliance requirements the grantee is required to operate under within 
their approved security plan, and a revised budget. All cost-share 
waiver requests are considered by FEMA, USCG, and DHS leadership.
    While cost-sharing is valuable in ensuring efficient and effective 
recipient use of Federal funding, we recognize that extenuating 
circumstances may arise. The cost-share waiver provision helps ensure 
that worthy PSGP projects continue to move forward. Thus far, all 
requests for waivers under this process that have been presented to the 
Secretary for consideration have been approved.

    Question 2. I included language in the FY 2008 Omnibus 
Appropriations Act (P.L. 110-161) Conference Report to require the 
Commissioner of U.S. Customs and Border Protection (CBP) to report to 
Congress on the training of CBP officers assisting the FDA in 
monitoring the safety of our Nation's food supply. Does CBP have enough 
officers at our ports to ensure the safety of our Nation's food 
imports?
    Answer. U.S. Customs and Border Protection (CBP) believes there are 
enough officers at our ports of entry to ensure the safety of our 
Nation's food imports. CBP works closely with the Food and Drug 
Administration (FDA) to address the issue of food safety. FDA personnel 
are co-located at CBP's National Targeting Center and the Commercial 
Targeting and Analysis Center. The FDA and CBP automated systems for 
prior notice and entry release are integrated, which allows both 
agencies to have advanced targeting in place to select potential 
shipments that warrant review and/or examination. At some ports of 
entry, but not all, FDA has personnel along side CBP to address these 
concerns. The partnership between CBP and FDA has streamlined and 
enhanced our efforts to address food safety concerns.

    Question 3. What changes has CBP made since 2008 to improve the 
safety of our Nation's imported food supply?
    Answer. Since 2008, U.S. Customs and Border Protection (CBP) has 
designated ``Import Safety'' as a priority trade issue; an identified 
high risk trade area where CBP can focus our resources as part of a 
layered approach to risk management. These priority trade issues are 
commodities that can cause a significant revenue loss, economic risk to 
U.S. industry and/or represent health and safety concerns to citizens.
    CBP has created two divisions, the Import Safety and Interagency 
Requirements Division and the Commercial Targeting Analysis Center both 
dedicated in identifying and addressing import safety concerns.
    CBP has been an active participant in interagency workgroups such 
as the Import Safety Interagency Workgroup and President Obama's 
recently announced, Food Safety Working Group. CBP is dedicated to 
working with the other government agencies on creating policy for CBP 
field resources to address import safety nationwide in a uniform 
manner. These work groups have been successful in multiple initiatives, 
including but not limited to incorporating product safety in our 
trusted partnership programs, the establishment of other government 
officials at the ports of entry to interdict import safety concerns, 
and the possible cross laboratory training among participating 
agencies.
    To enhance collaboration between CBP and other government agencies 
including FDA, the Import Safety Commercial Targeting and Analysis 
Center (CTAC) was established in 2009. The facility is located within 
CBP's Office of International Trade. The CTAC serves as a fusion center 
where CBP, FDA and other participating personnel are co-located at a 
single site, sharing targeting resources and expertise to achieve the 
common mission of protecting the American public. The CTAC enhances CBP 
and FDA's ability to streamline national trade targeting efforts and 
coordinate among the participating agencies; this includes the sharing 
of critical import safety information, sharing of best practices, 
reduction in duplicated targeting/examinations across agencies, and 
also serves as a central point of response for import safety events of 
interest to FDA, CBP, and other agencies present. The mission of the 
CTAC is in line with the President's Food Safety Working Group, which 
calls for agencies with an interest/authority in import safety to 
coordinate efforts and resources, and focuses on the core principles of 
prevention, surveillance, and response. Through a unique Memorandum of 
Understanding, agencies at CTAC are able to share information and 
systems access in order to conduct joint import safety targeting at a 
national level. Through this channel, the CTAC is an effective tool for 
CBP and FDA to enhance the safety of our Nation's food imports. At the 
center, personnel from both agencies respond collectively to 
allegations, develop food safety operations, coordinate with 
laboratories on food safety testing requirements, and pursue 
enforcement actions against shipments found to pose a threat to U.S. 
consumers.
    CBP will continue to work with our Federal partners to prevent 
dangerous products from getting into the hands of the American 
consumers.
                                 ______
                                 
    Response to Written Questions Submitted by Hon. Bill Nelson to 
                            Hon. Alan Bersin
    Question 1. Commissioner Bersin, how does transparency in trade 
data increase maritime security?
    Answer. U.S. Customs and Border Protection (CBP) implements a risk-
based, layered enforcement strategy toward securing maritime cargo. 
This multi-layered enforcement strategy includes the collection of 
advanced trade information (manifest and entry) from programs such as 
the 24-hour Rule, the Importer Security Filing (``10+2'') and Customs-
Trade Partnership Against Terrorism (C-TPAT). Prior to the collection 
of trade data provide to CBP as part of the ``10+2'' program, CBP 
primarily relied on the carrier's manifest data to perform security 
risk analysis prior to the lading of merchandise arriving by vessel. 
While manifest data by nature is timely, internal and external reviews 
have shown that alone, manifest data is not very detailed. As a result, 
CBP had found that in many instances, low-risk companies were being 
unduly targeted and examined. Conversely, and much more troubling from 
a security standpoint, is the fact that certain high-risk entities, 
questionable trade patterns and commodities of interest were not being 
identified and targeted 24 hours prior to vessel lading due to lack of 
quality trade data at that point in time.
    The advanced entry data provided by the Importer Security Filing 
(``10+2'') in conjunction with manifest data transmitted 24 hours prior 
to vessel lading has significantly increased the scope and accuracy of 
information gathered on the goods, conveyances and entities involved in 
the shipment of cargo, which vastly improves CBP's ability to identify 
high-risk shipments so as to prevent smuggling and ensure cargo safety 
and security. This advance knowledge allows CBP to make earlier and 
much better informed targeting decisions prior to cargo arrival which 
helps to foster and facilitate the movement of lawful international 
trade.

    Question 2. The law requires CBP to make import and export data 
available for dissemination. Is complete data currently being made 
available to all of the appropriate entities who request it?
    Answer. U.S. Customs and Border Protection (CBP) provides, daily in 
accordance with 19 CFR 103.31 (e) all available inward manifest 
information from its Automated Manifest System (AMS), within the 
Automated Commercial System, to those parties who subscribe to the CD-
ROM service. Under CBP regulations at 19 CFR  103.31(e) interested 
members of the public may purchase a single day or subscribe to AMS to 
receive the subject manifest data. Those companies or individuals who 
subscribe receive a CD-ROM daily with all CBP AMS manifest data wherein 
manifest confidentiality has not been requested pursuant to 19 USC  
1431(c)(2) and 19 CFR  103.31(d). The AMS data elements that may be 
released are enumerated in 19 CFR  103.31(e)(3).
    With regard to vessel outward manifest (export) data filed 
electronically, CBP provides a data push through a Virtual Private 
Network connection to those parties who have signed an Interconnect 
Security Agreement and met the technical specifications for the 
Information Technology interface. This data push currently encompasses 
15 percent of outward manifests.
    Access to outward manifests filed in paper or other than 
electronically, CBP currently permits access within its ports of entry 
to one requestor, and has been exploring means to accommodate 
additional requestors without interfering with port operations or over 
burdening port personnel with requests for review of copied information 
pursuant to section 19 CFR  103.31 (b).

    Question 3. If not, why?
    Answer. Physical access to manifest documents at U.S. Customs and 
Border Protection (CBP) Ports of Entry by more than one entity has been 
identified as a logistical burden for the respective ports to manage, 
and raises concerns about safeguarding and securing those portions of 
the vessel manifest that are not available for public or press access. 
CBP continues to explore alternative methods to provide access to 
outward manifest data in an electronic format for interested parties.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Maria Cantwell to 
                            Hon. Alan Bersin
    Question 1. In 2002, Customs and Border Protection established the 
rule requiring an electronic manifest be submitted 24-hours prior to 
loading onto any commercial ship destined for the U.S. This process 
identified cargo containers that required inspection at the foreign 
port of origin and also determined which cargo containers would be 
examined upon arrival in the United States. In addition, agreements 
were negotiated with foreign countries to allow U.S. Customs agents 
with overseas billets to work with their foreign Customs counterparts 
and effectively ``push our borders out'' to more thoroughly examine 
U.S. bound maritime cargo. However, today, I understand that CPB is 
withdrawing overseas billets and bringing a number of CBP Officers back 
to the U.S. Could you provide some additional details on this 
adjustment of overseas billets and what impact it will have on the 
Container Security Initiative?
    Answer. The Container Security Initiative (CSI) program has 
developed significantly since its inception in 2002. The CSI program of 
tomorrow will be a hybrid of different (less personnel intensive, more 
technology driven) and more efficient and less costly concepts of 
operations to include remote targeting and remote examinations in a 
selected number of CSI ports, reciprocal relationships and the 
continued need for a minimal number of U.S. Customs and Protection 
(CBP) personnel stationed in foreign locations. CSI will maintain a 
foreign presence to witness exams, collaborate with host-country 
counterparts and maintain relationships with foreign customs 
administrations.

    Question 2. Last month the GAO released a report on combating 
nuclear smuggling. What the GAO found quote ``While DHS reports it 
scans nearly 100 percent of the cargo and conveyances entering the U.S. 
through land borders and major seaports, it has made less progress 
scanning for radiation: (1) in railcars entering the U.S. from Canada 
and Mexico; (2) in international air cargo; and (3) for international 
commercial aviation aircraft, passengers, or baggage.'' For example, 
containers offloaded from foreign ships arriving in western Canadian 
ports, are placed on freight rail, and cross into our country over a 
land border. Are there differences between how U.S. and Canadian ports 
deploy radiation detection equipment and the procedures used to scan 
cargo entering each respective country?
    Answer. There is no difference in the level of security scrutiny 
that cargo containers coming into the U.S. from Canada would receive 
versus containers entering directly from other foreign countries 
through U.S. ports. Conveyances arriving in the U.S. from Canada 
through land border ports of entry by truck or rail are considered to 
be arriving from a foreign country and are therefore subject to the 
same level of security scrutiny as containers being imported directly 
into U.S. ports.
    Regardless of the mode of transportation, U.S. Customs and Border 
Protection (CBP) concentrates its efforts on its primary mission of 
preventing terrorists and terrorist weapons from entering the U.S., 
while at the same time facilitating legitimate trade and travel.
    We are accomplishing these twin goals through the use of advance 
information, risk-management targeting systems, detection technologies, 
extended border strategies and international partnerships. CBP employs 
a layered enforcement approach to safeguarding the U.S. from threats by 
land, air, and sea.
    CBP recognizes that no single strategy or risk assessment is 100 
percent effective and accurate, so CBP focuses on layering multiple 
initiatives together to accomplish its mission. CBP works aggressively 
with trade and government partners to legislate improvements regarding 
data timeliness and quality. This data enhances the ability of CBP's 
highly trained personnel, together with their use of cutting edge 
technology, to target, detect and interdict terrorists, or implements 
of terrorism, destined to the U.S.

    Question 3. Do you believe this presents a potential vulnerability?
    Answer. There is no difference in the level of security scrutiny 
that cargo containers coming into the U.S. from Canada would receive 
versus containers entering directly from other foreign countries 
through U.S. ports. Conveyances arriving in the U.S. from Canada 
through land border ports of entry by truck or rail are considered to 
be arriving from a foreign country and are therefore subject to the 
same level of security scrutiny as containers being imported directly 
into U.S. ports.
    Regardless of the mode of transportation, U.S. Customs and Border 
Protection (CBP) concentrates its efforts on its primary mission of 
preventing terrorists and terrorist weapons from entering the U.S., 
while at the same time facilitating legitimate trade and travel.
    We are accomplishing these twin goals through the use of advance 
information, risk-management targeting systems, detection technologies, 
extended border strategies and international partnerships. CBP employs 
a layered enforcement approach to safeguarding the U.S. from threats by 
land, air, and sea.
    CBP recognizes that no single strategy or risk assessment is 100 
percent effective and accurate, so CBP focuses on layering multiple 
initiatives together to accomplish its mission. CBP works aggressively 
with trade and government partners to legislate improvements regarding 
data timeliness and quality. This data enhances the ability of CBP's 
highly trained personnel, together with their use of cutting edge 
technology, to target, detect and interdict terrorists, or implements 
of terrorism, destined to the U.S.
    Air Cargo Interagency Collaborations--Efforts between U.S. Customs 
and Border Protection (CBP) and other agencies have been established to 
address the strengthening of air cargo security; For example, Customs-
Trade Partnership Against Terrorism (C-TPAT) is exploring opportunities 
with TSA's Certified Cargo Screening Program (CCSP) to increase 
information sharing between both programs through strategies such as 
collecting additional information during foreign validation visits and 
leveraging existing mutual recognition arrangements with foreign 
customs administrations.
    And, the implementation of ``Smart Border'' agreements that involve 
a number of actions to improve information exchange and adopt 
benchmarked security measures that will reduce the terrorist threat at 
our borders, such as the sharing of significant seizure information 
that would enhance future targeting efforts.
    These layers are interdependent and deployed simultaneously, to 
substantially increase the likelihood that contraband, including 
terrorists and weapons of terror will be detected. No single strategy 
could provide the level of security that CBP has worked to achieve and 
maintain since the tragic events of September 11, 2001.
    The rail vector presents unique challenges to CBP in deploying 
effective radiation detection technology. In its ongoing efforts to 
address the nuclear threat, CBP has procured a new prototype dual-
energy rail radiography system that incorporates a passive radiation 
detection capability. This new prototype was procured as a possible 
replacement for the large-scale NII rail imaging systems currently 
deployed to rail border crossings. CBP intends to replace its inventory 
of older rail radiography systems with new and enhanced technology as 
the older systems reach their end-of-life-cycle. Acceptance of this 
prototype is contingent upon ongoing testing and evaluation efforts by 
both the vendor and CBP. Additional characterization efforts of the 
active radiography and passive radiation detection technologies' 
capability to function in a synchronized mode are currently in the 
planning stages.

    Question 4. Section 122 of SAFE Ports Act of 2006 required CPB to 
seek to develop a plan for the inspection, prior to the loading of 
passengers and vehicles, for U.S. inbound ferries. There are 28 ferries 
operating from Ports in Canada, Mexico, the British Virgin Islands, and 
the Dominican Republic, to ports in the U.S.
    Washington State operates the largest passenger ferry system in the 
country. There are a handful of ferry routes between cities in 
Washington State and British Columbia. As you may recall, the so-called 
``millennium bomber'' entered the country on a ferry from Canada. For 
these reasons, ferry security is ever present in the mind of my 
constituents.
    To paraphrase the report delivered to Congress on January 9, 2009--
we (CPB) took a look at it, looks like too hard a problem to solve 
because of the challenges that have arisen during current discussions 
with the Canadians for pre-inspection at land border points of entry, 
so we consider that we fulfilled the obligation.
    I intend to raise the issue of ferry security when the Senate takes 
up reauthorization of the SAFE Ports Act. Are you willing to work with 
me between now and then in trying to figure out how to clear some of 
the hurdles to enable the development of a plan as envisioned in 
Section 122?
    Answer. Yes. U.S. Customs and Border Protection (CBP) is aware that 
inbound ferries are a potential vulnerability. CBP currently receives 
some ferry Advance Passenger Information System (APIS) data voluntarily 
that allows for some advance screening. CBP would appreciate the 
opportunity to work with you to address these issues.
                                 ______
                                 
     Response to Written Questions Submitted by Hon. Mark Pryor to 
                            Hon. Alan Bersin
    Question 1. It is CBP's duty to ``steadfastly enforce the laws of 
the United States while fostering our Nation's economic security 
through lawful international trade and travel.'' Customs has the sole 
responsibility of ensuring that duties assessed on unfairly traded 
imports are collected. The duties are often put in place on certain 
imports to serve as a deterrent against unfairly traded imports which 
were found to have injured U.S. companies and workers. It has come to 
my attention in recent months that there is a growing problem with 
import fraud by countries and companies seeking to evade certain 
duties. What steps are being taken by CBP to end this practice?
    Answer. U.S. Customs and Border Protection (CBP) takes all matters 
of antidumping and countervailing duty (ADCVD) evasion very seriously, 
and in coordination with U.S. Immigration and Customs Enforcement (ICE) 
employs every available method in accordance with law to address these 
matters. Such actions may include entry summary reviews and/or cargo 
examinations by the ports; domestic importer premises visits; domestic 
broker/filer visits; sampling by the ports for CBP laboratory testing; 
and when available, foreign manufacture visits by the ICE attache's 
office to review production capability and/or existence of operations. 
However, the volume of ADCVD cases and the complexity of regulating 
them pose a significant challenge.
    ADCVD is a Priority Trade Issue (PTI) for CBP and as such, CBP 
conducts an assessment of our implementation and enforcement efforts on 
an on-going basis.

    Question 2. Are you aware of such fraud issues as they relate to 
steel pipe and tube products from China?
    Answer. U.S. Customs and Border Protection (CBP) has received 
multiple allegations of circumvention of antidumping cases on Chinese 
steel pipe and tube. CBP continues to work with U.S. Immigration and 
Customs Enforcement (ICE) as well as the domestic manufacturers of 
steel pipe and tube to address these matters.

    Question 3. Does CBP have the resources to ensure the proper 
collection of all duties and prevent import fraud?
    Answer. CBP is currently monitoring approximately 300 AD/CVD cases 
for which the Department of Commerce (DOC) has ordered the imposition 
of AD/CVD duties and dozens of AD/CVD cases that are in preliminary 
status. As you may know, DOC assigns various different duty rates for 
specific manufacturers within AD/CVD cases, providing incentive and 
opportunity for circumvention. For example, DOC assigned 195 different 
manufacturer deposit rates for the Chinese wooden bedroom furniture 
case. In addition, DOC issued 155 messages on that case, which includes 
scope rulings and injunctions. These points illustrate the challenges 
CBP has with administering and enforcing only one AD/CVD case.
    CBP recently issued a vacancy announcement to add personnel to our 
National Targeting and Analysis Groups (NTAG), including the AD/CVD 
NTAG.

    Question 4. With the ongoing focus of putting CBP resources on the 
border, what impact is that having on inspecting imports at ports of 
entry including U.S. ports?
    Answer. While CBP has increased enforcement personnel along the 
southwest border with Mexico, particularly Border Patrol agents, we 
have not diminished our trade enforcement activities at seaports or 
airports.
    CBP understands that there is a monetary gain in not paying the 
ADCVD duty on the subject products, and that certain foreign 
manufactures and U.S. importers will attempt to circumvent ADCVD cases. 
As such, CBP will continue to target importers and manufactures for 
potential evasion of ADCVD cases and will use all available means to 
enforce the cases.
                                 ______
                                 
Response to Written Questions Submitted by Hon. Kay Bailey Hutchison to 

                            Hon. Alan Bersin
    Question 1. The Coast Guard is responsible for securing 361 ports 
and 95,000 miles of coastline and navigable waterways. It also has 10 
other missions, including maritime drug interdiction, search and 
rescue, immigration law enforcement at sea, and serving as the lead 
Federal agency responding to the Deepwater Horizon oil spill . . . and 
all of this with only 42,000 Active Duty personnel.
    CBP also has an enormous number of tasks to accomplish with limited 
resources. Although you have only been on the job since the spring, in 
your estimation, is CBP adequately staffed to handle all the port 
security tasks?
    Answer. The FY 2011 budget request includes the appropriate funding 
level to support U.S. Customs and Border Protection (CBP) personnel 
assigned to carry out their responsibilities. CBP has conducted staff 
modeling to assess where best to position its resources, and our major 
and minor ports all receive a share of resources based on operational 
need.

    Question 2. The level of transportation security abroad has an 
important impact on our domestic homeland security efforts. The weaker 
cargo security standards are at foreign ports, the greater the risk to 
U.S. bound cargo. To that end, both the Coast Guard and CBP have 
developed international programs to improve and build a layered 
approach to port security.
    CBP has developed a number of programs aimed at international port 
security including the ``Customs-Trade Partnership Against Terrorism'' 
(C-TPAT), the Container Security Initiative (CSI), and the ``10+2'' 
security filing. Given all the cooperative arrangements that are 
inherent in these programs, especially those with the private sector, 
is CBP able to quantify how these programs have contributed to cargo 
security?
    Answer. During FY2009, Container Security Initiative (CSI) 
conducted 56,781 cargo exams of high-risk shipments in overseas ports. 
Since they were examined overseas, there was no reason to inspect them 
for security purposes once they were unladed in domestic ports and were 
more than likely released into the economy unless they were targeted 
for a non-security related inspection (i.e., trade, narcotics, 
agriculture, etc.). To date, no instruments of terrorism have been 
detected in maritime containerized cargo destined for the U.S. CSI is 
currently operational in 58 ports worldwide. With these 58 ports, CSI 
processes approximately 86 percent of all maritime containerized cargo 
imported into the U.S., and U.S. Customs and Border Protection (CBP) 
continues to screen 100 percent of cargo manifests and related 
information.
    For several years CBP has successfully utilized a layered 
enforcement strategy, involving different programs such as those 
described in the question and other security programs. The programs are 
inter-related and secure different parts of the supply chain. Each 
program has its own set of productivity measures all of which continue 
to increase each year and as a whole they combine to form a strong 
security posture which also serves to facilitate legitimate trade. The 
private sector continues to support a risk based cargo enforcement 
strategy. CBP recently concluded the 2010 Customs-Trade Partnership 
Against Terrorism (C-TPAT) member survey and the results will be made 
public later this year. More than 3,900 member companies, nearly half 
of all membership, chose to participate. This study demonstrates the 
effectiveness of C-TPAT in causing thousands of companies to give 
closer scrutiny to the security of the goods they handle and ensuring 
that their overseas suppliers have implemented sound security 
practices.
    The 2010 study identified several collateral benefits for C-TPAT 
members that support the argument that the C-TPAT program has enhanced 
the security of the international supply chain:

   Decrease in supply chain disruptions.

   Establishment of supply chain security procedures where none 
        existed before.

   More frequent review of service providers security 
        standards.

   Reduce cargo theft and pilferage.

   Improved security for workforce.

   Access to security training sessions, tips, and techniques.

    Question 3. How can these programs be further improved?
    Answer. U.S. Customs and Border Protection (CBP) continues to 
pursue means of operating more effectively and efficiently as new 
technology becomes available. Container Security Initiative (CSI) 
targeters have implemented the Importer Security Filing data into 
targeting methodologies and continue to work closely with host country 
nations on information sharing.
    CBP's security programs are relatively mature and stable at this 
point and we continually making process improvement so that CBP can 
effectively segment risk and ensure legitimate trade moves quickly 
through the supply chain. For example, in 2010 Customs-Trade 
Partnership Against Terrorism (C-TPAT) established an internal 
Evaluation and Assessment Branch to ensure validations are conducted 
consistently and in accordance with established standard operating 
procedures.

    Question 4. One CBP program that has encountered numerous 
challenges is the Secure Freight Initiative (SFI), which Congress 
mandated to test the feasibility of 100 percent scanning of U.S. bound 
cargo at foreign ports.
    The GAO recommended that CBP conduct a feasibility study of the SFI 
program before moving forward with any future implementation, but to 
date, CBP has not completed such a study. Why has the study not been 
completed?
    Answer. U.S. Customs and Border Protection (CBP) has conducted 
initial research in the feasibility and cost benefit analysis of one 
hundred percent scanning. A complete cost of the Secure Freight 
Initiative (SFI) pilot ports has been documented in the bi-annual 
reports to Congress.

    Question 5. Do you believe the costs of 100 percent scanning 
outweigh the benefits to securing U.S. bound cargo?
    Answer. U.S. Customs and Border Protection (CBP) recognizes that 
100 percent scanning may play a role in certain trade corridors where 
the scan data can provide additional information to improve the 
security of that particular supply chain but believes a risk-based 
approach should also be considered.
    Some governments, as a result of concerns over sovereignty, 
feasibility, logistics, their own regulatory authority, and cost may 
decide to forego 100 percent scanning in their ports. Such concerns 
affected the participation of at least one major trading partner in the 
SFI study. CBP will continue to work with foreign governments, 
carriers, and shippers globally to improve risk-based targeting and 
enhance supply chain security.
                                 ______
                                 
Response to Written Questions Submitted by Hon. John D. Rockefeller IV 
                         to Stephen L. Caldwell
    Question 1. Pending the release of the implementation plan for the 
DHS Small Vessel Security Strategy, what are the potential options for 
mitigating threats from small vessels? To what extent would a new 
requirement that small vessels carry transponders--so they could be 
tracked--be a viable solution? How does this option compare to 
increased ``neighborhood watch'' type programs to encourage watermen 
and pleasure boaters to report suspicious activity?
    Answer. Please see the question below for a joint response.
                                 ______
                                 
Response to Written Question Submitted by Hon. Kay Bailey Hutchison to 
                          Stephen L. Caldwell
    Question. Since the terrorist attacks of September 11, 2001, 
maritime security efforts have focused primarily on large commercial 
vessels, cargoes, and crew. Efforts to address the small vessel 
environment have largely been limited to traditional safety and basic 
law enforcement concerns. Small vessels are, however, readily available 
for potential exploitation by terrorists, smugglers of weapons of mass 
destruction (WMDs), narcotics, aliens, other contraband, and other 
criminals. Small vessels have also been successfully employed overseas 
by terrorists to deliver Waterborne Improvised Explosive Devices 
(WBIEDs). GAO previously noted that technology systems used by the 
Coast Guard to track small vessels have not worked properly at night or 
during inclement weather. In your view, is it cost-effective to track 
small vessels?
    Answer. Governmental agencies, both in the United States and 
abroad, have exercised several options to address the risks presented 
by small vessels. As we previously reported in April 2010,\1\ the 
Department of Homeland Security (DHS)--including the U.S. Coast Guard 
and U.S. Customs and Border Protection (CBP)--and other entities are 
taking actions to reduce the risk from small vessels. These actions 
include the development of the Small Vessel Security Strategy,\2\ 
community outreach efforts through the America's Waterway Watch (AWW) 
program and Operation Focused Lens, port-level vessel tracking efforts 
with radars and cameras, port-scale nuclear detection pilot projects, 
establishment of security zones in U.S. ports and waterways, and 
escorts of possible targets of waterborne improvised explosive devices. 
CBP and the Coast Guard also have other efforts under way to prevent 
small vessels from transporting weapons of mass destruction, 
terrorists, or narcotics from foreign countries into the United States. 
CBP's Office of Air and Marine reports that it is using airborne assets 
such as four engine P3 Airborne Early Warning and Long Range Tracker 
aircraft and soon maritime reconnaissance versions of unmanned Predator 
drones, to detect smugglers' vessels, including semisubmersibles, 
sailing to the United States. The Coast Guard and CBP's Office of Air 
and Marine also report that they station patrol vessels along smuggling 
routes to intercept smugglers' vessels before they reach U.S. shores. 
At the request of Chairman Bennie Thompson and Ranking Member Peter 
King of the Committee on Homeland Security, House of Representatives, 
we are currently reviewing CBP's Office of Air and Marine program and 
examining the agency's use of its resources and expect to issue the 
results of this review next year. Outside of the United States, the 
government of Singapore began a program in 2007 called Harbour Craft 
Transponder System where all vessels not covered by the International 
Maritime Organization's (IMO) International Convention for the Safety 
of Life at Sea (generally, this convention covers vessels 300 gross 
tons or more on an international voyage and cargo ships of 500 gross 
tons or more) were required to install and operate transponders that 
broadcast their position. The program was implemented jointly by the 
Maritime and Port Authority, the Police Coast Guard and the Republic of 
Singapore Navy, and an estimated 2,800 small vessels were equipped when 
its operation commenced in 2007. User costs include the transponder 
device, which ranges in cost from approximately $700 to $730 plus 
applicable taxes, depending on whether the model is portable or fixed, 
and an annual operating cost of approximately $90.
---------------------------------------------------------------------------
    \1\ GAO, Maritime Security: Varied Actions Taken to Enhance Cruise 
Ship Security, but Some Concerns Remain, GAO-10-400, (Washington, D.C.: 
Apr. 9, 2010).
    \2\ The goals of DHS's Small Vessel Security Strategy are 
consistent with the critical infrastructure protection maritime sub-
sector goal to enhance the resiliency of the maritime transportation 
system. According to the strategy, reducing the risk from small vessels 
will contribute to the security of our ports and help prevent the 
disruption of commerce and the negative impact of a vessel security 
incident by reducing the potential consequences of such an incident. 
The primary consequence of a terrorist incident (as well as other 
transportation security incidents) arising from the use of a small 
vessel could be devastating for the U.S. economy if it damaged critical 
infrastructure or resulted in closure of a port. By reducing the risk 
and the associated consequences from small-vessel risks, the strategy 
contributes to the resilience of the maritime sector and associated 
critical infrastructure.
---------------------------------------------------------------------------
    As we reported in March 2009, the expansion of vessel tracking to 
all small vessels--through transponders or other methods--may be of 
limited utility because of the large number of small vessels, the 
difficulty identifying threatening actions, the challenges associated 
with getting resources on scene in time to prevent an attack once it 
has been identified, and the limitations of certain equipment.\3\ For 
vessels not required to carry automatic identification system (AIS) \4\ 
equipment, cameras may be utilized, though not all ports have cameras 
suited to overcome challenges posed by low lighting during operation at 
night or in bad weather. Even when vessels carrying transponders are 
tracked in ports, recognizing hostile intent is very difficult. During 
our reviews of maritime security efforts, we were provided evidence of 
vessels intruding into security zones where unauthorized access was 
prohibited. While no attacks occurred, such vessels were able to travel 
freely near potential targets. Coast Guard officials have told us that 
their ability to enforce security zones is constrained by their limited 
resources. Moreover, the Coast Guard has not been able to meet its own 
internal standards for the frequency of escorts of potential target 
vessels. The difficulty in recognizing potentially threatening activity 
and the limited response capability indicates that expanding tracking 
to all small vessels would not necessarily diminish the risk posed by 
small vessels. While such tracking would likely lead to increased 
observation of prohibited activities, such as intrusion into security 
zones, it would not necessarily help to differentiate between vessels 
that entered security zones with hostile intent and vessels that 
entered for other reasons, such as better fishing. In addition, with 
the increased number of vessels to observe, watch standers could be 
overwhelmed by the amount of information they must track or monitor. 
While the Coast Guard has research underway to automate its ability to 
detect threatening behavior by vessels, even if these efforts are 
successful they would not improve the agency's ability to respond 
quickly. DHS's Small Vessel Security Strategy also states that small-
vessel risk reduction efforts should not impede the lawful use of the 
maritime domain or the free flow of legitimate commerce--making the 
need to decipher vessel behavior essential. As the strategy states, 
given the size and complexity of the maritime domain, risk-based 
decisionmaking is the only feasible approach to prevention, protection, 
response and recovery related to small-vessel threats.
---------------------------------------------------------------------------
    \3\ As we reported in March of 2009, some cameras have the ability 
to operate in low light or use infrared images that distinguish objects 
by the heat they emanate. These capabilities allow them to be effective 
when cameras using visible light prove ineffective, such as at night or 
in bad weather. However, these cameras can still be affected by high 
surf conditions, which can hide vessels smaller than the height of the 
waves. For additional information, see GAO, Maritime Security: Vessel 
Tracking Systems Provide Key Information, but the Need for Duplicate 
Data Should Be Reviewed, GAO-09-337 (Washington, D.C.: Mar. 17, 2009).
    \4\ AIS is a technology that uses global navigation satellite data 
and radios to transmit and receive information about a vessel's voyage, 
including its name, position, course, and speed.
---------------------------------------------------------------------------
    Much of the seaborne smuggling of narcotics and undocumented 
migrants into the United States currently makes use of small vessels, 
such as high-speed ``go fast'' boats and semisubmersibles. While CBP 
and the Coast Guard are also taking actions to intercept smugglers at 
sea, their ability to prevent this smuggling is mixed. In its Fiscal 
Year 2009 performance report, the Coast Guard reported removing 15 
percent of the cocaine being transported on noncommercial vessels bound 
for the United States in Fiscal Year 2009. Conversely, the Coast Guard 
reported that it interdicted approximately 84 percent of undocumented 
migrants who attempted to enter the United States via maritime routes 
in Fiscal Year 2009. CBP's performance report did not include similar 
measures for maritime narcotic or migrant interdiction.
    With the critical task of mitigating the risk posed by small 
vessels before the Coast Guard and CBP, we believe a risk management 
approach coupled with strong intelligence-gathering efforts would lead 
to the greatest benefit. Intelligence-gathering efforts at the port 
level, such as AWW, should help uncover potential threats before they 
develop into full-fledged attacks. The program's outreach to over 400 
local watch group members in and around the Puget Sound region for the 
Vancouver 2010 Winter Olympics demonstrated its potential as means of 
increasing vigilance and communication. Moreover, targeted efforts 
aimed at protecting critical infrastructure and valuable vessels, along 
with random escorts and patrols, should help provide deterrence against 
a small vessel attack inside U.S. port areas. Offshore, intelligence 
efforts aimed at uncovering smuggling operations should also help to 
target patrols and interceptions. These efforts would include random 
patrols, which add uncertainty to where these assets will be at any one 
time. A risk management approach that focuses limited resources on the 
greatest risks is even more critical given the Federal Government's 
current budget climate.
                                 ______
                                 
Response to Written Questions Submitted by Hon. John D. Rockefeller IV 
                         to Stephen L. Caldwell
    Question 2. Regarding security in foreign ports, your statement 
emphasized the importance of risk management and indicated that your 
work had shown potential to apply more risk management to the Coast 
Guard inspection of foreign ports. What did your work specifically show 
and how could the Coast Guard use risk management more effectively? Can 
the Coast Guard do this on its own, or would legislative changes be 
needed to implement changes in the frequency or intensity of visits to 
foreign ports?
    Answer. Since we issued our report on the Coast Guard's 
International Port Security Program in April 2008, the Coast Guard has 
adopted a new risk management program.\5\ In April 2008, the Coast 
Guard was just beginning the next phase of the program, revisiting 
countries to reassess the security measures of 138 trading partners. As 
part of this next phase, the Coast Guard planned to place greater 
emphasis on countries that were not in compliance or that were 
struggling to comply with International Ship and Port Facility Security 
(ISPS) Code requirements. To accomplish this with available resources, 
the Coast Guard planned to prioritize its country visits and capacity-
building efforts using a risk-based approach that would allow Coast 
Guard officials to spend more time in countries not in compliance and 
whose lack of compliance poses a higher risk to the United States. At 
the time of our report, the Coast Guard was in the process of 
developing this risk-management approach and had created working groups 
to consider how to implement this approach. Since the issuance of our 
report, the Coast Guard reported that the program finalized its 
methodology which analyzes the risk a country potentially poses to the 
United States, how well a country is implementing the ISPS Code, and 
the likelihood that capacity-building efforts in the country would be 
effective considering a variety of political, economic, and social 
preconditions. According to the Coast Guard, the results of the 
methodology are used to manage risk and limited resources by helping 
establish assessment team size, determining countries and ports where 
capacity-building resources would be most effective, and finally 
identifying high-risk countries that need additional oversight. We have 
not conducted a detailed review of this methodology or the Coast 
Guard's implementation of it.
---------------------------------------------------------------------------
    \5\ Our April 2008 report is restricted and not available to the 
public.
---------------------------------------------------------------------------
    Although we have not analyzed or directly reported on this issue as 
it relates to the Coast Guard, another approach the Coast Guard could 
consider to incorporate risk management into the program is to use 
mutual recognition arrangements with other countries, similar to that 
developed by CBP for international customs. We reported in August 2008 
that CBP worked with the international customs community to achieve a 
system of mutual recognition--an arrangement whereby the actions or 
decisions taken by one customs administration are recognized and 
accepted by another administration.\6\ For a system of mutual 
recognition to work, however, there must be an agreed-upon common set 
of standards that are applied uniformly so that a level of confidence 
exists between countries. As international standards exist for maritime 
security through the ISPS Code, the Coast Guard could consider 
developing a similar system of mutual recognition for international 
maritime security. For example, the European Union has developed 
detailed regulations for the consistent implementation of the ISPS Code 
by its member states and established a process for verifying the 
effectiveness of its member states' maritime security measures. This 
process includes an inspection of member states' ports that results in 
a report identifying any nonconformities with the regulations and 
making recommendations to address the nonconformities. Should the Coast 
Guard develop confidence in the European Union's regulatory and 
inspection approach to determine whether its members have fully 
implemented and maintain international maritime security standards, 
under a mutual recognition arrangement with the European Union the 
Coast Guard could agree to recognize and accept one another's security 
practices. The Coast Guard could then give countries with which it has 
such agreements lower priority for a country visit. During a meeting in 
September 2010 to follow-up on our report, Coast Guard officials told 
us that more flexibility to determine whether an assessment is 
necessary for countries with which there is confidence in the 
implementation of international maritime security standards would be 
helpful to the program in allocating program resources toward the 
highest-risk countries. Changes to increase the frequency of visits to 
foreign ports would not require a legislative change, whereas a 
decrease in frequency may require a legislative change.
---------------------------------------------------------------------------
    \6\ GAO, Supply Chain Security: CBP Works with International 
Entities to Promote Global Customs Security Standard and Initiatives, 
but Challenges Remain, GAO-08-538 (Washington, D.C.: Aug. 15, 2008).
---------------------------------------------------------------------------
    In regard to the Coast Guard's ability to spend more time in 
countries not in compliance to assist with capacity building, we 
reported in April 2008 that the International Port Security Program was 
subject to limitations on its ability to offer capacity-building 
assistance outside of assessment activities or to other countries that 
may comply with the ISPS Code standard, but struggle to maintain their 
compliance. Coast Guard officials stated that while authorities allowed 
for certain types of capacity-building activities, several of the 
authorities limited those activities to ports in foreign countries that 
have been found to lack effective antiterrorism measures. However, with 
the enactment of the Coast Guard Authorization Act of 2010,\7\ the 
Coast Guard has new authorities to provide assistance to what the Coast 
Guard describes as a broader range of countries. For example, the act 
authorizes the Coast Guard to provide specified types of assistance to 
foreign ports based on risk assessments and comprehensive port security 
assessments rather than a finding of the lack of effective 
antiterrorism measures before providing assistance. In terms of changes 
to the frequency of visits to foreign ports, although the Security and 
Accountability For Every Port Act of 2006 (SAFE Port Act) currently 
requires that a minimum number of reassessments of the effectiveness of 
antiterrorism measures in foreign ports be conducted at a rate of not 
less than once every 3 years,\8\ the International Port Security 
Program strives to conduct reassessments every 2 years to follow the 
direction contained in the conference report accompanying the Fiscal 
Year 2007 DHS Appropriations Act.\9\ The Coast Guard states that in 
addition to the reassessments, it visits all countries at least 
annually, with countries that have ports with nonconformance issues it 
has identified more frequently. Consequently, to decrease the frequency 
of visits to an amount less than the established frequencies in the 
SAFE Port Act would require legislative changes whereas an increase in 
frequency would not require legislative changes.
---------------------------------------------------------------------------
    \7\ Pub. L. No. 111-281, ___ Stat. ___ (2010).
    \8\ Pub. L. No. 109-347, 120 Stat. 1884, 1918 (2006).
    \9\ H.R. Conf. Rep. No. 109-699, at 142 (2006).

    Question 3. S. 3639 authorizes the Coast Guard to provide 
assistance to foreign governments or ports to enhance their maritime 
security. Does GAO support this provision?
    Answer. Provisions in S. 3639 to authorize the Coast Guard to 
provide assistance to foreign governments or ports to enhance their 
maritime security are similar to provisions recently enacted in the 
Coast Guard Authorization Act of 2010. While we have not directly 
looked at this issue, based on our work, Coast Guard technical 
assistance to other countries could be another way to improve port 
security in certain circumstances with available Coast Guard resources. 
During our review of the International Port Security Program, Coast 
Guard officials told us that funding is a major challenge for most 
countries struggling to meet and sustain ISPS Code requirements.\10\ 
For example, Coast Guard officials stated that in several African 
countries, the designated authority within the government does not have 
the resources to provide security for ports or funds to provide grants 
for ports in need of improvements. However, according to Coast Guard 
officials, the Coast Guard also does not have resources to supply 
physical security assets, such as fences and guards, to those countries 
that cannot afford them. Program officials have sought to raise 
awareness about low-cost methods that can be used to meet certain 
international security requirements, such as the use of ``tabletop'' 
exercises rather than conducting full-scale drills and exercises.
---------------------------------------------------------------------------
    \10\ Our April 2008 report is restricted and not available to the 
public.
---------------------------------------------------------------------------
    In addition to the budgetary limitations, Coast Guard officials 
stated that the program faced legal limitations in the capacity-
building efforts they could provide under their previous legislative 
authorities. As discussed above, while previous authorities allowed for 
certain types of capacity-building activities, several of those 
authorities limited those activities to ports in foreign countries that 
had been found to lack effective antiterrorism measures. However, with 
the enactment of the Coast Guard Authorization Act of 2010, the Coast 
Guard has new authorities to provide assistance. For example, the Act 
authorizes the Coast Guard to provide assistance based on risk 
assessments and comprehensive port security assessments rather than a 
finding of a lack of effective antiterrorism measures. Another 
capacity-building authority authorizes the provision of technical 
assistance when it is provided in conjunction with regular Coast Guard 
operations. The Coast Guard Authorization Act of 2010 amended this 
authority to expressly authorize the use of funds for certain purposes 
such as the activities of traveling contact teams, including any 
transportation expense, translation services, seminars, and conferences 
involving members of maritime authorities of foreign governments, and 
the distribution of publications pertinent to engagement with maritime 
authorities of foreign governments.

    Question 4. Does the Coast Guard have an adequate workforce of 
inspectors who can operate in foreign environments to inspect foreign 
ports? To what extent would that workforce be affected by proposals to 
change the frequency or intensity of visits to foreign ports? How would 
it be affected by proposals to increase technical assistance to foreign 
governments and ports outside of the normal visit/inspection cycle?
    Answer. We reported in January 2010 that during this decade, the 
Coast Guard has been challenged with expanded mission responsibilities, 
and concerns have been raised about whether the Coast Guard has a 
sufficient workforce to fulfill these mission responsibilities.\11\ The 
impact of expanding missions underscored shortcomings in the Coast 
Guard's ability to effectively allocate resources, such as personnel; 
ensure readiness levels; and maintain mission competency. Similarly, 
when we concluded our review of the International Port Security Program 
in April 2008, we reported that the Coast Guard also faced challenges 
in ensuring that it had trained staff available to meet assessment and 
assistance needs. According to Coast Guard officials, personnel working 
in the program have unique demands placed on their skills since they 
must be proficient security inspectors and must also be culturally and 
diplomatically sensitive liaisons to foreign countries. The challenge 
was made more difficult by Coast Guard plans to compress its schedule 
for completing follow-up visits so that all were to be completed within 
a 2-year time-frame and by the Coast Guard personnel rotation policy 
that moves personnel between different positions every 3 to 4 years.
---------------------------------------------------------------------------
    \11\ GAO, Coast Guard: Service Has Taken Steps to Address Historic 
Personnel Problems, but It Is too Soon to Assess the Impact of These 
Efforts, GAO-10-268R, (Washington, D.C.: Jan. 29, 2010).
---------------------------------------------------------------------------
    We also reported that the Coast Guard did not have a fully 
developed strategic workforce plan for the program. Coast Guard 
officials noted that the calculations for the number of program 
personnel required were straightforward as the number of countries to 
assess was limited to approximately 138 and the amount of time required 
to conduct assessments was known. When we asked Coast Guard officials 
about ensuring the availability of sufficient resources for the next 
phase of the program, Coast Guard officials stated that they believed 
they had sufficient resources to conduct assessments and provide 
capacity building within the current authorities provided to the 
program. However, we reported that they had not completed aspects of 
workforce planning, such as processes to regularly analyze staffing 
data and workforce demographics and develop strategies for identifying 
and filling gaps, as human capital management guidance provided by the 
Office of Personnel Management suggests. Without such planning, we 
reported that it may be difficult for the Coast Guard to meet its 
program goals. As a result, we recommended that the Coast Guard develop 
and incorporate a workforce plan as part of the risk management 
approach it was developing to prioritize the performance of program 
activities. DHS and the Coast Guard concurred in part with our 
recommendation. Specifically, they noted that the Coast Guard has 
analyzed its workforce needs to carry out the functions currently 
mandated and had begun to develop a methodology to determine where best 
to conduct capacity-building efforts. They stated that more analysis 
would be done when and if authorities are provided to expand the 
capacity-building activities of the program. While we agreed that the 
Coast Guard would need additional authorities to carry out certain 
capacity-building activities beyond countries not in compliance, the 
Coast Guard's workforce planning efforts were not consistent with those 
called for by human capital management guidance, even for the program's 
current authorities.
    While we do not have the data or information to determine how the 
Coast Guard's workforce would be affected by potential changes to the 
frequency or intensity of visits, or changes to increase the technical 
assistance to foreign governments and ports, since the issuance of our 
report the Coast Guard has reported taking additional actions to more 
fully develop a workforce plan for the program. Although the program 
does not envision a separate ``stand-alone'' plan, the Coast Guard 
reported reviewing human capital management guidance and is 
incorporating some of the principles in its program management. Among 
other things, the Coast Guard reported that the program continues to 
refine its human capital management including using an analysis to 
identify training needs for new personnel entering the program and 
promulgation of guidance on resources that should be devoted to 
conducting assessment visits for various categories of countries. The 
program also reported finalizing its methodology which looks at the 
risk a country potentially poses; how well it is implementing the 
international security standard, the ISPS Code; and the likelihood that 
the capacity-building efforts in the country would be effective. While 
we have not assessed these actions, we believe they contribute toward 
the implementation of our recommendation and thereby better position 
the Coast Guard to ensure that it has an adequate work force. Should 
the program be given additional capacity-building authority, the Coast 
Guard stated that the program will use its methodology to identify 
additional personnel needs and where they should best be stationed.

    Question 5. Has GAO's work made a formal determination of whether 
the 100 percent scanning requirement is consistent with risk 
management?
    Answer. The application of risk management for container security 
can be considered at the strategic level (e.g., assessing risks to the 
entire supply chain and designing appropriate security programs) or the 
tactical level (e.g., assessing risks to individual containers and 
applying extra scrutiny through existing layered security programs). At 
the strategic level, Federal law and Presidential directives call for 
the use of risk management in homeland security as a way to protect the 
Nation against possible terrorist attacks, and CBP uses risk management 
in its processes for mitigating potential threats posed by U.S.-bound 
cargo containers. Risk management generally calls for establishing risk 
management priorities and allocating limited resources to those assets 
that face the highest risk. Risk management is necessary in the context 
of container security because CBP, like other DHS components, cannot 
afford to protect all commerce against all possible threats. According 
to risk management frameworks developed by GAO and DHS, key phases of 
risk management should include: (1) assessing the risk posed by 
terrorists' use of cargo containers; and (2) evaluating alternative 
measures to counter that risk based on factors such as the degree of 
risk reduction they afford and the cost and difficulty to implement 
them.\12\ This process includes a cost-benefit analysis of 
countermeasure options, which is useful in evaluating alternatives 
because it links the benefits from risk-reducing countermeasures to the 
costs associated with them. While we have not conducted an assessment 
of whether the 100 percent scanning requirement is consistent with risk 
management, our prior work indicates that 100 percent scanning is not 
consistent because this strategic analytic process did not occur. 
Specifically, our work has shown that DHS has not evaluated the cost-
effectiveness of 100 percent scanning as a countermeasure as part of a 
risk management framework for cargo container security.\13\
---------------------------------------------------------------------------
    \12\ GAO-06-91 and DHS, National Infrastructure Protection Plan, 
Partnering to Enhance Protection and Resiliency (Washington, D.C.: 
January 2009).
    \13\ GAO, Supply Chain Security: Feasibility and Cost-Benefit 
Analysis Would Assist DHS and Congress in Assessing and Implementing 
the Requirement to Scan 100 Percent of U.S.-Bound Containers, GAO-10-12 
(Washington, D.C.: Oct. 30, 2009).
---------------------------------------------------------------------------
    At the tactical level, opponents of 100 percent scanning have taken 
the position that it is better to assess the risk posed by each 
container and apply a countermeasure that is tailored to that 
container--as opposed to assessing the risk posed to supply chain 
security by cargo containers in general and then determining the most 
cost-effective countermeasure to reduce that risk (e.g., 100 percent 
scanning, CBP's layered security approach, or another alternative). 
From this perspective, the 100 percent scanning requirement is a 
departure from existing CBP container security programs because it 
requires CBP to scan all containers before performing analysis to 
determine their potential risk level. This position applies risk 
management principles--establishing strategic goals and priorities and 
allocating limited resources to those assets that face the highest 
risk--at the individual container level. According to this view, the 
100 percent scanning requirement is inconsistent with risk management 
principles because it does not distinguish among containers based on 
risk; rather, it assumes that all containers have an equal risk of 
carrying terrorist weapons and are to be subjected to the same level of 
scrutiny with the same amount of resources. Thus, resources are applied 
uniformly across all cargo containers rather than being allocated based 
on the potential risk they pose. Opponents of 100 percent scanning who 
have generally taken this position include CBP, foreign governments, 
and industry. For example, the former Acting Commissioner and current 
Commissioner of CBP have said that the 100 percent scanning requirement 
is not a risk-based approach. Similarly, foreign governments have 
expressed the view that 100 percent scanning is not consistent with 
risk management principles as contained in the World Customs 
Organization (WCO) Framework of Standards to Secure and Facilitate 
Global Trade (commonly referred to as the SAFE Framework). For example, 
European and Asian customs officials told us that the 100 percent 
scanning requirement is in contrast to the risk-based strategy, that 
serves as the basis for other U.S. programs, such as the Container 
Security Initiative (CSI) \14\ and the Customs-Trade Partnership 
Against Terrorism (C-TPAT).\15\ The WCO, representing customs agencies 
around the world, stated that the implementation of 100 percent 
scanning would be ``tantamount to abandonment of risk management.'' In 
terms of industry, in 2008 the Association of German Seaport Operators 
released a position paper that stated that implementing the 100 percent 
scanning requirement would undermine mutual, already achieved security 
successes and deprive resources from areas that present a more 
significant threat and warrant closer scrutiny. Closer to home, the 
Commercial Operations Advisory Committee--an official industry group to 
CBP--has recently called for the repeal of the 100 percent scanning 
requirement and a move toward a more risk-based approach.\16\
---------------------------------------------------------------------------
    \14\ CBP places staff at participating foreign ports to work with 
host country customs officials to target and examine high-risk 
container cargo for weapons of mass destruction before they are shipped 
to the United States.
    \15\ Through the C-TPAT program, CBP develops voluntary 
partnerships with members of the international trade community 
comprised of importers; manufacturers; customs brokers; forwarders; 
air, sea, and land carriers; and contract logistics providers. Private 
companies agree to improve the security of their supply chains in 
return for various benefits, such as reduced examination of their 
cargo.
    \16\ The Commercial Operations Advisory Committee advises the 
Secretaries of the Treasury and Homeland Security on the commercial 
operations of CBP and related DHS and Department of the Treasury 
functions.
---------------------------------------------------------------------------
    Still at the tactical level, supporters of 100 percent scanning 
have expressed concerns about the effectiveness of existing CBP 
programs that attempt to assess the risks of individual containers and 
subject those deemed higher risk to closer scrutiny, including non-
intrusive inspection (NII) scanning. Members of Congress who spoke in 
favor of the 100 percent scanning requirement noted that scanning all 
containers overseas could help detect weapons of mass destruction 
concealed in containers that are not identified as high risk because of 
weaknesses in CBP's layered security strategy. That is, 100 percent 
scanning would be a more effective way to counter the risks posed to 
cargo containers than existing initiatives intended to identify high-
risk containers. In making these arguments, certain Members of Congress 
also cited GAO work that had identified potential weaknesses in 
programs that make up the layered security strategy. Our work 
identified weaknesses including a lack of validation of CBP's targeting 
practices through strategies like red-teaming; inadequate validation of 
C-TPAT members' security practices prior to granting them program 
benefits, such as a decreased likelihood of having their shipments 
scanned or physically examined; and not ensuring that containers 
identified as high risk but not scanned at CSI ports overseas are 
scanned upon arrival in the United States.\17\ The concerns we raised 
were open issues at the time Congress considered the 100 percent 
scanning requirement; however, since that time, these CBP programs have 
matured, and many of our recommendations have been implemented.\18\
---------------------------------------------------------------------------
    \17\ See for example, GAO, Cargo Security: Partnership Program 
Grants Importers Reduced Scrutiny with Limited Assurance of Improved 
Security, GAO-05-404 (Washington, D.C.: Mar. 11, 2005), and Homeland 
Security: Summary of Challenges Faced in Targeting Oceangoing Cargo 
Containers for Inspection, GAO-04-557T (Washington, D.C.: Mar. 31, 
2004).
    \18\ We previously reported on the maturing of these programs and 
the implementation of our recommendations in GAO, Maritime Security: 
The SAFE Port Act: Status and Implementation One Year Later, GAO-08-
126T (Washington, D.C.: Oct. 30, 2007).
---------------------------------------------------------------------------
    As mentioned above, risk management includes not just assessing 
risks, but also evaluating alternative measures based on such factors 
as the degree of risk reduction they afford and the cost and difficulty 
to implement them. Our work has documented that there are operational 
challenges--such as logistics, technology, and infrastructure--to 
implementing 100 percent scanning.\19\ However, CBP has not done a 
detailed analysis to determine the feasibility of 100 percent scanning 
within the context of its risk-based layered security strategy. In this 
case, part of evaluating alternative measures is determining a concept 
of operations--a description of the operations that must be performed, 
who must perform them, and where and how the operations will be carried 
out--for how 100 percent scanning would work at foreign ports, which 
would include conducting studies and analyses at each port to determine 
locations where NII equipment would be able to scan 100 percent of 
containers going to the United States with a minimum of disruption to 
the flow of commerce at the port. For instance, transshipment--cargo 
containers from one port that are taken off a vessel at another port to 
be placed on another vessel bound for the United States--poses a 
particular challenge to 100 percent scanning. According to European 
customs officials, implementing the 100 percent scanning requirement at 
large ports with complex operations would likely result in the need for 
a fundamental redesign of several ports, entailing substantial costs to 
terminal users. For other scanning options, the costs may not be as 
great. For example, as we describe in more detail in the next section, 
scanning with only radiation portal monitors (RPM) is less costly in 
terms of both equipment and impact on the flow of commerce.
---------------------------------------------------------------------------
    \19\ GAO, Supply Chain Security: Challenges to Scanning 100 Percent 
of U.S.-Bound Cargo Containers, GAO-08-533T (Washington, D.C.: June 12, 
2008).
---------------------------------------------------------------------------
    No homeland security program can guarantee complete success or 
freedom from risk, and CBP officials have acknowledged that they will 
likely not be able to achieve 100 percent scanning of U.S.-bound cargo 
containers by the statutory deadline.\20\ However, we believe 
additional analysis, done within a risk management framework, can help 
improve container security. In our October 2009 report on the Secure 
Freight Initiative (SFI) and 100 percent scanning, we recommended that 
among other things, CBP perform feasibility and cost-benefit analyses 
to: (1) better position itself to determine the most effective way 
forward to enhance container security, (2) improve its container 
security programs, and (3) better inform Congress. DHS agreed in part 
with our recommendation that it develop a cost-benefit analysis of 100 
percent scanning, acknowledging that the recommended analyses would 
better inform Congress, but stated that the recommendation should be 
directed to the Congressional Budget Office. While the Congressional 
Budget Office does prepare cost estimates for pending legislation, we 
think the recommendation is appropriately directed to CBP. Given its 
daily interaction with foreign customs services and its direct 
knowledge of port operations, CBP is in a better position to conduct 
any cost-benefit analysis and bring results to Congress for 
consideration. We believe that such analyses could help to guide DHS, 
CBP, and Congress in their efforts to either implement the 100 percent 
scanning requirement or assess other approaches to enhancing container 
security.
---------------------------------------------------------------------------
    \20\ The statute provides that containers loaded at foreign ports 
on or after July 1, 2012 shall not enter the United States unless they 
were scanned by NII equipment and radiation detection equipment prior 
to loading. It also provides for renewable, two-year extensions if DHS 
certifies to Congress that certain conditions exist at a port or ports, 
such as equipment not being available for purchase and installation, 
physical constraints, or a significant impact on trade capacity and 
flow of cargo. See 6 U.S.C. Sec. 982(b).

    Question 6. S. 3639 makes a technical amendment so that all U.S.-
bound containers be scanned with either RPM or NII, but not both. It 
also extends the deadline for the requirement by 3 years from 2012 to 
2015. What are the advantages of this approach to 100 percent scanning?
    Answer. Based on our review of the 100 percent scanning 
requirement, scanning containers with RPMs instead of in combination 
with NII equipment may be more achievable from a technology, logistics, 
political, and cost standpoint.\21\ However, there are limitations to 
relying solely on RPMs for scanning cargo containers that should be 
taken into consideration.
---------------------------------------------------------------------------
    \21\ GAO-10-12.

   Technology/logistics: Scanning containers with RPM equipment 
        is generally less time-consuming than scanning with NII 
        equipment. While the actual NII scanning time per container can 
        take as little as 20 seconds, depending on the system, the 
        entire inspection time can take longer than 6 minutes. As part 
        of the scanning process, customs officers need time to: (1) 
        stage the container to align it properly between the system's 
        radiation source and detector array, (2) verify the container 
        information with the manifest, (3) ensure that the system is 
        set to receive scanned images, (4) interpret the scanned images 
        and verify them using manifest information, (5) identify and 
        document any anomalies, (6) save the scanned images, (7) check 
        the integrity of the seal and verify the seal number, and (8) 
        prepare the system for the next container. While scanning cargo 
        containers with NII equipment involves several steps, in 
        contrast it takes the driver of a standard tractor trailer from 
        4 to 7 seconds to pass through a RPM.\22\
---------------------------------------------------------------------------
    \22\ Containers that trigger a radiation alarm at the RPM undergo a 
second exam with a handheld radiation detection device to help ensure 
that the source of the alarm is identified and resolved. The exam with 
the handheld radiation detection device typically requires 5 to 10 
minutes to perform.

   Political: Although 173 members of the WCO expressed their 
        opposition to the 100 percent scanning requirement, in a letter 
        to Members of Congress in September 2008, the WCO noted that it 
        did not object to the requirement that all cargo containers be 
        subjected to radiation detection processes (i.e., RPM scanning) 
        prior to shipment to the United States. In addition, foreign 
        government officials we spoke with stated that they are 
        generally not opposed to the use of radiation detection 
        equipment--such as the RPMs that are used as part of the 
        Megaports Initiative \23\--but they are opposed to the use of 
        NII equipment because of the likelihood that it may hinder 
        trade and reduce security by consuming a large amount of scarce 
        resources (i.e., key dock space and increased time needed for 
        cargo container inspections) for comparatively little benefit.
---------------------------------------------------------------------------
    \23\ Through the Megaports Initiative, the Department of Energy 
installs radiation detection equipment at key foreign ports, enabling 
foreign government personnel to use radiation detection equipment to 
scan shipping containers entering and leaving these ports, regardless 
of the containers' destination, for nuclear and other radioactive 
material that could be used against the United States and its allies.

   Cost: RPM equipment is less expensive than NII equipment. 
        The price for polyvinyl toluene monitors--the type of RPMs most 
        commonly used at U.S. seaports--is $425,000 per unit (including 
        deployment costs). In contrast, the purchase price for large-
        scale NII systems used by CBP at U.S. seaports is approximately 
---------------------------------------------------------------------------
        $3 million per system (including deployment costs).

   Limitations of RPMs: Scanning containers with RPMs alone 
        introduces the vulnerability of not detecting shielded nuclear 
        material. However, if customs officials believe based on 
        targeting data that further inspections are necessary, they can 
        have a container scanned by NII equipment.

    In addition to the factors listed above, the Department of Energy's 
National Nuclear Security Administration (NNSA) has a goal through the 
Megaports Initiative of scanning as much global cargo container traffic 
as possible with RPMs. Since the start of the Megaports Initiative in 
Fiscal Year 2003, NNSA has completed installations of RPM equipment at 
27 foreign ports, and implementation is under way at an additional 16 
foreign ports. The Megaports Initiative seeks to equip 100 ports with 
radiation detection systems by 2015, scanning approximately 50 percent 
of global maritime containerized cargo.

    Question 7. DHS and CBP have cited the Strategic Trade Corridor and 
the Importer Security Filing (10+2) as alternative ways to enhance 
supply chain security. They have also stated that new technology for 
containers themselves, and the equipment used to scan them, is another 
path forward to improve supply chain security. What work does GAO have 
on these programs and what is the status of these DHS efforts?
    Answer:
Strategic Trade Corridor Strategy
    The Secretary of Homeland Security has endorsed the concept of a 
strategic trade corridor strategy as the path forward for implementing 
the SFI program, but DHS and CBP have not yet selected the ports or 
funded the expansion of SFI. In particular, in April 2009, the 
Secretary of Homeland Security was presented with three options for 
implementing the SFI program, ranging from implementing SFI at 70 ports 
that account for shipping over 90 percent of U.S.-bound containers to 
seeking repeal of the 100 percent scanning requirement. The strategic 
trade corridor strategy option selected by the Secretary focuses cargo 
container scanning efforts on a limited number of ports where CBP has 
determined that SFI will help mitigate the greatest risk of potential 
weapons of mass destruction entering the United States. According to 
CBP's report, Risk-Based, Layered Approach to Supply Chain Security, 
sent to Congress in April 2010, the data gathered from SFI operations 
will help to inform future deployments to strategic locations.\24\ The 
report further added that CBP plans to evaluate the usefulness of these 
deployments and consider whether the continuation of scanning 
operations adds value in each of these locations and in potential 
additional locations that would strategically enhance CBP efforts. 
However, in DHS's Congressional Budget Justification for FY 2011, CBP 
requested a decrease in the SFI program's $19.9 million budget by $16.6 
million and did not request any funds to implement the strategic trade 
corridor strategy. According to the budget justification, in Fiscal 
Year 2011, SFI operations will be discontinued at three SFI ports--
Puerto Cortes, Honduras; Southampton, United Kingdom; and Busan, South 
Korea--and the SFI program is to be established at the Port of Karachi, 
Pakistan. We issued a report in October 2009 that provides further 
details about the implementation of the SFI program.\25\
---------------------------------------------------------------------------
    \24\ U.S. Customs and Border Protection, Risk-Based, Layered 
Approach Supply Chain Security, Fiscal Year 2010 Report to Congress 
(Washington D.C., Apr. 13, 2010).
    \25\ GAO-1012.
---------------------------------------------------------------------------
Importer Security Filing Program
    While CBP has implemented the Importer Security Filing and 
Additional Carrier Requirements,\26\ collectively known as the 10+2 
rule, and is using the information to identify high-risk unmanifested 
containers, CBP has not yet fully incorporated the collected data into 
its targeting process. In January 2009, CBP implemented the 10+2 rule, 
which mandates that importers and vessel carriers submit additional 
cargo information, such as country of origin, to CBP before the cargo 
is loaded onto a U.S.-bound vessel.\27\ Collection of the additional 
cargo information (10 data elements for importers and 2 data elements 
for vessel carriers) and their incorporation into CBP's Automated 
Targeting System (ATS) \28\ are intended to enhance CBP's ability to 
identify high-risk shipments and prevent the transportation of 
potential terrorist weapons into the United States via cargo 
containers. CBP has assessed the submitted 10+2 data elements for risk 
factors, and according to CBP officials, access to information on stow 
plans \29\ has enabled CBP to identify more than 1,000 unmanifested 
containers--containers that are inherently high risk because their 
contents are not listed on a ship's manifest. However, although CBP has 
conducted a preliminary analysis that indicates that the collection of 
the additional 10+2 data elements could help determine risk earlier in 
the supply chain, CBP has not yet finalized its national security 
targeting weight set for identifying high-risk cargo containers or 
established project time frames and milestones--best practices in 
project management--for doing so. We recommended that CBP establish 
milestones and time frames for updating its national security weight 
set to use 10+2 data in its identification of shipments that could pose 
a threat to national security. DHS concurred with this recommendation 
and said it plans to complete its updates to the national security 
weight set by November 2010. More information on the results of our 
review can be found in our September 2010 report.\30\
---------------------------------------------------------------------------
    \26\ Importer Security Filing and Additional Carrier Requirements, 
73 Fed. Reg. 71,730 (Nov. 25, 2008) (to be codified at 19 C.F.R. pts. 
4, 12, 18, 101, 103, 113, 122, 123, 141, 143, 149, 178, and 192).
    \27\ Under other requirements that preceded the 10+2 rule, 
importers are also required to provide customs entry information, and 
carriers are required to provide cargo manifest information under the 
24-hour rule.
    \28\ ATS is a computer model that CBP uses to analyze shipment data 
for risk factors and target potentially high-risk oceangoing cargo 
containers for inspection. For more information on ATS, see GAO, Cargo 
Container Inspections: Preliminary Observations on the Status of 
Efforts to Improve the Automated Targeting System, GAO-06-591T 
(Washington, D.C.: Mar. 30, 2006), and GAO-04-557T.
    \29\ Stow plans depict the position of each cargo container on a 
vessel.
    \30\ GAO, Supply Chain Security: CBP Has Made Progress in Assisting 
the Trade Industry in Implementing the New Importer Security Filing 
Requirements, but Some Challenges Remain, GAO-10-841 (Washington, D.C.: 
Sept. 10, 2010).
---------------------------------------------------------------------------
Container Security Technologies
    DHS is testing and evaluating technologies for detecting and 
reporting intrusions into and tracking the location of cargo containers 
as they pass through the global supply chain, but it will take time 
before the evaluations are complete and the technology and 
implementation challenges are overcome for some of these technologies. 
In particular, CBP has partnered with DHS's Science and Technology 
Directorate (S&T) to develop performance standards--requirements that 
must be met by products to ensure that they will function as intended--
for four container security technologies with the goal of having the 
ability to detect and report intrusion into, and track the movement of 
cargo containers through the global supply chain. If S&T is able to 
demonstrate through testing and evaluation that container security 
technologies exist that can meet CBP's requirements, then it plans to 
provide performance standards to CBP and DHS's Office of Policy 
Development to pursue for implementation. From 2004 through 2009, S&T 
spent over $60 million and made varying levels of progress on its four 
container security technology projects. Each of these projects has 
undergone laboratory testing, but S&T has not yet conducted operational 
environment testing to ensure that the prototypes will satisfy the 
requirements so that S&T can provide performance standards to the 
Office of Policy Development and CBP. Performance standards are 
expected to be completed for two of the technologies by the end of 
2010, but it could take time before they are complete for the other two 
technologies. More information on the results of our review of 
container security technologies may be found in our September 2010 
report.\31\
---------------------------------------------------------------------------
    \31\ GAO, Supply Chain Security: DHS Should Test and Evaluate 
Container Security Technologies Consistent with All Identified 
Operational Scenarios to Ensure the Technologies Will Function as 
Intended, GAO-10-877 (Washington, D.C.: Sept. 29, 2010).
---------------------------------------------------------------------------
Cargo Advanced Automated Radiography System
    We also reviewed DHS efforts to improve NII scanning through the 
cargo advanced automated radiography system (CAARS) program. DHS 
intended for CAARS to be used by CBP to automatically detect and 
identify highly shielded nuclear material in vehicles and cargo 
containers at U.S. ports of entry. However, DHS's Domestic Nuclear 
Detection Office (DNDO) pursued the acquisition and deployment of CAARS 
machines without fully understanding that they would not fit within 
existing primary inspection lanes at CBP ports of entry. This occurred 
because during the first year or more of the program DNDO and CBP had 
few discussions about operating requirements at ports of entry. 
Further, the development of the CAARS algorithms (software)--a key part 
of the machine needed to identify shielded nuclear materials 
automatically--did not mature at a rapid enough pace to warrant 
acquisition and deployment. These factors contributed to DNDO's 
December 2007 decision to make a ``course correction'' in the program 
resulting in cancellation of the acquisition and deployment plans for 
CAARS. Through this action, DNDO significantly reduced the scope of 
CAARS to a research and development effort designed to demonstrate the 
potential capability of the technology. While the development of CAARS-
type or other advanced radiography equipment capable of automatic 
detection of highly shielded nuclear material in cargo containers has 
been ongoing since 2005, one senior CBP official acknowledged that it 
is not known when the technology will be sufficiently mature for 
agencies within DHS, such as CBP, to justify acquiring and deploying it 
in large numbers. On September 30, 2010, the Director of DNDO announced 
that DNDO is terminating the CAARS program. However, the technology 
developed under the CAARS program may be utilized by other programs. 
More information on the results of our review of CAARS may be found in 
our September 2010 statement for the record for the Senate Committee on 
Homeland Security and Governmental Affairs.\32\
---------------------------------------------------------------------------
    \32\ GAO, Combating Nuclear Smuggling: Inadequate Communication and 
Oversight Hampered DHS Efforts to Develop an Advanced Radiography 
System to Detect Nuclear Materials, GAO-10-1041T (Washington, D.C.: 
Sept. 15, 2010).
---------------------------------------------------------------------------
                                 ______
                                 
Response to Written Question Submitted by Hon. Kay Bailey Hutchison to 
                          Stephen L. Caldwell
    Question. Various ports across the Nation have indicated that the 
port security grant process is confusing, and that the distribution of 
funds is very slow, with FEMA and the USCG still working on delivering 
funds from 2007. What insights can GAO offer for a better, and more 
efficient, way to distribute port security grants, so that our Nation's 
ports receive funds in a timely manner? GAO has made a number of 
recommendations to TSA and FEMA to improve the grant process for rail 
and transit security grants. Do any of those recommendations apply to 
port security grants? Is the Fiduciary Agent process an effective way 
to distribute port security grant funds?
    While we have not reviewed issues related to the distribution of 
funding under the PSGP since 2005, and thus cannot offer solutions to 
current PSGP problems, we reported in our June 2009 report on the TSGP 
that defining agency roles, tracking grant activity, and distributing 
funds in a timely manner are important principles of grant 
management.\33\ For example, given that the Federal Emergency 
Management Agency (FEMA) and Transportation Security Agency (TSA) share 
responsibility for the TSGP, we recommended that the two agencies 
define their respective roles and responsibilities for managing the 
TSGP. Similarly, FEMA and the Coast Guard should define their 
respective roles and responsibilities for managing the PSGP. We also 
reported that the systematic collection and tracking of grant 
activities under the TSGP is essential to effective grant management. 
At FEMA, the Grants Program Directorate (GPD)--which also oversees the 
PSGP--is responsible for this record keeping. However, GPD officials 
reported in March 2010 that the development of an updated grant 
management system--scheduled for completion in 2011--had been halted 
because of budget cuts. Last, because of delays that transit agencies 
experienced in receiving funding, we recommended that TSGP grant 
management officials establish time frames for making funds available 
to stakeholders that have had projects approved. Establishing such time 
frames could help grantees implement projects within the designated 
performance periods of the grants.
---------------------------------------------------------------------------
    \33\ GAO-09-491.
---------------------------------------------------------------------------
    In addition to negotiating, tracking, and distributing funds, the 
process must also include key internal controls. In its Guide to 
Opportunities for Improving Grant Accountability, the Domestic Working 
Group reported that internal controls are needed to ensure that funds 
are properly used and achieve intended results.\34\ It cites four areas 
where internal controls are important: (1) preparing policies and 
procedures before issuing grants, (2) consolidating information systems 
to assist in managing grants, (3) providing grant management training 
to staff and grantees, and (4) coordinating programs with similar goals 
and purposes. Establishing effective internal controls may slow the 
distribution of grants, as these systems should be in place prior to 
the grant award. However, the Domestic Working Group reported that 
inadequate internal controls make it difficult for grant managers to 
determine whether funds are properly used.
---------------------------------------------------------------------------
    \34\ The Domestic Working Group, consisting of 19 Federal, state, 
and local audit organizations, was formed to identify current and 
emerging challenges and explore opportunities for greater collaboration 
within the intergovernmental audit community. The group identified 
grant accountability as a concern and created a project team to address 
this concern. The results are presented in the following report: 
Domestic Working Group Grant Accountability Project: Guide to 
Opportunities for Improving Grant Accountability (Washington, D.C., 
October 2005).
---------------------------------------------------------------------------
    In terms of using a fiduciary agent, until Fiscal Year 2009, TSGP 
grant funding was first processed through a state administrative agency 
(SAA). However, the DHS appropriations acts for Fiscal Years 2009 and 
2010 required funding to be provided directly to transit agencies.\35\ 
We expect to follow up with transit agencies to identify the impacts of 
this change and determine whether the removal of the fiduciary agent 
added any efficiencies to the grant process as part of our upcoming 
review of grant management processes of selected DHS preparedness grant 
programs, requested by Ranking Member Peter T. King of the House 
Committee on Homeland Security, and Senator George V. Voinovich of the 
Senate Committee on Homeland Security and Governmental Affairs.
---------------------------------------------------------------------------
    \35\ Pub. L No. 110-329, 122 Stat. 3574, 3671 (2008); Pub. L. No. 
111-83, 123 Stat. 2142, 2159 (2009).
---------------------------------------------------------------------------
                                 ______
                                 
     Response to Written Question Submitted by Hon. Bill Nelson to 
                          Stephen L. Caldwell
    Question. Mr. Caldwell, does TSA share the information it gathers 
in its background investigations for Transportation Worker 
Identification Cards with state law enforcement entities?
    Answer. TSA reports that it does not share the information that it 
gathers during the background investigations of TWIC applicants with 
state and local law enforcement entities on a routine basis. Pursuant 
to MTSA provisions restricting the use of applicant information and the 
TWIC Privacy Impact Assessment, TSA and the Coast Guard limit their 
sharing of information on applicants and card holders. MTSA also 
provides, however, that such information may be shared with other 
Federal law enforcement agencies. According to TSA officials, on a 
case-by-case basis, TSA can decide to share information if TSA 
determines that there is an imminent threat (terrorist or criminal) of 
loss of life or property. According to TSA officials, in such a 
situation, TSA would provide only basic information, such as the type 
of threat, location, and individuals involved, but would likely not 
provide other information from a person's TWIC application. 
Additionally, state and local law enforcement entities may contact TSA 
if they identify criminal use of a TWIC card (e.g., a TWIC card used in 
commission of a crime, or presentation of a fraudulent TWIC card for 
entry into the secure area of a MTSA-regulated facility) or to verify 
the authenticity of a TWIC card.
    Additionally, the Coast Guard and TSA have processes in place to 
share threat information with other Federal law enforcement or 
terrorism centers. In the event that a TWIC applicant or TWIC 
cardholder is determined to pose a security threat, Coast Guard and TSA 
have developed a protocol to ensure effective interagency coordination 
and timely action to minimize the potential threat and risk to the 
maritime community associated with these individuals.
                                 ______
                                 
Response to Written Questions Submitted by Hon. Frank R. Lautenberg to 
                          Stephen L. Caldwell
    Question 1. The Port Authority of New York and New Jersey is unable 
to move forward on a number of projects to improve the security of the 
port because of the twenty-five percent cost share requirement for port 
security grants. It is my understanding that waiving this requirement 
is a long, arduous process that is rarely successful. What should be 
done about this cost-share requirement so that it does not impede the 
security of our ports?
    Answer. Matching contributions--also known as cost-share 
requirements--are a key factor for effective Federal grants for two 
reasons. First, it is important that Federal dollars are leveraged to 
ensure that Federal grants supplement stakeholder (whether public or 
private) spending rather than serve as a substitute for stakeholder 
spending on grant-funded projects. If a grant program is not designed 
to encourage supplementation, other stakeholders may rely solely on 
Federal funds and choose to use their own funds for other purposes, 
meaning that Federal funds cannot be leveraged to the extent they 
otherwise could be. We reported in September 2003 that the inclusion of 
matching requirements is one method through which to encourage 
supplementation of Federal grants.\36\ Second, matching requirements 
are reasonable given that grant benefits can be highly localized. For 
example, regarding port security grants, we reported in December 2005 
that,
---------------------------------------------------------------------------
    \36\ GAO, Homeland Security: Reforming Federal Grants to Better 
Meet Outstanding Needs, GAO-03-1146T (Washington, D.C.: Sept. 3, 2003).

        ``Ports can produce benefits that are public in nature (such as 
        general economic well-being) and distinctly private in nature 
        (such as generating profits for a particular company). The 
        public benefits they produce can also be distinctly local in 
        nature, such as sustaining a high level of economic activity in 
        a particular state or metropolitan area. Thus, state and local 
        governments, like private companies, also have a vested 
        interest in ensuring that their ports can act as efficient 
        conduits of trade and economic activity. Given that homeland 
        security threats can imperil this activity, it can be argued 
        that all of these stakeholders should invest in the continued 
        stability of the port.'' \37\
---------------------------------------------------------------------------
    \37\ GAO, Risk Management: Further Refinements Needed to Assess 
Risks and Prioritize Protective Measures at Ports and Other Critical 
Infrastructure, GAO-06-91 (Washington, D.C.: Dec. 15, 2005).

    However, in the December 2005 report, we also recognized the 
differences of opinion among policymakers regarding the inclusion of 
matching requirements in Federal grants. Some might see substitution of 
Federal funds for local funds as reasonable given differences in fiscal 
capacity, while others may view homeland security as a shared 
responsibility. For policymakers who place greater value on reducing 
the substitution of Federal funds for local funds, strengthening 
matching requirements offers one option in administering grants. One 
way to implement this requirement involves using a sliding scale for 
matching Federal funds depending on the fiscal capacity of the grant 
applicant. Additionally, the matching requirement under the Fiscal Year 
2009 Port Security Grant Program (PSGP) stated that the match may be in 
the form of cash or in-kind contributions, allowing grant recipients 
flexibility in meeting this requirement. However, the cost-share 
requirement was waived for Fiscal Year 2010 port security grants.
    Aside from matching requirements, there are other key factors to 
consider in ensuring an effective grant process, such as efficiency, 
timeliness, and oversight. For example, the DHS Office of Inspector 
General reported in March 2010 that DHS has a variety of preparedness 
grant programs with similar purposes, redundant application processes, 
and differing program requirements.\38\ In our June 2009 report on the 
Transit Security Grant Program (TSGP), we identified problems with 
grant management and made recommendations related to defining agency 
roles when more than one agency is involved in the grant program, 
developing a plan for measuring effectiveness, developing a process to 
systematically collect data and track grant activities, and 
communicating the availability of grant funding to transit 
agencies.\39\ Lacking these grant management characteristics, the TSGP 
experienced delays in approving projects and making funds available. As 
a result, about $21 million of the $755 million in awarded funds for 
Fiscal Years 2006 through 2008 had been expended by transit agencies. 
At the request of Ranking Member Peter T. King of the House Committee 
on Homeland Security, and Senator George V. Voinovich of the Senate 
Committee on Homeland Security and Governmental Affairs, this month we 
are initiating a review of grant management processes of selected DHS 
preparedness grant programs.
---------------------------------------------------------------------------
    \38\ Department of Homeland Security, Office of Inspector General, 
Efficacy of DHS Grant Programs, OIG-10-69 (Washington, D.C., Mar. 22, 
2010).
    \39\ GAO, Transit Security Grant Program: DHS Allocates Grants 
Based on Risk, but Its Risk Methodology, Management Controls, and Grant 
Oversight Can Be Strengthened, GAO-09-491 (Washington, D.C.: June 8, 
2009).

    Question 2. Over a million maritime workers have gone through 
background checks and obtained TWIC cards, to gain access to secure 
areas of our ports. The Port Authority of New York/New Jersey is one of 
the sites testing these TWIC cards. However, this technology has been 
fraught with challenges and has not been working as intended. How do 
the challenges with the TWIC program affect the security of our ports?
    Answer. In November 2009, we identified several Transportation 
Worker Identification Credential (TWIC) program challenges.\40\ As 
noted in the report, the TWIC pilot is currently under way to test the 
use of TWIC cards with biometric card readers. Specifically, this pilot 
is intended to test the technology, business processes, and operational 
impacts of deploying TWIC readers at secure areas of the marine 
transportation system. As such, the pilot is expected to test the 
viability of selected biometric card readers for use in reading TWIC 
cards within the maritime environment. It is also to test the technical 
aspects of connecting TWIC readers to access control systems. After the 
pilot has concluded, the results of the pilot are expected to inform 
the development of the card reader rule requiring the deployment of 
TWIC readers for use in controlling unescorted access to the secure 
areas of Maritime Transportation Security Act of 2002 (MTSA)--regulated 
vessels and facilities.\41\ However, as noted in our November 2009 
report, shortfalls in TWIC pilot planning have hindered the TSA and the 
Coast Guard's efforts to ensure that the pilot is broadly 
representative of deployment conditions and will yield the information 
needed--such as information on the operational impacts of deploying 
biometric card readers and their costs--to accurately inform Congress 
and the card reader rule. For instance, because of schedule 
constraints, TSA did not conduct its more rigorous laboratory testing 
of readers to be used at pilot sites prior to testing them at pilot 
sites as initially planned.
---------------------------------------------------------------------------
    \40\ GAO, Transportation Worker Identification Credential: Progress 
Made in Enrolling Workers and Activating Credentials but Evaluation 
Plan Needed to Help Inform the Implementation of Card Readers, GAO-10-
43 (Washington, D.C.: Nov. 18, 2009).
    \41\ Pub. L. No. 107-295, 116 Stat. 2064.
---------------------------------------------------------------------------
    Since we issued our report in November 2009, TSA has received the 
results of the more rigorous laboratory-based reader durability 
testing. However, TSA has not shared the information on reader results 
with pilot participants. According to representatives of four of the 
seven pilot participants we met with, not sharing the results of reader 
testing has limited their ability to acquire the equipment that meets 
the environmental and durability needs of their port facilities and 
vessels and has resulted in their expending important port security 
funds without any assurance that their investment will be fruitful. 
Further, not all the approaches proposed in the Advanced Notice of 
Proposed Rule Making for using TWIC cards with readers will utilize the 
electronic security features on the TWIC card to confirm that the TWIC 
card is valid and authentic.
    We are currently conducting a review of the TWIC program's internal 
controls related to enrollment, background checks, card production, 
card activation and issuance, and use. The results of this work, 
including related covert testing at port facilities, will be published 
in February 2011.
                                 ______
                                 
    Response to Written Question Submitted by Hon. Amy Klobuchar to 
                          Stephen L. Caldwell
    Question. As recently as this month, the U.S. Coast Guard estimated 
that as many as 15 countries are not maintaining effective 
antiterrorism measures at their port facilities. If foreign ports or 
facilities fail to maintain these measures, the Coast Guard has the 
authority to deny entry to vessels arriving from such ports or impose 
specific conditions on the vessels in order to be allowed entry to the 
U.S. Can you tell us more about this assessment and what the conditions 
on the ground are at these ports? How are we working with foreign 
governments to increase protective measures at their ports? What steps 
are we taking to address the national sovereignty concerns of nations 
whose ports are being examined under the International Port Security 
Program?
    There are a variety of reasons and circumstances whereby the Coast 
Guard deems a country and its ports as not in compliance with 
international port security standards. In regards to the conditions in 
countries currently considered not to be maintaining effective 
antiterrorism measures at their port facilities, the Coast Guard 
considers this information as sensitive and it therefore cannot be 
publicly released. However, the Coast Guard told us that its concerns 
about these countries generally center around the failure of the 
contracting government to audit the ISPS Code compliance of its port 
facilities and on the individual port facilities' failure to adequately 
control access of personnel and cargo. During the assessment the Coast 
Guard conducts of foreign ports \42\ through its International Port 
Security Program, Coast Guard officials visit and review the 
implementation of security measures in foreign ports, examining the 
physical security measures and access controls at the ports as well as 
the policies, procedures, and training related to the ISPS Code. Based 
on its visit and the information provided by the foreign country, the 
Coast Guard team determines the extent to which the country has 
substantially implemented the ISPS Code. The Coast Guard team makes a 
determination that a country has ``substantially implemented'' the ISPS 
Code if the team concludes that effective security measures are in 
place at the ports that meet the requirements of the ISPS Code and the 
government exercises effective oversight. If the team does not observe 
these items, the team makes a determination that the country ``has not 
substantially implemented'' the ISPS Code. In addition to being an 
outcome of a country visit, the Coast Guard may also find a country to 
not have substantially implemented the ISPS Code if it denies access to 
its ports, it fails to communicate information on its compliance to the 
Coast Guard or the IMO, or a credible report by another U.S. Government 
agency or other source finds that substantial security concerns exist.
---------------------------------------------------------------------------
    \42\ While the focus of the program is country based, the 
implementation status of specific ports or port facilities is 
considered on a case-by-case basis if the country has not substantially 
implemented the ISPS Code. In certain cases, a port facility that has 
implemented the ISPS Code in a country that has not may request that it 
be considered separately from the country. Requests are handled on a 
case-by-case basis and are generally limited to only those port 
facilities critical to maritime trade with the United States based on 
factors such as the volume and importance of the cargo imported from or 
exported to that port or port facility.
---------------------------------------------------------------------------
    In cases where a country has been found not to have substantially 
implemented the ISPS Code, the Coast Guard explains the identified 
deficiencies and makes recommendations to the country for addressing 
the deficiencies and provides possible points of contact for assistance 
to help the country improve. In addition, Coast Guard officials work 
with the appropriate American embassy to identify other capacity-
building resources that might assist the country. As part of the 
program, the Coast Guard has been collecting and sharing best practices 
it has observed during its visits with a special emphasis on low-cost 
security practices or innovative applications that are easy to 
implement and do not require a significant financial investment. The 
Coast Guard shares these best practices with other countries and makes 
them publicly available through the program's website to assist foreign 
governments in making improvements in their port security. The Coast 
Guard team then revisits the country to observe whether identified 
deficiencies have been addressed. Depending on the progress observed 
and the cooperation received from the country, the team may decide to 
continue to work with the country and make a revisit or place 
conditions on vessels that try to enter U.S. ports after visiting the 
country's ports. During our review, Coast Guard officials cited their 
efforts in one Caribbean Basin country as an example of how the Coast 
Guard works with foreign governments to increase protective measures at 
their ports. In that case, the Coast Guard initially found that ports 
in the country were not substantially implementing the ISPS Code. After 
several rounds of sharing information on security training, discussions 
of best practices for security exercises, and suggestions for specific 
physical security improvements, the Coast Guard found that the country 
had made substantial progress toward implementing the ISPS Code.
    In regards to national sovereignty concerns, the Coast Guard is 
aware of such concerns and has considered ways to address them. The 
Coast Guard has stated that because of sovereignty concerns and 
``assessment fatigue,'' it is becoming increasingly difficult to gain 
access to countries such as China, Egypt, India, Libya, Russia, and 
Venezuela for reassessments. During our review, Coast Guard officials 
stated that an effort was underway to conduct joint visits when 
possible with other U.S. Government agencies as well as increase the 
sharing of assessment data among various agencies to reduce the 
``footprint'' of U.S. Government activities in the countries. As 
another approach, Coast Guard officials stated that they have also 
considered partnering with other foreign governments and international 
organizations to complete assessments. However, the Coast Guard has not 
partnered with any international governments to conduct reassessments 
because the international community has not developed an approach or 
methodology as the Coast Guard has for inspecting ports. The Coast 
Guard has also reported that it works frequently with international 
organizations such as the Asia Pacific Economic Cooperation (APEC) and 
the Organization of American States on capacity-building projects and 
utilizes the information obtained when conducting such actions as part 
of the assessment process. For example, as part of APEC's 
Transportation Working Group's maritime expert group security 
subcommittee, the Coast Guard assisted in creating the Port Security 
Visit Program and has participated in several of the assessment visits 
to member economies. In addition, the Coast Guard has conducted joint 
visits with auditors from the Secretariat of the Pacific Community in 
Pacific island nations. In the short-term, program officials stated 
that the best way to mitigate a possible lack of cooperation from 
sovereign nations is to continue to reach out and diplomatically work 
with countries. The recently enacted Coast Guard Authorization Act of 
2010 now mandates that unless the Coast Guard finds that a port in a 
foreign country maintains effective antiterrorism measures, that the 
Coast Guard notify appropriate governmental authorities of the foreign 
country and allows the imposition of conditions of entry (requiring 
vessels to take additional security measures) ``unless the Coast Guard 
finds effective anti-terrorism measures in place in foreign ports.'' In 
cases where countries still deny the Coast Guard access to their ports, 
program officials will implement and utilize these provisions as 
required and work with other Coast Guard programs in the domestic 
arena--specifically, programs that examine foreign vessels to verify 
their compliance with ISPS Code requirement--and conduct offshore 
security boardings of vessels to help limit the access of high-risk 
vessels to U.S. ports.

                                  
