Maritime Security: Progress Made in Implementing Maritime	 
Transportation Security Act, but Concerns Remain (09-SEP-03,	 
GAO-03-1155T).							 
                                                                 
After the events of September 11, 2001, concerns were raised over
the security of U.S. ports and waterways. In response to the	 
concerns over port security, Congress passed the Maritime	 
Transportation Security Act in November 2002. The act created a  
broad range of programs to improve the security conditions at the
ports and along American waterways, such as identifying and	 
tracking vessels, assessing security preparedness, and limiting  
access to sensitive areas. A number of executive agencies were	 
delegated responsibilities to implement these programs and other 
provisions of the act. The Senate Committee on Commerce, Science,
and Transportation asked GAO to conduct a review of the status of
the agencies' efforts to implement the security requirements of  
the act. This testimony reflects GAO's preliminary findings; much
of GAO's work in the area is still under way.			 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-03-1155T					        
    ACCNO:   A08369						        
  TITLE:     Maritime Security: Progress Made in Implementing Maritime
Transportation Security Act, but Concerns Remain		 
     DATE:   09/09/2003 
  SUBJECT:   Counterterrorism					 
	     Deep water ports					 
	     Identity verification				 
	     Information systems				 
	     Inland waterways					 
	     Intercoastal waterways				 
	     Marine transportation operations			 
	     National preparedness				 
	     Physical security					 
	     Ships						 
	     Transportation safety				 
	     Harbors						 
	     Interagency relations				 
	     Homeland security					 
	     Coast Guard Automatic Identification		 
	     System						 
                                                                 
	     Coast Guard Vessel Traffic Service 		 
	     System						 
                                                                 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-03-1155T

Testimony Before the Committee on Commerce, Science, and Transportation,
United States Senate

United States General Accounting Office

GAO For Release on Delivery Expected at 9: 30 a. m. EDT Tuesday, September
9, 2003 MARITIME SECURITY

Progress Made in Implementing Maritime Transportation Security Act, but
Concerns Remain

Statement of Margaret Wrightson Director, Homeland Security and Justice
Issues

GAO- 03- 1155T

Agencies responsible for implementing the security provisions of the
Maritime Transportation Security Act have made progress in meeting their
requirements. Thus far, GAO has obtained information about 43 of 46
specific action areas, and efforts are under way in 42 of them. For
example, the Coast Guard, the Department of Homeland Security agency with
lead

responsibility for most of the assignments, has published six interim
rules covering responsibilities ranging from security of port facilities
to vessel identification systems. Two other agencies within the new
department* the

Transportation Security Administration and the Bureau of Customs and
Border Protection* have actions under way in such areas as establishing an
identification system for millions of port workers and setting information
requirements for cargo. The Maritime Administration, a Department of
Transportation agency, has already completed or is well into implementing
such responsibilities as developing training for security personnel.

While much has been accomplished, GAO*s review found five areas of
concern. Three relate primarily to security issues:

Only a limited number of ports covered by vessel identification system,

Questions about the scope and quality of port security assessments, and

Concerns related to approving security plans for foreign vessels. Two
relate primarily to organizational and operational matters:

Potential duplication of maritime intelligence efforts, and

Inconsistency with Port Security Grant Program requirements.

Coast Guard Vessels Enforcing a Security Zone Around a Cruise Ship Source:
U. S. Coast Guard. After the events of September 11, 2001, concerns were
raised over the security of U. S. ports and waterways. In response to the

concerns over port security, Congress passed the Maritime Transportation
Security Act in November 2002. The act created a broad range of programs
to improve the security conditions at

the ports and along American waterways, such as identifying and tracking
vessels, assessing security preparedness, and limiting access to sensitive
areas. A number of executive agencies were delegated

responsibilities to implement these programs and other provisions of the
act. The Senate Committee on Commerce, Science, and

Transportation asked GAO to conduct a review of the status of the
agencies* efforts to implement the security requirements of the act. This
testimony reflects GAO*s

preliminary findings; much of GAO*s work in the area is still under way.
www. gao. gov/ cgi- bin/ getrpt? GAO- 03- 1155T.

To view the full product, including the scope and methodology, click on
the link above. For more information, contact Margaret Wrightson, 415-
904- 2000, or wrightsonm@ gao. gov. Highlights of GAO- 03- 1155T, a
testimony

before the Senate Committee on Commerce, Science, and Transportation

September 9, 2003 MARITIME SECURITY Progress Made in Implementing Maritime

Transportation Security Act, but Concerns Remain

Page 1 GAO- 03- 1155T Mr. Chairman and Members of the Committee: I am
pleased to be here today to discuss the implementation of the

Maritime Transportation Security Act (MTSA) of 2002. This sweeping piece
of legislation was enacted just 10 months ago, but it has already produced
major changes in the nation*s approach to maritime security. At your
request, we have begun reviewing the implementation of security

provisions of Title I of MTSA. I am here today to tell you about our
preliminary findings and what agencies within the Department of Homeland
Security (DHS) and other federal departments are doing to fulfill their
many responsibilities under the act. I also want to advise you about
specific matters that agency officials or others have brought to our
attention thus far and other issues that may require further oversight. We
will be continuing our efforts to more fully evaluate a number of the
issues I will address today, and we plan to issue a report when this work
is complete.

Our information is based on interviews with agency officials charged with
implementing MTSA*s provisions, as well as with officials and stakeholders
from several ports. Our preliminary findings are as follows:  Progress
has been made in implementing MTSA. MTSA called for actions

in 46 key areas we identified, such as creating a maritime intelligence
security system, assessing security conditions in port areas, creating and
implementing a vessel tracking system, and creating identification systems
for port workers and seafarers. So far, we have obtained information for
43 of these areas, and agency officials indicate that actions are complete
or under way in 42 of them. For example, the Coast Guard, which had lead
responsibility for most of the assignments, has six interim rules in place
covering major areas of responsibility, such as security in and around the
ports, aboard individual vessels, and at individual facilities. All six
Coast Guard Maritime Safety and Security Teams included in the fiscal year
2003 budget are expected to be operational by the end of September 2003;
these teams are designed to provide increased protection against terrorism
in

and around the nation*s harbors. Also, the Transportation Security
Administration (TSA) is testing new identification cards for controlling
access to secure transportation facilities, including vessels and port
facilities. The agency plans to start issuing the cards to millions of
port workers in 2004. The Bureau of Customs and Border Protection (BCBP)
and the Maritime Administration (MARAD), the two other agencies with the
largest set of responsibilities under MTSA, also are making progress on

Page 2 GAO- 03- 1155T major projects. Agency officials told us that
cooperation and coordination on MTSA implementation has been strong.
Further work will be needed to determine the extent to which early
progress will be sustained over the course of implementation efforts and
whether the spirit of cooperation

translates into efforts at the port level.  These findings not
withstanding and bearing in mind our caveats as to the

preliminary nature of these results, five areas have surfaced as
potentially requiring further attention. (See table 1.)

Table 1: Summary of Areas That Require Further Attention Area Description
Security- related matters Vessel identification system A system has been
developed and is being implemented, but the shore- based infrastructure
needed is not present at many U. S. ports. As a result, the system may not
be in place at these ports for several years.

Port security assessments Assessments being conducted by an outside
contractor have been criticized for their scope and quality, and the
contractor has attempted to move to the next phase of the work before
evaluating lessons learned.

Vessel security plans Concerns have been raised about the Coast Guard*s
plan to accept other countries* certification of vessel security plans.

Operational and efficiency matters Maritime intelligence system Coast
Guard and Transportation Security Administration may be duplicating
efforts in collecting intelligence information about vessels and cargoes.

Grants program A MTSA- required program of grants for assisting in
security preparations is being folded into an existing grants program,
affecting the application of MTSA grant requirements.

Source: GAO. Three of these areas, as shown in table 1, primarily have
security implications. For example, MTSA called for development of an
automatic identification system. The Coast Guard developed a system that
would allow port officials and personnel on other vessels to determine the
identity and position of vessels entering or operating within the port.
While the Coast Guard is implementing this system, more than half of the
25 busiest U. S. ports will not have it for the foreseeable future,
because it

Page 3 GAO- 03- 1155T requires extensive shore- based equipment and
infrastructure that many ports do not have. The two remaining areas relate
primarily to operational

or efficiency matters, such as duplication of effort in collecting
intelligence information. We are continuing to examine all five areas.
MTSA was landmark legislation that mandated a quantum leap in security
preparedness for America*s maritime ports. Prior to the terrorist attacks
of September 11, 2001, federal attention at ports tended to focus on
navigation and safety issues, such as dredging channels and environmental
protection. While the terrorist attacks initially focused the nation*s
attention on the vulnerability of its aviation system, it did not take
long for attention to fall on the nation*s ports as well. Besides being
gateways through which dangerous materials could enter the country, ports
represent attractive targets for other reasons: they are often large and
sprawling, accessible by water and land, close to crowded metropolitan
centers, and interwoven with highways, roads, factories, and businesses.
Security is made more difficult by the many stakeholders, public and
private, involved in port operations. These stakeholders include local,
state, and federal agencies; multiple law enforcement jurisdictions;
transportation and trade companies; and factories and other businesses.

Passed in November 2002, MTSA imposed an ambitious schedule of
requirements on a number of federal agencies. MTSA called for a
comprehensive security framework* one that included planning, personnel
security, and careful monitoring of vessels and cargo. (See table 2 for
examples of key MTSA activities.) MTSA tasked the Secretary of DHS, and
the Secretary in turn has tasked the Coast Guard, with lead responsibility
for the majority of its requirements. Timetables were often daunting. For
example, one of the Coast Guard*s responsibilities was to develop six
interim final rules implementing MTSA*s operational provisions in
sufficient time to receive public comment and to issue a final rule by
November 25, 2003. Background

Page 4 GAO- 03- 1155T Table 2: Examples of Key MTSA Activities Type of
activity Specific provision Planning Conduct vessel, facility, and port
vulnerability assessments to

determine potential risks. Develop transportation security plans for
vessels, facilities, port areas, and the nation.

Develop security incident response plans for vessels and facilities.

Assess foreign ports for security risk.

Identification of personnel

Create security cards required of any person seeking to enter a secure
area of a vessel or facility; cards would have biometric information (such
as fingerprint data) to guard against theft or counterfeiting. Tracking of
vessels Install automatic identification systems on numerous categories

of vessels. Authorized to create and implement a long- range vessel
tracking system.

Source: GAO. Adding to the difficulty has been the need to implement MTSA
against the backdrop of the most extensive federal reorganization in over
a halfcentury. Most of the agencies with MTSA responsibilities were
reorganized into the Department of Homeland Security in March 2003, less
than 5 months after MTSA enactment. Among the 22 agencies in the new
department were some relatively new organizations, such as TSA. Other more
longstanding agencies, including the Coast Guard, U. S. Customs Service,
and Immigration and Naturalization Service, were transferred from a
variety of executive departments. This vast recombination of
organizational cultures introduced new chains of command and reporting
responsibilities. MTSA implementation also involved coordination with
other executive agencies, including the Departments of State,
Transportation, and Justice.

Since the passage of MTSA in 2002 the responsible agencies* primarily the
Coast Guard, TSA, and BCBP in DHS, along with MARAD in the Department of
Transportation* have made strides in implementing the act*s security
provisions. MTSA called for actions in 46 key areas we identified. Thus
far, we have received information from the responsible Progress Has Been

Made in Implementing MTSA

Page 5 GAO- 03- 1155T agencies on 43 of these areas. Of the 43 areas, work
is done in 2 (issuing interim rules and developing training for maritime
security personnel), and

under way in 40 others. 1 These agencies also reported that cooperation
and coordination has been extensive throughout the course of their
activities.

A major achievement has been the Coast Guard*s publication on July 1,
2003, of six interim rules on the provisions where it had lead
responsibility. The rules set requirements for many of the provisions
delegated to the Coast Guard under MTSA. The rules, which included
sections on national maritime security initiatives, area maritime
security, vessel security, facility security, outer continental shelf
facility security, and automatic identification systems, were published
approximately 8 months after MTSA was enacted. Doing so kept the Coast
Guard on schedule for meeting MTSA*s requirement to receive public comment
and issue the final rules by the end of November 2003. The rules provided
a comprehensive description of industry- related maritime security

requirements and the cost- benefit assessments of the entire set of rules.
The Coast Guard plans to publish the final rules before November 25, 2003,
after receiving and acting on comments to the interim rules.

Another Coast Guard accomplishment was the establishment of Maritime
Safety and Security Teams called for under MTSA. These teams, which can be
rapidly deployed where needed, are designed to provide antiterrorism
protection for strategic shipping, high- interest vessels, and critical
infrastructure. The Coast Guard has already deployed four teams* in
Seattle and Galveston and near Norfolk and Los Angeles. The Coast Guard
will deploy teams in New York City and near Jacksonville this year, and
six more teams have been requested in the president*s budget in 2004.
These are to be located in San Diego, Honolulu, Boston, San Francisco, New
Orleans, and Miami.

Other agencies in DHS have also made progress in their implementation of
MTSA provisions. Responding to MTSA*s requirement for the development of
biometric 2 transportation security identification cards that would allow
only authorized persons access to secure areas of vessels or facilities,
TSA

1 Work has not yet begun on issuing a report to the Congress regarding
MARAD*s expenditure of funds for training* no funds were expended in
fiscal year 2003. 2 Biometric refers to technologies that can be used to
verify a person*s identity by characteristics such as fingerprints, eye
retinas, and voice.

Page 6 GAO- 03- 1155T is currently testing several different technology
credentialing systems on sample cards. The agency will begin testing
prototypes of the entire

security card process, including conducting background checks, collecting
biometric information on workers, verifying cardholders* identities, and
issuing cards in early 2004. TSA plans to start issuing about 5 to 6
million new cards per year in the middle of 2004. Developing all of the
policies and programs to make this system work is still under way and will
continue to pose challenges to continued progress. Another DHS agency,
BCBP, was delegated the responsibility for issuing regulations for
electronic transmission of cargo information to BCBP by October 1, 2003;
BCBP published its proposed rule on July 23, 2003. BCBP was waiting for
comments on the proposed rule, and BCBP officials told us that they expect
to publish the rule on time.

MARAD has also made progress in its requirements. Among the provisions for
which MARAD is responsible are developing standards and curricula for the
training of maritime security personnel. MARAD submitted a Report to
Congress, dated May 2003, containing the standards and curriculum called
for by MTSA in the form of model course frameworks for seven categories of
maritime security professionals. As an extension of

the MTSA project, MARAD also produced three model maritime security
courses for the International Maritime Organization (IMO). An IMO
validation team has reviewed drafts of these courses, which found little
need for change.

Agency officials told us that cooperation and coordination on MTSA
implementation has been strong. Coast Guard officials said that they had
developed channels of communication with other relevant agencies, and they
said these other agencies were supportive in implementing provisions for
which they did not have primary responsibility. In the work we have
conducted at ports since the September 11th attacks, we have noted an
increasing level of cooperation and coordination at the port level.
However, ensuring smooth coordination as the many aspects of MTSA
implementation continue is a considerable challenge. Additional work will
be needed to determine the extent to which this spirit of cooperation
continues to be translated into effective actions at the level where
programs must be implemented.

Page 7 GAO- 03- 1155T While progress is being made, our preliminary work
has identified five areas that merit attention and further oversight.
Three relate primarily to

security issues: (1) the limited number of ports that will be covered by
the vessel identification system, (2) questions about the scope and
quality of port security assessments, and (3) the Coast Guard*s plans not
to individually approve security plans for foreign vessels. The remaining
two relate primarily to operational and efficiency matters: (1) potential
duplication of maritime intelligence efforts and (2) inconsistency with
Port Security Grant Program requirements.

The main security- related issue involves the implementation of a vessel
identification system. MTSA called for the development of an automatic
identification system. Coast Guard implementation calls for a system that
would allow port officials and other vessels to determine the identity and
position of vessels entering or operating within the harbor area. Such a

system would provide an *early warning* of an unidentified vessel or a
vessel that was in a location where it should not be. To implement the
system effectively, however, requires considerable land- based equipment
and other infrastructure that is not currently available in many ports. As
a result, for the foreseeable future, the system will be available in less
than half of the 25 busiest U. S. ports.

The identification system, called the Automatic Identification System
(AIS), uses a device aboard a vessel to transmit a unique identifying
signal to a receiver located at the port and to other ships in the area.
This

information gives port officials and other vessels nearly instantaneous
information about a vessel*s identity, position, speed, and course. MTSA
requires that vessels in certain categories 3 install tracking equipment
between January 1, 2003, and December 31, 2004, with the specific date
dependent on the type of vessel and when it was built.

The only ports with the necessary infrastructure to use AIS are those that
have waterways controlled by Vessel Traffic Service (VTS) systems. Similar
to air traffic control systems, VTS uses radar, closed circuit television,
radiophones, and other technology to allow monitoring and management of
vessel traffic from a central shore- based location. The

3 All vessels of certain specifications on international voyages; self-
propelled commercial vessels 65 feet or more in length; towing vessels 26
feet or more in length and more than 600 horsepower; vessels of 100 gross
tons or more carrying one or more passengers for

hire; and passenger vessels certificated to carry 50 or more passengers
for hire. Issues Raised Include

Both Security and Operational Concerns

Vessel Identification System Will Cover a Limited Number of Ports

Page 8 GAO- 03- 1155T Coast Guard currently plans to install AIS receiving
equipment at the 10 locations with VTS systems. 4 More than half of the 25
busiest ports, such as Philadelphia, Baltimore, Miami, Charleston, Tampa,
and Honolulu, do

not have VTS systems; hence, AIS will be inoperable at these locations for
the foreseeable future. When AIS will be operable at these other ports
depends heavily on how soon the Coast Guard can put an extensive amount of
shore- based infrastructure in place. For the present, the Coast Guard is
requiring AIS equipment only for (1) vessels on international

voyages and (2) vessels navigating waterways under VTS control. Some of
these international ships will be calling on ports that will not have AIS
equipment. In such cases, the transmitters aboard the vessels will be of
no use for the ports, because they will not have equipment to receive the
signals. 5 Cost is a major factor in the full implementation of AIS.
Expanding

coverage will require substantial additional investment, both public and
private. The Coast Guard*s budget request for fiscal year 2004 includes
$40 million for shore- based AIS equipment and related infrastructure* an

amount that covers only current VTS areas. According to a Coast Guard
official, wider- reaching national implementation of AIS would involve
installation and training costs ranging from $62 million to $120 million.

Also, the cost of installing AIS equipment aboard individual ships
averages about $10,000 per vessel, which is to be borne by the vessel
owner or operator. Some owners and operators, particularly of domestic
vessels, have complained about the cost of equipping their vessels.

Another security- related issue involves the Coast Guard*s efforts to
address MTSA*s security planning requirements through a series of security
assessments of individual ports. Security assessments are intended to be
in- depth examinations of security threats, vulnerabilities, consequences,
and conditions throughout a port, including not just transportation
facilities, but also factories and other installations that pose potential
security risks. The Coast Guard had begun these assessments

4 These locations are New York/ New Jersey; the mouth of the Mississippi
River; New Orleans; Houston/ Galveston; Port Arthur, Texas; Los Angeles/
Long Beach; San Francisco; Seattle/ Tacoma; Alaska*s Prince William Sound;
and Sault Ste. Marie, Michigan.

5 Under Coast Guard rules, all vessels arriving from foreign ports must
inform a U. S. port, at least 96 hours in advance, of its intent to enter
the harbor. Ports without AIS will still have this notice; what they will
lack is the ability to verify ships* identities electronically when they
arrive, or to quickly identify ships that are attempting to arrive
unidentified. Concerns about Port

Security Assessments

Page 9 GAO- 03- 1155T before MTSA was passed and decided to continue the
process, changing it as needed to meet MTSA planning requirements, which
include developing area security plans based on the evaluation of specific
facilities

throughout the port. At the request of the Subcommittee on Coast Guard and
Maritime Transportation, House Committee on Transportation and
Infrastructure, we have been examining these assessments, which are being
conducted by an outside contractor. Our preliminary work has surfaced
several potential concerns, which we are still in the process of
reviewing.

One concern involves an apparent truncation of the review process for
ensuring that the assessment methodology will deliver what MTSA requires.
When MTSA took effect, the outside contractor already completed the first
10 of 55 planned assessments. The Coast Guard directed the contractor to
modify the assessment methodology to take MTSA*s planning requirements
into account, and it decided that the next two assessments would be a
pilot test of the revised methodology. The

Coast Guard plans to use the pilot test to evaluate lessons learned, so
that additional modifications can be made before any further contracts are
signed.

Instead of waiting to see what changes might be needed as a result of the
pilot projects, however, the contractor has apparently started the scoping
phase for the next six port assessments. Scoping is a significant part of
the new methodology, and as such, it is a major determinant in the nature
and breadth of the issues to be addressed, as well as the assessment*s
cost.

The contractor has also reportedly sought to negotiate and sign contracts
to review the next six ports. Since the pilot projects will not be
completed until at least October 2003, it seems premature to reach
decisions about the scope of the assessments and sign contracts for them.
The revised methodology needs to be reviewed so that any needed changes
are reflected in the next contract.

A second concern that has surfaced involves the scope and quality of the
assessments themselves. As part of our work, we have interviewed port
stakeholders to obtain their views on the process. At one port, where the
assessment has been completed and the report issued, stakeholders said
they had not been given an opportunity to comment on the report, which
contained factual errors and did not include an assessment of railroads
and the local power generating plant. At the other port, where the
assessment was still in process, local Coast Guard personnel and port
stakeholders noted that a survey instrument referred to the wrong port,
asked questions they regarded as not pertaining to security, and was

Page 10 GAO- 03- 1155T conducted in ways that raised concerns about
credibility. Many of these stakeholders saw little usefulness in the
assessments, believing that they

added little to what the stakeholders had already learned from conducting
their own more extensive security reviews of individual facilities or
installations. They said the assessments focused on the same systems that
had already been reviewed and would have greater value if they were

focused on matters that had not already been thoroughly studied, such as
the potential for waterborne assault. Coast Guard officials at the two
ports said, however, that in their view the assessments would provide such
benefits as a more comprehensive perspective on port operations and
vulnerabilities and validate their need for additional assets and people
to provide adequate security. Ensuring that the assessments are of high
quality is important not only for their effectiveness as security
instruments, but also because of their cost. For the most part,
assessments have been conducted only at medium- sized ports, and even
there they are

costing $1 million or more per assessment. Concerns have been raised about
the proposed approach for meeting MTSA*s requirement that the Secretary of
DHS approve vessel security plans for all vessels operating in U. S.
waters. Vessel security plans include taking such steps as responding to
assessed vulnerabilities, designating security officers, conducting
training and drills, and ensuring that appropriate preventive measures
will be taken against security incidents. To implement this MTSA
requirement the Coast Guard has stated, in

general, that it is not the Coast Guard*s intent to individually approve
vessel security plans for foreign vessels. Separate from MTSA, an
international agreement requires vessels to carry on board a vessel
security plan that is approved by the vessel*s country of registry* its
*flag* state* to ensure that an acceptable security plan is in place. The
Coast Guard provides that it will deem a flag state approval of a vessel
security plan to constitute the MTSA- required Secretary approval of MTSA
vessel security plans. However, MTSA does not mention any role for foreign
nations in the Secretary*s required approval of vessel security plans, and
some concerns have been raised about the advisability of allowing flag
states* some with a history of lax regulation* to ensure the security of
vessels traveling to the United States. Coast Guard Not Intending to
Individually Approve

Security Plans for Foreign Vessels

Page 11 GAO- 03- 1155T The international requirement for a security plan
is contained in the International Ship and Port Facility Security (ISPS)
Code. 6 Under this

requirement, which was adopted about the same time that MTSA was enacted
and will go into effect on July 1, 2004, the vessel*s flag state is
responsible for reviewing and certifying the vessel*s security plan. Prior
to this time, the vessels* flag state had already been responsible for
ensuring that its vessels met safety requirements. Critics of using this
approach for MTSA- required security plans have pointed out that in the
past, some flag states had a spotty record of enforcing safety
requirements.

Rather than individually approving security plans for vessels overseen by
foreign flag states, the Coast Guard plans an extensive monitoring effort
as part of its oversight of vessels bound for U. S. waters. However, the
Coast Guard*s interim rule stated that, as part of an aggressive port
state control program, the Coast Guard would verify that foreign vessels
have an

approved, fully implemented security plan, as well as tracking the
performance of owners, operators, flag administrations, charters, and port
facilities. Coast Guard officials have said that they are working from
existing procedures, in that their security effort is modeled after their
safety program. They also said, however, that they have no contingency
plans in case stronger measures than those called for in their current
plans

are required. The concerns are limited mainly to foreign flag vessels.
Vessels registered in the United States will have their security plans
reviewed and approved by the Coast Guard. It has been reported that the
Coast Guard estimates that review and approval of security plans for
domestic vessels and facilities will require 150 full- time personnel and
cost $70 million as part of its 2004 budget.

Turning to issues that are related more to program efficiency and
management than to security concerns, one issue that has arisen involves
potential duplication in the area of maritime intelligence. MTSA required

the Secretary of Homeland Security to implement a system to collect,
integrate, and analyze information on vessels operating on or bound for U.
S. waters. The Secretary of DHS in turn delegated responsibilities to TSA

6 This code was ratified by the International Maritime Organization, to
which the United States is a party. Potential Duplication of

Maritime Intelligence Efforts

Page 12 GAO- 03- 1155T and the Coast Guard. There appears to be potential
for duplication by TSA and the Coast Guard in these efforts.

The duplication concerns center on the new Integrated Maritime Information
System (IMIS) required under the Secretary*s delegations. The Secretary of
DHS delegated primary responsibility for this system to TSA, and TSA was
appropriated $25 million to develop it. Coast Guard officials have voiced
concerns that TSA*s efforts in developing the overall system are
duplicating existing Coast Guard efforts that are more extensive and
better funded. According to these officials, IMIS is very similar to the

Coast Guard*s Intelligence Coordination Center (ICC) Coastwatch program,
an effort that has 10 times the amount of funding appropriated for IMIS,
involves 100 more staff members, and has staff already in place with
considerable intelligence analysis capability. Coast Guard officials
questioned whether TSA*s smaller effort could yield information of similar
quality.

Coast Guard officials also expressed concerns about potential duplication
of effort at the port level. TSA*s tests of the system would place TSA
personnel at the port level. Coast Guard personnel noted that these
efforts seemed similar to the Coast Guard*s Field Intelligence Support
Teams, as well as teams from the legacy agencies, the Customs Service and
the Immigration and Naturalization Service, that also operate at the port
level. Coast Guard officials said that they saw little sharing of the
intelligence at that level.

While we have not yet had the opportunity to observe the intelligence arms
of TSA and the Coast Guard in action to more fully evaluate the potential
for duplication of effort, it does appear that some potential duplication
exists. From conversations with TSA and Coast Guard officials, we could
discern little difference in a number of their information and integration
efforts. Aside from potential inefficient use of resources, this possible
duplication may also limit either agency from obtaining a complete
intelligence picture and detecting potential threats.

The final issue involves TSA*s implementation of MTSA*s grant program.
MTSA required the Secretary of Transportation to establish a program of
grants to ports and other entities to implement area and facility-
specific security plans. Prior to the enactment of MTSA, TSA, in
partnership with MARAD and the Coast Guard, already had begun a port
security grant

program in February 2002. This program was originally intended to fund
security assessments and enhanced operational security at ports and
Differences between

Current TSA Grant Program and MTSA Grant Requirements

Page 13 GAO- 03- 1155T facilities, and two rounds of grants were funded
before MTSA was enacted in November 2002. TSA officials told us that,
rather than creating a new

grant program to specifically respond to MTSA, they are adapting the
existing program to meet MTSA requirements. Under this approach, some time
will elapse before all of the grant requirements specified under MTSA are
in place. The existing grant program differs from MTSA requirements in
several

respects. Most significantly, the existing grant program does not require
cost- sharing, while MTSA does. MTSA grant provisions state that for
projects costing more than $25,000, federal funds for any eligible project
shall not exceed 75 percent of the total cost. A TSA official said that,
in starting to fold MTSA grants into the existing program for the third
round of grants, TSA was still disbursing moneys from a prior
appropriation, and the language of that legislation limited its ability to
make changes that would meet MTSA requirements. As a result, TSA
encouraged cost- sharing but did not require it. While TSA limited its
changes for the first three rounds of grants, in the future continued
deviation from MTSA costsharing requirements would keep federal dollars
from reaching as many projects as possible. By not requiring a grantee to
share in the financial burden, TSA does not take into account the
applicant*s ability to participate in the funding. If applicants have such
ability, the result is that available federal dollars are not effectively
leveraging as many projects as possible. 7 There are two additional areas
where TSA*s current grant program differs

from MTSA provisions. First, the current grant program does not
specifically correspond to the stated purpose of MTSA*s grant funding,
which is to implement area and facility- specific security plans. TSA
officials told us that in round three, they would give preference to
regulated facilities and vessels that were already required to have
security assessments and plans in place. As a result, the grants would
likely be for mitigating identified vulnerabilities rather than developing
plans. Second, in the application instructions for the current program,
TSA said that recurring costs for personnel and operations and maintenance
costs were not eligible for funding. MTSA specifically includes these
costs. 7 MTSA contains provisions for waiving the cost- sharing
requirement if a higher level of federal funding is required.

Page 14 GAO- 03- 1155T TSA officials said that for later rounds of grants
during fiscal year 2004, they would discuss potential changes in the Port
Security Grant Program with the Coast Guard and MARAD. These potential
changes would include

requiring that all grant proposals be designed to meet MTSA port security
grant requirements. The officials said, however, that before making any
changes, they would look for specific directions accompanying currently
pending appropriations for fiscal year 2004.

Mr. Chairman, this concludes my prepared statement. I would be pleased to
answer any questions that you or other members of the committee may have.

For information about this testimony, please contact Margaret Wrightson,
Director, Homeland Security and Justice Issues, at (415) 904- 2000.
Individuals making key contributions to this testimony include Jonathan
Bachman, Jason Berman, Steven Calvo, Matthew Coco, Rebecca Gambler,
Geoffrey Hamilton, Christopher Hatscher, Lori Kmetz, Stan Stenersen, and
Randall Williamson. Contacts and

Acknowledgments

(440226)

This is a work of the U. S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

The General Accounting Office, the audit, evaluation and investigative arm
of Congress, exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability of
the federal government for the American people. GAO examines the use of
public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO*s commitment to
good government

is reflected in its core values of accountability, integrity, and
reliability. The fastest and easiest way to obtain copies of GAO documents
at no cost is through the Internet. GAO*s Web site (www. gao. gov)
contains abstracts and fulltext files of current reports and testimony and
an expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You can
print these documents in their entirety, including charts and other
graphics. Each day, GAO issues a list of newly released reports,
testimony, and

correspondence. GAO posts this list, known as *Today*s Reports,* on its
Web site daily. The list contains links to the full- text document files.
To have GAO e- mail this list to you every afternoon, go to www. gao. gov
and select *Subscribe to e- mail alerts* under the *Order GAO Products*
heading.

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to: U. S. General Accounting Office 441 G Street NW, Room LM
Washington, D. C. 20548 To order by Phone: Voice: (202) 512- 6000 TDD:
(202) 512- 2537 Fax: (202) 512- 6061 Contact:

Web site: www. gao. gov/ fraudnet/ fraudnet. htm E- mail: fraudnet@ gao.
gov Automated answering system: (800) 424- 5454 or (202) 512- 7470 Jeff
Nelligan, Managing Director, NelliganJ@ gao. gov (202) 512- 4800 U. S.
General Accounting Office, 441 G Street NW, Room 7149 Washington, D. C.
20548 GAO*s Mission Obtaining Copies of

GAO Reports and Test i mony Order by Mail or Phone

To Report Fraud, Waste, and Abuse in Federal Programs

Public Affairs
*** End of document. ***