Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo
Are in the Early Stages and Could Be Strengthened (30-APR-07,	 
GAO-07-660).							 
                                                                 
The Department of Homeland Security (DHS) has primary		 
responsibility for securing air cargo transported into the United
States from another country, referred to as inbound air cargo,	 
and preventing implements of terrorism from entering the country.
GAO examined (1) what actions DHS has taken to secure inbound air
cargo, and how, if at all, these efforts could be strengthened;  
and (2) what practices the air cargo industry and foreign	 
governments have adopted that could enhance DHS's efforts to	 
strengthen inbound air cargo security, and to what extent DHS has
worked with foreign governments to enhance their air cargo	 
security efforts. To conduct this study, GAO reviewed relevant	 
DHS documents, interviewed DHS officials, and conducted site	 
visits to seven countries in Europe and Asia.			 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-07-660 					        
    ACCNO:   A68866						        
  TITLE:     Aviation Security: Federal Efforts to Secure U.S.-Bound  
Air Cargo Are in the Early Stages and Could Be Strengthened	 
     DATE:   04/30/2007 
  SUBJECT:   Cargo screening					 
	     Cargo security					 
	     Federal regulations				 
	     Foreign governments				 
	     Homeland security					 
	     Inspection 					 
	     International relations				 
	     Performance measures				 
	     Program evaluation 				 
	     Risk management					 
	     Shipping industry					 
	     Standards						 
	     Strategic planning 				 
	     Terrorism						 
	     Information sharing				 
	     Program coordination				 
	     Program implementation				 
	     Assessments					 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-07-660

   

     * [1]TSA and CBP Responsibilities for Ensuring the Security of In

          * [2]TSA's Responsibilities Related to Securing Inbound Air Cargo
          * [3]CBP's Responsibilities Related to Inbound Air Cargo Security

     * [4]International Air Cargo Security Standards and Recommended P
     * [5]Applying a Risk-Managed Approach for Securing Inbound Air Ca
     * [6]TSA and CBP Have Taken Preliminary Steps to Incorporate Risk
     * [7]TSA Revised its Security Programs to Require Air Carriers Tr
     * [8]Inspection Exemptions Pose a Potential Vulnerability for Air
     * [9]TSA Developed a Program to Assess Passenger Air Carrier Comp
     * [10]TSA Implemented a Risk-Based Scheduling System to Assess Cer
     * [11]CBP Has Begun Efforts to Address the Security of Inbound Air
     * [12]DHS Is in the Early Stages of Testing Technologies to Streng
     * [13]TSA and CBP Have Taken Some Steps to Coordinate Efforts Rela
     * [14]Foreign Governments and Air Cargo Industry Stakeholders Have

          * [15]Air Cargo Inspection Technologies and Methods
          * [16]Percentage of Air Cargo Inspected
          * [17]Physical Security and Access Controls for Air Cargo Faciliti
          * [18]Procedures for Validating Known Shippers

     * [19]TSA Is Exploring the Applicability of Some Foreign Air Cargo
     * [20]DHS Is Working with Foreign Governments and Air Cargo Stakeh

          * [21]TSA and CBP Are Working with Foreign Governments to Develop
          * [22]TSA and CBP Are Partnering with Foreign Governments to Begin
          * [23]Challenges to DHS's Harmonization Efforts May Affect Progres

     * [24]Appendix I: Objectives, Scope, and Methodology
     * [25]Appendix II: TSA's Efforts to Assess Air Carrier Compliance
     * [26]Appendix III: TSA's Assessments of Foreign Airport Security
     * [27]Appendix IV: Description of GAO's Risk Management Framework
     * [28]Appendix V: DHS and TSA Air Cargo Security Technology Pilot

          * [29]Air Cargo Explosives Detection Pilot Program

               * [30]Pilot Program Evaluating Explosives Detection System
                 Technol
               * [31]Air Cargo Security Seals Pilot Program
               * [32]Hardened Unit Load Devices/Hardened Cargo Containers
               * [33]Pulsed Fast Neutron Analysis Testing

     * [34]Appendix VI: Actions Taken by Select Domestic Air Carriers w
     * [35]Appendix VII: Actions We Identified That Select Foreign Gove
     * [36]Appendix VIII: Comments from the Department of Homeland Secu
     * [37]Appendix IX: GAO Contact and Staff Acknowledgments

          * [38]Order by Mail or Phone

Report to Congressional Requesters

United States Government Accountability Office

GAO

April 2007

AVIATION SECURITY

Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and
Could Be Strengthened

[39]GAO-07-660

Contents

Letter 1

Results in Brief 6
Background 10
DHS Has Taken Initial Steps to Secure Inbound Air Cargo, and Opportunities
Exist to Strengthen These Efforts 25
Foreign Air Cargo Security Practices and International Harmonization
Efforts Have Potential to Enhance Air Cargo Security, but May Be
Challenging to Implement 48
Conclusions 64
Recommendations for Executive Action 66
Agency Comments and Our Evaluation 67
Appendix I Objectives, Scope, and Methodology 73
Appendix II TSA's Efforts to Assess Air Carrier Compliance with Inbound
Air Cargo Security Requirements 77
Appendix III TSA's Assessments of Foreign Airport Security Procedures 80
Appendix IV Description of GAO's Risk Management Framework 82
Appendix V DHS and TSA Air Cargo Security Technology Pilot Tests 84
Appendix VI Actions Taken by Select Domestic Air Carriers with Operations
Overseas and Foreign Air Cargo Industry Stakeholders to Secure Air Cargo
89
Appendix VII Actions We Identified That Select Foreign Governments Are
Taking to Secure Air Cargo 92
Appendix VIII Comments from the Department of Homeland Security 94
Appendix IX GAO Contact and Staff Acknowledgments 101

Table

Table 1: Elements of a Typical Homeland Security Risk Assessment 83

Figures

Figure 1: Flow of Air Cargo Transported to the United States 11
Figure 2: Type of X-ray Technology Used by Some Foreign Air Carriers to
Inspect Air Cargo Bound for the United States 15
Figure 3: CBP Officers Using Nonintrusive Technology to Inspect Inbound
Air Cargo 19
Figure 4: Inspections of Air Carrier Cargo Procedures Conducted from
January 2004 to December 2005 78
Figure 5: Air Cargo Security Violations Found during Inbound Passenger Air
Carrier Inspections at Foreign Airports for the Period July 2003 to
February 2006 79
Figure 6: Risk Management Cycle 82

Abbreviations

ACISP All-Cargo International Security Program
AOSSP Aircraft Operator Standard Security Program
ATS Automated Targeting System
ATSA Aviation and Transportation Security Act
CBP Customs and Border Protection
CBSA Canadian Border Services Agency
C-TPAT Customs-Trade Partnership Against Terrorism
DHS Department of Homeland Security
EDS explosive detection system
ETD explosive trace detection
FACAOSSP Full All-Cargo Aircraft Operator Standard Security Program
GPRA Government Performance and Results Act
HSPD Homeland Security Presidential Directive
IAC indirect air carrier
IATA International Air Transport Association
ICAO International Civil Aviation Organization
MSP Model Security Program
NIPP National Infrastructure Protection Plan
PARIS Performance and Results Information System
PFNA pulsed fast neutron analysis
RASCO Remote Air Sampling for Canine Olfaction
RFID radio frequency identification
S&T Directorate of Science and Technology
SIDA secure identification display area
TSA Transportation Security Administration
TSIS Transportation Security Intelligence Service
VACIS vehicle and cargo inspection system
WCO World Customs Organization
WMD weapon of mass destruction

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

United States Government Accountability Office
Washington, DC 20548

April 30, 2007

Congressional Requesters

Recent instances of human stowaways hiding in cargo holds on international
flights bound for the United States, and cargo smuggling and theft at
foreign cargo facilities, have heightened concern over the security of air
cargo by revealing vulnerabilities that could be exploited by terrorists.
According to Department of Homeland Security (DHS) officials and air cargo
industry stakeholders, terrorists could exploit such vulnerabilities to
introduce an explosive device in cargo transported onboard a passenger
aircraft, hijack an all-cargo aircraft and use it as a missile, or smuggle
a weapon of mass destruction (WMD) in cargo transported on either type of
aircraft.1 While DHS reports that it has no specific intelligence
indicating terrorist plans to exploit air cargo vulnerabilities, DHS's
National Strategy for Transportation Security identifies cargo aircraft
operations and high-volume cargo facilities as aviation assets at
significant risk of terrorist attack.2

In response to the terrorist attacks of September 11, 2001, the Aviation
and Transportation Security Act was enacted in November 2001, which
created the Transportation Security Administration (TSA) and required it
to provide for the screening of all passengers and property, including
cargo, U.S. mail, and carry-on and checked baggage that is transported
onboard passenger aircraft.3 It also required that a system be put into
place as soon as practicable to screen, inspect, or otherwise ensure the
security of cargo transported on all-cargo aircraft.4 The act applies to
air cargo transported into the United States from foreign countries
onboard passenger and all-cargo aircraft, as well as cargo transported
domestically and out of the United States to a foreign location on these
aircraft.

1A weapon of mass destruction could include nuclear, biological, chemical,
or radiological devices. For the purposes of this report, the term "weapon
of mass destruction" also encompasses weapons of mass effect or scenarios
that could result in a great loss of life and destruction.

2DHS and Department of Transportation, National Strategy for
Transportation Security, 2005. Other aviation assets identified as being
at significant risk of terrorist attack include passenger aircraft
operations, major and midsized airport facilities, general aviation
aircraft operations and airports/airfields near major urban areas, and
critical national airspace system infrastructure. DHS is required to
update its National Strategy for Transportation Security, and planned to
update it for submission to Congress by the end of 2006, and every 2 years
thereafter. However as of February 2007 it had not been updated.

3Aviation and Transportation Security Act, Pub. L. No. 107-71, 115 Stat.
597 (2001). See 49 U.S.C. SS 114(a), 44901(a).

Within DHS, two agencies have responsibilities related to the security of
air cargo bound for the United States from a foreign country, referred to
as inbound air cargo.5 TSA has primary responsibility for securing
U.S.-bound flights from destruction or hijacking, and as a result, is
primarily concerned with preventing the illicit loading of explosives or
stowaways onto aircraft prior to departure for the United States. TSA
enforces statutory and regulatory requirements on passenger and all-cargo
air carriers to secure air cargo bound for the United States. Both
domestic air carriers and foreign air carriers with service to the United
States are responsible for implementing security requirements, such as
inspecting a portion of air cargo transported to the United States, in
accordance with the applicable laws, TSA regulations, security directives,
emergency amendments, and security programs. DHS's U.S. Customs and Border
Protection (CBP) has primary responsibility for preventing terrorists and
implements of terrorism from entering the United States. Specifically, CBP
screens and inspects international air cargo upon its arrival in the
United States to ensure that cargo entering the country complies with
applicable laws and does not pose a security risk.6 CBP's efforts include
analyzing information on cargo shipments to identify high-risk air cargo
arriving in the United States that may contain terrorists or weapons of
mass destruction, commonly known as targeting, and physically inspecting
this cargo upon its arrival.7 According to DHS and industry estimates,
only a small percentage of the air cargo that is bound for the United
States from a foreign country is inspected by passenger and all-cargo air
carriers prior to an aircraft's departure for the United States, and a
very small percentage of international air cargo is inspected by CBP
officers upon its arrival in the United States.8 Congress has allocated at
least $255 million from fiscal years 2005 through 2007 for the purpose of
enhancing the security of air cargo, through such actions as the
development and testing of new and existing inspection technologies.
Further, several laws have required TSA to take additional steps to secure
domestic, outbound, and inbound air cargo. For example, the Department of
Homeland Security Appropriations Act of 2005 required the Secretary to
amend security directives and programs to, at a minimum, triple the
percentage of cargo inspected on passenger aircraft.9 In addition, the
Intelligence Reform and Terrorism Prevention Act of 2004 required, among
other things, that TSA develop technology to better identify, track, and
screen air cargo, and issue a final rule to enhance and improve the
security of air cargo transported on both passenger and all-cargo
aircraft.10

4The terms "inspecting" and "screening" have been used interchangeably by
TSA to denote some level of examination of a person or good, which can
entail a number of different actions, including manual physical
inspections to ensure that cargo does not contain weapons, explosives, or
stowaways, or inspections using nonintrusive technologies that do not
require the cargo to be opened in order to be inspected. For the purposes
of this report, the term "screening" is used when referring to TSA or CBP
efforts to apply a filter to analyze cargo related information to identify
cargo shipment characteristics or anomalies for security risks. Moreover,
for the purposes of this report, we use the term "inspection" to refer
only to air carrier, TSA, or CBP efforts to examine air cargo through
physical searches and the use of nonintrusive technologies.

5Cargo transported by air within the United States is referred to as
domestic air cargo, and cargo transported by air from the United States to
a foreign location is referred to as outbound air cargo.

6CBP aids in the enforcement of law and regulations of non-DHS agencies.
For example, CBP regulates the entry of sugar into the United States. (see
7 U.S.C. SS 3601-04, pertaining to the U.S. Department of Agriculture),
assists in the enforcement of the Bank Secrecy Act (see 12 U.S.C. SS
1951-59, pertaining to the U.S. Department of the Treasury), and aids in
the enforcement of regulations related to safety standards for the
transportation of hazardous materials (see 49 U.S.C. SS 5101-28,
pertaining to the U.S. Department of Transportation).

In October 2005, we reported on TSA's efforts to secure domestic air
cargo, or cargo transported on passenger and all-cargo aircraft within the
United States.11 We reported that while TSA had taken a number of actions
intended to strengthen air cargo security, such as establishing a
centralized database on people and businesses that routinely ship air
cargo within the United States, and implementing requirements for the
random inspection of air cargo, factors existed that potentially limited
their effectiveness. For example, TSA exempted certain types of air cargo
from inspection, potentially creating security weaknesses. We also
reported that TSA's plans for enhancing air cargo security posed
financial, operational and technological challenges to both the agency and
to air cargo industry stakeholders. In addition, we reported that while
TSA had taken initial steps toward applying a risk-based approach to
address air cargo security, it had not yet established a methodology and
schedule for completing assessments of air cargo vulnerabilities and
critical assets. Moreover, we reported on the potential challenges the
agency and air cargo industry stakeholders may face in implementing
measures to strengthen air cargo security. We made several recommendations
to assist TSA in developing a comprehensive risk-based approach for
securing the domestic air cargo transportation system. TSA agreed with our
recommendations and informed us that it is taking steps to address some of
these recommendations. For example, in October 2006, TSA revised some of
the inspection exemptions for domestic and outbound air cargo transported
on passenger air carriers, consistent with our recommendation. TSA also
issued an air cargo security rule in May 2006 that included a number of
provisions aimed at enhancing the security of inbound air cargo.

7In this report, the term "targeting" refers to the use of information
obtained from the screening process to identify high-risk air cargo
shipments for inspection.

8DHS determined that the exact percentage of air cargo physically screened
or inspected is Sensitive Security Information.

9See Pub. L. No. 108-334, S 513, 118 Stat. 1298, 1317 (2004).

10See Pub. L. No. 108-458, SS 4051-54, 118 Stat. 3638, 3728-29 (2004).

11GAO, Aviation Security: Federal Action Needed to Strengthen Domestic Air
Cargo Security, [40]GAO-06-76 (Washington, D.C.: October 2005).

This report provides the results of our examination of the efforts of DHS,
through TSA and CBP, to secure inbound air cargo, and represents the
second phase of our congressionally requested work addressing air cargo
security.12 To help Congress evaluate the status of DHS's efforts to
secure inbound air cargo, we answered the following questions: (1) Within
DHS, what actions have TSA and CBP taken to secure inbound air cargo, and
how, if at all, could these efforts be strengthened? (2) What practices
have the air cargo industry and select foreign governments adopted that
could potentially be used to enhance TSA's efforts to strengthen inbound
air cargo security, and to what extent have TSA and CBP worked with
foreign governments to enhance their air cargo security efforts?

To determine what actions DHS, through TSA and CBP, has taken to secure
inbound air cargo, and how, if at all, these efforts could be
strengthened, we reviewed relevant documents such as TSA's air cargo
strategic plan, air carrier security programs, and related TSA guidance to
determine the requirements placed on air carriers for ensuring inbound air
cargo security.13 We interviewed officials from DHS, TSA, and CBP
regarding their efforts to develop a strategy for securing inbound air
cargo and conduct assessments of the vulnerabilities and critical assets
associated with this area of aviation security and compared these efforts
with GAO's risk management framework. In addition, we interviewed TSA and
CBP officials to obtain information on their current and planned efforts
to secure inbound air cargo. We also reviewed the results of TSA's
compliance inspections to determine the agency's progress in evaluating
air carriers' compliance with air cargo security requirements, and we
reviewed the results of foreign airport assessments to identify any
deficiencies found related to international air cargo standards. We
discussed the reliability of TSA's compliance inspection data for the
period July 2003 to February 2006 with TSA officials and concluded that
they were sufficiently reliable for the purposes of this review. We
conducted site visits to three U.S. airports, which collectively receive
about 50 percent of the total amount of air cargo transported into the
United States, to observe inbound air cargo security operations and CBP
efforts to inspect inbound air cargo. We selected these airports based on
several factors, including airport size, the volume of air cargo
transported to these airports from foreign locations, and geographical
dispersion. Because we selected a nonprobability sample of airports, the
results from these visits cannot be generalized to other U.S. airports.
Further, we conducted site visits to seven countries in Europe and Asia to
observe air cargo security processes and technologies, observe air cargo
facilities, and obtain information on air cargo security practices
implemented by foreign governments and industry stakeholders to identify
those practices that could potentially enhance the department's efforts to
secure air cargo.14 We selected these countries based on several factors,
including TSA threat rankings, airports located within these countries
that process high volumes of air cargo, and discussions with U.S. and
foreign government officials and air cargo industry representatives
regarding air cargo security practices that may have application to TSA's
efforts to secure air cargo. Moreover, we observed air cargo security
practices at 8 foreign airports, 4 of which rank among the world's 10
busiest cargo airports in terms of volumes of cargo transported. We also
obtained information on the air cargo security requirements implemented by
10 additional foreign countries from foreign government officials and
publicly available documents. We selected these countries based on
geographical dispersion as well as additional stakeholder input on
countries implementing air cargo security practices that differ from those
in the United States. To obtain information on air cargo industry and
foreign government actions to secure air cargo, and TSA's and CBP's
efforts to coordinate their security practices to enhance security and
increase efficiency, referred to as harmonization, we interviewed foreign
and domestic air carrier (passenger and all-cargo) officials from those
air carriers that transport the largest volume of air cargo. Specifically,
we spoke with officials representing 7 of the top 10 air cargo carriers
based on volume of cargo transported. We also interviewed representatives
of foreign freight forwarders foreign and domestic airport authorities,
air cargo industry associations, and U.S. and foreign governments.15 More
detailed information on our scope and methodology is contained in appendix
I.

12The security of cargo transported from the United States to other
countries, referred to as outbound air cargo, is subject to similar
security requirements and procedures that apply to domestic air cargo.
Because these security measures were addressed in our October 2005 report
( [41]GAO-06-76 ), they are not included in this report except in our
discussion of how foreign air cargo security measures could be considered
for strengthening domestic air cargo.

13"Air carriers" refers to both foreign and U.S.-based passenger air
carriers whose aircraft have been configured to accommodate both
passengers and cargo, and all-cargo carriers whose aircraft transport only
cargo.

14For the purposes of this report, the term "air cargo security practices"
collectively refers to requirements, standards, processes, and measures
aimed at securing air cargo.

We conducted our work from October 2005 through February 2007 in
accordance with generally accepted government auditing standards.

Results in Brief

The two DHS components with responsibilities related to air cargo
security, TSA and CBP, have taken initial steps to enhance the security of
inbound air cargo. However, the agencies are only beginning to implement
inbound air cargo security programs,and opportunities exist to strengthen
these efforts. TSA and CBP have taken some preliminary steps to use risk
management principles to guide their investment decisions related to
inbound air cargo, as advocated by DHS, but most of these efforts are in
the planning stages. For instance, TSA completed a risk-based strategic
plan to address domestic air cargo security, but has not developed a
similar strategy for addressing inbound air cargo security, including how
best to partner with CBP and international air cargo stakeholders.
Further, TSA has identified the primary threats associated with inbound
air cargo, but has not yet assessed which areas of inbound air cargo are
most vulnerable to attack and which inbound air cargo assets are deemed
most critical to protect. TSA plans to assess inbound air cargo
vulnerabilities and critical assets--two crucial elements of a risk-based
management approach--but has not yet established a methodology or time
frame for how and when these assessments will be completed. Without such
assessments, TSA may not be able to appropriately focus its resources on
the most critical security needs.

15A freight forwarder is an entity that consolidates air cargo shipments
and delivers them to air carriers.

Another action TSA has taken is the issuance of its May 2006 air cargo
security rule, which includes a number of provisions aimed at enhancing
the security of inbound air cargo. For example, the final rule
acknowledges that TSA amended its security directives and programs to
triple the percentage of cargo inspected on domestic and foreign passenger
aircraft. To implement the requirements contained in the air cargo
security rule, TSA drafted revisions to its existing security programs for
domestic and foreign passenger air carriers and created new security
programs for domestic and foreign all-cargo carriers. However, TSA
requirements continue to allow inspection exemptions for certain types of
inbound air cargo transported on passenger air carriers.16 This risk is
further heightened because TSA has limited information on the background
and security risk posed by foreign shippers whose cargo may fall within
these exemptions. TSA officials stated that the agency is holding
discussions with industry stakeholders to determine whether additional
revisions to current air cargo inspection exemptions are needed. TSA also
inspects domestic and foreign passenger air carriers with service to the
United States to assess whether the air carriers are complying with air
cargo security requirements, such as inspecting a certain percentage of
air cargo. TSA, however, does not currently inspect all air carriers
transporting cargo into the United States. While TSA's compliance
inspections provide useful information, the agency has not developed an
inspection plan that includes performance goals and measures to determine
to what extent air carriers are complying with security requirements.

In addition, while CBP was previously targeting inbound air cargo on
passenger and all-cargo aircraft for illicit items such as drugs and
contraband, CBP has only recently begun targeting inbound air cargo
transported on passenger and all-cargo aircraft that may pose a security
risk and inspecting such cargo once it arrives in the United States.
Further, TSA and CBP have taken steps to coordinate their efforts to
safeguard air cargo transported into the United States to include sharing
information on TSA's technology development programs, among other efforts.
However, TSA and CBP do not have a systematic process in place to share
information that could be used to strengthen their efforts, such as the
results of TSA air carrier compliance inspections, assessments of foreign
airports, and air carrier inspections of inbound air cargo. Without a
systematic process to share relevant air cargo security information, TSA
and CBP could be missing opportunities to more effectively secure inbound
air cargo.

16DHS determined that details on the types of inbound air cargo
transported on passenger and all-cargo aircraft exempt from TSA inspection
requirements are considered Sensitive Security Information. A description
of these exemptions is provided in the restricted version of this report,
GAO-07-337SU.

Foreign governments that regulate airports with high volumes of cargo, and
domestic and foreign air carriers that transport large volumes of cargo,
employ various air cargo security practices that might have the potential
to strengthen TSA's efforts to secure inbound air cargo. Some of these
practices may also help strengthen the security of domestic air cargo. We
identified four categories of security practices required or employed by
foreign governments and foreign air carriers, as well as domestic air
carriers implementing practices required by host governments, that are
currently not used in the United States. TSA officials acknowledged that
the agency has not systematically analyzed these foreign practices to
determine whether they would help strengthen the domestic and U.S.-bound
air cargo supply chains or the costs associated with implementing such
practices. For example, air carriers in some foreign counties inspect air
cargo for potential WMDs prior to its loading on a U.S.-bound flight,
which neither TSA nor CBP requires.17 TSA officials acknowledged that
compiling and analyzing information on air cargo security practices
implemented by foreign air carriers and foreign governments may provide
opportunities to enhance the department's air cargo security program, and
they have begun an initial review of practices in select countries.
However, officials also cited challenges to applying these practices in
the United States and the inbound air cargo supply chain. For example, TSA
officials stated that increasing the percentage of cargo inspections and
utilizing various inspection technologies may not be applicable to the
United States because the volume of air cargo processed in the United
States is much larger than in most countries. While we recognize that
differences in cargo volumes and inspection capabilities exist and could
affect the feasibility and cost of implementing certain practices to
secure domestic and inbound air cargo, we believe that systematically
identifying and evaluating the feasibility and costs associated with
promising foreign air cargo security practices has the potential to
benefit TSA's efforts to secure domestic and inbound air cargo. TSA has
also begun working with foreign governments to coordinate their security
practices to enhance security and increase efficiency, referred to as
harmonization. For example, TSA officials worked with foreign governments
to develop internationally agreed upon standards for securing air cargo.
However, challenges to harmonizing security practices may limit the
effectiveness of these efforts. For instance, some countries may be
hesitant to expend additional resources that may be necessary to implement
common security standards that exceed their current security requirements.
In addition, some foreign governments may have different views than TSA
regarding the threats and risks associated with air cargo and where their
resources should be directed.

17DHS determined that other examples of air carriers' efforts to secure
air cargo are Sensitive Security Information. Information on these
examples is provided in the restricted version of this report,
GAO-07-337SU.

To better ensure the security of inbound air cargo, we are recommending
that DHS direct TSA and CBP to take several actions. These include more
fully developing a risk-based strategy to address inbound air cargo
security, including establishing goals and objectives for securing inbound
air cargo and establishing a methodology and time frames for completing
assessments of inbound air cargo vulnerabilities and critical assets that
can be used to help prioritize the actions necessary to enhance security;
establishing a time frame for completing an assessment of whether existing
inspection exemptions for inbound air cargo pose an unacceptable security
vulnerability, and taking steps, if necessary, to address identified
vulnerabilities; developing performance goals and measures to evaluate
foreign and domestic air carrier compliance with inbound air cargo
security requirements; developing a systematic process for ensuring
communication between TSA and CBP regarding their efforts to secure
inbound air cargo; and compiling and analyzing information on air cargo
security practices implemented by domestic and foreign air cargo industry
stakeholders and foreign governments to identify those that could be used
to strengthen DHS's overall air cargo security program.

We provided a draft of this report to DHS for review. DHS, in its written
comments, generally concurred with the report and recommendations.
However, we have concerns that the actions DHS intends to take may not
fully address our recommendations. The full text of DHS's comments is
included in appendix VIII.

Background

The transportation of air cargo between global trading partners provides
the world economy with critical goods and components. Air cargo valued at
almost $400 billion entered the United States in fiscal year 2004.
According to TSA, approximately 200 U.S. and foreign air carriers
currently transport cargo into the United States from foreign countries.
During calendar year 2005, almost 9.4 billion pounds of cargo was shipped
by air into the United States. About 40 percent of this amount, or 4
billion pounds, traveled onboard passenger aircraft. Typically, about
one-half of the hulls of each passenger aircraft transporting cargo are
filled with cargo.

Air cargo includes freight and express packages that range in size from
small to very large, and in type from perishables to machinery, and can
include items such as electronic equipment, automobile parts, clothing,
medical supplies, other dry goods, fresh cut flowers, fresh seafood, fresh
produce, tropical fish, and human remains. Cargo can be shipped in various
forms, including large containers known as unit loading devices that allow
many packages to be consolidated into one container that can be loaded on
an aircraft, wooden crates, assembled pallets, or individually
wrapped/boxed pieces, known as break bulk cargo.

Participants in the international air cargo shipping process include
shippers, such as individuals and manufacturers; freight forwarders or
regulated agents, who consolidate shipments and deliver them to air
carriers; air cargo handling agents, who process and load cargo onto
aircraft on behalf of air carriers; and passenger and all-cargo carriers
that store, load, and transport air cargo.18 International air cargo may
have been transported via ship, train, or truck prior to its loading
onboard an aircraft. Shippers typically send cargo by air in one of two
ways. Figure 1 depicts the two primary ways in which a shipper may send
cargo by air to the United States.

18The International Civil Aviation Organization defines a regulated agent
as an agent, freight forwarder, or any other entity that conducts business
with an aircraft operator and provides security controls that are accepted
or required by the appropriate government authority with respect to cargo
or mail.

Figure 1: Flow of Air Cargo Transported to the United States

A shipper may take its packages to a freight forwarder, or regulated
agent, which consolidates cargo from many shippers and delivers it to air
carriers. The freight forwarder usually has cargo facilities at or near
airports and uses trucks to deliver bulk freight to air carriers--either
to a cargo facility or to a small-package receiving area at the ticket
counter. A shipper may also send freight by directly packaging and
delivering it to an air carrier's ticket counter or sorting center where
either the air carrier or a cargo handling agent will sort and load cargo
onto the aircraft. The shipper may also have cargo picked up and delivered
by an all-cargo carrier, or choose to take cargo directly to a carriers'
retail facility for delivery. As noted in figure 1, the inspections of air
cargo can take place at several different points throughout the supply
chain. For example, inspections can take place at freight forwarders or
regulated agent's consolidation facility, or at the air carrier's sorting
center.

TSA and CBP Responsibilities for Ensuring the Security of Inbound Air Cargo

  TSA's Responsibilities Related to Securing Inbound Air Cargo

The Aviation and Transportation Security Act (ATSA) charged TSA with the
responsibility for ensuring the security of the nation's transportation
systems, including the transportation of cargo by air into the United
States.19 In fulfilling this responsibility, TSA (1) enforces security
requirements established by law and implemented through regulations,
security directives, TSA-approved security programs, and emergency
amendments, covering domestic and foreign passenger and all-cargo carriers
that transport cargo into the United States; (2) conducts inspections to
assess air carriers' compliance with established requirements and
procedures; (3) conducts assessments at foreign airports to assess
compliance with international aviation security standards, including those
related to air cargo; and (4) conducts research and development of air
cargo security technologies.20

19Other federal entities involved in securing or safeguarding air cargo
include the Department of Homeland Security-U.S. Customs and Border
Protection, the United States Postal Service, the Department of Commerce,
the Department of Transportation, and the Department of the Treasury.

Air carriers (passenger and all-cargo) are responsible for implementing
TSA security requirements, predominantly through a TSA-approved security
program that describes the security policies, procedures, and systems the
air carrier will implement and maintain in order to comply with TSA
security requirements.21 These requirements include measures related to
the acceptance, handling, and inspection of cargo; training of employees
in security and cargo inspection procedures; testing employee proficiency
in cargo inspection; and access to cargo areas and aircraft. If threat
information or events indicate that additional security measures are
needed to secure the aviation sector, TSA may issue revised or new
security requirements in the form of security directives or emergency
amendments applicable to domestic or foreign air carriers. The air
carriers must implement the requirements set forth in the security
directives or emergency amendments in addition to those requirements
already imposed and enforced by TSA.

Under TSA regulations, the responsibility for inspecting air cargo is
assigned to air carriers. TSA requirements, described in air carrier
security programs, security directives, and emergency amendments, allow
air carriers to use several methods and technologies to inspect domestic
and inbound air cargo. These include manual physical searches and
comparisons between airway bills and cargo contents to ensure that the
contents of the cargo shipment matches the cargo identified in documents
filed by the shipper, as well as using approved technology, such as X-ray
systems, explosive trace detection systems, decompression chambers,
explosive detection systems, and TSA explosives detection canine teams.22
(For an example of X-ray technology used by air carriers to inspect air
cargo prior to its transportation to the United States, see fig. 2). TSA
currently requires passenger air carriers to randomly inspect a specific
percentage of non exempt air cargo pieces listed on each airway bill.23
Under TSA's inbound air cargo inspection requirements, passenger air
carriers can exempt certain cargo from inspection.24 TSA does not regulate
foreign freight forwarders, or individuals or businesses that have their
cargo shipped by air to the United States.

20Foreign air carriers landing or taking off in the United States must
adopt and use a TSA-approved security program that requires adherence to
the identical security measures required of U.S. air carriers serving the
same airports. See 49 U.S.C. S 44906. TSA regulations provide that a
foreign air carrier security program will only be deemed acceptable if it
provides passengers a level of protection similar to the level of
protection provided by U.S. air carriers serving the same airports. See 49
C.F.R. S 1546.103(a)(1). For example, a foreign air carrier must prohibit
cargo from being loaded on board its aircraft unless handled in accordance
with the foreign air carrier's TSA-approved security program.

21As of January 2007, TSA security programs include the (1) Aircraft
Operator Standard Security Program, which applies to domestic passenger
air carriers; (2) Indirect Air Carrier Standard Security Program, which
applies to domestic indirect air carriers; (3) Domestic Security
Integration Program, a voluntary program that applies to domestic
all-cargo carriers; (4) Twelve-Five Program, which applies to certain
operators of aircraft weighing more than 12,500 pounds in scheduled or
charter service that carry passengers, cargo, or both; (5) Model Security
Program, which applies to foreign passenger air carriers; and (6)
All-Cargo International Security Procedures, which applies to each foreign
air carrier engaged in the transportation of cargo to, from, within, or
overflying the United States in all-cargo aircraft with a maximum
certified takeoff weight of more than 12,500 pounds. TSA drafted new
security programs for foreign and U.S. all-cargo carriers with operations
to, from, and within the United States. TSA expects to finalize these
programs in early 2007.

22Explosive trace detection (ETD) equipment requires human operators to
collect samples of items to be inspected with swabs, which are chemically
analyzed to identify any traces of explosive material. Explosive detection
systems use probing radiation to examine objects inside baggage and
identify the characteristic signatures of threat explosives. Certified
explosive detection canine teams have been evaluated by TSA and shown to
effectively detect explosive devices. Decompression chambers simulate the
pressures acting on aircraft by simulating flight conditions, which cause
explosives that are attached to barometric fuses to detonate.

23DHS determined that details on the percentage of air cargo required to
be randomly inspected are considered Sensitive Security Information.
Information on the percentage of air cargo randomly inspected is provided
in the restricted version of this report, GAO-07-337SU.

24DHS determined that details on the types of inbound air cargo
transported on passenger and all-cargo aircraft exempt from TSA inspection
requirements are considered Sensitive Security Information. A description
of these exemptions is provided in the restricted version of this report,
GAO-07-337SU.

Figure 2: Type of X-ray Technology Used by Some Foreign Air Carriers to
Inspect Air Cargo Bound for the United States

To assess whether air carriers properly implement TSA inbound air cargo
security regulations, the agency conducts regulatory compliance
inspections of foreign and domestic air carriers at foreign airports.
Currently, TSA conducts compliance inspections of domestic and foreign
passenger carriers transporting cargo into the United States, but does not
perform such inspections of all air carriers transporting inbound air
cargo. TSA inspects air cargo procedures as part of its broader
international aviation security inspections program, which also includes
reviews of regulations such as aircraft and passenger security. Compliance
inspections can include reviews of documentation, interviews of air
carrier personnel, and direct observations of air cargo operations.25 Air
carriers are subject to inspection in several areas of cargo security,
including accepting cargo from unknown shippers, access to cargo, and
security training and testing. Appendix II contains a detailed description
of TSA's efforts to assess air carrier compliance with inbound air cargo
security requirements.

25Unlike its domestic air cargo inspection program, TSA's inbound air
cargo security program does not include a covert testing component to
identify air cargo security weaknesses. TSA officials stated that foreign
governments do not allow the agency to conduct such tests.

In addition, TSA assesses the effectiveness of the security measures
maintained at foreign airports that serve U.S. air carriers, from which
foreign air carriers serve the United States, or that pose a high risk of
introducing danger to international air travel.26 To conduct its
assessments, TSA must consult with appropriate foreign officials to
establish a schedule to visit each of these foreign airports. TSA
assessments evaluate the security policies and procedures in place at a
foreign airport to ensure that the procedures meet baseline international
aviation security standards, including air cargo security standards. For
further information on TSA's foreign airport assessments including the
results of its assessment conducted during fiscal year 2005, see appendix
III.

  CBP's Responsibilities Related to Inbound Air Cargo Security

CBP determines the admissibility of cargo entering the United States and
is authorized to inspect inbound air cargo for security purposes.
Specifically, CBP requires air carriers to submit cargo manifest
information prior to the aircraft's arrival in the United States.27 CBP
also has authority to negotiate with foreign nations to place CBP officers
abroad to inspect persons and merchandise prior to their arrival in, or
subsequent to their exit from, the United States, but has not yet
negotiated arrangements with foreign host nations to station CBP officers
overseas for the purpose of inspecting high-risk air cargo shipments.28 At
U.S. airports, CBP officers may conduct searches of persons, vehicles,
baggage, cargo, and merchandise entering or departing the United States.29
Since September 11, 2001, CBP's priority mission has focused on keeping
terrorists and their weapons from entering the United States.30 To carry
out this responsibility, CBP employs several systems and programs. CBP's
Automated Targeting System (ATS) is a model that combines manifest and
entry declaration information into shipment transactions and uses
historical, specific enforcement, and other data to help target cargo
shipments for inspection.31 ATS also has targeting rules that assign a
risk score to each arriving shipment based in part on manifest
information, as well as other shipment information, and potential threat
or vulnerability information, which CBP staff use to make decisions on the
extent of inspection to be conducted once the cargo enters the United
States.32 To support its targeting system, CBP requires air carriers to
submit cargo manifest information prior to the flight arriving in the
United States.33 CBP officers use the ATS risk scores to help them make
decisions regarding the extent of inspection to be conducted once the
cargo arrives in the United States.34 Shipments identified by CBP as high
risk through its ATS targeting system are to undergo mandatory security
inspections. CBP officers may also inspect air cargo if they determine
that a particular shipment is suspicious or somehow poses a threat.35

2649 U.S.C. S 44907(a)(1). TSA assumed responsibility for conducting
foreign airport assessments from the Secretary of Transportation (as
delegated to the Federal Aviation Administration) in accordance with the
Aviation and Transportation Security Act, enacted in November 2001. See 49
U.S.C. S 114(d). TSA conducts these assessments utilizing a standard for
analysis based, at least, on the standards and appropriate recommended
practices of Annex 17 to the Convention on International Civil Aviation. S
44907(a)(2). The Secretary of Homeland Security determines whether an
airport maintains and carries out effective security measures using the
results of TSA's assessments. See S 44907(c).

27See 19 C.F..R. S 122.48a (implementing a provision of the Trade Act of
2002, Pub. L. No. 107-210, S 343, 116 Stat. 933, 981-83, as amended,
requiring the electronic submission of inbound cargo information prior to
arrival in the United States).

28See 19 U.S.C. S 1629.

29See 19 U.S.C. SS 482, 1467, 1499, 1581, and 1582.

30Historically, CBP has been responsible for interdicting and seizing
contraband and illegal drugs. CBP targets and inspects cargo on behalf of
16 other federal agencies, including the U.S. Dept. of Agriculture, the
Food and Drug Administration, Bureau of Alcohol, Tobacco, Firearms and
Explosives, and the Drug Enforcement Agency.

31CBP defines an inspection as a physical examination and/or the imaging
of cargo using non-intrusive inspection technology to identify contraband
and terrorist-related items.

32DHS determined that details on the type of shipment information used by
ATS to assign a risk score to air cargo shipments are considered Sensitive
Security Information. A description of the shipment information used by
ATS is discussed in the restricted version of this report, GAO-07-337SU.

33Pursuant to the Trade Act of 2002, as amended, CBP established time
frames in which air carriers are required to electronically submit air
cargo manifest information.  See 19 C.F.R. S 122.48a(b). Air carriers
departing from any foreign location in the Americas, including Mexico,
Central America, and areas of South America north of the equator, must
submit manifest information no later than the time of flight departure
(the time at which wheels are up on the aircraft and the aircraft is en
route directly to the United States.). In the case of air carriers
departing from any other foreign location, CBP requires that manifest
information be submitted 4 hours prior to the flight's arrival in the
United States.

34Officers who are members of CBP's Anti-terrorism Contraband Enforcement
Teams specialize in targeting and examining inbound air cargo shipments to
identify potential contraband and terrorist-related items.

CBP uses a variety of non intrusive technologies and methods to inspect
some air cargo once it arrives in the United States. For example, CBP
officers carry personal handheld radiation detectors, as well as handheld
radioactive isotope identification devices which can distinguish between
different types of radiological material, such as that used in medicine or
industry from weapons-grade material. Other technologies and methods CBP
uses to inspect inbound air cargo include mobile X-ray machines contained
in vans, pallet X-ray systems, mobile vehicle and cargo inspection systems
(VACIS), and canine teams.36 The results of the nonintrusive inspections
determine the need for additional measures, which could include physical
inspections conducted by CBP officers. Figure 3 shows an example of CBP
officers using nonintrusive technology to inspect inbound air cargo upon
its arrival in the United States.

35CBP also conducts inspections based on specific, usually classified,
intelligence that points to a specific threat and directs field officers
in specific airports to take certain actions. The results of field officer
efforts may be analyzed and shared with the intelligence community. These
inspections are not part of CBP's routine efforts to address ongoing air
cargo threats associated with the smuggling of contraband or WMD.

36The pallet VACIS unit consists of a self-contained gamma ray imaging
system designed to quickly image pallets or pallet-sized containers. A
mobile VACIS, similar to pallet VACIS unit consists of a truck-mounted,
gamma ray imaging system that produces a radiographic image used to
evaluate the contents of trucks, containers, cargo, and passenger vehicles
in order to determine the possible presence of contraband.

Figure 3: CBP Officers Using Nonintrusive Technology to Inspect Inbound
Air Cargo

To strengthen the security of the inbound cargo supply chain, the U.S.
Customs Service (now CBP) initiated the voluntary Customs-Trade
Partnership Against Terrorism (C-TPAT) program in November 2001. This
program provides companies that implement CBP-defined security practices a
reduced likelihood that their cargo will be inspected once it arrives in
the United States.37 To become a member of C-TPAT, companies must first
submit signed C-TPAT agreements affirming their desire to participate in
the voluntary program. Companies must also provide CBP with security
profiles that describe the current security procedures they have in place,
such as pre-employment screening, periodic background reviews, and
employee training on security awareness and procedures. CBP reviews a
company's application to identify any weaknesses in the company's security
procedures and work with the company to resolve these weaknesses. Once any
weaknesses are addressed, CBP signs an agreement stating that the company
is considered to be a certified C-TPAT member, eligible for program
benefits.38

37The SAFE Port Act, enacted in October 2006, specifically authorized the
Secretary of Homeland Security, acting through the Commissioner of CBP, to
establish the C-TPAT program in accordance with requirements set forth in
the law. Security and Accountability for Every (SAFE) Port Act of 2006,
Pub. L. No. 109-347, SS 211-223, 120 Stat. 1884, 1909-15.

After certification, CBP has a process for validating that C-TPAT members
have implemented security measures. During the validation process, CBP
staff meet with company representatives to verify supply chain security
measures. The validation process includes visits to the company's U.S. and
foreign sites, if any. Upon completion of the validation process, CBP
reports back to the company on any identified areas that need improvement
and suggested corrective actions, as well as a determination of whether
program benefits are still warranted for the company. According to CBP
officials, they use a risk-based approach for identifying the priority in
which C-TPAT participants should be validated.39

International Air Cargo Security Standards and Recommended Practices

The International Civil Aviation Organization (ICAO) is a specialized
agency of the United Nations in charge of coordinating and regulating
international air transportation. ICAO was established by the Convention
on International Civil Aviation (also known as the Chicago Convention) in
1944 and is composed of over 180 member nations with aviation service
capabilities. In 1974, ICAO established aviation security standards and
recommended practices to ensure a baseline level of security. These
standards are aimed at preventing suspicious objects, weapons, explosives,
or other dangerous devices from being placed on board passenger aircraft
either through concealment, in otherwise legitimate shipments, or through
gaining access to air cargo shipments via cargo-handling areas. The
standards call for member nations to implement measures to ensure the
protection of air cargo being moved within an airport and intended for
transport on an aircraft, and to ensure that aircraft operators do not
accept cargo on passenger flights unless application of security controls
has been confirmed and accounted for by a regulated agent or that such
cargo has been subjected to appropriate security controls. ICAO standards
also provide that except for reasons of aviation security, member states
should not require the physical inspection of all air cargo that is
imported or exported. In general, member states should apply risk
management principles (such as targeting higher-risk cargo) to determine
which goods should be examined and the extent of that examination. While
compliance with these standards is voluntary, all 180 ICAO members,
including the United States, have committed to incorporating these
standards into their national air cargo security programs.40

38In May 2005, CBP began using a three-tiered approach in providing C-TPAT
participants with benefits. Under this approach, air carriers' benefits,
including a reduction in their risk score, increase based on (1) whether
the carriers are certified,(2) whether they are validated, and (3) whether
they are implementing security requirements that exceed minimum
guidelines.

39DHS determined that details on the information CBP uses to prioritize
which C-TPAT participants should be validated are Sensitive Security
Information. A description of this information is included in the
restricted version of this report, GAO-07-337SU.

The International Air Transport Association (IATA) represents about 260
air carriers constituting 94 percent of international scheduled air
traffic. Building upon ICAO's standards, IATA issued voluntary recommended
practices and guidelines to help ensure that global air cargo security
measures are uniform and operationally manageable. For example, IATA
published a manual that, among other things, encourages air carriers to
implement measures and procedures to prevent explosives or other dangerous
devices from being accepted for transport by air, conduct pre-employment
checks on individuals involved in the handling or inspection of air cargo,
and ensure the security of all shipments accepted from persons other than
known shippers41 or regulated agents through physical inspection or some
type of screening process. IATA also developed guidelines to assist air
carriers in developing security policies by providing detailed suggestions
for accepting, handling, inspecting, storing, and transporting air cargo.

The World Customs Organization (WCO) consists of 166 member nations,
representing 99 percent of global trade, including cargo transported by
air. In June 2005, WCO established its Framework of Standards to Secure
and Facilitate Global Trade that, among other things, sets forth
principles and voluntary minimum security standards to be adopted by its
members. The framework provides guidance for developing methods to target
and inspect high-risk cargo, establishes time frames for the submission of
information on cargo shipments, and identifies inspection technology that
could be used to inspect high-risk cargo.

40Although adopting these standards is voluntary, in the sense that each
contracting state signs onto the convention of its own accord, a state may
face consequences for not adopting and following the ICAO standards. For
example, if a state does not amend its own regulations or practices in
light of amendments to the ICAO standards, all other states will be
notified of the difference existing between the international standards
and the corresponding national practice of the state. Similarly, TSA is
authorized under U.S. law to conduct foreign airport assessments using, at
least, the ICAO standards and appropriate recommended practices to
determine if the airport maintains and carries out effective security
measures, and to take appropriate actions in the event the airport does
not maintain effective security measures. See 49 U.S.C. S 44907.

41A known shipper is an individual or business with an established history
of shipping cargo on passenger carriers.

Applying a Risk-Managed Approach for Securing Inbound Air Cargo

Risk management is a tool for informing policy makers' decisions about
assessing risks, allocating resources, and taking actions under conditions
of uncertainty. In recent years, the President, through Homeland Security
Presidential Directives (HSPD), and Congress, more recently through the
Intelligence Reform and Terrorism Prevention Act of 2004, required federal
agencies with homeland security responsibilities to apply risk-based
principles to inform their decision making regarding allocating limited
resources and prioritizing security activities. The National Commission on
Terrorist Attacks Upon the United States (also known as the 9/11
Commission), recommended that the U.S. government identify and evaluate
the transportation assets that need to be protected, set risk-based
priorities for defending them, select the most practical and
cost-effective ways of doing so, and then develop a plan, budget, and
funding to implement the effort.42 In addition, DHS issued the National
Strategy for Transportation Security in 2005 that describes the policies
DHS will apply when managing risks to the security of the U.S.
transportation system.43 We have previously reported that a risk
management approach can help to prioritize and focus the programs designed
to combat terrorism. As applied in the homeland security context, risk
management can help officials make decisions about resource allocations
and associated trade-offs in preparing defenses against acts of terrorism
and other threats. We have recommended that TSA apply a comprehensive
risk-based approach for securing the domestic air cargo transportation
system.44

42National Commission on Terrorist Attacks upon the United States, The
9/11 Commission Report: Final Report of the National Commission on
Terrorist Attacks upon the United States (Washington, D.C.: 2004). The
9/11 Commission was an independent, bipartisan commission established in
late 2002, to prepare a complete account of the circumstances surrounding
the September 11 terrorist attacks, including preparedness for and the
immediate response to the attacks. The commission was also mandated to
provide recommendations designed to guard against future attacks.

43The Intelligence Reform and Terrorism Prevention Act of 2004 requires
the Secretary of Homeland Security to develop, prepare, implement, and
update, as needed a National Strategy for Transportation Security and
transportation modal security plans. See Pub. L. No. 108-458, S 4001, 118
Stat. 3638, 3710-12 (codified at 49 U.S.C. SS 114(t), 44904(c)-(d)).

The Homeland Security Act of 2002 also directed the department's
Directorate of Information Analysis and Infrastructure Protection to use
risk management principles in coordinating the nation's critical
infrastructure protection efforts.45 This includes integrating relevant
information, and analysis and vulnerability assessments to identify
priorities for protective and support measures by the department, other
federal agencies, state and local government agencies and authorities, the
private sector, and other entities. Homeland Security Presidential
Directive 7 and the Intelligence Reform and Terrorism Prevention Act of
2004 further define and establish critical infrastructure protection
responsibilities for DHS and those federal agencies given responsibility
for particular industry sectors, such as transportation. In June 2006, DHS
issued the National Infrastructure Protection Plan (NIPP), which named TSA
as the primary federal agency responsible for coordinating critical
infrastructure protection efforts within the transportation sector, which
includes all modes of transportation.46 The NIPP requires federal agencies
to work with the private sector to develop plans that, among other things,
identify and prioritize critical assets for their respective sectors. In
accordance with the NIPP, TSA must conduct and facilitate risk assessments
in order to identify, prioritize, and coordinate the protection of
critical transportation systems infrastructure, as well as develop
risk-based priorities for the transportation sector. TSA officials
reported that work is now under way on specific plans for each mode of
transportation, but as of January 2007, they were not completed.

To provide guidance to agency decision makers, we have created a risk
management framework, which is intended to be a starting point for
applying risk-based principles. Our risk management framework entails a
continuous process of managing risk through a series of actions, including
setting strategic goals and objectives, assessing risk, evaluating
alternatives, selecting initiatives to undertake, and implementing and
monitoring those initiatives. DHS's NIPP describes a risk management
process that closely mirrors our risk management framework.

44 [42]GAO-06-76 .

45In 2006, DHS reorganized the Information Analysis and Infrastructure
Protection Directorate and moved its functions to the Office of
Intelligence and Analysis and Office of Infrastructure Protection.

46DHS designated TSA as the lead agency for addressing HSPD-7 as it
relates to securing the nation's transportation sector. The Department of
Transportation also has a collaborative role for addressing HSPD-7.

Setting strategic goals, objectives, and constraints is a key first step
in applying risk management principles and helps to ensure that management
decisions are focused on achieving a purpose. These decisions should take
place in the context of an agency's strategic plan that includes goals and
objectives that are clear and concise. These goals and objectives should
identify resource issues and other factors to achieving the goals.
Further, the goals and objectives of an agency should link to a
department's overall strategic plan. The ability to achieve strategic
goals depends, in part, on how well an agency manages risk. The agency's
strategic plan should address risk-related issues that are central to the
agency's overall mission.

Risk assessment, an important element of a risk-based approach, helps
decision makers identify and evaluate potential risks so that
countermeasures can be designed and implemented to prevent or mitigate the
effects of the risks. Risk assessment is a qualitative and/or quantitative
determination of the likelihood of an adverse event occurring and the
severity, or impact, of its consequences. Risk assessment in a homeland
security application often involves assessing three key elements--threat,
vulnerability, and criticality or consequence. A threat assessment
identifies and evaluates potential threats on the basis of factors such as
capabilities, intentions, and past activities. A vulnerability assessment
identifies weaknesses that may be exploited by identified threats and
suggests options to address those weaknesses. A criticality or consequence
assessment evaluates and prioritizes assets and functions in terms of
specific criteria, such as their importance to public safety and the
economy, as a basis for identifying which structures or processes are
relatively more important to protect from attack. Information from these
three assessments contributes to an overall risk assessment that may
characterize risks on a scale such as high, medium, or low and provides
input for evaluating alternatives and management prioritization of
security initiatives. The risk assessment element in the overall risk
management cycle may be the largest change from standard management steps
and can be important to informing the remaining steps of the cycle. For
further details on our risk management framework, see appendix IV.

DHS Has Taken Initial Steps to Secure Inbound Air Cargo, and Opportunities
Exist to Strengthen These Efforts

The two components within DHS responsible for air cargo security, TSA and
CBP, have initiated efforts to better secure inbound air cargo, but these
efforts are in the early stages and could be enhanced. While TSA and CBP
have taken some preliminary steps to use risk management principles to
guide their decisions related to inbound air cargo security, most of TSA's
and CBP's efforts to enhance inbound air cargo security are still largely
in the planning stages. For instance, TSA has completed a strategic plan
to address domestic air cargo security and has identified the primary
threats associated with inbound air cargo. However, the agency has not
identified goals and objectives for addressing inbound air cargo security,
such as how it will coordinate with CBP to ensure that all relevant areas
of inbound air cargo security are addressed. Further, TSA has not assessed
which areas of inbound air cargo are most vulnerable to attack and which
assets are deemed most critical to protect. Another action TSA has taken
is the publication of its final air cargo security rule in May 2006 that
included a number of provisions aimed at enhancing the security of inbound
air cargo. However, TSA's inbound air cargo inspection requirements
continue to allow for a number of exemptions for cargo transported on
passenger air carriers, which could be exploited to transport an explosive
device. In addition, TSA conducts compliance inspections of domestic and
foreign passenger air carriers transporting cargo into the United States,
but the agency has not developed an inspection plan that would establish
goals and measures for its inspection program to evaluate air carriers'
performance against expected results. Also within DHS, CBP has recently
initiated efforts to mitigate the threat of a WMD entering the United
States by targeting inbound air cargo transported on passenger and
all-cargo aircraft that may pose a security risk and inspecting such cargo
once it arrives in the United States. CBP also manages the C-TPAT program,
which encourages those businesses involved in the transportation of cargo
into the United States to enhance their security practices. However, CBP
is still in the early stages of developing specific security criteria for
air carriers participating in the program. In addition, DHS is in the
early stages of researching, developing, and testing technologies to
enhance the security of air cargo, but has not yet assessed the results or
determined whether these technologies will be deployed abroad. Finally,
TSA and CBP have taken steps to coordinate their responsibilities to
safeguard air cargo transported into the United States, but the two
agencies do not have a systematic process in place to share information
that could be used to strengthen their efforts to secure inbound air
cargo.

TSA and CBP Have Taken Preliminary Steps to Incorporate Risk Management
Principles into Their Decision Making to Secure Inbound Air Cargo, but Most
Efforts Are in the Planning Stages

Within DHS, TSA and CBP have begun incorporating risk management
principles into their inbound air cargo security programs, but these
efforts are in the early stages and more work remains to be done. Applying
a risk management framework to decision making is one tool to help provide
assurance that programs designed to combat terrorism are properly
prioritized and focused. Thus, risk management, as applied in the homeland
security context, can help decision makers to more effectively and
efficiently prepare defenses against acts of terrorism and other threats.
Risk management principles can be incorporated on a number of different
levels within an agency's operations. For example, CBP's ATS system uses
information from various sources to assign risk scores to cargo, as part
of its risk-managed approach to cargo security. Another example of a risk
management activity is considering risk when allocating resources. TSA has
underscored the importance of implementing a risk-based approach that
protects against known threats, but that is also sufficiently flexible to
direct resources to mitigate new and emerging threats. According to TSA,
the ideal risk model would be one that could be used throughout the
transportation sector and applicable to different threat scenarios.

As part of TSA's risk-based approach, the agency issued an Air Cargo
Strategic Plan in November 2003 that focused on securing the domestic air
cargo supply chain and transportation system. However, this plan does not
describe how the agency plans to secure inbound air cargo.47 TSA's Air
Cargo Strategic Plan describes an approach for screening or reviewing
information on all domestic air cargo shipments to determine their level
of relative risk, ensuring that 100 percent of cargo identified as posing
an elevated risk is physically inspected, and pursuing technological
solutions to physically inspect air cargo. This approach to target
elevated risk domestic air cargo for inspection, however, is not yet in
place. In developing its Air Cargo Strategic Plan, TSA coordinated with
air cargo industry stakeholders representing passenger and all-cargo
carriers, as well as with CBP to assist in developing a system for
targeting domestic air cargo.48 TSA's Air Cargo Strategic Plan, however,
does not include goals and objectives for addressing inbound air cargo
security, which presents different security challenges than domestic air
cargo.49

47U.S. Department of Homeland Security, TSA's Air Cargo Strategic Plan,
November 2003.

48According to CBP officials, CBP provided TSA with information on CBP's
targeting efforts and systems to assist TSA in the development of a system
to target domestic air cargo for inspection. However, according to CBP
officials, TSA has not sought further assistance from CBP on developing a
targeting system for domestic air cargo.

According to CBP, the agency has begun a comprehensive review of its
current air cargo security strategy, including how C-TPAT as well as
relevant TSA programs can be incorporated into this strategy. As part of
its risk management efforts, CBP developed a strategic plan covering
fiscal years 2007-2011 focusing on securing the nation's borders at ports
of entry, including airports. This plan includes a discussion on how CBP
will use risk-based principles to guide decisions related to securing
inbound air cargo. For example, to achieve CBP's strategic objective of
screening all goods entering the United States by air, CBP plans to
develop an approach to increase the percentage of goods for which it
receives advance information. By increasing the amount of information
available, CBP can better identify low-risk goods and move them quickly
through the port of entry, while focusing its resources on inspecting
cargo that represents higher risks.

As TSA develops a strategy for inbound air cargo, it will be important to
work with CBP to ensure that the two agencies coordinate their respective
responsibilities for securing inbound air cargo and leverage available
information to ensure vulnerabilities are addressed. For example, during
discussions with TSA and CBP officials, we determined that, due in part to
a lack of coordination between the two agencies, neither agency was
addressing an area that both considered a potential threat to air cargo
security. Although TSA and CBP have not stated whether this issue results
in a vulnerability to the cargo's transport to the United States, some air
cargo industry stakeholders with whom we spoke told us it represents a
security vulnerability.50

49DHS determined that examples of the specific challenges TSA may face in
addressing inbound air cargo security are considered Sensitive Security
Information. A description of the specific challenges TSA may face is
included in the restricted version of this report, GAO-07-337SU. In July
2006, DHS issued its goals and priorities to be achieved prior to January
2009. The department identified protecting air cargo transported on
passenger aircraft as one of its top priorities, and called for the
implementation of a system to protect against hidden explosives devices in
air cargo transported on passenger aircraft by the end of 2007. Although
the goals and priorities do not specify whether they apply to domestic,
inbound, or outbound air cargo, TSA officials stated that they apply only
to domestic air cargo.

50DHS determined that details on the potential vulnerability are
considered sensitive security information. Information on the potential
vulnerabilities is discussed in the restricted version of this report,
GAO-07-337SU.

TSA officials acknowledged that it is important to partner with CBP,
foreign governments, and international air cargo stakeholders in
developing a strategy for securing inbound air cargo. TSA officials stated
that they plan to revise their existing domestic air cargo strategic plan
and will consider incorporating a strategy for addressing inbound air
cargo security at that time. However, as of January 2007, agency officials
had not set a time frame for when TSA will complete this revision, and the
extent to which this plan will address inbound air cargo is unclear. CBP
officials stated that their input could contribute to any strategy
developed by TSA, and that CBP is in the initial stages of developing its
own air cargo strategic plan, scheduled for completion by the end of 2007.

In addition to developing a strategic plan, a risk management framework in
the homeland security context should include risk assessments, which
typically involve three key elements--threats, vulnerabilities, and
criticality or consequence (for more information on our risk management
framework, see app. IV). Information from these three assessments provides
input for setting priorities, evaluating alternatives, allocating
resources, and monitoring security initiatives. TSA has completed an
assessment of air cargo threats, but has not assessed air cargo
vulnerabilities or critical assets.

In September 2005, TSA's Transportation Security Intelligence Service
(TSIS) completed an overall threat assessment for air cargo, which
identified general and specific threats related to both domestic and
inbound air cargo.51 According to TSA, the primary threats to inbound air
cargo focus on the introduction of an explosive device in cargo loaded on
a passenger aircraft, and the hijacking of an all-cargo aircraft resulting
in its use as a weapon to inflict mass destruction.52 As stated
previously, TSA, CBP, and industry stakeholders have also identified the
introduction and transport of a WMD or its component parts as a potential
threat.53 TSA has characterized the threats to inbound air cargo as high
and has identified air cargo as a primary aviation target for terrorists
in the short term. However, TSA has not evaluated the relative security
risk presented by inbound air cargo compared to other areas of aviation
security, such as passengers and checked baggage.54

51TSA's Office of Intelligence, formerly known as TSIS, does not
independently gather intelligence information but rather produces threat
assessments using available intelligence from sources such as DHS's
Directorate of Intelligence and Analysis, the Federal Bureau of
Investigation, and the Central Intelligence Agency. The details of TSA's
threat assessment are classified.

52DHS defines "threat" as the capabilities (demonstrated and theoretically
feasible) of terrorist organizations/affiliates to attack/damage/destroy
critical infrastructure such as transportation assets, coupled with the
intentions (both demonstrated and articulated publicly) to actually
perpetrate these attacks.

While TSA has acknowledged that the vulnerabilities to inbound air cargo
would likely be similar to those of domestic air cargo, TSA has not
conducted a vulnerability assessment, nor has it identified
vulnerabilities specific to inbound air cargo.55 TSA officials stated that
the agency is first planning to conduct an assessment of domestic air
cargo vulnerabilities before initiating an assessment of inbound air cargo
vulnerabilities. TSA does not plan to complete its assessment of domestic
air cargo vulnerabilities until late in 2007, thus potentially delaying
the start of an assessment of the inbound air cargo vulnerabilities until
2008. According to TSA officials, limited resources and competing
priorities have delayed agency efforts to conduct an assessment of inbound
air cargo security vulnerabilities. Nevertheless, TSA officials
acknowledge that vulnerabilities to inbound air cargo exist and that these
vulnerabilities are in some cases similar to those facing the domestic air
cargo supply chain.56

53According to CBP, mitigating the threat of a WMD entering the United
States via any transportation mode is its priority mission. According to
CBP officials, CBP will not conduct its own air cargo specific threat
assessment, but rather rely on TSA's air cargo threat assessments and
information obtained from the Central Intelligence Agency.

54In April 2005, TSA briefed a congressional committee on the threats to
the nation's entire transportation sector, including aviation. The
briefing included a threat matrix that ranked the risk associated with the
different transportation modes and showed threats to air cargo that were
consistent with previous TSA threat assessments.

55At a departmental level, DHS does not have any efforts under way
specifically aimed at assessing the vulnerabilities of inbound air cargo.
However, agency officials stated that the Office of Infrastructure
Protection, an office within DHS charged with coordinating national
critical infrastructure protection efforts, is coordinating with TSA on
conducting risk assessments associated with U.S. airports.

56DHS determined that examples of inbound air cargo security
vulnerabilities are Sensitive Security Information. Examples of inbound
air cargo security vulnerabilities are discussed in the restricted version
of this report, GAO-07-337SU. In our October 2005 report on domestic air
cargo security, we cited air cargo system vulnerabilities related to the
adequacy of background investigations for persons handling cargo, the
possible tampering with cargo during land transport to the airport or at
the cargo handling facilities of air carriers and freight forwarders, and
the illegal shipments of hazardous materials. See [43]GAO-06-76 .

TSA officials stated that conducting vulnerability assessments for inbound
air cargo will be difficult because these assessments require an
understanding of the inbound air cargo supply chain, and while the agency
has some information on the supply chains of several foreign countries, it
does not have access to that information for many others. Although agency
officials reported that they have taken initial steps toward developing a
methodology for assessing inbound air cargo security vulnerabilities, they
have not established a time frame for completing the methodology or
determined when the vulnerability assessments will be conducted. TSA
officials acknowledged that conducting assessments to identify
vulnerabilities associated with inbound air cargo, and analyzing the
results of such assessments, could help to strengthen the agency's efforts
to secure inbound air cargo by providing information that could be used to
develop measures to address identified vulnerabilities. Air cargo industry
stakeholders we spoke with, including those representing domestic and
foreign air carriers, agreed that TSA-led vulnerability assessments could
help to identify air cargo security weaknesses and develop measures to
mitigate these weaknesses.

TSA also has not developed a methodology or schedule for completing an
assessment to identify those inbound air cargo assets deemed most critical
to protect, or whose destruction would cause the most severe damage to the
United States. TSA officials stated that inbound air cargo assets mirror
domestic air cargo assets, and could include workers, facilities, and
aircraft. According to TSA, factors that could be used to define critical
inbound air cargo assets include the number of fatalities resulting from a
terrorist attack on a domestic or foreign cargo facility or aircraft; the
economic or political importance of the asset; and consequences that an
attack would have on the public's confidence in the U.S. government's
ability to maintain order, among other things. According to TSA officials,
the agency will conduct an assessment of critical inbound air cargo assets
once it has completed its vulnerability and criticality assessments for
domestic air cargo expected in 2007.

The need for an assessment of critical transportation infrastructure,
which could include inbound air cargo assets, has been identified by
various sources, including DHS's NIPP and National Strategy for
Transportation Security, and a number of Presidential Directives. The 9/11
Commission also recommended that the U.S. government identify and evaluate
the transportation assets that need to be protected, set risk-based
priorities for defending them, select the most practical and
cost-effective ways of doing so, and develop a plan, budget, and funding
to implement the effort. TSA officials we spoke with acknowledged that
such assessments could better enable the agency to prioritize its efforts
by focusing on high-priority or high-value inbound air cargo assets, and
by targeting resources to address the most critical inbound air cargo
security risks. Moreover, TSA officials agreed that analyzing the results
of a criticality assessment could provide the basis for taking immediate
protective actions depending on the threat environment, and guiding future
agency decisions related to securing the inbound air cargo transportation
system.

TSA Revised its Security Programs to Require Air Carriers Transporting Cargo
into the United States to Implement Additional Air Cargo Security Measures, but
the Programs Do Not Address Some Areas of Inbound Air Cargo Security

In May 2006, TSA issued a final rule that revised some of the requirements
air carriers need to follow to ensure air cargo security. While TSA's air
cargo security rule is focused primarily on domestic air cargo, it also
includes more stringent security requirements for passenger and all-cargo
carriers transporting cargo into the United States.57 For example, TSA
created a new mandatory security regime for domestic and foreign all-cargo
air carrier operations. The final rule also acknowledges that TSA amended
its security directives and programs to triple the percentage of cargo
inspected on domestic and foreign passenger aircraft.58 TSA currently
requires foreign and domestic all-cargo carriers to inspect a different
percentage of nonexempt items prior to the cargo's loading.59

While the air cargo security rule establishes general requirements air
carriers must follow to secure inbound air cargo, TSA is currently
drafting and revising security programs to incorporate applicable elements
of the rule and with which air carriers will need to comply. These
security programs will address inbound, outbound, and domestic air cargo
operations. TSA regulations require that each air carrier, foreign or
domestic, adopt a security program that incorporates applicable security
requirements and that is approved by TSA. Once TSA finalizes revisions to
the security programs--which for domestic passenger air carriers is known
as the Aircraft Operator Standard Security Program (AOSSP) and for foreign
passenger air carriers is known as the Model Security

57TSA's rule sets forth domestic air cargo security requirements, such as
requiring airports to expand the secure identification display area
(SIDA)at airports to include areas where cargo is loaded and unloaded, and
conduct security threat assessments on individuals with access to air
cargo to assess any terrorist threats from those individuals.

58TSA amended this requirement in response to the DHS Appropriations Act,
2005, in July 2005. Pub. L. No. 108-334, S 513, 118 Stat. 1298, 1317
(2004).

59DHS determined that details on the percentage of inbound air cargo
transported on passenger and all-cargo aircraft required to be inspected
is Sensitive Security Information. Information on the percentage of
inbound air cargo required to be inspected is included in the restricted
version of this report, GAO-07-337SU.

Program (MSP)--TSA will require air carriers to amend their security
programs to reflect TSA's new requirements.60 TSA also drafted new
security programs for domestic all-cargo carriers, referred to as the Full
All-Cargo Aircraft Operator Standard Security Program (FACAOSSP), and for
foreign all-cargo carriers, referred to as the All-Cargo International
Security Program (ACISP).61 As of January 2007, TSA had yet to issue the
final security programs. Air carriers will be required to be in full
compliance with the revised and new security programs on a date to be
established by the agency. However, TSA officials could not provide a time
frame for when these programs would be finalized, nor has the date that
air carriers will be required to be in compliance with the new and revised
security programs been announced.62

After TSA issued its final air cargo security rule and released its draft
security programs for comment, the agency held eight listening sessions in
five cities to provide industry an opportunity to share its views on the
proposed requirements before the final security programs are issued. At
these listening sessions, some air carriers were pleased that TSA had
taken action to strengthen air cargo security. Other air carriers,
however, expressed concerns regarding the cost and feasibility of
implementing TSA's air cargo security requirements contained in the
agency's draft security programs.63 Air carriers present at these
listening sessions also stated that given the operational changes they
would need to make to implement TSA's new air cargo security requirements,
TSA should provide air carriers sufficient time to fully comply with the
new and revised security programs. Although passenger air carriers
expressed concern regarding the implementation of measures contained in
the final rule and draft security programs, most of their comments relate
to domestic air cargo security. Domestic and foreign all-cargo carriers
cited several challenges related to TSA's draft security programs for
all-cargo carriers. These included

60The AOSSP and MSP also contain new security requirements for carriers
transporting cargo within the United States and from the United States to
a foreign location.

61Previously, distinct security programs did not exist for domestic and
foreign all-cargo carriers. All-cargo carriers, however, were required to
implement security measures contained in TSA security directives and
emergency amendments. Some of the proposed requirements in the proposed
all-cargo security programs are already implemented by all-cargo carriers.

62DHS determined that details on the draft requirements contained in
security programs for passenger and all-cargo carriers that relate to
inbound air cargo security are Sensitive Security Information. The draft
requirements are discussed in the restricted version of this report,
GAO-07-337SU.

63According to TSA, the increased cost estimates contained in the final
rule were largely due to tripling the percentage of cargo passenger air
carriers are required to inspect, which was required by the DHS
Appropriations Act of 2005.

           o new requirements for inspecting 100 percent of certain nonexempt
           inbound air cargo viewed as unnecessary, burdensome to implement,
           and costly;
           o proposed revisions to existing inspection exemptions based on
           weight and packaging viewed as negatively affecting delivery of
           specific cargo shipments;
           o application of new inspection and other requirements viewed as
           not consistent with identified threats to the air cargo industry;
           o difficultly determining which TSA requirements apply to
           all-cargo carriers versus which apply to cargo transferred from an
           all-cargo aircraft to a passenger aircraft; and
           o a proposed requirement to train carrier personnel to screen
           individuals and their property transported on an all-cargo flight
           viewed as unwarranted because very few individuals other than crew
           members fly on these aircraft.

Among other things, the draft security programs for foreign and domestic
passenger carriers would require the physical inspection of air cargo
shipments, including manual searches and the use of technology, in
addition to other methods currently in use. The primary concern expressed
by all-cargo carriers about the draft security programs focus on air cargo
inspection requirements. Specifically, some all-cargo carriers did not
understand TSA's rationale for requiring them to inspect 100 percent of
certain types of nonexempt cargo and noted that this would require them to
inspect three times more cargo than passenger carriers are required to
inspect. According to some all-cargo carriers, TSA has not adequately
explained any additional risk to all-cargo carriers that would justify the
new inspection requirements. TSA officials stated that the agency will
review the comments submitted by industry stakeholders regarding the new
and revised security programs prior to issuing the final security
programs.

Inspection Exemptions Pose a Potential Vulnerability for Air Cargo Transported
into the United States

In our October 2005 report, we noted that TSA's inspection requirements
allowed carriers to exempt certain types of air cargo from inspection.64
These exemptions may leave the air cargo transportation system vulnerable
to terrorist attack. We reported that a terrorist could place an explosive
device in an exempt piece of cargo, which would not be detected prior to
its loading onto aircraft because such cargo is not subject to inspection.
We recommended that TSA assess the rationale for the exemptions, determine
whether these exemptions pose vulnerabilities, and determine whether
adjustments were needed.65 According to TSA officials, the agency
originally chose to exempt certain cargo from the inspection requirements
because it did not view the exempted cargo as posing a significant
security risk and because the time required to inspect certain cargo could
adversely affect the flow of commerce.

TSA recognized, however, that some of the inspection exemptions could pose
a potential vulnerability, and convened an internal cargo policy working
group in February 2006 to examine air cargo policies and regulations that
apply to inbound, outbound, and domestic air cargo, including inspection
exemptions, to identify requirements that may allow for unacceptable
security gaps. In March 2006, the working group made several
recommendations to TSA related to the inspection exemptions for cargo
transported on passenger aircraft. The working group's recommendations
included more stringent inspection requirements for passenger carriers. In
October 2006, TSA issued a security directive and emergency amendment to
domestic and foreign passenger air carriers operating within and from the
United States that implemented elements of the recommendations of the
internal working group. However, these new requirements do not cover all
air carriers.66

In addition to the actions TSA took to address the working group's
recommendations, the agency is also considering limiting some of the
inspection exemptions for all-cargo carriers, and has drafted security
programs for foreign and domestic all-cargo carriers aimed at
strengthening the security of inbound, outbound, and domestic air cargo.
The draft programs for all-cargo carriers would require all-cargo carriers
to inspect 100 percent of certain nonexempt air cargo.67 TSA officials
stated that prior to issuing the final security programs, the agency will
consider comments by all-cargo carriers on this proposed requirement.

64The inspection exemptions apply to inbound, outbound, and domestic air
cargo. See [44]GAO-06-76 .

65 [45]GAO-06-76 .

66DHS determined that details on the specific policy changes TSA made as a
result of the working group are considered Sensitive Security Information.
A description of these policy changes is provided in the restricted
version of this report, GAO-07-337SU.

Under TSA's revisions to the inspection exemptions for passenger air
carriers transporting cargo from and within the United States, and TSA's
proposed changes to the inspection exemptions contained in the draft
security programs for all-cargo carriers, certain types of air cargo will
remain exempt from inspection. 68 These remaining exemptions for both
all-cargo and passenger air carriers transporting cargo into the United
States continue to represent potential vulnerabilities to the air cargo
transportation system.69 According to TSA officials, the agency has not
established a time frame for completing its assessment of whether existing
inspection exemptions pose an unacceptable security vulnerability.

Some all-cargo carriers expressed concern over TSA's proposal to eliminate
the inspection exemption for certain types of cargo, and recommended that
this proposal be reconsidered.70 TSA officials stated that the proposed
revisions to the inspection requirements are aimed at increasing the
overall security of air cargo transported on all-cargo aircraft. According
to TSA officials, the agency is still evaluating industry's comments to
the proposed security programs, including those related to removing the
inspection exemption for certain types of cargo transported on all-cargo
carriers. TSA officials noted that the agency is also holding discussions
with the air cargo industry to determine whether or not the current
inspection exemptions leave the air cargo transportation system vulnerable
to attack and what impact further revisions to the inspection exemptions
would have on air carriers' operations.71 According to TSA officials,
while ongoing discussions with industry are focused on the domestic air
cargo transportation system, any decisions made as a result of these
discussions could affect inbound air cargo. TSA officials added that while
industry stakeholder concerns are considered, decisions regarding what
requirements will be issued will be based on the agency's assessment of
air cargo risks and security needs.

67DHS determined that details on the requirements contained in the draft
security programs for all-cargo carriers are Sensitive Security
Information. A description of these requirements is provided in the
restricted version of this report, GAO-07-337SU.

68DHS determined that the specific types of cargo exempted are considered
Sensitive Security Information. A description of these policy changes is
provided in the restricted version of this report, GAO-07-337SU.

69DHS determined that details on specific vulnerabilities associated with
inbound air cargo inspection exemptions are Sensitive Security
Information. A description of the vulnerabilities is provided in the
restricted version of this report, GAO-07-337SU.

70DHS determined that details on the specific concerns expressed by
all-cargo air carriers are Sensitive Security Information. A description
of these concerns is included in the restricted version of this report,
GAO-07-337SU.

TSA Developed a Program to Assess Passenger Air Carrier Compliance with Inbound
Air Cargo Security Requirements, but This Program Could Be Strengthened by
Developing an Inspection Plan That Includes Performance Goals and Measures

TSA currently inspects domestic and foreign passenger air carriers
transporting cargo into the United States to assess their compliance with
TSA inbound air cargo security requirements. The agency, however, does not
perform compliance inspections of all air carriers transporting cargo into
the United States.72

Between July 2003 and February 2006, TSA conducted about 1,000 inspections
of domestic and foreign passenger air carriers that included a review of
air cargo security procedures.73 TSA's inbound air cargo security
inspections differ from its domestic air cargo security inspections in
that the agency does not have an inspection plan that focuses solely on
air cargo security regulations. Instead, TSA inspectors evaluate inbound
cargo security procedures as a part of its international aviation security
inspection program, which also includes reviews of areas such as aircraft,
passenger, and baggage security. TSA's five international field offices
are responsible for scheduling and conducting the international air
carrier inspections.74 TSA inspections may include areas of cargo
security, such as cargo acceptance procedures, security testing and
training, and ensuring that foreign air carriers implement a cargo
security plan that is consistent with TSA standards.

71In an October 20, 2005, meeting with a wide range of industry
stakeholders, TSA announced its intent to review current policies and
processes. During a follow-on meeting held November 9, 2005, with
corporate security representatives from most of the major passenger air
carriers, TSA continued that dialogue and specifically addressed the need
to reevaluate the rationale for existing inspection exemptions.

72DHS determined that the specific actions TSA is taking to address this
issue are considered Sensitive Security Information. These actions are
discussed in the restricted version of this report, GAO-07-337SU.

73TSA compliance inspections are fundamentally different from air
carriers' inspections of air cargo. TSA inspections are designed to ensure
air carrier compliance with air cargo security requirements, while air
carrier inspections focus on ensuring that air cargo does not contain an
improvised explosive device or human stowaway.

74International field office officials stated that these inspections may
occur in conjunction with a foreign airport assessment.

According to TSA records, inspectors have found instances where passenger
air carriers were not complying with inbound air cargo security
procedures. For example, TSA found that some passenger air carriers were
accepting cargo from unknown shippers, not physically screening cargo in
accordance with TSA regulations, and failing to search empty cargo holds
on an aircraft to prevent unauthorized access prior to loading and
unloading. If not corrected, these problems could create vulnerabilities
in the security of inbound air cargo. For information on TSA's inspections
conducted, including inspection results from July 2003 to February 2006,
see appendix II.

TSA has a domestic aviation security inspection plan that, among other
things, describes how the agency will ensure that air carriers that use
domestic airports are complying with TSA security requirements, including
those that apply to passengers, baggage, and air cargo. However, TSA has
not developed a similar inspection plan for international aviation
security. As a result, there is no inspection plan that would establish
performance goals and measures that provide a clear picture of the
intended objectives and performance of its inspections of passenger and
all-cargo carriers that transport cargo into the United States. The
Government Performance and Results Act of 1993 (GPRA), among other things,
requires agencies to prepare an annual performance plan for their programs
and directs executive agencies to articulate goals and strategies for
achieving those goals.75 These plans should include performance goals and
measures to determine the extent to which agencies are achieving their
intended results. TSA's annual domestic inspection plan describes how the
agency will ensure air carrier compliance with federal aviation security
requirements, including those related to air cargo security. The domestic
inspection plan includes goals, such as the number of air cargo
inspections of air carriers each inspector is to conduct for the year. TSA
officials stated that the agency applied risk management principles that
considered threat factors, local security issues, and input from law
enforcement to target key vulnerabilities and critical assets to develop
its domestic inspection plan goals. According to TSA, its plan for
conducting domestic cargo inspections also takes into account how to use
the agency's limited inspection resources most effectively.

75The Government Performance and Results Act of 1993, Pub. L. No. 103-62,
107 Stat. 285, as amended, focuses the federal government on providing
objective, results-oriented information to improve the efficiency and
effectiveness of federal programs, among other things. Under GPRA,
developing performance goals and measures is a component of
results-oriented management. See 31 U.S.C. S 1115.

Within the context of TSA's international inspections program, an
inspection plan should describe the agency's approach for conducting
compliance inspections of air carriers that transport cargo into the
United States. This plan should include performance goals and measures to
gauge air carriers' compliance with inbound air cargo security
requirements. Developing such indicators is also recommended by our
standards for internal control in order for agencies to compare and
analyze actual performance data against established goals.76 For example,
we reported that successful organizations try to link performance goals
and measures to the organization's strategic goals and, to the extent
possible, have performance goals that will show annual progress toward
achieving their long-term strategic goals.77 With regard to TSA's
inspection plan, a goal could be to ensure that passenger and all-cargo
air carriers transporting cargo to the United States are meeting an
acceptable level of compliance with air cargo security requirements.
Another goal could be to assess all-cargo carriers transporting inbound
air cargo within a specified time frame based on the identified risk posed
by these carriers to the United States. In addition, we reported that a
successful agency focuses its goals on the results it expects the program
to achieve. For example, TSA could measure the achievement of a compliance
inspection goal by establishing the number and type of inspections the
agency wants to conduct, and determining appropriate measures to gauge air
carrier compliance with air cargo security requirements.

TSA officials stated that the agency uses its foreign airport assessment
schedule as its plan for determining where it will conduct compliance
inspections of passenger air carriers during each fiscal year. Officials
added that they select passenger air carriers for inspection based on
factors such as the results of previous inspections, when the air carrier
was last inspected, and the availability of inspection resources. While
TSA's schedule for completing airport assessment is an important step in
focusing TSA's international compliance inspection efforts, this schedule
does not include goals or measures for evaluating passenger carrier
compliance with TSA's inbound air cargo security requirements. Further,
the schedule does not include inspections of all-cargo carriers. Without
an inspection plan, TSA may not be able to clearly show the relationship
between its inspections efforts and its longer-term goals to secure
inbound air cargo. Moreover, without establishing performance goals and
measures, TSA is limited in its ability to assess the agency's performance
and the performance of the air carriers it regulates against expected
outcomes. While we understand that TSA has competing demands and must
address numerous areas of aviation security with limited resources,
developing a risk-based plan would help the agency better plan for and
articulate how it intends to address inbound air cargo security
inspections using its limited resources. Further, developing goals and
measures to benchmark its performance would demonstrate the effectiveness
of its inbound air cargo security efforts and help TSA determine the
extent to which the inspections are contributing to the agency's overall
aviation security goals and objectives.

76GAO, Internal Control Management and Evaluation Tool, [46]GAO-01-1008G
(Washington, D.C.: August 2001).

77GAO, The Results Act: An Evaluator's Guide to Assessing Agency Annual
Performance Plans, GAO/GGD-10.1.20 (Washington, D.C.: April 1998).

TSA Implemented a Risk-Based Scheduling System to Assess Certain Foreign
Airports' Security Measures, but Not All Foreign Airports Have Been Assessed

TSA is authorized by U.S. law to assess the effectiveness of security
measures maintained at foreign airports that serve U.S. air carriers or
from which foreign air carriers serve the United States, or that pose a
high risk of introducing danger to international air travel.78 TSA staff
located at five international field offices conduct these assessments.
During an assessment, TSA inspectors are to evaluate the security policies
and procedures in place at a foreign airport to determine whether
procedures meet ICAO aviation security standards and recommended
practices. TSA consults with foreign government officials to schedule
these assessments. According to TSA officials, however, some foreign
governments are sensitive to permitting the United States to come into
their country and assess their airport security and may put conditions on
the assessments, such as limiting the number of days that TSA has to
conduct its assessments. TSA supplements its limited international
inspection resources by using inspectors that are assigned to conduct
aviation security inspections inside the United States to help
international aviation security inspectors conduct foreign airport
assessments. In October 2006, TSA implemented a risk-based methodology to
prioritize which foreign airports to assess based on an analysis of the
risk of an attack at an airport as determined by credible threat
information, the vulnerability of the airport's security based on previous
airport assessments, and the number of flights coming to the United States
from a foreign airport.79 TSA officials stated that this approach will
allow the agency to focus its limited resources on airports that pose the
most significant risk to the United States and aviation security.80

78See  49 U.S.C. S 44907(a)(1). TSA may conduct assessments at intervals
it considers necessary to ensure that airports maintain and carry out
effective security measures based, at least, on the standards and
recommended practices of ICAO Annex 17. See  S 44907(a)(2).

TSA officials stated that the agency has not performed assessments of all
foreign airports with service to the United States, in part because of
political sensitivities associated with foreign airport assessments and
because limited international oversight resources may affect whether TSA
assesses additional airports. Therefore, TSA cannot determine whether
cargo transported from foreign airports at which it has not performed an
airport assessment poses a security risk.

CBP Has Begun Efforts to Address the Security of Inbound Air Cargo, but These
Efforts Can Be Expanded

To prevent WMD and other elements of terrorism from unlawfully entering
the United States, CBP uses its automated targeting system, referred to as
ATS, and other information to identify cargo that may pose a relatively
high security risk, so it can undergo inspection once the cargo arrives in
the United States. In July 2006, CBP began using ATS to target inbound air
cargo on passenger and all-cargo aircraft that may pose a security risk.81
As discussed previously, ATS uses weighted rules or criteria that assign a
risk score to each arriving shipment based on a variety of factors. This
includes the submission of cargo manifest information required by CBP
either at an aircraft's time of departure for the United States or no
later than 4 hours prior to arrival, as specified in regulation.82 Inbound
air cargo transported by passenger and all-cargo air carriers that is
targeted for security reasons by ATS is inspected by CBP personnel
stationed at airports in the United States.83 CBP officials stated that
the extent to which a cargo shipment is inspected depends on the risk
score it receives, as well as the type of commodity that is shipped.84

79Prior to October 2006, TSA scheduled assessments by categorizing
airports into two groups. Airports that historically had met or exceeded
international security standards were assessed once every 3 years, while
airports that did not regularly meet international standards or had not
been previously assessed were visited annually.

80We are currently conducting an evaluation of TSA's foreign airport
assessment program and air carrier compliance inspection program, and are
scheduled to publish a Sensitive Security Information report in April
2007.

81In addition to cargo identified through ATS, CBP also performs random
inspections of cargo through its compliance measurement program. According
to CBP officials, these inspections are conducted on a stratified sample,
using data contained in ATS. CBP officials noted that the results of the
random inspections are compared with the results of ATS inspections to
improve future targeting efforts.

82See 19 C.F.R. S 122.48a.

CBP's targeting policy describes the roles and responsibilities of CBP
personnel involved in targeting air cargo transported on passenger and
all-cargo air carriers that may pose a security risk and inspecting such
cargo once it enters the United States.85 CBP's targeting policy also
includes details on the risk scores given to shipments that require
inspection by CBP personnel.86 The policy also describes what an
inspection of high-risk air cargo should include, such as the use of
X-rays; inspection with radiation detection technology, such as personal
handheld radiation detectors; and physical inspection. CBP has also
established performance goals related to its efforts to target and inspect
air cargo transported into the United States on passenger and all-cargo
aircraft. Specifically, these performance goals relate to (1) targeting,
controlling, inspecting, and interdicting high-risk air cargo shipments
that may pose a threat to the national security of the United States,
including instruments of terror or any commodity with a link to terrorism,
narcotics, and other contraband, and agriculture risks, and (2) the
accountability and reconciliation of all identified high-risk air cargo
shipments. To gauge its effectiveness of meeting these goals, CBP recently
drafted performance measures in conjunction with its targeting policy.
According to CBP, many of the measures are new and will first be tested at
selected airports to assess their feasibility, utility, and relevancy.
These performance measures include the number of shipments identified by
CBP as having direct ties to terrorism, the number of shipments that have
been identified for further examination based on an anomaly in a
nonintrusive inspection, the number of shipments that CBP holds, and the
type of inspection findings. CBP did not provide us with a time frame for
when these performance measures would be fully implemented.

83CBP is currently not using ATS, but rather the proprietary systems of
express consignment couriers, such as UPS and Fed Ex, to target inbound
air cargo these carriers transport. According to CBP officials, CBP
officers are provided access to the proprietary systems and inspect
high-risk shipments identified through these systems. CBP is in the
process of developing policies and procedures to screen information on
cargo transported on express consignment couriers through ATS.

84CBP officials added that the knowledge and experience of the CBP officer
conducting the inspection factors in on the extent to which a cargo
shipment is inspected. Specifically, the extent to which a cargo shipment
is inspected depends on what the officer needs to see to feel comfortable
that the cargo shipment does not pose a threat.

85According to CBP officials, its targeting policy does not apply to
express consignment couriers that sometimes make a stop at an intermediate
airport in the United States, prior to its final arrival at an all-cargo
carrier's hub facility, such as Memphis for FedEx or Louisville for UPS.
According to CBP, air carrier hubs are adequately staffed to conduct air
cargo inspections, while intermediate airports have limited inspection
resources. CBP officials acknowledge the importance of developing a
targeting policy that specifically applies to express consignment couriers
and plans to issue such a policy sometime during 2007.

86CBP's policy also states that any shipment determined to be related to
terrorism or terrorist activities, regardless of score, should be examined
at the first airport of arrival. Factors that may contribute to this
determination include, but are not limited to, national intelligence, a
validated exact terrorism match, FBI terrorist information, and alerts
from a foreign country intelligence service or similar factors.

Our previous reports identified challenges that CBP faced when targeting
oceangoing cargo shipped in containers for inspection.87 Specifically, we
reported that CBP did not have a comprehensive, integrated process for
analyzing inspection results of oceangoing cargo and incorporating these
results into its targeting system. We also identified limitations with the
information CBP used to target oceangoing cargo, such as vague or
incomplete cargo manifests. We concluded that without complete and
accurate information on shipments, it was difficult for CBP's targeting
system to accurately assess the risk of shipments and to conduct thorough
targeting. We also found that CBP did not yet have a system in place to
report sufficient details of the results of security inspections
nationwide that could allow management to analyze those inspections and
systematically adjust its targeting system. We noted that without a more
comprehensive feedback system, the effectiveness of CBP's targeting system
could be limited. CBP officials acknowledged that the problems identified
with ATS's effectiveness in targeting oceangoing cargo would also apply to
CBP's efforts to target inbound air cargo. For example, CBP uses cargo
manifests as a data source to identify high-risk cargo shipments, but
according to some air carrier representatives, the information contained
in these manifests is not always complete or accurate. CBP's new effort to
target and inspect inbound air cargo transported on passenger carriers
that may pose a security risk provides CBP an opportunity to strengthen
its targeting activities by addressing the issues with its targeting
system that we previously identified.

87GAO, Cargo Container Inspections: Further Improvements to the Automated
Targeting System Are Needed, GAO-06-809SU (Washington, D.C.: August 2006),
Cargo Container Inspections: Preliminary Observations on the Status of
Efforts to Improve the Automated Targeting System, [47]GAO-06-591T
(Washington, D.C.: March, 30, 2006), Homeland Security: Challenges Remain
in the Targeting of Oceangoing Cargo Containers for Inspection,
GAO-04-352NI (Washington, D.C.: Feb. 20, 2004), and Container Security: A
Flexible Staffing Model and Minimum Equipment Requirements Would Improve
Overseas Targeting and Inspection Efforts, [48]GAO-05-557 (Washington,
D.C.: April 2005).

DHS's strategy for addressing the threat of nuclear and radiological
terrorism includes deploying radiation detection equipment at U.S. ports
of entry, including airports. CBP plans to deploy radiation portal
monitors at international airports by September 2009 in order to inspect
100 percent of inbound cargo for radiation.88 We have previously reported
that currently deployed radiation portal monitors have limitations and
that CBP is behind schedule in deploying radiation portal monitors at U.S.
ports of entry, including airports.89 Specifically, we reported that the
portal monitors are limited by the type of radioactive materials they are
able to detect and they cannot differentiate naturally occurring
radiological material from radiological threat material. We also reported
that meeting DHS's goal to deploy over 3,000 radiation portal monitors at
U.S. ports of entry, including U.S. airports, by September 2009 was
unlikely. As of December 2005, CBP had deployed 57 radiation portal
monitors at U.S. facilities that receive international mail and express
consignment courier facilities in the United States, but had not yet
deployed monitors at U.S. airports that receive inbound air cargo.90 CBP
officials cited a lack of resources as the primary reason for not being
able to purchase and deploy more monitors, including those at U.S.
international airports. Until CBP fully deploys radiation portal monitors
at international airports that receive inbound air cargo, CBP's efforts to
effectively inspect air cargo once it enters into the United States for
radiological weapons or the materials to build such a weapon may be
limited.

Another effort CBP has under way to secure the security of inbound air
cargo is the voluntary C-TPAT program. This program is aimed at
strengthening the international supply chain and U.S. border security. In
exchange for implementing security policies and procedures, such as
pre-employment screening, periodic background reviews, and employee
training on security awareness and procedures, CBP provides C-TPAT
participants, including foreign and domestic air carriers, with a reduced
likelihood that their cargo will be inspected once it arrives in the
United States. According to CBP, while there are more than 6,000
participants in the C-TPAT program, as of June 2006, only 31 of the
approximately 200 foreign and domestic air carriers that transport cargo
into the United States, and only 52 of the potentially thousands of
freight forwarders that consolidate cargo departing by air for the United
States, are participating in the program.

88The first four phases of CBP deployment of radiation portal monitors
include (1) international mail and express courier facilities, (2) major
northern border crossings, (3) major seaports, and (4) southwestern border
crossings.

89GAO, Combating Nuclear Smuggling: DHS Has Made Progress Deploying
Radiation Detection Equipment at U.S. Ports of Entry, but Concerns Remain,
[49]GAO-06-389 (Washington, D.C.: March 2006).

90The 57 radiation portal monitors do not include those monitors deployed
at Fed Ex and UPS, both of whom inspect air cargo at their overseas
facilities as agreed in a memorandum of understanding with CBP.

Some foreign air carriers and foreign freight forwarders we spoke with
stated that although CBP has made them aware of C-TPAT benefits, they have
not applied for program membership because they do not see the value of
participating in C-TPAT. Specifically, these air carriers and freight
forwarders noted that participation in C-TPAT does not ensure quicker
delivery times of their shipments and therefore does not benefit them.
According to CBP officials, while C-TPAT offers participants a wide range
of benefits, such as a reduced number of inspections and priority
processing for inspections, CBP cannot compel air carriers to participate
in the program because the C-TPAT program is voluntary. CBP has, however,
identified expanding the number C-TPAT participants, including air
carriers, as one of its objectives in CBP's fiscal years 2007-2011
Strategic Plan for Securing America's Borders at Ports of Entry.

At present, the requirements to become a member of C-TPAT are more broadly
written for air carriers and freight forwarders than they are for
importers, sea carriers, and highway carriers because CBP has not yet
finalized specific security criteria for air carriers and freight
forwarders participating in the program. According to CBP officials, they
have drafted specific security criteria for air carriers. However, the
finalization of the air carrier criteria has been placed on hold, as CBP
is in the process of conducting a comprehensive review of its current air
cargo strategy, including how CBP will incorporate C-TPAT.

DHS Is in the Early Stages of Testing Technologies to Strengthen Air Cargo
Security

DHS has taken some steps to incorporate new technologies into
strengthening the security of air cargo, which will affect both domestic
and inbound air cargo. However, TSA and DHS's Science and Technology (S&T)
Directorate are in the early stages of evaluating available aviation
security technologies to determine their applicability to the domestic air
cargo environment. TSA and S&T are seeking to identify and develop
technologies that can effectively inspect and secure air cargo with
minimal impact on the flow of commerce. DHS officials added that once the
department has determined which technologies it will approve for use on
domestic air cargo, they will consider the use of these technologies for
enhancing the security of inbound air cargo shipments. According to TSA
officials, there is no single technology capable of efficiently and
effectively inspecting all types of air cargo for the full range of
potential terrorist threats, including explosives and WMDs. As such, TSA,
together with S&T, is conducting a number of pilot programs that are
testing a variety of different technologies that may be used separately or
in combination to inspect and secure air cargo. These pilot programs seek
to enhance the security of air cargo by improving the effectiveness of air
cargo inspections through increased detection rates and reduced false
alarm rates, while addressing the two primary threats to air cargo
identified by TSA--hijackers on an all-cargo aircraft and explosives on
passenger aircraft.91

DHS's pilot programs are testing a number of currently employed
technologies used in other areas of aviation and transportation security,
as well as new technologies. These pilot programs include

           o an air cargo explosives detection pilot program implemented at
           three airports, testing the use of explosive detection systems,
           explosive trace detectors, standard X-ray machines, canine teams,
           technologies that can locate a stowaway through detection of a
           heartbeat or increased carbon dioxide levels in cargo, and manual
           inspections of air cargo;92 
           o an explosive detection system (EDS) pilot program, which is
           testing the use of computer-aided tomography to compare the
           densities of objects to locate explosives in air cargo and to
           determine the long-term feasibility of using EDS equipment as a
           total screening process for break bulk air cargo;93 
           o an air cargo security seals pilot, which is exploring the
           viability of potential security countermeasures, such as
           tamper-evident security seals, for use with certain
           classifications of exempt cargo;
           o the use of hardened unit loading devices, which are containers
           made of blast-resistant materials that could withstand an
           explosion on board the aircraft; and
           o the use of pulsed fast neutron analysis (PFNA) which allows for
           the identification of the chemical signatures of contraband,
           explosives, and other threat objects (see appendix V for more
           detailed information on DHS's and TSA's air cargo security pilot
           tests).

91The current technology pilots do not include tests to identify chemical
or biological weapons.

92The Conference Report accompanying the Department of Homeland Security
Appropriations Act, 2006, Pub. L. No. 109-90, 119 Stat. 2064 (2005),
directed $30 million to the Science and Technology Directorate to conduct
three cargo screening pilot programs testing different concepts of
operations. See H.R. Conf. Rep. No. 109-241, at 53 (2005).

93Computer-aided tomography is a method of producing a three-dimensional
image of the internal structures of an object from a large series of
two-dimensional X-ray images taken around a single axis of rotation.

TSA anticipates completing its pilot tests by 2008, but has not yet
established time frames for when it might implement these methods or
technologies for the inbound air cargo system. As noted, some of the
technologies being pilot-tested are currently employed or certified for
use in other areas of aviation security, to include air cargo. According
to DHS and TSA officials, further testing and analysis will be necessary
to make determinations about the capabilities and costs of these
technologies when employed for inspecting inbound air cargo at foreign
locations.

TSA and CBP Have Taken Some Steps to Coordinate Efforts Related to Inbound Air
Cargo Security, but Do Not Have Processes in Place to Communicate Important
Information

Pursuant to Homeland Security Presidential Directive 7, TSA is responsible
for coordinating with relevant federal agencies, such as CBP, to secure
the nation's transportation sector, including the air cargo system.94 TSA
and CBP have taken a number of steps to coordinate their respective
efforts to safeguard air cargo transported into the United States. For
example, CBP shared its experience in targeting international cargo
shipments with TSA to help the agency develop a system to target
elevated-risk domestic air cargo shipments for inspection.95 Moreover, in
2003, interagency working groups were established to share information on
TSA's technology development programs and CBP's air cargo targeting
activities, among other things. In addition, TSA and CBP officials at the
three U.S. airports we visited told us that both agencies discuss aviation
security issues, including inbound air cargo, during weekly or monthly
meetings with airport representatives and other aviation industry
stakeholders. These officials also stated that TSA and CBP staff located
at U.S. airports participate in operational planning and compliance
inspection activities, and that these task forces and inspection
activities may include inbound air cargo security issues.

94Homeland Security Presidential Directive 7 (HSPD-7), issued in December
2003, defines critical infrastructure protection responsibilities for DHS,
sector-specific agencies (those federal agencies given responsibility for
transportation, energy, telecommunications, and so forth), and other
departments and agencies. HSPD-7 specifically directed the Department of
Transportation and DHS to collaborate on all matters relating to
transportation security and transportation infrastructure protection. DHS
subsequently designated TSA as the lead agency for addressing HSPD-7 as it
relates to securing the nation's transportation sector.

95According to CBP officials, CBP is not currently assisting TSA with the
development of a system to target domestic air cargo for inspection.

While these collaborative efforts are important, the two agencies do not
have a systematic process in place to ensure that they are communicating
information on air cargo security programs and requirements, such as the
results of compliance oversight and targeting activities that could be
used to enhance the security of inbound air cargo. Both collect
information that each other could use. For example, if TSA's compliance
inspection results indicated that certain air carriers were in violation
of TSA air cargo inspection requirements, CBP could use this information
to assess the risk of inbound air cargo shipments from these particular
air carriers. Moreover, if air carrier inspections revealed routine
problems with certain types of shipments or certain shippers, CBP could
use this information to apply greater scrutiny to those types of shipments
or shippers. Likewise, if TSA's foreign airport assessments identify
airports that are not meeting international security standards, CBP could
use this information to improve its inbound air cargo targeting efforts.
TSA also requires air carriers transporting cargo into the United States
to randomly inspect a certain percentage of inbound cargo and compile
information on these inspections. These inspection results could indicate
which shipments were inspected, the outcome of those inspections, and the
location at which the inspections took place. Similarly, CBP collects
information that could be useful to TSA's efforts to secure inbound air
cargo. For example, information gathered from CBP's inbound air cargo
targeting and inspection activities could be used by TSA to help focus its
compliance oversight efforts on those air carriers whose shipments have
been identified by CBP as posing an elevated security risk. In addition,
the results of CBP officers' inspection of inbound air cargo could be used
by TSA to make risk-based decisions regarding the types of cargo air
carriers should be required to inspect, based on its contents and points
of origin, prior to its departure to the United States.

Without a systematic process to communicate relevant air cargo security
information, TSA and CBP are limited in their ability to most effectively
secure inbound air cargo. TSA and CBP officials agreed that a process to
improve information sharing could provide opportunities for enhancing
their respective efforts to secure inbound air cargo. Specifically, CBP
officials stated that information on the results of TSA's compliance
inspections of air carriers and assessments of foreign airport security,
as well as the results of air carrier inspections of air cargo prior to
its transport to the United States, could potentially help CBP in
targeting high-risk inbound air cargo shipments for inspection upon its
arrival in the United States. TSA officials also stated that having access
to the results of CBP's inbound air cargo targeting and inspection
activities could be used to potentially strengthen existing TSA air cargo
security requirements. Although both agencies agree that sharing relevant
air cargo information could help to more effectively secure inbound air
cargo, neither TSA or CBP has plans to establish a process to share
information on the other's air cargo security programs and requirements
and the results of compliance oversight and targeting activities that
could be used to enhance the security of inbound air cargo.

Foreign Air Cargo Security Practices and International Harmonization
Efforts Have Potential to Enhance Air Cargo Security, but May Be
Challenging to Implement

While some of the security practices employed by foreign governments that
regulate airports with high volumes of cargo and domestic and foreign air
carriers that transport large volumes of cargo are similar to those
required by TSA, we identified some security practices that are currently
not used by TSA that could have potential for strengthening the security
of inbound and domestic air cargo supply chains.96 Although TSA has
initiated a review of select countries' air cargo security practices, the
agency has not systematically compiled and analyzed information on actions
taken by foreign countries and foreign and domestic air carriers to
determine whether the benefits that these practices could potentially have
in strengthening the security of the U.S. and inbound air cargo supply
chain are worth the cost. In addition, DHS has begun working with foreign
governments to develop uniform air cargo security standards and to
mutually recognize each other's security standards, referred to as
harmonization. However, challenges to harmonizing security practices may
limit the overall impact of TSA's efforts.

96Specifically, these include security practices at 8 foreign airports, 4
of which rank among the world's 10 busiest cargo airports, and security
practices implemented by 7 of the world's 10 largest air cargo carriers.

Foreign Governments and Air Cargo Industry Stakeholders Have Taken Some Actions
That Might Provide Opportunities to Strengthen U.S. Domestic and Inbound Air
Cargo Security, but TSA Has Not Systematically Compiled and Analyzed This
Information

TSA, foreign governments, and foreign and domestic industry stakeholders
employ some similar air cargo security practices, such as inspecting a
specific percentage of air cargo or the use of specific technologies to
inspect air cargo. However, 18 of the 22 industry stakeholders and 9 of
the 11 countries we compiled information on reported that they have
implemented security practices that differ in some way from those required
by TSA to ensure the security of air cargo they transport both within
their own countries and into the United States. Some of these practices
could potentially be used to mitigate terrorist threats and strengthen TSA
efforts to secure inbound air cargo when employed in conjunction with
current TSA security practices. While we observed a range of security
practices used by foreign countries, we identified four categories of
security practices implemented by foreign governments and foreign and
domestic air carriers that could potentially enhance the agencies' efforts
to secure air cargo. These practices include (1) the use of air cargo
inspection technologies and methods, (2) the percentage of air cargo
inspected, (3) physical security and access control methods for air cargo
facilities, and (4) procedures for validating known shippers.97 We focused
on these practices based on input from air cargo industry stakeholders. We
did not compare the effectiveness or cost of foreign practices with
current TSA requirements and practices. Rather, we determined whether the
use of these security practices differed from existing TSA efforts to
secure domestic and inbound air cargo and could have the potential to
augment the department's current efforts to secure domestic and inbound
air cargo. For additional information on actions taken by domestic and
foreign air carriers with operations overseas and air cargo industry
stakeholders to secure air cargo, see the table in appendix VI. Additional
information about the actions taken by foreign governments to secure air
cargo is included in the table in appendix VII.

  Air Cargo Inspection Technologies and Methods

Three of the 17 air carriers and 1 of the 7 countries we visited require
the use of large X-ray machines to inspect entire pallets of cargo
transported on passenger aircraft.98 These machines allow for cargo on
pallets to undergo X-ray inspection without requiring the pallet to be
broken down and reconfigured. Government officials from the country that
uses large X-ray machines stated that this technology allows for the
expedited inspection of high volumes of large cargo items, without
impeding the flow of commerce. CBP also uses this technology to inspect
inbound air cargo once it enters the United States. While DHS's S&T and
TSA have recently begun to research large X-ray technology, TSA officials
stated that the agency has not established time frames for developing and
testing X-ray technology capable of inspecting large pallets of cargo
transported domestically or at a foreign location prior to its transport
to the United States. Without further consideration of the use of large
X-ray technology, which may have been enhanced over the past 8 years, TSA
may be limited in its ability to make such determinations regarding its
effectiveness in the post-September 11 air cargo environment.

97TSA uses the term "known shipper" to refer to shippers of cargo that
have met certain criteria established by the agency and have an
established shipping history with an air carrier or indirect air carrier.
These entities are also referred to as known consignors in other
countries.

98These figures may be higher than reported because some countries we
visited and air carriers we met with were not specific about the type of
X-ray technology they employ.

In addition, three domestic all-cargo carriers with operations overseas
have independently chosen to employ radiation detection technologies to
inspect air cargo for potential WMD and other radiological items prior to
the cargo being transported on an all-cargo aircraft. Specifically, one
all-cargo air carrier determined that the introduction of a WMD onto
aircraft poses a significant threat. As a result, this carrier inspects
cargo shipments using radiation detection portals and handheld radiation
detectors. According to TSA officials, the agency does not currently
require air carriers to conduct inspections of air cargo to detect WMD
prior to its transport into the United States because the agency considers
mitigating the threat of WMD to be the responsibility of CBP.

Further, two European countries are currently using canines in a different
manner than TSA to inspect air cargo for explosives. Specifically, these
countries are using the Remote Air Sampling for Canine Olfaction (RASCO)
technique, which involves the use of highly trained dogs to sniff air
samples collected from air cargo or trucks through a specially designed
filter. The dogs sniff a series of air samples to determine whether or not
there is a trace of explosives and indicate a positive detection by
sitting beside the sample. According to foreign government officials
representing two of the countries that use this technique, tests to
determine the effectiveness of this practice have shown that RASCO has a
very high rate of effectiveness in detecting traces of explosives in
cargo. According to foreign government officials, this inspection method
can be used on cargo that is difficult to inspect using other methods, due
to size, density, or clutter, and does not require the breakdown of large
cargo pallets. Further, officials stated that the dogs used in RASCO do
not tire as easily as dogs involved in searching cargo warehouses, and can
therefore be used for a longer period of time.99 Both TSA and CBP have
certified canine teams for use in detecting explosives in baggage and
currently use dogs for air cargo inspection. These canine teams are
currently used to search narrow and wide-body aircraft, vehicles,
terminals, warehouses, and luggage in the airport environment. According
to TSA officials, while the results of previous agency tests of RASCO
raised questions about its effectiveness, they continue to work with their
international counterparts to obtain information on the feasibility of
using RASCO to inspect air cargo. TSA officials stated that the agency has
not yet determined whether RASCO is sufficiently effective at finding
explosive in quantities that could cause catastrophic damage to an
aircraft and whether this technique will be approved for use in the United
States.

  Percentage of Air Cargo Inspected

The majority of the countries we visited and the majority of air carriers
we spoke with have taken several actions to increase the percentage of air
cargo that is inspected as well as using threat information to target
certain cargo for inspection prior to transport. For example, 6 of the 17
foreign and domestic air carriers we met with are either required by their
host government or have independently chosen to inspect a higher
percentage of air cargo shipments, with X-ray technology or other
inspection methods, than is currently required by TSA.100 Air carrier
officials stated that the decision to inspect a higher percentage of air
cargo is based on several considerations, including concerns about the
terrorist threat to passenger aircraft, as well as concerns regarding the
security of the air cargo supply chain in their host country. In addition,
in 4 of the 7 countries we visited, air cargo inspections are conducted
earlier in the supply chain prior to the cargo's consolidation and
delivery to airports. Specifically, the governments in these 4 countries
permit inspections to be conducted by regulated agents who meet certain
government requirements, such as maintaining an approved security
program.101 Foreign government officials we spoke with stated that this
practice contributed to the security of air cargo because it increased the
total amount of cargo inspected and facilitated the inspection of cargo
earlier in the supply chain. Finally, the majority of air carriers we
spoke with have independently chosen to use available threat information
to determine how much scrutiny and what methods to apply to certain cargo
prior to its transport on aircraft. Specifically, 9 of the 17 passenger
and all-cargo air carriers we interviewed target their air cargo
inspection efforts based on analyses of available threat information,
among other factors that could affect air cargo security.

99Unlike for RASCO, canines used to physically search cargo storage
facilities and aircraft can typically work for about 30-minute intervals
at a time before needing to rest.

100Officials from one foreign passenger air carrier stated that, because
of unique security concerns, their personnel are required to inspect 100
percent of air cargo transported on their aircraft. These officials also
acknowledged that they are able to inspect 100 percent of air cargo
because of the small volume of cargo transported in this country and the
small amount of passenger flights.

TSA recently increased the amount of cargo air carriers are required to
inspect and initiated efforts to require freight forwarders to inspect
domestic air cargo earlier in the supply chain. The agency, however, has
not evaluated the procedures foreign countries and air carriers use to
inspect a higher percentage of air cargo without affecting the flow of
commerce to determine whether the cost of using these procedures would be
worth the potential benefits of enhanced security. Moreover, unlike the
majority of foreign and domestic air carriers we interviewed, TSA does not
adjust the percentage of air cargo air carriers are required to inspect
based on threat information related to specific locations. While TSA
requires passenger air carriers to implement additional security
requirements for inspecting checked baggage and passengers for flights
departing from high-risk locations, the agency has not implemented
additional requirements for air cargo departing from these same locations.
Agency officials stated that new air cargo security requirements,
contained in the agency's air cargo security rule, are adequate to
safeguard all air cargo transported into the United States, including
cargo transported from high-risk locations. TSA officials added that the
agency would consider implementing additional air cargo security
requirements for high-risk locations if intelligence information became
available that identified air cargo transported from these locations as
posing a high risk to the United States. CBP, however, currently considers
information on high-risk locations to identify cargo that should undergo
inspection upon its arrival in the United States. In October 2006, TSA
issued an emergency amendment requiring indirect air carriers, under
certain conditions, to inspect a certain percentage of air cargo prior to
its consolidation. While TSA's efforts to require freight forwarders to
inspect domestic air cargo earlier in the supply chain have the potential
for enhancing domestic air cargo security, we have previously identified
problems with TSA's oversight of freight forwarders to ensure they are
complying with air cargo security regulations.102

101According to European Union Regulation 2320, a regulated agent is an
agent, freight forwarder, or other entity that conducts business with an
air carrier and provides security controls that are accepted or required
by the appropriate authority in respect of cargo, courier, and express
parcels or mail. In the United States, "indirect air carrier" (IAC) is the
term used to refer to freight forwarders validated by TSA.

  Physical Security and Access Controls for Air Cargo Facilities

In addition to inspecting air cargo prior to its transport on aircraft, we
identified additional security practices implemented by air carriers and
foreign governments to physically secure air cargo and air cargo
facilities. For example, two foreign governments require that all air
cargo be stored in a secured terminal facility located within a restricted
area of the airport to prohibit tampering to the cargo prior to its
loading onto an aircraft. At some airports with restricted areas,
individuals accessing these areas must first undergo physical screening
through the use of walk-through metal detectors or biometric
identification systems. For instance, one all-cargo air carrier uses a
biometric hand-scanning identification system to grant employees access to
air cargo storage facilities. In addition, 10 of the 17 air carriers we
interviewed are subject to audits of the access controls at air cargo
facilities to assess security vulnerabilities at such a facility. If the
test results in a breach of security, all cargo contained within the
breached facility must be inspected before it is permitted to be loaded
onto a passenger or all-cargo aircraft. TSA acknowledged the importance of
enhancing the security of air cargo and air cargo facilities, and included
provisions in the agency's air cargo security rule for applying or
expanding the secure identification display area (SIDA) requirements at
U.S. airports to include areas where cargo is loaded and unloaded.103
However, TSA has no plans to require additional air cargo access control
measures.

  Procedures for Validating Known Shippers

Two of the 7 countries we visited employ stringent programs for validating
known shippers that differ from the program used in the United States. For
example, 1 country we visited requires its known shippers or those
shippers that have met certain criteria and have an established shipping
history, referred to as known consignors in the country, to be validated
by government-approved contractors. Prior to implementing this
requirement, the country's consignor program allowed regulated agents and
airlines to assess and validate their own consignors with whom they did
business. However, according to government officials, the previous program
was ineffective because it allowed for breaches in the security of the air
cargo supply chain, such as the implementation of weak security programs
by shippers and conflicts of interest among air carriers and their
customers.104 We previously reported on the limitations of TSA's current
known shipper program, such as the relative ease of TSA's requirements for
becoming a known shipper.105 Under this foreign country's new program,
validations of known consignors are conducted by independent third parties
that have been selected, trained, and accredited by the government. The
government maintains the authority to remove a validator from an approved
list, accompany a validator on a site visit, or conduct unscheduled spot
visits to known consignor sites.

102 [50]GAO-06-76 .

103An airport's SIDA is not to be accessed by passengers and typically
encompasses areas near terminal buildings, baggage loading areas, and
other areas that are close to parked aircraft and airports facilities,
including air traffic control towers and runways used for landing, take
off, or surface maneuvering. SIDA security requirements include security
awareness training for all workers with access to area, measures to detect
and respond to unauthorized presence in the SIDA area, and access controls
that meet performance standards (for example, proximity cards and personal
identification number).

To become known in this particular country, the consignor can choose from
a list of over 100 validators to schedule a validation inspection. The
validation process is conducted using a checklist of security requirements
that includes the physical security measures in place at the site, staff
recruitment, personnel background checking and security checks, access
control to the site, air cargo packing procedures, and storage of secure
cargo, among other things.106 After the initial validation inspection,
consignors must be reassessed every 12 months to retain their known
status. During the first round of assessments conducted, 70 percent of
existing known customers failed to become known consignors because of the
stricter security requirements in place under the new scheme. Since the
new validation program requires program participants to implement stricter
security practices for securing air cargo before it is delivered to the
air carrier, it helps to ensure that cargo coming from known consignors
has been adequately safeguarded.

104Under this foreign country's previous validation program, shippers
could become known if they were validated by a certified regulated agent
and underwent site and operations inspections at least once a year. The
cargo from these customers was then considered "secure" or "known." In
2003, the country's government introduced a new program that removed the
responsibility for assessing consignors from regulated agents and
airlines. Validations have since been carried out by independent,
government-appointed validators.

105 [51]GAO-06-76 .

106Recruitment procedures must include a reference check of at least 5
years, or until the end of full-time education, without gaps.

While TSA's air cargo security rule contains provisions for enhancing the
agency's known shipper program, such as making air carrier and indirect
air carrier participation in the agency's centralized database mandatory,
it did not modify TSA's current process for validating known shippers,
which remains the responsibility of indirect air carriers and air
carriers.107 Accordingly, passenger, all-cargo, and indirect air carriers
will continue to be responsible for entering shipper information into
TSA's central known shipper database, which may allow for potential
conflicts of interest because air carriers who conduct business with
shippers will also continue to have the authority to validate these same
shipping customers. TSA officials stated that the agency will continue to
rely on its mandatory centralized known shipper database that allows air
carriers and indirect air carriers to validate shippers as known until it
develops a system that would enable TSA to validate known shippers.
According to TSA officials, however, the agency is not considering
implementing a program that relies on an independent third party to
validate shippers because high administrative costs, combined with the
large number of shippers located within the United States, may make it
difficult to implement a third-party validation program. Foreign
government officials stated that using third parties to validate shippers
has enhanced the countries' air cargo security by reducing the number of
shippers that are considered known and by introducing more security
controls at an earlier point in the supply chain. Although the
implementation of a third-party validation program may be challenging in
the United States, without further analysis of such a program, TSA may be
missing an opportunity to determine the extent to which all or parts of a
similar scheme could be incorporated into the agency's current air cargo
security practices.

107Additional information on TSA's Known Shipper program and database is
contained in our report on domestic air cargo security ( [52]GAO-06-76 ).

TSA Is Exploring the Applicability of Some Foreign Air Cargo Security Practices
to the United States, but the Agency Has Not Systematically Compiled and
Analyzed These Practices to Assess Their Viability

We previously reported that in order to identify innovative security
practices that could help further mitigate terrorism-related risk to
transportation sector assets--especially as part of a broader risk
management approach discussed earlier--it is important to assess the
feasibility as well as the costs and benefits of implementing security
practices currently used by foreign countries.108 However, DHS has not
taken systematic steps to compile or analyze information that could
contribute to the security of both domestic and inbound air cargo. In
response to a recommendation made by DHS's Science and Technology
Directorate, TSA has taken initial steps to learn more about foreign air
cargo security technologies and practices that could be applied in the
United States.109 For example, according to TSA officials, the agency
collects information on the security measures implemented by countries
from which air carriers transport air cargo into the United States. In
addition, the United States has agreements with several countries that
allow TSA to visit and compile information on their aviation security
efforts, including those related to air cargo. Likewise, officials from
these countries are allowed to visit the United States to learn about
DHS's aviation security measures.

TSA officials acknowledge that further examination of how foreign air
cargo security practices may be applied in the United States could yield
opportunities to strengthen the department's overall air cargo security
program. While TSA has obtained some information on foreign air cargo
security efforts, TSA officials acknowledged that the agency has not
systematically compiled and analyzed information on foreign air cargo
security practices to determine those, if any, that could be used to
strengthen the agency's efforts to secure air cargo. TSA officials stated
that while some foreign air cargo security practices may hold promise for
use in the United States, the agency and the air cargo industry face
challenges in implementing some of these practices because the U.S. air
cargo transportation system involves multiple stakeholders and is
responsible for transporting large amounts of cargo on both passenger and
all-cargo aircraft. While large amounts of air cargo are transported to
and from U.S. airports on a daily basis, we identified air cargo security
practices implemented at foreign airports that also process large volumes
of air cargo shipments that may have application to securing domestic and
inbound air cargo operations. For example, we observed the security
practices at 8 foreign airports, 4 of which rank among the world's 10
busiest cargo airports. In addition, some of the security practices we
identified are being implemented by air carriers that transport large
volumes of air cargo. Specifically, we spoke with air carrier officials
representing 7 of the world's 10 largest air cargo carriers.

108GAO, Passenger Rail Security: Enhanced Federal Leadership Needed to
Prioritize and Guide Security Efforts, [53]GAO-05-851 (Washington, D.C.:
September 2005), and GAO, Aviation Security: Further Steps Needed to
Strengthen the Security of Commercial Airport Perimeters and Access
Controls, [54]GAO-04-728 (Washington, D.C.: June 2004).

109DHS, Science and Technology Directorate, "Systems Engineering Study of
Civil Aviation Security-Phase I," April 7, 2005.

DHS Is Working with Foreign Governments and Air Cargo Stakeholders to Harmonize
Air Cargo Security Efforts, but Inherent Challenges May Affect Their Progress

In addition to taking initial steps to collect information on foreign air
cargo security practices, DHS has also begun efforts to work with foreign
governments to develop uniform air cargo security standards and to
mutually recognize each other's air cargo security practices--referred to
as harmonization. Harmonization has security as well as efficiency
benefits, including better use of resources and more effective information
sharing. However, working with foreign governments to achieve
harmonization may be challenging because these efforts are voluntary.
Additionally, many countries around the world may lack the resources or
infrastructure needed to develop an air cargo security program as
developed as that of the United States.

  TSA and CBP Are Working with Foreign Governments to Develop Uniform Standards

One way TSA is working with foreign governments is by collaborating on the
drafting of international air cargo security standards. For example,
according to TSA officials, agency representatives worked with foreign
counterparts to develop Amendment 11 to ICAO's Annex 17, issued in June
2006, which sets forth new standards and recommended practices related to
air cargo security. In addition, TSA is working with the European Union to
develop a database containing information on shippers and freight
forwarders that will be shared between the United States and European
Union member states. As of January 2007, TSA was negotiating with the
European Union on (1) how information in the databases will be shared, (2)
what information will be shared, and (3) how the shared information will
be used by each entity. Currently, the European Union database can
transmit data to the TSA system as part of the development and testing of
the European Union system. However, TSA's system will not be able to
transmit data to the European Union's database until TSA's new known
shipper and indirect air carrier databases are online, which TSA expects
to occur sometime in late 2007.

CBP has also engaged in efforts to develop uniform air cargo security
standards with select foreign countries. Specifically, CBP undertook a
study with the Canadian Border Services Agency (CBSA) to identify similar
air cargo security practices being carried out by CBP and CBSA and areas
in need of improvement. The study made recommendations to enhance both
agencies' efforts to secure air cargo that included specific steps the
agencies can take to harmonize security measures. For example, the study
recommended that CBP and CBSA explore harmonizing air cargo targeting and
inspection protocols, including the use of detection technology. The study
also recommended that the two agencies share knowledge of emerging
technologies. CBP's fiscal years 2007-2011 Strategic Plan for Securing the
Nation's Borders at Ports of Entry recognizes the need to partner with
foreign governments to share relevant information in an effort to improve
cargo security, including cargo transported by air.

According to foreign government and international air cargo industry
representatives, the development of uniform air cargo security
requirements and measures could provide security benefits by eliminating
ineffective requirements and practices and focusing on automated or
nonintrusive inspection technologies that could be universally employed to
reduce the potential for human error. The cargo security mission of the
International Air Transport Association, according to the association's
cargo security strategy 2006/2007, is to simplify cargo security by
developing an integrated approach that involves all key supply chain
stakeholder groups, and which is proportionate to the threat, effective,
harmonized, and sustainable. The World Customs Organization's Framework of
Standards to Secure and Facilitate Global Trade has also called for
aviation and customs security requirements to be harmonized into one
integrated solution, to the extent possible.

Foreign air carrier officials we spoke with also stated that developing
uniform air cargo security standards related to performing background
checks on air cargo workers, training air cargo workers, and controlling
access to air cargo facilities would increase security levels in these
areas. These officials added that uniform air cargo security requirements
could facilitate industry compliance with security requirements. Further,
foreign air carrier representatives and foreign government officials
discussed the need to harmonize the terms used in the air cargo
environment. For example, TSA uses the term "indirect air carriers" when
referring to certified freight forwarders, whereas most other countries
refer to these entities as "regulated agents." In addition, TSA uses the
term "known shipper" to refer to certified shippers, while most other
nations use the term "known consignor" when referring to these same
entities. Harmonized terminology would provide air cargo industry
stakeholders clarification on which security requirements apply to them.

Foreign and U.S. air cargo industry representatives and foreign government
officials added that there is currently too much variation among countries
regarding what type of air cargo must be inspected, what types of cargo
are exempt from inspection, which entities should conduct the inspections,
and what methods or technologies should be used to inspect air cargo.
These representatives and officials stated that a harmonized inspection
process would reduce duplicative efforts to inspect cargo shipments in
order to meet different countries' security requirements. According to
industry officials, having to implement duplicative security requirements,
particularly those related to air cargo inspections, can impede the flow
of commerce, expose air cargo shipments to theft, and damage high-value
items. For example, representatives from a U.S. air carrier stated that in
one Asian country, government employees inspect 100 percent of outbound
air cargo transported on a passenger air carrier. However, to meet U.S.
requirements, TSA requires passenger air carriers transporting air cargo
into the United States to inspect a certain percentage of nonexempt cargo
shipments, which would have already been inspected by the foreign
government. Air carrier representatives stated that meeting TSA inspection
requirements is problematic in certain foreign countries because air
carriers are not permitted to re-inspect air cargo shipments that have
already been inspected by foreign government employees and deemed secure.
These conflicts and duplication of effort could be avoided through
mutually acceptable uniform air cargo security standards developed jointly
between the United States and foreign countries. However, we recognize
that because foreign countries' requirements are so varied, and the
threats to certain foreign airports are less than to others, TSA would
have to consider accepting other countries' inspection requirements on a
case-by-case basis to determine the viability of such an option. According
to TSA officials, developing stronger uniform international standards
would improve the security of inbound air cargo and assist TSA in
performing its mission. For example, TSA officials stated that the
harmonization of air cargo security standards would provide a level of
security to those entities not currently regulated by the agency, such as
foreign freight forwarders and shippers.

  TSA and CBP Are Partnering with Foreign Governments to Begin Mutual
  Recognition of Air Cargo Security Requirements

TSA has taken additional steps to begin mutual recognition of foreign air
cargo security requirements in an effort to enhance the security of
inbound air cargo. For example, TSA officials stated that the agency
approved amendments to air carriers' security programs in November 2001
permitting those carriers operating out of the United Kingdom, France,
Switzerland, Israel, and Australia to implement the air cargo security
requirements of these foreign countries, in lieu of TSA's. TSA officials
stated that these five countries were selected based on agency officials'
recommendations and a review of the countries' security programs to
determine if country requirements and practices met or exceeded TSA
requirements.110 In contrast, those air carriers operating out of a
foreign country other than the five previously identified must implement
their host government's requirements in addition to TSA's. Officials added
that in order for these countries' air cargo security programs to remain
recognized by TSA, they must have met or exceeded TSA's air cargo security
requirements, including new requirements set forth in the air cargo
security rule. TSA officials further stated that they do not currently
have plans to review other countries' air cargo security measures and that
such reviews would be predicated on a host countries' request.

In addition, air carriers may seek TSA's approval of amendments to their
security programs that would enable the air carrier to implement
alternative air cargo security measures that satisfy TSA's minimum
security requirements while maintaining compliance with the security
requirements of the host government. According to TSA officials, the
agency will approve these alternative measures as long as TSA deems that
they meet ICAO's standards and TSA's minimum requirements. For example,
officials noted that some foreign governments allow cargo from unknown
shippers to be transported on passenger aircraft after that cargo is
inspected. Although this measure differs from the requirements in place in
the United States that do not permit cargo from unknown shippers to be
transported on passenger aircraft, TSA officials stated that the ICAO
standards are being met and air carriers operating out of such countries
are permitted to transport cargo into the United States.

Foreign government officials, embassy officials, and foreign industry
members with whom we met also stated that to lessen the burden on airports
and air carriers, TSA should consider accepting the results of ICAO or
European assessments of airports with passenger air carrier service to the
United States, and air carrier compliance inspections conducted by the
European Union in lieu of conducting their own assessments and
inspections. According to foreign government officials, in addition to TSA
air carrier inspections and foreign airport assessments, air carriers
located at foreign locations and airports around the world are subject to
inspections by ICAO, as well as their host country. The European Union has
also recently begun to conduct its own assessments of the security of
airports located within its member states. Officials from one country told
us that TSA should consider accepting the results of European Union
assessments in light of the progress the European Union has made in
developing its oversight program.

110TSA officials stated that as of October 2006, the agency had completed
its reexamination of the air cargo security requirements of these five
countries and confirmed that security procedures were in place to meet the
requirements.

Foreign government officials also expressed concern over TSA's inspections
of foreign air carriers, saying that TSA lacks the authority under host
government or international laws to assess foreign air carriers'
compliance with TSA's security requirements that exceed ICAO's standards.
Notwithstanding this view, TSA is authorized under U.S. law to ensure that
all air carriers, foreign and domestic, operating to, from, or within the
United States maintain the security measures included in their
TSA-approved security programs and any applicable security directives or
emergency amendments issued by TSA.111 Although TSA security requirements
support the ICAO standards and recommended practices, TSA may subject air
carriers operating to, from, or within the United States to any
requirements necessary and assess compliance with such requirements, as
the interests of aviation and national security dictate.112

TSA officials acknowledged that they have discussed the possibility of
using European Union airport assessment results to either prioritize the
frequency of TSA's assessments or to conduct more focused TSA assessments
at European Union airports. According to TSA officials, the agency may
also be able to use host government or third-party assessments to
determine the aviation security measures to focus on during TSA's own
airport assessments in foreign countries. TSA is also considering reducing
the number of assessments conducted at airports that are known to have
effective security measures in place and focus inspector resources on
airports that are known to have less effective security measures in place.
In addition, TSA is considering having a TSA inspector shadow a European
Union inspection team for 1 or 2 days to validate the results of European
Union assessments. Another option would be for TSA and the European Union
to leverage their resources by conducting joint airport assessments.
According to a European Union official, however, member states recently
met to discuss sharing European Union assessment results with TSA.
Specifically, member states determined that until the European Union and
TSA agree on how they will share sensitive security information with each
other and how they will conduct joint assessments of each other's
airports, that at this time they will not share the results of European
Union airport assessments with TSA. The European Union official further
stated that member states will not share their European Union airport
assessment results with TSA unless TSA reciprocates. The official added
that member states may share the results of airport assessments conducted
by their own internal auditing entities with TSA, but it would be illegal
for member states to share their European Union assessment results with
TSA.

111See 49 U.S.C. SS 44903, 44906; see also 49 C.F.R. SS 1544.3, 1546.3.

112See 49 U.S.C. S 44906.

TSA is also working closely with the European Union to develop mutually
acceptable air cargo security measures. For example, in March 2005 a
bilateral meeting on air cargo security was held between the European
Union and the United States. An objective of this meeting was to share
information on the air cargo security policies being developed by both,
which, in turn, may encourage mutual acceptance. The development of the
European Union/United States joint air cargo database was a focus of this
meeting. The meeting also provided the European Union an opportunity to
comment on TSA's notice of proposed rule making on air cargo security
before the rule was finalized.

  Challenges to DHS's Harmonization Efforts May Affect Progress

Despite DHS's efforts to harmonize international air cargo security
practices, a number of key obstacles, many of which are outside of DHS's
control, may impede their progress. For example, because international
aviation organizations, such as ICAO, have limited enforcement authority,
they can only encourage, but generally not require, countries to implement
air cargo security standards or mutually accept other countries' security
measures. In addition, the implementation of uniform air cargo security
standards may require the expenditure of limited resources. For example,
according to European Union and air cargo industry officials, those
countries with air cargo security programs that are less advanced than
those of the European Union and the United States may not have the
resources or infrastructure necessary to enhance their air cargo security
programs.

In addition, some foreign governments do not share DHS's view regarding
the threats and risk associated with air cargo. For example, CBP has
identified the introduction of terrorist weapons, including a WMD, as the
primary threat to cargo entering the United States. Government officials
from one country we met with, however, stated that they do not view the
introduction of a WMD as a significant threat to air cargo security.
Officials from another country stated that, unlike DHS, they do not
consider stowaways as a primary threat to air cargo, while an official
from a third country noted that it does not differentiate between the
threats to passenger air carriers and those to all-cargo carriers. In
addition, while TSA prohibits cargo from unknown shippers from being
transported on passenger aircraft, the European Union and one Asian
country we obtained information from allows cargo from unknown shippers to
be transported on passenger aircraft after the cargo is inspected. These
countries also inspect 100 percent of cargo from unknown shippers that is
transported on all-cargo aircraft, while TSA requires all-cargo air
carriers to randomly inspect a portion of the air cargo they transport.
These differing approaches to air cargo security may make the
harmonization of inspection requirements difficult to achieve.

Further, TSA faces legal challenges in mutually accepting the results of
other entities' airport assessments. According to TSA officials, the
agency interprets its statutory mandate to conduct assessments of foreign
airports to mean that TSA must physically observe security operations at a
foreign airport. This interpretation, according to TSA, precludes TSA from
relying solely on third-party or host government assessments. If the
Secretary of DHS, on the basis of the results of a TSA assessment,
determines that a foreign airport does not maintain and carry out
effective security measures, the Secretary must take further action. Such
actions include, among others, notifying appropriate authorities of the
foreign government of deficiencies identified, providing public notice
that the airport does not maintain and carry out effective security
measures, or suspending service between the United States and the airport
if it is determined a condition exists that threatens the safety or
security of the passengers, aircraft, or crew, and such action is in the
public interest.113 TSA officials noted that unlike DHS, ICAO has limited
enforcement capabilities. However, TSA officials stated that the agency is
taking steps to further emphasize reciprocity with other governments by
encouraging them to assess airports within the United States.114 Such an
effort could help facilitate the agency's foreign airport assessments and
air carrier inspections.

113See 49 U.S.C. S 44907(c)-(e).

TSA officials also stated that although they are working with the European
Union to develop a process to share airport assessment and inspection
results, the agency currently does not have an agreement with either the
European Union or ICAO to share assessment results. TSA officials added
that even if they obtain access to these results, TSA is still legally
required to conduct its own assessments of airports at which air carriers
have operations into the United States and will continue with inspections
of air carriers that transport cargo into the United States. Information
on the results of other governments' airport assessments and air carrier
inspections could help TSA focus its oversight resources on those
countries and carriers that may pose a greater risk to the United States.
In addition, foreign government and embassy officials noted that it will
be difficult to harmonize air cargo security standards and requirements
until the international community develops an approach for sharing
sensitive information, such as security requirements. Developing a process
for sharing sensitive information could help the United States and other
countries improve their understanding of each others' security measures
and identify overlapping or contradicting security requirements.

Conclusions

While DHS has made significant strides in strengthening aviation security,
it is still in the early stages of developing a comprehensive approach to
ensuring inbound air cargo security. Until TSA and CBP take additional
actions to assess the risks posed by inbound air cargo and implement
appropriate risk-based security measures, U.S.-bound aircraft transporting
cargo will continue to be vulnerable to terrorist attack. In October 2005,
we recommended that TSA take a number of actions designed to strengthen
the security of the nation's domestic air cargo transportation system.
Similar actions, if effectively implemented, could also strengthen the
department's overall efforts to enhance the security of inbound air cargo,
both before the cargo has departed a foreign nation and once it has
arrived in the United States. We are encouraged by TSA's initial efforts
to use a risk-based approach to guide its investment decisions related to
inbound air cargo security while at the same time addressing other
pressing aviation and transportation security priorities. However, risk
management efforts should begin with a strategy that includes specific
goals and objectives, which TSA has not yet identified. Likewise, TSA's
efforts to prioritize inbound air cargo assets and guide decisions about
protecting them could be strengthened by establishing a methodology and
time frames for completing risk assessments of inbound air cargo and
determining how to use the results to target security programs and
investments. Further, while TSA has drafted new requirements for securing
inbound air cargo, without reexamining the rationale for existing
inspection exemptions specific to air cargo transported into the United
States on passenger aircraft and making any needed adjustments to these
exemptions, there will continue to be a vulnerability that could be
exploited by terrorists. Moreover, without developing an inspection plan
that includes performance goals and measures to gauge air carrier
compliance with air cargo security requirements, TSA cannot readily
identify those air carriers that are achieving an acceptable level of
compliance and focus the agency's inspection resources on those air
carriers with higher levels of noncompliance that may pose a greater risk.

114According to TSA officials, the concept of reciprocity has been a part
of TSA's airport assessment program since its inception.

Coordination and communication between TSA and CBP is also important to
ensuring that gaps do not exist in the security of inbound air cargo.
Without effectively sharing information, TSA's and CBP's inbound air cargo
security activities may be less efficient and effective. While TSA and CBP
have separate missions within DHS, their responsibilities for the security
of air cargo are complementary. A strategy that clearly defines TSA's and
CBP's roles and responsibilities with regard to securing inbound air cargo
could help ensure that all areas of inbound air cargo security are being
addressed. TSA and CBP also lack a systematic process to share relevant
air cargo security information, such as the results of air carrier
compliance inspections and foreign airport assessments that could enhance
both agencies' efforts to secure air cargo. Such a process could provide
opportunities for enhancing TSA's and CBP's respective efforts to secure
inbound air cargo.

TSA's efforts to coordinate with foreign governments and air cargo
stakeholders are an important step toward developing enhanced and mutually
agreeable international air cargo security standards. While TSA has taken
steps to obtain information on foreign air cargo security practices,
further examination of how these practices may be applied in the United
States could yield opportunities to strengthen the department's overall
air cargo security program. Doing so could also enable the United States
to leverage the experiences and knowledge of foreign governments and
international air cargo industry stakeholders and help identify additional
innovative practices to secure air cargo against a terrorist attack in
this country.

Recommendations for Executive Action

To help ensure that the Transportation Security Administration and Customs
and Border Protection take a comprehensive approach to securing air cargo
transported into the United States, in the restricted version of this
report we recommended that the Secretary of Homeland Security direct the
Assistant Secretary for the Transportation Security Administration and the
Commissioner of U.S. Customs and Border Protection to take the following
two actions:

(1) Develop a risk-based strategy, either as part of the existing air
cargo strategic plan or as a separate plan, to address inbound air cargo
security, including specific goals and objectives for securing this area
of aviation security. This strategy should clearly define TSA's and CBP's
responsibilities for securing inbound air cargo, as well as how the
agencies should coordinate their efforts to ensure that all relevant areas
of inbound air cargo security are being addressed, particularly as they
relate to mitigating the threat posed by weapons of mass destruction.

(2) Develop a systematic process for sharing information between TSA and
CBP that could be used to strengthen the department's efforts to enhance
the overall security of inbound air cargo, including, but not limited to,
information on the results of TSA inspections of air carrier compliance
with TSA inbound air cargo security requirements and TSA assessments of
foreign airports' compliance with international air cargo security
standards.

To help strengthen the Transportation Security Administration's inbound
air cargo security efforts, we recommend that the Secretary of Homeland
Security direct the Assistant Secretary for the Transportation Security
Administration to take the following four actions:

(3) establish a methodology and time frame for completing assessments of
inbound air cargo vulnerabilities and critical assets, and use these
assessments as a basis for prioritizing the actions necessary to enhance
the security of inbound air cargo;

(4) establish a time frame for completing the assessment of whether
existing inspection exemptions for inbound air cargo pose an unacceptable
vulnerability to the security of air cargo, and take steps, if necessary,
to address identified vulnerabilities;

(5) develop and implement an inspection plan that includes performance
goals and measures to evaluate foreign and domestic air carrier compliance
with inbound air cargo security requirements; and

(6) in collaboration with foreign governments and the U.S. air cargo
industry, systematically compile and analyze information on air cargo
security practices used abroad to identify those that may strengthen the
department's overall air cargo security program, including assessing
whether the benefits that these practices could provide in strengthening
the security of the U.S. and inbound air cargo supply chain are
cost-effective, without impeding the flow of commerce.

Agency Comments and Our Evaluation

We provided a draft of this report to DHS for review and comments. On are
reproduced in full in appendix VIII. DHS generally concurred with the
report and recommendations.

With regard to our recommendation to develop a risk-based strategy to
address inbound air cargo security which clearly defines TSA's and CBP's
responsibilities for securing inbound air cargo, particularly as they
relate to mitigating the threat posed by weapons of mass destruction, DHS
stated that CBP is in the preliminary stages of developing its Air Cargo
Security Strategic Plan. According to DHS, the draft plan includes goals
and objectives, such as capturing accurate advance information to
effectively screen air cargo shipments; accounting for and reconciling all
high-risk air cargo shipments arriving from foreign destinations;
developing and enhancing partnerships to strengthen air cargo security
while continuing to facilitate the movement of legitimate trade; and
controlling, inspecting and interdicting all air cargo that may pose a
threat to national security of the United States. DHS also stated that CBP
is coordinating with TSA in the refinement of CBP's Air Cargo Security
Strategic Plan. Current efforts include discussions with TSA management
and the review of relevant information in the classified TSA air cargo
threat assessment. DHS further stated that CBP plans to collaborate with
TSA during the vetting stage of CBP's Air Cargo Strategic Plan to ensure
coordination of efforts and seamless implementation. Further, DHS stated
that TSA plans to revise its existing Air Cargo Strategic Plan in fiscal
year 2007, and will consider including a strategy for addressing inbound
air cargo transported on passenger and all-cargo aircraft. DHS stated that
TSA will identify and include specific goals and objectives for securing
this area of aviation security and will work with CBP to share best
practices in mitigating threats posed by weapons of mass destruction.
While DHS has recognized the need for CBP and TSA to work together to
address inbound air cargo security threats, DHS has not indicated whether
the Air Cargo Strategic Plan CBP is developing or TSA's revised Air Cargo
Strategic Plan will provide a risk-based strategy for how the agencies
will coordinate their respective efforts to ensure the security of air
cargo transported into the United States, particularly as they relate to
mitigating the threat posed by weapons of mass destruction. Taking such
action would be necessary to fully address our recommendation.

Concerning our recommendation to develop a systematic process for sharing
information between TSA and CBP that could be used to strengthen the
department's efforts to enhance the overall security of inbound air cargo,
DHS stated that CBP and TSA plan to meet monthly to continue working on
ensuring air cargo security and to determine whether they can work more
collaboratively to ensure air cargo security. DHS stated that these
meetings will also focus on its air cargo security strategy, including
proposed DHS definitions for the terms "screen," "scan" and "inspection."
DHS also noted that TSA and CBP have previously collaborated on air cargo
security initiatives and efforts through their ongoing participation in
the Aviation Security Advisory Committee Air Cargo Working Group, and CBP
has shared information on its Automated Targeting System with TSA staff
who are developing a Freight Assessment System to target elevated risk
domestic cargo. DHS further stated that TSA recognizes that CBP's
Customs-Trade Partnership Against Terrorism program may include some
information that could help TSA in its efforts to strengthen the security
requirements for individuals and businesses that ship air cargo
domestically. While CBP's and TSA's efforts to collaborate on their air
cargo security activities are worthwhile, it is also important that TSA
and CBP develop a system to share information--such as the results of TSA
inspections of air carrier compliance with TSA inbound air cargo security
requirements and TSA assessments of foreign airports' compliance with
international air cargo security standards--that could be used to
strengthen the department's efforts to secure inbound air cargo. Ensuring
that TSA and CBP incorporate systematic information sharing into their
ongoing coordination efforts would more fully address our recommendation.

Regarding our recommendation to establish a methodology and time frame for
completing assessments of inbound air cargo vulnerabilities and critical
assets, and use these assessments as a basis for prioritizing the actions
necessary to enhance the security of inbound air cargo, TSA acknowledged
that assessments of inbound air cargo vulnerabilities and critical assets
can assist in the prioritization of programs and initiatives developed to
enhance air cargo security. While TSA stated that it has taken steps to
develop a methodology and a framework to complete vulnerability
assessments of the domestic air cargo supply chain, TSA does not plan to
begin work on assessments of vulnerabilities of the inbound air cargo
supply chain until after the domestic assessments are completed. TSA
stated that it will pursue partnerships with foreign countries to assess
the security vulnerabilities associated with U.S.-bound air cargo. TSA's
efforts to complete a vulnerability assessment for domestic air cargo are
an important step in applying a risk management approach to securing air
cargo. However, TSA did not provide a time frame for completing the
domestic vulnerability assessments and therefore could not provide a
schedule for when it will conduct an assessment of inbound air cargo
security vulnerabilities. Moreover, TSA has not determined whether it will
conduct a criticality assessment of inbound air cargo assets or indicated
how it plans to use information resulting from these assessments of
inbound air cargo to prioritize the agency's efforts to enhance the
security of inbound air cargo. Taking these steps would be necessary to
fully address our recommendation.

With regard to our recommendation to establish a time frame for completing
the assessment of whether existing inspection exemptions for inbound air
cargo pose an unacceptable security vulnerability, and taking steps, if
necessary, to address identified vulnerabilities, TSA acknowledged that
air cargo inspection exemptions represent a security risk and described
several actions it had taken to revise the air cargo inspection
exemptions. For example, TSA stated that in October 2006, the agency
issued a series of security enhancements in the form of a security
directive, removing air cargo inspection exemptions. While TSA's actions
are an important step in addressing a recommendation we made in our
October 2005 report on domestic air cargo security, TSA's recent security
directive does not remove all inspection exemptions for air cargo.
Specifically, TSA's action only applies to air cargo transported from and
within the United States and not to air cargo transported into the United
States from a foreign country, and only applies to air cargo transported
on passenger air carriers, not all-cargo carriers. Until TSA assesses
whether existing inspection exemptions for cargo transported on passenger
and all-cargo aircraft into the United States pose an unacceptable
vulnerability, and takes any necessary steps to address the identified
vulnerabilities, TSA cannot be assured that the agency's inbound air cargo
inspection requirements for air carriers provide a reasonable level of
security. Taking this important step is necessary to fully address our
recommendation.

Concerning our recommendation to develop and implement an inspection plan
that includes performance goals and measures to evaluate foreign and
domestic air carrier compliance with inbound air cargo security
requirements, TSA stated that it recognizes the importance of evaluating
air carrier compliance using performance measures and goals. TSA also
stated that its international and domestic field offices establish
comprehensive inspection schedules for field staff to visit air carriers
based on risk factors, inspection histories, and security determinations.
In addition, TSA noted that it is hiring 10 dedicated international air
cargo inspectors, who will be deployed to four international field offices
to inspect all-cargo operations at last points of departure to the United
States on an annual basis to ensure that they are in compliance with
relevant all-cargo security programs and applicable security directives or
emergency amendments. TSA stated that it will also track the progress on
these inspections utilizing the tracking system developed for its Foreign
Airport Assessment Program. Hiring additional inspectors to conduct
compliance inspections of all-cargo carriers that transport cargo into the
United States is an important step for enhancing the agency's oversight of
such carriers. However, TSA has not indicated whether it will develop an
inspection plan that includes performance goals and measures to evaluate
foreign and domestic air carrier compliance with inbound air cargo
security requirements. Developing such a plan will be important to
fulfilling the agency's oversight responsibilities and is a necessary
action in addressing our recommendation.

Regarding our recommendation to collaborate with foreign governments and
the U.S. air cargo industry and compile and analyze information on air
cargo security practices used abroad to identify those that may strengthen
the department's overall air cargo security program, TSA stated that it
recognizes the importance of collaborating with foreign governments and
U.S. industry to identify best practices and lessons learned for enhancing
air cargo security. Specifically, TSA stated that it has taken numerous
steps to increase collaboration with foreign governments and industry,
including developing relations with United Kingdom and Irish officials to
better understand their air cargo security practices and programs. TSA
also noted that it actively coordinates with Canadian transportation
security officials to share lessons learned and improve air cargo security
between the two countries. Moreover, TSA stated that it is continuing to
build relationships with foreign governments, including European Union
members and southeast Asian nations. TSA also stated that it is
collaborating with U.S. industry through the Aviation Security Advisory
Committee Air Cargo Working Group to partner with air cargo supply chain
stakeholders on new initiatives and existing programs and pilot programs.
TSA's efforts to collaborate with foreign governments and industry are
important steps toward improving inbound air cargo security. However, TSA
has not indicated whether it plans to compile or analyze information on
air cargo security practices used abroad to identify those that may
strengthen the department's overall air cargo security program, including
assessing whether the benefits that these practices could provide in
strengthening the security of the U.S. and inbound air cargo supply chain
are cost-effective, without impeding the flow of commerce. Taking such
actions would be necessary to fully address the intent of this
recommendation.

DHS also offered technical comments and clarifications, which we have
considered and incorporated where appropriate.

As agreed with your offices, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 30 days
after its issue date. At that time, we will provide copies of this report
to the Secretary of Homeland Security, the Assistant Secretary of the
Transportation Security Administration, the Commissioner of U.S. Customs
and Border Protection, and interested congressional committees.

If you have any further questions about this report, please contact me at
(202) 512-3404 or [email protected] . Key contributors to this report
are listed in appendix IX.

Cathleen A. Berrick
Director
Homeland Security and Justice Issues

Congressional Requesters

The Honorable Bennie G. Thompson
Chairman
The Honorable Peter T. King
Ranking Minority Member
Committee on Homeland Security
House of Representatives

The Honorable Loretta Sanchez
Chairwoman
Subcommittee on Border, Maritime and Global Counterterrorism
Committee on Homeland Security
House of Representatives

The Honorable Tom Davis
Ranking Minority Member
Committee on Oversight and Government Reform
House of Representatives

The Honorable Daniel E. Lungren
Ranking Minority Member
Subcommittee on Transportation Security and Infrastructure Protection
Committee on Homeland Security
House of Representatives

The Honorable Christopher Shays
Ranking Minority Member
Subcommittee on National Security and Foreign Affairs
Committee on Oversight and Government Reform
House of Representatives

The Honorable Edward J. Markey
House of Representatives

Appendix I: Objectives, Scope, and Methodology

This report addresses the following questions: (1) What actions has the
Department of Homeland Security (DHS) taken to secure inbound air cargo,
and how, if at all, could these efforts be strengthened? (2) What
practices have the air cargo industry and select foreign countries adopted
that could potentially be used to enhance DHS's efforts to strengthen air
cargo security, and to what extent have the Transportation Security
Administration (TSA) and the U.S. Customs and Border Protection (CBP)
worked with foreign government stakeholders to enhance its air cargo
security efforts?

To determine what actions DHS has taken to secure inbound air cargo, and
how, if at all, these efforts could be strengthened, we reviewed TSA's
domestic air cargo strategic plan, proposed and final air cargo security
rules, air cargo-related security directives and emergency amendments,
aircraft operator security programs, and related guidance to determine the
requirements placed on air carriers for ensuring inbound air cargo
security.1 We also interviewed TSA and CBP officials to obtain information
on their current and planned efforts to secure inbound air cargo. Further,
we reviewed CBP's programs and performance measures related to targeting
and inspecting air cargo once it reaches the United States. Specifically,
we reviewed CBP's Customs and Trade Partnership Against Terrorism (C-TPAT)
program and its Automated Targeting System (ATS) related to air cargo to
obtain information on CBP's efforts to secure, target, and inspect inbound
air cargo. We analyzed TSA foreign airport assessment reports conducted
during fiscal year 2005, compliance inspection data from July 2003 to
February 2006, and performance measures to determine the agency's progress
in evaluating air carriers' compliance with existing air cargo security
requirements. We also discussed the reliability of TSA's compliance
inspection data for the period July 2003 to February 2006 with TSA
officials. Although our initial reliability testing indicated that there
were some inconsistencies in the data provided by TSA, we were able to
resolve most of the discrepancies and concluded that the data were
sufficiently reliable for the purposes of this review. For example, we
found spelling variations in the inspections for the same air carrier,
which we identified and made uniform in the dataset. We found that some
records contained duplicate information. We removed these records based on
a comparison of information such as the inspection record number, the date
of the inspection, the specific requirement the TSA inspector assessed,
and the determination of the air carriers' compliance with the
requirement. We also found some inspections in the dataset that had
occurred at U.S. airports. We identified these by the airport name and
removed them from the data. To identify DHS's plans for enhancing inbound
air cargo security, we reviewed DHS Science and Technology Directorate,
TSA, and CBP documents to identify pilot programs for inspection
technology, including program funding levels, time frames, results, and
implementation plans. We discussed how, if at all, DHS efforts could be
strengthened to secure inbound air cargo with TSA and CBP officials and
air cargo industry stakeholders.

1"Air carriers" refers to both foreign and U.S.-based passenger air
carriers whose aircraft have been configured to accommodate both
passengers and cargo and all-cargo carriers whose aircraft transport only
cargo.

To identify any challenges DHS and its components may face in
strengthening inbound air cargo security, we interviewed TSA and CBP
officials about how they coordinate and share information on their
respective inbound air cargo security efforts. We obtained information on
DHS's, TSA's, and CBP's efforts to apply risk management principles to
inform their decisions related to securing inbound air cargo and compared
these actions against our risk management framework. Our complete risk
management framework includes a specific set of risk management
activities: setting strategic goals and objectives, assessing risk
(threat, vulnerabilities, and criticality), evaluating alternatives,
selecting initiatives to undertake, and implementing and monitoring those
initiatives. This report examines the two risk management efforts TSA has
focused on thus far related to inbound air cargo security--setting
strategic goals and objectives and assessing risk. With regard to
establishing strategic goals and objectives, we reviewed DHS's Strategic
Plan, National Infrastructure Protection Plan, and National Strategy for
Transportation Security. We also reviewed TSA's strategic plan and TSA's
air cargo strategic plan to determine DHS's strategy for addressing the
security of inbound air cargo. Regarding risk assessments, we interviewed
DHS officials to discuss the department's plans to conduct assessments of
the vulnerabilities and critical assets associated with inbound air cargo.
In addition, we interviewed TSA and CBP officials, foreign government
officials, and air cargo industry stakeholders to identify efforts to
develop international air cargo security standards, and DHS's efforts to
work with foreign governments to develop uniform air cargo security
standards that would apply to participant countries, including a structure
for mutually recognizing and accepting other countries' air cargo security
practices.

To identify actions the air cargo industry and select foreign countries
have taken to secure air cargo and whether such actions have the potential
to be used to strengthen air cargo security in the United States, we
interviewed foreign and domestic air carrier (passenger and all-cargo)
officials, foreign freight forwarder representatives, airport authorities,
air cargo industry associations, and DHS and foreign government officials.
We also conducted site visits to 3 U.S. airports to observe inbound air
cargo security operations and industry and CBP efforts to inspect inbound
air cargo using nonintrusive inspection technologies, including radiation
detection systems.2 We selected these airports based on several factors,
including airport size, the volume of air cargo transported to these
airports from foreign locations, geographical dispersion, the presence of
CBP officers, and TSA international field office officials.3 Because we
selected a nonprobability sample of airports, the results from these
visits cannot be generalized to other U.S. airports. Further, we conducted
site visits to 7 countries in Europe and Asia to observe air cargo
facilities on and off airport grounds, observe air cargo security
processes and technologies, and obtain information on air cargo security
measures implemented by foreign governments and industry stakeholders.4
During our international site visits, we also met with officials from the
European Union and TSA's international field offices. We selected these
countries based on several factors, including geographical dispersion; TSA
threat rankings; and discussions with DHS, State Department, and foreign
government officials and air cargo industry representatives and experts
regarding air cargo security practices that may have application to DHS's
efforts to secure air cargo. We also considered information on 4
additional countries whose air cargo security practices differ from those
used in the United States.5 According to TSA and air cargo industry
stakeholders, these countries have implemented stringent air cargo
security programs. Specifically, we observed security practices at 8
foreign airports, 4 of which rank among the world's 10 busiest cargo
airports. We also obtained information on the air cargo security
requirements implemented by 4 additional foreign countries. In addition,
some of the security practices we identified are being implemented by air
carriers that transport large volumes of air cargo. Specifically, we spoke
with air carrier officials representing 7of the world's 10 largest air
cargo carriers. We also discussed the feasibility of applying foreign air
cargo security measures in the United States with TSA officials. We did
not, however, evaluate the effectiveness of the foreign measures we
identified during this review. We also discussed efforts to develop,
harmonize, and mutually recognize international air cargo security
standards with TSA, foreign government, and air cargo industry officials.

2TSA classifies over 400 commercial airports in the United States into one
of five categories (X, I, II, III, and IV) based on various factors, such
as the total number of takeoffs and landings annually and other special
security considerations.

3DHS determined that information on the specific domestic airports we
visited is Sensitive Security Information. The domestic airports we
visited are listed in the restricted version of this report, GAO-07-337SU.

4DHS determined that information on the specific international airports we
visited is sensitive security information. The international airports we
visited are listed in the restricted version of this report, GAO-07-337SU.

5DHS determined that the names of specific countries on whose air cargo
security practices and requirements we collected information are Sensitive
Security Information. These countries are identified in the restricted
version of this report, GAO-07-337SU.

TSA's and CBP's roles and responsibilities for securing air cargo
transported from the United States to a foreign location were not included
in the scope of this review. TSA's requirements for outbound air cargo are
similar to those governing the security of air cargo transported within
the United States. For a review of TSA's practices related to securing
domestic air cargo, GAO-05-446SU.

We conducted our work from October 2005 through February 2007 in
accordance with generally accepted government auditing standards.

Appendix II: TSA's Efforts to Assess Air Carrier Compliance with Inbound
Air Cargo Security Requirements

TSA's inspections at foreign airports are conducted by aviation inspectors
who are responsible for reviewing aviation security measures of foreign
and domestic passenger air carriers to determine their compliance with a
variety of TSA aviation security requirements, including those related to
inbound air cargo. These inspectors are responsible for conducting foreign
airport assessments as well as domestic and foreign air carrier
inspections at foreign airports. According to international field office
officials, the agency usually conducts inspections and foreign airport
assessments during the same visit to an airport. The agency also trains
and utilizes domestic aviation security inspectors to conduct inspections
under the supervision of the international field offices to supplement its
international inspection resources.

TSA uses its automated Performance and Results Information System (PARIS)
to compile the results of its aviation inspections and the actions taken
when violations are identified. As shown in figure 4, our analysis of
PARIS inspection records determined that between July 2003 and February
2006, TSA conducted 1,020 international compliance inspections of domestic
and foreign carriers that included a review of one or more areas of cargo
security. TSA data also show that inspectors conducted 747 inspections at
452 separate domestic air carrier stations and 273 inspections at 177
separate foreign air carrier stations.1

1"Air carrier station" refers to those locations at an airport where an
air carrier conducts its operations.

Figure 4: Inspections of Air Carrier Cargo Procedures Conducted from
January 2004 to December 2005

Note: TSA provided us information on the number of inspections conducted
from July 2003 to February 2006. DHS determined that details on the number
of inspections conducted on air carrier cargo procedures are Sensitive
Security Information. Details on the number of inspections are provided in
the restricted version of this report, GAO-07-337SU.

TSA has taken initial steps to compile information on the violations found
during its inspections of inbound air carrier cargo security requirements.
For example, from July 2003 to February 2006, TSA inspectors identified 57
air cargo security violations committed by foreign and domestic passenger
air carriers at foreign airports in several areas of air cargo security
responsibility. Specifically, as shown in figure 5, these violations
covered areas such as cargo acceptance procedures, cargo screening
procedures, and air carrier cargo hold search procedures.

Figure 5: Air Cargo Security Violations Found during Inbound Passenger Air
Carrier Inspections at Foreign Airports for the Period July 2003 to
February 2006

Note: TSA provided us information on the number of violations found during
inspections conducted from July 2003 to February 2006. DHS determined that
details on the number of each type of violation found are Sensitive
Security Information. Details on the number of each type of violation are
provided in the restricted version of this report, GAO-07-337SU.

Appendix III: TSA's Assessments of Foreign Airport Security Procedures

During fiscal year 2005, TSA conducted 128 foreign airport assessments at
the approximately 260 airports that service passenger air carriers
departing for the United States.1 As part of the foreign airport
assessment process, TSA develops a report that identifies recommendations
for the airport to improve its airport security to meet ICAO standards,
which include air cargo security standards. Of the 128 assessments TSA
conducted during fiscal year 2005, the agency made 28 recommendations to
improve air cargo security. As of October 2005, 2 cargo security
recommendations were adopted by the airports and 26 recommendations
remained to be addressed. Examples of TSA recommendations include
developing a national cargo security program to establish government
authorities and air cargo industry responsibilities for securing air
cargo, among other things.

When TSA inspectors identify a deficiency that requires immediate action,
they work with the airport and government officials to resolve the
deficiency. If TSA inspectors determine that effective security is still
not being maintained, the law prescribes steps and actions available for
encouraging compliance with the standards used in TSA's assessment.2 Such
actions include, among other things, notifying appropriate authorities of
the foreign government of deficiencies identified, providing public notice
that the airport does not maintain and carry out effective security
measures, or suspending service between the United States and the airport
if it is determined a condition exists that threatens the safety or
security of the passengers, aircraft, or crew, and such action is in the
public interest.3 The agency has not issued a travel advisory or suspended
service solely for air cargo security deficiencies at an airport since its
inception.

1See 49 U.S.C. S 44907 (authorizing TSA to conduct foreign airport
assessments).

2TSA conducts assessments to determine the extent to which a foreign
airport effectively maintains and carries out security measures using a
standard of analysis based at least on the standards and appropriate
recommended practices contained in ICAO Annex 17. 49 U.S.C. S 44907(a)(2).

3See 49 U.S.C. S 44907(c)-(f).

Appendix IV: Description of GAO's Risk Management Framework

GAO's risk management framework is intended to be a starting point for
risk management activities and will likely evolve as processes mature and
lessons are learned. A risk management approach entails a continuous
process of managing risk through a series of actions, including setting
strategic goals and objectives, assessing risk, evaluating alternatives,
selecting initiatives to undertake, and implementing and monitoring those
initiatives. Figure 6 depicts a risk management cycle.

Figure 6: Risk Management Cycle

Risk assessment, a critical element of a risk management approach, helps
decision makers identify and evaluate potential risks so that
countermeasures can be designed and implemented to prevent or mitigate the
effects of the risks. The risk assessment element in the overall risk
management cycle may be the largest change from standard management steps
and is central to informing the remaining steps of the cycle. Table 1
describes the elements of a risk assessment.

Table 1: Elements of a Typical Homeland Security Risk Assessment

Threat assessment: "Threat" is defined as a potential intent to cause harm 
or damage to an asset (e.g., natural environment, people, man-made         
infrastructures, and activities and operations). Threat assessments        
consist of the identification of adverse events that can potentially       
affect an entity. Threats might be present at the global, national, or     
local level and their sources include terrorists and criminal enterprises. 
Specific threat information may indicate vulnerabilities that are subject  
to attack or following the completion of a risk management process, may,   
for instance, indicate that resources should be temporarily deployed to    
protect cargo in a particular region of the country or a specific airport. 
Even if updated frequently, a threat assessment might not adequately       
capture some emerging threats.                                             
Vulnerability assessment: "Vulnerability" is defined as the inherent state 
(either physical, technical, or operational) of an asset that can be       
exploited by an adversary to cause harm or damage. Vulnerability           
assessments identify these inherent states and the extent of their         
susceptibility to exploitation, relative to the existence of any           
countermeasures. A vulnerability assessment is generally conducted by a    
team of experts skilled in such areas as engineering, intelligence,        
security, information systems, finance, and other disciplines.             
Criticality/Consequence assessment: "Criticality" is defined as an asset's 
relative importance given that an event occurs. Criticality or similar     
consequence assessments identify and evaluate an entity's assets based on  
a variety of factors, including the importance of its mission or function, 
the extent to which people are at risk, or the significance of a structure 
or system in terms of, for example, national security, economic activity,  
or public safety. Criticality or consequence assessments are important     
because they provide, in combination with threat and vulnerability         
assessments, information for later stages of the risk management process.  

Source: GAO.

Another element of our risk management approach--alternatives
evaluation--considers what actions may be needed to address identified
risks, the associated costs of taking these actions, and any resulting
benefits. This information can be provided to agency management to assist
in the selection of alternative actions best suited to the unique needs of
the organization. An additional step in the risk management approach is
the implementation and monitoring of actions taken to address the risks,
including evaluating the extent to which risk was mitigated by these
actions. Once the agency has implemented the actions to address risks, it
should develop criteria for and continually monitor the performance of
these actions to ensure that they are effective and also reflect evolving
risk.

Appendix V: DHS and TSA Air Cargo Security Technology Pilot Tests

According to DHS officials, the department's ongoing pilot programs seek
to enhance the physical security of air cargo and improve the
effectiveness of air cargo inspections by increasing detection rates and
reducing false alarm rates. DHS officials stated that its air cargo
technology pilot programs focus on securing domestic air cargo, and while
these pilot methods have yet to be implemented, the results of these tests
could be applied to securing inbound air cargo against similar threats.
These technology pilots focus on addressing the two primary threats to air
cargo identified by TSA--hijackers on an all-cargo aircraft and explosives
on passenger aircraft--but do not include tests to identify weapons of
mass destruction. DHS's pilot programs are described below.

Air Cargo Explosives Detection Pilot Program

Of the amounts appropriated to DHS in fiscal year 2006, $30 million was
allocated to the Science and Technology (S&T) Directorate to conduct three
cargo screening pilot programs.1 DHS's S&T, working in conjunction with
TSA, selected San Francisco International Airport, Seattle-Tacoma
International Airport, and Cincinnati/Northern Kentucky International
Airport as the sites for the pilot and commenced cargo inspection
operations at all three airports in September 2006. The pilots will test
different concepts of operation at each of the airports. At San Francisco
International Airport, the program will test the use of approved
inspection technologies, including explosive detection systems, such as
CTX 9000, explosive trace detectors, standard X-ray machines, canine
teams, and manual inspections of air cargo, in attempts to determine the
technological and operational issues involved in explosives detection. The
pilot at San Francisco International Airport will further examine how the
use of these existing checked baggage inspection technologies at a higher
rate than is currently required by TSA will affect air cargo personnel and
operations on, for example, throughput.2 The pilot at Seattle-Tacoma
International Airport will use canines and stowaway detection
technologies, for example, technologies that can locate a stowaway through
detection of increased carbon dioxide levels in cargo, to detect threats
in freighter air cargo,3 while the Cincinnati/Northern Kentucky
International Airport pilot program will test existing passenger
infrastructure for inspecting air cargo, including explosive detection
systems (EDS) technology. The projected benefits of these pilots include
the following: increases in the amount of cargo inspected, increases in
detection reliability without adversely affecting commerce, and a better
understanding of the necessary procedures and costs associated with
greater cargo security.

1H.R. Conf. Rep. No. 109-241, at 53 (2005) (accompanying H.R. 5441,
enacted as the Department of Homeland Security Appropriations Act, 2006,
Pub. L. No. 109-90, 110 Stat. 2064 (2005)).

2"Throughput" means the amount of cargo screened during a given period of
time, for example, per hour.

Pilot Program Evaluating Explosives Detection System Technology

EDS is a form of X-ray technology that can be highly automated to screen
several hundred bags an hour. EDS machines, in contrast to explosive trace
detection technology, are much larger, up to the size of a minivan and
cost in excess of $1 million. EDS technology uses computer tomography to
scan objects and compare their density to the density of known objects in
order to locate explosives.4 According to TSA, EDS provides an equivalent
level of security as explosive trace detection (ETD) technology. However
EDS provides a higher level of efficiency.

TSA's EDS Cargo Pilot Program is currently in the third phase of a
three-phased program testing the use and effectiveness of explosive
detection systems at 12 participating sites.5 While the Air Cargo
Explosives Detection Pilot Program will test a range of explosives
detection technologies, the EDS pilot focuses specifically on EDS
technology for its use in the air cargo environment. Phase I, referred to
as Developmental Test and Evaluation, was conducted using live explosives
to test the detection capability and technical performance of the systems
screening simulated break bulk air cargo. Phase II, referred to as
Operational Utility Evaluation, was conducted in cargo facilities to test
the system's effectiveness in the air cargo environment, in addition to
determining the operational alarm and false alarm rates of the technology.
Phase III of TSA's testing is referred to as the Extended Field Test and
is designed as a longer-term evaluation of available EDS technologies in
the air cargo environment. According to TSA officials, the extended time
frame of Phase III (a minimum of 1 year) will allow TSA to evaluate the
reliability, maintainability, and availability of the EDS technology, in
addition to establishing operational parameters and procedures within a
realistic operational environment.

3The Seattle-Tacoma International Airport pilot requires technology for
stowaway detection that has not been operationally tested and evaluated in
that environment. According to DHS officials, this technology was being
acquired as of May 2006.

4Computer tomography generates a three-dimensional image of the internals
of an object from a large series of two-dimensional X-ray images taken
around a single axis of rotation.

5Five air carriers have agreed to participate in TSA's EDS Cargo Pilot
Program.

Air Cargo Security Seals Pilot Program

TSA officials stated that the agency is exploring the viability of
potential security countermeasures, such as tamper-evident security seals,
for use with certain classifications of exempt cargo. Traditionally used
in the maritime environment, container seals include a number of
tamper-evident technologies that range from tamper-evident tape to more
advanced technologies used to secure air cargo on aircraft. Tamper-evident
tape can identify cargo that requires further screening and inspection to
safeguard against the introduction of explosives and incendiary devices.
Indicative seals are made of plastic and show signs of tampering. Ranging
in price from 5 to 20 cents, they provide the cheapest solution to air
cargo security. Barrier seals, which cost between 50 cents and $2 or more,
are stronger seals that are generally used on more sensitive cargo because
they require bolt cutters to remove. The most advanced seal technology
allows shipping companies to track a container through the entire shipping
process through a radio frequency identification (RFID) tag that is
embedded in the seal. Average RFID seals can range in cost from $1 to $10,
with the most sophisticated models costing upward of $100. Security seals
could be used in combination with known shipper protocols to insure that
known shippers provide security in their packaging facilities and deter
tampering during shipping and handling.

In 2003, the Congressional Research Service reported that the utility of
electronic seals in air cargo operations has been questioned by some
experts because currently available electronic seals have a limited
transmission range that may make detecting and identifying seals
difficult. In 2006, GAO reported that container seals provide limited
value in detecting tampering with cargo containers.6 However, according to
TSA officials, such countermeasures could provide an additional layer of
security and warrant further examination. In January 2006, the agency
issued a public request for information regarding security seals. Although
the agency has since acquired information on seals from five vendors,
officials stated that efforts to begin the pilot program have been delayed
due to funding issues, among other things. TSA officials stated that the
agency plans to implement the pilot at four airports by the first quarter
of 2007. These airports include Portland International Airport, John F.
Kennedy International Airport, Chicago O'Hare International Airport, and
Ronald Reagan Washington National Airport.

6GAO, Technology Assessment: Securing the Transport of Cargo Containers,
GAO-06-68SU, (Washington: DC: January 2006).

Hardened Unit Load Devices/Hardened Cargo Containers

While the Federal Aviation Administration, TSA, and DHS have been involved
in testing hardened unit load devices since the mid-1990s, testing of
these devices has increased since the 9/11 Commission recommended that all
U.S. airliners deploy at least one hardened cargo container in the hold of
every passenger aircraft to carry suspect passenger baggage or air cargo.7
Hardened unit load devices are blast-resistant containers capable of
transporting passenger baggage or air cargo within the lower deck cargo
holds of wide-body aircraft. These containers are required to withstand an
explosive blast up to a certain magnitude while maintaining the integrity
of the container and aircraft structure. The container must also be
capable of extinguishing any fire that results from the detonation of an
incendiary device.

In accordance with the Intelligence Reform and Terrorism Prevention Act of
2004, TSA began a pilot program in June 2005 to conduct airline
operational testing of the ability of hardened or blast-resistant
containers to minimize the potential effects, including explosion or fire,
of a detonation caused by an explosive device smuggled into the belly of
an aircraft.8 TSA officials stated that the start up of the pilot program
was slow because one of the two participating vendors dropped out of the
program and because there were few available domestic wide-body flights in
which to conduct the tests. TSA officials added that the agency has since
made progress in conducting the pilot and is collecting test data. TSA
officials stated that the agency expects to conclude the data collection
phase of the program by summer 2007 and make policy decisions regarding
the possible implementation of hardened unit loading devices by December
2007. In addition, TSA has been working with vendors and airlines to
develop and test a hardened unit load device that would satisfy industry's
request for a lighter, less cost-prohibitive model while still providing
the necessary level of security to the aircraft.

7Previous research and development efforts examining blast-resistant
containers were conducted by the Federal Aviation Administration. For more
than 10 years the agency examined the airworthiness, ground handling, and
blast resistance of hardened containers.

8See Pub. L. No 108-458, S 4051, 118 Stat. 3638, 3728 (2004), authorizing
$2 million for the Assistant Secretary of Homeland Security
(Transportation Security Administration) to carry out this pilot program.

Pulsed Fast Neutron Analysis Testing

TSA officials reported that the agency's efforts to test pulsed fast
neutron analysis (PFNA) are currently in the proof-of-concept design
stage, which is focusing on the development of the technology. PFNA
technology allows for bulk inspection of containerized air cargo by
measuring the reaction to injected neutrons and identifying elemental
chemical signatures of contraband, explosives, and other threat objects.
The agency plans to complete the proof-of-concept phase of testing by
March 2007, at which point TSA and DHS will evaluate the technology on its
technical, environmental, operational, and performance specifications.
Testing of this technology will then proceed to the Development Testing
and Evaluation phase. Agency officials project that the next two phases,
Development Testing and Evaluation and Operational Testing and Evaluation,
will take another 2 to 3 years (after the completion of the
proof-of-concept design phase) to fully determine the operational
readiness and maturity of the technology. Agency officials were unable to
provide us with a time frame for when PFNA would be operational at the
George Bush Intercontinental Airport.

Appendix VI: Actions Taken by Select Domestic Air Carriers with Operations
Overseas and Foreign Air Cargo Industry Stakeholders to Secure Air Cargo

                                                                   Freight           
Area of Action Passenger Air Carriers     All-Cargo Air Carriers   Forwarders        
Cargo             o Inspect a higher         o 100 percent            o Freight      
Inspection:       percentage of cargo        inspection performed     forwarders,    
Methods and       placed on passenger        on:                      also known as  
Focus             aircraft than is                                    regulated      
                  required by TSA or host    o express cargo on       agents, are    
                  government.                passenger aircraft       validated by   
                  o 100 percent of air       bound for the United     the government 
                  cargo loaded onto          States.                  and are        
                  passenger aircraft         o air cargo from         responsible    
                  bound for the United       unknown (cash paying)    for conducting 
                  States required to         customers.               inspections.   
                  undergo inspection.        o air cargo shipped      o Canines and  
                  o Large palletized         in or out of             decompression  
                  cargo is broken down in    locations deemed         chambers are   
                  order to pass cargo        high-risk by the air     used to        
                  through X-ray machines.    carrier is inspected     inspect cargo  
                  o Canines used to sniff    via X-ray.               that cannot be 
                  air samples taken from     o air cargo bound for    X-rayed.       
                  cargo shipments.           passenger flights to     o Customers    
                  o Limited or no air        the United States are    are charged a  
                  cargo inspection           inspected via X-ray.     fee when use   
                  exemptions.                                         of             
                  o Large X-ray machines             o Color-coded    decompression  
                  used to inspect entire             threat           chamber is     
                  pallets of cargo bound             assessment       required.      
                  for passenger craft.               system                          
                  o Additional targeted              indicates                       
                  inspections are                    when air                        
                  conducted based on                 cargo should                    
                  analysis of available              be inspected                    
                  threat information,                and when                        
                  among other things.                other                           
                                                     procedures                      
                                                     should apply.                   
                                                     The color                       
                                                     assigned                        
                                                     (red, amber,                    
                                                     or green) is                    
                                                     based on the                    
                                                     cargo's point                   
                                                     of origin,                      
                                                     destination,                    
                                                     and other                       
                                                     relevant                        
                                                     intelligence                    
                                                     information.                    
                                                     o Radiation                     
                                                     detection                       
                                                     technology is                   
                                                     used to                         
                                                     inspect cargo                   
                                                     transported                     
                                                     to the United                   
                                                     States and                      
                                                     differentiate                   
                                                     between                         
                                                     legitimate                      
                                                     and                             
                                                     illegitimate                    
                                                     sources of                      
                                                     radiation.                      
                                                     o Canines                       
                                                     used to sniff                   
                                                     air samples                     
                                                     from cargo                      
                                                     shipments.                      
Identification                                                        o Work with    
of Known                                                              known          
Shippers/                                                             cosigners to   
Cosigners                                                             prepare for    
                                                                      annual audits; 
                                                                      new            
                                                                      identification 
                                                                      numbers are    
                                                                      given          
                                                                      post-audit to  
                                                                      ensure         
                                                                      security of    
                                                                      cosigner       
                                                                      identity.      
Employee          o Air cargo workers                                 o Database     
Security          undergo additional and                              tracks         
                  stringent background                                training       
                  checks, including                                   completed by   
                  criminal and employment                             employees;     
                  history checks.                                     employees are  
                  o Program provides                                  not permitted  
                  monetary incentives to                              to enter       
                  employees in order to                               facility if    
                  increase employee                                   training       
                  awareness of access                                 lapses or      
                  controls, including                                 requirements   
                  rewards for reporting                               are not met.   
                  suspicious individuals.                             o Managers are 
                  o All personnel are                                 required to    
                  trained to identify and                             remain         
                  handle security risks;                              knowledgeable  
                  quarterly training is                               on security    
                  provided to security                                policies and   
                  personnel on a range of                             regulations in 
                  issues, including                                   destination    
                  security updates and                                countries.     
                  the use of new                                                     
                  technology.                                                        
Compiling and     o Threat information is    o Annual audits of       o Manifest     
Disseminating     derived from               carrier facilities       information is 
Air Cargo Data    public/private             are conducted using      provided to    
                  intelligence. This         an online                CBP earlier    
                  information includes       questionnaire;           than is        
                  data on the                facilities undergo a     required by    
                  sociopolitical/economic    certification process    CBP.           
                  conditions of              that is linked to the                   
                  countries.                 audits.                                 
                  o Independent risk         o Security incident                     
                  assessments are            database tracks                         
                  conducted based on         worldwide security                      
                  internal testing to        issues.                                 
                  identify cargo security                                            
                  weaknesses.                                                        
                  o Representatives from                                             
                  the air carrier                                                    
                  industry meet to                                                   
                  identify best practices                                            
                  in aviation security.                                              
Physical          o Truck drivers            o All                    o Monthly      
Security and      entering carrier           employees/visitors       internal       
Access            facilities to deliver      are required to pass     audits of      
Controls          air cargo are escorted     through a metal          cargo          
                  by an airline              detector before          facilities,    
                  representative at all      entering/exiting         including      
                  times.                     cargo facility.          testing of     
                  o Security guards          o Assessments are        access         
                  control access to          conducted of security    controls to    
                  freighters at every        conditions in foreign    identify       
                  stop made by the           destinations where       security       
                  aircraft.                  staff are located;       weaknesses.    
                  o Secured cart system      armed security           o Seals and    
                  transports cargo within    personnel are            plastic straps 
                  cargo storage facility.    assigned to those        are applied to 
                  o Pallets are locked       locations deemed high    all cargo      
                  and sealed in a            risk.                    crates,        
                  completely enclosed        o High-tech camera       containers,    
                  chain-like container       and surveillance         and boxes to   
                  after they are built to    system monitor           prevent        
                  prevent the possibility    all-cargo areas 24       tampering.     
                  of tampering.              hours a day.             o Cargo is     
                  o Biometric badge          o Biometric              consolidated   
                  required to gain access    identification system    whenever       
                  to secured areas.          that scans the hand      possible into  
                                             to grant access air      larger units   
                                             carrier facilities       and sealed     
                                             and cargo areas.         with steel     
                                             o Strategic placement    banding to     
                                             of air cargo in the      limit the      
                                             aircraft to secure       possibility of 
                                             the cockpit and          tampering.     
                                             minimize the             o Only         
                                             potential for a          authorized     
                                             hijacking by a           company        
                                             stowaway.                employees are  
                                                                      permitted to   
                                                                      pick up, pack, 
                                                                      and transport  
                                                                      cargo to cargo 
                                                                      facilities and 
                                                                      the airport.   
                                                                      o Fingerprints 
                                                                      and            
                                                                      photographs of 
                                                                      all truck      
                                                                      drivers that   
                                                                      transport      
                                                                      cargo are      
                                                                      taken, kept on 
                                                                      file, and used 
                                                                      to authorize   
                                                                      access.        
Cargo             o Refusal of all           o Thorough security      o Refusal of   
Acceptance        express cargo brought      review is conducted      improperly     
                  directly to the            of potential             documented     
                  ticketing or check-in      customers prior to       that could     
                  counter by an unknown      acceptance of their      pose a         
                  shipper.                   business or cargo.       potential      
                  o Palletized cargo is                               security       
                  refused unless airline                              threat.        
                  security personnel are                              o Refusal of   
                  present when pallet is                              express cargo  
                  built.                                              brought        
                                                                      directly to    
                                                                      the counter.   
                                                                      o Refuse all   
                                                                      inbound and    
                                                                      outbound cargo 
                                                                      from unknown   
                                                                      shippers.      
Air Cargo         o Examining use of         o Pilot testing the                     
Technology        inspection technology      use of bees to detect                   
Testing           capable of detecting       explosive traces in                     
                  traces of explosives.      air cargo shipments.                    

Source: GAO analysis of industry efforts to secure air cargo that differ
from those implemented in the United States.

Appendix VII: Actions We Identified That Select Foreign Governments Are
Taking to Secure Air Cargo

Actions Taken by Select Foreign Governments to Secure Air Cargo
Cargo          Methods and          Performing Entity   Inspection Focus   
Inspection     Technology                                                  
                                          o Government,       o One hundred   
                     o Twenty-four        airport, or         percent of      
                     hour holding         freight             unknown cargo   
                     period used as       forwarder           loaded on       
                     form of              representatives     either          
                     inspection.          are responsible     passenger or    
                     o Random             for inspecting      all-cargo       
                     selection of         air cargo.          aircraft is     
                     inspection           o Military          physically      
                     methods to avoid     police conduct      inspected.      
                     detection of         air cargo           o No            
                     inspection           inspections.        differentiation 
                     patterns.                                between cargo   
                     o Canines used to                        placed on       
                     sniff air samples                        passenger       
                     from air cargo                           aircraft versus 
                     shipments-Remote                         all-cargo       
                     Air Sampling for                         aircraft in     
                     Canine Olfaction                         regards to type 
                     (RASCO).                                 or degree of    
                                                              inspection.     
                                                              o Unknown cargo 
                                                              that undergoes  
                                                              inspection      
                                                              becomes known   
                                                              and is          
                                                              permitted on    
                                                              passenger       
                                                              aircraft.       
                                                              o No, or        
                                                              limited number  
                                                              of, air cargo   
                                                              inspections     
                                                              exemptions.     
                                                              o Palletized    
                                                              cargo from      
                                                              unknown         
                                                              shippers,       
                                                              broken up,      
                                                              inspected, and  
                                                              re-palletized   
                                                              before being    
                                                              loaded unto     
                                                              aircraft.       
Regulated         o Process to become a regulated agent is strict and
Agents and        costly; decertification for unsatisfactory performance.
Shippers          o Third-party validation required to become a known
                     shipper/consignor; annual third-party compliance
                     inspections conducted of known shippers/cosigners.
                                       
                  Regulated agents are validated by aviation authority prior
                  to regulating and auditing shippers and conducting
                  inspections of air cargo.
Employee          o Air cargo handlers and workers attend
Security          government-certified schools to receive mandatory
                     training in air cargo security awareness and quality
                     control.          
                     o Air cargo workers undergo background checks that
                     include a criminal history records check before being
                     granted access to cargo facilities.
                                       
                  Air cargo workers must be of native descent to be hired.
Screening Air     o Developing multicountry database containing
Cargo Data        information on all known consignors and regulated agents
                     to facilitate the exchange of information among
                     countries.        
Physical       To Aircraft and Cargo            To Cargo Facilities
Security and                                            
Access            o Security personnel             o Biometric
Controls          accompany and surround           technologies used to
                     aircraft upon landing to         control access to cargo
                     guard aircraft and its           facilities.
                     contents, including cargo.       o Government personnel
                     o Cargo is stored in secured     conduct testing and
                     terminal facility, located       attempt to gain access
                     within a "restricted" area of    to cargo
                     the airport.                     warehouses/facilities;
                     o All individuals accessing      if successful, all
                     cargo facilities are required    cargo in the breached
                     to pass through a                facility is considered
                     walk-through metal detector.     unknown and must be
                                                      inspected before being
                                                      loaded unto aircraft.
Technology        o Government and airport authority subsidize the costs
Certification     of purchasing X-ray equipment to inspect air cargo.
and Funding                         

Source: GAO analysis of foreign government efforts to secure air cargo
that differ from those implemented in the United States.

Appendix VIII: Comments from the Department of Homeland Security

Appendix IX: GAO Contact and Staff Acknowledgments

GAO Contact

Cathleen A. Berrick, (202) 512-3404

Acknowledgments

In addition to the contact named above, John C. Hansen, Assistant
Director; Susan Baker; Charles W. Bausell; Katherine Davis; Jennifer
Harman; Richard Hung; Cathy Hurley; Tom Lombardi; Jeremy Manion; Linda
Miller; Steve D. Morris; and Meg Ullengren made key contributions to this
report.

(440604)

GAO's Mission

The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( www.gao.gov ). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site. To
have GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

To Report Fraud, Waste, and Abuse in Federal Programs

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail:
[email protected] Automated answering system: (800) 424-5454 or (202)
512-7470

Congressional Relations

Gloria Jarmon, Managing Director, [email protected] (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
D.C. 20548

Public Affairs

Paul Anderson, Managing Director, [email protected] (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548

www.gao.gov/cgi-bin/getrpt?GAO-07-660.

To view the full product, including the scope
and methodology, click on the link above.

For more information, contact Cathleen Berrick at (202) 512-3404 or
[email protected].

Highlights of [63]GAO-07-660 , a report to congressional requesters

April2007

AVIATION SECURITY

Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and
Could Be Strengthened

The Department of Homeland Security (DHS) has primary responsibility for
securing air cargo transported into the United States from another
country, referred to as inbound air cargo, and preventing implements of
terrorism from entering the country. GAO examined (1) what actions DHS has
taken to secure inbound air cargo, and how, if at all, these efforts could
be strengthened; and (2) what practices the air cargo industry and foreign
governments have adopted that could enhance DHS's efforts to strengthen
inbound air cargo security, and to what extent DHS has worked with foreign
governments to enhance their air cargo security efforts. To conduct this
study, GAO reviewed relevant DHS documents, interviewed DHS officials, and
conducted site visits to seven countries in Europe and Asia.

[64]What GAO Recommends

GAO recommends that DHS develop a risk-based inbound air cargo security
strategy; develop a systematic process to improve interagency
communication; and analyze air cargo security practices used by air cargo
industry stakeholders and foreign governments to determine their
applicability to the United States. DHS generally concurred with GAO's
recommendations. However, we have concerns that DHS's plans may not fully
address our recommendations.

Within DHS, the Transportation Security Administration (TSA) and U.S.
Customs and Border Protection (CBP) have taken a number of actions
designed to secure inbound air cargo, but these efforts are still largely
in the early stages and could be strengthened. For instance, TSA completed
a risk-based strategic plan to address domestic air cargo security, but
has not developed a similar strategy for addressing inbound air cargo
security, including how best to partner with CBP and international air
cargo stakeholders. In addition, while TSA has identified the primary
threats to inbound air cargo, it has not yet assessed inbound air cargo
vulnerabilities and critical assets. Moreover, TSA's air cargo security
rule incorporated a number of provisions aimed at enhancing the security
of inbound air cargo. This final rule also acknowledges that TSA amended
its security directives and programs to triple the percentage of cargo
inspected on domestic and foreign passenger aircraft. However, TSA
continues to exempt certain types of inbound air cargo transported on
passenger air carriers from inspection. Further, TSA inspects domestic and
foreign passenger air carriers with service to the United States to assess
whether they are complying with air cargo security requirements, but
currently does not conduct compliance inspections of all air carriers
transporting inbound air cargo. Moreover, TSA has not developed
performance goals and measures to determine to what extent air carriers
are complying with security requirements. In addition, CBP recently began
targeting inbound air cargo transported on passenger and all-cargo
aircraft that may pose a security risk and inspecting such cargo once it
arrives in the United States. TSA and CBP, however, do not have a
systematic process in place to share information that could be used to
strengthen the department's efforts in securing inbound air cargo, such as
the results of TSA air carrier compliance inspections and foreign airport
assessments.

The air cargo industry and foreign governments have implemented various
security practices that could provide opportunities for strengthening
DHS's overall air cargo security program. TSA officials acknowledged that
compiling and analyzing security practices implemented by foreign air
cargo stakeholders and foreign governments may provide opportunities to
enhance U.S. air cargo security, and have begun an initial review of
practices in select foreign countries. TSA has also begun working with
foreign governments to coordinate security practices to enhance security
and improve oversight, referred to as harmonization, but these efforts may
be challenging to implement. For example, some foreign countries do not
share the United States' view regarding air cargo security threats and
risks, which may make the harmonization of air cargo security practices
difficult to achieve.

References

Visible links
  39. http://www.gao.gov/cgi-bin/getrpt?GAO-07-660
  40. http://www.gao.gov/cgi-bin/getrpt?GAO-06-76
  41. http://www.gao.gov/cgi-bin/getrpt?GAO-06-76
  42. http://www.gao.gov/cgi-bin/getrpt?GAO-06-76
  43. http://www.gao.gov/cgi-bin/getrpt?GAO-06-76
  44. http://www.gao.gov/cgi-bin/getrpt?GAO-06-76
  45. http://www.gao.gov/cgi-bin/getrpt?GAO-06-76
  46. http://www.gao.gov/cgi-bin/getrpt?GAO-01-1008G
  47. http://www.gao.gov/cgi-bin/getrpt?GAO-06-591T
  48. http://www.gao.gov/cgi-bin/getrpt?GAO-05-557
  49. http://www.gao.gov/cgi-bin/getrpt?GAO-06-389
  50. http://www.gao.gov/cgi-bin/getrpt?GAO-06-76
  51. http://www.gao.gov/cgi-bin/getrpt?GAO-06-76
  52. http://www.gao.gov/cgi-bin/getrpt?GAO-06-76
  53. http://www.gao.gov/cgi-bin/getrpt?GAO-05-851
  54. http://www.gao.gov/cgi-bin/getrpt?GAO-04-728
  63. http://www.gao.gov/cgi-bin/getrpt?GAO-07-660
*** End of document. ***