Transportation Security: Efforts to Strengthen Aviation and	 
Surface Transportation Security Continue to Progress, but More	 
Work Remains (15-APR-08, GAO-08-651T).				 
                                                                 
Within the Department of Homeland Security (DHS), the		 
Transportation Security Administration's (TSA) mission is to	 
protect the nation's transportation network. Since its inception 
in 2001, TSA has developed and implemented a variety of programs 
and procedures to secure commercial aviation and surface modes of
transportation. Other DHS components, federal agencies, state and
local governments, and the private sector also play a role in	 
transportation security. GAO has examined (1) the progress TSA	 
and other DHS components have made in securing the nation's	 
aviation and surface transportation systems, and the challenges  
that remain, and (2) crosscutting issues that have impeded TSA's 
efforts in strengthening security. This testimony is based on GAO
reports and testimonies issued from February 2004 to February	 
2008 and ongoing work regarding the security of the nation's	 
aviation and surface transportation systems, as well as selected 
updates to this work conducted in April 2008. To conduct this	 
work, GAO reviewed documents related to TSA security efforts and 
interviewed TSA and transportation industry officials.		 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-08-651T					        
    ACCNO:   A81705						        
  TITLE:     Transportation Security: Efforts to Strengthen Aviation  
and Surface Transportation Security Continue to Progress, but	 
More Work Remains						 
     DATE:   04/15/2008 
  SUBJECT:   Air transportation 				 
	     Airport security					 
	     Aviation						 
	     Aviation security					 
	     Cargo screening					 
	     Commercial aviation				 
	     Ground transportation				 
	     Passenger screening				 
	     Passengers 					 
	     Performance measures				 
	     Program evaluation 				 
	     Program management 				 
	     Risk assessment					 
	     Risk factors					 
	     Risk management					 
	     Security assessments				 
	     Security regulations				 
	     Security threats					 
	     Standards						 
	     Strategic planning 				 
	     Systems analysis					 
	     Technology assessment				 
	     Transportation					 
	     Transportation policies				 
	     Transportation safety				 
	     Transportation security				 
	     Program goals or objectives			 
	     Program implementation				 
	     Security operations				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-08-651T

   

     * [1]Summary
     * [2]Background
     * [3]DHS Has Made Progress in Securing the Nation's Aviation and

          * [4]Aviation Security
          * [5]Surface Transportation Security

     * [6]Crosscutting Issues Have Hindered DHS's Efforts in Implement
     * [7]Concluding Observations
     * [8]GAO Contact and Staff Acknowledgments
     * [9]GAO's Mission
     * [10]Obtaining Copies of GAO Reports and Testimony

          * [11]Order by Mail or Phone

     * [12]To Report Fraud, Waste, and Abuse in Federal Programs
     * [13]Congressional Relations
     * [14]Public Affairs

This is the accessible text file for GAO report number GAO-08-651T 
entitled 'Transportation Security: Efforts to Strengthen Aviation and 
Surface Transportation Security Continue to Progress, but More Work 
Remains' which was released on April 16, 2008. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to [email protected]. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony before the Subcommittee on: 

Transportation Security and Infrastructure Protection, Committee on 
Homeland Security, House of Representatives: 

United States Government Accountability Office: 

GAO: 

For Release on Delivery Expected at 2:00 p.m. EDT: 

Tuesday, April 15, 2008: 

Transportation Security: 

Efforts to Strengthen Aviation and Surface Transportation Security 
Continue to Progress, but More Work Remains: 

Statement of Cathleen A. Berrick: 

Director, Homeland Security and Justice Issues: 

GAO-08-651T: 

Madam Chairwoman and Members of the Subcommittee: 

I appreciate the opportunity to participate in today's hearing to 
discuss the Department of Homeland Security's (DHS) progress and 
challenges in securing our nation's transportation systems. The 
Transportation Security Administration (TSA) is charged with securing 
the transportation network while ensuring the free movement of people 
and commerce. Other DHS components, federal agencies, state and local 
governments, and the private sector also play a role in transportation 
security. In carrying out its broader homeland security 
responsibilities, DHS faces the challenge of determining how to 
allocate its finite resources within the transportation system and 
across all sectors to address threats and strengthen security. My 
testimony today focuses on (1) the progress TSA and other DHS 
components have made in securing the nation's aviation and surface 
transportation systems, and the challenges that remain, and (2) 
crosscutting issues that have impeded TSA's efforts in strengthening 
security. My comments are based on GAO reports and testimonies issued 
from February 2004 to February 2008 and selected updates to this work 
obtained in April 2008. In obtaining these updates, we reviewed 
documents related to TSA security efforts and interviewed TSA and 
transportation industry officials. In addition, we included some of our 
preliminary findings from ongoing work regarding the security of the 
nation's aviation and surface transportation systems. We conducted 
these performance audits in accordance with generally accepted 
government auditing standards. Those standards require that we plan and 
perform the audit to obtain sufficient, appropriate evidence to provide 
a reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a reasonable 
basis for our findings and conclusions based on our audit objectives. 

Summary: 

TSA has undertaken a number of initiatives to strengthen the security 
of the nation's commercial aviation and surface transportation systems. 
Specifically, TSA has hired and deployed a federal workforce of over 
50,000 passenger and checked baggage screeners, and installed equipment 
at the nation's more than 400 commercial airports to provide the 
capability to screen all checked baggage using explosive detection 
systems, as mandated by law.[Footnote 1] TSA has since turned its 
attention to, among other things, strengthening passenger prescreening-
-in general, the matching of passenger information against terrorist 
watch lists prior to an aircraft's departure; more efficiently 
allocating, deploying, and managing the transportation security officer 
(TSO)--formerly known as screener--workforce; strengthening screening 
procedures; researching and developing more effective and efficient 
screening technologies; and strengthening procedures to ensure the 
security of air cargo. TSA has also begun efforts to evaluate the 
effectiveness of security-related technologies, such as biometric 
identification systems, to secure access to restricted areas at 
airports. DHS's U.S. Customs and Border Protection (CBP) has also taken 
steps to strengthen passenger prescreening for passengers on 
international flights operating to or from the United States, as well 
as inspecting inbound air cargo upon its arrival in the United States. 
DHS's Science and Technology (S&T) Directorate has also taken actions 
to research and develop aviation security technologies. With regard to 
surface transportation modes, TSA has developed a strategic approach 
for securing these systems; established security standards for certain 
transportation modes; and conducted threat, criticality, and 
vulnerability assessments of surface transportation assets, 
particularly related to passenger and freight rail. TSA has also hired 
and deployed compliance inspectors and conducted inspections of 
passenger and freight rail systems. Finally, DHS has developed and 
administered grant programs for various surface transportation modes. 

While these efforts have helped to strengthen the security of the 
transportation network, DHS still faces a number of key challenges that 
should be addressed to meet the goals and requirements set out for them 
by Congress, the administration, and the department itself. For 
example, regarding commercial aviation, although TSA has made much 
progress in developing Secure Flight--a government-run passenger 
prescreening system--in February 2008, we reported that it can further 
strengthen its efforts by developing more-sound cost and schedule 
estimates, and strengthening security controls. In addition, while TSA 
has taken actions to enhance perimeter security and restrict access to 
secure areas at airports, it can further strengthen its efforts to 
reduce the risks posed by airport employees. TSA has also not developed 
a plan to guide and support individual airports and the commercial 
airport system as a whole with respect to future technology 
enhancements for perimeter security and access controls. Further, TSA 
is only recently beginning to deploy new checkpoint technologies to 
address key existing vulnerabilities, and has not yet developed and 
implemented technologies needed to screen air cargo. With regard to 
surface transportation security, while TSA has initiated efforts to 
develop security standards for surface transportation modes, these 
efforts have been limited to passenger and freight rail. Moreover, 
although TSA has made progress in conducting compliance inspections of 
some surface transportation systems, inspectors' roles and missions 
have not been fully defined. 

A variety of crosscutting issues have affected DHS's and, as they 
relate to transportation security, TSA's efforts in implementing its 
mission and management functions. These key issues include strategic 
planning and results management, risk management, and stakeholder 
coordination. For example, TSA has not always implemented effective 
strategic planning efforts, fully developed performance measures, or 
put into place structures to help ensure that it is managing for 
results. In addition, DHS and its components can more fully adopt and 
apply a risk-management approach in implementing its security mission 
and core management functions,[Footnote 2] and more fully coordinate 
their activities with key stakeholders. DHS and TSA have strengthened 
their efforts in these areas, but more work remains. 

Background: 

The Aviation and Transportation Security Act (ATSA), enacted in 
November 2001, created TSA and gave it responsibility for securing all 
modes of transportation.[Footnote 3] TSA's aviation security mission 
includes strengthening the security of airport perimeters and 
restricted airport areas; hiring and training a screening workforce; 
prescreening passengers against terrorist watch lists; and screening 
passengers, baggage, and cargo at the over 400 commercial airports 
nationwide, among other responsibilities. While TSA has operational 
responsibility for physically screening passengers and their baggage at 
most airports, TSA exercises regulatory, or oversight, responsibility 
for the security of airports and air cargo. Specifically, airports, air 
carriers, and other entities are required to implement security 
measures in accordance with TSA security requirements, against which 
TSA evaluates their compliance efforts. 

TSA also oversees air carriers' efforts to prescreen passengers--in 
general, the matching of passenger information against terrorist watch 
lists prior to an aircraft's departure--and plans to take over 
operational responsibility for this function with the implementation of 
its Secure Flight program. CBP, which currently has responsibility for 
prescreening airline passengers on international flights departing from 
and bound for the United States, will continue to perform this function 
until TSA assumes this function under Secure Flight. DHS's S&T is 
responsible for researching and developing technologies to secure the 
transportation sector. 

TSA shares responsibility for securing surface transportation modes 
with federal, state, and local governments and the private sector. 
TSA's security mission includes establishing security standards and 
conducting assessments and inspections of surface transportation modes, 
including passenger and freight rail; mass transit; highways and 
commercial vehicles; and pipelines. The Federal Emergency Management 
Agency's Grant Programs Directorate provides grant funding to surface 
transportation operators and state and local governments, and in 
conjunction with certain grants, the National Protection and Programs 
Directorate conducts risk assessments of surface transportation 
facilities. Within the Department of Transportation (DOT), the Federal 
Transit Administration (FTA) and Federal Railroad Administration (FRA) 
have responsibilities for passenger rail safety and security. In 
addition, public and private sector transportation operators are 
responsible for implementing security measures for their systems. 

DHS Has Made Progress in Securing the Nation's Aviation and Surface 
Transportation Systems, but More Work Remains: 

DHS, primarily through TSA, has undertaken numerous initiatives to 
strengthen the security of the nation's aviation and surface 
transportation systems. In large part, these efforts have been guided 
by legislative mandates designed to strengthen the security of 
commercial aviation following the September 11, 2001, terrorist 
attacks. These efforts have also been affected by events external to 
the department, including the alleged August 2006 terrorist plot to 
blow up commercial aircraft bound from London to the United States, and 
the 2004 Madrid and 2005 London train bombings. While progress has been 
made in many areas with respect to securing the transportation network, 
we found that the department can strengthen its efforts in some key 
areas outlined by Congress, the administration, and the department 
itself, as discussed below. 

Aviation Security: 

Airport Perimeter Security and Access Controls. TSA has taken action to 
strengthen the security of airport perimeters and access to restricted 
airport areas. However, as we reported in June 2004, the agency can 
further strengthen its efforts to evaluate the effectiveness of 
security-related technologies and reduce the risks posed by airport 
employees, among other things.[Footnote 4] In 2006, TSA completed the 
last project in an access control pilot program that included 20 
airports, and which was designed to test and evaluate new and emerging 
technologies in an airport setting. TSA is also conducting an airport 
perimeter security pilot at six airports, to test technologies such as 
vehicle inspection systems. However, TSA has not developed a plan to 
guide and support individual airports and the commercial airport system 
as a whole with respect to future technology enhancements for perimeter 
security and access controls. Without such a plan, TSA could be limited 
in assessing and improving the effectiveness of its efforts to provide 
technical support for enhancing security. In addition, we reported in 
September 2006 and October 2007 on the status of the development and 
testing of the Transportation Worker Identification Credential program-
-DHS's effort to develop biometric access control systems to verify the 
identity of individuals accessing secure transportation areas[Footnote 
5]. However, DHS has not yet determined how and when it will implement 
a biometric identification system for access controls at commercial 
airports. In June 2004, we reported that while background checks were 
not required for all airport workers, TSA required most airport workers 
who perform duties in selected areas to undergo a fingerprint-based 
criminal history records check. TSA further required airport operators 
to compare applicants' names against TSA's security watch lists. In 
July 2004, consistent with our previous recommendation to determine the 
need for additional security requirements to reduce the risks posed by 
airport employees, TSA enhanced requirements for background checks for 
employees working in restricted airport areas. Also consistent with our 
recommendation, in 2007, TSA further expanded the Security Threat 
Assessment--which determines, among other things, whether an employee 
has any terrorist affiliations--to require airport employees who 
receive an airport-issued identification badge to undergo a review of 
citizenship status. Further, in March 2007, TSA implemented a random 
employee screening initiative--the Aviation Direct Access Screening 
Program--that uses TSOs to randomly screen airport workers and their 
property for explosives and other threat items. TSA has allocated about 
900 full-time equivalent positions to the program and has requested $36 
million for FY 2009 for an additional 750 full-time equivalent 
positions. As directed by Congress in 2008, TSA plans to pilot test 
various employee screening methods at seven selected airports, 
including conducting 100 percent employee screening at three of these 
[Footnote 6]airports. TSA plans to begin pilot testing in May and 
report on the results of its efforts--as directed--by September 1, 
2008. Finally, consistent with our previous recommendation to develop 
schedules and an analytical approach for completing vulnerability 
assessments, TSA has developed criteria for prioritizing vulnerability 
assessments at commercial airports. However, it has not compiled 
national baseline data to fully assess security vulnerabilities across 
airports. In 2004, TSA said an analysis of vulnerabilities on a 
nationwide basis was essential since it would allow the agency to 
assess the adequacy of security policies and help better direct limited 
resources. GAO is currently reviewing TSA's efforts to enhance airport 
perimeter and access control security and will report on our results 
later this year. 

Aviation Security Workforce. TSA has made progress in deploying, 
training, and assessing the performance of its federal aviation 
security workforce. For example, TSA has hired and deployed a federal 
screening workforce at over 400 commercial airports nationwide, and 
developed standards for determining TSO staffing levels at 
airports.[Footnote 7] These standards form the basis of TSA's Staffing 
Allocation Model, which the agency uses to determine TSO staffing 
levels at airports. In response to our recommendation,[Footnote 8] in 
December 2007 TSA developed a Staffing Allocation Model Rates and 
Assumptions Validation Plan that identifies the process the agency 
plans to use to review and validate the model's assumptions on a 
periodic basis. TSA also established numerous programs to train and 
test the performance of its screening workforce. Among other efforts, 
TSA has provided enhanced explosives-detection training, and recently 
reported developing a monthly recurrent (ongoing) training plan for all 
TSOs. In addition, TSA has trained and deployed federal air marshals on 
high-risk flights; established standards for training flight and cabin 
crews; and established a Federal Flight Deck Officer program to select, 
train, and allow authorized flight deck officers to use firearms to 
defend against any terrorist or criminal acts. In April 2006, TSA 
implemented a performance accountability and standards system to assess 
agency personnel at all levels on various competencies, including 
training and development, readiness for duty, management skills, and 
technical proficiency. Finally, in April 2007, TSA redesigned its local 
covert testing program conducted at individual airports. This new 
program, known as the Aviation Screening Assessment Program or ASAP, is 
intended to test the performance of the passenger and checked baggage 
screening systems, to include the TSO workforce. During our ongoing 
review of TSA's covert testing program, we identified that TSA has 
implemented risk-based national and local covert testing programs to 
identify vulnerabilities in and measure the performance of selected 
aspects of the aviation system. However, we found that TSA could 
strengthen its program by developing a more systematic process for (1) 
recording the causes of covert test failures, and (2) evaluating the 
test results and developing approaches for mitigating vulnerabilities 
identified in the commercial aviation security system. We will report 
on the complete results of this review later this year. 

Passenger Prescreening. Over the past several years, TSA has faced a 
number of challenges in developing and implementing an advanced 
prescreening system, known as Secure Flight,[Footnote 9] which will 
allow TSA to assume responsibility from air carriers for comparing 
domestic passenger information against the No Fly List and Selectee 
List.[Footnote 10] In February 2008, we reported that TSA had made 
substantial progress in instilling more discipline and rigor into 
Secure Flight's development and implementation, including preparing key 
systems development documentation and strengthening privacy 
protections.[Footnote 11] However, challenges remain that may hinder 
the program's progress moving forward. Specifically, TSA had not (1) 
developed program cost and schedule estimates consistent with best 
practices; (2) fully implemented its risk management plan; (3) planned 
for system end-to-end testing in test plans; and (4) ensured that 
information-security requirements are fully implemented. To address 
these challenges, we made several recommendations to DHS and TSA to 
incorporate best practices in Secure Flight's cost and schedule 
estimates and to fully implement the program's risk-management, 
testing, and information-security requirements. DHS and TSA officials 
generally agreed with these recommendations. We are continuing to 
assess TSA's efforts in developing and implementing Secure Flight-- 
which, according to TSA's planned schedule, will allow the agency to 
fully assume the watch list matching function from air carriers in 
fiscal year 2010. TSA has also taken steps to integrate the domestic 
watch-list matching function with the international watch-list matching 
function currently operated by CBP, consistent with our past 
recommendations. Specifically, TSA and CBP have coordinated to develop 
a strategy called the One DHS Solution, which is to align the two 
agencies' domestic and international watch-list matching processes, 
information technology systems, and regulatory procedures to provide a 
seamless interface between DHS and the airline industry. TSA and CBP 
also agreed that TSA will take over the screening of passengers against 
the watch list for international flights from CBP, though CBP will 
continue to match passenger information to the watch list in 
fulfillment of its border-related functions. Full implementation of an 
integrated system is not planned to take place until after Secure 
Flight acquires the watch-list matching function for domestic flights. 

Checkpoint Screening. TSA has taken steps to strengthen passenger 
checkpoint screening procedures to enhance the detection of prohibited 
items and strengthen security; however, TSA could improve its 
evaluation and documentation of proposed procedures. In April 2007, we 
reported that modifications to checkpoint screening standard operating 
procedures (SOP) were proposed based on the professional judgment of 
TSA senior-level officials and program-level staff, as well as threat 
information and the results of covert testing.[Footnote 12] We also 
reported on steps TSA had taken to address new and emerging threats, 
such as establishing the Screening Passengers by Observation Technique 
(SPOT) program, which provides TSOs with a nonintrusive, behavior-based 
means of identifying potentially high-risk individuals. For proposed 
screening modifications deemed significant, such as SPOT, TSA 
operationally tested these proposed modifications at selected airports 
before determining whether they should be implemented nationwide. 
However, we reported that TSA's data collection and analysis of 
proposed SOP modifications could be improved, and recommended that TSA 
develop sound evaluation methods, when possible, to assess whether 
proposed screening changes would achieve their intended purpose. TSA 
has since reported taking steps to work with subject-matter experts to 
ensure that the agency's operational testing of proposed screening 
modifications are well designed and executed, and produce results that 
are scientifically valid and reliable. With regard to checkpoint 
screening technologies, TSA and S&T have researched, developed, tested, 
and initiated procurements of various technologies to address security 
vulnerabilities that may be exploited; however, limited progress has 
been made in fielding emerging technologies. For example, of the 
various emerging checkpoint screening projects funded by TSA and 
S&T,[Footnote 13] only the explosives trace portal and a bottled 
liquids scanning device have been deployed for use in day-to-day 
operations. However, due to performance and maintenance issues, TSA 
halted the acquisition and deployment of the portals in June 2006. 
Also, in February 2008, we testified that TSA lacked a strategic plan 
to guide its efforts to acquire and deploy screening technologies, 
which could limit its ability to deploy emerging technologies to 
airports deemed at highest risk.[Footnote 14] According to TSA 
officials, the agency plans to submit a strategic plan to Congress by 
June 2008. We have ongoing work reviewing S&T and TSA checkpoint 
screening technologies efforts and will report on our results later 
this year. 

Checked Baggage Screening. TSA has made progress in installing 
explosive detection systems to provide the capability to screen checked 
baggage at the nation's commercial airports, as mandated by law. From 
November 2001 through June 2006, TSA procured and installed about 1,600 
Explosive Detection Systems (EDS) and about 7,200 Explosive Trace 
Detection (ETD) machines to screen checked baggage for explosives at 
over 400 commercial airports.[Footnote 15] In addition, based in part 
on recommendations we made, TSA moved stand-alone EDS machines that 
were located at airports that received new in-line EDS baggage 
screening systems to 32 airports that did not previously have them from 
May 2004 through December 2007. TSA also replaced ETD machines at 53 
airports with 158 new EDS machines from March 2005 through December 
2007. In response to mandates to field the equipment quickly and to 
account for limitations in airport design that made it difficult to 
quickly install in-line EDS systems, TSA generally placed baggage 
screening equipment in a stand-alone mode--usually in airport lobbies-
-to conduct the primary screening of checked baggage for 
explosives.[Footnote 16] Based, in part, on our recommendations, TSA 
later developed a plan to integrate EDS and ETD machines in-line with 
airport baggage conveyor systems. The installation of in-line systems 
can result in considerable savings to TSA through the reduction of 
personnel needed to operate the equipment, as well as increased 
security. In addition, according to TSA estimates, the number of 
checked bags screened per hour can more than double when EDS machines 
are placed in-line versus being placed in the stand alone mode. Despite 
delays in the widespread deployment of in-line systems due to the high 
upfront capital investment required, TSA is pursuing the installation 
of these systems and is seeking creative financing solutions to fund 
their deployment. However, It is incumbent upon airports of whether or 
not they will pursue the installation of in-line baggage systems. In 
February 2008, TSA submitted a legislative proposal to increase the 
Aviation Security Capital Fund (ASCF) through a new surcharge on the 
passenger security fee. According to TSA, this proposal, if adopted, 
would accelerate the deployment of optimal checked baggage screening 
systems and address the need to re-capitalize existing equipment 
deployed immediately after September, 2001. The Implementing 
Recommendations of the 9/11 Commission Act reiterates a requirement 
that DHS submit a cost-sharing study for the installation of in-line 
baggage screening systems, along with a plan and schedule for 
implementing provisions of the study, and requires TSA to establish a 
prioritization schedule for airport improvement projects related to the 
installation of in-line or other optimal baggage screening systems. As 
of April 3, 2008, TSA had not completed the prioritization schedule, 
corresponding timeline, and description of the funding allocation for 
these projects. 

Air Cargo Security. TSA has taken steps to secure air cargo, including 
initializing efforts to provide the capability to screen 100 percent of 
air cargo transported on passenger aircraft by 2010, but its efforts 
are not yet complete. In April 2007, we reported that TSA's Air Cargo 
strategic plan contained a strategy for securing domestic air cargo but 
did not include goals and objectives for addressing inbound air cargo, 
or cargo transported into the United States from a foreign 
country.[Footnote 17] We recommended that DHS develop a risk-based 
strategy for securing inbound air cargo including defining TSA's and 
CBP's inbound air cargo security responsibilities. CBP subsequently 
issued its International Air Cargo Security strategic plan in June 
2007, and TSA plans to revise its Air Cargo strategic plan during the 
third quarter of fiscal year 2008 to incorporate a strategy for 
addressing inbound air cargo security, including how the agency will 
partner with CBP. We also reported that TSA had not conducted 
vulnerability assessments to identify the range of air cargo security 
weaknesses that could be exploited by terrorists, and recommended that 
TSA develop a methodology and schedule for completing these 
assessments.[Footnote 18] In response in part to our recommendation, 
TSA implemented an Air Cargo Vulnerability Assessment program in 
November 2006 and, as of April 2008, had completed vulnerability 
assessments at five domestic airports. TSA plans to complete 
assessments of all high-risk airports by 2009. In addition, although 
TSA has established requirements for air carriers to randomly screen 
air cargo, the agency had exempted some domestic and inbound cargo from 
these requirements. While TSA has since revised its screening 
exemptions for domestic air cargo, it has not done so for inbound air 
cargo. TSA is also working with DHS S&T to develop and pilot test a 
number of technologies to assess their applicability to screening and 
securing air cargo.[Footnote 19] However, as of February 2008, TSA had 
provided a completion date for only one of its five air cargo 
technology pilot programs. According to TSA officials, the agency will 
determine whether it will require the use of these technologies once it 
has completed its assessments and analyzed the results. We also 
reported in April 2007 that TSA did not systematically compile and 
analyze information on air cargo security practices used abroad to 
identify those that may strengthen the department's overall air cargo 
security program, and we recommended that it do so.[Footnote 20] TSA 
has since begun development of a certified cargo screening program 
based in part on its review of screening models used in two foreign 
countries that rely on government-certified screeners to screen air 
cargo early in the supply chain.[Footnote 21] According to TSA, the 
agency plans to deploy this program to assist it in meeting the 
statutory requirement to screen 100 percent of air cargo transported on 
passenger aircraft by August 2010 (and to screen 50 percent of such 
cargo by February 2009), as mandated by the Implementing 
Recommendations of the 9/11 Commission Act.[Footnote 22] In January 
2008, TSA began phase one of the program's pilot tests, and as of April 
2008, had completed tests at six airports. TSA plans to conduct tests 
at three additional airports by June 2008. 

Surface Transportation Security: 

Strategic Approach for Implementing Security Functions. In September 
2005, DHS completed the National Strategy for Transportation Security. 
This strategy identified and evaluated transportation assets in the 
United States that could be at risk of a terrorist attack and addressed 
transportation sector security needs. Further, in May 2007, DHS issued 
a strategic plan for securing the transportation sector and supporting 
annexes for each of the surface transportation modes, and reported 
taking actions to adopt the strategic approach outlined by the plan. 
The Transportation Systems Sector-Specific Plan describes the security 
framework that is intended to enable sector stakeholders to make 
effective and appropriate risk-based security and resource allocation 
decisions within the transportation network. TSA has begun to implement 
some of the security initiatives outlined in the sector-specific plan 
and supporting modal plans. Additionally, the Implementing 
Recommendations of the 9/11Commission Act imposes a deadline of May 
2008, for the Secretary of DHS to develop and implement the National 
Strategy for Public Transportation Security. Our work assessing DHS's 
efforts in implementing its strategy for securing surface 
transportation modes is being conducted as part of our ongoing reviews 
of mass transit, passenger and freight rail, commercial vehicle, and 
highway infrastructure security. We will report on the results of this 
work later this year. 

Threat, Criticality, and Vulnerability Assessments. TSA has taken 
actions to assess risk by conducting threat, criticality, and 
vulnerability assessments of surface transportation assets, 
particularly for mass transit, passenger rail, and freight rail, but 
its efforts related to commercial vehicles and highway infrastructure 
are in the early stages. For example, TSA had conducted threat 
assessments of all surface modes of transportation. TSA has also 
conducted assessments of the vulnerabilities associated with some 
surface transportation assets. For example, regarding freight rail, TSA 
has conducted vulnerability assessments of rail corridors in eight High 
Threat Urban Areas where toxic-inhalation-hazard shipments are 
transported. With respect to commercial vehicles and highway 
infrastructure, TSA's vulnerability assessment efforts are ongoing. 
According to TSA, the agency performed 113 corporate security reviews 
on highway transportation organizations through fiscal year 2007, such 
as trucking companies, state Departments of Transportation, and motor 
coach companies.[Footnote 23] However, TSA does not have a plan or a 
time frame for conducting these reviews on a nationwide basis. 
Furthermore, DHS's National Protection and Programs Directorate's 
Office of Infrastructure Protection conducts vulnerability assessments 
of surface transportation assets to identify protective measures to 
reduce or mitigate asset vulnerability. With regard to criticality 
assessments, TSA reported in April 2008 that the agency had conducted 
1,345 assessments of passenger rail stations.[Footnote 24] 
Additionally, the Implementing Recommendations of the 9/11Commission 
Act has several provisions related to security assessments. For 
instance, the act requires DHS to review existing security assessments 
for public transportation systems as well as conduct additional 
assessments as necessary to ensure that all high-risk public 
transportation agencies have security assessments. Moreover, the act 
also requires DHS to establish a federal task force to complete a 
nationwide risk assessment of a terrorist attack on rail carriers. We 
will continue to review threat, vulnerability, and criticality 
assessments conducted by TSA related to securing surface modes of 
transportation during our ongoing work.[Footnote 25] 

Issuance of Security Standards. TSA has taken actions to develop and 
issue security standards for mass transit, passenger rail, and freight 
rail transportation modes. However, TSA has not yet developed or issued 
security standards for all surface transportation modes, such as 
commercial vehicle and highway infrastructure, or determined whether 
standards are necessary for these modes of transportation. 
Specifically, TSA has developed and issued both mandatory rail security 
directives and recommended voluntary best practices--known as Security 
Action Items--for transit agencies and passenger rail operators to 
implement as part of their security programs to enhance both security 
and emergency-management preparedness. TSA also issued a notice of 
proposed rule making in December 2006, which if finalized as proposed, 
would include additional security requirements for passenger and 
freight rail transportation operators.[Footnote 26] For example, the 
rule would include additional security requirements designed to ensure 
that freight railroads have protocols for the secure custody transfers 
of toxic-inhalation-hazard rail cars in High Threat Urban Areas. DHS 
and other federal partners have also been collaborating with the 
American Public Transportation Association (APTA) and public and 
private security professionals to develop industry wide security 
standards for mass transit systems. APTA officials reported that they 
expect several of the voluntary standards to be released in mid-2008. 
Additionally, the Implementing Recommendations of the 9/11Commission 
Act requires DHS to issue regulations establishing standards and 
guidelines for developing and implementing vulnerability assessments 
and security plans for high-risk railroad carriers and over-the-road 
bus operators.[Footnote 27] The deadlines for the regulations are 
August 2008 and February 2009, respectively. With respect to freight 
rail, TSA is developing a notice of proposed rulemaking proposing that 
high-risk rail carriers conduct vulnerability assessments and develop 
and implement security plans. We will continue to assess TSA's efforts 
to issue security standards for other surface transportation modes 
during our ongoing reviews. 

Compliance Inspections. TSA has hired and deployed surface 
transportation security inspectors who conduct compliance inspections 
for both passenger and freight rail modes of transportation; however, 
questions exist regarding how TSA will employ the inspectors to enforce 
new regulations proposed in its December 2006 Notice of Proposed 
Rulemaking and regulations to be developed in accordance with the 
Implementing Recommendations of the 9/11 Commission Act.[Footnote 28] 
TSA officials reported having 100 surface transportation inspectors 
during fiscal year 2005 and, as of December 2007, were maintaining an 
inspector workforce of about the same number. The agency's budget 
request for fiscal year 2009 includes $11.6 million to fund 100 surface 
transportation security inspectors--which would maintain its current 
staffing level. Inspectors' responsibilities include conducting on- 
site inspections of key facilities for freight rail, passenger rail, 
and transit systems; assessing transit systems' implementation of core 
transit security fundamentals and comprehensive security action items; 
conducting examinations of stakeholder operations, including compliance 
with security directives; identifying security gaps; and developing 
effective practices. To meet these compliance responsibilities, TSA 
reported in December 2007 that it had conducted voluntary assessments 
of 50 of the 100 largest transit agencies, including 34 passenger rail 
and 16 bus-only agencies, and has plans to continue these assessments 
with the next 50 largest transit agencies during fiscal year 2008. With 
respect to freight rail, TSA reported visiting, during 2007, almost 300 
railroad facilities including terminal and railroad yards to assess the 
railroads' implementation of 17 DHS-recommended Security Action Items 
associated with the transportation of toxic-inhalation-hazard 
materials. 

TSA has raised concerns about the agency's ability to continue to meet 
anticipated inspection responsibilities given the new regulations 
proposed in its December 2006 Notice of Proposed Rulemaking and 
requirements of the Implementing Recommendations of the 9/11 Commission 
Act. For example, the act mandates that high-risk over-the-road bus 
operators, railroad carriers, and public transportation agencies 
develop and implement security plans which must include, among other 
requirements, procedures to be implemented in response to a terrorist 
attack.[Footnote 29] The act further requires the Secretary of DHS to 
review each plan within 6 months of receiving it. TSA officials stated 
that they believe TSA inspectors will likely be tasked to conduct these 
reviews. The act also requires that the Secretary of DHS develop and 
issue interim final regulations by November 2007, for a public 
transportation security training program.[Footnote 30] As of April 
2008, these interim regulations have not been issued. According to TSA 
officials, TSA inspectors will likely be involved in ensuring 
compliance with these regulations as well. To help address these 
additional requirements, the Implementing Recommendations of the 9/ 
11Commission Act authorizes funds to be appropriated for TSA to employ 
additional surface transportation inspectors, and requires that surface 
transportation inspectors have relevant transportation experience and 
appropriate security and inspection qualifications.[Footnote 31] 
However, it is not clear how TSA will meet these new requirements since 
the agency has not requested funding for additional surface 
transportation security inspectors for fiscal year 2009. We will 
continue to assess TSA's inspection efforts during our ongoing 
work.[Footnote 32] 

Grant Programs. DHS has developed and administered grant programs for 
various surface transportation modes, although stakeholders have raised 
concerns regarding the current grant process. For example, the DHS 
Office of Grants and Training, now called the Grant Programs 
Directorate, has used various programs to fund passenger rail security 
since 2003. Through the Urban Areas Security Initiative grant program, 
the Grant Programs Directorate has provided grants to urban areas to 
help enhance their overall security and preparedness level to prevent, 
respond to, and recover from acts of terrorism. The Grant Programs 
Directorate used fiscal year 2005, 2006, and 2007 appropriations to 
build on the work under way through the Urban Areas Security Initiative 
program, and create and administer new programs focused specifically on 
transportation security, including the Transit Security Grant Program, 
Intercity Passenger Rail Security Grant Program, and the Freight Rail 
Security Grant Program. However, some industry stakeholders have raised 
concerns regarding DHS's current grant process, including the shifting 
of funding priorities, the lack of program flexibility, and other 
barriers to the provision of grant funding. For example, transit 
agencies have reported that the lack of predictability in how TSA will 
assess grant projects against funding priorities makes it difficult to 
engage in long-term planning of security initiatives. Specifically, 
transit agencies have reported receiving funding to begin projects-- 
such as retrofitting their transit fleet with security cameras or 
installing digital video recording systems--but not being able to 
finish these projects in subsequent years because TSA had changed its 
funding priorities. The Implementing Recommendations of the 9/11 
Commission Act codifies surface transportation grant programs and 
imposes statutory requirements on the administration of the 
programs.[Footnote 33] For example, the act lists authorized uses of 
these grant funds and requires DHS to award the grants based on 
risk.[Footnote 34] It also requires that DHS and DOT determine the most 
effective and efficient way to distribute grant funds, authorizing DHS 
to transfer funds to DOT for the purpose of disbursement.[Footnote 35] 
According to the TSA fiscal year 2009 budget justification, to ensure 
that the selected projects are focused on increasing security, DHS 
grants are to be awarded based on risk. We will continue assessing 
surface transportation related grant programs as part of our ongoing 
work.[Footnote 36] 

Crosscutting Issues Have Hindered DHS's Efforts in Implementing Its 
Mission and Management Functions: 

Our work has identified homeland security challenges that cut across 
DHS's mission and core management functions. These issues have impeded 
the department's progress since its inception and will continue to 
confront DHS as it moves forward. These issues include (1) establishing 
baseline performance goals and measures and engaging in effective 
strategic planning efforts; (2) applying and strengthening a risk- 
management approach for implementing missions and making resource 
allocation decisions; and, (3) coordinating and partnering with 
federal, state, and local agencies, and the private sector. We have 
made numerous recommendations to DHS and its components, including TSA, 
to strengthen these efforts, and the department has made progress in 
implementing some of these recommendations. 

DHS has not always implemented effective strategic planning efforts and 
has not yet fully developed performance measures or put into place 
structures to help ensure that the agency is managing for results. For 
example, with regard to TSA's efforts to secure air cargo, we reported 
in October 2005 and April 2007 that TSA completed an Air Cargo 
Strategic Plan in November 2003 that outlined a threat-based risk- 
management approach to securing the nation's domestic air cargo system, 
and that this plan identified strategic objectives and priority actions 
for enhancing air cargo security based on risk, cost, and 
deadlines.[Footnote 37] However, TSA had not developed a similar 
strategy for addressing the security of inbound air cargo--cargo 
transported into the United States from foreign countries--including 
how best to partner with CBP and international air cargo stakeholders. 
In another example, we reported in April 2007 that TSA had not yet 
developed outcome-based performance measures for its foreign airport 
assessment and air carrier inspection programs, such as the percentage 
of security deficiencies that were addressed as a result of TSA's on- 
site assistance and recommendations, to identify any aspects of these 
programs that may need attention. We recommended that DHS direct TSA 
and CBP to develop a risk-based strategy, including specific goals and 
objectives, for securing air cargo;[Footnote 38] and develop outcome- 
based performance measures for its foreign airport assessment and air 
carrier inspection programs.[Footnote 39] DHS generally concurred with 
GAO's recommendations with regard to air cargo, and is taking steps to 
strengthen its efforts in this area. 

Although DHS and TSA have made risk-based decision-making a cornerstone 
of departmental and agency policy, DHS and TSA could strengthen their 
application of risk management in implementing their mission functions. 
Several DHS component agencies and TSA have worked towards integrating 
risk-based decision making into their security efforts, but we reported 
that these efforts can be strengthened. For example, TSA has 
incorporated certain risk-management principles into securing air 
cargo, but has not completed assessments of air cargo vulnerabilities 
or critical assets--two crucial elements of a risk-based approach. TSA 
has also incorporated risk-based decision making when making 
modifications to airport checkpoint screening procedures, to include 
modifying procedures based on intelligence information and 
vulnerabilities identified through covert testing at airport 
checkpoints. However, in April 2007, we reported that TSA's analyses 
that supported screening procedural changes could be strengthened. For 
example, TSA officials based their decision to revise the prohibited 
items list to allow passengers to carry small scissors and tools onto 
aircraft based on their review of threat information--which indicated 
that these items do not pose a high risk to the aviation system--so 
that TSOs could concentrate on higher threat items.[Footnote 40] 
However, TSA officials did not conduct the analysis necessary to help 
them determine whether this screening change would affect TSO's ability 
to focus on higher-risk threats.[Footnote 41] As noted earlier in this 
statement, TSA is taking steps to strengthen its efforts in both of 
these areas. 

In addition to providing federal leadership with respect to homeland 
security, DHS also plays a large role in coordinating the activities of 
key stakeholders, but has faced challenges in this regard. Although 
improvements are being made, we have found that the appropriate 
homeland security roles and responsibilities within and between the 
levels of government, and with the private sector, are evolving and 
need to be clarified. For example, we reported that opportunities exist 
for TSA to work with foreign governments and industry to identify best 
practices for securing passenger rail and air cargo, and recommended 
that TSA systematically compile and analyze information on practices 
used abroad to identify those that may strengthen the department's 
overall security efforts.[Footnote 42] With regard to air cargo, TSA 
has subsequently reviewed the models used in two foreign countries that 
rely on government-certified screeners to screen air cargo to 
facilitate the design of the agency's proposed certified-cargo 
screening program. Further, in September 2005, we reported that TSA did 
not effectively involve private sector stakeholders in its decision 
making process for developing security standards for passenger rail 
assets.[Footnote 43] We recommended that DHS develop security standards 
that reflect industry best practices and can be measured, monitored, 
and enforced by TSA rail inspectors and, if appropriate, rail asset 
owners. DHS agreed with these recommendations. Regarding efforts to 
respond to in-flight security threats, which, depending on the nature 
of the threat, could involve more than 15 federal agencies and agency 
components, in July 2007 we also recommended that DHS and other 
departments document and share their respective coordination and 
communication strategies and response procedures, to which DHS 
agreed.[Footnote 44] The Implementing Recommendations of the 9/11 
Commission Act includes provisions designed to improve coordination 
with stakeholders. For example, the act requires DHS and DOT to develop 
an annex to the Memorandum of Understanding between the two departments 
governing the specific roles, responsibilities, resources, and 
commitments in addressing motor carrier transportation security 
matters, including the processes the departments will follow to promote 
communications and efficiency, and avoid duplication of 
effort.[Footnote 45] The act also requires DHS, in consultation with 
DOT, to establish a program to provide appropriate information that DHS 
has gathered or developed on the performance, use, and testing of 
technologies that may be used to enhance surface transportation 
security to surface transportation entities.[Footnote 46] According to 
TSA, the agency has begun to provide transit agencies with information 
on recommended available security technologies through security 
roundtables for the top 50 transit agencies; the posting of an 
authorized equipment list on the Homeland Security Information Network 
Web site; and periodic briefings to other federal agencies. 

Concluding Observations: 

The magnitude of DHS's and TSA's responsibilities in securing the 
nation's transportation system is significant, and we commend the 
department on the work it has done and is currently doing to secure 
this network. Nevertheless, given the dominant role that TSA plays in 
securing the homeland, it is critical that the agency continually 
strive to strengthen its programs and initiatives to counter emerging 
threats and improve security. In the almost 6-ï¿½ years since its 
creation, TSA has had to undertake its critical mission while also 
establishing and forming a new agency. At the same time, a variety of 
factors, including threats to and attacks on transportation systems 
around the world, as well as new legislative requirements, have led the 
agency to reassess its priorities and reallocate resources to address 
key events, and to respond to emerging threats. Although TSA has made 
considerable progress in addressing key aspects of commercial aviation 
security, more work remains in some key areas, such as the deployment 
of technologies to detect explosives at checkpoints and in air cargo. 
Further, although TSA has more recently taken action in a number of 
areas to help secure surface modes of transportation, its efforts are 
still largely in the early stage, and the nature of its regulatory role 
and relationship with transportation operators is still being defined. 
As DHS and TSA move forward, it will be important for the department to 
address the challenges that have affected its operations thus far, 
while continuing to adapt to new threats and needs, and well as 
increase the effectiveness and efficiency of existing programs and 
operations. We will continue to review DHS's and TSA's progress in 
securing the transportation network, and will provide information to 
Congress and the public on these efforts. 

Madam Chairwoman this concludes my statement. I would be pleased to 
answer any questions that you or other members of the subcommittee may 
have at this time. 

GAO Contact and Staff Acknowledgments: 

For further information on this testimony, please contact Cathleen 
Berrick at (202) 512-3404 or at [email protected]. Individuals making 
key contributions to this testimony include Steve D. Morris, Assistant 
Director; Jason Berman; Kristy Brown; Martene Bryan; Tony Cheesebrough; 
Fatema Choudhury; Chris Currie; Joe Dewechter; Dorian Dunbar; Barbara 
Guffy; John Hansen; Dawn Hoff; Daniel Klabunde; Anne Laffoon; Gary 
Malavenda; Sara Margraf; Victoria Miller; Dan Rodriguez; Maria 
Strudwick; Spencer Tacktill; Gabriele A. Tonsil; Margaret A. Ullengren; 
Margaret Vo; and Su Jin Yon. 

[End of section] 

Footnotes: 

[1] See GAO, Department of Homeland Security: Progress Report on 
Implementation of Mission and Management Functions, GAO-07-454 
(Washington, D.C.: Aug. 17, 2007); GAO, Department of Homeland 
Security: Progress Report on Implementation of Mission and Management 
Functions, GAO-07-1081T (Washington, D.C.: Sept. 6, 2007); and GAO, 
Department of Homeland Security: Progress Report on Implementation of 
Mission and Management Functions, GAO-07-1240T (Washington, D.C.: Sept. 
18, 2007). 

[2] A risk management approach entails a continuous process of managing 
risk through a series of actions, including setting strategic goals and 
objectives, assessing risk, evaluating alternatives, selecting 
initiatives to undertake, and implementing and monitoring those 
initiatives. 

[3] Pub. L. No. 107-71, 115 Stat. 597 (2001). 

[4] GAO, Aviation Security: Further Steps Needed to Strengthen the 
Security of Commercial Airport Perimeters and Access Controls, GAO-04- 
728 (Washington, D.C.: June 2004). 

[5] GAO, Transportation Security: DHS Should Address Key Challenges 
before Implementing the Transportation Worker Identification Credential 
Program, GAO-06-982 (Washington, D.C.: September 2006) and 
Transportation Security: TSA Has Made Progress in Implementing the 
Transportation Worker Identification Credential Program, but Challenges 
Remain, GAO-08-133T (Washington, D.C.: October 31, 2007). 

[6] The Explanatory Statement accompanying Division E of the 
Consolidated Appropriations Act, 2008 (Pub. L. No. 110-161, Div. E, 121 
Stat. 1844, 2042 (2007), allocates $15,000,000 in appropriated funds 
for TSA to pilot-test various forms of employee screening at seven 
commercial airports. Among other things, TSA is to collect data on the 
benefits, costs, and impacts of 100-percent airport employee screening 
as well as of the alternative screening approaches, and brief the 
Committees on Appropriations on the progress and results of the pilot 
projects no later than September 1, 2008. 

[7] TSA also oversees screening operations at airports utilizing 
private screeners under TSA's Screening Partnership Program. See 49 
U.S.C. ï¿½ 44920. 

[8] GAO, Aviation Security: TSA's Staffing Allocation Model Is Useful 
for Allocating Staff among Airports, but Its Assumptions Should Be 
Systematically Reassessed, GAO-07-299 (Washington, D.C.: Feb. 28, 
2007). 

[9] GAO, Aviation Security: Management Challenges Remain for the 
Transportation Security Administration's Secure Flight Program, GAO-06-
864T (Washington, D.C.: June 14, 2006) and GAO, Aviation Security: 
Progress Made in Systematic Planning to Guide Key Investment Decisions, 
but More Work Remains, GAO-07-448T (Washington, D.C.: Feb. 13, 2007). 

[10] Passengers identified as being on the No Fly List must be denied 
boarding passes and must not be permitted to fly unless cleared in 
accordance with TSA security requirements. Passengers on the Selectee 
List are to be issued boarding passes, but they and their baggage are 
to undergo additional security measures. 

[11] GAO, Aviation Security: Transportation Security Administration Has 
Strengthened Planning to Guide Investments in Key Aviation Security 
Programs, but More Work Remains, GAO-08-456T (Washington, D.C.: Feb. 
28, 2008). 

[12] GAO, Aviation Security: Risk, Experience, and Customer Concerns 
Drive Changes to Airline Passenger Screening Procedures, but Evaluation 
and Documentation of Proposed Changes Could Be Improved, GAO-07-634 
(Washington, D.C.: Apr. 16, 2007). 

[13] Examples of projects currently in research and development include 
the checkpoint explosives detection system and the whole body imager. 
Projects that have undergone initiated procurements include the cast 
and prosthesis scanner and the advanced technology systems. 

[14] GAO-07-448T . 

[15] Explosive detection systems (EDS) use specialized X-rays to detect 
characteristics of explosives that may be contained in baggage as it 
moves along a conveyor belt. Explosive trace detection (ETD) works by 
detecting vapors and residues of explosives. Human operators collect 
samples by rubbing swabs along the interior and exterior of an object 
that TSOs determine to be suspicious, and place the swabs in the ETD 
machine, which then chemically analyzes the swabs to identify any 
traces of explosive materials. 

[16] See GAO, Aviation Security: TSA Oversight of Checked Baggage 
Screening Procedures Could Be Strengthened, GAO-06-869 (Washington, 
D.C.: July 2006), GAO, Aviation Security: Enhancements Made in 
Passenger and Checked Baggage Screening, but Challenges Remain, GAO-06- 
371T (Washington, D.C.: April 4, 2006), and GAO-07-448T. 

[17] GAO, Aviation Security: Federal Efforts to Secure U.S.-Bound Air 
Cargo Are in the Early Stages and Could Be Strengthened, GAO-07-660 
(Washington, D.C.: Apr. 30, 2007). 

[18] GAO, Aviation Security: Federal Action Needed to Strengthen 
Domestic Air Cargo Security, GAO-06-76 (Washington, D.C.: Oct. 17, 
2005) and GAO-07-660. 

[19] TSA's air cargo pilot programs include an air cargo explosives 
detection program; an EDS pilot program; an air cargo security seals 
pilot; the testing of hardened unit-loading devices; and, the testing 
of pulsed fast neutron analysis technology. 

[20] GAO-07-660. 

[21] According to TSA, the program will allow TSA-certified shippers 
and manufacturers to screen air cargo before it leaves the factory. The 
screened cargo would then be secured with a tamper-resistant seal and 
transported to the airport for shipment. 

[22] Pub. L. No. 110-53, ï¿½ 1602(a), 121 Stat. at 477-480 (2007) 
(codified at 49 U.S.C. ï¿½ 44901(g)). 

[23] TSA conducts corporate security reviews in multiple modes of 
transportation to establish baseline data against which to evaluate 
minimum-security standards and identify coverage gaps in reviewed 
systems. 

[24] According to TSA, the agency completed 945 criticality assessments 
in fiscal year 2007 and 400 assessments in fiscal year 2008. TSA 
officials stated that some of these assessments may have been conducted 
to update previously completed ones. 

[25] For more information, see GAO, Passenger Rail Security: Enhanced 
Federal Leadership Needed to Prioritize and Guide Security Efforts, GAO-
07-225T (Washington, D.C.: Jan. 18, 2007). 

[26] See 71 Fed. Reg. 76,852 (Dec. 21, 2006). 

[27] See Pub. L. No. 110-53, ï¿½ï¿½ 1512, 1531, 121 Stat. at 429-33, 454- 
57. 

[28] See, e.g., Pub. L. No. 110-53, ï¿½ 1534, 121 Stat at 461-62. 

[29] See Pub. L. No. 110-53, ï¿½ï¿½ 1405, 1512, 1531, 121 Stat. at 402-05, 
429-33, 454-57. 

[30] See Pub. L. No. 110-53, ï¿½ 1408, 121 Stat. at 409-11 (requiring 
that the Secretary develop and issue final regulations for the training 
program by August 2008). 

[31] See Pub. L. No. 110-53, ï¿½ 1304, 121 Stat. at 393-94. 

[32] For more information, see GAO, Passenger Rail Security: Enhanced 
Federal Leadership Needed to Prioritize and Guide Security Efforts, GAO-
06-181T (Washington, D.C.: Oct. 20, 2005). 

[33] See Pub. L. No. 110-53, ï¿½ 1406, 1513, 1532, 121 Stat. 405-08, 433- 
35, 457-60. 

[34] See, e.g., Pub. L. No. 110-53, ï¿½ 1406(b), (c)(2), 121 Stat. at 405-
07. 

[35] See Pub. L. No. 110-53, ï¿½ï¿½ 1406(d), 1532(e), 121 Stat. at 407, 
459. 

[36] For more information see GAO-06-181T. 

[37] GAO-07-660. 

[38] GAO-07-660. 

[39] GAO, Aviation Security: Foreign Airport Assessments and Air 
Carrier Inspections Help Enhance Security, but Oversight of These 
Efforts Can Be Strengthened, GAO-07-729 (Washington, D.C.: May 11, 
2007). 

[40] GAO-07-634. 

[41] GAO-07-634. 

[42] See GAO-07-660 and GAO-05-851. 

[43] See GAO-05-851. 

[44] GAO, Aviation Security: Federal Coordination for Responding to In- 
flight Security Threats Has Matured, but Procedures Can Be 
Strengthened, GAO-07-891R (Washington, D.C.: July 31, 2007). 

[45] See Pub. L. No. 110-53, ï¿½ 1541, 121 Stat. at 469. 

[46] See Pub. L. No. 110-53, ï¿½ 1305, 121 Stat. at 394-95.

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability.  

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates."  

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to:  

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548:  

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061:  

To Report Fraud, Waste, and Abuse in Federal Programs:  

Contact:  

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: [email protected]: 
Automated answering system: (800) 424-5454 or (202) 512-7470:  

Congressional Relations:  

Ralph Dawn, Managing Director, [email protected]: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548:  

Public Affairs: 

Chuck Young, Managing Director, [email protected]: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: 
*** End of document. ***