Maritime Security: National Strategy and Supporting Plans Were	 
Generally Well-Developed and Are Being Implemented (20-JUN-08,	 
GAO-08-672).							 
                                                                 
The safety and economic security of the United States depends on 
the secure use of the world's seaports and waterways. Homeland	 
Security Presidential Directive-13 (HSPD-13, also referred to as 
National Security Presidential Directive-41) directs the	 
coordination of U.S. maritime security policy through the	 
creation of a National Strategy for Maritime Security and	 
supporting implementation plans. GAO was asked to evaluate this  
strategy and its eight supporting plans. This report discusses:  
(1) the extent to which the strategy and its supporting plans	 
contain desirable characteristics of an effective national	 
strategy, and (2) the reported status of the implementation of	 
these plans. To conduct this work, GAO evaluated the National	 
Strategy for Maritime Security and its supporting plans against  
the desirable characteristics of an effective national strategy  
that GAO identified in February 2004, reviewed HSPD-13 and	 
supporting plans, and reviewed documents on the status of the	 
plans' implementation.						 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-08-672 					        
    ACCNO:   A82463						        
  TITLE:     Maritime Security: National Strategy and Supporting Plans
Were Generally Well-Developed and Are Being Implemented 	 
     DATE:   06/20/2008 
  SUBJECT:   Contingency plans					 
	     Counterterrorism					 
	     Emergency preparedness				 
	     Homeland security					 
	     Interagency relations				 
	     Maritime security					 
	     Monitoring 					 
	     National policies					 
	     Performance measures				 
	     Policy evaluation					 
	     Port security					 
	     Program evaluation 				 
	     Risk assessment					 
	     Risk management					 
	     Security threats					 
	     Strategic planning 				 
	     Terrorism						 
	     Transportation security				 
	     Program coordination				 
	     Program goals or objectives			 
	     Program implementation				 
	     Homeland Security Presidential			 
	     Directive-13					 
                                                                 
	     National Strategy for Maritime Security		 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-08-672

   

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to [email protected]. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Report to the Committee on Commerce, Science, and Transportation, U.S. 
Senate: 

United States Government Accountability Office:
GAO: 

June 2008: 

Maritime Security: 

National Strategy and Supporting Plans Were Generally Well-Developed 
and Are Being Implemented: 

GAO-08-672: 

GAO Highlights: 

Highlights of GAO-08-672, a report to the Committee on Commerce, 
Science and Transportation, U.S. Senate. 

Why GAO Did This Study: 

The safety and economic security of the United States depends on the 
secure use of the worldï¿½s seaports and waterways. Homeland Security 
Presidential Directive-13 (HSPD-13, also referred to as National 
Security Presidential Directive-41) directs the coordination of U.S. 
maritime security policy through the creation of a National Strategy 
for Maritime Security and supporting implementation plans. GAO was 
asked to evaluate this strategy and its eight supporting plans. This 
report discusses: (1) the extent to which the strategy and its 
supporting plans contain desirable characteristics of an effective 
national strategy, and (2) the reported status of the implementation of 
these plans. 

To conduct this work, GAO evaluated the National Strategy for Maritime 
Security and its supporting plans against the desirable characteristics 
of an effective national strategy that GAO identified in February 2004, 
reviewed HSPD-13 and supporting plans, and reviewed documents on the 
status of the plansï¿½ implementation. 

What GAO Found: 

Of the six desirable characteristics of an effective national strategy 
that GAO identified in 2004, the National Strategy for Maritime 
Security and its eight supporting implementation plans address four and 
partially address the remaining two as shown in the table below. 

Table: Extent to Which the National Strategy for Maritime Security and 
Its Supporting Implementation Plans Address GAOï¿½s Desirable 
Characteristics: 

Desirable characteristic: Purpose, scope, and methodology; Brief 
description of characteristic: Addresses why the strategy was produced, 
the scope of its coverage, and the process by which it was developed; 
Assessment: Addresses. 

Desirable characteristic: Problem definition and risk assessment; Brief 
description of characteristic: Addresses the particular national 
problems and threats the strategy is directed towards; Assessment: 
Addresses. 

Desirable characteristic: Organizational roles, responsibilities, and 
coordination; Brief description of characteristic: Addresses who will 
be implementing the strategy, what their roles will be compared to 
others, and mechanisms for them to coordinate their efforts; 
Assessment: Addresses. 

Desirable characteristic: Integration and implementation; Brief 
description of characteristic: Addresses how a national strategy 
relates to other strategiesï¿½ goals, objectives, and activities, and to 
subordinate levels of government and their plans to implement the 
strategy; Assessment: Addresses. 

Desirable characteristic: Goals, objectives, activities, and 
performance measures; Brief description of characteristic: Addresses 
what the strategy is trying to achieve, steps to achieve those results, 
as well as the priorities, milestones, and performance measures to 
gauge results; Assessment: Partially addresses (does not include 
performance measures). 

Desirable characteristic: Resources, investments, and risk management; 
Brief description of characteristic: Addresses what the strategy will 
cost, the sources and types of resources and investments needed, and 
where resources and investments should be targeted by balancing risk 
reductions and costs; Assessment: Partially addresses (does not include 
information on the sources and types of resources needed). 

Source: GAO analysis. 

[End of table] 

Documents provided by the Maritime Security Working Groupï¿½an 
interagency body responsible for monitoring and assessing the 
implementation of the maritime strategyï¿½indicate that the 
implementation status of the eight supporting plans varies. For 
example, as of November 2007, implementation of one plan had been 
completed, while another has reached the assessment phase (e.g., 
lessons learned and best practices), and a third has reached the 
execution phase (e.g., exercises and operations). The other five plans 
remain primarily in the planning phase. The working group is monitoring 
the implementation of 76 actions across the plans, and reported 6 of 
these are completed and 70 are ongoing. 

What GAO Recommends: 

GAO is not making any new recommendations. However, it previously made 
recommendations to the Department of Homeland Security (DHS) related to 
the key issues discussed in this report. DHS generally concurred with 
these earlier recommendations and is working to address them. 

To view the full product, including the scope and methodology, click on 
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-672]. For more 
information, contact Stephen L. Caldwell at (202) 512-9610 or 
[email protected]. 

[End of section] 

Contents: 

Letter: 

Results in Brief: 

Background: 

The National Strategy for Maritime Security and Its Eight Supporting 
Implementation Plans Address or Partially Address All of the Desirable 
Characteristics of a National Strategy: 

Maritime Security Working Group Reports that the Implementation of 
Supporting Plans Varies: 

Agency Comments: 

Appendix I: Objectives, Scope and Methodology: 

Appendix II: GAO Contacts and Staff Acknowledgments: 

Related GAO Products: 

Tables: 

Table 1: Extent to Which the National Strategy for Maritime Security 
and its Supporting Implementation Plans Address GAO's Desirable 
Characteristics: 

Table 2: Summary and Status of National Strategy for Maritime Security 
Supporting Implementation Plans (Lead Department) as Reported by the 
Maritime Security Working Group in November 2007: 

Figures: 

Figure 1: Stages of the International Supply Chain and Related Maritime 
Security Legislation and HSPD-13 Plans: 

Figure 2: Structure of the Policy and Implementation Bodies Responsible 
for Coordination of the National Strategy for Maritime Security: 

[End of section] 

United States Government Accountability Office:
Washington, DC 20548: 

June 20, 2008: 

The Honorable Daniel Inouye: 
Chairman: 
The Honorable Ted Stevens: 
Vice Chairman: 
Committee on Commerce, Science and, Transportation: 
United States Senate: 

More than 6 years after the September 11, 2001, attacks, the risk of a 
terrorist attack in the maritime domain remains a major concern to the 
United States.[Footnote 1] Over 95 percent of U.S. international trade 
is transported by water, thus, the safety and economic security of the 
United States depends in large part on the secure use of the world's 
seaports and waterways. A successful attack on a major seaport could 
potentially result in a dramatic slowdown in the international supply 
chain with impacts in the billions of dollars.[Footnote 2] Therefore, 
the United States and its trading partners, have a common interest to 
facilitate maritime commerce and to protect against maritime-related 
terrorist, criminal, or other hostile acts. 

The federal government has been active in seeking to enhance maritime 
security through legislation, presidential directives, and 
international agreements. As a result, the federal government has 
implemented numerous programs and initiatives to help secure our 
nation's maritime infrastructure, harbors, seaports, and international 
waterways. One of these efforts, and the focus of this report, is 
Homeland Security Presidential Directive-13 (HSPD-13), which directs 
the coordination of maritime security policy through the creation of a 
National Strategy for Maritime Security and supporting implementation 
plans. Issued in December 2004, HSPD-13 aims to establish U.S. policy 
and implementation actions to further reduce the vulnerability of the 
maritime domain. These efforts are monitored by the Maritime Security 
Working Group, an interagency group tasked with monitoring the 
implementation of the supporting plans. The working group reports to 
the Maritime Security Policy Coordination Committee, which is the 
primary forum for coordinating U.S. national maritime strategy. Both 
the Maritime Security Policy Coordination Committee and the Maritime 
Security Working Group are co-chaired by representatives of the 
National Security Council and the Homeland Security Council.[Footnote 
3] 

In 2004, we developed a set of six desirable characteristics for 
national strategies.[Footnote 4] Those six characteristics are: 

(1) Statement of purpose, scope, and methodology: addresses why the 
strategy was produced, the scope of its coverage, and the process by 
which it was developed. 

(2) Problem definition and risk assessment: addresses the particular 
national problems and threats the strategy is directed towards. 

(3) Goals, subordinate objectives, activities, and performance 
measures: addresses what the strategy is trying to achieve and the 
steps to achieve those results, as well as the priorities, milestones, 
and performance measures to gauge results. 

(4) Resources, investments, and risk management: addresses what the 
strategy will cost, the sources and types of resources and investments 
needed, and where resources and investments should be targeted by 
balancing risk reductions and costs. 

(5) Organizational roles, responsibilities, and coordination: addresses 
which organizations will be implementing the strategy, what their roles 
will be compared to others, and mechanisms for them to coordinate their 
efforts. 

(6) Integration and implementation: addresses how a national strategy 
relates to other strategies' goals, objectives, and activities, and to 
subordinate levels of government and their plans to implement the 
strategy. 

We believe these characteristics can assist responsible parties in 
further developing and implementing national strategies, as well as 
enhance their usefulness in resource and policy decisions and to better 
assure accountability. We have used these characteristics to assess the 
completeness of seven national strategies related to homeland security 
and combating terrorism.[Footnote 5] 

You asked us to evaluate the National Strategy for Maritime Security 
and its eight supporting implementation plans. This report presents the 
results of our efforts to address the following questions: 

* To what extent does the National Strategy for Maritime Security and 
its supporting implementation plans contain the elements identified as 
desirable characteristics of an effective national strategy? 

* What is the reported implementation status of these plans? 

To answer our first question, we analyzed the National Strategy for 
Maritime Security to determine whether it contained the desirable 
characteristics for an effective national strategy. If a characteristic 
or an element of a characteristic was missing from the national 
strategy, then we reviewed the eight supporting implementation plans 
for evidence of the characteristic in a majority of these 
plans.[Footnote 6] We also reviewed the plans to determine if they 
provided more detail on the characteristics examined than could be 
found in the national strategy, for example, what component or agency 
will implement a specific recommendation. If a characteristic or an 
element of a characteristic was missing from the national strategy, our 
methodology required that the characteristic or element be present in 
at least five of the supporting plans for the characteristic to be 
considered "addressed." An assessment of partially addressed meant that 
the characteristic or element be present in at least one of the 
supporting plans. To answer our second question, we relied on documents 
provided by the Maritime Security Working Group that detailed the 
status of actions taken to implement the supporting plans and the 
overall status of the implementation of the plans. We also interviewed 
officials from key agencies and the co-chair of the Maritime Security 
Working Group. We did not independently evaluate any of the actions 
monitored for the implementation of these plans. We conducted this 
performance audit from July 2007 to June 2008 in accordance with 
generally accepted government auditing standards. Those standards 
require that we plan and perform the audit to obtain sufficient, 
appropriate evidence to provide a reasonable basis for our findings and 
conclusions based on our audit objectives. We believe that the evidence 
obtained provides a reasonable basis for our findings and conclusions 
based on our audit objectives. Appendix I includes more detailed 
information on our scope and methodology. 

Results in Brief: 

Of the six desirable characteristics of an effective national strategy 
that GAO identified in 2004, the National Strategy for Maritime 
Security and its supporting implementation plans together address four 
and partially address the remaining two. The four characteristics that 
are addressed include: (1) purpose, scope, and methodology; (2) problem 
definition and risk assessment; (3) organizational roles, 
responsibilities, and coordination; and (4) integration and 
implementation. The two characteristics that are partially addressed 
are: (1) goals, objectives, activities, and performance measures and 
(2) resources, investments, and risk management. These characteristics 
are partially addressed primarily because the strategy and its plans 
lack information on performance measures and the resources and 
investments elements of these characteristics. Specifically, only one 
of the supporting plans mentions performance measures and many of these 
measures are presented as possible or potential performance measures. 
However, in previous work we have noted the existence of performance 
measures for individual maritime security programs. For example, 
Customs and Border Protection (CBP) has established performance metrics 
for its Automated Targeting System, which assists in determining which 
containers are to be subjected to inspection, and uses performance 
measures to gauge the effectiveness of its Container Security 
Initiative program, which is designed to detect and deter terrorists 
from smuggling weapons of mass destruction via cargo containers. We 
have also recommended that DHS develop performance measures for other 
maritime security programs and DHS has concurred with these 
recommendations. The resources, investments, and risk management 
characteristic is also partially addressed. While the strategic actions 
and recommendations discussed in the maritime security strategy and 
supporting implementation plans constitute an approach to minimizing 
risk and investing resources, the strategy and seven of its supporting 
implementation plans lack information on the sources and types of 
resources needed for their implementation. In addition, the national 
strategy and three of the supporting plans also lack investment 
strategies to direct resources to necessary actions. To address this, 
the working group has recommended to the Maritime Security Policy 
Coordination Committee that it should examine the feasibility of 
creating an interagency priorities and investment strategy for the 
supporting plans. Despite these shortcomings, we recognize that other 
documents are used for allocating resources. For example, DHS's latest 
Fiscal Year Homeland Security Program, a 5-year resource plan to 
support the mission, priorities, and goals of the department within 
projected funding, provides some details on how much DHS expects to 
spend to implement its maritime security responsibilities. 

Our review of documents provided by the Maritime Security Working Group 
indicates that the implementation status of the eight supporting plans 
varies. Specifically, the working group reported on the status of each 
plan by indicating whether the plan was in the guidance, planning, 
execution, or assessment and evaluation phase.[Footnote 7] They 
reported that as of November 2007, one plan had reached the execution 
phase, another had reached the assessment phase, and a third had been 
completed. The other five plans remained primarily in the planning 
phase. The working group also identified 76 actions across the various 
supporting plans and has monitored the implementation of these actions. 
According to the working group, as of November 2007, 6 of these actions 
were completed and 70 were ongoing. 

Background: 

Since the September 11, 2001, terrorist attacks, federal agencies have 
implemented numerous measures designed to improve maritime security. 
Moreover, legislation has been enacted to provide a framework for 
protecting the nation's seaports and waterways from terrorist attack 
through a wide range of security requirements and programs.[Footnote 8] 
Federal agency measures include, for example, the U.S. Coast Guard 
working with foreign countries to ensure that their seaports have 
adequate security measures in place. Also, under the Container Security 
Initiative, U.S. Customs and Border Protection stations officers 
overseas to work with foreign officials to identify and inspect high- 
risk cargo en route to the United States. 

The Maritime Security Working Group was created in May 2004 to increase 
coordination among U.S. government maritime security policy 
stakeholders and to develop an overarching policy that would serve to 
enhance maritime security and defense, and strengthen antiterrorism 
efforts in the global maritime environment. As a result of the working 
group's efforts, on December 21, 2004, the President issued HSPD-13 
directing the coordination of U.S. government maritime security 
programs and initiatives to achieve a comprehensive and cohesive 
national effort involving appropriate federal, state, local, and 
private sector entities. HSPD-13 established the Maritime Security 
Policy Coordination Committee [Footnote 9] as the primary forum to 
coordinate U.S. policy, guidelines, and implementation actions to 
protect U.S. maritime interests and enhance U.S. national security and 
homeland security.[Footnote 10] 

The Maritime Security Working Group, working on behalf of the Maritime 
Security Policy Coordination Committee, is currently responsible for 
monitoring and assessing implementation of actions related to the 
supporting plans. HSPD-13 required the Secretaries of Defense and 
Homeland Security to lead a joint effort to draft a National Strategy 
for Maritime Security. The strategy was issued in September 2005. 
Additionally, HSPD-13 directed relevant federal departments and 
agencies to develop eight supporting implementation plans to address 
the specific threats and challenges in the maritime environment. These 
supporting plans, the lead departments for their implementation, and 
their completion dates are shown below. 

* National Plan to Achieve Maritime Domain Awareness, DOD and DHS 
(October 2005); 

* Global Maritime Intelligence Integration Plan, DOD and DHS (July 
2005); 

* Maritime Operational Threat Response Plan, DOD and DHS (October 
2006); 

* International Outreach and Coordination Strategy, State (November 
2005); 

* Maritime Infrastructure Recovery Plan, DHS (April 2006); 

* Maritime Transportation System Security Recommendations, DHS (October 
2005); 

* Maritime Commerce Security Plan, DHS (October 2005); and: 

* Domestic Outreach Plan, DHS (October 2005). 

Figure 1 depicts a DHS assessment of how maritime security legislation 
and the National Strategy for Maritime Security's eight supporting 
implementation plans relate to the stages of the international supply 
chain. Also included is one other strategy--the Strategy to Enhance 
International Supply Chain Security--that overlaps with some of the 
supporting plans.[Footnote 11] 

Figure 1: Stages of the International Supply Chain and Related Maritime 
Security Legislation and HSPD-13 Plans: 

[See PDF for image] 

This figure contains several illustrations, as well as a table showing 
the stages of the international supply chain and related Maritime 
Security Legislation and HSPD-13 Plans, as follows: 

Stage: Delivery to port for export (illustration of delivery truck); 
Related legislation and plans: Global Maritime Intelligence Integration 
Plan (Plans and strategies developed as a result of HSPD-13). 

Stage: Delivery to port for export; 
Related legislation and plans: Security and Accountability for Every 
Port Act of 2006 (Related maritime security legislation). 

Stage: Delivery to port for export; 
Related legislation and plans: Strategy to Enhance International Supply 
Chain Security (Comprehensive plan released by DHS). 

Stage: Delivery to port for export; 
Related legislation and plans: International Outreach and Coordination 
Strategy (Plans and strategies developed as a result of HSPD-13). 

Stage: Delivery to port for export; 
Related legislation and plans: National Plan to Achieve Maritime Domain 
Awareness (Plans and strategies developed as a result of HSPD-13). 

Stage: Foreign port of origin (illustration of containers being loaded 
onto a ship); 
Related legislation and plans: Maritime Transportation Security Act of 
2002 (Related maritime security legislation). 

Stage: Shipment (illustration of ship); 
Related legislation and plans: Maritime Operational Threat Response 
Plan (Plans and strategies developed as a result of HSPD-13). 

Stage: Shipment; 
Related legislation and plans: Maritime Transportation System Security 
Recommendations (Plans and strategies developed as a result of HSPD-
13). 

Stage: Shipment; 
Related legislation and plans: Maritime Commerce Security Plan (Plans 
and strategies developed as a result of HSPD-13). 

Stage: U.S. Port of Entry (illustration of cargo being unloaded from a 
ship); 
Related legislation and plans: Domestic Outreach Plan (Plans and 
strategies developed as a result of HSPD-13). 

Stage: U.S. Port of Entry; 
Related legislation and plans: Maritime Infrastructure Recovery Plan 
(Plans and strategies developed as a result of HSPD-13). 

Source: GAO and ArtExplosions (art work); GAO, DHS (analysis). 

Note: GAO modified a graphic contained in DHS's Strategy for 
International Supply Chain Security to add clarification regarding the 
stages of the international supply chain. 

[End of figure] 

Although numerous entities are responsible for security in the maritime 
domain within the United States, the federal government has primary 
responsibility and shares this role with numerous other stakeholders in 
the state, local, and private sectors. For example, DHS--with its 
component agency, the U.S. Coast Guard, acting as executive agent--has 
the lead role in maritime homeland security; DOD leads efforts to 
further integrate maritime intelligence and increase maritime domain 
awareness; and State is responsible for taking steps to inform U.S. 
missions abroad on maritime security initiatives and concerns, as 
necessary. Also, the Departments of Commerce, Energy, and 
Transportation, among others, have responsibilities for various aspects 
of maritime security. 

We have reported on performance in the maritime security mission, 
particularly by DHS, for several years. In our 2007 review of DHS's 
progress in management and mission areas, we reported that DHS had made 
substantial progress in maritime security in that it had generally 
achieved 17 out of 23 performance expectations.[Footnote 12] 
Specifically, we reported that DHS had developed national and regional 
plans for DHS's maritime security and response and a national plan for 
recovery, and it had ensured the completion of vulnerability 
assessments and security plans for port facilities and vessels. DHS had 
also developed programs for collecting information on incoming ships 
and was working with the private sector to improve and validate supply 
chain security. Additionally, we reported that DHS (1) had improved 
security efforts by establishing committees to share information with 
local port stakeholders, (2) was taking actions to establish 
interagency operations centers to monitor port activities, (3) was 
developing port-level plans to prevent and respond to terrorist 
attacks, (4) was testing such plans through exercises, and (5) was 
assessing security at foreign seaports. We further reported that DHS 
had strengthened the security of cargo containers through enhancements 
to its system for identifying high-risk cargo and expanding 
partnerships with other countries to screen containers before they are 
shipped to the United States. However, we also reported that DHS faced 
challenges in implementing certain maritime security responsibilities 
including, for example, a program to control access to seaports' secure 
areas and to screen incoming cargo for radiation. 

In October 2007, we updated our findings when we testified on DHS's 
overall maritime security efforts as they related to the Security and 
Accountability For Every Port Act of 2006.[Footnote 13] We also 
reported on other challenges faced by DHS in its cargo security 
efforts, such as CBP's requirement to test and implement a new program 
to screen 100 percent of all incoming containers overseas. As part of 
our body of work on the performance of maritime security missions, we 
have made recommendations to DHS including that it develop strategic 
plans, better plan the use of its human capital, establish performance 
measures, and otherwise improve program operations. DHS has generally 
concurred with our recommendations and is making progress towards 
implementing them. A list of related GAO products is included at the 
end of this report. 

The National Strategy for Maritime Security and Its Eight Supporting 
Implementation Plans Address or Partially Address All of the Desirable 
Characteristics of a National Strategy: 

Of the six desirable characteristics of an effective national strategy 
that GAO identified in 2004, the National Strategy for Maritime 
Security and its eight supporting implementation plans together address 
four and partially address two. The four characteristics that are 
addressed include: (1) purpose, scope, and methodology; (2) problem 
definition and risk assessment; (3) organizational roles, 
responsibilities, and coordination; and (4) integration and 
implementation. The two characteristics that are partially addressed 
are: (1) goals, objectives, activities, and performance measures; and 
(2) resources, investments, and risk management. Specifically, the 
elements of these characteristics that are not addressed are those 
concerning performance measures, and resources and investments. What 
follows is our assessment of the National Strategy for Maritime 
Security and its supporting plans as compared to the six desirable 
characteristics of an effective national strategy. These 
characteristics and the results of our assessment are shown in table 1. 
[Footnote 14] 

Table 1: Extent to Which the National Strategy for Maritime Security 
and its Supporting Implementation Plans Address GAO's Desirable 
Characteristics: 

Desirable characteristic: Purpose, scope, and methodology; 
Brief description of characteristic: Addresses why the strategy was 
produced, the scope of its coverage, and the process by which it was 
developed; 
Assessment: Addresses. 

Desirable characteristic: Problem definition and risk assessment; 
Brief description of characteristic: Addresses the particular national 
problems and threats the strategy is directed towards; 
Assessment: Addresses. 

Desirable characteristic: Organizational roles, responsibilities, and 
coordination; 
Brief description of characteristic: Addresses who will be implementing 
the strategy, what their roles will be compared to others, and 
mechanisms for them to coordinate their efforts; 
Assessment: Addresses. 

Desirable characteristic: Integration and implementation; 
Brief description of characteristic: Addresses how a national strategy 
relates to other strategies' goals, objectives, and activities, and to 
subordinate levels of government and their plans to implement the 
strategy; 
Assessment: Addresses. 

Desirable characteristic: Goals, objectives, activities, and 
performance measures; 
Brief description of characteristic: Addresses what the strategy is 
trying to achieve, steps to achieve those results, as well as the 
priorities, milestones, and performance measures to gauge results; 
Assessment: Partially addresses (does not include performance 
measures). 

Desirable characteristic: Resources, investments, and risk management; 
Brief description of characteristic: Addresses what the strategy will 
cost, the sources and types of resources and investments needed, and 
where resources and investments should be targeted by balancing risk 
reductions and costs; 
Assessment: Partially addresses (does not include information on the 
sources and types of resources needed). 

Source: GAO analysis. 

Note: In prior work we also acknowledge that different strategies may 
use different terms than we use to describe the same characteristic. A 
strategy "addresses" a characteristic when it cites all elements of a 
characteristic, even if it lacks specificity and thus could be improved 
upon. A strategy "partially addresses" a characteristic when it cites 
some, but not all, elements of a characteristic. 

[End of table] 

National Strategy and Implementation Plans Together Address Four of the 
Desirable Characteristics of a National Strategy: 

Our analysis shows that the National Strategy for Maritime Security and 
its supporting implementation plans together address four of the 
desirable characteristics of an effective national strategy. In 
general, these characteristics communicate why a strategy was produced, 
specify the threats that a strategy addresses, identify the 
organizations responsible for implementing a strategy and how they will 
coordinate their efforts, and tie a strategy to other strategies and 
plans, and subordinate levels of government. The extent to which each 
of these four desirable characteristics is addressed in the National 
Strategy for Maritime Security and its supporting plans is discussed in 
the following sections. 

Purpose, Scope, and Methodology: 

The purpose, scope, and methodology characteristic is addressed in the 
National Strategy for Maritime Security and its eight supporting 
implementation plans. Specifically, while the purpose and scope are 
addressed in both the national strategy and the supporting plans, the 
strategy alone does not describe the methodology used in its 
development. However, five of the eight supporting plans do contain 
information on the methodology for how the plans were developed, and 
the Domestic Outreach Plan documents that eight working groups of 
maritime security stakeholders developed the eight plans supporting the 
national strategy--providing additional insight into the methodological 
development of the plans. For example, the Maritime Security Policy 
Coordination Committee is cited in the Maritime Domain Awareness and 
Maritime Commerce Security plans as having the responsibility for 
developing the supporting plans. This characteristic is important 
because if a national strategy does not contain a complete description 
of the purpose, scope, and methodology, this could reduce the 
document's usefulness to the organizations responsible for implementing 
the strategy, as well as organizations seeking to exercise oversight, 
such as the Congress. Although the purpose and scope are described 
generally in the national strategy, they are more specifically 
described in the supporting plans. For example, the strategy states 
that its purpose is "to better integrate and synchronize the existing 
Department-level strategies and ensure their effective and efficient 
implementation," while the Commerce Security Plan's purpose is to 
"promote international supply chain security." The strategy's 
introduction defines the scope of the maritime domain as well as the 
scope of maritime security that the supporting plans are to address. 
[Footnote 15] Supporting plans define the scope further. For example, 
the scope for the Maritime Transportation Security System 
Recommendations plan describes its scope as the systems that comprise 
transportation security: component security, interface security, 
information security, and network security.[Footnote 16] 

Problem Definition and Risk Assessment: 

The problem definition and risk assessment characteristic is addressed 
in the strategy and is discussed with varying levels of detail in six 
of the supporting plans. This characteristic identifies the particular 
national problem and threats to which a strategy is directed. Without 
necessarily prescribing a detailed solution, better problem definition 
and risk assessment provide greater latitude to responsible parties to 
develop innovative approaches that are tailored to the needs of 
specific regions or sectors and can be implemented as a practical 
matter given fiscal, human capital, and other limitations. The 
introduction to the national strategy identifies the problem stating 
that the oceans support commerce and are a source of food, resources, 
and recreation for the United States, and that they also act as a 
barrier and a conduit for threats to our nation. All of the supporting 
plans with the exception of the Domestic Outreach Plan further define 
the problem relative to their own purpose. For example, the problem 
cited in the National Plan to Achieve Maritime Domain Awareness is that 
"today's complex and ambiguous threats place an even greater premium on 
knowledge and a shared understanding of the maritime domain." 

In regard to risk assessment, one section of the national strategy 
identifies five threats to maritime security and discusses them with 
references to intelligence assessments and other national strategies. 
[Footnote 17] For example, citing the National Security Strategy of the 
United States, the National Strategy for Maritime Security states that 
terrorists have indicated a strong desire to use weapons of mass 
destruction which, when coupled with technology dispersion and the fact 
that some nations are unable to account for their stockpiles of these 
weapons or materials, increases the possibility that a terrorist attack 
involving such weapons could occur. It also states that terrorists can 
develop effective attack capabilities against maritime targets 
relatively quickly. The International Outreach and Coordination 
Strategy and the Plan to Achieve Maritime Domain Awareness also discuss 
the threats to maritime security in a manner similar to the National 
Strategy for Maritime Security. Other plans, such as those for Maritime 
Commerce Security and the Maritime Transportation System Security, 
mention threats more generally, citing, for example, the type of 
threat--nuclear, chemical, biological--as in the commerce plan, or the 
source of the threat--terrorism--as in the transportation system plan. 

Organizational Roles, Responsibilities, and Coordination: 

Collectively, the national strategy and its eight supporting 
implementation plans address the organizational roles, 
responsibilities, and coordination characteristic. Though the level of 
specificity regarding roles, responsibilities, and coordination varies 
in the national strategy, all of the supporting plans address this 
characteristic with some detail. The inclusion of this characteristic 
in a national strategy helps agencies and other stakeholders to 
coordinate their efforts. It also helps clarify specific roles, 
particularly where there is overlap, and thus can enhance both 
implementation and accountability. Regarding organizational roles and 
responsibilities, the national strategy indicates that the public and 
private sectors share responsibility for the protection of critical 
infrastructure and key resources, with DHS in the lead role. However, 
the strategy does not identify the more specific roles of DHS 
components such as Customs and Border Protection or the Coast Guard in 
the protection of critical infrastructure or key assets. The supporting 
plans, however, are more explicit about roles and responsibilities. For 
example, specific agencies and components such as the Coast Guard and 
CBP within DHS are identified in the National Plan to Achieve Maritime 
Domain Awareness. In another case, while the national strategy 
references the National Incident Management System and the National 
Response Plan under the strategic objective to Minimize Damage and 
Expedite Recovery, it does not identify which agency is to coordinate 
and lead such a recovery.[Footnote 18] However, these roles and 
responsibilities are discussed in greater detail in the Maritime 
Infrastructure Recovery Plan. For example, it identifies the 
capabilities or types of assets the Army Corps of Engineers and the 
Department of Transportation will provide to aid in recovery. 
Additionally, the National Plan to Achieve Maritime Domain Awareness 
identifies the Maritime Security Policy Coordination Committee as 
having overall coordination responsibility for that plan. Other plans 
such as the Maritime Commerce Security Plan and Maritime Transportation 
System Security Recommendations, respectively, cite coordination 
responsibilities for specific recommendations or actions. For example, 
the Maritime Commerce Security Plan directs DHS to coordinate with DOD 
in the development of technology to secure containerized cargo, and the 
Maritime Transportation Security System Recommendations plan directs 
DHS to coordinate improvements to international maritime regulation. 

Integration and Implementation: 

The integration and implementation characteristic is addressed in the 
national strategy and all but one of the supporting plans by noting, 
for example, that the terrorist threats cited in the national strategy 
are also considered in the National Security Strategy and the National 
Strategy to Secure Cyberspace. This characteristic builds on the 
aforementioned organizational roles and responsibilities--and thus can 
further clarify the relationships between various implementing parties. 
With regard to integration, the National Strategy for Maritime Security 
states that it is guided by the goals of the National Security Strategy 
and National Strategy for Homeland Security and draws upon other 
national strategies to counter terrorism, protect critical 
infrastructure, and combat weapons of mass destruction, among other 
strategies. The supporting plans provide more details on the 
integration characteristic by, for example, discussing how a particular 
plan supports or is supported by another supporting plan. For example, 
the Maritime Commerce Security Plan states that its development was 
closely coordinated with that of the Maritime Infrastructure Recovery 
Plan and the Maritime Transportation Security System Recommendations 
plan. Furthermore, the Maritime Infrastructure Recovery Plan discusses 
the integration of the plan with other national and local area maritime 
security plans. 

With regard to implementation, the National Strategy for Maritime 
Security cites the eight supporting plans as the means to implement the 
strategy and seven of the eight supporting plans provide amplifying 
detail and specificity on implementation issues, often citing their own 
implementation in terms of the implementation of other supporting 
plans. Three plans also state how their implementation is related to 
other plans. For example, the National Plan to Achieve Maritime Domain 
Awareness states that its implementation directly supports, and is 
supported by, the Global Maritime Intelligence Integration Plan and 
that the Maritime Domain Awareness plan is an enabler of the Maritime 
Operational Threat Response plan. 

National Strategy and Implementation Plans Together Partially Address 
the Remaining Two Desirable Characteristics of a National Strategy: 

The strategy and supporting plans only partially address the remaining 
two desirable characteristics: (1) goals, objectives, activities, and 
performance measures; and (2) resources, investments, and risk 
management. These characteristics are partially addressed because they 
do not identify the performance measures needed to gauge the 
implementation of the strategy and its supporting plans, and the 
resources and investments needed to successfully implement and carry 
out the strategy. These two characteristics are discussed below. 

Goals, Objectives, Activities, and Performance Measures: 

The goals, objectives, activities, and performance measures 
characteristic is only partially addressed in the national strategy, 
and the supporting plans also do not include information to address all 
elements of this characteristic, such as performance measures to gauge 
the progress made implementing the strategy and plans. This 
characteristic provides for a clear identification of priorities, 
milestones, and performance measures, without which implementing 
parties may find it difficult to achieve results in specific time 
frames. This also enables more effective oversight and accountability. 
While the national strategy does not specifically use the term "goals" 
in its description, it does provide a list of principles that serve as 
the equivalent of goals and a hierarchy of objectives and subordinate 
objectives. For example, the stated principles of the maritime security 
strategy are to (1) preserve freedom of the seas, (2) facilitate and 
defend commerce to ensure the uninterrupted flow of shipping, and (3) 
facilitate the movement of desirable goods and people across our 
borders while screening out dangerous people and material. The strategy 
also outlines the steps for achieving these with subordinate objectives 
such as to protect maritime-related population centers and critical 
infrastructures.[Footnote 19] Furthermore, the strategy includes five 
strategic actions--such as to embed security into commercial practices-
-intended to achieve further coordination of maritime security efforts. 
[Footnote 20] Each of the supporting plans provides more focused goals 
and objectives. For example, the goal of the Maritime Commerce Security 
Plan is to improve the security of the maritime supply chain, and one 
of the goals of the National Plan to Achieve Maritime Domain Awareness 
is to enhance transparency in the maritime domain. 

However, performance measures are lacking in both the national strategy 
and all but one of the supporting plans. The only supporting plan that 
mentions performance measures is the Maritime Commerce Security Plan 
which lists potential or possible performance measures. For example, 
the Maritime Commerce Security Plan states, "Customs and Border 
Protection performs validations of the foreign security procedures of 
Customs-Trade Partnership Against Terrorism participants. This could 
act as a measure of effectiveness in implementing procedures to secure 
cargo."[Footnote 21] Additionally, in our previous work, we have 
reported that performance measures are in place for some individual 
maritime security programs. For example, we reported that CBP has 
established performance metrics for its Automated Targeting System and 
uses performance measures to gauge the effectiveness of its Container 
Security Initiative program.[Footnote 22] We have also made 
recommendations for the development of performance measures for other 
maritime security programs, such as emergency response 
capabilities.[Footnote 23] DHS generally concurred with these 
recommendations and is working to implement them. 

Resources, Investments, and Risk Management: 

The resources, investments, and risk management characteristic is also 
only partially addressed in the national strategy and supporting 
implementation plans because not all of the elements of this 
characteristic are addressed. Specifically, while the strategic actions 
of the maritime security strategy discussed earlier in this report 
constitute an approach to minimize risk and invest resources to achieve 
maritime security, the strategy lacks information on resource 
requirements. Six of the eight supporting plans also discuss risk 
management; for example, there is a distinct recommendation to 
incorporate risk management in maritime security in the Maritime 
Transportation Security System Recommendations plan. However, the 
supporting plans, like the national strategy, mostly lack information 
on the sources and types of resources needed. 

The national strategy addresses investments and risk management in a 
general way. For example, the strategic action to "Embed Security into 
Commercial Practices" discusses the need to conduct vulnerability 
assessments to identify defenses that require improvement and 
procedures that are used to identify terrorist threats in cargo 
containers, but the strategy does not contain an investment strategy 
for implementing this strategic action nor does it determine how costs 
will be borne among the involved parties. With the exception of the 
National Plan to Achieve Maritime Domain Awareness, none of the other 
seven supporting plans address the resources issue and three do not 
address investments. In a November 2007 briefing regarding the status 
of the implementation of the national plan, the working group 
identified resources and investments as challenges in implementing the 
strategy. This briefing also included recommendations to address the 
resource issue. For example, it suggested that the Maritime Security 
Policy Coordination Committee evaluate the feasibility of developing an 
interagency priorities and investment strategy. Without guidance on 
resources, investments, and risk management, implementing parties may 
find it difficult to allocate resources and investments according to 
priorities and constraints, track costs and performance, and shift 
investments and resources as appropriate. Although this information was 
not included in the strategy or its supporting plans, DHS's latest 
Future Years Homeland Security Program (FYHSP), a 5-year resource plan 
to support the mission, priorities, and goals of the department within 
projected funding, provides some details on how much DHS expects to 
spend to implement its maritime security responsibilities. Within the 
goal to protect our nation from dangerous people and goods, the FYHSP 
discusses several maritime security programs that are part of the 
National Strategy for Maritime Security or it supporting plans. Among 
these are the Container Security Initiative to screen cargo containers 
for weapons before the cargo is shipped to the United States, the C- 
TPAT program which works with the private sector to improve the 
security standards for supply chain and container security, and 
research into the development of technology to improve container 
security. 

Maritime Security Working Group Reports that the Implementation of 
Supporting Plans Varies: 

Documents provided to us by the Maritime Security Working Group 
indicate that the implementation of the supporting plans varies and the 
working group reported one plan had been completed, another has reached 
the assessment phase, a third has reached the execution phase, and the 
other five plans remain primarily in the planning phase.[Footnote 24] 
The working group identified 76 actions across the various supporting 
plans and has monitored the implementation status of these actions. 
[Footnote 25] The working group reported that, as of November 2007, six 
of these actions were completed and 70 were ongoing. The types of 
actions it monitored included issuing guidance, developing plans and 
coordination procedures, assigning personnel and forming working 
groups, as well as technology development and partnering with the 
private sector. 

The process by which the working group monitors the implementation of 
the actions associated with the supporting plans is demonstrated in 
figure 2. According to the working group co-chair, the working group 
identified a list of actions to be carried out to implement the 
supporting plans. The working group then provided this list to the 
departments which in turn delegated further actions to their components 
(right side of the figure). The status of these actions was 
communicated back to the working group and up to the committee through 
the departments (left side of the figure). A DHS official who is a 
working group member said that sometimes components communicate 
directly to the working group. 

Figure 2: Structure of the Policy and Implementation Bodies Responsible 
for Coordination of the National Strategy for Maritime Security: 

[See PDF for image] 

This figure is an illustration of the structure of the policy and 
implementation bodies responsible for coordination of the National 
Strategy for Maritime Security. The structure is as follows: 

* National Security Council; Homeland Security Council (policy); 
* Maritime Security Policy Coordinating Committee (policy); 
* Maritime Security Working Group (implementation); 
* Departments (implementation); 
* Department components (implementation). 

Status of actions is reported from the department components upward to 
the Maritime Security Policy Coordinating Committee. Further actions 
are delegated from the Maritime Security Policy Coordinating Committee 
downward. 

Source: GAO analysis. 

[End of figure] 

Table 2 contains a brief description of each implementation plan and 
examples of actions the working group is monitoring as reported by the 
working group in November 2007. The working group has also reported on 
whether each plan was in the guidance, planning, execution, or 
assessment and evaluation phase. Overall, the working group reported 
that the National Plan to Achieve Maritime Domain Awareness has reached 
the execution phase, which includes training exercises and operations; 
the Maritime Operational Threat Response Plan has reached the 
assessment phase, where lessons learned are assessed and best practices 
are developed; and implementation of the Domestic Outreach Plan has 
been completed. The other five plans remain primarily in the planning 
phase where strategic planning, requirements and capabilities, 
operational, and tactical planning occur.[Footnote 26] For example, 
actions that the working group is monitoring for the Maritime 
Infrastructure Recovery Plan--which the working group reports is in the 
planning phase--include the assignment of risk management personnel, 
the incorporation of recovery management procedures, and the 
identification of private sector subject matter experts essential to 
recovery execution. 

Table 2: Summary and Status of National Strategy for Maritime Security 
Supporting Implementation Plans (Lead Department) as Reported by the 
Maritime Security Working Group in November 2007: 

Supporting plan (Lead departments): National Plan to Achieve Maritime 
Domain Awareness (DOD and DHS); 
Description of plan: Provides an approach for improving information 
collection and sharing in the maritime domain to identify threats as 
early and as distant from our shores as possible; 
Implementation status and examples of actions monitored: Execution 
phase; The working group is monitoring eight actions--including 
guidance and planning efforts such as creation of work groups, 
prioritization of actions, and review of current capabilities--as well 
as the execution of recommendations. 

Supporting plan (Lead departments): Global Maritime Intelligence 
Integration Plan (DOD and DHS); 
Description of plan: Uses existing capabilities to integrate 
intelligence regarding potential threats to U.S. interests in the 
maritime domain; 
Implementation status and examples of actions monitored: Planning 
phase; The working group is monitoring nine actions, including planning 
efforts such as selecting senior staff and the physical location for 
operations, among other activities. They are also assessing 
capabilities and establishing plans, programs, and staff; developing 
coordination procedures; and training plans. 

Supporting plan (Lead departments): Maritime Operational Threat 
Response Plan; (DOD and DHS); 
Description of plan: Establishes roles and responsibilities to enable a 
quick and decisive coordinated U.S. response to threats against the 
United States. and its interests in the maritime domain; 
Implementation status and examples of actions monitored: Assessment 
phase; The working group is monitoring 12 actions, including developing 
operational plans for fulfilling roles and responsibilities and 
planning efforts such as developing a concept of operations and 
coordination procedures. They are also developing offshore search 
procedures, response training, and additional detection capabilities in 
the maritime environment. 

Supporting plan (Lead departments): International Outreach and 
Coordination Strategy (State); 
Description of plan: Provides a framework to coordinate maritime 
security initiatives undertaken with foreign governments and 
international organizations, and solicits international support for 
enhanced maritime security; 
Implementation status and examples of actions monitored: Planning 
phase; The working group is monitoring seven actions, including 
planning efforts such as establishing a unified U.S. position on 
maritime security programs and initiatives and promoting maritime 
security as a key U.S. priority in international forums. 

Supporting plan (Lead departments): Maritime Infrastructure Recovery 
Plan (DHS); 
Description of plan: Recommends procedures and standards for the 
recovery of the maritime infrastructure following attack or similar 
disruption; 
Implementation status and examples of actions monitored: Planning 
phase; The working group is monitoring eight actions, including 
guidance and planning efforts such as assigning risk management 
personnel to support response and recovery operations, incorporating 
recovery management procedures into port security plans, identifying 
private sector subject matter experts essential to recovery execution, 
and determining the cargo-handling capacity of domestic seaports. 

Supporting plan (Lead departments): Maritime Transportation System 
Security Recommendations (DHS); 
Description of plan: Recommends improvements to the national and 
international regulatory framework regarding the maritime domain; 
Implementation status and examples of actions monitored: Planning 
phase; The working group is monitoring eight actions, including the 
establishment of multiple committees made up of maritime stakeholders, 
the development and application of risk assessment methodologies, and 
the engagement of maritime stakeholders in collaborative efforts to 
reduce security risks. They are also monitoring technology development 
to address gaps in maritime security, data management plans for 
information sharing, and maritime transportation system security 
training. 

Supporting plan (Lead departments): Maritime Commerce Security Plan 
(DHS); 
Description of plan: Establishes a comprehensive plan to secure the 
maritime supply chain; 
Implementation status and examples of actions monitored: Planning 
phase; The working group is monitoring 24 actions, including protocols 
to improve information sharing for maritime security, the development 
of a plan to detect nuclear and radiological materials in foreign 
seaports, the review of noncontainerized cargo operations, the 
continued development and promotion of international supply chain 
security standards with international partners, and continued 
partnership with the private sector. 

Supporting plan (Lead departments): Domestic Outreach Plan (DHS); 
Description of plan: Engages nonfederal input to assist with the 
development and implementation of maritime security policies; 
Implementation status and examples of actions monitored: Completed; 
Outreach efforts completed and documented with the issuance of the 
National Strategy for Maritime Security and the supporting plans. 

Source: GAO presentation of data provided by the Maritime Security 
Working Group. 

[End of table] 

Though we did not verify the accuracy of what the working group 
reported regarding the status of the 76 actions it had been monitoring, 
in August 2007 we reported that DHS had made substantial progress with 
regard to maritime security.[Footnote 27] We reported that DHS had 
generally achieved 17 out of 23 performance expectations. Specifically, 
we reported that DHS had generally achieved many planning goals, but 
had not achieved performance expectations related to the development of 
technology. For example, we reported that DHS had not developed a long- 
range vessel tracking system to provide more information on vessels 
approaching or already in U.S. waters. We have ongoing work reviewing 
the progress the Coast Guard has made in implementing its vessel 
tracking system. 

In its November 2007 briefing to Maritime Security Policy Coordination 
Committee, the working group cited three challenges to implementing the 
National Strategy for Maritime Security and its supporting plans: (1) 
the need to align the implementing actions in overlapping national 
strategies, (2) the lack of dedicated interagency resources to 
effectively coordinate actions in supporting plans, and (3) the 
differences in the prioritization of actions by responsible components 
and agencies. The working group briefing also included recommendations 
to the Maritime Security Policy Coordination Committee to address these 
challenges. For example, to address the first challenge, it recommended 
an analysis of uncoordinated strategies with maritime components to 
identify gap-closing strategies. In response to the second challenge, 
the working group recommended that additional analysis of the maritime 
security strategy's implementation and coordination be conducted. The 
working group also identified the need to prioritize task 
recommendations and develop an implementation plan which integrates 
tasks into the individual plans. The working group suggested addressing 
the third obstacle by evaluating the feasibility of developing 
interagency priorities or an investment strategy for efforts that are 
mutually supportive of implementing the National Strategy for Maritime 
Security. According to the working group briefing, this would require 
the incorporation of a standardized mechanism for future updates and 
the need to ensure that the strategy's oversight roles and 
responsibilities are clarified, understood, and embraced by all 
parties. 

Agency Comments: 

We provided a draft of this report to the Departments of Defense, 
Homeland Security, and State for comment. The departments had no 
official comments on the draft, but provided technical comments which 
we incorporated as appropriate. 

We are sending copies of this report to interested congressional 
committees and subcommittees. We will make copies available upon 
request. In addition, this report will be available at no cost on the 
GAO Web site at [hyperlink, http://www.gao.gov]. 

If you or your staffs have any questions about this report or wish to 
discuss the matter further, please contact me at (202) 512-9610 or 
[email protected]. Contact points for our Offices of Congressional 
Relations and Public Affairs may be found on the last page of this 
report. Key contributors to this report are listed in appendix II. 

Signed by: 

Stephen L. Caldwell, Director: 
Homeland Security and Justice Issues: 

[End of section] 

Appendix I: Objectives, Scope and Methodology: 

Our first objective was to assess the extent to which the National 
Strategy for Maritime Security and its supporting implementation plans 
contain the elements identified as desirable characteristics of an 
effective national strategy. To answer this question, we first analyzed 
the National Strategy for Maritime Security and determined whether it 
contains the desirable characteristics for an effective national 
strategy that we identified in February 2004.[Footnote 28] We also 
analyzed the unclassified versions of the strategy's eight supporting 
implementation plans to determine if they provided evidence of the 
characteristics contained within or missing from the national strategy. 
If a characteristic or an element of a characteristic was missing from 
the national strategy, our methodology required that the characteristic 
or element be present in at least five of the supporting plans for the 
characteristic to be considered "addressed." An assessment of 
"partially addressed" meant that the characteristic or element was 
present in at least one of the supporting plans. In our past work, we 
did not assess supporting plans as part of our evaluation of the 
national strategies. However, we believe it is proper to include the 
eight supporting plans in our analysis of the National Strategy for 
Maritime Security because Homeland Security Presidential Directive-13 
(HSPD-13) directed that this strategy and its supporting plans be 
produced together. Two analysts independently reviewed the strategy and 
each of the supporting plans to determine whether the National Strategy 
for Maritime Security addressed each of the characteristics of an 
effective national strategy. Any differences between each analyst's 
determinations were resolved through discussion and a comparison of 
evidence. 

Our second objective was to determine the reported status of the 
implementation of these plans. To describe the reported status of the 
implementation actions, we reviewed spreadsheets and briefing charts 
detailing the actions taken to implement the supporting plans that were 
obtained from representatives of DHS, DOD, and State who, in turn, had 
received them from the Maritime Security Working Group. We also 
conducted interviews with officials representing lead implementation 
agencies including DHS, DOD, and State, and the co-chair of the 
Maritime Security Working Group. These officials provided us with the 
same information on the actions taken to implement the supporting plans 
that we had received from the Maritime Security Working Group. We did 
not independently evaluate any of the actions reported for the 
implementation of these plans; however, we have published numerous 
reports regarding selected maritime security programs and initiatives 
that are included in the National Strategy for Maritime Security and 
its supporting plans. A list of related GAO products is included at the 
end of this report. 

We conducted this performance audit from July 2007 to June 2008 in 
accordance with generally accepted government auditing standards. Those 
standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
findings and conclusions based on our audit objectives. We believe that 
the evidence obtained provides a reasonable basis for our findings and 
conclusions based on our audit objectives. 

[End of section] 

Appendix II: GAO Contacts and Staff Acknowledgments: 

GAO Contact: 

Stephen Caldwell (202) 512-9610 or [email protected]: 

Acknowledgments: 

The report was prepared under the direction of Dawn Hoff, Assistant 
Director. Other individuals making key contributions to this report 
include Pille Anvelt, Nancy Briggs, Steve Calvo, Tony DeFrank, Wayne 
Ekblad, Geoff Hamilton, Stan Kostyla, April Thompson, and Adam Vogt. 

[End of section] 

Related GAO Products: 

Supply Chain Security: Challenges to Scanning 100 Percent of U.S. Bound 
Cargo Containers. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-
533T]. Washington, D.C.: June 12, 2008. 

Supply Chain Security: U.S. Customs and Border Protection Has Enhanced 
Its Partnership with Import Trade Sectors, but Challenges Remain in 
Verifying Security Practices. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-08-240]. Washington, D.C.: Apr. 25, 2008. 

Coast Guard: Observations on the Fiscal Year 2009 Budget, Recent 
Performance, and Related Challenges. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-08-494T]. Washington, D.C.: Mar. 6, 2008. 

Maritime Security: Coast Guard Inspections Identify and Correct 
Facility Deficiencies, but More Analysis Needed of Program's Staffing, 
Practices and Data. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-
08-12]. Washington, D.C.: Feb. 14, 2008. 

Supply Chain Security: Examination of High-Risk Cargo at Foreign 
Seaports Have Increased, but Improved Data Collection and Performance 
Measures Are Needed. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-
08-187]. Washington, D.C.: Jan. 25, 2008. 

Maritime Security: Federal Efforts Needed to Address Challenges in 
Preventing and Responding to Terrorist Attacks on Energy Commodity 
Tankers. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-141]. 
Washington, D.C.: Dec. 10, 2007. 

Transportation Security: TSA Has Made Progress in Implementing the 
Transportation Worker Identification Credential Program, but Challenges 
Remain. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-133T]. 
Washington, D.C.: Oct. 31, 2007. 

Maritime Security: The SAFE Port Act: Status and Implementation One 
Year Later. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-126T]. 
Washington, D.C.: Oct. 30, 2007. 

Department of Homeland Security: Progress Report on Implementation of 
Mission and Management Functions. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-07-454]. Washington, D.C.: Aug. 17, 2007. 

Information on Port Security in the Caribbean Basin. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-07-804R]. Washington, D.C.: June 
29, 2007. 

Homeland Security: Observations on DHS and FEMA Efforts to Prepare for 
and Respond to Major and Catastrophic Disasters and Address Related 
Recommendations and Legislation. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-07-835T]. Washington, D.C.: May 15, 2007. 

Homeland Security: Management and Programmatic Challenges Facing the 
Department of Homeland Security. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-07-833T]. Washington, D.C.: May 10, 2007. 

Maritime Security: Observations on Selected Aspects of the SAFE Port 
Act. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-754T]. 
Washington, D.C.: Apr. 26, 2007. 

International Trade: Persistent Weaknesses in the In-Bond Cargo System 
Impede Customs and Border Protection's Ability to Address Revenue, 
Trade, and Security Concerns. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-07-561]. Washington, D.C.: Apr. 17, 2007. 

Port Risk Management: Additional Federal Guidance Would Aid Ports in 
Disaster Planning and Recovery. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-07-412]. Washington, D.C.: Mar. 28, 2007. 

Maritime Security: Public Safety Consequences of a Terrorist Attack on 
a Tanker Carrying Liquefied Natural Gas Need Clarification. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-07-316]. Washington, D.C.: Feb. 
23, 2007. 

Maritime Security: Information Sharing Efforts Are Improving. 
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-933T]. Washington, 
D.C.: July 10, 2006. 

Cargo Container Inspections: Preliminary Observations on the Status of 
Efforts to Improve the Automated Targeting System. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-06-591T]. Washington, D.C.: Mar. 
30, 2006. 

Combating Nuclear Smuggling: DHS Has Made Progress Deploying Radiation 
Detection Equipment at U.S. Ports-of-Entry, but Concerns Remain. 
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-389]. Washington, 
D.C.: Mar. 22, 2006. 

Risk Management: Further Refinements Needed to Assess Risks and 
Prioritize Protective Measures at Ports and Other Critical 
Infrastructure. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-
91]. Washington, D.C.: Dec. 15, 2005. 

Homeland Security: Key Cargo Security Programs Can Be Improved. 
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-05-466T]. Washington, 
D.C.: May 26, 2005. 

Maritime Security: Enhancements Made, but Implementation and 
Sustainability Remain Key Challenges. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-05-448T]. Washington, D.C.: May 
17, 2005. 

Container Security: A Flexible Staffing Model and Minimum Equipment 
Requirements Would Improve Overseas Targeting and Inspection Efforts. 
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-05-557]. Washington, 
D.C.: Apr. 26, 2005. 

Maritime Security: New Structures Have Improved Information Sharing, 
but Security Clearance Processing Requires Further Attention. 
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-05-394]. Washington, 
D.C.: Apr. 15, 2005. 

Preventing Nuclear Smuggling: DOE Has Made Limited Progress in 
Installing Radiation Detection Equipment at Highest Priority Foreign 
Seaports. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-05-375]. 
Washington, D.C.: Mar. 31, 2005. 

Cargo Security: Partnership Program Grants Importers Reduced Scrutiny 
with Limited Assurance of Improved Security. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-05-404]. Washington, D.C.: Mar. 
11, 2005. 

Homeland Security: Agency Plans, Implementation, and Challenges 
Regarding the National Strategy for Homeland Security. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-05-33]. Washington, D.C.: Jan. 
14, 2005. 

Homeland Security: Process for Reporting Lessons Learned from Seaport 
Exercises Needs Further Attention. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-05-170]. Washington, D.C.: Jan.14, 2005. 

Port Security: Better Planning Needed to Develop and Operate Maritime 
Worker Identification Card Program. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-05-106]. Washington, D.C.: Dec. 10, 2004. 

Maritime Security: Better Planning Needed to Help Ensure an Effective 
Port Security Assessment Program. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-04-1062]. Washington, D.C.: Sep. 30, 2004. 

Maritime Security: Partnering Could Reduce Federal Costs and Facilitate 
Implementation of Automatic Vessel Identification System. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-04-868]. Washington, D.C.: July 
23, 2004. 

Maritime Security: Substantial Work Remains to Translate New Planning 
Requirements into Effective Port Security. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-04-838]. Washington, D.C.: June 
30, 2004. 

Homeland Security: Summary of Challenges Faced in Targeting Oceangoing 
Cargo Containers for Inspection. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-04-557T]. Washington, D.C.: Mar. 31, 2004. 

Homeland Security: Preliminary Observations on Efforts to Target 
Security Inspections of Cargo Containers. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-04-325T]. Washington, D.C.: Dec. 
16, 2003. 

Maritime Security: Progress Made in Implementing Maritime 
Transportation Security Act, but Concerns Remain. [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-03-1155T]. Washington, D.C.: Sep. 
9, 2003. 

Homeland Security: Efforts to Improve Information Sharing Need to Be 
Strengthened. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-03-
760]. Washington, D.C.: Aug. 27, 2003. 

Homeland Security: Challenges Facing the Department of Homeland 
Security in Balancing Its Border Security and Trade Facilitation 
Missions. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-03-902T]. 
Washington, D.C.: June 16, 2003. 

[End of section] 

Footnotes: 

[1] In Homeland Security Presidential Directive-13, Maritime Domain is 
defined as all areas and things of, on, under, relating to, adjacent 
to, or bordering on a sea, ocean, or other navigable waterway, 
including all maritime-related activities, infrastructure, people, 
cargo, and vessels and other conveyances. HSPD-13 is also known as 
National Security Presidential Directive 41. Hereafter in this report 
we will refer only to HSPD-13. 

[2] A supply chain is defined as the flow of goods from manufacturers 
to retailers. 

[3] The National Security Council is the President's principal forum 
for considering national security and foreign policy matters with his 
senior national security advisors and cabinet officials. The Council 
also serves as the President's principal arm for coordinating these 
policies among the various government agencies. The Homeland Security 
Council is the organization the President uses to ensure coordination 
of all homeland security-related activities among executive departments 
and agencies and to promote the effective development and 
implementation of all homeland security policies. 

[4] These characteristics were developed after our research found that 
there were no legislative or executive mandates identifying a uniform 
set of required or desirable characteristics for national strategies. 
For a more detailed discussion, see Combating Terrorism: Evaluation of 
Selected Characteristics in National Strategies Related to Terrorism, 
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-04-408T] (Washington, 
D.C: Feb. 3, 2004). 

[5] The seven national strategies are: (1) National Security Strategy 
of the United States, (2) National Strategy for Homeland Security, (3) 
National Strategy for Combating Terrorism, (4) National Strategy to 
Combat Weapons of Mass Destruction, (5) National Strategy for Physical 
Protection of Critical Infrastructure and Key Assets, (6) National 
Strategy to Secure Cyberspace, and (7) 2002 Money Laundering Strategy. 

[6] We only reviewed the unclassified versions of the supporting 
implementation plans. 

[7] The Maritime Security Working Group defines the four phases as (1) 
guidance (e.g., policy, strategy, doctrine, and planning); (2) planning 
(e.g., strategic planning, requirements and capabilities, operational, 
and tactical planning); (3) execution (e.g., exercises and operations); 
and (4) assessment and evaluation (e.g., lessons learned and best 
practices). These phases progress from the first to the fourth. 

[8] Maritime Transportation Security Act of 2002 (MTSA), Pub. L. No. 
107-295, 116 Stat. 2064 (2002) and the Security and Accountability For 
Every Port Act of 2006 (SAFE Port Act), Pub. L. No. 109-347, 120 Stat. 
1884 (2006). 

[9] The Maritime Security Policy Coordination Committee was directed 
to, among other things, (1) review existing interagency practices, 
coordination, and execution of U.S. maritime security policies and 
strategies; (2) recommend specific improvements to all of them as 
warranted; and (3) provide analysis of new maritime security policies, 
strategies, and initiatives for consideration by the National Security 
Council and Homeland Security Council, as well as ensure ongoing 
coordination and implementation of maritime security policies, 
strategies, and initiatives, all of which are outside the scope of this 
inquiry. 

[10] HSPD-13 directed that the strategy include all of the domestic, 
international, public, and private components of the Maritime Domain; 
that it further incorporate a global, layered security framework that 
may be adjusted based on the threat level; that it build on and 
complement current efforts and those initiated by this directive; and 
that all relevant federal agencies and departments cooperate and 
provide appropriate assistance. 

[11] The SAFE Port Act, among other things, required the Secretary of 
Homeland Security to develop a strategic plan to enhance the security 
of the international supply chain. Completed in July 2007, this 
Strategy to Enhance International Supply Chain Security establishes a 
framework for the secure flow of cargo through the supply chain by 
building on existing national strategies and programs, as well as 
protocols and guidance for resumption of trade following a 
transportation disruption or transportation security incident. The 
international supply chain, as defined in the strategy, is the end-to- 
end process for shipping goods to or from the United States beginning 
at the point of origin (including manufacturer, supplier, or vendor) 
through a point of distribution to the destination. 

[12] GAO, Department of Homeland Security: Progress Report on 
Implementation of Mission and Management Functions, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-07-454] (Washington, D.C.: Aug. 
17, 2007). Performance expectations are a composite of the 
responsibilities or functions--derived from legislation, homeland 
security presidential directives and executive orders, DHS planning 
documents, and other sources--that the department is to achieve or 
satisfy in implementing efforts in its mission and management areas. 

[13] GAO, Maritime Security: The SAFE Port Act: Status and 
Implementation One Year Later, [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-08-126T] (Washington, D.C.: Oct. 30, 2007). 

[14] See [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-04-408T]. 
This performance compares favorably to other national strategies--
including the National Security Strategy, National Strategy for the 
Physical Protection of Critical Infrastructure and Key Assets, and 2002 
National Money Laundering Strategy--evaluated against these criteria in 
this prior GAO work. 

[15] In addition to the definition of maritime domain contained in 
footnote 1, the maritime domain for the United States also includes the 
Great Lakes and all navigable inland waterways such as the Mississippi 
River and the Intra-Coastal Waterway. 

[16] These systems are defined as follows: component security refers to 
maritime vessels, vehicles, infrastructure, and cargo; interface 
security concerns the points where these components interface; 
information security concerns the maritime data systems; and network 
security concerns the broad systems like the domestic distribution 
system or the international supply chain that impact maritime security. 

[17] The National Strategy for Maritime Security discusses a variety of 
threats to maritime security including nation-state threats, terrorist 
threats, transnational criminal and piracy threats, environmental 
destruction, and illegal seaborne immigration. 

[18] The National Response Plan was superseded by the National Response 
Framework in January 2008. The framework presents the guiding 
principles that enable all response partners to prepare for and provide 
a unified national response to disasters and emergencies--from the 
smallest incident to the largest catastrophe. The Framework establishes 
a comprehensive, national, all-hazards approach to domestic incident 
response. 

[19] The National Strategy for Maritime Security identifies four 
objectives following these principles: (1) prevent terrorist attacks 
and criminal or hostile acts, (2) protect maritime-related population 
centers and critical infrastructure, (3) minimize damage and expedite 
recovery, and (4) safeguard the ocean and its resources. 

[20] According to the national strategy, the following five strategic 
actions are intended to enhance the achievement of the objectives of 
this plan: (1) enhance international cooperation, (2) maximize domain 
awareness, (3) embed security into commercial practices, (4) deploy 
layered security, and (5) assure continuity of the marine 
transportation system. These actions are the objectives of five of the 
supporting plans: International Outreach and Coordination Strategy, 
Maritime Domain Awareness, Maritime Commerce Security, Maritime 
Transportation Security System, and the Maritime Infrastructure 
Recovery Plan. 

[21] The Customs-Trade Partnership Against Terrorism (C-TPAT) is a 
voluntary program that enables CBP officials to work in partnership 
with private companies to review the security of their international 
supply chain and improve the security of their shipments to the United 
States. In return for committing to improving the security of their 
shipments by joining the program, C-TPAT members receive benefits that 
result in the likelihood of reduced scrutiny of their shipments, such 
as reduced number of inspections or shorter wait times for their 
shipments. 

[22] See GAO, Maritime Security: The SAFE Port Act: Status and 
Implementation One Year Later. [hyperlink, http://www.gao.gov/cgi-
bin/getrpt?GAO-08-126T] (Washington, D.C.: Oct. 30, 2007) and Supply 
Chain Security: Examinations of High-Risk Cargo at Foreign Seaports 
Have Increased, but Improved Data Collection and Performance Measures 
Are Needed, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-187] 
(Washington, D.C.: Jan. 25, 2008). 

[23] GAO, Maritime Security: Federal Efforts Needed to Address 
Challenges in Preventing and Responding to Terrorist Attacks on Energy 
Commodity Tankers [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-
141] (Washington, D.C.: Dec. 10, 2007). 

[24] This group, working on behalf of the Maritime Security Policy 
Coordination Committee, is currently responsible for monitoring and 
assessing implementation of actions related to the supporting plans. 

[25] Additional roles of the Maritime Security Working Group involve 
coordinating national maritime policies, serving as a working body to 
respond to questions from the Maritime Security Policy Coordination 
Committee, and developing recommendations for consideration by the 
committee. 

[26] The Maritime Security Working Group provided us a copy of a 
November 2007 briefing that contains the status of efforts to implement 
the supporting plans, a summary of key accomplishments, and the 
challenges faced. The working group also provided a spreadsheet it uses 
to track 76 actions that relate to these plans--which is discussed only 
in general terms because it is a For Official Use Only document. 

[27] See [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-454]. 

[28] For detailed information on how we developed the characteristics 
that we consider to be desirable for a national strategy and how we 
used them to evaluate the national strategies related to combating 
terrorism and homeland security, please see Appendix I of GAO-04-408T. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548: 

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: [email protected]: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, [email protected]: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, [email protected]: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: 

*** End of document. ***