This is the accessible text file for GAO report number GAO-08-487T entitled 'Transportation Security: Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation and Surface Transportation Security Programs, but More Work Remains' which was released on May 13, 2008. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Testimony before the Committee on Commerce, Science, and Transportation, U.S. Senate: United States Government Accountability Office: GAO: For Release on Delivery: Expected at 10:00 a.m. EST: Tuesday, May 13, 2008: Transportation Security: Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation and Surface Transportation Security Programs, but More Work Remains: Statement of Cathleen A. Berrick: Director, Homeland Security and Justice Issues: GAO-08-487T: GAO Highlights: Highlights of GAO-08-487T, a testimony before the U.S. Senate Committee on Commerce, Science, and Transportation. Why GAO Did This Study: Since its inception, the Transportation Security Administration (TSA) has focused much of its efforts on aviation security, and has developed and implemented a variety of programs and procedures to secure commercial aviation. More recently, TSA has taken actions to secure the nation’s surface transportation modes. TSA funding for aviation security has totaled about $26 billion since fiscal year 2004, and for surface transportation security activities, about $175 million since fiscal year 2005. This testimony focuses on TSA's efforts to secure the commercial aviation system--through passenger screening, air cargo, and watch-list matching programs--and the nation's surface transportation modes. It also addresses challenges remaining in these areas. GAO's comments are based on GAO products issued from February 2004 through April 2008 including selected updates obtained in February through April 2008. What GAO Found: DHS and TSA have undertaken numerous initiatives to strengthen the security of the nation’s transportation system, including actions to address many recommendations made by GAO. With respect to aviation security, TSA has focused its efforts on, among other things, more efficiently allocating, deploying, and managing the Transportation Security Officer (TSO) workforce—formerly known as screeners; strengthening screening procedures; developing and deploying more effective and efficient screening technologies; strengthening domestic air cargo security; and developing a government operated watch-list matching program, known as Secure Flight. For example, in response to GAO’s recommendation, TSA developed a plan to periodically review assumptions in its Staffing Allocation Model, and took steps to strengthen its evaluation of proposed procedural changes. TSA has also explored new passenger checkpoint screening technologies to better detect explosives and other threats, and has taken steps to strengthen air cargo security, including conducting compliance inspections of air carriers. Finally, TSA has instilled more discipline and rigor into Secure Flight’s systems development, including preparing key documentation and strengthening privacy protections. With regard to surface transportation security, TSA has, among other things, taken steps to develop a strategic approach for securing mass transit, passenger and freight rail, commercial vehicles, and highways; established security standards for certain transportation modes; and conducted threat, criticality, and vulnerability assessments of surface transportation assets, particularly related to passenger and freight rail. While these efforts should be commended, GAO has identified several areas that should be addressed to further strengthen transportation security. For example, TSA has made limited progress in developing and deploying checkpoint technologies due to planning and management challenges. In addition, TSA has not revised screening exemptions for air cargo transported into the United States that may leave the air cargo system unacceptably vulnerable. GAO further identified that TSA experienced some program management challenges in the development of Secure Flight, including developing cost and schedule estimates consistent with best practices; fully implementing the program’s risk management plan; developing a comprehensive testing strategy; and ensuring that information security requirements are fully implemented. In addition, DHS and TSA lack performance measures to fully evaluate the effectiveness of current processes for passengers who apply for redress due to inconveniences experienced during the check-in and screening process. GAO recently made recommendations to address these issues. Additionally, although TSA has recently taken actions in a number of areas to help secure surface modes of transportation, particularly passenger and freight rail, the agency has not fully defined its role with respect to securing other transportation modes, such as commercial vehicles and highway infrastructure. We are continuing to assess TSA’s efforts to secure surface modes of transportation as part of our ongoing work and will report on our results later this year. What GAO Recommends: GAO has made recommendations to the Department of Homeland Security (DHS) in prior reports and testimony to strengthen screening operations, air cargo security, and the implementation of the Secure Flight program. DHS generally concurred with our recommendations and has taken action to implement a number of them. To view the full product, including the scope and methodology, click on [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-487T]. For more information, contact Cathleen Berrick at (202) 512-3404 or berrickc@gao.gov. [End of section] Mr. Chairman and Members of the Committee: I appreciate the opportunity to participate in today's hearing to discuss the security of our nation's transportation system. The Transportation Security Administration (TSA) was established in 2001 with the mission to protect the transportation network while also ensuring the free movement of people and commerce. Since its inception, TSA has focused much of its efforts on aviation security, and has developed and implemented a variety of programs and procedures to secure commercial aviation. To implement these efforts, TSA funding for aviation security has totaled about $26 billion since fiscal year 2004. Other parties also play a role in securing commercial aviation, including air carriers that are responsible for screening air cargo, among other things, and the Department of Homeland Security's (DHS) Science and Technology Directorate (S&T), which is responsible for the research and development of aviation security technologies. TSA is also responsible for securing surface modes of transportation, including passenger and freight rail, mass transit, highways, commercial vehicles, and pipelines, in partnership with other federal entities, state and local governments, and the private sector. In carrying out its broader homeland security responsibilities, DHS faces the daunting challenge of determining how to allocate its finite resources within the transportation system and across all sectors to address threats and strengthen security. My testimony today focuses on TSA's efforts to ensure the security of the following key areas of commercial aviation, which represents about $4.5 billion of the President's budget request for TSA for fiscal year 2009: 1) screening operations, including transportation security officer (TSO) and private screener allocations, and checkpoint screening technologies; 2) air cargo; and, 3) passenger watch-list matching. My testimony also addresses TSA's efforts to ensure the security of the nation's surface transportation systems. In particular, I will address the numerous efforts TSA has taken or plans to take to strengthen security in these areas and the challenges that remain. My comments are based on GAO reports and testimonies issued from February 2004 through April 2008 addressing the security of the nation's commercial aviation and surface transportation systems, including the status of TSA's development of the Secure Flight program[Footnote 1] conducted in response to the Implementing Recommendations of the 9/11 Commission Act of 2007.[Footnote 2] Selected updates to this work were conducted in February through April 2008. We conducted these performance audits in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Summary: DHS and TSA have undertaken numerous initiatives to strengthen the security of the nation's commercial aviation system and surface transportation modes as well as to more effectively guide program investments, including taking steps to address many of our prior recommendations. Specifically, DHS and TSA have, among other things, developed and implemented a Staffing Allocation Model to determine TSO staffing levels at airports that reflect current operating conditions, and provided TSOs (formerly known as screeners) with additional training intended to enhance the detection of threat objects, particularly improvised explosive devices. TSA also proposed and implemented modifications to passenger checkpoint screening procedures based on risk (threat and vulnerability) information, while considering efficiency and customer service needs. TSA also explored new passenger checkpoint screening technologies to enhance the detection of explosives and other threats. Further, TSA took steps to strengthen air cargo security, such as conducting vulnerability assessments at several domestic airports, revising screening exemptions for domestic air cargo, and conducting inspections of air carriers to ensure that they are complying with existing security requirements. Finally, TSA has instilled more discipline and rigor into Secure Flight's development and implementation, including preparing key systems development documentation and strengthening privacy protections. With regard to surface transportation security, TSA has taken steps to develop a strategic approach for securing mass transit, passenger and freight rail, commercial vehicles, and highways; establish security standards for certain transportation modes; and conduct threat, criticality, and vulnerability assessments of surface transportation assets, particularly passenger and freight rail. TSA also hired and deployed compliance inspectors and conducted inspections of passenger and freight rail systems, and DHS developed and administered grant programs for various surface transportation modes. While these efforts should be commended, we have reported on several areas in which TSA could do more to strengthen transportation security. For example, in our previous work, we reported that some assumptions used in TSA's Staffing Allocation Model did not accurately reflect airport operating conditions. We recommended that TSA establish a formal, documented plan for reviewing all of the model assumptions on a periodic basis. TSA agreed with our recommendation and, in December 2007, developed a Staffing Allocation Model Rates and Assumption Validation Plan that the agency will use to review and validate model assumptions. In addition, we reported that TSA could improve its process for evaluating the effectiveness of proposed changes to passenger screening procedures before implementing them nationwide. DHS generally agreed with our findings and recommendations, and TSA has taken some steps to implement them. We also testified that limited progress has been made in developing and deploying checkpoint technologies due to planning and management challenges. With respect to air cargo, we reported that TSA has not yet developed an inspection plan that includes performance goals and measures to determine the extent to which air carriers transporting cargo into the United States are complying with security requirements. Moreover, while TSA has made considerable progress in the development and implementation of Secure Flight, it has not fully addressed program management issues related to developing cost and schedule estimates consistent with best practices, fully implementing its risk management plan, developing a comprehensive testing strategy, and ensuring that information security requirements are fully implemented. With regard to surface transportation security, TSA has initiated efforts to develop security standards for passenger and freight rail, but has not yet determined its regulatory role with respect to other surface modes of transportation. Moreover, although TSA has made progress in conducting compliance inspections of some surface transportation systems, inspectors' roles and missions have not been fully defined. In addition to the recommendations discussed above, we have made other recommendations to strengthen passenger screening operations, air cargo security, and the implementation of the Secure Flight program. DHS and TSA generally agreed with our recommendations and have taken action to implement a number of them. Background: The Aviation and Transportation Security Act (ATSA), enacted in November 2001, created TSA and gave it responsibility for securing all modes of transportation.[Footnote 3] As part of this responsibility, TSA oversees security operations at the nation's more than 400 commercial airports, including establishing requirements for passenger and checked baggage screening and ensuring the security of air cargo transported to, from, and within the United States. TSA has operational responsibility for conducting passenger and checked baggage screening at most airports, and has regulatory, or oversight, responsibility, for air carriers who conduct air cargo screening. While TSA took over responsibility for passenger checkpoint and baggage screening, air carriers have continued to conduct passenger watch-list matching in accordance with TSA requirements, which includes the process of matching passenger information against federal watch-list data before flights depart. TSA is currently developing a program to take over this responsibility from air carriers for passengers on domestic flights, and plans to assume from the U.S. Customs and Border Protection (CBP) the pre-departure name-matching function for passengers on international flights traveling to or from the United States. According to DHS's budget execution reports and TSA's congressional budget justifications, TSA received appropriations for aviation security that total about $26 billion since fiscal year 2004.[Footnote 4] During fiscal year 2004--the first year for which data were available--TSA received about $3.9 billion for aviation security programs, and during fiscal year 2008, received about $6.1 billion. The President's budget request for fiscal year 2009 includes about $6.0 billion to continue TSA's aviation security activities. This total includes about $5.3 billion specifically designated for aviation security and about $0.76 billion for aviation-security related programs, such as Secure Flight, and mandatory fee accounts, such as the Aviation Security Capital Fund. Figure 1 identifies reported aviation security funding for fiscal years 2004 through 2008. Figure 1: TSA's Reported Aviation Security Funding for Fiscal Years 2004 through 2008 (as reported by TSA, dollars in billions): [See PDF for image] This figure is a stacked bar graph depicting the following data: Fiscal year: 2004[A]; Designated funding for aviation security: $3.7 billion; Funding for programs, projects and activities (PPAs) related to aviation security[C]: $0.2 billion. Fiscal year: 2005[A]; Designated funding for aviation security: $4.3 billion; Funding for programs, projects and activities (PPAs) related to aviation security[C]: $0.4 billion. Fiscal year: 2006[B]; Designated funding for aviation security: $4.6 billion; Funding for programs, projects and activities (PPAs) related to aviation security[C]: $1.0 billion. Fiscal year: 2007[B]; Designated funding for aviation security: $4.8 billion; Funding for programs, projects and activities (PPAs) related to aviation security[C]: $0.8 billion. Fiscal year: 2008[B]; Designated funding for aviation security: $4.8 billion; Funding for programs, projects and activities (PPAs) related to aviation security[C]: $1.3 billion. Source: GAO analysis of TSA budget execution reports for fiscal years 2004 to 2007 and TSA’s Congressional Budget Justification for fiscal year 2009. Note: We used the September 30th budget execution reports for our analysis of TSA funding for fiscal years 2004 through 2006. For fiscal years 2007 and 2008, we used TSA's fiscal year 2009 congressional budget justification. According to the budget execution reports and congressional budget justification, figures presented include all rescissions and supplemental funding for the fiscal years. [A] Fiscal years 2004 and 2005 include approximately $330 million in research and development funding for aviation security. Beginning in fiscal year 2006, research and development funding was consolidated within DHS S&T. Therefore, this funding, as reflected in TSA's budget documentation, is not included as part of TSA's appropriation from fiscal year 2006 forward. [B] Fiscal years 2006, 2007, and 2008 include approximately $680 million, $720 million, and $770 million respectively, in funding for the Federal Air Marshals Service, which was transferred back to TSA from U.S. Immigration and Customs Enforcement in October 2005. Federal Air Marshal Service funding is included within totals for related aviation security programs, projects, and activities for fiscal years 2006, 2007, and 2008. [C] Funding for aviation security-related programs, projects, and activities is reported separately. However, TSA designated funds from other programs, projects, and activities to aviation security as well, which represents the unshaded areas. [End of figure] TSA is also responsible for securing surface modes of transportation, including passenger and freight rail, mass transit, highways, commercial vehicles, and pipelines, in partnership with other federal entities, state and local governments, and the private sector. According to TSA congressional budget justifications, TSA received appropriations for surface transportation security that totaled about $175 million since fiscal year 2005. During fiscal year 2005--the first year for which data were available--TSA received about $36 million for surface transportation security programs. TSA further received $52 million during fiscal year 2006, $41 million during fiscal year 2007, and $47 million during fiscal year 2008 for securing surface modes of transportation. The President's budget request for fiscal year 2009 includes about $37 million, about $10 million less than last year's appropriation, to continue TSA's surface transportation security activities, including conducting compliance inspections, developing best practices and standards, assessing security vulnerabilities, establishing baseline data against which to evaluate minimum-security standards, and providing domain awareness training. Airline Passenger and Checked Baggage Screening: One of the most significant changes mandated by ATSA was the shift from the use of private-sector screeners to perform airport screening operations to the use of federal screeners (now referred to as TSOs). Prior to ATSA, passenger and checked baggage screening had been performed by private screening companies under contract to airlines. ATSA established TSA and required it to create a federal workforce to assume the job of conducting passenger and checked baggage screening at commercial airports. The federal screener workforce was put into place, as required, by November 2002.[Footnote 5] Passenger screening is a process by which personnel authorized by TSA inspect individuals and property to deter and prevent the carriage of any unauthorized explosive, incendiary, weapon, or other dangerous item into a sterile area or onboard an aircraft.[Footnote 6] Passenger screening personnel must inspect individuals for prohibited items at designated screening locations. The four passenger screening functions are X-ray screening of property, walk-through metal detector screening of individuals, hand-wand or pat-down screening of individuals, and physical search of property and trace detection for explosives. Typically, passengers are only subjected to X-ray screening of their carry-on items and screening by the walk-through metal detector. Passengers whose carry-on baggage alarms the X-ray machine, who alarm the walk-through metal detector, or who are designated as selectees-- that is, passengers selected by the Computer Assisted Passenger Pre- Screening System (CAPPS) or other TSA-approved processes to designate passengers for additional screening--are screened by hand-wand or pat- down and have their carry-on items either screened for explosives traces or physically searched[Footnote 7].: Checked baggage screening is a process by which authorized security screening personnel inspect checked baggage to deter, detect, and prevent the carriage of any unauthorized explosive, incendiary, or weapon onboard an aircraft. Checked baggage screening is accomplished through the use of explosive detection systems[Footnote 8] or explosive trace detection systems,[Footnote 9] and through the use of approved alternative means, such as manual searches and canine teams when the explosive detection or explosive trace detection systems are unavailable. The passenger and checked baggage screening systems are composed of three elements: the people (TSOs) responsible for conducting the screening of airline passengers and their carry-on items and checked baggage, the technology used during the screening process, and the procedures TSOs are to follow to conduct screening. Collectively, these elements help to determine the effectiveness and efficiency of passenger and checked baggage screening operations. Air Cargo Security: Air cargo ranges in size from one pound to several tons, and in type from perishables to machinery, and can include items such as electronic equipment, automobile parts, clothing, medical supplies, other dry goods, fresh cut flowers, fresh seafood, fresh produce, tropical fish, and human remains. Cargo can be shipped in various forms, including large containers known as unit loading devices that allow many packages to be consolidated into one container that can be loaded onto an aircraft, wooden crates, assembled pallets, or individually wrapped/ boxed pieces, known as break bulk cargo. TSA's responsibilities for securing air cargo include, among other things, establishing security rules and regulations governing domestic and foreign passenger air carriers that transport cargo, domestic and foreign all-cargo carriers that transport cargo, and domestic indirect air carriers. TSA is also responsible for overseeing the implementation of air cargo security requirements by air carriers and indirect air carriers through compliance inspections, and, in coordination with DHS's S&T Director, for conducting research and development of air cargo security technologies. Air carriers (passenger and all-cargo) are responsible for implementing TSA security requirements, predominantly through a TSA-approved security program that describes the security policies, procedures, and systems the air carrier will implement and maintain in order to comply with TSA security requirements. Air carriers must also abide by security requirements issued by TSA through security directives or emergency amendments to air carrier security programs. Air carriers use several methods and technologies to screen domestic and inbound air cargo.[Footnote 10] These include manual physical searches and comparisons between airway bills and cargo contents to ensure that the contents of the cargo shipment matches the cargo identified in documents filed by the shipper, as well as using approved technology, such as X-ray systems, explosive trace detection systems, decompression chambers, explosive detection systems, and certified explosive detection canine teams.[Footnote 11] Under TSA's security requirements for domestic and inbound air cargo, passenger air carriers are currently required to randomly screen a specific percentage of non exempt air cargo pieces listed on each airway bill. All-cargo carriers are required to screen 100 percent of air cargo that exceeds a specific weight threshold. As of October 2006, domestic indirect air carriers are also required, under certain conditions, to screen a certain percentage of air cargo prior to its consolidation. TSA, however, does not regulate foreign freight forwarders, or individuals or businesses that have their cargo shipped by air to the United States. Under the Implementing Recommendations of the 9/11 Commission Act of 2007, DHS is required to implement a system to screen 50 percent of air cargo transported on passenger aircraft by February 2009, and 100 percent of such cargo by August 2010.[Footnote 12] Airline Passenger Watch-List Matching: The prescreening of airline passengers who may pose a security risk before they board an aircraft is one of many layers of security intended to strengthen commercial aviation. One component of prescreening is passenger watch-list matching--or the process of matching passenger information against the No-Fly and Selectee lists to identify passengers who should be denied boarding or who should undergo additional security scrutiny.[Footnote 13] Aircraft operators are currently responsible for checking passenger information against the No-Fly and Selectee lists to identify passengers who should be denied boarding or who should undergo additional security scrutiny. To further enhance commercial aviation security and in accordance with the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA), TSA is developing a program to assume from air carriers the function of matching passenger information against government-supplied terrorist watch-lists for domestic flights.[Footnote 14] Secure Flight is the program through which TSA plans to meet this requirement. Following domestic implementation, TSA, through Secure Flight, plans to assume responsibility from CBP for watch-list matching of passengers on international flights bound to and from the United States. Secure Flight's mission is to enhance the security of commercial air travel by: * eliminating inconsistencies in current air carrier watch-list matching procedures, * reducing the number of individuals who are misidentified as being on the No Fly or Selectee list, * reducing the risk of unauthorized disclosure of sensitive watch-list information, and: * integrating the redress process so that individuals are less likely to be improperly or unfairly delayed or prohibited from boarding an aircraft. TSA plans to implement Secure Flight in three releases. During Release One, completed in March 2008, TSA developed and tested the Secure Flight system. During Release Two, scheduled to be conducted from April 2008 through August 2008, TSA plans to begin parallel testing with air carriers during which both Secure Flight and air carriers will perform watch-list matching. Finally, during Release Three, TSA is to develop the capability for "airline cutovers" during which Secure Flight plans to begin conducting all watch-list matching for domestic air passengers. Release Three is scheduled to begin in September 2008. Domestic cutovers are expected to begin in January 2009 and be completed in July 2009. TSA plans to assume from CBP watch-list matching for flights departing from and to the United States some time after domestic cutovers are completed. Over the last 5 years, we have reported that the Secure Flight program (and its predecessor CAPPS II) had not met key milestones or finalized its goals, objectives, and requirements, and faced significant development and implementation challenges.[Footnote 15] Acknowledging the challenges it faced with the program, TSA suspended the development of Secure Flight and initiated a reassessment, or re-baselining, of the program in February 2006, which was completed in January 2007. We were mandated by the Implementing Recommendations of the 9/11 Commission Act of 2007 to assess various aspects of Secure Flight's development and implementation.[Footnote 16] In accordance with the act, we reviewed (1) TSA's efforts to develop reliable cost and schedule estimates for Secure Flight; (2) progress made by TSA in developing and implementing the Secure Flight system, including the implementation of security controls; (3) TSA's efforts to coordinate with CBP to integrate Secure Flight with CBP's watch-list matching function for international flights; (4) TSA's plans to protect private passenger information under Secure Flight; and (5) DHS's efforts to assess the effectiveness of the current redress process for passengers misidentified as being on or wrongly assigned to the No Fly or Selectee list.[Footnote 17] TSA's available funding for the Secure Flight program during fiscal year 2007 was $32.5 million.[Footnote 18] In fiscal year 2008, TSA received $50 million and requested a transfer of an additional $24 million to the program under statutory authority, making as much as $74 million available for the program in fiscal year 2008.[Footnote 19] For fiscal year 2009, TSA has requested $82 million in funding to allow the agency to continue development and implementation of the Secure Flight program and the full assumption of the watch-list matching function in fiscal year 2010. Surface Transportation Security: TSA shares responsibility for securing surface transportation modes with federal, state, and local governments and the private sector. TSA's security mission includes establishing security standards and conducting assessments and inspections of surface transportation modes, including passenger and freight rail; mass transit; highways and commercial vehicles; and pipelines. The Federal Emergency Management Agency's Grant Programs Directorate provides grant funding to surface transportation operators and state and local governments, and the National Protection and Programs Directorate, in conjunction with the grant allocation process, conducts risk assessments of surface transportation facilities. Within the Department of Transportation (DOT), the Federal Transit Administration (FTA) and Federal Railroad Administration (FRA) have responsibilities for establishing standards for passenger rail safety and security. In addition, public and private sector transportation operators are responsible for implementing security measures for their systems. TSA Has Made Significant Enhancements to Its Passenger Screening Operations, but Can Further Strengthen Its Efforts: TSA has taken significant steps to strengthen the three key elements of the screening system--people (TSOs and private screeners), screening procedures, and technology--but has faced management, planning, and funding challenges. For example, TSA developed a Staffing Allocation Model to determine TSO staffing levels at airports that reflect current operating conditions, and implemented several initiatives intended to enhance the detection of threat objects, particularly improvised explosives. We reported that TSA also proposed modifications to passenger checkpoint screening procedures based on risk (threat and vulnerability information), among other factors, but could do more evaluation of proposed procedures before they are implemented to help ensure that they achieve their intended results. Finally, TSA is exploring new technologies to enhance the detection of explosives and other threats, but continues to face management and funding challenges in developing and fielding technologies at airport checkpoints. Of the approximately $6.0 billion requested for aviation security in the President's fiscal year 2009 budget request, about $4.0 billion, or approximately 66 percent, is for passenger and checked baggage screening. This includes approximately $3.9 billion to support passenger and checked baggage screening operations, such as TSO salaries and training, and about $154 million for the procurement and installation of checked baggage explosive detection systems. [Footnote 20] TSA Has Efforts Under Way to Strengthen the Allocation of Its TSO Workforce: TSA has implemented several efforts intended to strengthen the allocation of its TSO workforce. We reported in February 2004 that staffing shortages and TSA's hiring process had hindered the ability of some Federal Security Directors (FSD)--the ranking TSA authorities responsible for leading and coordinating security activities at airports--to provide sufficient resources to staff screening checkpoints and oversee screening operations at their checkpoints without using additional measures such as overtime.[Footnote 21] Since that time, TSA has developed a Staffing Allocation Model to determine TSO staffing levels at airports. [Footnote 22] In August 2005, TSA determined that the Staffing Allocation Model contained complete and accurate information on each airport from which to estimate staffing needs, and the agency used the model to identify TSO allocations for each airport. FSDs we interviewed during 2006 as part of our review of TSA's staffing model generally reported that the model is a more accurate predictor of staffing needs than TSA's prior staffing model. However, FSDs expressed the following concerns about assumptions used in the fiscal year 2006 model: * the model assumed that airports could achieve a 20 percent part-time TSO level, even though it was difficult for airports to achieve this; * the model did not specifically account for the recurrent training requirement for TSOs of 3 hours per week averaged over a fiscal year quarter; and: * the model did not account for TSO's time away from screening to perform operational support duties. To help ensure that TSOs are effectively utilized, we recommended that TSA establish a policy for when TSOs can be used to provide operational support. Consistent with our recommendation, in March 2007, TSA issued a management directive that provides guidance on assigning TSOs, through detail or permanent promotion, to duties of another position for a specified period of time. Further, in response to FSDs' input and the various mechanisms TSA had implemented to monitor the sufficiency of the model's allocation outputs, TSA made changes to some assumptions in the Staffing Allocation Model for fiscal year 2007, including assumptions related to part-time TSOs, training, and operational support to address the issues identified above. In our February 2007 report, we recommended that TSA establish a formal, documented plan for reviewing all of the model assumptions on a periodic basis to ensure that the assumptions result in TSO staffing allocations that accurately reflect operating conditions that may change over time. TSA agreed with our recommendation and, in December 2007, developed a Staffing Allocation Model Rates and Assumptions Validation Plan. The plan identifies the process TSA will use to review and validate the model's assumptions on a periodic basis. Although we did not independently review TSA's staffing allocation for fiscal year 2008, the TSA fiscal year 2009 budget justification identified that the agency has achieved operational and efficiency gains that enabled them to implement or expand several workforce initiatives involving TSOs, which are summarized in table 1. For example, TSA reported making several changes to the fiscal year 2008 Staffing Allocation Model, such as decreasing the allocation for time paid not worked (annual, sick, and military leave; compensatory time; and injury time off) based on past performance data. TSA also reported revising the exit lane staffing based on each checkpoint's unique operating hours rather than staffing all exit lanes based on the maximum open hours for any checkpoint at an airport. Table 1: TSA Workforce Initiatives Involving Transportation Security Officers (TSOs): Workforce initiative: Travel document checker; Description of initiative: TSA implemented the travel document checker initiative at over 250 smaller airports during fiscal year 2007. According to the TSA fiscal year 2009 budget justification, through savings realized through adjustments in the fiscal year 2008 Staffing Allocation Model, TSA was able to fund 1,033 additional full-time- equivalent TSOs for the travel document checker initiative. This program is intended to ensure that only passengers with authentic travel documents access the sterile areas of airports and board aircraft. TSA's budget justification identifies that in fiscal year 2007 the agency implemented this program at over 340 of the 450 airports with federal TSOs. Workforce initiative: Behavior detection officers; Description of initiative: TSA completed its planned deployment of the behavior detection officer program. These officers screen passengers by observation technique (also known as SPOT) to identify potentially high- risk passengers based on involuntary physical and physiological reactions. During fiscal year 2007, 643 behavior detection officers were deployed at 42 airports. Workforce initiative: Bomb appraisal officers; Description of initiative: TSA completed the planned deployment of the Bomb Appraisal Officer program. These officers, who have undergone training in the disposal of explosives, provide formal training to TSOs to increase their ability to recognize potential improvised explosive devices and components. The Bomb Appraisal Officer Program was formally implemented at 107 airports during fiscal year 2007. Workforce initiative: Visible Intermodal Protection and Response Teams; Description of initiative: According to TSA, the agency deployed Visible Intermodal Protection and Response Teams to airports around the country. These teams--comprised of TSOs, behavior detection officers and other aviation security employees--are responsible for screening passengers, looking for suspicious behavior, and acting as a visible deterrent in multiple transportation sectors, including buses, mass transit stations, and airports. TSA's budget justification identified that as of February 2008, TSA had deployed over 100 Visible Intermodal Protection and Response Teams to airports and mass transit systems around the country. Workforce initiative: Aviation Direct Access Screening Program; Description of initiative: The Aviation Direct Access Screening Program is intended to provide uniform procedures and standards for TSOs to screen individuals, their accessible property, and vehicles upon entering secure airport areas, and conduct visual inspections of aircraft. Under this program, TSOs are to screen aviation workers and inspect for the presence of explosives, incendiaries, weapons, and other prohibited items, improper airport identification media, and items identified through specific intelligence. In March 2007, TSA required Federal Security Directors to implement the Aviation Direct Screening Program at each of their assigned airports. Source: TSA Fiscal Year 2009 budget justification. [End of table] TSA's fiscal year 2009 budget justification includes $2.7 billion for the federal TSO workforce, and represents an increase of about $80 million over fiscal year 2008 funding. Of the $80 million increase, about $38 million is for cost of living adjustments, and about $42 million is for the annualization of the full-year cost of the Behavior Detection Officer and Aviation Direct Access Screening Program positions. According to DHS' budget justification, the $2.7 billion includes funding for compensation and benefits of 45,643 full-time equivalent personnel--approximately 46,909 TSOs and about 1,100 screening managers.[Footnote 23] Table 2 identifies the total TSO and screening manager full-time equivalents and the funding levels for fiscal years 2005 through 2008, as reported by TSA. Table 2: Passenger and Checked Baggage TSO and Screening Manager Full- time Equivalents and Actual Spending for TSO Personnel, Compensation, and Benefits, by Fiscal Year: Total TSOs and screening managers at airports nationwide: Fiscal year: FY 2005: 45,690; Fiscal year: FY 2006: 42,187; Fiscal year: FY 2007: 42,592; Fiscal year: FY 2008[A]: 45,438. Fiscal year: Actual spending (dollars in thousands): Fiscal year: FY 2005: $2,291,572; Fiscal year: FY 2006: $2,251,503; Fiscal year: FY 2007: $2,444,455; Fiscal year: FY 2008[A]: $2,636,104. Source: TSA. [A] Fiscal year 2008 figures represent TSA's budget in accordance with funds appropriated through Division E of the Consolidated Appropriations Act, 2008. [End of table] TSA Has Taken Steps to Strengthen Passenger Screening Procedures, but Could Improve Its Evaluation and Documentation of Proposed Procedures: In addition to TSA's efforts to strengthen the allocation of its TSO workforce, TSA has taken steps to strengthen passenger checkpoint screening procedures to enhance the detection of prohibited items. However, we have identified areas where TSA could improve its evaluation and documentation of proposed procedures. In April 2007, we reported that TSA officials considered modifications to its standard operating procedures (SOP) based on risk information (threat and vulnerability information), daily experiences of staff working at airports, and complaints and concerns raised by the traveling public.[Footnote 24] We further reported that for more significant SOP modifications, TSA first tested the proposed modifications at selected airports to help determine whether the changes would achieve their intended purpose, as well as to assess its impact on screening operations. However, we reported that TSA's data collection and analyses could be improved to help TSA determine whether proposed procedures that are operationally tested would achieve their intended purpose. We also found that TSA's documentation on proposed modifications to screening procedures was not complete. We recommended that TSA develop sound evaluation methods, when possible, to assess whether proposed screening changes would achieve their intended purpose and generate and maintain documentation on proposed screening changes that are deemed significant. DHS generally agreed with our recommendations and TSA has taken steps to implement them. For example, for several proposed SOP changes considered during the fall of 2007, TSA provided documentation that identified the sources of the proposed changes and the reasons why the agency decided to accept or reject the proposed changes. Once proposed SOP changes have been implemented, it is important that TSA have a mechanism in place to ensure that TSOs are complying with established procedures. In our April 2007 report, we identified that TSA monitors TSO compliance with passenger checkpoint screening SOPs through its performance accountability and standards system--which was implemented in response to a recommendation by us in 2003[Footnote 25] and in response to airport staff concerns--and through local and national covert testing. We further reported that some TSA airport officials have experienced resource challenges in implementing these compliance monitoring efforts. TSA headquarters officials stated that they were taking steps, such as automating the performance accountability and standards system data entry functions, to address this challenge. Since then, TSA has also implemented a new local covert testing program nationwide, known as the Aviation Screening Assessment Program. This program is intended to measure TSO performance using realistic and standardized test scenarios to achieve a national TSO assessment measurement. TSA plans to use these test results to identify vulnerabilities across screening operations and to provide recommendations for addressing the vulnerabilities to various stakeholders within TSA. DHS and TSA Are Pursuing New Checkpoint Technologies to Enhance the Detection of Explosives and Other Threats, but Continue to Face Challenges: We reported in February 2007[Footnote 26] that S&T and TSA[Footnote 27] were exploring new passenger checkpoint screening technologies to enhance the detection of explosives and other threats. However, we found that limited progress had been made in fielding explosives detection technology at passenger screening checkpoints, in part due to challenges S&T and TSA faced in coordinating research and development efforts. TSA requested $103.2 million in its fiscal year 2009 budget request for checkpoint technology and checkpoint reconfiguration. Among other things, TSA plans to procure and deploy Advanced Technology Systems to further extend explosives and prohibited item detection coverage at category X and I checkpoints. The President's budget request also identifies that TSA may purchase Whole Body Imagers, Bottled Liquids Scanners, Cast and Prosthesis Imagers, shoe scanner systems, technology integration solutions, and additional units or upgrades to legacy equipment, among other technologies. TSA further requested $11.5 million to support the optimization and reconfiguration of additional checkpoint lanes to accommodate anticipated airport growth and maintain throughput at the busiest airport checkpoints. Of the various emerging checkpoint screening projects funded by TSA and S&T, the explosive trace portal and the bottled liquids scanning device have been deployed to airport checkpoints, and a number of additional projects have initiated procurements or are being researched and developed. [Footnote 28] Table 3 provides a description of passenger checkpoint screening technologies that have been deployed as well as technologies that have initiated procurements or are in research and development. This list of technologies is limited to those for which TSA could provide documentation. TSA is planning to develop and deploy additional technologies. We are continuing to assess TSA's deployment of new checkpoint screening technologies in our ongoing work and expect to report on the results of this work later this year. Table 3: Description of Passenger Checkpoint Screening Technologies Deployed, Procured, or in Research and Development as of January 2008: Technology: Explosives trace portals; Description: Detects trace amounts of explosives on persons (will reduce the size of the current explosives trace portals at checkpoints); Status: TSA initiated deployment of 95 portals to airports. However, in June 2006, TSA halted the acquisition and deployment of the portals due to performance and maintenance issues. Currently, 114 portals are in storage, which were purchased at a total cost of over $20 million. Technology: Bottled liquids scanners; Description: Screens for liquid explosives; Status: During fiscal year 2007, TSA procured 200 units. One hundred and forty three units have been deployed to airports. For fiscal year 2008, TSA plans to procure 700 units. Technology: Cast and prosthesis scanners; Description: Provides a 2-dimensional image of the area beneath a cast or inside a prosthetic device; Status: TSA procured 34 units during fiscal year 2007 and expects delivery of the first unit in February 2008. TSA plans to deploy this technology to airports during 2008. Technology: Advanced Technology Systems; Description: TSA plans to replace the Threat Image Projection Ready X- ray machines currently used at category X airports with Advanced Technology Systems that are intended to improve detection capability and performance; Status: During 2007, testing was conducted on this technology, including operational testing at four airports. TSA procured 250 units during fiscal year 2007, and plans to procure 677 units and deploy 429 units during fiscal year 2008. Technology: Checkpoint explosives detection systems; Description: Creates a three dimensional image of bags to detect explosives and other nonmetallic items; Status: This technology is currently undergoing various types of testing, including operational testing. During fiscal year 2007, TSA procured 20 units to be deployed starting in 2008. Technology: Whole body imagers; Description: Provides two-dimensional, full-body images of all items on a passenger's body, including plastic explosives and concealed metallic, non-metallic, and ceramic or plastic objects; Status: TSA is conducting operational pilot testing of the whole body imager at one airport. If the testing is successful, TSA plans to procure and deploy the first units to airports during 2008. Source: TSA. [End of table] Despite TSA's efforts to develop passenger checkpoint screening technologies, we reported that limited progress has been made in fielding explosives detection technology at airport checkpoints. For example, we reported that TSA had anticipated that the explosives trace portals would be in operation throughout the country during fiscal year 2007. However, due to performance and maintenance issues, TSA halted the acquisition and deployment of the portals in June 2006. As a result, TSA has fielded less than 25 percent of the 434 portals it projected it would deploy by fiscal year 2007. TSA officials are considering what to do with the portals that were procured and are currently in storage. In addition to the portals, TSA has fallen behind in its projected acquisition of other emerging screening technologies. For example, we reported that the acquisition of 91 Whole Body Imagers was previously delayed in part because TSA needed to develop a means to protect the privacy of passengers screened by this technology. While TSA and DHS have taken steps to coordinate the research, development, and deployment of checkpoint technologies, we reported in February 2007 that challenges remained. For example, TSA and S&T officials stated that they encountered difficulties in coordinating research and development efforts due to reorganizations within TSA and S&T. A senior TSA official further stated at the time that, while TSA and the DHS S&T have executed a memorandum of understanding to establish the services that the Transportation Security Laboratory is to provide to TSA, coordination with S&T remained a challenge because the organizations had not fully implemented the terms of the agreement. Since our February 2007 testimony, according to TSA and S&T, coordination between them has improved. We also reported that TSA did not have a strategic plan to guide its efforts to acquire and deploy screening technologies, and that a lack of a strategic plan or approach could limit TSA's ability to deploy emerging technologies at those airport locations deemed at highest risk. The Consolidated Appropriations Act, 2008, provides that, of TSA's appropriated funds for Transportation Security Support, $10,000,000 may not be obligated until the Secretary of Homeland Security submits to the House and Senate Committees on Appropriations detailed expenditure plans for checkpoint support and explosive detection systems refurbishment, procurement, and installation on an airport-by-airport basis for fiscal year 2008, along with the strategic plan for checkpoint technologies previously requested by the committees no later than 60 days after the date of enactment of the Act (enacted December 26, 2007). According to TSA officials, they currently plan to submit the strategic plan to Congress by June 2008. We will continue to evaluate S&T's and TSA's efforts to research, develop and deploy checkpoint screening technologies as part of our ongoing review. TSA Has Taken Action to Strengthen Air Cargo Security, but Additional Efforts Are Needed: TSA has taken steps to enhance domestic and inbound air cargo security, but more work remains to strengthen this area of aviation security. For example, TSA has issued an Air Cargo Strategic Plan that focused on securing the domestic air cargo supply chain. However, in April 2007, we reported that this plan did not include goals and objectives for addressing the security of inbound air cargo, or cargo transported into the United States from a foreign location, which presents different security challenges than cargo transported domestically.[Footnote 29] We also reported that TSA had not conducted vulnerability assessments to identify the range of security weaknesses that could be exploited by terrorists related to air cargo operations. In addition, we also reported that TSA had established requirements for air carriers to randomly screen air cargo, but had exempted some domestic and inbound cargo from screening. With respect to inbound air cargo, we reported that TSA lacked an inspection plan with performance goals and measures for its inspection efforts, and recommended that TSA develop such a plan. Finally, TSA is taking steps to compile and analyze information on air cargo security practices used abroad to identify those that may strengthen DHS's overall air cargo security program, as we recommended. For fiscal year 2009, the President's budget includes a request of about $104 million for TSA's air cargo security program. Specifically; TSA is requesting $52 million for 460 air cargo inspectors, $33.5 million for 170 canine teams, and $2.8 million for the Certified Cargo Screening Program.[Footnote 30] We issued two reports that examined TSA's efforts to secure domestic air cargo and inbound air cargo.[Footnote 31] Table 4 summarizes our key findings, recommendations, and TSA's response. Table 4: Key GAO Recommendations Related to Air Cargo Security and TSA's Response[Footnote 32]: Identified Issue: Air Cargo Strategic Plan did not include goals and objectives for addressing the security of air cargo transported into the United States from another country; Recommendation: DHS develop a risk-based strategy to address inbound air cargo security that should define TSA's and CBP's responsibilities for ensuring the security of inbound air cargo; Status: CBP issued its International Air Cargo Security Strategic Plan in June 2007. According to TSA officials, the agency plans to revise its Air Cargo Strategic Plan during the third quarter of fiscal year 2008, and will incorporate a strategy for addressing inbound air cargo security, including how the agency will partner with CBP. TSA reported that the updated strategic plan will also incorporate the requirement that TSA develop a system to screen 100 percent of air cargo prior to its transport on passenger aircraft as required by the Implementing Recommendations of the 9/11 Commission Act of 2007. Identified Issue: TSA had not conducted vulnerability assessments to identify the range of security weaknesses that could be exploited by terrorists related to air cargo operations; Recommendation: TSA develop a methodology and schedule for completing these assessments; Status: TSA implemented an Air Cargo Vulnerability Assessment program in November 2006 and, as of April 2008, had completed vulnerability assessments at five domestic airports. TSA plans to complete assessments of all Category X airports by 2009. Officials stated that the results of these assessments will assist the agency with its efforts to collaborate with foreign governments to conduct joint assessments at foreign airports that will include a review of air cargo vulnerabilities. Identified Issue: TSA established requirements for air carriers to randomly screen air cargo, but exempted some domestic and inbound cargo from screening; Recommendation: TSA examine the rationale for existing domestic and inbound air cargo screening exemptions and determine whether such exemptions left the air cargo system unacceptably vulnerable; Status: TSA issued a security directive and emergency amendment in July 2007 to domestic and foreign air carriers operating within and from the United States that limited the screening exemptions; however, these did not apply to inbound air cargo. The Implementing Recommendations of the 9/11 Commission Act of 2007 requires DHS to conduct an assessment of screening exemptions granted under 49 U.S.C. § 44901(i)(1) for cargo transported on passenger aircraft and an analysis to assess the risk of maintaining such exemptions. TSA's assessment, issued in February 2008, includes the agency's plans to maintain, revise, or eliminate screening exemptions for particular cargo types transported on passenger aircraft departing from both domestic and foreign locations. GAO is required to review the methodology used in this assessment and report back to Congress by June 24, 2008, 120 after its issuance. Identified Issue: TSA had not developed measures to assess the adequacy of air carrier compliance with air cargo security requirements, or assessed the results of its domestic compliance inspections to target higher-risk air carriers or indirect air carriers for future reviews; Recommendation: TSA systematically analyze compliance inspection results and use the results to target future inspections; Status: TSA has increased the number of inspectors dedicated to conducting domestic air cargo compliance inspections, and has begun analyzing the results of these inspections to prioritize their inspections on those entities that have the highest rates of noncompliance, as well as newly approved entities that have yet to be inspected. Identified Issue: TSA lacked an inbound air cargo compliance inspection plan with performance goals and measures for its inspection efforts; Recommendation: TSA develop such a plan; Status: TSA officials stated that the agency formed an International Cargo Working Group to develop inspection prompts to guide inspectors in their examinations of foreign and U.S. air cargo operators departing from foreign locations to the United States. Identified Issue: GAO identified foreign security practices that are currently not used by TSA but that potentially could help strengthen the security of inbound and domestic air cargo supply chains. TSA did not systematically collect information on such practices; Recommendation: TSA compile and analyze information on air cargo security practices used abroad to identify those that may strengthen DHS's overall air cargo security program; Status: TSA is taking steps to compile and analyze this information. According to TSA officials, the agency reviewed foreign countries' models for screening air cargo, which is performed early in the supply chain by government certified shippers and freight forwarders, when designing their Certified Cargo Screening Program. TSA officials believe this program will assist the agency in meeting the requirement to screen 100 percent of air cargo transported on passenger aircraft by August 2010, as mandated by the Implementing Recommendations of the 9/11 Commission Act of 2007. We have not independently assessed TSA's Certified Cargo Screening Program. Source: GAO Analysis. [End of table] TSA Has Made Progress in Developing and Implementing the Secure Flight Program, but Can Further Strengthen Its Efforts: In February 2008, we reported that TSA has made substantial progress in instilling more discipline and rigor into Secure Flight's development and implementation, but challenges remain that may hinder the program's progress moving forward.[Footnote 33] For example, TSA developed a detailed concept of operations, established a cost and schedule baseline, and drafted key management and systems development documents, among other efforts. However, while TSA developed a life-cycle cost estimate and an integrated master schedule for Secure Flight, the program has not fully followed best practices that would help to ensure reliable and valid cost and schedule estimates. We also reported that TSA can strengthen its systems development efforts by demonstrating that it has fully implemented its risk management plan, incorporated end-to-end testing[Footnote 34] as part of the program's testing strategy, and more fully addressed system security requirements and vulnerabilities. We further reported that DHS and TSA can strengthen their assessment of the current redress process for passengers who believe they were inappropriately inconvenienced during the watch-list matching process. TSA officials stated that they have considerably strengthened Secure Flight's systems development efforts, and have already taken or plan to take action to address the issues we identified. We made a number of recommendations to strengthen TSA's development and implementation of Secure Flight to address the issues discussed below, which officials generally agreed with. TSA Has Made Progress in Strengthening Secure Flight's Development and Implementation: TSA has taken numerous steps to address previous GAO recommendations related to strengthening Secure Flight's development and implementation, as well as additional steps designed to strengthen the program.[Footnote 35] TSA has, among other things, developed a detailed, conceptual description of how the system is to operate, commonly referred to as a concept of operations; established a cost and schedule baseline; developed security requirements; developed test plans; conducted outreach with key stakeholders; published a notice of proposed rulemaking on how Secure Flight is to operate; and issued a guide to key stakeholders (e.g., air carriers and CBP) that defines, among other things, system data requirements. Collectively, these efforts have enabled TSA to more effectively manage the program's development and implementation. TSA has also taken steps to integrate the domestic watch-list matching function with the international watch-list matching function currently operated by CBP. We previously reported that TSA and CBP experienced coordination challenges which, among other things, could result in a duplication of effort and conflicting results from domestic and international watch-list matching.[Footnote 36] We recommended that DHS take additional steps and make key policy and technical decisions that were necessary to more fully coordinate these programs. TSA and CBP have since worked with DHS to develop a strategy called the One DHS Solution, which is to align the two agencies' domestic and international watch-list matching processes, information technology systems, and regulatory procedures to provide a seamless interface between DHS and the airline industry. TSA and CBP also agreed that TSA will take over the screening of passengers against the watch list for international flights from CBP, though CBP will continue to match passenger information to the watch list in fulfillment of its border- related functions. Full implementation of an integrated system is not planned to take place until after Secure Flight acquires the watch list matching function for domestic flights. TSA has also taken steps to address key privacy principles in plans to protect private passenger information for the Secure Flight program. We previously reported that TSA, as part of its requirements development process, had not clearly identified the privacy impacts of the Secure Flight system or the full actions it planned to take to mitigate them. We also reported that TSA violated provisions of the Privacy Act by not fully disclosing its use of personal information during systems testing.[Footnote 37] In March 2005, we recommended that TSA specify how Secure Flight will protect personal privacy.[Footnote 38] In August 2007, TSA published, for public comment, the required privacy impact assessment[Footnote 39] and system of records notice[Footnote 40] that address key privacy protection principles.[Footnote 41] TSA also developed a Program Privacy Architecture describing key aspects of TSA's plans to protect private passenger information. We will continue to monitor TSA's efforts as part of our ongoing work to ensure that privacy protections continue to be appropriately considered. TSA Has Not Fully Followed Best Practices for Developing Reliable and Valid Cost and Schedule Estimates for Secure Flight: Although TSA has developed a life-cycle cost estimate and maintains an integrated master schedule for Secure Flight, the program has not fully followed best practices for developing reliable and valid cost and schedule estimates, and several program milestones have been missed or have slipped. The Office of Management and Budget (OMB) endorsed the use[Footnote 42]of GAO's Cost Assessment Guide in the development of life-cycle cost and program schedule estimates.[Footnote 43] Without adhering to these best practices in the development of its cost and schedule estimates, TSA is at risk of the Secure Flight program experiencing cost overruns, missed deadlines, and performance shortfalls. Life-cycle cost estimate. We reported that TSA has not fully followed best practices for developing a reliable and valid life-cycle cost estimate. Using our Cost Assessment Guide's 12-step process for creating cost estimates, we assessed the Secure Flight cost estimate against these best practices.[Footnote 44] DHS's Cost - Benefit Analysis Guidebook, which TSA program officials stated that TSA used to develop the life-cycle cost estimate for Secure Flight, contains most of the best practices outlined in our Guide. TSA followed some of these practices in developing its cost estimate, including defining the purpose of the program and estimate purpose; identifying many program cost elements, including expenditures for facilities, hardware, and software; and identifying the numbers of staff, their pay, and associated travel and training costs, among other elements. However, it is unclear whether TSA followed other best practices or did not address the practices in developing its estimate. For example, it is unclear whether the cost estimate had been updated to reflect the current program because the detailed support for the estimate was produced between 2004 and 2006, and does not reflect the current program plan. In addition, the cost estimate does not capture all key costs. For example, the estimate does not capture costs beyond 2012 even though the system is expected to be operational beyond that date. TSA officials stated that the program's cost figures were updated in 2007 and continue to be updated as changes warrant. Officials further stated that their estimates were prepared in accordance with DHS and OMB guidance and were reviewed and approved by DHS and OMB. However, without adhering to the best practices discussed above, as recommended by OMB, TSA's cost estimate may not provide a meaningful baseline from which to track progress, and effectively support investment decision making. Schedule estimate. We reported that TSA also did not fully follow best practices for developing a reliable and valid schedule estimate. GAO's Cost Assessment Guide includes 9 best practices, which if followed correctly, should result in high quality, reliable, and valid schedule estimates.[Footnote 45] Without a reliable schedule baseline and careful monitoring of its status, a program may not be able to determine when forecasted completion dates differ from planned dates. TSA has made progress in developing a reliable and valid schedule estimate, including capturing key activities and accounting for the development of program requirements and testing. However, TSA officials could not provide evidence that their scheduling software can produce a critical path (i.e., the longest path of sequential activities in a schedule) driven by discrete lower level tasks. Best practices call for the critical path to be generated using scheduling software. We also reported that the schedule is not fully integrated because several lower level activities were not connected in a logical manner, as called for by best practices. As a result, the Secure Flight schedule estimate may not provide a meaningful benchmark from which to gauge progress, identify and address potential problems, and make informed decisions. For example, the inability to institute a reliable schedule could affect TSA's ability to effectively measure contractor performance in meeting deliverables. TSA officials stated that their scheduling software can create a critical path, and that lower level tasks in their schedule were logically linked together; however, they did not provide evidence that supported this. In February 2008, we reported that since TSA completed a re-baselining of the Secure Flight program, and began using its current schedule, the program has missed milestones and experienced schedule slippages. [Footnote 46] For example, while TSA reported that it had met most of its March 2007 schedule milestones to date, the August 2007 milestone for developing memoranda of understanding and other written agreements (e.g. service level agreements) with key Secure Flight stakeholders (e.g. CBP) was missed and had not yet been met. TSA officials attributed schedule slippages in part to an extension in the Secure Flight rulemaking comment period and underestimating the time needed to complete key activities. In February 2008, we recommended that TSA fully incorporate best practices into the development of Secure Flight life-cycle cost and schedule estimates. TSA generally agreed with these recommendations. We will continue to assess TSA's efforts to develop life-cycle cost and schedule estimates as part of our ongoing review of the Secure Flight Program. TSA Has Made Progress in Strengthening Secure Flight's Development, but Can Further Strengthen Efforts: While TSA has taken numerous steps to strengthen the development of Secure Flight, additional challenges remain. These challenges include: 1) implementing the program's risk management plan, 2) planning and conducting end-to-end testing as part of their overall parallel testing strategy, and 3) addressing information security requirements and vulnerabilities. Risk management. In October 2006, TSA issued a risk management plan for identifying, managing, and mitigating Secure Flight program risks that was consistent with relevant guidance and best practices. TSA also acquired an electronic tool to guide its risk management efforts. However, TSA has not yet provided us with evidence that it has implemented all aspects of the plan, including developing an inventory of risks and related information to demonstrate that its risk management tool has been populated and is being used to identify, prioritize, mitigate, and monitor risk. In November 2007, TSA hired a risk management coordinator, a position that had been vacant since June 2007. According to program officials, the coordinator has been tasked with supporting the risk management board in implementing the risk management plan and has provided related training for its members. We will continue to assess TSA's efforts to mange risk as part of our ongoing review of Secure Flight. End-to-end test planning. Secure Flight does not fully outline plans for end-to-end testing in its overall test and evaluation plan, or other test plans. Federal guidance and related best practices recommend end-to-end testing to verify that the systems that collectively support a program like Secure Flight will interoperate as intended in an operational environment, either actual or simulated.[Footnote 47] We reported in March 2005 on the importance of Secure Flight end-to-end testing and recommended that TSA perform such testing.[Footnote 48] TSA agreed with this recommendation. However, Secure Flight's current test and evaluation master plan only outlines plans for partner organizational entities (e.g., CBP for integration of international watch-list functions) to test their respective parts of the system on their own--rather than a coordinated end-to-end test involving all parties. TSA developed a preliminary working draft of an end-to-end testing strategy, called the parallel testing strategy. However, the plan does not contain provisions for (1) testing that ensures that supporting systems will operate as intended in an operational environment, (2) definitions and dates for key milestone activities and parties responsible for completing them, or (3) the revision of other test plans, such as the test and evaluation master plan, to reflect the performance of end-to-end tests. In February 2008, we reported that Secure Flight officials stated that they plan to conduct full end-to- end testing of the program, beginning in the spring of 2008, and that they planned to reflect this testing in test plans that were still under development. While we commend TSA's plans to conduct end-to-end testing, the draft of TSA's test plan that discusses end-to-end testing does not define a scope that extends to all aspects of the program. Until TSA has well-defined and approved end-to-end test plans and procedures, it will be challenged in its ability to demonstrate that Secure Flight will perform in a way that will allow it to achieve intended program outcomes and results. We will continue to assess TSA's testing strategy, to include end-to-end testing, as part of our ongoing review of the program. Information security. While the Secure Flight program office has completed important steps to incorporate security into the system's development, it has not fully completed other steps to ensure security is effectively addressed. Federal standards and guidance identify the need to address information security throughout the life-cycle of information systems, and specifies a minimum set of security steps needed to effectively incorporate security into a system during its development.[Footnote 49] The Secure Flight program has performed several steps that incorporate security into the system's development, including performing a security risk assessment, identifying and documenting recommended security control requirements, and testing and evaluating security controls for the system and incorporating identified weaknesses in remedial action plans. However, other steps pertaining to ensuring that security requirements are tested, preparing security documentation, and conducting certification and accreditation activities were not adequately completed.[Footnote 50] For example, security requirements planned for Release One did not always trace to test activities for this release.[Footnote 51] Program officials stated that some security requirements were deferred until future releases due to delays in funding for acquiring specific hardware and other requirements require coordination with the information system security official to verify whether they were tested as part of security test and evaluation. In addition, security documentation contained incorrect or incomplete information. To illustrate, the systems security plan did not identify all interconnecting systems that Secure Flight will interface with, such as those operated by the DHS Watch-List Service, the organization that will transmit the watch-list to Secure Flight. Program officials stated that security documentation was outdated or incorrect because there was insufficient time to update the documentation for changes in the computing environment and security requirements. Furthermore, program officials granted an authorization to operate--one of three possible accreditation decisions made in the certification and accreditation process--although the system had 46 known vulnerabilities, including 11 high-risk and 27 moderate-risk vulnerabilities and the controls had not yet been implemented.[Footnote 52] Federal guidance as well as DHS policy provide for an interim authority to operate accreditation when significant restrictions or limitations exist and certain deficiencies and corrective actions need to be addressed within a specified period. Although security officials identified plans of actions and milestones for addressing the vulnerabilities within 60 and 90 days for the high and moderate risks, respectively, given their significance, an interim authorization to operate would be the more appropriate determination. In addition, hardware components used to implement controls over user identity and account management (i.e., authentication, logins and passwords, and user roles and privileges), as well as the alternate processing site had not yet been implemented. Once implemented, the security controls over these components could have an impact on the information security and, therefore, may require a re-accreditation. Program officials chose the authority to operate accreditation because they asserted that the DHS Chief Information Security Officer does not allow interim authorizations. If these security activities are not completed, there is an increased risk that key security controls and requirements may not be fully developed, tested, implemented or documented. In February 2008, we recommended that TSA fully implement the Secure Flight risk management plan; finalize and approve Secure Flight's end-to-end testing strategy; and strengthen information security documentation and controls. TSA generally agreed with these recommendations. DHS and TSA Lack Performance Measures to Fully Evaluate the Effectiveness of the Redress Process, But Plan Additional Measures under Secure Flight: DHS and TSA have not developed a complete set of performance measures to assess the effectiveness of the redress process for passengers inconvenienced as a result of watch-list matching.[Footnote 53] Measuring performance allows organizations to track the progress they are making toward their goals and gives managers critical information on which to base decisions for improving their programs. DHS and TSA are developing additional measures for the redress process that they plan to implement when Secure Flight becomes operational. TSA, supported by the Terrorist Screening Center, provides opportunities for airline passengers to seek redress in cases where they experienced inconveniences during the check-in and screening processes due to the possibility they have been misidentified as being on or wrongly assigned to the terrorist watch-list.[Footnote 54] The redress process enables these individuals to file an inquiry to have erroneous information corrected in DHS systems that may prevent future delays and inconveniences at the airport. In February 2007, DHS established the Traveler Redress Inquiry Program (TRIP) to serve as the central processing point within the department for redress inquiries. TSA's Office of Transportation Security Redress (OTSR) is responsible for reviewing redress inquiries submitted by air passengers through TRIP. TRIP and OTSR's redress program goals are to process redress applications as quickly and as accurately as possible. However, to measure program performance against these goals, TRIP and OTSR currently track only one measure for redress related to the timeliness of case completion, and do not track any performance measures related to program accuracy. Previous GAO work identified that agencies successful in evaluating performance had measures that used attributes from GAO's best practices.[Footnote 55] Specifically, our previous work identified that agencies successful in evaluating performance had measures that demonstrated results, covered multiple priorities, provided useful information for decision making, and successfully addressed important and varied aspects of program performance. TRIP and OTSR officials stated that they do not plan to develop additional performance measures, such as measures related to accuracy of the redress process, but rather are awaiting the implementation of Secure Flight to determine the program's impact on the redress process before creating additional measures. Secure Flight is intended to reduce the inconveniences experienced by air passengers by taking over from air carriers the responsibility for prescreening passengers in order to ensure consistent and effective use of the cleared list,[Footnote 56] which should impact the effectiveness of the redress process.[Footnote 57] In addition to TRIP and OTSR's performance measures for the redress process, the Secure Flight program office is working with OTSR to develop redress performance measures for the Secure Flight Program. Secure Flight plans to use the TSA redress process that is currently available for individuals affected by the air carrier identity-matching processes. Secure Flight is coordinating with OTSR to determine how this process will be integrated with other Secure Flight requirements. Secure Flight and OTSR are jointly developing a set of performance measures and targets covering multiple priorities for redress that are to be implemented when Secure Flight becomes operational, and officials told us that they will follow best practices in the development of these measures. While we commend TSA for developing redress performance measures for the Secure Flight Program, since the program is not scheduled to be implemented until January 2009, DHS and OTSR's current redress process lacks a complete set of measures with which they can assess performance and make program improvements. Since measures are often the key motivators of performance and goal achievement, the program's overall success is at risk if all priorities are not addressed and information is not obtained to make future adjustments and improvements to the program. Moreover, such performance data would provide a baseline against which to benchmark Secure Flight's progress and planned improvements to the redress process. In February 2008, we recommended that DHS and TSA re-evaluate redress performance measures and consider creating and implementing additional measures that, consistent with best practices, demonstrate results, cover multiple priorities, and provide useful information for decision making. TSA generally agreed with this recommendation. TSA Has Taken Steps to Secure the Nation's Surface Transportation Systems, but More Work Remains: DHS, primarily through the efforts of TSA, has undertaken initiatives to strengthen the security of the nation's surface transportation systems. While TSA has devoted the vast majority of its resources to securing commercial aviation and to meeting related statutory requirements, it has more recently increased its focus on the security of surface modes of transportation. However, these efforts are still largely in the early stages. International events such as the March 2004 bombing of commuter trains in Madrid, Spain, and the July 2005 bombings and attempted attacks against public transit in London, England, have, in part, contributed to this increased focus. TSA and other DHS components have developed a strategic approach for securing surface modes of transportation, have taken steps to conduct risk assessments of surface transportation assets and have administered related grant programs. TSA also issued a proposed rule in December 2006 which, if finalized as proposed, will require freight and passenger rail operators to implement additional security requirements, and will increase TSA's oversight of operators' security efforts.[Footnote 58] However, TSA has not issued standards for securing all surface transportation modes or determined whether it will issue standards for all modes, and is still defining what its regulatory role will be for these modes. We have ongoing work assessing the security of surface modes of transportation, and will report on our results later this year. Strategic Approach for Implementing Security Functions: In September 2005, DHS completed the National Strategy for Transportation Security. This strategy identified and evaluated transportation assets in the United States that could be at risk of a terrorist attack and addressed transportation sector security needs. Further, in May 2007, DHS issued a strategic plan for securing the transportation sector and supporting annexes for each of the surface transportation modes, and reported taking actions to adopt the strategic approach outlined by the plan. The Transportation Systems Sector-Specific Plan describes the security framework that is intended to enable sector stakeholders to make effective and appropriate risk- based security and resource allocation decisions within the transportation network. TSA has begun to implement some of the security initiatives outlined in the sector-specific plan and supporting modal plans. Additionally, the Implementing Recommendations of the 9/ 11Commission Act imposes a deadline of May 2008, for the Secretary of DHS to develop and implement the National Strategy for Public Transportation Security. Our work assessing DHS's efforts in implementing its strategy for securing surface transportation modes is being conducted as part of our ongoing reviews of mass transit, passenger and freight rail, commercial vehicle, and highway infrastructure security. We will report on the results of this work later this year. Threat, Vulnerability, and Criticality Assessments: TSA has taken actions to assess risk by conducting threat, criticality, and vulnerability assessments of surface transportation assets, particularly for mass transit, passenger rail, and freight rail, but its efforts related to commercial vehicles and highway infrastructure are in the early stages. For example, TSA had conducted threat assessments of all surface modes of transportation. TSA has also conducted assessments of the vulnerabilities associated with some surface transportation assets. For example, regarding freight rail, TSA has conducted vulnerability assessments of rail corridors in eight High Threat Urban Areas where toxic-inhalation-hazard shipments are transported. With respect to commercial vehicles and highway infrastructure, TSA's vulnerability assessment efforts are ongoing. According to TSA, the agency performed 113 corporate security reviews on highway transportation organizations through fiscal year 2007, such as trucking companies, state Departments of Transportation, and motor coach companies.[Footnote 59] However, TSA does not have a plan or a time frame for conducting these reviews on a nationwide basis. Furthermore, DHS's National Protection and Programs Directorate's Office of Infrastructure Protection conducts vulnerability assessments of surface transportation assets to identify protective measures to reduce or mitigate asset vulnerability. With regard to criticality assessments, TSA reported in April 2008 that the agency had conducted 1,345 assessments of passenger rail stations.[Footnote 60] Additionally, the Implementing Recommendations of the 9/11Commission Act has several provisions related to security assessments. For instance, the act requires DHS to review existing security assessments for public transportation systems as well as conduct additional assessments as necessary to ensure that all high-risk public transportation agencies have security assessments. Moreover, the act also requires DHS to establish a federal task force to complete a nationwide risk assessment of a terrorist attack on rail carriers. We will continue to review threat, vulnerability, and criticality assessments conducted by TSA related to securing surface modes of transportation during our ongoing work.[Footnote 61] Issuance of Security Standards: TSA has taken actions to develop and issue security standards for mass transit, passenger rail, and freight rail transportation modes. However, TSA has not yet developed or issued security standards for all surface transportation modes, such as commercial vehicle and highway infrastructure, or determined whether standards are necessary for these modes of transportation. Specifically, TSA has developed and issued both mandatory rail security directives and recommended voluntary best practices--known as Security Action Items--for transit agencies and passenger rail operators to implement as part of their security programs to enhance both security and emergency-management preparedness. TSA also issued a notice of proposed rule making in December 2006, which if finalized as proposed, would include additional security requirements for passenger and freight rail transportation operators.[Footnote 62] For example, the rule would include additional security requirements designed to ensure that freight railroads have protocols for the secure custody transfers of toxic-inhalation-hazard rail cars in High Threat Urban Areas. DHS and other federal partners have also been collaborating with the American Public Transportation Association (APTA) and public and private security professionals to develop industry wide security standards for mass transit systems. APTA officials reported that they expect several of the voluntary standards to be released in mid-2008. Additionally, the Implementing Recommendations of the 9/11Commission Act requires DHS to issue regulations establishing standards and guidelines for developing and implementing vulnerability assessments and security plans for high-risk railroad carriers and over-the-road bus operators.[Footnote 63] The deadlines for the regulations are August 2008 and February 2009, respectively. With respect to freight rail, TSA is developing a notice of proposed rulemaking proposing that high-risk rail carriers conduct vulnerability assessments and develop and implement security plans. We will continue to assess TSA's efforts to issue security standards for other surface transportation modes during our ongoing reviews. Compliance Inspections: TSA has hired and deployed surface transportation security inspectors who conduct compliance inspections for both passenger and freight rail modes of transportation; however, questions exist regarding how TSA will employ the inspectors to enforce new regulations proposed in its December 2006 Notice of Proposed Rulemaking and regulations to be developed in accordance with the Implementing Recommendations of the 9/ 11 Commission Act.[Footnote 64] TSA officials reported having 100 surface transportation inspectors during fiscal year 2005 and, as of December 2007, were maintaining an inspector workforce of about the same number. The agency's budget request for fiscal year 2009 includes $11.6 million to fund 100 surface transportation security inspectors-- which would maintain its current staffing level. Inspectors' responsibilities include conducting on-site inspections of key facilities for freight rail, passenger rail, and transit systems; assessing transit systems' implementation of core transit security fundamentals and comprehensive security action items; conducting examinations of stakeholder operations, including compliance with security directives; identifying security gaps; and developing effective practices. To meet these compliance responsibilities, TSA reported in December 2007 that it had conducted voluntary assessments of 50 of the 100 largest transit agencies, including 34 passenger rail and 16 bus-only agencies, and has plans to continue these assessments with the next 50 largest transit agencies during fiscal year 2008. With respect to freight rail, TSA reported visiting, during 2007, almost 300 railroad facilities including terminal and railroad yards to assess the railroads' implementation of 17 DHS-recommended Security Action Items associated with the transportation of toxic-inhalation-hazard materials. TSA has raised concerns about the agency's ability to continue to meet anticipated inspection responsibilities given the new regulations proposed in its December 2006 Notice of Proposed Rulemaking and requirements of the Implementing Recommendations of the 9/11 Commission Act. For example, the act mandates that high-risk over-the-road bus operators, railroad carriers, and public transportation agencies develop and implement security plans which must include, among other requirements, procedures to be implemented in response to a terrorist attack.[Footnote 65] The act further requires the Secretary of DHS to review each plan within 6 months of receiving it. TSA officials stated that they believe TSA inspectors will likely be tasked to conduct these reviews. The act also requires that the Secretary of DHS develop and issue interim final regulations by November 2007, for a public transportation security training program.[Footnote 66] As of April 2008, these interim regulations have not been issued. According to TSA officials, TSA inspectors will likely be involved in ensuring compliance with these regulations as well. To help address these additional requirements, the Implementing Recommendations of the 9/ 11Commission Act authorizes funds to be appropriated for TSA to employ additional surface transportation inspectors, and requires that surface transportation inspectors have relevant transportation experience and appropriate security and inspection qualifications.[Footnote 67] However, it is not clear how TSA will meet these new requirements since the agency has not requested funding for additional surface transportation security inspectors for fiscal year 2009. We will continue to assess TSA's inspection efforts during our ongoing work. [Footnote 68] Grant Programs: DHS has developed and administered grant programs for various surface transportation modes, although stakeholders have raised concerns regarding the current grant process. For example, the DHS Office of Grants and Training, now called the Grant Programs Directorate, has used various programs to fund passenger rail security since 2003. Through the Urban Areas Security Initiative grant program, the Grant Programs Directorate has provided grants to urban areas to help enhance their overall security and preparedness level to prevent, respond to, and recover from acts of terrorism. The Grant Programs Directorate used fiscal year 2005, 2006, and 2007 appropriations to build on the work under way through the Urban Areas Security Initiative program, and create and administer new programs focused specifically on transportation security, including the Transit Security Grant Program, Intercity Passenger Rail Security Grant Program, and the Freight Rail Security Grant Program. However, some industry stakeholders have raised concerns regarding DHS's current grant process, including the shifting of funding priorities, the lack of program flexibility, and other barriers to the provision of grant funding. For example, transit agencies have reported that the lack of predictability in how TSA will assess grant projects against funding priorities makes it difficult to engage in long-term planning of security initiatives. Specifically, transit agencies have reported receiving funding to begin projects-- such as retrofitting their transit fleet with security cameras or installing digital video recording systems--but not being able to finish these projects in subsequent years because TSA had changed its funding priorities. The Implementing Recommendations of the 9/11 Commission Act codifies surface transportation grant programs and imposes statutory requirements on the administration of the programs.[Footnote 69] For example, the act lists authorized uses of these grant funds and requires DHS to award the grants based on risk.[Footnote 70] It also requires that DHS and DOT determine the most effective and efficient way to distribute grant funds, authorizing DHS to transfer funds to DOT for the purpose of disbursement.[Footnote 71] According to the TSA fiscal year 2009 budget justification, to ensure that the selected projects are focused on increasing security, DHS grants are to be awarded based on risk. We will continue assessing surface transportation related grant programs as part of our ongoing work.[Footnote 72] Conclusions: DHS and TSA have undertaken numerous initiatives to strengthen the security of the nation's transportation system, and should be commended for these efforts. Regarding commercial aviation, TSA has developed processes to more efficiently allocate and deploy the TSO workforce, strengthened screening procedures, is working to develop and deploy more effective screening technologies, strengthened the security of air cargo, and improved the development of a program to prescreen passengers against terrorist watch-lists. Further, TSA has more recently taken actions in a number of areas to help secure surface modes of transportation. More work, however, remains. For example, TSA's surface transportation security efforts are still largely in the early stage, and the nature of its regulatory role, and relationship with transportation operators, is still being defined. Opportunities therefore exist to further strengthen these efforts, in particular in the areas of risk management and program planning and monitoring. Our work has shown--in homeland security and in other areas--that a comprehensive risk management approach can help inform decision makers in the allocation of finite resources to the areas of greatest need. We are encouraged that risk management has been a cornerstone of DHS and TSA policy, and that TSA has implemented risk-based decision making into a number of its efforts. Despite this commitment, however, TSA will continue to face difficult decisions and trade-offs--particularly as threats to transportation systems evolve--regarding acceptable levels of risk and the need to balance security and its investments among all transportation modes. We recognize that doing so will not be easy. Mr. Chairman this concludes my statement. I would be pleased to answer any questions that you or other members of the committee may have at this time. Contact and Acknowledgements: For further information on this testimony, please contact Cathleen A. Berrick at (202) 512-3404 or berrickc@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this statement. In addition to the contact named above, Jason Berman, Chris Currie, Joe Dewechter, Chris Ferencik, Dawn Hoff, Daniel Klabunde, Tracey King, Anne Laffoon, Thomas Lombardi, Gary Malavenda, Vicky Miller, Steve Morris, Maria Strudwick, and Meg Ullengren made contributions to this testimony. [End of section] Footnotes: [1] GAO, Aviation Security: Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation Security Programs, but More Work Remains, [hyperlink, http://www.gao.gov/cgi- bin/getrpt?GAO-08-456T] (Washington, D.C.: February 28, 2008). [2] Pub. L. No. 110-53, § 1605(b), 121 Stat. 266, 481-82 (2007). [3] See Pub. L. No. 107-71, 115 Stat. 597 (2001). [4] DHS's budget execution reports are monthly statements that reflect the department's financial activity. In our analysis of DHS's budget execution reports and TSA Congressional Budget Justification, we included funding that we determined to be specifically designated for aviation security and funding for all programs, projects, and activities related to aviation security, to the extent they were identifiable, in order to present consistent total funding amounts across fiscal years. In addition, these aviation security totals do not reflect funding for activities that may support TSA's aviation security programs and projects, such as intelligence and administration, because DHS's documentation does not identify the proportion of funding dedicated to support aviation security. During this time period, a number of aviation security related activities were transferred in or out of TSA's jurisdiction, which affects TSA funding levels for the affected fiscal years. [5] ATSA further required TSA to allow airports to apply to opt-out of federal screening and to use private screeners under contract with TSA. See 49 U.S.C. § 44920. Ten airports and 1 heliport currently have screening operations conducted by private screening contractors under TSA's Screening Partnership Program. [6] Sterile areas are located within the terminal where passengers are provided access to boarding aircraft. Access to these areas is controlled by TSOs (or by non-federal screeners at airports participating in the Screener Partnership Program) at checkpoints where they conduct physical screening of individuals and their carry-on baggage for weapons and explosives. [7] CAPPS identifies passengers for secondary screening based on certain travel behaviors reflected in their reservation information that are associated with threats to aviation security, as well as through a random selection of passengers. At some airports, some passengers may also be screened by walking through an explosives trace portal--a machine that detects trace amounts of explosives on persons. [8] Explosive detection systems use computer-aided tomography X-rays to examine objects inside baggage and identify the characteristic signatures of threat explosives. This equipment operates in an automated mode. [9] Explosive trace detection works by detecting vapors and residues of explosives. Human operators collect samples by rubbing bags with swabs, which are chemically analyzed to identify any traces of explosive materials. [10] The Implementing Recommendations of the 9/11 Commission Act of 2007 defines the term 'screening' for purposes of air cargo to mean a physical examination or non-intrusive methods of assessing whether cargo poses a threat to transportation security. See 49 U.S.C. § 44901(g)(5). Such methods of screening include x-ray systems, explosives detection systems, explosives trace detection, explosives detection canine teams certified by TSA, or a physical search together with manifest verification. While additional methods may be approved to ensure that cargo does not pose a threat to transportation security, these additional methods cannot include solely performing a review of information about the contents of cargo or verifying the identity of a shipper of the cargo if not performed in conjunction with other authorized security methods, including whether a shipper is registered in the known shipper database. [11] Certified explosive detection canine teams have been evaluated by TSA and shown to effectively detect explosive devices. Decompression chambers simulate the pressures acting on aircraft by simulating flight conditions, which cause explosives that are attached to barometric fuses to detonate. [12] See Pub. L. No. 110-53, § 1602(a), 121 Stat. 266, 477-480 (2007) (codified at 49 U.S.C. § 44901(g)). [13] The No Fly and Selectee lists contain the names of individuals with known or suspected links to terrorism. These lists are subsets of the consolidated terrorist watch-list that is maintained by the Federal Bureau of Investigation's Terrorist Screening Center. [14] See 49 U.S.C. § 44903(j)(2)(C). [15] GAO, Aviation Security: Progress Made in Systematic Planning to Guide Key Investment Decisions, but More Work Remains, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-448T] (Washington, D.C.: February 13, 2007). [16] See Pub. L. No. 110-53, § 1605(b), 121 Stat. 266, at 481-82. [17] GAO is also mandated to review DHS's certification of 10 conditions outlined in section 522(a) of the DHS Appropriations Act, 2005, related to the development and implementation of the Secure Flight program. See Pub. L. No. 110-161, § 513, 121 Stat. 1844 (2007). [18] Fifteen million was appropriated during fiscal year 2007 and $17.5 million was carried over from the prior fiscal year, for a total of $32.5 million. [19] As mandated by law, GAO is currently reviewing TSA's request for transfer of an additional $24 million to the Secure Flight program in fiscal year 2008. See Pub. L. No. 110-161, § 550, 121 Stat. 1844. [20] According to TSA's Congressional Justification, the $154 million requested for procurement and installation of checked baggage explosive detection systems is in addition to the $676 in mandatory fees requested for the Aviation Security Capital Fund, which would provide $830 million in total funding for the procurement and installation of such systems. [21] GAO, Aviation Security: Challenges Exist in Stabilizing and Enhancing Passenger and Baggage Screening Operations, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-04-440T] (Washington, D.C.: Feb. 12, 2004). [22] As part of TSA's Screening Partnership Program, 10 airports and 1 heliport use private contract screeners in lieu of federal TSOs. Although these airports and heliport do not use federal screeners, TSA uses the Staffing Allocation Model to determine the full-time equivalent screening staff at each of these airports. These staffing levels, as determined by the model, serve as a limit on the number of private screeners that the private screening contractors could employ. [23] The TSA fiscal year 2009 budget justification includes about $151 million for the Screening Partnership Program. [24] GAO, Aviation Security: Risk, Experience, and Customer Concerns Drive Changes to Airline Passenger Screening Procedures, but Evaluation and Documentation of Proposed Changes Could Be Improved, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-634] (Washington, D.C.: April 16, 2007). [25] GAO, Transportation Security Administration: Actions and Plans to Build a Results Oriented Culture, [hyperlink, http://www.gao.gov/cgi- bin/getrpt?GAO-03-190] (Washington, D.C.: January 2003). [26] GAO, Aviation Security: Progress Made in Systematic Planning to Guide Key Investment Decisions, but More Work Remains, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-448T] (Washington, D.C.: February 13, 2007). [27] DHS S&T is responsible for research and development of checkpoint technologies related to aviation security, managing the activities conducted at the Transportation Security Laboratory, and coordinating these efforts with TSA. TSA's Passenger Screening Program is responsible for evaluating and deploying systems to detect explosives and weapons concealed on persons or in carry-on items, while strengthening access control, improving screener performance, and reducing staffing requirements. [28] Research and development projects generally fall within the following phases: (1) basic research includes all scientific efforts and experimentation directed to increase knowledge and understanding in the fields of science related to long-term national needs; (2) applied research includes efforts directed toward solving specific problems with a focus on developing and evaluating the feasibility of proposed solutions; (3) advanced development includes efforts directed toward the development of hardware for field experiments; and (4) operational testing includes evaluation of technologies in a realistic operating environment to assess the performance or cost reduction potential of advanced technology. [29] GAO, Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and Could Be Strengthened, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-660] (Washington, D.C.: April 2007). [31] According to TSA, the funding requested for the Certified Cargo Screening Program could change if the agency has any contract activity in fiscal year 2008 for this program. [32] GAO, Aviation Security: Federal Action Needed to Strengthen Domestic Air Cargo Security, [hyperlink, http://www.gao.gov/cgi- bin/getrpt?GAO-06-76] (Washington, D.C.: October 2005) and [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-660]; GAO, Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and Could Be Strengthened, [hyperlink, http://www.gao.gov/cgi- bin/getrpt?GAO-07-660] (Washington, D.C.: April 2007). [33] The table represents the key recommendations GAO made regarding air cargo, but does not encompass all of them. See [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-76] and [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-660] for the complete list of recommendations. [34] In fulfilling this mandate, DHS must provide for the screening of 50 percent of all cargo transported on passenger aircraft by February 2009, 18 months after enactment of the Act. See 49 U.S.C. § 44901(g). [35] End-to-end testing is conducted to verify that the entire system, including any external systems with which it interfaces, functions as intended in an operational environment. [36] GAO, Aviation Security: Secure Flight Development and Testing Under Way, but Risks Should Be Managed as System is Further Developed, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-05-356] (Washington, D.C.: March 28, 2005); and GAO, Aviation Security: Significant Management Challenges May Adversely Affect Implementation of the Transportation Security Administration's Secure Flight Program, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-374T] (Washington, D.C.: February 9, 2006). [37] See [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-448T]. [38] See GAO, Aviation Security: Transportation Security Administration Did Not Fully Disclose Uses of Personal Information during Secure Flight Program Testing in Initial Privacy Notices, but Has Recently Taken Steps to More Fully Inform the Public, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-05-864R] (Washington, D.C.: July 22, 2005). [39] See [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-05-356]. [40] The E-Government Act of 2002 requires agencies to conduct privacy impact assessments (PIA). Pub. L. No. 107-347, § 208, 116 Stat. 2899, 2921-23 (2002). A PIA is an analysis of how personal information is collected, stored, shared, and managed in a federal system. Agencies are required to make their PIAs publicly available. [41] The Privacy Act places limitations on agencies' collection, disclosure, and use of personal information maintained in systems of records and requires agencies to publish a public notice, known as a System of Records Notice (SORN), in the Federal Register. See 5 U.S.C. § 552a. [42] TSA will not issue final notices until it completes its evaluation of public comments on notice of proposed rulemaking. The comment period for the Secure Flight rulemaking closed on November 21, 2007. [43] OMB's Capital Programming Guide (Supplement to Office of Management and Budget Circular A-11, Part 7: Planning, Budgeting, and Acquisition of Capital Assets) identifies that there are certain key criteria that OMB will look for in the justification of spending for proposed new capital assets including credible cost estimates. Appendix 9 of the guide identifies that following the guidelines in GAO's Cost Assessment Guide will help agencies meet most cost estimating requirements. [44] See GAO, Cost Assessment Guide: Best Practices for Estimating and Managing Program Costs, Exposure Draft, GAO-07-1134SP (Washington, D.C.: July 2007). [45] The 12 steps involved in developing a high-quality cost estimating process are 1) define the estimate's purpose, 2) develop the estimating plan, 3) define the program, 4) determine the estimating structure, 5) identify ground rules and assumptions, 6) obtain the data, 7) develop the point estimate and compare it to an independent cost estimate, 8) conduct sensitivity analysis, 9) conduct risk and uncertainty analysis, 10) document the estimate, 11) present estimate to management, and 12) update the estimate to reflect actual costs and changes. [46] The 9 best practices are 1) capturing key activities, 2) sequencing key activities, 3) establishing the duration of key activities, 4) establishing the critical path for key activities, 5) assigning resources to key activities, 6) identifying "float time" between key activities, 7) distributing reserves to high risk activities (including conducting an independent cost estimate), 8) integrating key activities horizontally--to link products and outcomes associated with already sequenced activities--and vertically--to ensure that traceability exists among varying levels of activities and supporting tasks, and 9) completing schedule risk analysis. [47] See [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-456T]. [48] Risks of testing in the production environment must be thoroughly analyzed and precautions taken to preclude damage to systems and data. See GAO, Year 2000 Computing Crisis: A Testing Guide, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-10.1.21] (Washington. D.C.: November 1998). [49] See [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-05-356]. [50] National Institute of Standards and Technology (NIST), Technology Administration, U.S. Department of Commerce, Security Considerations in the Information System Development Life-Cycle, NIST Special Publication 800-64 (Gaithersburg, Md: June 2004). [51] OMB requires that agency management officials formally authorize their information systems to process information and accept the risk associated with their operation. This management authorization (accreditation) is to be supported by a formal technical evaluation (certification) of the management, operational, and technical controls established in an information system's security plan. See GAO, Information Security: Although Progress Reported, Federal Agencies Need to Resolve Significant Deficiencies, [hyperlink, http://www.gao.gov/cgi- bin/getrpt?GAO-08-496T], (Washington, D.C.: February 14, 2008). [52] These activities include 1) system testing performed as part of software development, and 2) security test and evaluation performed as part of certification and accreditation. [53] TSA defines high-risk vulnerabilities as those where there is a strong need for corrective measures, the probability of serious incident is likely and risks are not normally acceptable, corrective action plans must in place as soon as possible, and the authorization to operate may be receded or not granted. Moderate-risk vulnerabilities are those where the probability of incident is elevated, with increased probability of unauthorized disclosure or disruption of operations, and risks are probably not acceptable. [54] In general, performance measures are indicators, statistics, or metrics used to gauge program performance. [55] The term "misidentified" refers to a person initially matched by a screening entity to a name on the watch-list, but upon closer examination, the person is found to not match any watch-list record. [56] GAO, Tax Administration: IRS Needs to Further Refine Its Tax Filing Season Performance Measures, [hyperlink, http://www.gao.gov/cgi- bin/getrpt?GAO-03-143], (Washington, D.C.: November 22, 2002). [57] The cleared list contains the names and other personal identifying information of individuals who have gone through the redress process and have been checked and cleared as being persons not on the No Fly or Selectee lists. [58] Under Secure Flight, as described by TSA's notice of proposed rulemaking, TSA plans to introduce a unique redress number that would enable Secure Flight to "pre-clear" individuals who have previously been misidentified, have gone through the redress process, and who provide additional identifying information when making a reservation. TSA expects this to reduce the likelihood of travel delays at check-in for those passengers. [59] See 71 Fed Reg. 76,852 (Dec 21, 2006). [60] TSA conducts corporate security reviews in multiple modes of transportation to establish baseline data against which to evaluate minimum-security standards and identify coverage gaps in reviewed systems. [61] According to TSA, the agency completed 945 criticality assessments in fiscal year 2007 and 400 assessments in fiscal year 2008. TSA officials stated that some of these assessments may have been conducted to update previously completed ones. [62] For more information, see GAO, Passenger Rail Security: Enhanced Federal Leadership Needed to Prioritize and Guide Security Efforts, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-225T] (Washington, D.C.: Jan. 18, 2007). [63] See 71 Fed. Reg. 76,852 (Dec. 21, 2006). [64] See Pub. L. No. 110-53, § 1512, 1531, 121 Stat. at 429-33, 454-57. [65] See, e.g., Pub. L. No. 110-53, § 1534, 121 Stat at 461-62. [66] See Pub. L. No. 110-53, § 1405, 1512, 1531, 121 Stat. at 402-05, 429-33, 454-57. [67] See Pub. L. No. 110-53, § 1408, 121 Stat. at 409-11 (requiring that the Secretary develop and issue final regulations for the training program by August 2008). [68] See Pub. L. No. 110-53, § 1304, 121 Stat. at 393-94. [69] For more information, see GAO, Passenger Rail Security: Enhanced Federal Leadership Needed to Prioritize and Guide Security Efforts, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-06-181T] (Washington, D.C.: Oct. 20, 2005). [70] See Pub. L. No. 110-53, § 1406, 1513, 1532, 121 Stat. 405-08, 433- 35, 457-60. [71] See, e.g., Pub. L. No. 110-53, § 1406(b), (c)(2), 121 Stat. at 405- 07. [72] See Pub. L. No. 110-53, § 1406(d), 1532(e), 121 Stat. at 407, 459. [73] For more information see [hyperlink, http://www.gao.gov/cgi- bin/getrpt?GAO-06-181T]. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office: 441 G Street NW, Room LM: Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: