Summary
The Transportation Security Administration (TSA) uses undercover, or covert, testing to approximate techniques that terrorists may use to identify vulnerabilities in and measure the performance of airport security systems. During these tests, undercover inspectors attempt to pass threat objects through passenger and baggage screening systems, and access secure airport areas. In response to a congressional request, GAO examined (1) TSA's strategy for conducting covert testing of the transportation system and the extent to which the agency has designed and implemented its covert tests to achieve identified goals; and (2) the results of TSA's national aviation covert tests conducted from September 2002 to June 2007, and the extent to which TSA uses the results of these tests to mitigate security vulnerabilities. To conduct this work, GAO analyzed covert testing documents and data and interviewed TSA and transportation industry officials.
TSA has designed and implemented risk-based national and local covert testing programs to achieve its goals of identifying vulnerabilities in and measuring the performance the aviation security system, and has begun to determine the extent to which covert testing will be used in non-aviation modes of transportation. TSA's Office of Inspection (OI) used information on terrorist threats to design and implement its national covert tests and determine at which airports to conduct tests based on the likelihood of a terrorist attack. However, OI did not systematically record the causes of test failures or practices that resulted in higher pass rates for tests. Without systematically recording reasons for test failures, such as failures caused by screening equipment not working properly, as well as reasons for test passes, TSA is limited in its ability to mitigate identified vulnerabilities. OI officials stated that identifying a single cause for a test failure is difficult since failures can be caused by multiple factors. TSA recently redesigned its local covert testing program to more effectively measure the performance of passenger and baggage screening systems and identify vulnerabilities. However, it is too early to determine whether the program will meet its goals since it was only recently implemented and TSA is still analyzing the results of initial tests. While TSA has a well established covert testing program in commercial aviation, the agency does not regularly conduct covert tests in non-aviation modes of transportation. Furthermore, select domestic and foreign transportation organizations and DHS components use covert testing to identify security vulnerabilities in non-aviation settings. However, TSA lacks a systematic process for coordinating with these organizations. TSA covert tests conducted from September 2002 to June 2007 have identified vulnerabilities in the commercial aviation system at airports of all sizes, and the agency could more fully use the results of tests to mitigate identified vulnerabilities. While the specific results of these tests and the vulnerabilities they identified are classified, covert test failures can be caused by multiple factors, including screening equipment that does not detect a threat item, Transportation Security Officers (TSOs), formerly known as screeners, not properly following TSA procedures when screening passengers, or TSA screening procedures that do not provide sufficient detail to enable TSOs to identify the threat item. TSA's Administrator and senior officials are routinely briefed on covert test results and are provided with test reports that contain recommendations to address identified vulnerabilities. However, TSA lacks a systematic process to ensure that OI's recommendations are considered and that the rationale for implementing or not implementing OI's recommendations is documented. Without such a process, TSA is limited in its ability to use covert test results to strengthen aviation security. TSA officials stated that opportunities exist to improve the agency's processes in this area. In May 2008, GAO issued a classified report on TSA's covert testing program. That report contained information that was deemed either classified or sensitive. This version of the report summarizes our overall findings and recommendations while omitting classified or sensitive security information.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change
from "In process" to "Implemented" or "Not implemented" based on our follow up work.
Director:
Team:
Phone:
Cathleen A. Berrick
Government Accountability Office: Homeland Security and Justice
No phone on record
Recommendations for Executive Action
Recommendation: To help ensure that the results of covert tests are more fully used to mitigate vulnerabilities identified in the transportation security system, the Assistant Secretary of Homeland Security for TSA should require OI inspectors to document the specific causes of all national covert testing failures--including documenting failures related to TSOs, screening procedures, and equipment--in the covert testing database to help TSA better identify areas for improvement, such as additional TSO training or revisions to screening procedures.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: To help ensure that the results of covert tests are more fully used to mitigate vulnerabilities identified in the transportation security system, the Assistant Secretary of Homeland Security for TSA should develop a process for collecting, analyzing, and disseminating information on practices in place at those airports that perform well during national and local covert tests in order to assist TSA managers in improving the effectiveness of checkpoint screening operations.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: To help ensure that the results of covert tests are more fully used to mitigate vulnerabilities identified in the transportation security system, the Assistant Secretary of Homeland Security for TSA should, as TSA explores the use of covert testing in non-aviation modes of transportation, develop a process to systematically coordinate with domestic and foreign transportation organizations that already conduct these tests to learn from their experiences.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: To help ensure that the results of covert tests are more fully used to mitigate vulnerabilities identified in the transportation security system, the Assistant Secretary of Homeland Security for TSA should develop a systematic process to ensure that the Office of Security Operations (OSO) considers all recommendations made by OI in a timely manner as a result of covert tests, and document its rationale for either taking or not taking action to address these recommendations.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: To help ensure that the results of covert tests are more fully used to mitigate vulnerabilities identified in the transportation security system, the Assistant Secretary of Homeland Security for TSA should require OSO to develop a process for evaluating whether the action taken to implement OI's recommendations mitigated the vulnerability identified during covert tests, such as using follow-up national or local covert tests to determine if these actions were effective.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
