This is the accessible text file for GAO report number GAO-09-93 entitled 'Northern Border Security: DHS's Report Could Better Inform Congress by Identifying Actions, Resources, and Time Frames Needed to Address Vulnerabilities' which was released on November 25, 2008. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Report to Congressional Committees: United States Government Accountability Office: GAO: November 2008: Northern Border Security: DHS's Report Could Better Inform Congress by Identifying Actions, Resources, and Time Frames Needed to Address Vulnerabilities: GAO-09-93: GAO Highlights: Highlights of GAO-09-93, a report to congressional committees. Why GAO Did This Study: Covering nearly 4,000 miles of land and water from Washington to Maine, the U.S.-Canadian border is the longest undefended border in the world. Various Department of Homeland Security (DHS) component agencies share responsibility for northern border security, primarily U.S. Customs and Border Protection (CBP), in collaboration with other federal, state, local, tribal, and Canadian entities. The Implementing Recommendations of the 9/11 Act of 2007 required the Secretary of Homeland Security to submit a report to Congress that addresses the vulnerabilities along the northern border, and provides recommendations and required resources to address them. The act also required GAO to review and comment on this report. In response to this mandate, GAO examined (1) the extent to which the DHS report to Congress is responsive to the legislative requirements and (2) actions that may be necessary to address northern border vulnerabilities in addition to the actions addressed in the report. To conduct this work, GAO reviewed DHS plans, reports, and other documents, and interviewed DHS officials. What GAO Found: The DHS February 2008 report to Congress is not fully responsive to legislative requirements in providing information for improving northern border security. In particular, DHS provided a listing of northern border vulnerabilities and initiatives to address them, but did not include recommendations and additional resources that are needed to protect the northern border. DHS officials provided several reasons for the lack of specificity and gaps in reported information, including the fact that the component agencies’ priorities for action and resources are reflected in the existing budget process, and that they had nothing further to recommend or request through this report. However, budget documents do not reflect the resources needed over time to achieve control of the northern border. The lack of this information makes it difficult for Congress to consider future actions and resources needed. DHS is developing northern border strategic plans and a risk-management process to help guide and prioritize action and resources, and fully implementing recommendations from past GAO evaluations would also provide benefit in addressing northern border security vulnerabilities. DHS is currently developing strategic plans that are intended to provide overall direction in addressing vulnerabilities in northern border security. DHS is also developing a risk-management process to assist in prioritizing efforts and resources that will provide greatest benefit to national security. DHS officials have said that the success of various pilot projects, such as DHS’s testing of new technology, will likely change the level and mix of resources needed to protect the northern border. In the meantime, DHS could take action to reduce vulnerabilities by implementing recommendations made in past evaluations. DHS has implemented 11 GAO recommendations designed to improve border security, but 39 recommendations are yet to be fully addressed. Eighteen of these open recommendations were made within the last year. However, 21 recommendations for improving use of air and marine assets, improving screening processes at the ports of entry, and deploying nuclear detection equipment—which DHS and other agencies generally agreed to take action to implement—have remained open for at least 1 year and, in some cases, over 3 years. GAO believes these outstanding recommendations continue to have merit and should be implemented. Figure: Vehicle Inspections and Agent Patrols at and between Northern Border Ports of Entry: [Refer to PDF for image] This figure contains two photographs of vehicle inspections and agent patrols at and between northern border ports of entry. Sources: GAO and U.S. Customs and Border Protection. [End of figure] What GAO Recommends: GAO recommends that the Secretary of Homeland Security provide more specific information in future reports on actions and resources needed to achieve northern border security, and in what time frame they are needed. DHS and CBP concurred with our recommendation. To view the full product, including the scope and methodology, click on [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-09-93]. For more information, contact Richard Stana at (202) 512-8777 or stanar@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: DHS Report Is Not Fully Responsive to Congress in Providing Information for Improving Northern Border Security: DHS Is Taking Action to Improve Northern Border Security, and Implementing Past GAO Recommendations Would Also Provide Benefit: Conclusions: Recommendation for Executive Action: Agency Comments and Our Evaluation: Appendix I: Selected Open Recommendations from GAO on Various Border Security Issues: Appendix II: Comments from the Department of Homeland Security: Appendix III: GAO Contact and Staff Acknowledgments: Related GAO Products: Tables: Table 1: Department of Homeland Security Components with a Primary Mission to Secure the Northern Border: Table 2: Selected GAO Recommendations Relevant to Border Security That Have Not Been Fully Implemented: Table 3: Selected Open GAO Recommendations Regarding General Border Security Issues with Potential Implications for Northern Border Security: Table 4: Selected Open GAO Recommendations Regarding Nuclear Security with Potential Implications for Northern Border Security: Table 5: Selected Open GAO Recommendations Regarding SBInet with Potential Implications for Northern Border Security: Table 6: Selected Open GAO Recommendations Regarding Partnerships and Joint Operations with Potential Implications for Northern Border Security: Abbreviations: 9/11 Act: Implementing Recommendations of the 9/11 Commission Act of 2007: ASP: advanced spectroscopic portal: CBP: Customs and Border Protection: DEA: Drug Enforcement Administration: DHS: Department of Homeland Security: DNDO: Domestic Nuclear Detection Office: DOE: Department of Energy: DOJ: Department of Justice: FBI: Federal Bureau of Investigation: HSPD-7: Homeland Security Presidential Directive 7: HSPD-11: Homeland Security Presidential Directive 11: IBET: Integrated Border Enforcement Team: ICE: Immigration and Customs Enforcement: NFCCG: National Fusion Center Coordination Group: OBP: Office of Border Patrol: OES: Office of the Executive Secretariat: OMB: Office of Management and Budget: PM-ISE: Program Manager for the Information Sharing Environment: PNNL: Pacific Northwest National Laboratory: POE: port of entry: RCMP: Royal Canadian Mounted Police: SBI: Secure Border Initiative: USCG: U.S. Coast Guard: US-VISIT: U.S. Visitor and Immigrant Status Indicator Technology: [End of section] United States Government Accountability Office: Washington, DC 20548: November 25, 2008: The Honorable Joseph I. Lieberman: Chairman: The Honorable Susan M. Collins: Ranking Member: Committee on Homeland Security and Governmental Affairs: United States Senate: The Honorable Bennie G. Thompson: Chairman: The Honorable Peter T. King: Ranking Member: Committee on Homeland Security: House of Representatives: The U.S.-Canadian border stands as the longest undefended border in the world, covering nearly 4,000 miles of land and water,[Footnote 1] most of which is sparsely populated with limited law enforcement presence. Historically, U.S. attention and resources have been focused primarily on the U.S. border with Mexico, which continues to experience significantly higher levels of drug trafficking and illegal immigration than the U.S-Canadian border. However, the extensive volume of trade and travel between the two countries, and large expanse of areas with limited law enforcement presence, provide potential for terrorists and other criminal elements to enter the United States undetected at or between the northern ports of entry. Securing the northern border is the primary responsibility of various components within DHS, in collaboration with other federal, state, local, tribal, and Canadian entities. Within DHS, U.S. Customs and Border Protection (CBP) is the frontline agency responsible for interdiction of persons and contraband crossing the border illegally; U.S. Immigration and Customs Enforcement (ICE) is responsible for investigating the source of cross-border crimes and dismantling their operations; and the U.S. Coast Guard (USCG) executes its maritime security mission on all navigable waterways on the northern border, including the Great Lakes. DHS submitted a report to Congress in February 2008, discussing ongoing initiatives of these agencies to improve security along the northern border, as required by law. Specifically, the Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Act) required the Secretary of Homeland Security to submit a report within 180 days of enactment that was to (1) address the vulnerabilities along the northern border, and (2) provide recommendations to address such vulnerabilities, including required resources needed to protect the border.[Footnote 2] The 9/11 Act also directed us to submit to Congress, within 270 days of DHS's report, a report that reviews and comments on the DHS report, and to provide recommendations regarding any additional actions necessary to protect the northern border.[Footnote 3] In response to this mandate, we prepared this report to answer the following key questions: * To what extent is the DHS report to Congress responsive to the legislative requirements to report on ongoing initiatives to improve U.S. northern border security, address the vulnerabilities along the northern border, and provide recommendations to address these vulnerabilities and required resources to protect the northern border? * In addition to the actions addressed in the report, what actions may be necessary to address northern border security vulnerabilities? In conducting our work, we reviewed the DHS report structure and content against requirements in the 9/11 Act. We also reviewed whether the DHS report content was complete and consistent with information provided in its key management documents including strategic plans, performance and accountability reports, budget requests, and other documentation produced by relevant DHS agencies. We interviewed DHS officials from CBP, ICE, and USCG located at headquarters and Detroit, Michigan, who had roles and responsibilities for northern border security to obtain their perspectives on documented information. For this reason, we also interviewed Department of Justice (DOJ) officials with the Drug Enforcement Administration (DEA), which has national responsibility for drug enforcement, and the Federal Bureau of Investigation (FBI), which has national responsibility for terrorism. We selected Detroit, Michigan, among CBP's Office of Border Patrol's (OBP) eight northern border sectors based on factors including relative threat and vulnerabilities, priority for resources, and demonstration site for new technology. Our observations from the Detroit sector cannot be generalized across the other seven sectors; however, we believe that they were sufficient for the purposes of this report in comparing the headquarters and field perspective. While in Detroit, we also spoke with state and Canadian officials involved in northern border security to obtain their perspectives on northern border security threats and vulnerabilities, DHS actions to address them, and the effectiveness of binational and national partnerships. To determine actions that could help address northern border security vulnerabilities, we reviewed whether the information reported by DHS reflected a strategic risk-informed approach as required in the Homeland Security Act of 2002[Footnote 4] and Homeland Security Presidential Directive 7 (HSPD-7). We also identified report recommendations for strengthening national border security from past GAO evaluations from fiscal years 2005 through 2008 that when fully implemented have potential to help address northern border vulnerabilities. We conducted this performance audit from June 2008 through November 2008 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings based on our audit objectives. Results in Brief: The DHS report to Congress is not fully responsive in providing information for improving northern border security as required in the 9/11 Act. DHS provided a listing of northern border vulnerabilities and initiatives to address them, but did not include recommendations and additional resources that are needed to protect the northern border. DHS officials responsible for preparing the report provided several reasons for the lack of specificity and gaps in reported information, including the fact that DHS reflects its priorities for action and resources in the existing budget process, and that they had nothing further to recommend or request. However, the budget process provides Congress with a 5-year plan to meet prioritized needs within projected resource constraints, not the time frame and resources needed to achieve control of the northern border. The lack of information regarding the extent that vulnerabilities remain unaddressed on the northern border and the time and resources it will take to address them makes it challenging for Congress to consider future actions and resources necessary for the northern border in the broader context of national security. DHS has an opportunity to increase the value of information it provides to Congress in fulfilling other reporting requirements established in law. DHS is developing northern border strategic plans and a risk-management process to help guide and prioritize action and resources, and fully implementing recommendations from past GAO evaluations would also provide benefit in addressing northern border security vulnerabilities. DHS officials are currently developing strategic plans that are intended to provide its component agencies with overall direction in addressing vulnerabilities in northern border security, as well as more- targeted direction specific to vulnerabilities in the air and water environments. DHS is also developing a risk-management process to assist in prioritizing efforts and resources that will provide greatest benefit to national security. DHS officials said the success of various pilot projects will likely change the level and mix of resources needed to protect the northern border. For example, DHS is testing new technology that, if successful, may change the mix of technology and personnel deployed along the border, and partnerships among federal, state, and local agencies to coordinate information and operations may also create efficiencies that change resource requirements. DHS can also act to timely implement recommendations made in recent and past GAO evaluations. At the time of our review, DHS had implemented 11 GAO recommendations designed to improve border security, but 39 recommendations had not been fully implemented. Eighteen of these open recommendations were made within the last year. However, 21 recommendations for improving screening processes at the ports of entry, expediting deployment of nuclear detection equipment, and improving the use of air and marine assets have not been fully implemented in the course of at least 1 and, in some cases, over 3 years. Internal control standards for the federal government state that agencies are to ensure that findings of audits and other reviews are promptly resolved. We believe that these outstanding recommendations continue to have merit and should be implemented. We are making a recommendation to the Secretary of Homeland Security to provide more specific information in addressing future reporting requirements to Congress, including planned actions, resource requirements, and time frames for increasing and achieving northern border security, and the basis used for prioritizing such action and resources in the context of other national security risks. In commenting on a draft of this report, DHS and CBP concurred with this recommendation and stated that CBP will work with the department to implement the recommendation through the approved budget process. Written comments from DHS are in appendix II. Background: The United States shares nearly 4,000 miles of border with Canada stretching from the Pacific to the Atlantic coasts, and the U.S.- Canadian border is considered to be the world's longest open border between two nations. There is a great deal of trade and travel across this border, and approximately 90 percent of Canada's population lives within 100 miles of the U.S. border. While legal trade is predominant, DHS reports networks of illicit criminal activity and smuggling of drugs, currency, people, and weapons between the two countries. Annually, CBP reports making approximately 4,000 arrests and interdicts approximately 40,000 pounds of illegal drugs at and between the northern border ports of entry. Historically, these numbers have been significantly lower than those of the southwest border;[Footnote 5] however, DHS reports that the terrorist threat on the northern border is higher, given the large expanse of area with limited law enforcement coverage. DHS agencies are charged with protecting the nation and its citizens from threats of terrorism, as shown in table 1. CBP is the lead federal agency in charge of securing our nation's borders, and has three components with a mission to interdict illegal contraband and persons seeking to enter illegally at and between the land ports of entry. Two other DHS agencies, ICE and USCG, also have key roles. The ICE mission includes investigating and dismantling criminal organizations that transport persons and goods across the border illegally, while USCG executes its maritime security mission by providing patrol presence and operational response for all navigable waterways on the northern border, including the Great Lakes. Table 1: Department of Homeland Security Components with a Primary Mission to Secure the Northern Border: Department of Homeland Security (DHS) components: U.S. Customs and Border Protection (CBP); Role and responsibility on northern border: Lead federal component agency in charge of securing U.S. borders. Department of Homeland Security (DHS) components: Office of Border Patrol (OBP); Role and responsibility on northern border: Prevents terrorists, terrorist weapons, inadmissible aliens, smugglers, narcotics, and other contraband from entering the U.S. between ports of entry. Department of Homeland Security (DHS) components: Office of Field Operations; Role and responsibility on northern border: Prevents terrorists, terrorist weapons, inadmissible aliens, smugglers, narcotics, and other contraband from entering the U.S, while facilitating legitimate trade and travel, at the nation's air, land, and sea ports of entry. Department of Homeland Security (DHS) components: Office of Air and Marine; Role and responsibility on northern border: Operates integrated air and marine forces to detect, interdict, and prevent acts of terrorism and the unlawful movement of people, illegal drugs, and other contraband toward or across U.S. borders. Department of Homeland Security (DHS) components: U.S. Immigration and Customs Enforcement (ICE); Role and responsibility on northern border: Enforces federal immigration and customs laws--along with the Drug Enforcement Administration (DEA) and the Federal Bureau of Investigation (FBI)--in relation to activities occurring at, or with a nexus to, the border. Department of Homeland Security (DHS) components: U.S. Coast Guard (USCG); Role and responsibility on northern border: Executes maritime security mission on and over the major waterways using marine and air assets. Source: GAO analysis of DHS data. [End of table] DHS agencies leverage their border security efforts through partnerships with state, local, tribal, and Canadian law enforcement agencies to share intelligence, information, and conduct joint operations for interdiction and investigation of cross-border crime. DHS considers these collaborative efforts particularly important for the northern border in remote, sparsely populated areas. There has been growing concern within Congress over the number of personnel assigned to the northern border, the increasing amount of illegal activity, and the potential for terrorists to gain unlawful entry into the United States. There has also been concern with respect to the adequacy of facilities and physical infrastructure to accommodate the increasing volume of traffic.[Footnote 6] Congress has shown increasing interest in issues surrounding security of the northern border--first authorizing, and later directing--resource allocations to the northern border for personnel and improved technology.[Footnote 7] Congress has also established various reporting requirements in laws that are to provide updates on the status of northern border security. In addition to the 9/11 Act, for example, the Consolidated Appropriations Act, 2008,[Footnote 8] directs DHS to prepare and submit a biennial National Land Border Security Plan. This plan is to include a vulnerability, risk, and threat assessment of each port of entry located on the northern border or the southern border, beginning in January 2009. The DHS report--issued to Congress on February 29, 2008--was overseen and facilitated by CBP's Office of the Executive Secretariat (OES). OES was formed in August 2007 to assign responsibilities for and coordinate the development of all CBP congressional reports, correspondence, and external requests for information. OES tasked the CBP Office for Secure Border Initiative with taking the lead in coordinating information gathering from the relevant CBP components.[Footnote 9] OES also received input from ICE and USCG in formulating the report. The information from these sources was compiled and reviewed within CBP, DHS, and the Office of Management and Budget (OMB) before submission to Congress. DHS Report Is Not Fully Responsive to Congress in Providing Information for Improving Northern Border Security: While the DHS report to Congress discusses northern border vulnerabilities and ongoing initiatives in place as required in law, information is missing that identifies the extent that various vulnerabilities remain unaddressed, and recommendations and resources to address these security gaps. Without this information, it is difficult for Congress to consider future actions and resources needed on the northern border in the broader context of national security. The DHS Report Discusses Vulnerabilities and Initiatives Reflected in Key Management Documents, but Does Not Link This Information to Identify Security Gaps: The DHS report to Congress discusses northern border vulnerabilities and ongoing initiatives to improve northern border security consistent with the content of its planning, performance, and budget documents, but DHS does not link this information to show the extent that security gaps remain on the northern border. The DHS report states that the northern border is vulnerable to the primary threats of terrorism, drug trafficking, and illegal immigration. These facts were consistently supported by threat information obtained from Canadian officials, and officials from DHS and CBP.[Footnote 10] According to these sources, northern border vulnerabilities are most actively exploited to smuggle illegal drugs and contraband; illegal immigration is a lesser problem. While DHS reports significant concern that terrorists can enter the United States undetected at or between the northern ports of entry, U.S. and Canadian officials agree that there is currently no credible intelligence or evidence indicating that there are terrorists in Canada planning an attack on U.S. soil. The DHS report lists initiatives its component agencies have underway to address vulnerabilities and achieve operational control of the border but does not mention progress made in this regard, or how many border miles are under operational control.[Footnote 11] CBP reports on these indicators--border miles under effective (or operational) control, and border miles with increased situational awareness--as two of its key performance measures and reports that it plans to increase and achieve control of the northern border by deploying a proper mix of personnel, technology, facilities, and partnerships at and between the ports of entry. While the DHS report lists initiatives in each of these areas, they are not linked to the reported vulnerabilities, and the extent that these initiatives mitigate or eliminate vulnerabilities at and between the ports of entry is not mentioned. Also not mentioned in the report is the timeline DHS is using to request and deploy resources necessary to increase the levels of control of the northern border. The absence of such information makes it difficult for Congress to consider future action and resources needed on the northern border in the context of other areas of national security. Personnel: In terms of personnel, DHS lists ongoing initiatives for adequately staffing the northern ports of entry, and hiring initiatives to increase staffing between the ports of entry by 2010. For the ports of entry, DHS describes its implementation of a workload staffing model that considers workload and processing times to help identify the number of personnel that should be deployed at each location, which has resulted in the deployment of 190 CBP officers. Between the ports of entry, DHS does not provide its methodology for identifying adequate staffing, but does describe initiatives to more than double the number of border patrol agents from fiscal years 2007 to 2010, in response to direction from Congress. It is unclear, however, to what extent these staffing initiatives will result in obtaining effective control of the border. For example, the report states that 190 CBP officers have been deployed to ports of entry as indicated in part by the workload staffing model; however, DHS reports in its strategic plan for fiscal years 2008-2013 that additional CBP officers are needed at many ports of entry. Similarly, while DHS reports a commitment to meet statutory staffing goals between the ports of entry by the year 2010, OBP officials indicated that a greater number of agents would be needed to gain operational control of the northern border. Technology: In discussing technology initiatives, CBP reports that technology has been employed at the northern ports of entry to address a number of vulnerabilities, but between the ports of entry, discussion is focused on pilot projects intended to test capabilities for potential use on the northern border. At the ports of entry, CBP reports that much technology is in place to address vulnerabilities related to the transport of illegal radiological and nuclear materials, illegal contraband, and misrepresentation of identity through the use of fraudulent documents. Between the ports of entry, pilot projects address vulnerabilities related to the inability to detect low-flying aircraft; the inability to detect unauthorized border crossings in areas without law enforcement patrol; and to share communications. The report does not discuss when the results of the projects will be available or the extent that DHS would use these technologies, if successful, to address existing vulnerabilities. DHS also does not discuss initiatives to address the vulnerabilities cited in the report related to maritime security, such as the lack of video capabilities in marinas, unregulated access that small private vessels have on the Great Lakes and other border waterways, and insufficient resources to access boats on the open water. Subsequent to the report issued to Congress, DHS provided a thorough discussion of the vulnerabilities and challenges in addressing these aspects of maritime security in the DHS Small Vessel Security Strategy, issued April 2008. USCG stated that an implementation plan would be finalized at the end of December 2008, to guide agency actions in implementing the strategy, but this plan would not be released to the public due to its security classification. [Footnote 12] Facilities: In discussing facilities, the DHS report describes ongoing initiatives to systematically review the port of entry inspection facilities to identify the need for upgrade or replacement, and to develop a new standard station concept[Footnote 13] to accommodate the growth in number of border agents between the ports of entry. The report describes the age and condition of some facilities and volume of traffic and use. However, while the DHS strategic plan states that the department's secure border program depends significantly on modernizing the ports of entry, there is no discussion in the report to Congress on the status of these efforts, when they will be completed, and how they currently affect northern border security.[Footnote 14] Partnerships: The DHS report lists various initiatives underway that establish binational partnerships or partnerships among U.S. federal, state, and local agencies to share information and improve communication and cooperation among agencies working along the border. Five binational partnerships were discussed, four with a broad focus on cross-border law enforcement efforts,[Footnote 15] and one with a specific focus on preventing illegal air incursions.[Footnote 16] Six U.S. partnerships were also mentioned, one specific to smuggling on Indian reservations, [Footnote 17] two related to drug trafficking,[Footnote 18] two related to intelligence gathering,[Footnote 19] and one related to augmenting enforcement capacity by cross-designating federal authority to other agencies.[Footnote 20] DHS and CBP management documents support the report's discussion of these partnerships as a key strategy for northern border security; however, there is no discussion of the extent that these partnerships were responsible for increasing the level of control across the border or how they will do so in the future. DHS Report Does Not Provide Recommendations or Resource Requirements to Improve Northern Border Security: The DHS report contains a section for recommendations to address northern border vulnerabilities, but the information provided is a restatement of initiatives in place without mention of recommendations for further action or additional resources as required by law. Officials from DHS component agencies provided several reasons this information was missing from the report. One reason was that the Secure Border Initiative (SBI) office--which was tasked with coordinating component agency contributions to the report--directed them to discuss their resource needs in terms of the existing budget; therefore, they did not discuss actions or resource requirements for future years. A second reason was that some components were satisfied with their current budget allocation. CBP officials stated that they supported the President's budget and had nothing further to recommend or request in the report to Congress.[Footnote 21] A third reason is that some components did not have the information necessary to identify recommendations or additional resources. USCG officials indicated that the lack of departmentwide strategic direction for the northern border has made it difficult to identify specific resource needs. Similarly, ICE officials said that information was lacking to compare and assess overall resources devoted across various northern border agencies, initiatives, and border locations. DHS Is Taking Action to Improve Northern Border Security, and Implementing Past GAO Recommendations Would Also Provide Benefit: DHS is developing strategic plans, a risk-management process, and new initiatives that could change the level and mix of resources needed to protect the northern border; however, most efforts were incomplete and unavailable for our review. Over the years, we have conducted evaluations of various border security activities and our reports included a number of recommendations for improvement. DHS action to fully implement these recommendations would provide benefit in addressing northern border vulnerabilities. DHS Is Developing Strategic Plans and a Risk-Management Process: DHS and CBP have reported the need to provide a coherent framework to coordinate federal, state, local, and tribal northern border security efforts, and are developing northern border strategic plans, as well as a risk-management process to further these goals. Completion of these efforts should provide DHS with useful information in developing future reports to Congress on northern border security. DHS has completed, or begun efforts to develop, three strategic plans that will help address vulnerabilities on the northern border. Strategic plans help ensure that missions requiring a multiagency response are firmly aligned with articulated goals and objectives, and help keep agencies focused on the desired "end state." While DHS has developed a broad strategic plan to outline the department's overall mission and objectives, it has begun to focus on the need to develop coordinated and unified strategies to address more specific concerns, such as northern border security. A key effort under development is an overall northern border strategic plan that will, for the first time, take all DHS component agencies into account in efforts to address vulnerabilities necessary for control of the northern border. CBP did not indicate when this plan may be completed. A second strategic plan under development will address security vulnerabilities in the air environment, such as the inability to detect low-flying aircraft. CBP officials stated that they were working on performance measures for this plan, and estimate that it will be released in April 2009. DHS issued its third strategic plan, the Small Vessel Security Strategy, in April 2008 to help close existing maritime security gaps on waterways such as the Great Lakes, related to the small vessel environment. To help component agencies achieve the major goals outlined in each of these strategic plans, DHS plans to develop implementation plans that are to describe specific actions component agencies will take in support of each objective, identify lead component agencies for these actions, and provide target completion dates. USCG has stated that the implementation plan for the small vessel strategic plan is scheduled to be issued for use by component agencies at the end of December 2009, but will be considered security sensitive.[Footnote 22] Dates are not yet available for implementation plans to follow the remaining two strategic plans. Some DHS component agencies have acted to incorporate risk-management principles that provide information to prioritize and allocate resources for their individual programs and activities as required by law and presidential directive,[Footnote 23] but DHS has not yet completed efforts to implement this approach departmentwide. Risk management is important for strengthening homeland security resource allocations, as the nation cannot afford to fully protect against every type of threat. Therefore, an approach is needed that considers how best to allocate resources based on factors such as probability and adverse consequence. The DHS goal is to develop a risk-management process that will assess risk and inform strategic planning, programming, budgeting, and execution processes across all of its component agencies and that will evaluate the risk-reduction effects among relevant DHS programs. However, achieving this goal has been difficult. While risk management has been used in the private and public sectors for decades, its application for homeland security and combating terrorism is relatively new and without a precedent framework.[Footnote 24] As such, the effort to assess risk across DHS component agencies and programs is still in its very early stages of development. Future DHS Action to Improve Northern Border Security Is Influenced by Success of Pilot Projects, Partnerships, and External Factors: DHS component agencies have identified resources to increase and achieve northern border security, but the need for these resources constantly evolves in response to various factors. For example, the DHS report described many pilot projects for new technology. If successful, OBP officials report that these projects could reduce security vulnerabilities and current needs for other resources, such as existing technology, personnel, or infrastructure. However, these officials also indicate that new technology must be fully tested for operational effectiveness, and delays coupled with uncertainties of success have made it difficult to balance future resource investments in new technology with current investments in existing technology. Such balance is necessary to ensure security as well as effective stewardship of taxpayer dollars. Similarly, DHS officials discussed partnerships among federal, state, and local agencies to coordinate information and operations--either newly created or still in development--that could result in greater efficiencies in border security. However, time will tell if these partnerships are sustainable and warrant a decrease or change in current estimated needs for personnel. External factors--such as the interplay among private parties, governments, and agencies--also influence actions in addressing security vulnerabilities. In Detroit, for example, CBP officials said that action to improve facilities at northern ports of entry was stymied by private ownership of property and landlocked facilities. In addition, the Small Vessel Security Strategy indicates that efforts to address maritime vulnerabilities were challenged by different practices or views among federal, state, and Canadian governments in balancing security needs with the freedom of the waterways expected by the small- vessel community. Further, ICE officials said that the scope of their authority in pursuing narcotics investigations influenced their actions in addressing some cross-border crimes. DHS Action to Implement Past GAO Recommendations Would Strengthen Northern Border Security: DHS has an opportunity to address some northern border vulnerabilities by fully implementing recommendations made in past evaluations of its security efforts. Over the past few years, we have conducted evaluations and issued a number of reports related to the security of the U.S. border both at and between ports of entry (see Related GAO Products section at end of this report). In some instances, our reports included recommendations addressing vulnerabilities in border security-- including the northern border--while in other cases, our reports and recommendations were more general, but when implemented, would provide benefit to the northern border. We reviewed recommendations resulting from GAO evaluations conducted from fiscal years 2005 through 2008 and identified 11 reports containing 50 recommendations that had potential to address vulnerabilities in border security, or to address weaknesses in key initiatives. At the time of our review, DHS had implemented 11 of these 50 recommendations. For example, DHS implemented a recommendation to formalize a performance measure for the traveler inspection program that would help agency management and Congress monitor effectiveness in apprehending inadmissible aliens and other violators. However, 39 recommendations from the 11 GAO reports are still open. In some cases, recommendations were open because DHS and other federal agencies[Footnote 25] had not yet had time to implement them. For example, 18 of the 39 open recommendations were from GAO reports issued within the last fiscal year. In regard to the remaining 21 recommendations, DHS and other agencies agreed to take action, but at least 1 and, in some cases, over 3 years have passed without full implementation.[Footnote 26] Standards for Internal Control in the Federal Government state that agencies are to ensure that findings of audits and other reviews are promptly resolved.[Footnote 27] The time necessary to resolve recommendations varies depending on the type of action required. However, DHS does not have a transparent process to show how long it will take to implement each recommendation considering the resources, risk level, and complexity of effort required. Timely implementation of recommendations would help address vulnerabilities related to a variety of border security initiatives. Some of the older recommendations that have not been fully implemented include those to improve screening of travelers at ports of entry to ensure legal entry, preclude cross-border transport of illicit nuclear materials, reduce risks in delivering key technology for border surveillance and for information sharing, and increase information sharing and coordination among federal, state, and local law enforcement agencies, as shown in table 2 and appendix I. We believe that these outstanding recommendations continue to have merit and should be implemented. Table 2: Selected GAO Recommendations Relevant to Border Security That Have Not Been Fully Implemented: Traveler Screening: Number and year of recommendation: 4 (fiscal year 2007); Purpose of recommendations: Achieve benefits from investment in the US- VISIT program at land ports of entry by developing performance measures for assessing US-VISIT operations, and ensuring reports to Congress include information regarding deployment of biometric exit capabilities, and how these capabilities align with existing land border security initiatives. [hyperlink, http://www.gao.gov/products/GAO-07-248], December 2006. Number and year of recommendation: 3 (fiscal year 2007); Purpose of recommendations: Prevent fraudulent use of passports and visas by periodically reassessing and fully utilizing their security features, and establishing a comprehensive oversight program of passport acceptance facilities. [hyperlink, http://www.gao.gov/products/GAO-07-1006], July 2007. Number and year of recommendation: 5 (fiscal year 2008); Purpose of recommendations: Mitigate vulnerabilities in terrorist watch list screening processes, enhance the use of the terrorist watch list as a counterterrorism tool and ensure its effectiveness, and ensure governmentwide terrorist-related screening efforts have oversight, accountability, and guidance. [hyperlink, http://www.gao.gov/products/GAO-08-110], October 2007. Number and year of recommendation: 2 (fiscal year 2008); Purpose of recommendations: Mitigate the risk of failed traveler inspections at ports of entry by developing data on training programs and incorporating specific tasks and requirements into CBP's procedures for its on-the-job training program. [hyperlink, http://www.gao.gov/products/GAO-08-219], November 2007. Nuclear Security: Number and year of recommendation: 6 (fiscal year 2006); Purpose of recommendations: Reduce delays in acquisition and deployment of radiation detection equipment to ports of entry, take steps to increase the chances that inspection officers find illicit radiological material, and ensure the reliability and effective use of cost-benefit information for risk assessment and acquisition decisions. [hyperlink, http://www.gao.gov/products/GAO-06-389], March 2006. Number and year of recommendation: 4 (fiscal year 2007); Purpose of recommendations: Test the capabilities and limitations of radiation detection equipment before making production and acquisition decisions. [hyperlink, http://www.gao.gov/products/GAO-07-1247T], September 2007. Number and year of recommendation: 3 (fiscal year 2008); Purpose of recommendations: Better track and detect radioactive materials and ensure that for materials transported across the U.S. border, personnel at ports of entry comply with guidance for verifying that materials licenses are legitimate. [hyperlink, http://www.gao.gov/products/GAO-08-598], June 2008. Secure Border Initiative Technology (SBInet): Number and year of recommendation: 7 (fiscal year 2008); Purpose of recommendations: Improve acquisition, testing, and implementation of SBInet technology for improving surveillance and communications technologies along U.S. borders, and to permit meaningful measurement, oversight, and accountability of the SBInet program to CBP, DHS senior leadership, and Congress. [hyperlink, http://www.gao.gov/products/GAO-08-1086], September 2008. Federal, State, and Local Coordination: Number and year of recommendation: 2 (fiscal year 2005); Purpose of recommendations: Ensure that air and marine assets among DHS agencies are effectively coordinated to meet border security needs. [hyperlink, http://www.gao.gov/products/GAO-05-543], August 2005. Number and year of recommendation: 2 (fiscal year 2007); Purpose of recommendations: Provide guidance and support to enhance collaboration at operations centers staffed by multiple DHS agencies. [hyperlink, http://www.gao.gov/products/GAO-07-89], October 2006. Number and year of recommendation: 1 (fiscal year 2008); Purpose of recommendations: Improve efforts to create and support a national network of state and local information fusion centers. [hyperlink, http://www.gao.gov/products/GAO-08-35], October 2007. Source: GAO. [End of table] Conclusions: Federal agency reporting requirements, such as those contained in the 9/11 Act, can provide Congress with important information for debating policy and allocating scarce resources, and the level of agency responsiveness can either support or hinder these efforts. While the DHS report to Congress provided information on the status of its efforts, there is little sense of the relative effect these efforts have had in protecting the northern border, and what additional action or resources may be needed in the future. Requirements in law to periodically assess the status of northern border security provide DHS with additional opportunity to highlight information that can best meet congressional needs. Completion of DHS efforts to develop a northern border strategic plan and risk management process to prioritize action and funding could lead to better understanding among DHS, its component agencies, and Congress in determining whether resources are most effectively allocated across initiatives, border locations, and responsible agencies. However, balancing current and future funding for border security will remain challenging as the resource needs for the northern border will continue to evolve in response to the relative success of new initiatives. In the meantime, implementing recommendations for improving border security in a more timely fashion would help reduce the nation's risk due to unaddressed vulnerabilities. Recommendation for Executive Action: To provide Congress with information that will facilitate policy discussions and resource decisions for northern border security, we recommend that for future reporting requirements the Secretary of Homeland Security include more specific information on the actions, resources, and time frame needed to improve security of the northern border along with any attendant uncertainties, and the basis used to prioritize action and resources for northern border security relative to other areas of national security. Agency Comments and Our Evaluation: We requested comments on a draft of this report from the Secretary of Homeland Security and Attorney General. In its response, DHS and CBP agreed with our recommendation and stated that CBP will work with the department to implement it through the approved budget process. DOJ did not provide formal comments. In its comments, DHS stated that our report said DHS and other agencies should proceed to adopt and address all of the recommendations from previous reports without any assessment of priority based on risk. Our intent in discussing these recommendations was to point out potential security vulnerabilities that exist, not to imply that all of these recommendations were of equal importance, or that risk-based prioritization should not be applied when addressing them. GAO has advocated the use of risk management principles, and using them to sequence actions on open recommendations would seem to be appropriate. We have added language to clarify that while the definition of timely implementation will vary across recommendations, DHS lacks a transparent process to show how long it will take to implement each recommendation considering the resources, risk level, and complexity of effort required. DHS's comments are reprinted in appendix II. DHS and DOJ also offered technical comments, which we considered and incorporated where appropriate. We are providing copies of this report to the Senate and House committees that have authorization and oversight responsibilities for homeland security. We are also sending copies to the Secretary of Homeland Security, the Attorney General, and other interested parties. In addition, this report will be available at no charge on GAO's Web site at [hyperlink, http://www.gao.gov]. If you or your staff have any questions about this report, please contact me at (202) 512-8777, or stanar@gao.gov. Contact points for our Office of Congressional Relations and Public Affairs may be found on the last page of this report. GAO staff who made major contributions to this report are listed in appendix III. Signed by: Richard M. Stana: Director, Homeland Security and Justice Issues: [End of section] Appendix I: Selected Open Recommendations from GAO on Various Border Security Issues: In the past, GAO has offered numerous recommendations to the Department of Homeland Security (DHS) related to border security. Although previous recommendations are not specific to the northern border, many touch on different aspects that do affect various elements of northern border security. Many recommendations made by GAO concerning general border security, nuclear security, technology, and interagency cooperation and information sharing, have yet to be implemented by DHS. Fully implementing these recommendations could provide great benefits to DHS and the nation in terms of strengthening general border security, and by extension, security of the northern border. Tables 3 through 6 detail 39 selected open recommendations related to border security vulnerabilities. Table 3: Selected Open GAO Recommendations Regarding General Border Security Issues with Potential Implications for Northern Border Security: GAO report: GAO-07-248: Border Security: US-VISIT Program Faces Strategic, Operational, and Technological Challenges at Land Ports of Entry (Dec. 6, 2006); [hyperlink, http://www.gao.gov/products/GAO-07-248] Recommendation: To help DHS achieve benefits commensurate with its investment in U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) at land ports of entry (POE), and security goals and objectives, the Secretary of Homeland Security should direct the US-VISIT Program Director, in collaboration with the Commissioner of Customs and Border Protection to: (1) Develop performance measures for assessing the effect of US-VISIT operations specifically at land POEs. As DHS finalized the statutorily mandated report describing a comprehensive biometric entry and exit system for US-VISIT, the Secretary of Homeland Security should take steps to ensure that the report include, among other things: (2) Information on the costs, benefits, and feasibility of deploying biometric and nonbiometric exit capabilities at land POEs. (3) A discussion of how DHS intends to move from a nonbiometric exit capability, such as the technology currently being tested, to a reliable biometric exit capability that meets statutory requirements. (4) A description of how DHS expects to align emerging land border security initiatives with US-VISIT and what facility or facility modifications would be needed at land POEs to ensure that technology and process work in harmony. GAO report: GAO-07-1006: Border Security: Security of New Passports and Visas Enhanced, but More Needs to Be Done to Prevent Their Fraudulent Use (July 31, 2007); [hyperlink, http://www.gao.gov/products/GAO-07-1006] Recommendation: To improve the integrity of its travel documents, the Secretary of State should: (5) Develop a process and schedule for periodically reassessing the security features and planning the redesign of its travel documents. (6) Establish a comprehensive oversight program of passport acceptance facilities. In doing so, the Department of State should consider conducting performance audits of acceptance facilities, agents, and accepted applications and establishing an appropriate system of internal controls over the acceptance facilities. To more fully utilize the security features of passports and visas, the Secretary of Homeland Security should: (7) Develop a deployment schedule for providing sufficient e-passport readers to U.S. POEs, which would enable inspection officials to better utilize the security features in the new U.S. e-passport. GAO report: GAO-08-110: Terrorist Watch List Screening: Opportunities Exist to Enhance Management Oversight, Reduce Vulnerabilities in Agency Screening Processes, and Expand Use of the List (Oct. 11, 2007); [hyperlink, http://www.gao.gov/products/GAO-08-110] Recommendation: In order to mitigate security vulnerabilities in terrorist watch list screening processes, we recommended that the Secretary of Homeland Security and the Director of the Federal Bureau of Investigation (FBI) should: (8) Assess to what extent there are vulnerabilities in the current screening processes that arise when screening agencies do not accept relevant records due to the designs of their computer systems, the extent to which these vulnerabilities pose a security risk, and what actions, if any, should be taken in response. To enhance the use of the consolidated terrorist watch list as a counterterrorism tool and to help ensure its effectiveness, the Secretary of Homeland Security should, in consultation with the heads of other appropriate federal departments and agencies and private sector entities: (9) Develop guidelines to govern the use of watch list records to support private sector screening processes that have a substantial bearing on homeland security, as called for in Homeland Security Presidential Directive 6. To enhance the use of the consolidated terrorist watch list as a counterterrorism tool and to help ensure its effectiveness, the Secretary of Homeland Security should, in consultation with the heads of other appropriate federal departments: (10) Develop and submit to the President through the Assistant to the President for Homeland Security and Counterterrorism an updated strategy for a coordinated and comprehensive approach to terrorist- related screening as called for in Homeland Security Presidential Directive 11 (HSPD-11), which, among other things, (a) identifies all appropriate screening opportunities to use watch list records to detect, identify, track, and interdict individuals who pose a threat to homeland security and (b) safeguards legal rights, including privacy and civil liberties. (11) Develop and submit to the President through the Assistant to the President for Homeland Security and Counterterrorism an updated investment and implementation plan that describes the scope, governance, principles, outcomes, milestones, training objectives, metrics, costs, and schedule of activities necessary for implementing a terrorist-related screening strategy, as called for in HSPD-11. To help ensure that governmentwide terrorist-related screening efforts have the oversight, accountability, and guidance necessary to achieve the administration's vision of a comprehensive and coordinated approach, the Assistant to the President for Homeland Security and Counterterrorism should: (12) Ensure that the governance structure proposed by the plan affords clear and adequate responsibility and authority to (a) provide monitoring and analysis of watch list screening efforts governmentwide, (b) respond to issues that hinder effectiveness, and (c) assess progress toward intended outcomes. GAO report: GAO-08-219: Border Security: Despite Progress, Weaknesses in Traveler Inspections Exist at Our Nation's Ports of Entry (Nov. 5, 2007); [hyperlink, http://www.gao.gov/products/GAO-08-219] Recommendation: To mitigate the risk of failed traveler inspections at ports of entry, we recommend that the Secretary of Homeland Security direct the Commissioner of Customs and Border Protection to take the following actions: (13) Develop data on cross-training programs that measure whether the individuals who require training are receiving it so that agency management is in a better position to measure progress toward achieving training goals. (14) Incorporate into CBP's procedures for its on-the-job training program (1) specific tasks that CBP officers must experience during on- the-job training and (2) requirements for measuring officer proficiency in performing those tasks. Source: GAO. [End of table] Table 4: Selected Open GAO Recommendations Regarding Nuclear Security with Potential Implications for Northern Border Security: GAO report: GAO-06-389: Combating Nuclear Smuggling: DHS Has Made Progress Deploying Radiation Detection Equipment at U.S. Ports-of- Entry, but Concerns Remain (Mar. 22, 2006); [hyperlink, http://www.gao.gov/products/GAO-06-389] Recommendation: Since DHS provides Congress with information concerning the acquisition and deployment of portal monitors, and since DHS's procedures to obtain internal agreement on this information are lengthy and cumbersome-- often resulting in delays--the Secretary of Homeland Security, working with the Director of the Domestic Nuclear Detection Office (DNDO) and the Commissioner of CBP, should: (15) Review these approval procedures and take actions necessary to ensure that DHS submits information to the Congress early in the fiscal year. In order to complete the radiation portal monitor deployment program as planned, the Secretary of Homeland Security, working with the Director of DNDO, and in concert with CBP and the Pacific Northwest National Laboratory (PNNL), should: (16) Devise a plan to close the gap between the current deployment rate and the rate needed to complete deployments by September 2009. To ensure that DHS's substantial investment in radiation detection technology yields the greatest possible level of detection capability at the lowest possible cost, the Secretary of Homeland Security, once the costs and capabilities of advanced technology portal monitors are well understood, and before any of the new equipment is purchased, should: (17) Work with the Director of DNDO to analyze the benefits and costs of deploying advanced portal monitors. This analysis should focus on determining whether any additional detection capability provided by the advanced equipment is worth its additional cost. After completing this cost-benefit analysis, the Secretary of Homeland Security, working with the Director of DNDO, should revise its total program cost estimates to reflect current decisions. To help speed seaport deployments and to help ensure that future rail deployments proceed on time, the Secretary of Homeland Security, in cooperation with the Commissioner of CBP, should: (18) Develop procedures for effectively screening rail containers and develop new technologies to facilitate inspections. To increase the chances that CBP officers find illicit radiological material, the Secretary of Homeland Security, working with the Commissioner of CBP, should: (19) Consider modifying the agency's standard operating procedures for secondary inspections to include physically opening cargo containers during secondary inspections at all ports of entry when the external inspection does not conclusively identify the radiological material inside. To ensure that CBP is receiving reliable cost and schedule data, the Secretary of Homeland Security should: (20) Direct PNNL to have its earned value management system validated so that it complies with guidance developed by the American National Standards Institute/Electronic Industries Alliance. In addition, the Secretary of Homeland Security should direct CBP and PNNL to conduct an Integrated Baseline Review to ensure its earned value management data is reliable for assessing risk and developing alternatives. GAO report: GAO-07-1247T: Combating Nuclear Smuggling: Additional Actions Needed to Ensure Adequate Testing of Next Generation Radiation Detection Equipment (Sept. 18, 2007); [hyperlink, http://www.gao.gov/products/GAO-07-1247T] Recommendation: The Secretary of Homeland Security should: (21) Delay Secretarial Certification and full-scale production decisions of the advanced spectroscopic portal (ASP) until all relevant tests and studies have been completed and limitations to these tests and studies have been identified and addressed. Furthermore, results of these tests and studies should be validated and made fully transparent to the Department of Energy (DOE), CBP, and other relevant parties. (22) Once the tests and studies have been completed, evaluated, and validated, determine in cooperation with CBP, DOE, and other stakeholders including independent reviewers, if additional testing is needed. (23) If additional testing is needed, appoint an independent group within DHS, not aligned with the ASP acquisition process, to conduct objective, comprehensive, and transparent testing that realistically demonstrates the capabilities and limitations of the ASP system. This independent group would be separate from the recently appointed independent review panel. (24) Report the results of the tests and analyses to the appropriate congressional committees before large scale purchases of ASPs are made. GAO report: GAO-08-598: Nuclear Security: NRC and DHS Need to Take Additional Steps to Better Track and Detect Radioactive Materials (June 19, 2008); [hyperlink, http://www.gao.gov/products/GAO-08-598] Recommendation: Given the repeated delays in implementing improvements to the Nuclear Regulatory Commission's ability to monitor and track radioactive sealed sources, the Chairman of the Nuclear Regulatory Commission should take steps, consistent with sound systems development practices, to: (25) Ensure that priority attention is given to meeting the current January 2009 and summer 2010 target dates for launching the National Source Tracking System, Web-based licensing system, and the new license verification system, respectively. Because some quantities of radioactive materials are potentially dangerous to human health if not properly handled, the Nuclear Regulatory Commission should: (26) Complete the steps needed to include all potentially dangerous radioactive sources (category 3 and the larger category 4 sources, as well as categories 1 and 2) in the National Source Tracking System as quickly as is reasonably possible. To improve the likelihood of preventing radioactive sources and materials from being smuggled into the United States, the Secretary of Homeland Security should: (27) Direct the Commissioner of Customs and Border Protection to take measures to ensure that this guidance is being followed. Source: GAO. [End of table] Table 5: Selected Open GAO Recommendations Regarding SBInet with Potential Implications for Northern Border Security: GAO report: GAO-08-1086: Secure Border Initiative: DHS Needs to Address Significant Risks in Delivering Key Technology Investment (Sept. 22, 2008); [hyperlink, http://www.gao.gov/products/GAO-08-1086] Recommendation: To improve DHS's efforts to acquire and implement SBInet[A], we made the following recommendations: To permit meaningful measurement and oversight of and accountability for the program, the Secretary of Homeland Security should direct the U.S. Customs and Border Protection (CBP) Commissioner to: (28) Ensure that the risks associated with planned SBInet acquisition, development, testing, and deployment activities are immediately assessed. (29) Ensure that the results, including proposed alternative courses of action for mitigating the risks, are provided to the Commissioner and DHS's senior leadership, as well as to the department's congressional authorization and appropriation committees. We further recommended that the Secretary of Homeland Security direct the CBP Commissioner to have the Acting SBInet Program Manager take the following additional actions: (30) Finalize and approve an integrated master schedule that reflects the timing and sequencing of the work needed to achieve these commitments. (31) Revise and approve versions of the SBInet life cycle management approach, including the draft Systems Engineering Plan and draft Test and Evaluation Management Plan, and in doing so, ensure that these revised and approved versions are consistent with one another, reflect program officials' recently described changes to the engineering and testing approaches, and reflect relevant federal guidance and associated leading practices. (32) Ensure that the revised and approved life cycle management approach is fully implemented. (33) Implement key requirements development and management practices to include (1) baselining requirements before system design and development efforts begin; (2) analyzing requirements prior to being baselined to ensure that they are complete, achievable, and verifiable; and (3) tracing requirements to higher-level requirements, lower-level requirements, and test cases. (34) Implement key test management practices to include (1) developing and documenting test plans prior to the start of testing; (2) conducting appropriate component level testing prior to integrating system components; and (3) approving a test management strategy that, at a minimum, includes a relevant testing schedule, establishes accountability for testing activities by clearly defining testing roles and responsibilities, and includes sufficient detail to allow for testing and oversight activities to be clearly understood and communicated to test stakeholders. Source: GAO. [A] In November 2005, DHS launched the Secure Border Initiative (SBI), a multiyear, multibillion-dollar program to secure the nation's borders through enhanced surveillance technologies, increased staffing levels, improved infrastructure, and increased domestic enforcement of immigration laws. One component of SBI, known as SBInet, is focused on the acquisition and deployment of surveillance and communications technologies. [End of table] Table 6: Selected Open GAO Recommendations Regarding Partnerships and Joint Operations with Potential Implications for Northern Border Security: GAO report: GAO-05-543: Border Security: Opportunities to Increase Coordination of Air and Marine Assets (Aug. 12, 2005); [hyperlink, http://www.gao.gov/products/GAO-05-543] Recommendation: In order to help ensure that the use of available air and marine assets is effectively coordinated to meet border security needs, the Secretary of Homeland Security should: (35) Provide guidance that clarifies the roles and responsibilities of the United States Coast Guard (USCG) and CBP, the primary DHS agencies that employ air and marine assets, in their homeland security missions, as well as how asset use should be coordinated. (36) Determine whether the Homeland Security Act's prohibition on diversion of USCG assets, or any similar restriction in appropriations laws, limits the ability of USCG to coordinate assets with other agencies, and if so, evaluate the merits, including the costs and benefits of proposing a change in relevant laws to Congress. GAO report: GAO-07-89: Homeland Security: Opportunities Exist to Enhance Collaboration at 24/7 Operations Centers Staffed by Multiple DHS Agencies (Oct. 20, 2006); [hyperlink, http://www.gao.gov/products/GAO-07-89] Recommendation: To provide a setting for more effective collaboration among the staff at each multiagency 24/7/365 operations center, the Secretary of Homeland Security should charge the Director of the Operations Directorate with developing and providing guidance and helping to ensure the agencies that sponsor the center: (37) Conduct staffing needs assessments. (38) Address collaborative efforts at the four multiagency operations centers in plans and reports on the level of each operation center's managing agency. GAO report: GAO-08-35: Homeland Security: Federal Efforts Are Helping to Alleviate Some Challenges Encountered by State and Local Information Fusion Centers (Oct. 30, 2007); [hyperlink, http://www.gao.gov/products/GAO-08-35] Recommendation: To improve efforts to create a national network of fusion centers, the National Fusion Center Coordination Group (NFCCG), through the Information Sharing Council and the Program Manager for the Information Sharing Environment (PM-ISE), should: (39) Determine and articulate the federal government's role in, and whether it expects to provide resources to, fusion centers over the long term to help ensure their sustainability. Particular emphasis should be placed on how best to sustain those fusion center functions that support a national information sharing capability as critical nodes of the ISE. Source: GAO. [End of table] [End of section] Appendix II: Comments from the Department of Homeland Security: U.S. Department of Homeland Security: Washington, DC 20528: [hyperlink, http://www.dhs.gov] November 17, 2008: Mr. Richard M. Stana: Homeland Security and Justice: Government Accountability Office: Washington, D.C. 20548: Dear Mr. Stana: Thank you for providing us with a copy of the Government Accountability Office's (GAO) draft report entitled, "NORTHERN BORDER SECURITY: DHS' Report Could Better Inform Congress by Identifying Actions, Resources and Timeframes Needed to Address Vulnerabilities," GAO-09-93, dated November 2008. The Implementing Recommendations of the 9/11 Act of 2007 required the Secretary of Homeland Security to submit a report to Congress within 180 days of enactment that addresses the vulnerabilities along the northern border, and provide recommendations to address such vulnerabilities, including required resources needed to protect the border. The Act also required GAO to submit to Congress within 270 days of the Department of Homeland Security's (DHS) report, a report that reviews and comments on the DHS report, and to provide recommendations regarding additional actions necessary to protect the northern border. DHS submitted its report to Congress in February 2008, discussing ongoing initiatives to improve security along the northern border as required by law. GAO found that the DHS report to Congress is not fully responsive in providing information for improving northern border security as required in the 9/11 Act. GAO stated that DHS provided a listing of northern border vulnerabilities and initiatives to address them but did not include recommendations and additional resources that are needed to protect the northern border. GAO stated that the lack of information regarding the extent that vulnerabilities remain unaddressed on the northern border and the time and resources it will take to address them makes it challenging for Congress to consider future actions and resources necessary for the northern border in the broader context of national security. While we all grapple with resource issues and needs the Department makes requests to Congress for resources and programs through the approved budget justification process. GAO also stated that DHS could take action to reduce vulnerabilities by implementing recommendations made in past evaluations. The report rightly says that risk assessment should drive resource requests, and that DHS is working on plans and strategies that will guide resource decisions (based on risk assessment) to address northern border vulnerabilities. However, not all vulnerabilities have the same priority to address, depending on the assessment of risk that the vulnerability poses; i.e., a vulnerability that is not very likely to be attacked and/or would have little consequence if penetrated is not a high-risk and not the highest priority to address. However, the report then goes on to say that DHS (and other agencies) should proceed to adopt and address all of the recommendations from previous reports without any assessment of priority based on risk. While all of the recommendations previously made have merit, the Departments' ability to implement them will depend on many factors, including resources, the interplay between other relevant actors (the private sector, state, local enforcement, etc.) which the report also acknowledges are a reason why certain programs have not been able to get off the ground and risk. Many of the projects undertaken by DHS on the northern border (and overall) are dictated by various authorizing committees, which themselves do not take any risk assessment or prioritize across committee areas of jurisdiction. This creates difficulty for the Department in determining most appropriate allocation of resources. Streamlining oversight so that there is a unified approach will increase the likelihood the Department can craft a unified plan. GAO made one recommendation in its report. GAO is recommending that the DHS Secretary provide more specific information in future reporting requirements to Congress, including planned actions, resource requirements, and timeframes for increasing and achieving northern border security and the basis used for prioritizing such action and resources in the context of other national security risks. CBP concurs with the recommendation and will work with the Department to implement the recommendation through the approved budget process. We thank you again for the opportunity to review the report, to discuss the content, and to provide comments. Signed by: Jerald E. Levine: Director: Departmental GAO/OIG Liaison Office: [End of section] Appendix III: GAO Contact and Staff Acknowledgments: GAO Contact: Richard M. Stana, (202) 512-8777 or stanar@gao.gov: Staff Acknowledgments: In addition to the contact named above, Cindy Ayers, Assistant Director, and Adam Couvillion, Analyst-in-Charge, managed this assignment. David Holt made significant contributions to the work. Amanda Miller and Michele Fejfar assisted with design, methodology, and data analysis. Linda Miller provided assistance in report preparation; and Frances Cook provided legal support. [End of section] Related GAO Products: Secure Border Initiative: DHS Needs to Address Significant Risks in Delivering Key Technology Investment. [hyperlink, http://www.gao.gov/products/GAO-08-1086]. Washington, D.C.: September 22, 2008. Secure Border Initiative: Observations on Deployment Challenges. [hyperlink, http://www.gao.gov/products/GAO-08-1141T]. Washington, D.C.: September 10, 2008. Risk Management: Strengthening the Use of Risk Management Principles in Homeland Security. [hyperlink, http://www.gao.gov/products/GAO-08-904T]. Washington, D.C.: June 25, 2008. Nuclear Security: NRC and DHS Need to Take Additional Steps to Better Track and Detect Radioactive Materials. [hyperlink, http://www.gao.gov/products/GAO-08-598]. Washington, D.C.: June 19, 2008. Border Security: Summary of Covert Tests and Security Assessments for the Senate Committee on Finance, 2003-2007. [hyperlink, http://www.gao.gov/products/GAO-08-757]. Washington, D.C.: May 16, 2008. Homeland Security: DHS Has Taken Actions to Strengthen Border Security Program and Operations, but Challenges Remain. [hyperlink, http://www.gao.gov/products/GAO-08-542T]. Washington, D.C.: March 6, 2008. Border Security: Despite Progress, Weaknesses in Traveler Inspections Exist at Our Nation's Ports of Entry. [hyperlink, http://www.gao.gov/products/GAO-08-329T]. Washington, D.C.: January 3, 2008. Border Security: Despite Progress, Weaknesses in Traveler Inspections Exist at Our Nation's Ports of Entry. [hyperlink, http://www.gao.gov/products/GAO-08-219]. Washington, D.C.: November 5, 2007. Homeland Security: Federal Efforts Are Helping to Alleviate Some Challenges Encountered by State and Local Information Fusion Centers. [hyperlink, http://www.gao.gov/products/GAO-08-35]. Washington, D.C.: October 30, 2007. Secure Border Initiative: Observations on Selected Aspects of SBInet Program Implementation. [hyperlink, http://www.gao.gov/products/GAO-08-131T]. Washington, D.C.: October 24, 2007. Terrorist Watch List Screening: Opportunities Exist to Enhance Management Oversight, Reduce Vulnerabilities in Agency Screening Processes, and Expand Use of the List. [hyperlink, http://www.gao.gov/products/GAO-08-110]. Washington, D.C.: October 11, 2007. Border Security: Despite Progress, Weaknesses in Traveler Inspections Exist at Our Nation's Ports of Entry. [hyperlink, http://www.gao.gov/products/GAO-08-123SU]. Washington, D.C.: October 5, 2007, SBU. Border Security: Security Vulnerabilities at Unmanned and Unmonitored U.S. Border Locations. [hyperlink, http://www.gao.gov/products/GAO-07-884T]. Washington, D.C.: September 27, 2007. Combating Nuclear Smuggling: Additional Actions Needed to Ensure Adequate Testing of Next Generation Radiation Detection Equipment. [hyperlink, http://www.gao.gov/products/GAO-07-1247T]. Washington, D.C.: September 18, 2007. Border Security: Security of New Passports and Visas Enhanced, but More Needs to Be Done to Prevent Their Fraudulent Use. [hyperlink, http://www.gao.gov/products/GAO-07-1006]. Washington, D.C.: July 31, 2007. Border Security: Long-term Strategy Needed to Keep Pace with Increasing Demand for Visas. [hyperlink, http://www.gao.gov/products/GAO-07-847]. Washington, D.C.: July 13, 2007. Border Security: US-VISIT Program Faces Strategic, Operational, and Technological Challenges at Land Ports of Entry. [hyperlink, http://www.gao.gov/products/GAO-07-378T]. Washington, D.C.: January 31, 2007. Border Security: US-VISIT Program Faces Strategic, Operational, and Technological Challenges at Land Ports of Entry. [hyperlink, http://www.gao.gov/products/GAO-07-248]. Washington, D.C.: December 6, 2006. Border Security: US-VISIT Program Faces Strategic, Operational, and Technological Challenges at Land Ports of Entry. [hyperlink, http://www.gao.gov/products/GAO-07-56SU]. Washington, D.C.: November 13, 2006 SBU. Homeland Security: Opportunities Exist to Enhance Collaboration at 24/7 Operations Centers Staffed by Multiple DHS Agencies. [hyperlink, http://www.gao.gov/products/GAO-07-89]. Washington, D.C.: October 20, 2006. Border Security: Stronger Actions Needed to Assess and Mitigate Risks of the Visa Waiver Program. [hyperlink, http://www.gao.gov/products/GAO-06-1090T]. Washington, D.C.: September 7, 2006. Border Security: Continued Weaknesses in Screening Entrants into the United States. [hyperlink, http://www.gao.gov/products/GAO-06-976T]. Washington, D.C.: August 2, 2006. Combating Nuclear Smuggling: DHS Has Made Progress Deploying Radiation Detection Equipment at U.S. Ports-of-Entry, but Concerns Remain. [hyperlink, http://www.gao.gov/products/GAO-06-389]. March 22, 2006. Risk Management: Further Refinements Needed to Assess Risks and Prioritize Protective Measures at Ports and Other Critical Infrastructure. [hyperlink, http://www.gao.gov/products/GAO-06-91]. December 15, 2005. Border Security: Opportunities to Increase Coordination of Air and Marine Assets. [hyperlink, http://www.gao.gov/products/GAO-05-543]. August 12, 2005. Footnotes: [1] The Department of Homeland Security (DHS) defines the U.S.-Canadian border as stretching from the state of Washington to Maine, and does not include the Alaskan border with Canada. [2] Pub. L. No. 110-53, § 731(a)-(b), 121 Stat. 266, 351. [3] Id. § 731(c), 121 Stat. at 351. [4] Pub. L. No. 107-296, 116 Stat. 2135. [5] For example, OBP data shows that in fiscal year 2008, apprehensions of inadmissible aliens along the northern border were approximately 1.1 percent of apprehensions along the southwest border, and pounds of illegal narcotics seized along the northern border were about 0.6 percent of pounds seized along the southwest border. [6] For example, see Congressional Research Service, Border Security: U.S.-Canada Immigration Border Issues, RS21258 (updated Dec. 28, 2004). [7] For example, the United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act) authorized funding to triple the number of border patrol and inspection personnel along the northern border and to improve technology for monitoring the northern border. See Pub. L. No. 107-56, § 402, 115 Stat. 272, 342-43. The Intelligence Reform and Terrorism Prevention Act of 2004 required the Secretary of Homeland Security to assign to the northern border no less than 20 percent of the net increase in border patrol agents each year for fiscal years 2006 through 2010. See Pub. L. No. 108-458, § 5202, 118 Stat. 3638, 3734. Also, in March 2007, the House and Senate Committees on Appropriations both wrote to the Secretary of DHS expressing the committees' expectation that DHS redirect $20,000,000 of its Border Security Fencing, Infrastructure and Technology expenditure plan to begin addressing security needs along the northern border. [8] Pub. L. No. 110-161, div. E, § 604, 121 Stat. 1844, 2095-96 (2007) (codified at 6 U.S.C. § 1403). [9] OES tasked the following CBP components to provide input to the Report to Congress: Office of Field Operations, OBP, Office of Air & Marine, the Office of Intelligence and Operations Coordination, and the Office of Information Technology. [10] Our discussions with FBI officials on the terrorist threat, and DEA officials on the drug trafficking threat, were generally consistent with DHS-reported information. [11] OBP defines operational control as the ability to detect entries when they occur, identify the entry and classify its level of threat, effectively and efficiently respond to the entry and bring the situation to the appropriate law enforcement resolution. OBP data from fiscal year 2008 showed that few northern border miles were under operational control, but that a greater number of miles have shown progress toward this goal. [12] USCG also stated that a public strategic communication plan regarding the implementation plan would be released sometime in the spring of 2009. [13] The standard station concept is a base design that may be utilized at multiple locations to reduce design costs and time frame. The standard station being implemented on the northern border is capable of supporting 50 agents and their support personnel, and allows for addition or expansion as needed. [14] CBP officials commented that CBP conducts strategic resource assessments for ports of entry to gather facility and planning data, assess the facilities to determine critical needs in support of the mission, and make facility recommendations for budgeting and programming. CBP completed an initial round of these assessments at all land ports of entry from 2004 through 2006, and plans to soon begin a second round of expanded assessments that will include air and sea ports. CBP anticipates completing this second round of assessments within 3 years and repeating the process on a 2 to 3 year cycle. [15] The Integrated Border Enforcement Teams (IBET) are a multi-DHS- agency law enforcement initiative with Canada with a goal to ensure comprehensive and permanent coordination of cross-border law enforcement, antiterrorism efforts, and information sharing between the two countries. The Border Enforcement Security Task Force is an interagency task force designed to enhance border security and combat violence related to smuggling through coordinated effort involving federal, state, local, and Canadian law enforcement agencies. Upon completion of a bilateral agreement currently under negotiation, Shiprider operations will support IBETs and include joint cross-border maritime patrols of USCG and the Royal Canadian Mounted Police (RCMP). In this effort, designated USCG and RCMP maritime law enforcement officers will embark on the other party's vessels for patrolling and enforcing U.S. and Canadian law on either side of the maritime border. Project North Star provides Canadian and U.S. law enforcement managers a mechanism to enhance communications, cooperation, and partnership. [16] The Airfields Initiative is a binational partnership between federal, state, and local law enforcement agencies of the United States and Canada involving the aviation community and the public as sources of information and intelligence on aircraft incursions. [17] ICE patrol officers, known as Shadow Wolves, were established by congressional mandate to remedy smuggling of narcotics across Indian reservations. [18] The High Intensity Drug Trafficking Area program is an antidrug support program providing a mechanism for federal, state, and local law enforcement agencies to share information and intelligence. The Organized Crime Drug Enforcement Task Force is a mechanism to promote cooperation and coordination among federal, state, and local law enforcement agencies engaged in narcotics and money laundering investigations. [19] Border Security Evaluation Teams gather intelligence from state and local law enforcement agencies, local civic leaders, and the public to determine if suspected cross-border activities indicate a need for deployment of border patrol resources in those areas. Operation Last Call was created by the ICE Office of Deportation and Removal Operations to maximize intelligence collection through systematic debriefing of ICE detainees. [20] ICE reports cross-designating other federal, state, and local officers to supplement the ICE investigative mission and participate on task forces. [21] The budget process provides Congress with a 1-year President's budget, and a 5-year plan to meet prioritized needs within projected resource constraints. However, these documents do not reflect the resources and time frame needed to achieve control of the northern border. [22] An unclassified notice to the public is to be published sometime in spring 2009. [23] This requirement is found in the Homeland Security Act of 2002 and Homeland Security Presidential Directive 7 (HSPD-7). [24] Our previous work pointed out the challenges DHS faces in developing its risk-management process. See GAO, Risk Management: Further Refinements Needed to Assess Risks and Prioritize Protective Measures at Ports and Other Critical Infrastructure, [hyperlink, http://www.gao.gov/products/GAO-06-91] (Washington, D.C.: Dec. 15, 2005), and GAO, Highlights of a Forum Convened by the Comptroller General of the United States: Strengthening the Use of Risk Management Principles in Homeland Security, [hyperlink, http://www.gao.gov/products/GAO-08-627SP] (Washington, D.C.: April 2008). [25] Other federal agencies included the FBI, Assistant to the President for Homeland Security and Counter Terrorism, the Nuclear Regulatory Commission, the National Fusion Center Coordination Group (NFCCG), Department of State, and Pacific Northwest National Laboratory (PNNL). [26] DHS officials provided us with reasons why two of the 21 GAO recommendations had not been implemented. DHS did not implement these fiscal year 2005 recommendations regarding coordination of its air and marine assets due to inadvertent exclusion of these recommendations from the agency tracking system. DHS and the Department of State report making progress towards implementing seven of the remaining pre-fiscal year 2008 recommendations. [27] GAO, Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: November 1999). [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: