This is the accessible text file for GAO report number GAO-03-1150T entitled 'Aviation Security: Progress Since September 11, 2001, and the Challenges Ahead' which was released on September 09, 2003. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. On January 5, 2004, this document was revised to add various footnote references missing in the text of the body of the document. Testimony: Before the Committee on Commerce, Science and Transportation, U.S. Senate: United States General Accounting Office: GAO: For Release on Delivery Expected at 9:30 a.m. EDT: Tuesday September 9, 2003: AVIATION SECURITY: Progress Since September 11, 2001, and the Challenges Ahead: Statement of Gerald L. Dillingham, Director, Civil Aviation Issues: Aviation Security Progress and Challenges: GAO-03-1150T: GAO Highlights: Highlights of GAO-03-1150T, a testimony before the Committee on Commerce, Science and Transportation, U.S. Senate Why GAO Did This Study: In the 2 years since the terrorist attacks of September 11, 2001, the security of our nation’s civil aviation system has assumed renewed urgency, and efforts to strengthen aviation security have received a great deal of congressional attention. On November 19, 2001, the Congress enacted the Aviation and Transportation Security Act (ATSA), which created the Transportation Security Administration (TSA) within the Department of Transportation (DOT) and defined its primary responsibility as ensuring security in aviation as well as in other modes of transportation. The Homeland Security Act, passed on November 25, 2002, transferred TSA to the new Department of Homeland Security, which assumed overall responsibility for aviation security. GAO was asked to describe the progress that has been made since September 11 to strengthen aviation security, the potential vulnerabilities that remain, and the longer-term management and organizational challenges to sustaining enhanced aviation security. What GAO Found: Since September 11, 2001, TSA has made considerable progress in meeting congressional mandates designed to increase aviation security. By the end of 2002, the agency had hired and deployed about 65,000 passenger and baggage screeners, federal air marshals, and others, and it was using explosives detection equipment to screen about 90 percent of all checked baggage. TSA is also initiating or developing efforts that focus on the use of technology and information to advance security. One effort under development, the next-generation Computer- Assisted Passenger Prescreening System (CAPPS II), would use national security and commercial databases to identify passengers who could pose risks for additional screening. Concerns about privacy rights will need to be addressed as this system moves toward implementation. Although TSA has focused on ensuring that bombs and other threat items are not carried onto planes by passengers or in their luggage, vulnerabilities remain in air cargo, general aviation, and airport perimeter security. Each year, an estimated 12.5 million tons of cargo are transported on all-cargo and passenger planes, yet very little air cargo is screened for explosives. We have previously recommended, and the industry has suggested, that TSA use a risk-management approach to set priorities as it works with the industry to determine the next steps in strengthening aviation security. TSA faces longer-term management and organizational challenges to sustaining enhanced aviation security that include (1) developing and implementing a comprehensive risk management approach, (2) paying for increased aviation security needs and controlling costs, (3) establishing effective coordination among the many entities involved in aviation security, (4) strategically managing its workforce, and (5) building a results-oriented culture within the new Department of Homeland Security. TSA has begun to respond to recommendations we have made addressing many of these challenges, and we have other studies in progress. What GAO Recommends: In prior reports and testimonies, listed at the end of this statement, GAO has made numerous recommendations to strengthen aviation security and to improve the management of federal aviation security organizations and functions. www.gao.gov/cgi-bin/getrpt?GAO-03-1150T. To view the full product, including the scope and methodology, click on the link above. For more information, contact Gerald L. Dillingham, Ph.D., at (202) 512-2834 or dillinghamg@gao.gov. [End of section] Mr. Chairman and Members of the Committee: In the 2 years since the terrorist attacks of September 11, 2001, the security of our nation's civil aviation system has assumed renewed urgency, and efforts to strengthen aviation security have received a great deal of congressional attention. On November 19, 2001, the Congress enacted the Aviation and Transportation Security Act (ATSA), which created the Transportation Security Administration (TSA) within the Department of Transportation (DOT) and defined its primary responsibility as ensuring security in aviation as well as in other modes of transportation. The act set forth specific improvements to aviation security for TSA to implement and established deadlines for completing many of them. The Homeland Security Act, passed on November 25, 2002, transferred TSA to the new Department of Homeland Security, which assumed overall responsibility for aviation security. My testimony today addresses the (1) progress that has been made since September 11 to strengthen aviation security, (2) potential vulnerabilities that remain, and (3) longer-term management and organizational challenges to sustaining enhanced aviation security. The testimony is based on our prior work, our review of recent literature, and discussions with aviation industry representatives and TSA. In summary: Since September 2001, TSA has made considerable progress in meeting congressional mandates related to aviation security, thereby increasing aviation security. For example, by the end of December 2002, the agency had hired and deployed a workforce of about 65,000, including passenger and baggage screeners and federal air marshals, and it was using explosives detection equipment to screen about 90 percent of all checked baggage. In addition, TSA has initiated several programs and research and development efforts that focus on the use of technology and information to advance security. For example, the agency is developing the Transportation Workers Identification Card program to provide a nationwide standard credential for airport workers that is issued after a background check has been completed and biometric indicators have been incorporated so that each worker can be positively matched to his or her credential. TSA is also developing the next- generation Computer Assisted Passenger Prescreening System (CAPPS II), which would use national security and commercial databases to assess the risk posed by passengers and identify some passengers for additional screening before they board their flights. These uses of technology and information--particularly CAPPS II--have raised some concerns about privacy rights that will need to be addressed as these programs move toward implementation. Although TSA has focused much effort and funding on ensuring that bombs and other threat items are not carried onto planes by passengers or in their luggage, vulnerabilities remain in areas such as air cargo security, general aviation security, and airport perimeter security. For example, air cargo is vulnerable because very little of the estimated 12.5 million tons transported each year on all-cargo and passenger planes is physically screened for explosives. As a result, a potential security risk is the introduction of explosive and incendiary devices in cargo placed aboard aircraft. We have recommended in prior work that TSA use a risk management approach to prioritize actions and funding as it works with industry to determine the next steps in strengthening air cargo security, and industry stakeholders have suggested the application of such an approach to general aviation security. TSA faces longer-term management and organizational challenges to sustaining enhanced aviation security that include (1) developing and implementing a comprehensive risk management approach, (2) paying for increased aviation security needs and controlling costs, (3) establishing effective coordination among the many public and private entities involved in aviation security, (4) strategically managing its workforce and ensuring appropriate staffing levels, and (5) building a results-oriented culture as it shifts its aviation security and other functions to the Department of Homeland Security. We have issued reports and made recommendations that address many of these challenges, and some actions are under way. In addition, we have studies in progress on some of these issues. Background: Before September 2001, we and others had demonstrated significant, long-standing vulnerabilities in aviation security, some of which are depicted in figure 1. These included weaknesses in screening passengers and baggage, controlling access to secure areas at airports, and protecting air traffic control computer systems and facilities. To address these and other weaknesses, ATSA created the Transportation Security Administration and established security requirements for the new agency with mandated deadlines. This page intentially left blank: Figure 1: Aviation Security Focus Areas: [See PDF for image] [End of figure] Civil Aviation Was Vulnerable before September 11, 2001: Before September 2001, screeners, who were then hired by the airlines, often failed to detect threat objects located on passengers or in their carry-on luggage. Principal causes of screeners' performance problems were rapid turnover and insufficient training. As we previously reported, turnover rates exceeded 100 percent a year at most large airports, leaving few skilled and experienced screeners, primarily because of low wages, limited benefits, and repetitive, monotonous work.[Footnote 1] In addition, before September 2001, controls for limiting access to secure areas of airports, including aircraft, did not always work as intended. As we reported in May 2000, our special agents used fictitious law enforcement badges and credentials to gain access to secure areas, bypass security checkpoints at two airports, and walk unescorted to aircraft departure gates.[Footnote 2] The agents, who had been issued tickets and boarding passes, could have carried weapons, explosives, or other dangerous objects onto aircraft. DOT's Inspector General also documented numerous problems with airport access controls, and in one series of tests, nearly 7 out of every 10 attempts by the Inspector General's staff to gain access to secure areas were successful. Upon entering the secure areas, the Inspector General's staff boarded aircraft 117 times. The Inspector General further reported that the majority of the aircraft boardings would not have occurred if employees had taken the prescribed steps, such as making sure doors closed behind them. Our reviews also found that the security of the air traffic control computer systems and of the facilities that house them had not been ensured.[Footnote 3] The vulnerabilities we identified, such as not ensuring that contractors who had access to the air traffic control computer systems had undergone background checks, made the air traffic control system susceptible to intrusion and malicious attacks. The air traffic control computer systems provide information to air traffic controllers and aircraft flight crews to help ensure the safe and expeditious movement of aircraft. Failure to protect these systems and their facilities could cause a nationwide disruption of air traffic or even collisions and loss of life. Over the years, we made numerous recommendations to the Federal Aviation Administration (FAA), which, until ATSA's enactment, was responsible for aviation security. These recommendations were designed to improve screeners' performance, strengthen airport access controls, and better protect air traffic control computer systems and facilities. As of September 2001, FAA had implemented some of these recommendations and was addressing others, but its progress was often slow. In addition, many initiatives were not linked to specific deadlines, making it difficult to monitor and oversee their implementation. Legislation Transferred Most Aviation Security Responsibilities to TSA: ATSA defined TSA's primary responsibility as ensuring security in all modes of transportation. The act also shifted security-screening responsibilities from the airlines to TSA and established a series of requirements to strengthen aviation security, many of them with mandated implementation deadlines. For example, the act required the deployment of federal screeners at 429 commercial airports across the nation by November 19, 2002, and the use of explosives detection technology at these airports to screen every piece of checked baggage for explosives not later than December 31, 2002. However, the Homeland Security Act subsequently allowed TSA to grant waivers of up to 1 year to airports that would not be able to meet the December deadline. Some aviation security responsibilities remained with FAA. For example, FAA is responsible for the security of its air traffic control and other computer systems and of its air traffic control facilities. FAA also administers the Airport Improvement Program (AIP) trust fund, which is used to fund capital improvements to airports, including some security enhancements, such as terminal modifications to accommodate explosives detection equipment. Since September 2001, Multiple Initiatives Have Increased Aviation Security: Over the past 2 years, TSA and FAA have taken major steps to increase aviation security. TSA has implemented congressional mandates and explored options for increasing the use of technology and information to control access to secure areas of airports and to improve passenger screening. FAA has focused its efforts on enhancing the security of the nation's air traffic control systems and facilities. In ongoing work, we are examining some of these efforts in more detail (see app. IV). TSA Met Many Aviation Security Mandates but Encountered Some Difficulties: In its first year, TSA worked to establish its organization and focused primarily on meeting the aviation security deadlines set forth in ATSA, accomplishing a large number of tasks under a very ambitious schedule. In January 2002, TSA had 13 employees--1 year later, the agency had about 65,000 employees. TSA reported that it met over 30 deadlines during 2002 to improve aviation security. (See app. I for the status of mandates in ATSA.) For example, according to TSA, it: * met the November 2002 deadline to deploy federal passenger screeners at airports across the nation by hiring, training, and deploying over 40,000 individuals to screen passengers at 429 commercial airports (see fig. 2); * hired and deployed more than 20,000 individuals to screen all checked baggage; * has been using explosives detection systems or explosives trace detection equipment to screen about 90 percent of all checked baggage as of December 31, 2002;[Footnote 4] * has been using alternative means such as canine teams, hand searches, and passenger-bag matching to screen the remaining checked baggage; * confiscated more than 4.8 million prohibited items (including firearms, knives, and incendiary or flammable objects) from passengers; and: * has made substantial progress in expanding the Federal Air Marshal Service. In addition, according to FAA, U.S. and foreign airlines met the April 2003 deadline to harden cockpit doors on aircraft flying in the United States. Figure 2: Screening Passengers at a U.S. Commercial Airport: [See PDF for image] [End of figure] Not unexpectedly, TSA experienced some difficulties in meeting these deadlines and achieving these goals. For example, operational and management control problems, cited later in this testimony, emerged with the rapid expansion of the Federal Air Marshal Service, and TSA's deployment of some explosives detection systems was delayed. As a result, TSA had to grant waivers of up to a year (until Dec. 31, 2003) to a few airports, authorizing them to use alternative means to screen all checked baggage. Recently, airport representatives with whom we spoke expressed concern that not all of these airports would meet the new December 2003 deadline established in their waivers because, according to the airport representatives, there has not been enough time to produce, install, and integrate all of the systems required to meet the deadline. TSA Is Making Greater Use of Technology and Information to Enhance Aviation Security: To strengthen control over access to secure areas of airports and other transportation facilities, TSA is pursuing initiatives that make greater use of technology and information. For example, the agency is investigating the establishment of a Transportation Workers Identification Card (TWIC) program. TWIC is intended to establish a uniform, nationwide standard for the secure identification of 12 million workers who require unescorted physical or cyber access to secure areas at airports and other transportation facilities. Specifically, TWIC will combine standard background checks and biometrics so that a worker can be positively matched to his or her credential. Once the program is fully operational, the TWIC card will be the standard credential for airport workers and will be accepted by all modes of transportation. According to TSA, developing a uniform, nationwide standard for identification will minimize redundant credentialing and background checks. Currently, each airport is required, as part of its security program, to issue credentials to workers who need access to secure, nonpublic areas, such as baggage loading areas.[Footnote 5] Airport representatives have told us that they think a number of operational issues need to be resolved for the TWIC card to be feasible. For example, the TWIC card would have to be compatible with the many types of card readers used at airports around the country, or new card readers would have to be installed. At large airports, this could entail replacing hundreds of card readers, and airport representatives have expressed concerns about how this effort would be funded. In April 2003, TSA awarded a contract to test and evaluate various technologies at three pilot sites. In addition, TSA has continued to develop the next-generation Computer Assisted Passenger Prescreening System (CAPPS II)--an automated passenger screening system that takes personal information, such as a passenger's name, date of birth, home address, and home telephone number, to confirm the passenger's identity and assess a risk level. The identifying information will be run against national security information and commercial databases, and a "risk" score will be assigned to the passenger. The risk score will determine any further screening that the passenger will undergo before boarding. TSA expects to implement CAPPS II throughout the United States by the fall of 2004. However, TSA's plans have raised concerns about travelers' privacy rights. It has been suggested, for example, that TSA is violating privacy laws by not explaining how the risk assessment data will be scored and used and how a TSA decision can be appealed. These concerns about the system will need to be addressed as it moves toward implementation. In ongoing work, we are examining CAPPS II, including how it will function, what safeguards will be put in place to protect the traveling public's privacy, and how the system will affect the traveling public in terms of costs, delays, and risks. Additionally, TSA has begun to develop initiatives that could enable it to use its passenger screening resources more efficiently. For example, TSA has requested funding for fiscal year 2004 to begin developing a registered traveler program that would prescreen low-risk travelers. Under a registered traveler program, those who voluntarily apply to participate in the program and successfully pass background checks would receive a unique identifier or card that would enable them to be screened more quickly and would promote greater focus on those passengers who require more extensive screening at airport security checkpoints. In prior work, we identified key policy and implementation issues that would need to be resolved before a registered traveler program could be implemented. Such issues include the (1) criteria that should be established to determine eligibility to apply for the program, (2) kinds of background checks that should be used to certify applicants' eligibility to enroll in the program and the entity who should perform these checks, (3) security-screening procedures that registered travelers should undergo and the differences between these procedures and those for unregistered travelers, and (4) concerns that the traveling public or others may have about equity, privacy, and liability.[Footnote 6] FAA Is Strengthening Air Traffic Control Security: Since September 2001, FAA has continued to strengthen the security of the nation's air traffic control computer systems and facilities in response to 39 recommendations we made between May 1998 and December 2000. For example, FAA has established an information systems security management structure under its Chief Information Officer, whose office has developed an information systems security strategy, security architecture (that is, an overall blueprint), security policies and directives, and a security awareness training campaign. This office has also managed FAA's incident response center and implemented a certification and accreditation process to ensure that vulnerabilities in current and future air traffic control systems are identified and weaknesses addressed. Nevertheless, the office faces continued challenges in increasing its intrusion detection capabilities, obtaining accreditation for systems that are already operational, and managing information systems security throughout the agency. In addition, according to senior security officials, FAA has completed assessments of the physical security of its staffed facilities, but it has not yet accredited all of these air traffic control facilities as secure in compliance with its own policy. Finally, FAA has worked aggressively over the past 2 years to complete background investigations of numerous contractor employees. However, ensuring that all new contractors are assessed to determine which employees require background checks, and that those checks are completed in a timely manner, will be a continuing challenge for the agency. Potential Vulnerabilities Remain in Several Aviation Sectors: Although TSA has focused much effort and funding on ensuring that bombs and other threat items are not carried onto commercial aircraft by passengers or in their luggage, vulnerabilities remain, according to aviation experts, TSA officials, and others. In particular, these vulnerabilities affect air cargo, general aviation, and airport perimeter security. For information on legislative proposals that would address these potential vulnerabilities and other aviation security issues, see appendix II. Air Cargo Security: As we and DOT's Inspector General have reported, vulnerabilities exist in securing the cargo carried aboard commercial passenger and all-cargo aircraft. TSA has reported that an estimated 12.5 million tons of cargo are transported each year--9.7 million tons on all-cargo planes and 2.8 million tons on passenger planes. Some potential security risks associated with air cargo include the introduction of undetected explosive and incendiary devices in cargo placed aboard aircraft; the shipment of undeclared or undetected hazardous materials aboard aircraft; and aircraft hijackings and sabotage by individuals with access to cargo aircraft.[Footnote 7] To address some of the risks associated with air cargo, ATSA requires that all cargo carried aboard commercial passenger aircraft be screened and that TSA have a system in place as soon as practicable to screen, inspect, or otherwise ensure the security of cargo on all-cargo aircraft. In August 2003, the Congressional Research Service reported that less than 5 percent of cargo placed on passenger airplanes is physically screened. TSA's primary approach to ensuring air cargo security and safety and to complying with the cargo-screening requirement in the act is the "known shipper" program--which allows shippers that have established business histories with air carriers or freight forwarders[Footnote 8] to ship cargo on planes. However, we and DOT's Inspector General have identified weaknesses in the known shipper program and in TSA's procedures for approving freight forwarders.[Footnote 9] Since September 2001, TSA has taken a number of actions to enhance cargo security, such as implementing a database of known shippers in October 2002. The database is the first phase in developing a cargo- profiling system similar to the Computer-Assisted Passenger Prescreening System. However, in December 2002, we reported that additional operational and technological measures, such as checking the identity of individuals making cargo deliveries, have the potential to improve air cargo security in the near term.[Footnote 10] We further reported that TSA lacks a comprehensive plan with long-term goals and performance targets for cargo security, time frames for completing security improvements, and risk-based criteria for prioritizing actions to achieve those goals. Accordingly, we recommended that TSA develop a comprehensive plan for air cargo security that incorporates a risk management approach, includes a list of security priorities, and sets deadlines for completing actions. TSA agreed with this recommendation and expects to develop such a plan by the fall of 2003. It will be important that this plan include a timetable for implementation and that TSA expeditiously reduce the vulnerabilities in this area. General Aviation Security: Since September 2001, TSA has taken limited action to improve general aviation security, leaving it far more open and potentially vulnerable than commercial aviation.[Footnote 11] General aviation is vulnerable because general aviation pilots are not screened before takeoff and the contents of general aviation planes are not screened at any point. General aviation includes more than 200,000 privately owned airplanes, which are located in every state at more than 19,000 airports. Over 550 of these airports also provide commercial service. In the last 5 years, about 70 aircraft have been stolen from general aviation airports, indicating a potential weakness that could be exploited by terrorists. Moreover, it was reported that the September 11 hijackers researched the use of crop dusters to spread biological or chemical agents. General aviation's vulnerability was revealed in January 2002, when a Florida teenage flight student crashed a single-engine Cessna airplane into a Tampa skyscraper. FAA has since issued a notice with voluntary guidance for flight schools and businesses that provide services for aircraft and pilots at general aviation airports. The suggestions include using different keys to gain access to an aircraft and start the ignition, not giving students access to aircraft keys, ensuring positive identification of flight students, and training employees and pilots to report suspicious activities. However, because the guidance is voluntary, it is unknown how many general aviation airports have implemented these measures. We reported in June 2003 that TSA was working with industry stakeholders as part of TSA's Aviation Security Advisory Council to close potential security gaps in general aviation.[Footnote 12] According to our recent discussions with industry representatives, however, the stakeholders have not been able to reach a consensus on the actions needed to improve security in general aviation. General aviation industry representatives, such as the Aircraft Owners and Pilots Association and General Aviation Manufacturers Association, have opposed any restrictions on operating general aviation aircraft and believe that small planes do not pose a significant risk to the country. Nonetheless, some industry representatives indicated that the application of a risk management approach would be helpful in determining the next steps in improving general aviation security. (We discuss risk management in more detail later in this testimony.) To identify these next steps, TSA chartered a working group on general aviation within the existing Aviation Security Advisory Committee, and this working group is scheduled to report to the full committee in the fall of 2003. We have ongoing work that is examining general aviation security in further detail. Figure 3: General Aviation Aircraft and Airport: [See PDF for image] [End of figure] Airport Perimeter Security: Airport perimeters present a potential vulnerability by providing a route for individuals to gain unauthorized access to aircraft and secure areas of airports (see fig. 4). For example, in August 2003, the national media reported that three boaters wandered the tarmac at Kennedy International Airport after their boat became beached near a runway. In addition, terrorists could launch an attack using a shoulder-fired missile from the perimeter of an airport, as well as from locations just outside the perimeter. For example, in separate incidents in the late 1970s, guerrillas with shoulder-fired missiles shot down two Air Rhodesia planes. More recently, the national media have reported that since September 2001, al Qaeda has twice tried to down planes outside the United States with shoulder-fired missiles.[Footnote 13] We reported in June 2003 that airport operators have increased their patrols of airport perimeters since September 2001, but industry officials stated that they do not have enough resources to completely protect against missile attacks.[Footnote 14] A number of technologies could be used to secure and monitor airport perimeters, including barriers, motion sensors, and closed-circuit television. Airport representatives have cautioned that as security enhancements are made to airport perimeters, it will be important for TSA to coordinate with FAA and the airport operators to ensure that any enhancements do not pose safety risks for aircraft. We have separate ongoing work examining the status of efforts to improve airport perimeter security and assessing the nature and extent of the threat from shoulder-fired missiles. Figure 4: Airport Perimeter: [See PDF for image] [End of figure] Aviation Security Poses Longer-Term Management and Organizational Challenges: TSA's efforts to strengthen and sustain aviation security face several longer-term challenges in the areas of risk management, funding, coordination, strategic human capital management, and building a results-oriented organization. Risk Management: As aviation security is viewed in the larger context of transportation and homeland security, it will be important to set strategic priorities so that national resources can be directed to the greatest needs. Although TSA initially focused on increasing aviation security, it has more recently begun to address security in the other transportation modes. However, the size and diversity of the national transportation system make it difficult to adequately secure, and TSA and the Congress are faced with demands for additional federal funding for transportation security that far exceed the additional amounts made available. We have advocated the use of a risk management approach to guide federal programs and responses to better prepare for and withstand terrorist threats, and we have recommended that TSA use this approach to strengthen security in aviation as well as in other transportation modes.[Footnote 15] A risk management approach is a systematic process to analyze threats, vulnerabilities, and the criticality (or relative importance) of assets to better support key decisions linking resources with prioritized efforts for results. Comprehensive risk-based assessments support effective planning and resource allocation. Figure 5 describes this approach. Figure 5: Elements of a Risk Management Approach: [See PDF for image] [End of figure] TSA agreed with our recommendation and has adopted a risk management approach in attempting to enhance security across all transportation modes. TSA's Office of Threat Assessment and Risk Management is developing two assessment tools that will help assess criticality, threats, and vulnerabilities. The first tool, which assesses criticality, will arrive at a criticality score for a facility or transportation asset by incorporating factors such as the number of fatalities that could occur during an attack and the economic and sociopolitical importance of the facility or asset. This score will enable TSA, in conjunction with transportation stakeholders, to rank facilities and assets within each mode and thus focus resources on those that are deemed most important. TSA is working with another Department of Homeland Security office--the Information Analysis and Infrastructure Protection Directorate--to ensure that the criticality tool will be consistent with the Department's overall approach for managing critical infrastructure. The second tool--the Transportation Risk Assessment and Vulnerability Evaluation tool (TRAVEL)--will assess threats and analyze vulnerabilities for all transportation modes. The tool produces a relative risk score for potential attacks against a transportation asset or facility. In addition, TRAVEL will include a cost-benefit component that compares the cost of implementing a given countermeasure with the reduction in relative risk due to that countermeasure. We reported in June 2003 that TSA plans to use this tool to gather comparable threat and vulnerability information across all transportation modes. It is important for TSA to complete the development of the two tools and use them to prepare action plans for specific modes, such as aviation, and for transportation security generally. Funding: Two key funding and accountability challenges will be (1) paying for increased aviation security and (2) ensuring that these costs are controlled. The costs associated with the equipment and personnel needed to screen passengers and their baggage alone are huge. The administration requested $4.2 billion for aviation security for fiscal year 2004, which included about $1.8 billion for passenger screening and $944 million for baggage screening.[Footnote 16] ATSA created a passenger security fee to pay for the costs of aviation security, but the fee has not generated enough money to do so. DOT's Inspector General reported that the security fees are estimated to generate only about $1.7 billion in fiscal year 2004.[Footnote 17] A major funding issue is paying for the purchase and installation of the remaining explosives detection systems for the airports that received waivers, as well as for the reinstallation of the systems that were placed in airport lobbies last year and now need to be integrated into airport baggage-handling systems. Integrating the equipment with the baggage-handling systems is expected to be costly because it will require major facility modifications. For example, modifications needed to integrate the equipment at Boston's Logan International Airport are estimated to cost $146 million. Estimates for Dallas/Fort Worth International Airport are $193 million. DOT's Inspector General has reported that the cost of integrating the equipment nationwide could be as high as $3 billion. A key question is how to pay for these installation costs. Funds from FAA's AIP grants and passenger facility charges are eligible sources for funding this work.[Footnote 18] In fiscal year 2002, AIP grant funds totaling $561 million were used for terminal modifications to enhance security. However, using these funds for security reduced the funding available for other airport development projects, such as projects to bring airports up to federal design standards and reconstruction projects. In February 2003, we identified letters of intent[Footnote 19] as a funding option that has been successfully used to leverage private sources of funding.[Footnote 20] TSA has since signed letters of intent with three airports--Boston Logan, Dallas-Fort Worth, and Seattle-Tacoma International Airports. Under the agreements, TSA will pay 75 percent of the cost of integrating the explosives detection equipment into the baggage-handling systems. The payments will stretch out over 3 to 4 years. Airport representatives said that about 30 more airports have requested similar agreements. The slow pace of TSA's approval process has raised concerns about delays in reinstalling and integrating explosives detection equipment with baggage-handling systems--delays that will require more labor- intensive and less efficient baggage screening by other approved means. To provide financial assistance to airports for security-related capital investments, such as the installation of explosives detection equipment, proposed aviation reauthorization legislation[Footnote 21] would establish an aviation security capital fund that would authorize $2 billion over the next 4 years. The funding would be made available to airports in letters of intent, and large-and medium-hub airports would be expected to provide a match of 10 percent of a project's costs. A 5 percent match would be required for all other airports. This legislation would provide a dedicated source of funding for security- related capital investments and could minimize the need to use AIP funds for security. An additional funding issue is how to ensure continued investment in transportation research and development. For fiscal year 2003, TSA was appropriated about $110 million for research and development, of which $75 million was designated for the next-generation explosives detection systems. However, TSA has proposed to reprogram $61.2 million of these funds to be used for other purposes, leaving about $12.7 million to be spent on research and development this year. This proposed reprogramming could limit TSA's ability to sustain and strengthen aviation security by continuing to invest in research and development for more effective equipment to screen passengers, their carry-on and checked baggage, and cargo. In ongoing work, we are examining the nature and scope of research and development work by TSA and the Department of Homeland Security, including their strategy for accelerating the development of transportation security technologies. By reprogramming funds and making acknowledged use of certain funds for purposes other than those intended, TSA has raised congressional concerns about accountability. According to TSA, it has proposed to reprogram a total of $849.3 million during fiscal year 2003, including the $61.2 million that would be cut from research and development and $104 million that would be taken from the federal air marshal program and used for unintended purposes. Because of these congressional concerns, we were asked to investigate TSA's process for reprogramming funds for the air marshal program and to assess the implications of the proposed funding reductions in areas such as the numbers of hours flown and flights taken. We have ongoing work to address these issues. To ensure appropriate oversight and accountability, it is important that TSA maintain clear and transparent communication with the Congress and industry stakeholders about the use of its funds. In July 2002, we reported that long-term attention to cost and accountability controls for acquisition and related business processes will be critical for TSA, both to ensure its success and to maintain its integrity and accountability.[Footnote 22] According to DOT's Inspector General, although TSA has made progress in addressing certain cost-related issues, it has not established an infrastructure that provides effective controls to monitor contractors' costs and performance.[Footnote 23] For example, in February 2003, the Inspector General reported that TSA's $1 billion hiring effort cost more than most people expected and that TSA's contract with NCS Pearson to recruit, assess, and hire the screener workforce contained no safeguards to prevent cost increases. The Inspector General found that TSA provided limited oversight for the management of the contract expenses and, in one case, between $6 million and $9 million of the $18 million paid to a subcontractor appeared to be a result of wasteful and abusive spending practices.[Footnote 24] As the Inspector General recommended, TSA has since hired the Defense Contract Audit Agency to audit its major contracts. To ensure control over TSA contracts, the Inspector General has further recommended that the Congress set aside a specific amount of TSA's contracting budget for overseeing contractors' performance with respect to cost, schedule, and quality.[Footnote 25] Coordination: Sustaining the aviation security advancements of the past 2 years also depends on TSA's ability to form effective partnerships with federal, state, and local agencies and with the aviation community. Effective, well-coordinated partnerships at the local level require identifying roles and responsibilities; developing effective, collaborative relationships with local and regional airports and emergency management and law enforcement agencies; agreeing on performance-based standards that describe desired outcomes; and sharing intelligence information. The lynchpin in TSA's efforts to coordinate with airports and local law enforcement and emergency response agencies is, according to the agency, the 158 federal security directors and staff that TSA has deployed nationwide. The security directors' responsibilities include ensuring that standardized security procedures are implemented at the nation's airports; working with state and local law enforcement personnel, when appropriate, to ensure airport and passenger security; and communicating threat information to airport operators and others. Airport representatives, however, have indicated that the relationships between federal security directors and airport operators are still evolving and that better communication is needed at some airports. Key to improving the coordination between TSA and local partners is establishing clearly defined roles. In some cases, concerns have arisen about conflicts between the roles of TSA, as the manager of security functions at airports, and of airport officials, as the managers of other airport operations. Industry representatives viewed such conflicts as leading to confusion in areas such as communicating with local entities. According to airport representatives, for example, TSA has developed guidance or rules for airports without involving them, and time-consuming changes have then had to be made to accommodate operational factors. The representatives maintain that it would be more efficient and effective to consider such operational factors earlier in the process. Ultimately, inadequate coordination and unclear roles result in inefficient uses of limited resources. TSA also has to ensure that the terrorist and threat information gathered and maintained by law enforcement and other agencies-- including the Federal Bureau of Investigation, the Immigration and Naturalization Service, the Central Intelligence Agency, and the Department of State--is quickly and efficiently communicated among federal agencies and to state and local authorities, as needed. Disseminating such information is important to allow those who are involved in protecting the nation's aviation system to address potential threats rather than simply react to known threats. In aviation security, timely information sharing among agencies has been hampered by the agencies' reluctance to share sensitive information and by outdated, incompatible computer systems. As we found in reviewing 12 watch lists maintained by nine federal agencies, information was being shared among some of them but not among others. Moreover, even when sharing was occurring, costly and overly complex measures had to be taken to facilitate it.[Footnote 26] To promote better integration and sharing of terrorist and criminal watch lists, we have recommended that the Department of Homeland Security, in collaboration with the other departments and agencies that have and use watch lists, lead an effort to consolidate and standardize the federal government's watch list structures and policies.[Footnote 27] In addition, as we found earlier this year, representatives of numerous state and local governments and transportation industry associations indicated that the general threat warnings received by government agencies are not helpful. Rather, they said, transportation operators, including airport operators, want more specific intelligence information so that they can understand the true nature of a potential threat and implement appropriate security measures.[Footnote 28] Strategic Human Capital Management: As it organizes itself to protect the nation's transportation system, TSA faces the challenge of strategically managing its workforce of more than 60,000 people, most of whom are deployed at airports or on aircraft to detect weapons and explosives and to prevent them from being taken aboard and used on aircraft. Additionally, over the next several years, TSA faces the challenge of "right-sizing" this workforce as efficiency is improved with new security-enhancing technologies, processes, and procedures. For example, as explosives detection systems are integrated with baggage-handling systems, the use of more labor- intensive screening methods, such as trace detection techniques and manual searches of baggage, can be reduced. Other planned security enhancements, such as CAPPS II and the registered traveler program, also have the potential to make screening more efficient. To assist agencies in managing their human capital more strategically, we have developed a model that identifies cornerstones and related critical success factors that agencies should apply and steps they can take.[Footnote 29] Our model is designed to help agency leaders effectively lead and manage their people and integrate human capital considerations into daily decision-making and the program results they seek to achieve. In January 2003, we reported that TSA was addressing some critical human capital success factors by hiring personnel, using a wide range of tools available for hiring, and beginning to link individual performance to organizational goals.[Footnote 30] However, concerns remain about the size and training of that workforce, the adequacy of the initial background checks for screeners, and TSA's progress in setting up a performance management system. As noted earlier in this testimony, TSA now plans to reduce its screener workforce by 6,000 by September 30, 2003, and it has proposed cutting the workforce by an additional 3,000 in fiscal year 2004. This planned reduction has raised concerns about passenger delays at airports and has led TSA to begin hiring part-time screeners to make more flexible and efficient use of its workforce. In addition, TSA used an abbreviated background check process to hire and deploy enough screeners to meet ATSA's screening deadlines in 2002. After obtaining additional background information, TSA terminated the employment of some of these screeners. TSA reported 1,208 terminations as of May 31, 2003, that it ascribed to a variety of reasons, including criminal offenses and failures to pass alcohol and drug tests. Furthermore, the national media have reported allegations of operational and management control problems that emerged with the expansion of the Federal Air Marshal Service, including inadequate background checks and training, uneven scheduling, and inadequate policies and procedures. In ongoing work, we are examining the effectiveness of TSA's efforts to train, equip, and supervise passenger screeners, and we are assessing the effects of expansion on the Federal Air Marshal Service. In addition, we reported in January 2003 that TSA had taken the initial steps in establishing a performance management system linked to organizational goals. Such a system will be critical for TSA to motivate and manage staff, ensure the quality of screeners' performance, and, ultimately, restore public confidence in air travel. Building a Results-Oriented Organization: For TSA to sustain enhanced aviation security over the long term, it will be important for the agency to continue to build a results- oriented culture within the new Department of Homeland Security. To help federal agencies successfully transform their cultures, as well as the new Department of Homeland Security merge its various components into a unified department, we identified key practices that have consistently been found at the center of successful mergers, acquisitions, and transformations.[Footnote 31] These key practices, together with implementation strategies such as establishing a coherent mission and integrated strategic goals to guide the transformation, can help agencies become more results oriented, customer focused, and collaborative. (See app. III.) These practices are particularly important for the Department of Homeland Security, whose implementation and transformation we have designated as high risk.[Footnote 32] The Congress required TSA to adopt a results-oriented strategic planning and reporting framework and, specifically, to provide an action plan with goals and milestones to outline how acceptable levels of performance for aviation security would be achieved. In prior work, we reported that TSA has taken the first steps in performance planning and reporting by defining its mission, vision, and values and that this practice would continue to be important when TSA moved into the Department of Homeland Security.[Footnote 33] Therefore, we recommended that TSA take the next steps to implement results-oriented practices. These steps included establishing performance goals and measures for all modes of transportation as part of a strategic planning process that involves stakeholders, defining more clearly the roles and responsibilities of its various offices in collaborating and communicating with stakeholders; and formalizing the roles and responsibilities of governmental entities for transportation security. Table 1 shows selected ATSA requirements, TSA's actions and plans, and the next steps we recommended. TSA agreed with our recommendations. Table 1: Requirements, Actions and Plans, and Recommended Next Steps for Results-Oriented Practices: ATSA requirements: Leadership commitment to creating a high-performing organization: * Requires performance agreement between the Secretary of DOT and the Under Secretary of Transportation for Security and between the Under Secretary and TSA executives; TSA actions and plans: Leadership commitment to creating a high-performing organization: * Stated leadership commitment to creating a results-oriented culture in its 180-day action plan; * Expressed plans to use the Baldrige performance excellence criteria as a management tool to promote quality and performance; * Established standardized performance agreements for TSA executives; Next steps: Leadership commitment to creating a high- performing organization: * Establish a performance agreement for the Under Secretary of Transportation for Security that articulates how bonuses will be tied to performance; * Add expectations in performance agreements for top leadership to foster the culture of a high- performing organization. ATSA requirements: Leadership commitment to creating a high-performing organization: * Requires a 5-year performance plan and annual performance report consistent with the principles of the Government Performance and Results Act; TSA actions and plans: Leadership commitment to creating a high-performing organization: * Articulated vision, mission, values, strategic goal, and performance goals and measures; * Developed automated system to collect performance data to demonstrate progress in meeting goals; * Aligned aviation security performance goals and measures with DOT goals; * Reported it submitted first annual performance report; Next steps: Leadership commitment to creating a high-performing organization: * Establish security performance goals and measures for all modes of transportation as part of a strategic planning process that involves stakeholders; * Apply practices that have been shown to provide useful information in agency performance plans. ATSA requirements: Leadership commitment to creating a high-performing organization: * Requires a performance management system; * Requires performance agreements for all employees that include organizational and individual goals; TSA actions and plans: Leadership commitment to creating a high-performing organization: * Established an interim performance management system; * Created standardized performance agreements for groups of employees that include organizational and individual goals and standards of performance; Next steps: Leadership commitment to creating a high-performing organization: * Build on the current performance agreements to achieve additional benefits; * Ensure the permanent performance management system makes meaningful distinctions in performance; * Involve employees in developing its permanent performance management system. ATSA requirements: Leadership commitment to creating a high-performing organization: * Requires TSA to work within and outside the government to accomplish its mission; * Establishes a Transportation Security Oversight Board to facilitate collaboration and communication; TSA actions and plans: Leadership commitment to creating a high-performing organization: * Established Offices of Security Regulation and Policy, Communications and Public Information, Law Enforcement and Security Liaison, and Legislative Affairs to collaborate and communicate with stakeholders; * Convened the Oversight Board, which has met twice; * Stated plans to use memorandums of understanding and memorandums of agreement to formalize roles and responsibilities of TSA and other agencies in transportation security; Next steps: Leadership commitment to creating a high-performing organization: * Define more clearly the collaboration and communication roles and responsibilities of TSA's various offices; * Formalize roles and responsibilities among governmental entities for transportation security. ATSA requirements: Leadership commitment to creating a high-performing organization: * Requires a 180-day action plan and two progress reports within 6 months of enactment; TSA actions and plans: Leadership commitment to creating a high-performing organization: * Submitted 180- day action plan and both progress reports within established time frames; * Maintains a Web site to provide information to the public; * Created ombudsman position to serve customers; * Developed measures to track customer satisfaction; * Reviewed and eliminated security procedures that do not enhance security or customer service; * Stated plans to develop a customer satisfaction index to analyze customer opinions to improve performance; Next steps: Leadership commitment to creating a high-performing organization: * Fill the ombudsman position to facilitate responsiveness of TSA to the public; * Continue to develop and implement mechanisms, such as the CSI, to gauge customer satisfaction and improve customer service. Source: GAO. [End of table] Concluding Observations: After spending billions of dollars over the past 2 years on people, policies, and procedures to improve aviation security, we have much more security now than we had before September 2001, but it has not been determined how much more secure we are. The vast number of guns, knives, and other potential threat items that screeners have confiscated suggests that security is working, but it also suggests that improved public awareness of prohibited items could help focus resources where they are most needed and reduce delays and inconvenience to the public. Faced with vast and competing demands for security resources, TSA should continue its efforts to identify technologies, such as CAPPS II, that will leverage its resources and potentially improve its capabilities. Improving the efficiency and effectiveness of aviation security will also require risk assessments and plans that help maintain a balance between security and customer service. Mr. Chairman, this concludes my statement. I would be pleased to answer any questions that you or other members of the Committee may have. Contact Information: For further information on this testimony, please contact Gerald L. Dillingham at (202) 512-2834. Individuals making key contributions to this testimony include Elizabeth Eisenstadt, David Hooper, Jennifer Kim, Heather Krause, Maren McAvoy, John W. Shumann, and Teresa Spisak. [End of section] Appendix I: Selected s in the Aviation and Transportation Security Act and Their Status: Table 2: Deadline: Nov. 19, 2001; Provisions[A]: Require new background checks for those who have access to secure areas of the airport; Status: Completed. Provisions[A]: Dec. 19, 2001: Institute a 45-day waiting period for aliens seeking flight training for planes of 12,500 pounds or more; Status: Dec. 19, 2001: Completed. Deadline: Dec. 19, 2001; Provisions[A]: Establish qualifications for federal screeners; Status: Completed. Provisions[A]: Jan. 18, 2002: Report to the Congress on improving general aviation security; Status: Jan. 18, 2002: Completed. Deadline: Jan. 18, 2002; Provisions[A]: Screen all checked baggage in U.S. airports using explosives detection systems, passenger-bag matching, manual searches, canine units, or other approved means; Status: Completed. Provisions[A]: The Federal Aviation Administration (FAA) is to develop guidance for air carriers to use in developing programs to train flight and cabin crews to resist threats (within 60 days after FAA issues the guidance, each airline is to develop a training program and submit it to FAA; within 30 days of receiving a program, FAA is to approve it or require revisions; within 180 days of receiving FAA's approval, the airline is to complete the training of all flight and cabin crews); Status: Guidance issued. Provisions[A]: Develop a plan to train federal screeners; Status: Completed. Provisions[A]: Foreign and domestic carriers are to provide electronic passenger and crew manifests to Customs for flights from foreign countries to the United States; Status: Completed. Provisions[A]: Feb. 17, 2002: Begin collecting the passenger security fee; Status: Feb. 17, 2002: Completed. Deadline: Feb. 17, 2002; Provisions[A]: The Under Secretary is to assume civil aviation security functions from FAA; Status: Completed. Provisions[A]: Implement an aviation security program for charter carriers; Status: Completed. Provisions[A]: Begin awarding grants for security-related research and development; Status: Completed. Provisions[A]: May 18, 2002: The National Institute of Justice is to report to the Secretary on less-than-lethal weapons for flight crew members; Status: May 18, 2002: Completed. Deadline: May 18, 2002; Provisions[A]: Report to the Congress on the deployment of baggage screening equipment; Status: Report submitted. Provisions[A]: * Report to the Congress on progress in evaluating and taking the following optional actions:; Status: : Report submitted. Provisions[A]: * Require 911 capability for onboard passenger telephones; Status: * Completed. Provisions[A]: * Establish uniform IDs for law enforcement personnel carrying weapons on planes or in secure areas; Status: * Ongoing. Provisions[A]: * Establish requirements for trusted traveler programs; Status: * Ongoing. Provisions[A]: * Develop alternative security procedures to avoid damage to medical products; Status: * Completed. Provisions[A]: * Provide for the use of secure communications technologies to inform airport security forces about passengers who are identified on security databases; Status: * Ongoing. Provisions[A]: * Require pilot licenses to include a photograph and biometric identifiers; Status: * Ongoing. Provisions[A]: * Use voice stress analysis, biometric, or other technologies to prevent high-risk passengers from boarding; Status: * Ongoing. Provisions[A]: * Provide for the use of instant communications technology between planes and ground; Status: * Ongoing. Deadline: Nov. 19, 2002; Provisions[A]: Deploy federal screeners, security managers, and law enforcement officers to screen passengers and property; Status: Completed. Provisions[A]: Report to the Congress on screening for small aircraft with 60 or fewer seats; Status: Report submitted. Provisions[A]: Dec. 31, 2002: Establish pilot program to contract with private screening companies (program to last until Nov. 19, 2004); Status: Dec. 31, 2002: Completed. Deadline: Dec. 31, 2002; Provisions[A]: Screen all checked baggage by explosives detection systems; Status: Ongoing. No Deadline: Provisions[A]: Carriers are to transfer screening property to TSA; Status: Completed. Provisions[A]: FAA is to issue an order prohibiting access to the flight deck, requiring strengthened cabin doors, requiring that cabin doors remain locked, and prohibiting possession of a key for all but the flight deck crew; Status: Completed. Provisions[A]: Improve perimeter screening of all individuals, goods, property, and vehicles; Status: Ongoing. Provisions[A]: Screen all cargo on passenger flights and cargo-only flights; Status: Ongoing. Provisions[A]: Establish procedures for notifying FAA, state and local law enforcement officers, and airport security of known threats; Status: Completed. Provisions[A]: Establish procedures for airlines to identify passengers who pose a potential security threat; Status: Ongoing. Provisions[A]: FAA is to develop and implement methods for using cabin video monitors, continuously operating transponders, and notifying flight deck crew of a hijacking; Status: Ongoing. Provisions[A]: Require flight training schools to conduct security awareness programs for employees; Status: Completed. Provisions[A]: Work with airport operators to strengthen access control points and consider deploying technology to improve security access; Status: Ongoing. Provisions[A]: Provide operational testing for screeners; Status: Ongoing. Provisions[A]: Assess dual-use items that seem harmless but could be dangerous and inform screening personnel; Status: Ongoing. Provisions[A]: Establish a system for measuring staff performance; Status: Ongoing. Provisions[A]: Establish management accountability for meeting performance goals; Status: Ongoing. Provisions[A]: Provisions[A]: Periodically review threats to civil aviation, including chemical and biological weapons; Status: Status: Ongoing. Source: TSA. [A] Except where otherwise indicated, the Transportation Security Administration (TSA) is responsible for implementing the provisions. [End of section] Appendix II: Bills Related to Aviation Security: H.R. 2144 - Aviation Security Technical Corrections and Improvements Act - Many of the important provisions of this bill have been incorporated into the Conference Report version of the FAA Reauthorization Act, H.R. 2115. S. 1409 - Rebuild America Act of 2003 - Establishes a new grant program in the Department of Homeland Security (DHS) for airport security improvements, including projects to replace baggage conveyer systems and projects to reconfigure terminal baggage areas as needed to install explosives detection systems. The Under Secretary for Border and Transportation Security is authorized to issue letters of intent to airports for these types of projects. One billion dollars is authorized for this program. H.R. 2555 - House and Senate versions of the Department of Homeland Security Appropriations Act for 2004: House version - Makes fiscal year 2004 appropriations of $3.679 billion for the Transportation Security Administration (TSA) to provide civil aviation security services (aviation security, federal air marshals, maritime and land security, intelligence, research and development, and administration): * $1.673 billion for passenger screening activities, * $1.285 billion for baggage screening activities, * $721 million for airport support and enforcement presence, * $235 million for physical modifications of airports to provide for the installation of checked baggage explosives detection systems, and: * $100 million for the procurement of the explosives detection systems. Continues to cap the number of screeners at 45,000 full-time equivalent positions. Prohibits the use of funds authorized in this act to pursue or adopt regulations requiring airport sponsors to provide, without cost to TSA, building construction, maintenance, utilities and expenses, or space for services relating to aviation security (excluding space for necessary checkpoints). Senate Version of H.R. 2555 - Makes fiscal year 2004 appropriations of $4.524 billion for TSA to provide civil aviation security services: * $3.185 billion for screening activities, * $1.339 billion for airport support and enforcement presence, * $309 million for physical modifications of airports to provide for the installation of checked baggage explosives detection systems, and: * $151 million for the procurement of the explosives detection systems. Prohibits the use of funds authorized in this act to pursue or adopt regulations requiring airport sponsors to provide, without cost to TSA, building construction, maintenance, utilities and expenses, or space for services relating to aviation security (excluding space for necessary checkpoints). Prohibits the use of funds authorized in this act for the Computer Assisted Passenger Prescreening System (CAPPS II) until GAO has reported to the Committees on Appropriations that certain requirements have been met, including (1) the existence of a system of due process by which passengers considered to pose a threat may appeal their delay or prohibition from boarding a flight; (2) that the underlying error rate of databases will not produce a large number of false positives that will result in a significant number of passengers being treated mistakenly or security resources being diverted; (3) that TSA has stressed-tested and demonstrated the efficacy and predictive accuracy of all search tools in CAPPS II; and (4) that the Secretary has established an internal oversight board to monitor the manner in which CAPPS II is being developed and prepared. Requires a report from the Secretary of Homeland Security on actions taken to develop countermeasures for commercial aircraft against shoulder-fired missile systems and vulnerability assessments of this threat for larger airports. H.R. 2115 - Flight 100 - Century of Aviation Reauthorization Act - Conference Report version - Gives FAA the authority to take a certificate action if it is notified by DHS that the holder of the certificate presents a security threat. Gives the Secretary of Transportation the authority to make grants to general aviation entities (including airports, operators, and manufacturers) to reimburse them for security costs incurred and revenues lost because of restrictions imposed by the federal government in response to the events of September 11. The bill authorizes $100 million for these grants. Authorizes DHS to reimburse air carriers and airports for all security screening activities they are still performing, such as for providing catering services and checking documents at security checkpoints and for providing the space and facilities used to perform screening functions to the extent funds are available. Requires air carriers to carry out a training program for flight and cabin crews to prepare for possible threat conditions. TSA is required to establish minimum standards for this training within 1 year of the act's passage. Requires DHS to report in 6 months on the effectiveness of aviation security, specifically including the air marshal program; hardening of cockpit doors; and security screening of passengers, checked baggage, and cargo. Establishes within DHS a grant program to airport sponsors for (1) projects to replace baggage conveyer systems related to aviation security; (2) projects to reconfigure terminal baggage areas as needed to install explosives detection systems; and (3) projects to enable the Under Secretary for Border and Transportation Security to deploy explosives detection systems behind the ticket counter, in the baggage sorting area, or in line with the baggage handling system. Requires $250 million annually from the existing aviation security fee that is paid by airline passengers to be deposited in an Aviation Security Capital Fund and made available to finance this grant program. Requires TSA to certify that civil liberty and privacy issues have been addressed before implementing CAPPS II and requires GAO to assess TSA's compliance 3 months after TSA makes the required certification. Allows cargo pilots to carry guns under the same program for pilots of passenger airlines. Permits an off-duty pilot to transport the gun in a lockbox in the passenger cabin rather than in the baggage hold. Also provides that both passenger and cargo pilots should be treated equitably in their access to training. Requires security audits of all foreign repair stations within 18 months after TSA issues rules governing the audits. The rules must be issued within 240 days of enactment. Requires background checks on aliens seeking flight training in aircraft regardless of the size of the aircraft. For all training on small aircraft, includes a notification requirement but no waiting period. For training on larger aircraft, adopts an expedited procedure if the applicant already has training, a license, or a background check, and adopts a 30-day waiting period for first-time training on large aircraft. Makes TSA responsible for the background check. Requires TSA to issue an interim final rule in 60 days to implement this section. This section takes effect when that rule becomes effective. S.236 - Background Checks for Foreign Flight School Applicants - Amends federal aviation law to require a background check of alien flight school applicants without regard to the maximum certificated weight of the aircraft for which they seek training. (Currently, a background check is required for flight crews operating aircraft with a maximum certificated takeoff weight of 12,500 pounds or more.): S. 165 - Air Cargo Security Act - House companion bill (H.R. 1103) - Amends federal aviation law to require the screening of cargo that is to be transported in passenger aircraft operated by domestic and foreign air carriers in interstate air transportation. Directs TSA to develop a strategic plan to carry out such screening. Requires the establishment of systems that (1) provide for the regular inspection of shipping facilities for cargo shipments; (2) provide an industrywide pilot program database of known shippers of cargo; (3) train persons that handle air cargo to ensure that such cargo is properly handled and safeguarded from security breaches; and (4) require air carriers operating all-cargo aircraft to have an approved plan for the security of their air operations area, the cargo placed aboard the aircraft, and persons having access to their aircraft on the ground or in flight. H.R. 1366 - Aviation Industry Stabilization Act - Requires the Under Secretary for Border and Transportation Security, after all cockpit doors are strengthened, to consider and report to the Congress on whether it is necessary to require federal air marshals to be seated in the first class cabin of an aircraft with strengthened cockpit doors. Requires the Under Secretary to (1) undertake action necessary to improve the screening of mail so that it can be carried on passenger flights and (2) reimburse air carriers for certain screening and related activities, as well as the cost of fortifying cockpit doors, and for any financial losses attributed to the loss of air traffic resulting from the use of force against Iraq in calendar year 2003. Establishes an air cargo security working group composed of various groups to develop recommendations on the enhancement of the current known shipper program. H. R. 115 - Aviation Biometric Badge Act - Amends federal aviation law to direct TSA to require by regulation that each security screener (or employee who has unescorted access, or may permit other individuals to have unescorted access, to an aircraft or a secured area of the airport) be issued a biometric security badge that identifies a person by fingerprint or retinal recognition. H. R. 1049 - Arming Cargo Pilots Against Terrorism Act - Senate companion bill (S. 516) - Expresses the sense of Congress that a flight deck crew member of a cargo aircraft should be armed with a firearm to defend such aircraft against attacks by terrorists that could use the aircraft as a weapon of mass destruction or for other terrorist purposes. Amends federal transportation law to authorize the training and arming of flight deck crew members (pilots) of all-cargo air transportation flights to prevent acts of criminal violence or air piracy. H.R. 765 - (No title) - Legislation to arm cargo pilots - Amends federal aviation law to allow cargo pilots (not just air passenger pilots) to participate in the federal flight deck officer program. H.R. 580 - Commercial Airline Missile Defense Act - Senate companion bill - S. 311 - Directs the Secretary of Transportation to issue regulations that require all turbojet aircraft of air carriers to be equipped with a missile defense system. Requires the Secretary to purchase such defense systems and make them available to all air carriers. Sets forth certain interim security measures to be taken before the deployment of such defense systems. [End of section] Appendix III: Key Practices and Implementation Steps for Mergers and Organizational Transformations: Table 3: Practice: Ensure top leadership drives the transformation; Implementation step: * Define and articulate a succinct and compelling reason for change; * Balance continued delivery of services with merger and transformation activities. Practice: Establish a coherent mission and integrated strategic goals to guide the transformation; Implementation step: * Adopt leading practices for results-oriented strategic planning and reporting. Practice: Focus on a key set of principles and priorities at the outset of the transformation; Implementation step: * Embed core values in every aspect of the organization to reinforce the new culture. Practice: Set implementation goals and a time line to build momentum and show progress from day one; Implementation step: * Make public implementation goals and a time line; * Seek and monitor employee attitudes and take appropriate follow-up actions; * dentify cultural features of merging organizations to increase understanding of former work environments; * Attract and retain key talent; * Establish an organizationwide knowledge and skills inventory to exchange knowledge among merging organizations. Practice: Dedicate an implementation team to manage the transformation process; Implementation step: * Establish networks to support the implementation team; * Select high-performing team members. Practice: Use the performance management system to define responsibility and ensure accountability for change; Implementation step: * Adopt leading practices to implement effective performance management systems with adequate safeguards. Practice: Establish a communication strategy to create shared expectations and report related progress; Implementation step: * Communicate early and often to build trust; * Ensure consistency of message; * Encourage two-way communication; * Provide information to meet specific needs of employees. Practice: Involve employees to obtain their ideas and gain their ownership for the transformation; Implementation step: * Use employee teams; * Involve employees in planning and sharing performance information; * Incorporate employee feedback into new policies and procedures; * Delegate authority to appropriate organizational levels. Practice: Build a world-class organization; Implementation step: * Adopt leading practices to build a world-class organization. Source: GAO. [End of table] [End of section] Appendix IV: GAO Active Engagements Related to Aviation Security: Transportation Security Research and Development Programs at DHS and TSA: Key Questions: (1) What were the strategy and organizational structure for transportation security research and development (R&D) prior to 9/ 11 and what is the current strategy and structure? (2) How do DHS and TSA select their transportation security R&D projects and what projects are in their portfolios? (3) What are DHS's and TSA's goals and strategies for accelerating the development of transportation security technologies? (4) What are the nature and scope of coordination of R&D efforts between DHS and TSA, as well as with other public and private sector research organizations? Federal Air Marshal Service: Key Questions: (1) How has the federal air marshal program evolved, in terms of recruiting, training, retention, and operations since its management was transferred to TSA? (2) To what extent has TSA implemented the internal controls needed to meet the program's operational and management control challenges? (3) To what extent has TSA developed plans and initiatives to sustain the program and accommodate its future growth and maturation? TSA Baggage Screening: Key Questions: (1) What are the status and associated costs of TSA's efforts to acquire, install, and operate explosives detection equipment (electronic trace detection technology and explosives detection systems) to screen all checked baggage by December 31, 2003? (2) What are the benefits and trade-offs--to include costs, operations, and performance--of using alternative explosives detection technologies currently available for baggage screening? Reprogramming of Air Marshal Program Funds: Key Questions: (1) Describe the internal preparation, review, and approval process for DHS's reprogrammings and, specifically, the process for the May 15 and July 25 reprogramming requests for the air marshal program. (2) Determine whether an impoundment or deferral notice should have been sent to the Congress and any other associated legal issues. (3) Identify the implications, for both the air marshal program and other programs, of the pending reprogramming request. General Aviation Security: Key Questions: (1) How have security concerns and measures changed at general aviation airports since September 11, 2001? (2) What steps has TSA taken to improve general aviation security? Background Checks for Banner-Towing Aircraft: Key Questions: (1) What are the procedures for conducting background and security checks for pilots of small banner-towing aircraft requesting waivers to perform stadium overflights? (2) To what extent have these procedures been followed in conducting required background and security checks since September 11, 2001? (3) How effective have these procedures been in reducing risks to public safety? TSA's Computer Assisted Passenger Prescreening System II (CAPPS II): Key Questions: (1) How will the CAPPS II system function and what data will be needed to make the system operationally effective? (2) What safeguards will be put in place to protect the traveling public's privacy? (3) What systems and measures are in place to determine whether CAPPS II will result in improved national security? (4) What impact will CAPPS II have on the traveling public and on the airline industry in terms of costs, delays, risks, inconvenience, and other factors? TSA Passengers Screening Program: Key Questions: (1) What efforts have been taken or planned to ensure that passenger screeners comply with federal standards and other criteria, including efforts to train, equip, and supervise passenger screeners? (2) What methods does TSA use to test screeners' performance, and what have been the results of these tests? (3) How have the results of tests of TSA passenger screeners compared with the results achieved by screeners before September 11, 2001, and at five pilot program airports? (4) What actions is TSA taking to remedy performance concerns? TSA's Efforts to Implement Sections 106, 136, and 138 of the Aviation and Transportation Security Act: Key Questions: What is the status of TSA's efforts to implement (1) section 106 of the act requiring improved airport perimeter access security, (2) section 136 requiring the assessment and deployment of commercially available security practices and technologies, and (3) section 138 requiring background investigations for TSA and other airport employees? Assessment of the Portable Air Defense Missile Threat: Key Questions: (1) What are the nature and extent of the threat from man-portable air defense systems (MANPAD)? (2) How effective are U.S. controls on the use of exported MANPADs? (3) How do multilateral efforts attempt to stem MANPAD proliferation? (4) What types of countermeasures are available to minimize this threat and at what cost? Airline Assistance Determination of Whether the $5 Billion Provided by P.L. 107-42 Was Used to Compensate the Nation's Major Air Carriers for Their Losses Stemming from the Events of Sept. 11, 2001: Key Questions: (1) Was the $5 billion used only to compensate major air carriers for their uninsured losses incurred as a result of the terrorist attacks? (2) Were carriers reimbursed, per the act, only for increases in insurance premiums resulting from the attacks? TSA's Use of Sole-Source Contracts: Key Questions: (1) To what extent does TSA follow applicable acquisition laws and policies, including those for ensuring adequate competition? (2) How well does TSA's organizational structure facilitate effective, efficient procurement? (3) How does TSA ensure that its acquisition workforce is equipped to award and oversee contracts? (4) How well do TSA's policies and processes ensure that TSA receives the supplies and services it needs on time and at reasonable cost? [End of section] Related GAO Products: Aviation Security: Transportation Security: Federal Action Needed to Help Address Security Challenges. GAO-03-843. Washington, D.C.: June 30, 2003. Transportation Security: Post-September 11th Initiatives and Long-Term Challenges. GAO-03-616T. Washington, D.C.: April 1, 2003. Aviation Security: Measures Needed to Improve Security of Pilot Certification Process. GAO-03-248NI. Washington, D.C.: February 3, 2003. (NOT FOR PUBLIC DISSEMINATION): Aviation Security: Vulnerabilities and Potential Improvements for the Air Cargo System. GAO-03-286NI. Washington, D.C.: December 20, 2002. (NOT FOR PUBLIC DISSEMINATION): Aviation Security: Vulnerabilities and Potential Improvements for the Air Cargo System. GAO-03-344. Washington, D.C.: December 20, 2002. Aviation Security: Vulnerability of Commercial Aviation to Attacks by Terrorists Using Dangerous Goods. GAO-03-30C. Washington, D.C.: December 3, 2002. Aviation Security: Registered Traveler Program Policy and Implementation Issues. GAO-03-253. Washington, D.C.: November 22, 2002. Aviation Security: Transportation Security Administration Faces Immediate and Long-Term Challenges. GAO-02-971T. Washington, D.C.: July 25, 2002. Aviation Security: Information Concerning the Arming of Commercial Pilots. GA0-02-822R. Washington, D.C.: June 28, 2002. Aviation Security: Deployment and Capabilities of Explosive Detection Equipment. GAO-02-713C. Washington, D.C.: June 20, 2002. (CLASSIFIED): Aviation Security: Information on Vulnerabilities in the Nation's Air Transportation System. GAO-01-1164T. Washington, D.C.: September 26, 2001. (NOT FOR PUBLIC DISSEMINATION): Aviation Security: Information on the Nation's Air Transportation System Vulnerabilities. GAO-01-1174T. Washington, D.C.: September 26, 2001. (NOT FOR PUBLIC DISSEMINATION): Aviation Security: Vulnerabilities in, and Alternatives for, Preboard Screening Security Operations. GAO-01-1171T. Washington, D.C.: September 25, 2001. Aviation Security: Weaknesses in Airport Security and Options for Assigning Screening Responsibilities. GAO-01-1165T. Washington, D.C.: September 21, 2001. Aviation Security: Terrorist Acts Demonstrate Urgent Need to Improve Security at the Nation's Airports. GAO-01-1162T. Washington, D.C.: September 20, 2001. Aviation Security: Terrorist Acts Illustrate Severe Weaknesses in Aviation Security. GAO-01-1166T. Washington, D.C.: September 20, 2001. Responses of Federal Agencies and Airports We Surveyed about Access Security Improvements. GAO-01-1069R. Washington, D.C.: August 31, 2001. Responses of Federal Agencies and Airports We Surveyed about Access Security Improvements. GAO-01-1068R. Washington, D.C.: August 31, 2001. (RESTRICTED): FAA Computer Security: Recommendations to Address Continuing Weaknesses. GAO-01-171. Washington, D.C.: December 6, 2000. Aviation Security: Additional Controls Needed to Address Weaknesses in Carriage of Weapons Regulations. GAO/RCED-00-181. Washington, D.C.: September 29, 2000. FAA Computer Security: Actions Needed to Address Critical Weaknesses That Jeopardize Aviation Operations. GAO/T-AIMD-00-330. Washington, D.C.: September 27, 2000. FAA Computer Security: Concerns Remain Due to Personnel and Other Continuing Weaknesses. GAO/AIMD-00-252. Washington, D.C.: August 16, 2000. Aviation Security: Long-Standing Problems Impair Airport Screeners' Performance. GAO/RCED-00-75. Washington, D.C.: June 28, 2000. Aviation Security: Screeners Continue to Have Serious Problems Detecting Dangerous Objects. GAO/RCED-00-159. Washington, D.C.: June 22, 2000. (NOT FOR PUBLIC DISSEMINATION): Computer Security: FAA Is Addressing Personnel Weaknesses, but Further Action Is Required. GAO/AIMD-00-169. Washington, D.C.: May 31, 2000. Security: Breaches at Federal Agencies and Airports. GAO-OSI-00-10. Washington, D.C.: May 25, 2000. Aviation Security: Screener Performance in Detecting Dangerous Objects during FAA Testing Is Not Adequate. GAO/T-RCED-00-143. Washington, D.C.: April 6, 2000. (NOT FOR PUBLIC DISSEMINATION): Combating Terrorism: How Five Foreign Countries Are Organized to Combat Terrorism. GAO/NSIAD-00-85. Washington, D.C.: April 7, 2000. Aviation Security: Vulnerabilities Still Exist in the Aviation Security System. GAO/T-RCED/AIMD-00-142. Washington, D.C.: April 6, 2000. U.S. Customs Service: Better Targeting of Airline Passengers for Personal Searches Could Produce Better Results. GAO/GGD-00-38. Washington, D.C.: March 17, 2000. Aviation Security: Screeners Not Adequately Detecting Threat Objects during FAA Testing. GAO/T-RCED-00-124. Washington, D.C.: March 16, 2000. (NOT FOR PUBLIC DISSEMINATION): Aviation Security: Slow Progress in Addressing Long-Standing Screener Performance Problems. GAO/T-RCED-00-125. Washington, D.C.: March 16, 2000. Computer Security: FAA Needs to Improve Controls Over Use of Foreign Nationals to Remediate and Review Software. GAO/AIMD-00-55. Washington, D.C.: December 23, 1999. Aviation Security: FAA's Actions to Study Responsibilities and Funding for Airport Security and to Certify Screening Companies. GAO/RCED-99- 53. Washington, D.C.: February 24, 1999. Aviation Security: FAA's Deployments of Equipment to Detect Traces of Explosives. GAO/RCED-99-32R. Washington, D.C.: November 13, 1998. Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety. GAO/AIMD-98-155. Washington, D.C.: May 18, 1998. Aviation Security: Progress Being Made, but Long-Term Attention Is Needed. GAO/T-RCED-98-190. Washington, D.C.: May 14, 1998. Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety. GAO/AIMD-98-60. Washington, D.C.: April 29, 1998. (LIMITED OFFICIAL USE -DO NOT DISSEMINATE): Aviation Security: Implementation of Recommendations Is Under Way, but Completion Will Take Several Years. GAO/RCED-98-102. Washington, D.C.: April 24, 1998. Combating Terrorism: Observations on Crosscutting Issues. T-NSIAD-98- 164. Washington, D.C.: April 23, 1998. Aviation Safety: Weaknesses in Inspection and Enforcement Limit FAA in Identifying and Responding to Risks. GAO/RCED-98-6. Washington, D.C.: February 27, 1998. Aviation Security: FAA's Procurement of Explosives Detection Devices. GAO/RCED-97-111R. Washington, D.C.: May 1, 1997. Aviation Security: Commercially Available Advanced Explosives Detection Devices. GAO/RCED-97-ll9R. Washington, D.C.: April 24, 1997. Aviation Safety and Security: Challenges to Implementing the Recommendations of the White House Commission on Aviation Safety and Security. GAO/T-RCED-97-90. Washington, D.C.: March 5, 1997. Aviation Security: Technology's Role in Addressing Vulnerabilities. GAO/T-RCED/NSIAD-96-262. Washington, D.C.: September 19, 1996. Aviation Security: Oversight of Initiatives Will Be Needed. C-GAO/T- RCED/NSIAD-96-20. Washington, D.C.: September 17, 1996. (CLASSIFIED): Aviation Security: Urgent Issues Need to Be Addressed. GAO/T-RCED/ NSIAD-96-251. Washington, D.C.: September 11, 1996. Aviation Security: Immediate Action Needed to Improve Security. GAO/T- RCED/NSIAD-96-237. Washington, D.C.: August 1, 1996. Aviation Security: FAA Can Help Ensure That Airports' Access Control Systems Are Cost Effective. GAO/RCED-95-25. Washington, D.C.: March 1, 1995. Aviation Security: Development of New Security Technology Has Not Met Expectations. GAO/RCED-94-142. Washington, D.C.: May 19, 1994. Aviation Security: Additional Actions Needed to Meet Domestic and International Challenges. GAO/RCED-94-38. Washington, D.C.: January 27, 1994. Other: Homeland Security: Information Sharing Responsibilities, Challenges, and Key Management Issues. GAO-03-715T. Washington, D.C.: May 3, 2003. Information Technology: Terrorist Watch Lists Should Be Consolidated to Promote Better Integration and Sharing. GAO-03-322. Washington, D.C.: April 15, 2003. Combating Terrorism: Observations on National Strategies Related to Terrorism. GAO-03-519T. Washington, D.C.: March 3, 2003. Transportation Security Administration: Actions and Plans to Build a Results-Oriented Culture. GAO-03-190. Washington, D.C.: January 17, 2003. Major Management Challenges and Program Risks: Department of Homeland Security. GAO-03-102. Washington, D.C.: January 1, 2003. Major Management Challenges and Program Risks: Department of Transportation. GAO-03-108. Washington, D.C.: January 2003. National Preparedness: Integration of Federal, State, Local, and Private Sector Efforts Is Critical to an Effective National Strategy for Homeland Security. GAO-02-621T. Washington, D.C.: April 11, 2002. Homeland Security: Progress Made, More Direction and Partnership Sought. GAO-02-490T. Washington, D.C.: March 12, 2002. A Model of Human Capital Management. GAO-02-373SP. Washington, D.C.: March 2002. A Model of Human Capital Management. GAO-02-373SP. Washington, D.C.: March 2002.: FOOTNOTES [1] U.S. General Accounting Office, Aviation Security: Long-Standing Problems Impair Airport Screeners' Performance, GAO/RCED-00-75 (Washington, D.C.: June 28, 2000) and U.S. General Accounting Office, Aviation Security: Terrorist Acts Illustrate Severe Weaknesses in Aviation Security, GAO-01-1166T (Washington, D.C.: Sept. 20, 2001). [2] U.S. General Accounting Office, Security: Breaches at Federal Agencies and Airports, GAO-OSI-0010 (Washington, D.C.: May 25, 2000). [3] U.S. General Accounting Office, Aviation Security: Weak Computer Security Practices Jeopardize Flight Safety, GAO/AIMD-98-155 (Washington, D.C.: May 18, 1998); Computer Security: FAA Needs to Improve Controls over Use of Foreign Nationals to Remediate and Review Software, GAO/AIMD-00-55 (Washington, D.C.: Dec. 23, 1999); Computer Security: FAA Is Addressing Personnel Weaknesses, but Further Action Is Required, GAO/AIMD-00-169 (Washington, D.C.: May 31, 2000); FAA Computer Security: Concerns Remain Due to Personnel and Other Continuing Weaknesses, GAO/AIMD-00-252 (Washington, D.C.: Aug. 16, 2000); and FAA Computer Security: Recommendations to Address Continuing Weaknesses, GAO-01-171 (Washington, D.C.: Dec. 6, 2000). [4] Explosives detection machines are used to screen baggage for explosives and work by using CAT scan X-ray technology to take fundamental measurements of materials in bags to recognize characteristic signatures of threat explosives. Explosives trace detection systems (trace detection machines) are used to screen baggage for explosives, and work by detecting vapors and residues of explosives. [5] Under 49 C.F.R. sec. 1542.101, all qualified airports are required to have a TSA-approved security program that includes procedures to control movement within the secured area, including identification media required under sec. 1542.201(b)(3). [6] U.S. General Accounting Office, Aviation Security: Registered Traveler Program Policy and Implementation Issues, GAO-03-253 (Washington, D.C.: Nov. 22, 2002). [7] For example, on November 15, 1979, an explosive device contained in a parcel shipped by U.S. mail exploded aboard an American Airlines flight; on April 7, 1994, a Federal Express employee attempted to hijack a company plane and crash it into the company's headquarters. We reported on the security risks associated with dangerous goods in Aviation Security: Vulnerability of Commercial Aviation to Attacks by Terrorists Using Dangerous Goods, GAO-03-30C (Washington, D.C.: Dec. 3, 2002). [8] Freight forwarders consolidate shipments and deliver them to air carriers and cargo facilities of passenger and all-cargo air carriers. [9] U.S. General Accounting Office, Aviation Security: Vulnerabilities and Potential Improvements for the Air Cargo System, GAO-03-344 (Washington, D.C.: Dec. 20, 2002). [10] GAO-03-344. [11] For example, TSA issued a rule requiring that certain aircraft operators using aircraft with a maximum takeoff weight of 12,500 pounds or more carry out security measures, including conducting criminal history records checks on their flight crew members and restricting access to the flight deck. This rule went into effect in April 2003. [12] U.S. General Accounting Office, Transportation Security: Federal Action Needed to Help Address Security Challenges, GAO-03-843 (Washington, D.C.: June 30, 2003). [13] The Department of Homeland Security is assessing proposals from eight contractors for technology to protect commercial aircraft from shoulder-fired missile attack. [14] GAO-03-843. [15] U.S. General Accounting Office, Homeland Security: A Risk Management Approach Can Guide Preparedness Efforts, GAO-02-208T (Washington, D.C.: Oct. 31, 2001); and GAO-03-344. [16] The House agreed to $3.7 billion in funding for TSA and the Senate approved $4.5 billion. [17] TSA suspended the security fees from June 1 to September 30, 2003, as mandated by the Emergency Wartime Supplemental Appropriations Act of 2003. [18] With FAA's approval, commercial airports may charge boarding passengers a fee of up to $4.50 per trip segment to raise funds for airport capital development. [19] A letter of intent represents a nonbinding commitment from an agency to provide multiyear funding to an entity beyond the current authorization period. Thus, that letter allows an airport to proceed with a project without waiting for future federal funds because the airport and investors know that allowable costs are likely to be reimbursed. [20] U.S. General Accounting Office, Airport Finance: Past Funding Levels May Not Be Sufficient to Cover Airports' Planned Capital Development, GAO-03-497T (Washington, D.C.: Feb. 25, 2003). [21] The proposed Vision 100--Century of Aviation Reauthorization--Act, H.R. 2115. [22] U.S. General Accounting Office, Aviation Security: Transportation Security Administration Faces Immediate and Long-Term Challenges, GAO-02-971T (Washington, D.C.: July 25, 2002). [23] Aviation Security Costs, Transportation Security Administration, statement of the Honorable Kenneth M. Mead, Inspector General, U.S. Department of Transportation, before the Committee on Commerce, Science and Transportation, Subcommittee on Aviation, U.S. Senate, Feb. 5, 2003 (CC-2003-066). [24] DOT Inspector General, CC-2003-066. [25] Office of Inspector General, DOT, Report on Oversight of Security Screener Contracts, TSA, FI-2003-025 (Washington, D.C.: Feb. 28, 2003). [26] GAO-03-322. [27] U.S. General Accounting Office, Information Technology: Terrorist Watch Lists Should Be Consolidated to Promote Better Integration and Sharing, GAO-03-322 (Washington, D.C.: Apr. 15, 2003). [28] GAO-03-843. [29] U.S. General Accounting Office, A Model of Strategic Human Capital Management, GAO-02-373SP (Washington, D.C.: March 2002). [30] U.S. General Accounting Office, Transportation Security Administration: Actions and Plans to Build a Results-Oriented Culture, GAO-03-190 (Washington, D.C.: Jan. 13, 2003). [31] U.S. General Accounting Office, Results-Oriented Cultures: Implementation Steps to Assist Mergers and Organizational Transformations, GAO-03-669 (Washington, D.C.: July 2, 2003). [32] U.S. General Accounting Office, Major Management Challenges and Program Risks: Department of Homeland Security, GAO-03-102 (Washington, D.C.: Jan. 1, 2003). [33] GAO-03-190.