Summary
Transportation Security Administration (TSA) funding for aviation security has totaled about $26 billion since fiscal year 2004. This testimony focuses on TSA's efforts to secure the commercial aviation system through passenger screening, air cargo, and watch-list matching programs, and challenges remaining in these areas. GAO's comments are based on GAO products issued between February 2004 and April 2007, including selected updates in February 2008. This testimony also addresses TSA's progress in developing the Secure Flight program, based on work conducted from August 2007 to January 2008. To conduct this work, GAO reviewed systems development, privacy, and other documentation, and interviewed Department of Homeland Security (DHS), TSA, and contractor officials.
DHS and TSA have undertaken numerous initiatives to strengthen the security of the nation's commercial aviation system, including actions to address many recommendations made by GAO. TSA has focused its efforts on, among other things, more efficiently allocating, deploying, and managing the Transportation Security Officer (TSO) workforce--formerly known as screeners; strengthening screening procedures; developing and deploying more effective and efficient screening technologies; strengthening domestic air cargo security; and developing a government operated watch-list matching program, known as Secure Flight. Specifically, TSA developed and implemented a Staffing Allocation Model to determine TSO staffing levels at airports that reflect current operating conditions, and proposed and implemented modifications to passenger checkpoint screening procedures based on risk information. However, GAO reported that some assumptions in TSA's Staffing Allocation Model did not accurately reflect airport operating conditions, and that TSA could improve its process for evaluating the effectiveness of proposed procedural changes. In response, TSA developed a plan to review Staffing Allocation Model assumptions and took steps to strengthen its evaluation of proposed procedural changes. TSA has also explored new passenger checkpoint screening technologies to better detect explosives and other threats and has taken steps to strengthen air cargo security, including conducting vulnerability assessments at airports and compliance inspections of air carriers. However, TSA has not developed an inspection plan that included performance goals and measures to determine whether air carriers transporting cargo into the United States were complying with security requirements. In response to GAO's recommendations, TSA has since established a working group to strengthen its compliance activities. Finally, TSA has instilled more discipline and rigor into Secure Flight's systems development, including preparing key documentation and strengthening privacy protections. While these efforts should be commended, GAO has identified several areas that should be addressed to further strengthen aviation security. For example, TSA has made limited progress in developing and deploying checkpoint technologies due to planning and management challenges. Further, TSA continues to face some program management challenges in developing Secure Flight. Specifically, TSA has not (1) developed program cost and schedule estimates consistent with best practices; (2) fully implemented its risk management plan; (3) planned for system end-to-end testing in test plans; and (4) ensured that information security requirements are fully implemented. If these challenges are not addressed effectively, the risk of the program not being completed on schedule and within estimated costs is increased, and the chances of it performing as intended are diminished. DHS and TSA lack performance measures to fully evaluate the effectiveness of current processes for passengers who apply for redress due to inconveniences experienced during the check-in and screening process. Without such measures, DHS and TSA lack a sound basis to monitor the effectiveness of the redress process.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change
from "In process" to "Implemented" or "Not implemented" based on our follow up work.
Director:
Team:
Phone:
Cathleen A. Berrick
Government Accountability Office: Homeland Security and Justice
No phone on record
Recommendations for Executive Action
Recommendation: To assist TSA in further strengthening the development and implementation of the Secure Flight program, the Secretary of Homeland Security should direct the Assistant Secretary of the Transportation Security Administration to fully incorporate best practices into the development of Secure Flight life-cycle cost and schedule estimates, to include: (1) updating life-cycle cost and schedule estimates; (2) demonstrating that the Secure Flight schedule has the logic in place to identify the critical path, integrates lower level activities in a logical manner, and identifies the level of confidence in meeting the desired end date; and (3) developing and implementing a plan for managing and mitigating cost and schedule risks, including performing a schedule risk analysis and a cost and schedule risk assessment.
Agency Affected: Department of Homeland Security
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: To assist TSA in further strengthening the development and implementation of the Secure Flight program, the Secretary of Homeland Security should direct the Assistant Secretary of the Transportation Security Administration to fully implement the provisions in the program's risk management plan to include developing an inventory of risks with prioritization and mitigation strategies, report the status of risks and progress to management, and maintain documentation of these efforts.
Agency Affected: Department of Homeland Security
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: To assist TSA in further strengthening the development and implementation of the Secure Flight program, the Secretary of Homeland Security should direct the Assistant Secretary of the Transportation Security Administration to finalize and approve Secure Flight's end-to-end testing strategy, and incorporate end-to-end testing requirements in other relevant test plans, to include the test and evaluation master plan. The strategy and plans should contain provisions for: (1) testing that ensures that the interrelated systems that collectively support Secure Flight will interoperate as intended in an operational environment; and (2) defining and setting dates for key milestone activities and identifying who is responsible for completing each of those milestones and when.
Agency Affected: Department of Homeland Security
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: Regarding information security for the Secure Flight Program, the Secretary of Homeland Security should direct the TSA Chief Information Officer to coordinate with Secure Flight program officials to ensure security requirements are tested and implemented.
Agency Affected: Department of Homeland Security
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: Regarding information security for the Secure Flight Program, the Secretary of Homeland Security should direct the TSA Chief Information Officer to maintain and update security documentation to align with the current or planned Secure Flight computing environment, including interconnection agreements, in support of certification and accreditation activities.
Agency Affected: Department of Homeland Security
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: Regarding information security for the Secure Flight Program, the Secretary of Homeland Security should direct the TSA Chief Information Officer to correct identified high and moderate risk vulnerabilities, as addressed in remedial action plans, and assess changes to the computing environment to determine whether re-accreditation of the system is warranted.
Agency Affected: Department of Homeland Security
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: Finally, to ensure that DHS is able to fully assess the effectiveness of the current redress process for passengers who may have been misidentified during the watch-list matching process, the Secretary of Homeland Security and the Assistant Secretary of the Transportation Security Administration should re-evaluate redress performance measures and consider creating and implementing additional measures that, consistent with best practices, demonstrate results, cover multiple priorities, and provide useful information for decision making. These measures should further address all program goals, to include the accuracy of the redress process.
Agency Affected: Department of Homeland Security
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
