GAO-08-533T, Supply Chain Security: Challenges to Scanning 100 Percent of U.S.-Bound Cargo Containers


This is the accessible text file for GAO report number GAO-08-533T 
entitled 'Supply Chain Security: Challenges to Scanning 100 Percent of 
U.S.-Bound Cargo Containers' which was released on June 12, 2008. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony: 

Before the Subcommittee on Surface Transportation and Merchant Marine 
Infrastructure, Safety, and Security, Committee on Commerce, Science, 
and Transportation, U.S. Senate: 

United States Government Accountability Office: 

GAO: 

For Release on Delivery Expected at 10:00 a.m. EDT: 

Thursday, June 12, 2008: 

Supply Chain Security: 

Challenges to Scanning 100 Percent of U.S.-Bound Cargo Containers: 

Statement of Stephen L. Caldwell, Director, Homeland Security and 
Justice: 

GAO-08-533T: 

GAO Highlights: 

Highlights of GAO-08-533T, a testimony before the Subcommittee on 
Surface Transportation, and Merchant Marine Infrastructure, Safety and 
Security, Committee on Commerce, Science, and Transportation, U.S. 
Senate. 

Why GAO Did This Study: 

U.S. Customs and Border Protection (CBP), within the Department of 
Homeland Security (DHS), is responsible for preventing weapons of mass 
destruction from entering the United States in cargo containers that 
are shipped from more than 700 foreign seaports. The Security and 
Accountability for Every (SAFE) Port Act calls for testing the 
feasibility of scanning 100 percent of U.S.-bound cargo containers, and 
the Implementing Recommendations of the 9/11 Commission Act (9/11 Act) 
requires scanning 100 percent of U.S.-bound cargo containers by 2012. 
To fulfill these requirements, CBP created the Secure Freight 
Initiative (SFI) and has initiated a pilot program at seven seaports. 
This testimony discusses challenges related to the SFI pilot program 
and implementation of the requirement to scan 100 percent of U.S.-bound 
container cargo. This testimony is based on GAO products issued from 
July 2003 through April 2008 and ongoing work. To conduct this work, 
GAO reviewed reports from CBP and international partners on SFI and 
other container security programs, and interviewed CBP and foreign 
customs officials. 

What GAO Found: 

GAO identified challenges in nine areas that are related to the 
continuation of the SFI pilot program and the longer-term 100 percent 
scanning requirement: 
* Workforce planning: The SFI pilot program could generate an increased 
quantity of scan data. Therefore, more CBP officers will be required to 
review and analyze data for participating seaports. 
* Host nation examination practices: The SAFE Port and 9/11 Acts 
require DHS to develop standards for the scanning systems, but CBP 
lacks information on host nation equipment and practices. 
* Measuring performance: CBP has had difficulties defining performance 
measures for its container security programs; therefore, it will be 
difficult to assess if 100 percent scanning achieves increased 
security. 
* Resource responsibilities: Neither the SAFE Port Act nor the 9/11 Act 
specifies whether the United States would bear the costs of 
implementing 100 percent scanning. 
* Logistics: Space constraints can require seaports to place scanning 
equipment miles from where cargo containers are stored, and some 
containers are only available for scanning for a short period of time 
and may be difficult to access. 
* Technology and infrastructure: Environmental conditions can damage 
equipment and cause delays, and infrastructure capacity and equipment 
compatibility have presented difficulties in the SFI pilot program. 
* Use and ownership of data: Legislation specifies that scan data 
should be available to CBP officials, but the data are often generated 
and collected by foreign seaports and, in some cases, will require 
international agreements for transfer to CBP officials. 
* Consistency with risk management: International partners state that 
100 percent scanning is inconsistent with accepted risk management 
principles and diverts resources away from other security threats. 
* Reciprocity and trade concerns: Foreign governments could call for 
reciprocity of 100 percent scanning, requiring the United States to 
scan cargo containers, and some view this requirement as a barrier to 
trade. 

Figure: Congested Conditions of Ports Present Challenges to 100 Percent 
Scanning of Containers: 

This figure is a picture of congested conditions of ports present 
challenges to 100 percent scanning of containers. 

[See PDF for image] 

Source: GAO. 

[End of figure] 

What GAO Recommends: 

GAO recommended in prior reports that DHS develop human capital plans, 
enhance performance measures, and gather information on the efficacy of 
host government systems. DHS generally concurred with our 
recommendations and is taking steps to address them. 

To view the full product, including the scope and methodology, click on 
[http://www.gao.gov/cgi-bin/getrpt?GAO-08-533T]. For more information, 
contact Stephen Caldwell at (202) 512-9610 or caldwells@gao.gov. 

[End of section] 

Mr. Chairman and Members of the Subcommittee: 

I am pleased to be here today to discuss challenges to 100 percent 
scanning of U.S.-bound cargo containers. More than 700 foreign seaports 
ship cargo containers to the United States and over 11 million 
oceangoing cargo containers arrived at U.S. seaports last year. The 
terrorist attacks of 2001 heightened concerns about the potential 
vulnerability of U.S.-bound cargo containers to terrorist exploitation, 
and the prevention of such activity became a goal for the federal 
government. 

Within the Department of Homeland Security (DHS), U.S. Customs and 
Border Protection (CBP) is responsible for preventing terrorists and 
weapons of mass destruction (WMD) from entering the United States, 
including the potential WMD threat posed by the movement of oceangoing 
cargo containers. As it performs this mission, CBP maintains two 
overarching and sometimes conflicting goals--increasing security while 
facilitating legitimate trade. To address these goals, CBP has 
developed a layered security strategy that includes the Container 
Security Initiative (CSI) and the Customs-Trade Partnership Against 
Terrorism (C-TPAT). The CSI program, begun in 2002, aims to deter and 
detect the smuggling of WMD via cargo containers before they reach U.S. 
seaports. At the 58 seaports participating in the CSI program as of 
January 2008, foreign governments allow CBP personnel to be stationed 
at the seaports and use intelligence and automated risk assessment 
information to determine whether U.S.-bound shipments are at risk of 
containing WMD or other terrorist contraband--a process referred to as 
targeting. CBP personnel can then request that host government customs 
officials scan the identified high-risk cargo.[Footnote 1] CBP also 
operates C-TPAT, a voluntary partnership with the trade community, in 
which member companies commit to improving the security of their supply 
chains and develop security profiles that outline the companies' 
security measures. Because of their cooperation, and after verification 
by CBP that such stronger measures are in place, C-TPAT members are 
generally subjected to reduced levels of CBP scrutiny of their 
shipments. 

To further address container security concerns, Congress passed, and 
the President signed, the Security and Accountability for Every (SAFE) 
Port Act in October 2006, which includes provisions that codified CSI 
and C-TPAT, both of which had been CBP initiatives but not previously 
required by law.[Footnote 2] In addition, the act calls for the 
establishment of a pilot program to test the feasibility of scanning 
100 percent of U.S.-bound cargo containers and directs CBP to require 
transmission of additional data from importers and cargo carriers for 
improved targeting of U.S.-bound cargo containers. CBP is implementing 
these requirements as part of its Secure Freight Initiative (SFI) 
program. The SAFE Port Act also requires that 100 percent of U.S.-bound 
cargo containers be scanned using nonintrusive imaging equipment and 
radiation detection equipment at foreign seaports as soon as feasible. 
The SFI pilot program tests the feasibility of using this equipment and 
implementing 100 percent scanning at seven foreign seaports. In August 
2007, the Implementing Recommendations of the 9/11 Commission Act (9/11 
Act) was enacted, which revised the SAFE Port Act provision on 100 
percent scanning to require implementation by 2012, with possible 
exceptions for seaports for which DHS certifies that specified 
conditions exist.[Footnote 3] These conditions include that adequate 
scanning equipment is not available or cannot be integrated with 
existing systems, a port does not have the physical characteristics to 
install the equipment, or use of the equipment will significantly 
impact trade capacity and the flow of cargo. 

We have issued several reports over the past few years relating to 
cargo container security that include challenges that are also 
applicable to 100 percent scanning because of the similarities in the 
operations of the programs reviewed and their overall purpose to 
strengthen cargo security.[Footnote 4] This statement discusses these 
and other challenges that relate to the continuation of the SFI pilot 
program and the longer-term requirement to scan 100 percent of all 
cargo containers bound for the United States. 

The information in this testimony is based on GAO reports and 
testimonies issued from July 2003 through April 2008 addressing cargo 
container security operations and programs, as well as ongoing work 
concerning CBP's international efforts for the Senate Committee on 
Commerce, Science, and Transportation; the Senate Committee on Homeland 
Security and Governmental Affairs and its Permanent Subcommittee on 
Investigations; and the House Committee on Energy and Commerce, to be 
published later this year. For this ongoing work, we reviewed CBP 
documents, such as the report on the SFI program required by the 2007 
DHS Appropriations Act.[Footnote 5] We also reviewed documentation from 
the World Customs Organization (WCO) related to international 
initiatives for enhancing supply chain security.[Footnote 6] We also 
analyzed documents from some of CBP's international partners, which 
include European Commission comments on the SFI Pilot Seaport at 
Southampton, United Kingdom (UK); a position paper from the Association 
of German Port Operators; and reports on 100 percent scanning issued by 
the World Shipping Council and the WCO. In addition, we reviewed 
available documentation, such as reports and international agreements, 
related to CBP's work in the international trade community. We also met 
in Washington, D.C., with CBP officials who have program 
responsibilities for international affairs and trade, as well as with 
representatives from the European Commission, the WCO, and industry 
representative groups to discuss multilateral and bilateral efforts to 
promote security of the supply chain--the flow of goods from 
manufacturer to retailer. We also visited six CSI seaports located 
overseas to meet with local customs officials, selecting the locations 
based on geographic and strategic significance, container volume to the 
United States, the dates when the seaports began conducting CSI 
operations. Although the perspectives of the officials we spoke with 
cannot be generalized across the wider population of countries that 
participate in the CSI or C-TPAT programs or that ship container cargo 
to the United States, they provided us with an overall understanding of 
how CSI operations were conducted, as well as views on scanning 100 
percent of U.S.-bound cargo containers. 

We conducted our work from May 2006 to June 2008 in accordance with 
generally accepted government auditing standards. Those standards 
require that we plan and perform the audit to obtain sufficient, 
appropriate evidence to provide a reasonable basis for our findings and 
conclusions based on our audit objectives. We believe that the evidence 
obtained provides a reasonable basis for our findings based on our 
audit objectives. 

Summary: 

In our previous and ongoing work on maritime container security issues, 
we have identified numerous challenges related to the continuation of 
the SFI pilot and the longer-term requirement to scan 100 percent of 
all cargo containers bound for the United States. These challenges are 
in the following nine areas: 

* Workforce planning: Given the additional scanning equipment used--as 
well as the additional cargo containers to be scanned--the SFI pilot, 
as well as 100 percent scanning, program could generate an increased 
quantity of scan data. Therefore, CBP could face even greater staffing 
challenges because more CBP officers will be required to review and 
analyze these data for participating seaports. Furthermore, our past 
work on maritime container security found weaknesses in CBP's workforce 
planning. 

* Host nation examination practices: While the SAFE Port and 9/11 Acts 
require DHS to develop operational and equipment standards for the 
scanning systems used for 100 percent scanning, CBP does not 
systematically collect information on the efficacy of host government 
examination systems. 

* Measuring performance: While the intention of the SFI pilot program 
and 100 percent scanning is to increase security for the United States, 
CBP has had ongoing difficulties in defining performance measures for 
its maritime container security programs to indicate whether security 
is increased. 

* Resource responsibilities: It is unclear who will pay for additional 
resources--including increased staff, equipment, and infrastructure-- 
and who will be responsible for operating and maintaining the equipment 
used for the statutory requirement to scan 100 percent of U.S.-bound 
cargo containers at foreign seaports. Neither the SAFE Port Act nor the 
9/11 Act specifies whether the federal government will bear the cost of 
scanning 100 percent of U.S.-bound cargo containers. 

* Logistics: Scanning equipment is sometimes placed miles from where 
cargo containers are stored, which could add to the time and cost 
requirements for scanning these containers. Also, transshipment cargo 
containers--containers moved from one vessel to another--are only 
available for scanning for a comparatively short period of time and may 
be difficult to access. 

* Technology and infrastructure: Issues, such as environmental 
conditions that damage equipment and cause delay, limited bandwidth 
capacity of local infrastructure, and compatibility with older 
equipment have presented difficulties in the SFI pilot program. 

* Use and ownership of data: While the SAFE Port Act specifies that 
scan data produced in the SFI pilot program should be available for 
review by U.S. officials, legal restrictions in foreign countries may 
make it difficult to share this information with CBP. In some cases, 
transferring such information to U.S. officials could require new 
international agreements. 

* Consistency with risk management: International partners state that 
100 percent scanning is inconsistent with widely accepted risk 
management principles, and some CBP international partners have stated 
that the requirement could potentially reduce the security of the 
supply chain by diverting scarce resources away from other essential 
security measures. 

* Reciprocity and trade concerns: Foreign governments could call for 
reciprocity of 100 percent scanning, requiring the United States to 
scan container exports to those countries. This will be a challenge, as 
CBP officials have stated that the agency does not have the resources 
to scan other countries' exports leaving the United States. Further, 
some view this scanning requirement as a barrier to trade. 

Background: 

CBP Has Developed a Layered Security Strategy to Help Implement Its 
Risk Management Approach: 

CBP has developed a layered security strategy that provides multiple 
opportunities to mitigate threats and allows CBP to focus its limited 
resources on cargo containers that are the most likely to pose a risk 
to the United States. Risk management is a strategy called for by 
federal law and presidential directive and is meant to help 
policymakers and program officials most effectively mitigate risk while 
allocating limited resources under conditions of uncertainty. This 
layered security strategy is composed of different but complementary 
initiatives and programs, such as CSI and C-TPAT, which build on each 
other and work with other federal security programs, such as the 
Department of Energy's (DOE) Megaports Initiative.[Footnote 7] This 
layered strategy attempts to address cargo container security 
comprehensively while ensuring that security attention is directed 
toward the highest-risk containers within the supply chain. 

The Container Security Initiative: 

CBP's CSI program aims to identify and examine U.S.-bound cargo that 
pose a high risk of concealing WMD or other terrorist contraband by 
reviewing advanced cargo information sent by ocean cargo carriers. As 
of January 2008, CBP operated CSI in 58 foreign seaports, which, at the 
time, accounted for 86 percent of all U.S.-bound cargo containers. As 
part of the CSI program, CBP officers, usually stationed at foreign 
seaports, seek to identify high-risk U.S.-bound cargo containers by 
using information from cargo carriers as well as reviewing databases 
and interacting with host government officials. When requested by CBP, 
host government customs officials examine the high-risk container cargo 
by scanning it using various types of nonintrusive inspection (NII) 
equipment, such as large-scale X-ray machines, or by physically 
searching a container's contents before it is sent to the United 
States.[Footnote 8] 

Customs-Trade Partnership against Terrorism: 

Initiated in November 2001, the C-TPAT program aims to secure the flow 
of goods bound for the United States by developing a voluntary 
antiterrorism partnership with stakeholders from the international 
trade community.[Footnote 9] To join C-TPAT, a company submits a 
security profile, which CBP compares to its minimum security 
requirements for the company's trade sector. CBP then reviews the 
company's compliance with customs laws and regulations and any 
violation history that might preclude the approval of benefits--which 
includes reduced scrutiny or expedited processing of the company's 
shipments. CBP data show that from 2004 through 2006, C-TPAT members 
were responsible for importing about 30 percent of U.S.-bound cargo 
containers, specifically importing 29.5 percent of the 11.7 million 
oceangoing cargo containers off-loaded in the United States in the 
first 9 months of 2007. As of May 2008, there were over 8,400 C-TPAT 
members from the import trade community that had various roles in the 
supply chain. 

The Importance of International Partnerships: 

To more effectively implement the components of its layered security 
strategy, CBP has worked to promote international partnerships to 
enhance security so that high-risk cargo can be identified before it 
arrives in the United States. For the CSI program, CBP has negotiated 
and entered into nonbinding, reciprocal arrangements with foreign 
governments, specifying the placement of CBP officials at foreign 
seaports and the exchange of information between CBP and foreign 
customs administrations. These arrangements allow participating foreign 
governments the opportunity to place their customs officials at U.S. 
seaports and request inspection of cargo containers departing from the 
United States that are bound for their respective countries. CBP also 
works with other customs organizations to enhance international supply 
chain security. For example, CBP has taken a lead role in working with 
foreign customs administrations and the WCO to establish and implement 
international risk-based management principles and standards, similar 
to those used in the CSI and C-TPAT programs, to improve the ability of 
member customs administrations to increase the security of the global 
supply chain while facilitating international trade. The member 
countries of the WCO, including the United States, adopted such risk-
based principles and standards through the WCO Framework of Standards 
to Secure and Facilitate Global Trade (commonly referred to as the SAFE 
Framework), in June 2005. 

The SAFE Port Act Requires a Pilot Program to Test the Feasibility of 
100 Percent Scanning: 

To improve maritime container security, the SAFE Port Act was enacted 
in October 2006 and requires, among other things, that CBP conduct a 
pilot program to determine the feasibility of scanning 100 percent of 
U.S.-bound containers. It also specifies that the pilot should test 
integrated scanning systems that combine the use of radiation portal 
monitors and NII equipment, building upon CSI and the Megaports 
Initiative. To fulfill this and other requirements of the SAFE Port 
Act, CBP and DOE jointly announced the formation of SFI in December 
2006. The first phase of SFI is the International Container Security 
project--commonly known as the SFI pilot program.[Footnote 10] The SFI 
pilot program tests the feasibility of 100 percent scanning of U.S.- 
bound container cargo at seven overseas seaports and involves the 
deployment of advanced cargo scanning equipment and an integrated 
examination system. The advanced cargo scanning equipment--NII and 
radiation detection equipment--produce data to indicate the presence of 
illicit nuclear and radiological material in containers. The integrated 
examination system then uses software to make this information 
available to CBP for analysis. According to CBP, it will review the 
scan data at the foreign seaport or at CBP's National Targeting Center- 
Cargo (NTCC) in the United States.[Footnote 11] If the scanning 
equipment indicates a potential concern, both CSI and host government 
customs officials are to simultaneously receive an alert and the 
specific container is to be further inspected before it continues on to 
the United States. 

As shown in table 1, under the SFI pilot program, three SFI seaports 
are to scan 100 percent of U.S.-bound container cargo that passes 
through those seaports, while the other four seaports are to deploy 
scanning equipment in a more limited capacity. 

Table 1: Information on the Seven Foreign Seaports Participating in the 
SFI Pilot Program: 

SFI port: Qasim, Pakistan; 
Deployment level when pilot operational: Full[C]; 
Testing date[A]: March 2007; 
Operational date[B]: October 12, 2007; 
Volume of U.S.-bound containers, fiscal year 2006: 2,058. 

SFI port: Puerto Cortez, Honduras; 
Deployment level when pilot operational: Full[C]; 
Testing date[A]: April 2007; 
Operational date[B]: October 12, 2007; 
Volume of U.S.-bound containers, fiscal year 2006: 77,707. 

SFI port: Southampton, UK; 
Deployment level when pilot operational: Full[C]; 
Testing date[A]: August 2007; 
Operational date[B]: October 12, 2007; 
Volume of U.S.-bound containers, fiscal year 2006: 31,780. 

SFI port: Busan, South Korea; 
Deployment level when pilot operational: Limited[D]; 
Testing date[A]: April 2008 (projected); 
Operational date[B]: To be determined; 
Volume of U.S.-bound containers, fiscal year 2006: 610,061. 

SFI port: Salalah, Oman; 
Deployment level when pilot operational: Limited[D]; 
Testing date[A]: May 2008 (projected); 
Operational date[B]: To be determined; 
Volume of U.S.-bound containers, fiscal year 2006: 81,333. 

SFI port: Singapore; 
Deployment level when pilot operational: Limited[D]; 
Testing date[A]: June 2008 (projected); 
Operational date[B]: To be determined; 
Volume of U.S.-bound containers, fiscal year 2006: 376,846. 

SFI port: Hong Kong; 
Deployment level when pilot operational: Limited[D]; 
Testing date[A]: November 2007; 
Operational date[B]: January 2008; 
Volume of U.S.-bound containers, fiscal year 2006: 1,333,812. 

Source: U.S. Customs and Border Protection. 

[A] Testing date is defined as the date when the scanning systems are 
in place and operational testing begins. 

[B] Operational date is defined as the date when the SFI scanning data 
are transmitted successfully to the local central alarm station and to 
the CBP network in the United States. 

[C] Fully operational seaports are to scan 100 percent of U.S.-bound 
container cargo under the SFI pilot program. 

[D] Limited operation seaports are to scan less than 100 percent of 
U.S.-bound container cargo. For these seaports, CBP plans to conduct 
SFI operations at a reduced level, typically limited to one terminal in 
the port, such as Gamman Terminal in Busan. 

[End of table] 

As required by the SAFE Port Act, CBP was to issue a report in April 
2008 on the lessons learned from the SFI pilot program and the need and 
feasibility of expanding the 100 percent scanning system to other CSI 
seaports, among other things.[Footnote 12] As we prepared this 
statement, CBP had not yet issued this report. Every 6 months after the 
issuance of this report, CBP is to report on the status of full-scale 
deployment of the integrated scanning systems at foreign seaports to 
scan 100 percent of U.S.-bound cargo. 

The SFI Pilot Program and 100 Percent Scanning Face a Number of 
Challenges: 

We identified challenges in nine areas that are related to the 
continuation of the SFI pilot program and the longer-term 100 percent 
scanning requirement: (1) workforce planning, (2) the lack of 
information about host government cargo examination systems,(3) 
measuring performance outcomes, (4) undefined resource responsibilities 
for the cost and labor for implementation, (5) logistical feasibility 
for scanning equipment and processes, (6) technological issues, (7) the 
use and ownership of scanning data, (8) a perceived disparity between 
100 percent scanning and the risk management approach of CBP's 
international partners, and (9) potential requests for reciprocity from 
foreign governments. 

Workforce Planning Will Be Critical to Success: 

In our prior work examining the CSI and C-TPAT programs, we reported 
that CBP faced challenges identifying an appropriate number of 
positions for the programs and finding enough qualified people to fill 
these positions.[Footnote 13] For example, we reported in 2005 and 
again in 2008 that CBP's human capital plan did not systematically 
determine the optimal number of officers needed at each CSI seaport to 
carry out duties that require an overseas presence (such as 
coordinating with host government officials or witnessing the 
examinations they conduct) as opposed to duties that could be performed 
remotely in the United States (such as reviewing databases).[Footnote 
14] Determining optimal staffing levels is particularly important since 
CBP reports facing ongoing challenges identifying sufficient numbers of 
qualified employees to staff the program. For example, CBP officials 
reported that 9 qualified applicants applied for 40 permanent positions 
at CSI seaports. We also reported that according to CBP officials, to 
fill open CSI positions, officers have in some cases been deployed who 
have not received all required training. We recommended in April 2005 
that CBP revise the CSI staffing model to consider (1) what functions 
need to be performed at CSI seaports and what can be performed in the 
United States, (2) the optimum levels of staff needed at CSI seaports 
to maximize the benefits of targeting and inspection activities in 
conjunction with host nation customs officials, and (3) the cost of 
locating targeters overseas at CSI seaports instead of in the United 
States.[Footnote 15] CBP agreed with our recommendation on CSI's 
staffing model and said that modifications to the model would allow 
program objectives to be achieved in a more cost-effective manner. CBP 
said that it would evaluate the minimum level of staff needed at CSI 
seaports to maintain ongoing dialogue with host nation officials, as 
well as assess the staffing levels needed domestically to support CSI 
activities. However, as of January 2008, CBP's human capital plan did 
not systematically make these determinations. 

The ability of the SFI pilot program--and by extension the 100 percent 
scanning requirement of the SAFE Port and 9/11 Acts--to operate 
effectively and enhance maritime container security depends, in part, 
on the success of CBP's ability to manage and deploy staff in a way 
that ensures that critical security functions are performed. Under the 
CSI program, CBP operated and conducted cargo container scanning at 58 
foreign seaports as of January 2008; however, given that additional 
scanning equipment will be used in the SFI pilot program, and 
fulfilling the 100 percent scanning requirement will naturally increase 
the number of containers to be scanned at the more than 700 seaports 
that ship cargo to the United States, the SFI pilot program and 100 
percent scanning requirement will generate an increased quantity of 
scan data. According to European customs officials, for there to be 
value added in these additional scans, the scan data must be reviewed. 
Therefore, in implementing the 100 percent scanning requirement, CBP 
will face staffing challenges because more CBP officers will be 
required to review and analyze these data from participating seaports. 

CBP Generally Lacks Key Information on Host Government Examination 
Systems Because of Sovereignty Constraints: 

As we reported in January 2008, CBP does not systematically collect 
information on CSI host governments' examination equipment or 
processes.[Footnote 16] We noted that CBP must respect the sovereignty 
of countries participating in CSI and, therefore, cannot require that a 
country use specific scanning equipment or follow a set of prescribed 
examination practices. Thus, while CBP has set minimum technical 
criteria to evaluate the quality and performance of equipment being 
considered for use at domestic seaports, it has no comparable standards 
for scanning equipment used at foreign seaports. In addition, CBP 
officials stated that there are no plans to evaluate examination 
equipment at foreign seaports against the domestic criteria. CBP 
officials added, however, that the capabilities of scanning equipment 
are only one element for determining the effectiveness of examinations 
that take place at CSI seaports. It is better, in their view, to make 
assessments of the processes, personnel, and equipment that 
collectively constitute the host governments' entire examination 
systems. However, in January 2008, we reported that CBP does not gather 
this type of information and recommended that CBP, in collaboration 
with host government officials, improve the information gathered at 
each CSI port by (1) establishing general guidelines and technical 
criteria regarding the minimal capability and operating procedures for 
an examination system that can provide a basis for determining the 
reliability of examinations and related CSI activities; (2) 
systematically collecting data for that purpose; and (3) analyzing the 
data against the guidelines and technical criteria to determine what, 
if any, mitigating actions or incentives CBP should take to help ensure 
the desired level of security. CBP partially concurred with this 
recommendation in terms of improving the information gathered about 
host governments' examination systems. In particular, CBP agreed on the 
importance of an accepted examination process and noted that it 
continues to improve the information it gathers. CBP did not indicate 
that it would systematically pursue information on these host 
government examination systems. It did state that it was working 
through the WCO to address uniform technical standards for equipment. 
We reported that while CBP engaged with international trade groups to 
develop supply chain security requirements, these requirements do not 
specify particular equipment capabilities or examination practices. 

Both the SAFE Port and 9/11 Acts require DHS to develop technical and 
operational standards for scanning systems; therefore, the challenges 
that CSI has faced in obtaining information about host governments' 
examination systems are relevant to the SFI pilot program and the 100 
percent scanning requirement.[Footnote 17] However, as noted earlier in 
this statement, the United States cannot compel foreign governments to 
use specific equipment for the SFI pilot program or the 100 percent 
scanning requirement, thus challenging CBP's ability to set and enforce 
standards. In addition, because CBP does not systematically collect 
information on the efficacy of host governments' examinations systems, 
it lacks reasonable assurance that these examinations could reliably 
detect and identify WMD unless it implements our January 2008 
recommendation to determine actions to take to ensure the desired level 
of security. This is particularly important since currently, under CSI, 
most high-risk cargo containers examined at international seaports are 
not re-examined upon arrival at domestic seaports. 

Measuring Performance, Particularly Outcomes, Will Be Difficult: 

In our reviews of the CSI and C-TPAT programs, we identified challenges 
with CBP's ability to measure program performance because of, among 
other things, the difficulty in determining whether these programs were 
achieving their desired result of increasing security for the United 
States.[Footnote 18] In the past, we and the Office of Management and 
Budget (OMB) have acknowledged the difficulty in developing outcome- 
based performance measures for programs that aim to deter or prevent 
specific behaviors.[Footnote 19] In the case of C-TPAT, we noted in our 
March 2005 and April 2008 reports that CBP had not developed a 
comprehensive set of performance measures and indicators for the 
programs, such as outcome-based measures, to monitor the status of 
program goals. A senior CBP official stated that developing these 
measures for C-TPAT, as well as other CBP programs, has been difficult 
because CBP lacks the data necessary to determine whether a program has 
prevented or deterred terrorist activity. We recommended that CBP 
complete the development of performance measures, to include outcome- 
based measures and performance targets, to track the program's status 
in meeting its strategic goals. CBP agreed with our recommendation on 
developing performance measures, and had developed initial measures 
relating to membership, inspection percentages, and validation 
effectiveness. However, as we reported in April 2008, CBP had yet to 
develop measures that assess C-TPAT's progress toward achieving its 
strategic goal to ensure that its members improve the security of their 
supply chains pursuant to C-TPAT security criteria. 

Given that, as with CSI and C-TPAT, the purpose of the SFI pilot 
program and the 100 percent scanning provision is to increase security 
for the United States, the same challenges related to defining and 
measuring performance could also apply to the SFI pilot program and the 
100 percent scanning provision. Without outcome-based performance 
measures, it will be difficult for CBP and DHS managers and Congress to 
effectively provide program oversight and determine whether 100 percent 
scanning achieves the desired result--namely increased security for the 
United States. 

Resource Responsibilities for Implementing 100 Percent Scanning Have 
Not Been Determined: 

While CBP and DOE have purchased security equipment for foreign 
seaports participating in the SFI pilot program, it is unclear who will 
pay for additional resources--including increased staff, equipment, and 
infrastructure--and who will be responsible for operating and 
maintaining the equipment used for the statutory requirement to scan 
100 percent of U.S.-bound cargo containers at foreign seaports. 
According to CBP, the average cost of initiating operations at CSI 
seaports was about $395,000 in 2004 and $227,000 in 2005.[Footnote 20] 
By comparison, CBP reported that it and DOE have spent approximately 
$60 million, collectively, to implement 100 percent scanning at the 
three foreign seaports fully participating in the SFI pilot 
program.[Footnote 21] The SAFE Port and 9/11 Acts did not require nor 
prohibit the federal government from bearing the cost of scanning 100 
percent of U.S.-bound cargo containers.[Footnote 22] According to 
customs officials in the UK who participated in the SFI pilot program 
at the Port of Southampton, resource issues will inhibit their ability 
to implement permanently the 100 percent scanning requirement. For 
example, these customs officials commented that to accommodate the SFI 
pilot program at the Port of Southampton, existing customs staff had to 
be reallocated from other functions. The UK customs officials further 
stated that this reallocation was feasible for the 6-month pilot 
program, but it would not be feasible on a permanent basis. Similarly, 
a customs official from another country with whom we met told us that 
while his country does not scan 100 percent of exports, its customs 
service has increased its focus on examining more exported container 
cargo, and this shift has led to a 50 percent increase in personnel. 

European government officials expressed concerns regarding the cost of 
equipment to meet the 100 percent scanning requirement, as well as the 
cost of additional personnel necessary to operate the new scanning 
equipment, view and transmit the images to the United States, and 
resolve false alarms. Though CBP and DOE have provided the bulk of 
equipment and other infrastructure necessary to implement the SFI pilot 
program, they have also benefited from host nation officials and port 
operators willing to provide, to varying degrees, the resources 
associated with additional staffing, alarm response protocols, 
construction, and other infrastructure upgrades. However, according to 
CBP, there is no assurance that this kind of mutual support is either 
sustainable in the long term or exists in all countries or at all 
seaports that export goods to the United States. 

Logistical Feasibility Could Vary by Seaport: 

Logistical issues, such as crowded terminal facilities and the variety 
of transportation modes at terminals, could present challenges to the 
SFI pilot program and implementation of 100 percent scanning. Seaports 
may lack the space necessary to install additional scanning equipment 
needed to comply with the 100 percent scanning requirement. For 
example, we observed that scanning equipment at some seaports is 
located several miles away from where cargo containers are stored, 
which could add to the time and cost requirements for scanning these 
containers. Similarly, while some seaports have natural bottlenecks 
that allow for container scanning equipment to be placed such that all 
outgoing containers would have to pass through the equipment, not all 
seaports are so configured, and the potential exists for containers to 
be shipped to the United States without being scanned. Another 
potential logistical vulnerability is related to the transportation 
modes by which cargo containers arrive and pass through seaports. For 
example, cargo containers that arrive at a seaport by truck or rail are 
generally easier to isolate, whereas transshipment cargo containers-- 
those moved from one vessel to another--are only available for scanning 
for a comparatively short time and may be more difficult to 
access.[Footnote 23] For example, UK customs officials stated that it 
was not possible to route transshipment containers that arrived by sea 
through the SFI equipment. As a consequence, the scanning of 
transshipment containers has not begun at the Port of Southampton. CBP 
and European customs officials evaluating the SFI pilot program stated 
that while the pilot has been comparatively successful at relatively 
lower-volume seaports, such as Southampton, implementing 100 percent 
scanning would be significantly more challenging at seaports with a 
higher volume of cargo container traffic or greater percentages of 
transshipment cargo containers. 

Technology and Compatibility Issues Could Present Challenges: 

The SFI pilot program currently faces technology challenges, such as 
mechanical breakdowns of scanning equipment because of environmental 
factors, inadequate infrastructure for the transmission of electronic 
information, and difficulties in integrating different generations of 
scanning equipment. Environmental conditions at some sites can 
compromise the effectiveness of radiation detection equipment used in 
the SFI pilot program. For example, two of the three seaports fully 
participating in the SFI pilot program experienced weather-related 
mechanical breakdowns of scanning equipment. Specifically, at the Port 
of Southampton, a piece of radiation scanning equipment failed because 
of rainy conditions and had to be replaced, resulting in 2 weeks of 
diminished scanning capabilities. Additionally, Port Qasim in Pakistan 
has experienced difficulties with scanning equipment because of the 
extreme heat. Because of the range of climates at the more than 700 
other international seaports that ship cargo to the United States, 
these types of technological challenges could be experienced elsewhere. 

The limited infrastructure at some foreign seaports poses a challenge 
to the installation and operation of radiation detection equipment, as 
well as to the electronic transmission of scan data to CBP officers in 
the United States. Many seaports are located in remote areas that often 
do not have access to reliable supplies of electricity or 
infrastructure needed to operate radiation portal monitors and 
associated communication systems. For example, at Port Salalah in Oman, 
a key challenge has been the cost of data transmission, because of low 
bandwidth communications infrastructure, to send data to the CBP 
officers who review the scans. Prior to SFI, the CSI office in Port 
Salalah already used transmission technology that cost annually about 
10 times that of other SFI seaports. To participate in SFI, CBP 
originally planned to procure additional technology costing 
approximately $1.5 million each year to transmit the SFI data from Port 
Salalah. However, CBP was able to devise a lower-cost option that 
involved sharing communications infrastructure with existing CSI 
operations at the port because U.S.-bound container volume is 
relatively low in Oman. While CBP reported that this solution could 
keep data transmission costs down at other low-volume seaports, it is 
unclear whether this could be accomplished at higher-volume seaports. 
In addition to compatibility with existing infrastructure, SFI seaports 
have experienced compatibility issues with equipment from different 
generations. According to CBP, there are various manufacturers of 
equipment used at CSI seaports, and although the integration of 
equipment and technology at SFI pilot program seaports has generally 
been successful, it has not been without challenges. For example, at 
Port Salalah integration of a large number of new pieces of equipment 
by new vendors caused operational delays. 

Use and Ownership of Data Have Not Been Determined: 

The legislation that mandated the SFI pilot program and 100 percent 
scanning does not specify who will have the authority or responsibility 
to collect, maintain, disseminate, view, or analyze scan data collected 
on cargo containers bound for the United States. While the SAFE Port 
Act specifies that SFI pilot program scan data should be available for 
review by U.S. government officials, neither it nor the 9/11 Act 
establishes who is to be responsible for managing the data collected at 
foreign seaports. Other unresolved questions include ownership of data, 
how proprietary information is to be treated, and how privacy concerns 
are to be addressed. For example, officials from UK Customs stated that 
UK privacy legislation barred sharing information on cargo containers 
with CBP unless a specific risk was associated with the containers. To 
comply with UK laws, while still allowing CBP to obtain scan data on 
container cargo, UK Customs and CBP negotiated working practices to 
allow CBP to use its own handheld radiation scanning devices to 
determine whether cargo containers emitted radiation, but this was only 
for purposes of the SFI pilot program. According to the European 
Commission, for 100 percent scanning to go forward, the transfer of 
sensitive information would have to take place systematically, which 
would only be possible if a new international agreement between the 
United States and the European Union (EU) was enacted. In the absence 
of agreements with the host governments at the more than 700 seaports 
that ship cargo to the United States, access to data on the results of 
container scans could be difficult to ensure. 

CBP International Partners Have Stated That 100 Percent Scanning Is 
Inconsistent with Widely Accepted Risk Management Practices: 

Some of CBP's international partners, including foreign customs 
services, port operators, trade groups, and international 
organizations, have stated that the 100 percent scanning requirement is 
inconsistent with widely accepted risk management principles, and some 
governments have expressed to DHS and Congress that 100 percent 
scanning is not consistent with these principles as contained in the 
SAFE Framework.[Footnote 24] Similarly, some European customs officials 
have told us that the 100 percent scanning requirement is in contrast 
to the risk-based strategy behind CSI and C-TPAT, and the WCO has 
stated that implementation of 100 percent scanning would be "tantamount 
to abandonment of risk management." In addition, some of CBP's 
international partners have stated that the requirement could 
potentially reduce security. For example, the European Commission noted 
that there has been no demonstration that 100 percent scanning is a 
better means for enhancing security than current risk-based methods. 
Further, CBP officials have told us that the 100 percent scanning 
requirement may be a disincentive for foreign countries or companies to 
adopt risk-based security initiatives, such as CSI, C-TPAT, or the SAFE 
Framework. Similarly, in April 2008, the Association of German Seaport 
Operators released a position paper that stated that implementing the 
100 percent scanning requirement would undermine mutual, already 
achieved, security successes and hinder maritime security by depriving 
resources from areas that present a more significant threat and warrant 
closer scrutiny. 

100 Percent Scanning Could Lead to Calls for Reciprocity and Be Viewed 
as a Barrier to Trade: 

Implementation of the 100 percent scanning requirement could result in 
calls for reciprocity of scanning activities from foreign officials and 
be viewed as a barrier to trade. European customs officials, as well as 
officials from the WCO, have objected to the unilateral nature of the 
100 percent scanning requirement, noting that this requirement 
contrasts with prior multilateral efforts CBP has implemented. 
Similarly, the Association of German Port Operators published a 
position paper stating that the legislative requirement inherently 
ignores the international character of global maritime trade and is a 
classic example of an issue that should have been discussed with and 
passed by the legislative body of an international organization, such 
as the WCO. In its report on the SFI pilot program, the European 
Commission expressed concern that it would be difficult for EU customs 
administrations to implement a measure designed to protect the United 
States that would divert resources away from strengthening EU security. 
Customs officials from Europe, as well as members of the World Shipping 
Council and the Federation of European Private Port Operators, 
indicated that should implementation of the 100 percent scanning 
requirement be pursued, foreign governments could establish similar 
requirements for the United States, forcing U.S. export cargo 
containers to undergo scanning before being loaded at U.S. seaports. 
According to CBP officials, the SFI pilot program, as an extension of 
CSI, allows foreign officials to ask the United States to reciprocate 
and scan 100 percent of cargo containers bound for their respective 
countries. CBP officials told us that CBP does not have the personnel, 
equipment, or space to scan 100 percent of cargo containers being 
exported to other countries, should it be requested to do so. 

In addition to the issue of reciprocity, European and Asian government 
officials, as well as officials from the WCO, have stated that 100 
percent scanning could constitute a barrier to trade. For example, the 
Association of German Seaport Operators stated that the 100 percent 
mandate would amount to an unfair nontariff trade barrier between the 
United States and foreign seaports. Similarly, senior officials from 
the European Commission expressed concern that a 100 percent scanning 
requirement placed on foreign seaports could disrupt the international 
trading system.[Footnote 25] Further, the WCO passed a unanimous 
resolution in December 2007, expressing concern that implementation of 
100 percent scanning would be detrimental to world trade and could 
result in unreasonable delays, port congestion, and international 
trading difficulties.[Footnote 26] 

Mr. Chairman and members of the subcommittee, this concludes my 
prepared statement. We look forward to working with CBP and the 
Congress to track progress of the SFI pilot and to identify the way 
forward for supply chain security. I would be happy to respond to any 
questions you may have. 

Contacts and Acknowledgments: 

For information about this testimony, please contact Stephen L. 
Caldwell, Director, Homeland Security and Justice Issues, at (202) 512- 
9610 or caldwells@gao.gov. Contact points for our Offices of 
Congressional Relations and Public Affairs may be found on the last 
page of this statement. This testimony was prepared under the direction 
of Christopher Conrad, Assistant Director. Other individuals making key 
contributions to this testimony include Frances Cook, Stephanie Fain, 
Emily Hanawalt, Valerie Kasindi, Robert Rivas, and Sally Williamson. 

[End of section] 

Related GAO Products: 

Supply Chain Security: U.S. Customs and Border Protection Has Enhanced 
Its Partnership with Import Trade Sectors, but Challenges Remain in 
Verifying Security Practices. GAO-08-240. Washington, D.C.: April 25, 
2008. 

Supply Chain Security: Examinations of High-Risk Cargo at Foreign 
Seaports Have Increased, but Improved Data Collection and Performance 
Measures Are Needed. GAO-08-187. Washington, D.C.: January 25, 2008. 

Maritime Security: The SAFE Port Act: Status and Implementation One 
Year Later. GAO-08-126T. Washington, D.C.: October 30, 2007. 

Maritime Security: One Year Later: A Progress Report on the SAFE Port 
Act. GAO-08-171T. Washington, D.C.: October 16, 2007. 

Maritime Security: The SAFE Port Act and Efforts to Secure Our Nation's 
Seaports. GAO-08-86T. Washington, D.C.: October 4, 2007. 

Combating Nuclear Smuggling: Additional Actions Needed to Ensure 
Adequate Testing of Next Generation Radiation Detection Equipment. GAO- 
07-1247T. Washington, D.C.: September 18, 2007. 

Maritime Security: Observations on Selected Aspects of the SAFE Port 
Act. GAO-07-754T. Washington, D.C.: April 26, 2007. 

Customs Revenue: Customs and Border Protection Needs to Improve 
Workforce Planning and Accountability. GAO-07-529. Washington, D.C.: 
April 12, 2007. 

Cargo Container Inspections: Preliminary Observations on the Status of 
Efforts to Improve the Automated Targeting System. GAO-06-591T. 
Washington, D.C.: March 30, 2006. 

Combating Nuclear Smuggling: Efforts to Deploy Radiation Detection 
Equipment in the United States and in Other Countries. GAO-05-840T. 
Washington, D.C.: June 21, 2005. 

Homeland Security: Key Cargo Security Programs Can Be Improved. GAO-05- 
466T. Washington, D.C.: May 26, 2005. 

Maritime Security: Enhancements Made, but Implementation and 
Sustainability Remain Key Challenges. GAO-05-448T. Washington, D.C.: 
May 17, 2005. 

Container Security: A Flexible Staffing Model and Minimum Equipment 
Requirements Would Improve Overseas Targeting and Inspection Efforts. 
GAO-05-557. Washington, D.C.: April 26, 2005. 

Preventing Nuclear Smuggling: DOE Has Made Limited Progress in 
Installing Radiation Detection Equipment at Highest Priority Foreign 
Seaports. GAO-05-375. Washington, D.C.: March 31, 2005. 

Cargo Security: Partnership Program Grants Importers Reduced Scrutiny 
with Limited Assurance of Improved Security. GAO-05-404. Washington, 
D.C.: March 11, 2005. 

Homeland Security: Process for Reporting Lessons Learned from Seaport 
Exercises Needs Further Attention. GAO-05-170. Washington, D.C.: 
January 14, 2005. 

Port Security: Better Planning Needed to Develop and Operate Maritime 
Worker Identification Card Program. GAO-05-106. Washington, D.C.: 
December 10, 2004. 

Maritime Security: Substantial Work Remains to Translate New Planning 
Requirements into Effective Port Security. GAO-04-838. Washington, 
D.C.: June 30, 2004. 

Homeland Security: Summary of Challenges Faced in Targeting Oceangoing 
Cargo Containers for Inspection. GAO-04-557T. Washington, D.C.: March 
31, 2004. 

Container Security: Expansion of Key Customs Programs Will Require 
Greater Attention to Critical Success Factors. GAO-03-770. Washington, 
D.C.: July 25, 2003. 

[End of section] 

Footnotes: 

[1] Examining cargo containers involves using radiation detection 
equipment or nonintrusive imaging equipment, which may include X-ray or 
gamma ray technology, or both, to determine if a cargo container poses 
a WMD risk. 

[2] Pub. L. No. 109-347, 120 Stat. 1884. 

[3] Pub. L. No. 110-53, § 1701(a), 121, Stat. 266, 489-90 (amending 6 
U.S.C. § 982(b)). 

[4] See the end of this statement for a list of related GAO products. 

[5] In addition to this report, the SAFE Port Act also required that 
CBP produce a report on lessons learned from the SFI pilot program; 
however, this report was not available as of the time we prepared this 
statement. 

[6] The WCO is an independent international organization whose mission 
is to enhance the efficiency and effectiveness of customs 
administrations. 

[7] Begun in 2003, DOE's Megaports Initiative complements CBP's layered 
security strategy by providing foreign nations with radiation detection 
equipment, such as radiation portal monitors, to scan cargo containers 
moving through their seaports. As of February 2008, the Megaports 
Initiative was fully operational at 12 foreign seaports and in various 
stages of implementation at 17 others. 

[8] There are generally two types of CSI cargo container examinations-
-scanning with NII equipment and physical searches. To scan cargo 
containers, CSI depends on imaging equipment, which may use X-rays or 
gamma rays to create images of the container's contents, and radiation 
detection equipment. CBP officials, along with host government 
officials, may review the information produced with the scanning 
equipment to determine the presence of WMD. Depending on the results of 
the scans, physical searches may be conducted. 

[9] Stakeholders of the international trade community include 
importers; customs brokers; air, sea, and land carriers; and other 
logistics service providers, such as freight consolidators. 

[10] The second phase of SFI is still in development. This phase 
involves the advance transmission of cargo information from importers 
and cargo carriers. 

[11] According to CBP, the National Targeting Center (NTC) was 
established in response to the need for proactive targeting aimed at 
preventing acts of terror and to seize, deter, and disrupt terrorists 
and implements of terror. NTC originally combined both passenger and 
cargo targeting in one facility. It was later divided into NTCC and the 
National Targeting Center-Passenger. For purposes of this report, we 
use NTCC in our references since its mission is to support CBP cargo- 
targeting operations. 

[12] 6 U.S.C. § 981(d). The DHS Appropriations Act for fiscal year 
2007, enacted shortly before the SAFE Port Act, also required a pilot 
program to test 100 percent scanning at three ports, and established 
similar, but not identical, requirements for the program. For example, 
the report to Congress on lessons learned is to include a plan and 
schedule to expand the scanning system developed under the pilot to 
other CSI ports rather than an assessment of the need and feasibility 
of such an expansion. 

[13] For our prior recommendations and observations on C-TPAT's 
workforce challenges, see GAO, Container Security: Expansion of Key 
Customs Programs Will Require Greater Attention to Critical Success 
Factors, GAO-03-770 (Washington, D.C.: July 25, 2003). Also, see GAO, 
Cargo Security: Partnership Program Grants Importers Reduced Scrutiny 
with Limited Assurance of Improved Security, GAO-05-404 (Washington, 
D.C.: Mar. 11, 2005). 

[14] GAO, Container Security: A Flexible Staffing Model and Minimum 
Equipment Requirements Would Improve Overseas Targeting and Inspection 
Efforts, GAO-05-557 (Washington, D.C.: Apr. 26, 2005) and GAO, Supply 
Chain Security: Examinations of High-Risk Cargo at Foreign Seaports 
Have Increased, but Improved Data Collection and Performance Measures 
Are Needed, GAO-08-187 (Washington, D.C.: Jan. 25, 2008). 

[15] GAO-05-557. 

[16] GAO-08-187. 

[17] The SAFE Port Act directs DHS to (1) establish technical criteria 
and standard operating procedures for the use of NII equipment at CSI 
seaports and (2) require CSI seaports to operate the equipment in 
accordance with the criteria and operating procedures established by 
DHS. The act states that the technical criteria and operating 
procedures should not be designed to conflict with the sovereignty of 
host countries, but it did not address host government s' sovereignty 
related to requirements for CSI seaports to operate the equipment in 
accordance with the criteria and procedures. The 9/11 Act directs DHS 
to establish technological and operational standards for systems to 
conduct 100 percent scanning of containers and to ensure that this and 
other actions taken to implement 100 percent scanning are consistent 
with the United States' international obligations. 

[18] For more information on the difficulty that CSI has had in 
developing outcome-based performance measures and in measuring the 
deterrence effect of the program, see GAO-08-187. 

[19] According to OMB, outcome measures describe the intended result of 
carrying out a program or activity. For example, for a tornado warning 
system, a measure of outcome could be the number of lives saved and 
amount of property damage averted. 

[20] CBP had used the average cost per CSI port to achieve operational 
status as a performance measure. However, agency officials told us that 
they stopped using the measure in 2006 because at that point, the 
majority of CSI seaports had already become operational and because 
there were too many variables beyond CBP's control in the calculation. 

[21] Under the SFI pilot program, three seaports will scan 100 percent 
of U.S.-bound container cargo while the remaining four will scan less 
than 100 percent of U.S.-bound container cargo. CBP will conduct a 
reduced level of SFI operations at these four seaports, typically 
limited to one terminal in the port, such as Gamman Terminal in Busan 
or the Brani Terminal in Singapore. 

[22] The Congressional Budget Office assumed in its analysis of 
estimates for implementing this requirement that the cost of acquiring, 
installing, and maintaining systems necessary to comply with the 100 
percent scanning requirement would be borne by foreign seaports so that 
they could maintain trade with the United States. 

[23] Similarly, it may be difficult to scan cargo containers that 
remain on board a vessel as it passes through a foreign seaport. 

[24] Currently, the CSI program employs a risk management approach to 
identify cargo containers at high risk of containing WMD for scanning 
with nonintrusive imaging equipment and possible physical inspection 
before being placed on vessels bound for the United States. In 
contrast, the 100 percent scanning approach subjects to all U.S.-bound 
cargo containers to scanning with nonintrusive imaging equipment 
regardless of risk. 

[25] The European Commission is the EU's policy-making and executive 
engine. The commission is composed of 27 commissioners, one from each 
member state. Among its many powers, the commission proposes 
legislation for approval by the EU Council and European Parliament in 
matters relating to economic integration, ensures that EU laws are 
applied and upheld throughout the EU, implements the budget, and 
represents the European community in international trade negotiations. 

[26] The United States abstained from the vote.

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability.  

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates."  

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to:  

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548:  

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061:  

To Report Fraud, Waste, and Abuse in Federal Programs:  

Contact:  

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470:  

Congressional Relations:  

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548:  

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: