Skip to main content

Aviation Security: Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation Security Programs, but More Work Remains

GAO-08-456T Published: Feb 28, 2008. Publicly Released: Feb 28, 2008.
Jump To:
Skip to Highlights

Highlights

Transportation Security Administration (TSA) funding for aviation security has totaled about $26 billion since fiscal year 2004. This testimony focuses on TSA's efforts to secure the commercial aviation system through passenger screening, air cargo, and watch-list matching programs, and challenges remaining in these areas. GAO's comments are based on GAO products issued between February 2004 and April 2007, including selected updates in February 2008. This testimony also addresses TSA's progress in developing the Secure Flight program, based on work conducted from August 2007 to January 2008. To conduct this work, GAO reviewed systems development, privacy, and other documentation, and interviewed Department of Homeland Security (DHS), TSA, and contractor officials.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Homeland Security To assist TSA in further strengthening the development and implementation of the Secure Flight program, the Secretary of Homeland Security should direct the Assistant Secretary of the Transportation Security Administration to fully incorporate best practices into the development of Secure Flight life-cycle cost and schedule estimates, to include: (1) updating life-cycle cost and schedule estimates; (2) demonstrating that the Secure Flight schedule has the logic in place to identify the critical path, integrates lower level activities in a logical manner, and identifies the level of confidence in meeting the desired end date; and (3) developing and implementing a plan for managing and mitigating cost and schedule risks, including performing a schedule risk analysis and a cost and schedule risk assessment.
Closed – Implemented
Section 522(a) of the Department of Homeland Security (DHS) Appropriations Act, 2005, set forth 10 conditions related to the development and implementation of Secure Flight that must be successfully met before the program becomes operational. The act required GAO to review the Secure Flight program until it determined that all 10 conditions had been successfully met. Statutory Condition 10 required the Transportation Security Administration (TSA) to demonstrate that appropriate life-cycle cost estimates and expenditure and program plans existed. In February 2008, we reported that TSA had not fully followed best practices that would ensure reliable and valid program cost and schedule estimates, and the program schedule had experienced slippages. In May 2009, we reported that TSA had conditionally, but not fully, achieved the statutory requirement related to life-cycle cost and schedule estimates, based on the agency's plan of action for addressing weaknesses we identified. The plan, dated April 2009, detailed the steps the Secure Flight program management office intended to carry out to address those weaknesses and ensure that the development of these estimates was done in accordance with GAO best practices. With regard to the program's cost estimate, TSA established a plan of action to, among other things, (1) provide more detail in the work necessary to accomplish the program's objectives, (2) properly align the cost estimate with the schedule of work to be performed, (3) develop an independent cost estimate performed by a contractor, (4) have the DHS Cost Analysis Division assess the life-cycle cost estimate, and (5) perform cost uncertainty and sensitivity analyses on the estimate. With regard to the Secure Flight program's schedule, TSA established a plan of action to develop, among other things, (1) a sequenced and logical schedule to accurately calculate float time and a critical path; (2) a schedule that fully identifies the resources needed to complete key activities; (3) a schedule that includes realistic estimates of activity duration; and (4) a schedule risk analysis that will be used by TSA leadership to distribute resources to high-risk activities on the critical path, which if delayed would delay the entire program. In April 2010, we reported that TSA had taken several steps to improve these estimates and implement our prior recommendations. Thus, we considered the legislative requirement to be generally achieved. We found that TSA had significantly improved the Secure Flight program's life-cycle cost estimate and our overall assessment found that the agency had substantially satisfied GAO best practices related to characteristics of a reliable cost estimate. For example, in October 2009, a TSA contractor developed an independent cost estimate for the program, which the agency used to validate the credibility of the existing life-cycle cost estimate. TSA also conducted a cost uncertainty analysis and a sensitivity analysis on the independent cost estimate. Further, we found that TSA had taken several steps to improve the Secure Flight program's schedule, and our overall assessment found that the agency has substantially satisfied GAO's best practices related to characteristics of a reliable schedule estimate. For example, TSA assigned resources for each activity, conducted a schedule risk analysis, and developed strategies to mitigate risks to the program that could affect the schedule. To minimize the risk of schedule delay, TSA prioritized the schedule for assuming the watchlist-matching function from air carriers and reallocated staff resources. TSA completed implementation of the Secure Flight program on November 23, 2010, more than a month ahead of schedule. This recommendation is closed as implemented.
Department of Homeland Security To assist TSA in further strengthening the development and implementation of the Secure Flight program, the Secretary of Homeland Security should direct the Assistant Secretary of the Transportation Security Administration to fully implement the provisions in the program's risk management plan to include developing an inventory of risks with prioritization and mitigation strategies, report the status of risks and progress to management, and maintain documentation of these efforts.
Closed – Implemented
In February 2008, GAO testified before the House Appropriation Committee's Subcommittee on Homeland Security that the Transportation Security Administration (TSA) had not implemented key aspects of a risk management plan for its Secure Flight program, including developing an inventory of risks and related information to demonstrate that its risk management tool had been populated and was being used to identify, prioritize, mitigate, and monitor risks. Accordingly, we recommended that TSA develop an inventory of risks with prioritization and mitigation strategies, report the status of risks and progress to management, and maintain documentation of these efforts. Since then, TSA has taken sufficient steps to address this recommendation. Specifically, the Secure Flight risk management board established a risk management process and provided updated training for identifying, reporting, and managing risks to the Secure Flight management team. Subsequently, in July 2008, the risk management board updated and consolidated an inventory of program risks with prioritization and mitigation strategies. In addition, program risks were assessed biweekly by the board and the risk prioritization and mitigation strategies have been updated accordingly. By taking these steps, Secure Flight risks were proactively mitigated, thus decreasing the likelihood of cost and schedule overruns and performance shortfalls.
Department of Homeland Security To assist TSA in further strengthening the development and implementation of the Secure Flight program, the Secretary of Homeland Security should direct the Assistant Secretary of the Transportation Security Administration to finalize and approve Secure Flight's end-to-end testing strategy, and incorporate end-to-end testing requirements in other relevant test plans, to include the test and evaluation master plan. The strategy and plans should contain provisions for: (1) testing that ensures that the interrelated systems that collectively support Secure Flight will interoperate as intended in an operational environment; and (2) defining and setting dates for key milestone activities and identifying who is responsible for completing each of those milestones and when.
Closed – Implemented
In February 2008, we reported that the Transportation Security Administration (TSA) had not fully outlined its plans for end-to-end testing in its overall test and evaluation plan, or other test plans. Secure Flight's test and evaluation master plan only outlined plans for partner organizational entities to test their respective parts of the system on their own (e.g., Customs and Border Protection for integration of international watch-list functions), rather than a coordinated end-to-end testing involving all parties. TSA had developed a preliminary working draft of an end-to-end testing strategy, called the parallel testing strategy. However, the plan did not contain provisions for (1) testing that ensured that supporting systems will operate as intended in an operational environment, (2) definitions and dates for key milestone activities and parties responsible for completing them, or (3) the revision of other test plans, such as the test and evaluation master plan, to reflect the performance of end-to-end tests. Since the time of our review, we found that TSA has made significant progress in implementing our February 2008 recommendation. Specifically, in May 2008, TSA provided GAO with a copy of the Secure Flight Test and Evaluation Master Plan, which contained TSA's plans for end-to-end testing. In July 2008, TSA provided its Parallel Test Strategy and Parallel Test Module plans to GAO, which also contained TSA's plans for end-to-end testing.
Department of Homeland Security Regarding information security for the Secure Flight Program, the Secretary of Homeland Security should direct the TSA Chief Information Officer to coordinate with Secure Flight program officials to ensure security requirements are tested and implemented.
Closed – Implemented
In February 2008, we reported that the Transportation Security Administration (TSA) had not adequately completed steps to ensure that Secure Flight security requirements were tested. For example, security requirements planned for the Secure Flight program's Release 1 did not always trace to test activities for this release. Program officials stated that some security requirements were deferred until future releases due to delays in funding for acquiring specific hardware, and other requirements required coordination with the information security official to verify whether they would be tested as part of security test and evaluation. Since the time of our review, we found that TSA has made significant progress in developing the Secure Flight program and has completed key activities associated with implementing the program. In May 2009, GAO reported that TSA had generally achieved 9 of the 10 statutory conditions related to the development of the Secure Flight program (including Statutory Conditions 5 and 6 which required TSA to build in sufficient operational safeguards to reduce opportunities for abuse and to ensure substantial security measures are in place to protect the Secure Flight system from unauthorized abuse by hackers and other intruders) and conditionally achieved 1 condition. Specifically, related to our prior recommendation, in June 2008, the Department of Homeland Security (DHS) reported that TSA's Chief Information Officer (CIO) would provide continuous monitoring of the Secure Flight system to ensure that the system remains in compliance with Federal Information Security Management Act requirements, as outlined by DHS. DHS noted that certification and accreditation serves as a living process and the CIO would validate the Secure Flight system by performing Security Testing and Evaluation and periodic auditing activities. In May 2009, GAO reported that TSA had performed several key security steps for the Secure Flight program's Release 1, including testing and evaluating security controls for the Secure Flight system and incorporating identified weaknesses in remedial action plans. Further, GAO reported that TSA had completed security testing for Release 3, the version of Secure Flight that was placed into production. GAO concluded that TSA had generally achieved the Secure Flight's statutory requirements related to systems information security.
Department of Homeland Security Regarding information security for the Secure Flight Program, the Secretary of Homeland Security should direct the TSA Chief Information Officer to maintain and update security documentation to align with the current or planned Secure Flight computing environment, including interconnection agreements, in support of certification and accreditation activities.
Closed – Implemented
In February 2008, we reported that the Transportation Security Administration (TSA) had not adequately completed steps pertaining to preparing Secure Flight program security documentation and that the documentation contained incorrect or incomplete information. For example, the systems security plan did not identify all interconnecting systems that Secure Flight would interface with, such as those operated by the Department of Homeland Security (DHS) Watch-List Service, the organization that will transmit the watch-list to Secure Flight. According to Secure Flight program officials, the security documentation was outdated or incorrect because there was insufficient time to update the documentation for changes in the computing environment and security requirements. Since the time of our review, we found that TSA has made significant progress in developing the Secure Flight program and has completed key activities associated with implementing the program. In May 2009, GAO reported that TSA had generally achieved 9 of the 10 statutory conditions related to the development of the Secure Flight program (including Statutory Conditions 5 and 6 which required TSA to build in sufficient operational safeguards to reduce the opportunities for abuse and to ensure substantial security measures are in place to protect the Secure Flight system from unauthorized access by hackers and other intruders) and conditionally achieved 1 condition. Specifically related to our February 2008 recommendation, in June 2008, DHS reported that TSA's Chief Information Officer (CIO) would ensure that the Secure Flight security documentation is in alignment with the operational Secure Flight system. DHS stated that the Secure Flight Operations and Maintenance team would maintain Certification and Accreditation as outlined by DHS, ensuring that the Secure Flight system complies with all required security controls, as outlined in National Institute of Standards and Technology Special Publication 800-53. DHS also stated that the Secure Flight Operations and Maintenance team, working with the Secure Flight Information Systems Security Officer, will maintain and update system and program documentation to ensure alignment with current and future Secure Flight computing environments. In August 2008, TSA and U.S. Customs and Border Protection (CBP) signed a formal interconnection security agreement establishing individual and organizational security responsibilities for the protection and handling of unclassified information between the DHS Router operated by CBP and TSA's Secure Flight program. In May 2009, GAO reported that TSA had completed several key security steps for the Secure Flight program's Release 1, including preparing security documentation such as a system security plan and loading security requirements into the developer's security management tool. Further, GAO reported that TSA had updated security documents for Release 3, the version of Secure Flight that was placed into production. GAO concluded that TSA had generally achieved the Secure Flight program's statutory requirements related to systems information security.
Department of Homeland Security Regarding information security for the Secure Flight Program, the Secretary of Homeland Security should direct the TSA Chief Information Officer to correct identified high and moderate risk vulnerabilities, as addressed in remedial action plans, and assess changes to the computing environment to determine whether re-accreditation of the system is warranted.
Closed – Implemented
In February 2008, we reported that the Transportation Security Administration (TSA) had not adequately completed steps pertaining to conducting certification and accreditation activities. We reported that Secure Flight program officials granted an authorization to operate, although the Secure Flight system had 46 known vulnerabilities, including 11 high-risk and 27 moderate-risk vulnerabilities and the controls had not yet been implemented. Since the time of our review, we found that TSA has made significant progress in developing the Secure Flight program and has completed key activities associated with implementing the program. In May 2009, GAO reported that TSA had generally achieved 9 of the 10 statutory conditions related to the development of the Secure Flight program (including Conditions 5 and 6 which required TSA to build in sufficient operational safeguards to reduce the opportunities for abuse, and to ensure substantial security measures are in place to protect the Secure Flight system from unauthorized access by hackers and other intruders) and conditionally achieved 1 condition. Specifically, related to our February 2008 recommendation, in June 2008, Department of Homeland Security (DHS) reported that the TSA Chief Information Officer (CIO) would work with the Secure Flight team to remediate the identified low, moderate, and high-risk vulnerabilities identified by the IT Security Branch and make informed decisions on when the Secure Flight system needed to be re-accredited. DHS stated that the Secure Flight team would ensure that all high, moderate, and low-risk vulnerabilities would be addressed as identified in the Plan of Action and Milestones associated with each vulnerability. DHS stated that all audit findings would be tracked in the Trusted Agent Federal Information Security Act (FISMA) Tool and the Secure Flight case management system to ensure that all findings would be addressed and properly traced through execution and closure. DHS also stated that the Secure Flight Information Systems Security Officer would perform random assessments and periodic review of the Secure Flight environment to ensure that the Secure Flight system is being maintained in accordance with DHS guidelines and FISMA requirements. In May 2009, GAO reported that TSA had performed several key security steps for the Secure Flight program's Release 1, including conducting certification and accreditation activities. Further, GAO reported that TSA had mitigated the high- and moderate-risk vulnerabilities related to Release 1 and 60 high- and moderate-risk vulnerabilities associated with Release 3, the version of Secure Flight that was placed into production. GAO concluded that TSA had generally achieved the Secure Flight program's statutory requirements related to systems information security.
Department of Homeland Security Finally, to ensure that DHS is able to fully assess the effectiveness of the current redress process for passengers who may have been misidentified during the watch-list matching process, the Secretary of Homeland Security and the Assistant Secretary of the Transportation Security Administration should re-evaluate redress performance measures and consider creating and implementing additional measures that, consistent with best practices, demonstrate results, cover multiple priorities, and provide useful information for decision making. These measures should further address all program goals, to include the accuracy of the redress process.
Closed – Implemented
In February 2008, we reported that the Transportation Security Administration (TSA) had not developed a complete set of performance measures to assess the effectiveness of the redress process for passengers inconvenienced as a result of watch-list matching. At that time, we also noted that the Department of Homeland Security (DHS) and TSA were developing additional measures for the redress process that they planned to implement once the Secure Flight passenger prescreening system became operational. In May 2009, we reported that TSA had developed performance measures to monitor the timeliness and accuracy of the Secure Flight redress process to be introduced once Secure Flight became operational. These measures include the percent of individuals who submit a redress number who are automatically cleared and the time it takes to process a redress request. Further, in May 2009, we reported that TSA had generally achieved 9 of the 10 statutory conditions related to the development of the Secure Flight program (including Statutory Condition 1 which required that a system of due process exist whereby aviation passengers determined to pose a threat who are either delayed or prohibited from boarding their schedule flights by TSA may appeal such decisions and correct erroneous information contained in the Secure Flight program). Our conclusion that TSA had generally achieved Statutory Condition 1 (Redress) was based, in part, on our review of the additional performance measures for the Secure Flight redress process as well as other actions taken by TSA and DHS to address our recommendation that they consider creating and implementing additional measures for the current redress process. Specifically, in June 2008, DHS reported that it sent participants from its Traveler Redress Inquiry Program (TRIP) to participate in the first meeting of the Redress Timeliness Working Group at the Terrorist Screening in March 2008 to address timeliness issues related to the redress process. DHS also established a Redress Request Assurance Review process to improve the accuracy of redress request intake and processing. The data collected from this review process will provide for an appropriate metric for quality assurance and accuracy. Also, TSA's Office of Transportation Security Redress was working with a case management application contractor to develop a new case management system for TRIP. According to DHS, this system will provide reporting features for tracking performance measures, including a new measure to assess the accuracy of the redress process.

Full Report

Office of Public Affairs

Topics

Air transportationAirport securityAirportsAviation securityBaggage screeningCargo screeningCommercial aviationInspectionOperational testingPassenger screeningProgram evaluationProgram managementResearch and developmentSearch and seizureSecure flightStrategic planningTransportation planningTransportation policiesTransportation safetyTransportation securityProgram goals or objectives