Aviation Security: TSA Has Completed Key Activities Associated with Implementing Secure Flight, but Additional Actions Are Needed to Mitigate Risks
GAO-09-292
Published: May 13, 2009. Publicly Released: May 13, 2009.
Skip to Highlights
Highlights
To enhance aviation security, the Department of Homeland Security's (DHS) Transportation Security Administration (TSA) developed a program--known as Secure Flight--to assume from air carriers the function of matching passenger information against terrorist watch-list records. In accordance with a mandate in the Department of Homeland Security Appropriations Act, 2008, GAO's objective was to assess the extent to which TSA met the requirements of 10 statutory conditions related to the development of the Secure Flight program. GAO is required to review the program until all 10 conditions are met. In September 2008, DHS certified that it had satisfied all 10 conditions. To address this objective, GAO (1) identified key activities related to each of the 10 conditions; (2) identified federal guidance and best practices that are relevant to successfully meeting each condition; (3) analyzed whether TSA had demonstrated, through program documentation and oral explanation, that the guidance was followed and best practices were met; and (4) assessed the risks associated with not fully following applicable guidance and meeting best practices.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of Homeland Security | To mitigate future risks of performance shortfalls and strengthen management of the Secure Flight program moving forward, the Secretary of Homeland Security should direct the Assistant Secretary for the Transportation Security Administration to periodically assess the performance of the Secure Flight system's matching capabilities and results to determine whether the system is accurately matching watch-listed individuals while minimizing the number of false positives--consistent with the goals of the program; document how this assessment will be conducted and how its results will be measured; and use these results to determine whether the system settings should be modified. | Section 522(a) of the Department of Homeland Security (DHS) Appropriations Act, 2005, set forth 10 conditions related to the development and implementation of Secure Flight that the program must successfully meet in order to become operational. Under this act, GAO was required to review the Secure Flight program until it determined that all 10 conditions had been successfully met. Statutory Condition 3 required the Transportation Security Administration (TSA) to demonstrate the efficacy and accuracy of the search tools used as part of Secure Flight and perform stress testing on the Secure Flight system. In May 2009, we reported that TSA had generally achieved the part of Condition 3 that... requires TSA to demonstrate the efficacy and accuracy of the search tools used as part of Secure Flight. At that time, TSA reported that it was considering conducting periodic reviews of the Secure Flight system's matching capabilities and results (i.e., false positives and false negatives) to determine whether the system was performing as intended, but had not yet made final decisions regarding whether to conduct such reviews. GAO recommended that DHS take action to periodically assess the performance of the Secure Flight system's name-matching capabilities and results. In response, TSA developed performance measures to report and monitor Secure Flight's name matching capabilities. According to TSA, Secure Flight leadership reviews the daily reports, which reflect quality, match rate, false positive rates, and other metrics. Reviews include analysis, discussion with program leadership, and identification of process and data quality improvements to increase efficiency and reduce possible false positive matches to the watchlist. In addition, DHS established a multi-departmental Match Review Board Working Group and a Match Review Board to review the performance measures and watchlist matching system behaviors and recommend system changes to improve system performance. The working group meets every 2 weeks and is co-chaired by the Secure Flight Director of Vetting Analysis and the Deputy Director for Vetting. The Match Review Board is chaired by the Transportation Threat Assessment and Credentialing Office General Manager for Operations and co-chaired by the Deputy Assistant Administrator, Office of Intelligence, and consists of management-level individuals who have decision-making authority concerning procedural and system change recommendations. The board meets monthly, or as required, to review working group findings and to make system change recommendations. Based on these actions, we consider this recommendation closed as implemented.
View More |
| Department of Homeland Security | To ensure that passenger prescreening is working as intended, the Secretary of Homeland Security should direct the Assistant Secretary for the Transportation Security Administration to conduct outreach to air carriers--particularly carriers in states with unique transportation needs--to determine whether modifications to the CAPPS rules and related security amendment have achieved their intended effect. | Section 522(a) of the Department of Homeland Security (DHS) Appropriations Act, 2005, set forth 10 conditions related to the development and implementation of Secure Flight that the program must successfully meet in order to become operational. Under this act, GAO was required to review the Secure Flight program until it determined that all 10 conditions had been successfully met. Statutory Condition 9 required the Transportation Security Administration (TSA)--pursuant to the requirements of section 44903(i)(2)(A)[sic] of title 49, United States Code--to modify Secure Flight with respect to intrastate transportation to accommodate states with unique air transportation needs and...
|
Full Report
Public Inquiries
Topics
Air transportationAirlinesAviation securityBest practicesCommercial aviationHigh risk passengersHomeland securityInternal controlsOperational testingPassenger screeningPassenger screening systemsPerformance measuresProgram evaluationRequirements definitionRisk assessmentRisk factorsRisk managementSecure flightStandardsStandards evaluationSystems analysisSystems designTerrorismTestingTransportation policiesTransportation safetyTransportation securityProgram goals or objectivesProgram implementation