Transportation Security:

Actions Needed to Address Limitations in TSA's Transportation Worker Security Threat Assessments and Growing Workload

GAO-12-60: Published: Dec 8, 2011. Publicly Released: Dec 8, 2011.

Additional Materials:

Contact:

Stephen M. Lord
(202) 512-3000
lords@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

Nonfederal government entities have varying roles and responsibilities under three TSA transportation worker credentialing programs we reviewed--the Transportation Worker Identification Credential program (TWIC) for maritime workers; the Hazardous Materials Endorsement program (HME) for truckers seeking a commercial drivers license endorsement to carry hazardous materials; and the Aviation Workers program for airport workers. TSA administers the TWIC credentialing process, with no role for maritime port facility operators outside of verifying issued credentials. Under HME, state licensing agencies issue endorsements based on whether TSA reports favorable background checking results. In contrast, under the Aviation Workers program, TSA and airports share responsibility for the vetting process for airport workers, with airports responsible for enrolling applicants, adjudicating criminal history results TSA provides, and issuing, and if necessary, revoking airport badges. Eleven of 17 selected maritime ports--including 4 of the top 10 largest ports--reported implementing additional credentialing requirements to those under TSA regulations, which generally included requirements for applicants to obtain and present local port identification--in addition to a TWIC--to gain unescorted access. At three of these ports, local agencies conducted additional criminal history checks. In addition, 4 of 6 selected state licensing agencies responsible for issuing commercial drivers licenses were conducting additional criminal history checks on HME applicants. Some programs included applicant fees which added to the costs already incurred by applicants in obtaining TSA credentials. However, port officials reported their programs provided additional benefits over TSA's programs. The state and local credentialing programs we reviewed complemented the existing credentialing programs administered by TSA.

TSA faces challenges in ensuring it has the necessary information and appropriate staffing to effectively conduct Security Threat Assessments for applicants to its transportation worker credentialing programs. First, in general, the level of access that TSA credentialing programs receive to Department of Justice (DOJ) Federal Bureau of Investigation (FBI) criminal history records is the level of access accorded for noncriminal justice purposes (e.g., equal to that of a private company doing an employment check on a new applicant, according to TSA) which limits TSA in accessing certain criminal history data related to charges and convictions. While TSA is seeking criminal justice type access to FBI systems, the FBI reports that it is legally unable to provide this access. The FBI and TSA are collaborating on options, but have not identified the extent to which a potential security risk may exist under the current process, and the costs and benefits of pursuing alternatives to provide additional access. Second, TSA officials reported the agency was not reviewing some state-provided criminal history for HME applicants because TSA did not have a mechanism to efficiently capture the data in its case system. Identifying a solution may help TSA better identify HME applicants posing security threats. Third, the TSA Adjudication Center relies on contractors for adjudicating applicant cases, and contractor turnover has affected the agency's ability to meet its growing workload. Developing a workforce staffing plan that considers the costs and benefits of using contractors will help ensure that TSA meets its growing credentialing workload. GAO recommends that (1) TSA and the FBI conduct a joint risk assessment of TSA's access to criminal history records, (2) TSA assess costs and benefits of using state-provided criminal history information, and (3) TSA develop a workforce staffing plan to address its growing Adjudication Center workload. DHS and DOJ concurred with GAO's recommendations.

Why GAO Did This Study

Within the Department of Homeland Security (DHS), the Transportation Security Administration (TSA) manages several credentialing programs, which include background checking (known as Security Threat Assessments) and issuing credentials to transportation workers requiring unescorted access to the nation's transportation facilities. The number of TSA programs and their potential for redundancy with state and local government programs has raised questions about these credentialing programs. In response to a mandate in the Coast Guard Authorization Act of 2010, GAO examined TSA credentialing programs to identify (1) the roles and responsibilities of federal and nonfederal government entities related to TSA's transportation worker credentialing programs and how they compare, and (2) any key challenges TSA faced in ensuring the effectiveness of its credentialing programs. GAO reviewed program documentation, such as program processes, and conducted structured interviews with selected airports, port authorities, and state agencies. GAO selected nonfederal government entities based on volume of passengers, truckers, and cargo.

What GAO Recommends

GAO recommends that (1) TSA and the FBI conduct a joint risk assessment of TSA’s access to criminal history records, (2) TSA assess costs and benefits of using state-provided criminal history information, and (3) TSA develop a workforce staffing plan to address its growing Adjudication Center workload. DHS and DOJ concurred with GAO’s recommendations.

For more information, contact Stephen M.Lord at (202) 512-4379 or lords@gao.gov.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: The Secretary of Homeland Secretary should direct the TSA Administrator to conduct an assessment of the risks associated with not utilizing some state-provided criminal history information, as well as an analysis of the costs and benefits of integrating the information into the current adjudication process.

    Agency Affected: Department of Homeland Security

    Status: Closed - Implemented

    Comments: The Department of Homeland Security's Transportation Security Administration (TSA) concurred with the intent of the recommendation, and reported actions underway that would satisfy them. TSA reported that it was no longer necessary to conduct an analysis of the risks and costs and benefits associated with not using some state-provided criminal history information in its security threat assessment process because it had identified a solution for incorporating additional state criminal history information. According to TSA officials and a Federal Bureau of Investigation (FBI) memorandum, using the established Federal FBI Interstate Identification Index (III) system to request and receive data from all states would be the most effective and efficient solution to address the identified risk. In November 2012, TSA reported that the two agencies had collaborated to implement a pilot project to receive additional state level criminal history data via the FBI III system. TSA reported that through this pilot project, it now received criminal history record information (CHRI) data from an additional 24 states that are able to provide responses through the FBI III using Purpose Code I along with 16 National Fingerprint File (NFF) from participant states. Since that initial implementation, the FBI has reportedly been working with other states to sign on for Purpose Code I or convert to NFF to allow access to state level data. TSA and the FBI reported targeting 2014 for completion of its pilot project at which time the FBI would implement its Next Generation Identification Increment 4 solution with the same functionality as the pilot project. In May 2013, TSA reported that it continued to receive state level data through the pilot project and requested GAO close the recommendation. These TSA and FBI actions are consistent with the intent of our recommendation.

    Recommendation: The Secretary of Homeland Security should direct the TSA Administrator, and the Attorney General of the United States should direct the Director of the FBI, to jointly assess the extent to which a security risk may exist with respect to the level of access to criminal history records information currently received by TSA to complete Security Threat Assessments, identify alternatives to address any risks, and assess the costs and benefits of pursuing each alternative.

    Agency Affected: Department of Justice

    Status: Open

    Comments: In March 2012, the Department of Justice's Federal Bureau of Investigation (FBI) concurred with the recommendation and reported pursuing several strategies to provide the Transportation Security Administration (TSA) with access to the most complete criminal history records legally available for non-criminal justice purposes. The FBI reported that it would work in collaboration with the TSA to evaluate the benefits and costs of each initiative and to evaluate the extent that the state-maintained criminal history record information enhanced the security threat assessment process.

    Recommendation: The Secretary of Homeland Security should direct the TSA Administrator, and the Attorney General of the United States should direct the Director of the FBI, to jointly assess the extent to which a security risk may exist with respect to the level of access to criminal history records information currently received by TSA to complete Security Threat Assessments, identify alternatives to address any risks, and assess the costs and benefits of pursuing each alternative.

    Agency Affected: Department of Homeland Security

    Status: Open

    Comments: The Transportation Security Administration (TSA) reported that it had been working with the Department of Justice (DOJ), the Federal Bureau of Investigation (FBI), and the states for several years to obtain more comprehensive access to criminal history record information (CHRI). As of mid-October 2011, TSA and the FBI had reportedly implemented a pilot program for TSA's use in conducting security threat assessments which would use the FBI Interstate Identification Index (III) to obtain state CHRI along with the FBI's CHRI in an automated fashion from 22 additional states that respond to non-criminal justice requests through III. As the pilot progressed, TSA reported that it would work with the FBI to identify the differences between the standard FBI CHRI non-criminal justice requests and the additional state data. TSA and FBI planned to include these results in the overall assessment of risks regarding TSA's current level of CHRI access for security threat assessments. In October 2012, TSA officials said the TSA and FBI had drafted a Memorandum of Understanding (MOU) to support this technical effort and were targeting fiscal year 2013 for finalizing the MOU. In April 2013, TSA reported that the agency continued to work with the FBI to conduct the recommended risk assessment and to evaluate data based on the FBI Purpose Code I pilot data. TSA reported that, over the past year, TSA and FBI have been coordinating to devise the risk assessment parameters including criteria for sample data access and review. According to TSA, in March 2013, TSA and the FBI convened to jointly review and analyze pilot data selected for the study and initial findings--and the agencies were working to complete and document the risk assessment.

    Recommendation: The Secretary of Homeland Secretary should direct the TSA Administrator to develop a workforce staffing plan with timelines articulating how the Transportation Threat Assessment and Credentialing (TTAC) Adjudication Center will effectively and efficiently meet its current and emerging workload requirements, and incorporate the results of TSA's study examining the appropriateness and costs and benefits of using contractors.

    Agency Affected: Department of Homeland Security

    Status: Open

    Comments: In March 2012, The Transportation Security Administration (TSA) reported that the agency had updated its Adjudication Center staffing plan to reflect that it was meeting its Adjudication Center workload requirements. TSA reported that the Balanced Workforce Initiative (BWI) which examined the appropriateness and costs and benefits of using contractors to adjudicate security threat assessments was completed in the fourth quarter of 2011. However, TSA had not yet updated its Adjudication Center staffing plan to incorporate the results of the BWI because it had postponed final decision on addressing the results due to a major reorganization effort. In particular, TSA reported that the Adjudication Center was transferred in December 2011 from the Transportation Threat Assessment Center to its Office of Law Enforcement/Federal Air Marshal Service and TSA decided the gaining organization should make the Balanced Workforce decision. In May 2013, TSA officials reported that they did not have a timeline for when this would occur.

    Apr 7, 2014

    Mar 31, 2014

    Mar 28, 2014

    Mar 26, 2014

    Mar 12, 2014

    Mar 7, 2014

    Feb 27, 2014

    Feb 13, 2014

    Looking for more? Browse all our products here