Skip to main content

Transportation Security: Actions Needed to Address Limitations in TSA's Transportation Worker Security Threat Assessments and Growing Workload

GAO-12-60 Published: Dec 08, 2011. Publicly Released: Dec 08, 2011.
Jump To:
Skip to Highlights

Highlights

What GAO Found

Nonfederal government entities have varying roles and responsibilities under three TSA transportation worker credentialing programs we reviewed--the Transportation Worker Identification Credential program (TWIC) for maritime workers; the Hazardous Materials Endorsement program (HME) for truckers seeking a commercial drivers license endorsement to carry hazardous materials; and the Aviation Workers program for airport workers. TSA administers the TWIC credentialing process, with no role for maritime port facility operators outside of verifying issued credentials. Under HME, state licensing agencies issue endorsements based on whether TSA reports favorable background checking results. In contrast, under the Aviation Workers program, TSA and airports share responsibility for the vetting process for airport workers, with airports responsible for enrolling applicants, adjudicating criminal history results TSA provides, and issuing, and if necessary, revoking airport badges. Eleven of 17 selected maritime ports--including 4 of the top 10 largest ports--reported implementing additional credentialing requirements to those under TSA regulations, which generally included requirements for applicants to obtain and present local port identification--in addition to a TWIC--to gain unescorted access. At three of these ports, local agencies conducted additional criminal history checks. In addition, 4 of 6 selected state licensing agencies responsible for issuing commercial drivers licenses were conducting additional criminal history checks on HME applicants. Some programs included applicant fees which added to the costs already incurred by applicants in obtaining TSA credentials. However, port officials reported their programs provided additional benefits over TSA's programs. The state and local credentialing programs we reviewed complemented the existing credentialing programs administered by TSA.

TSA faces challenges in ensuring it has the necessary information and appropriate staffing to effectively conduct Security Threat Assessments for applicants to its transportation worker credentialing programs. First, in general, the level of access that TSA credentialing programs receive to Department of Justice (DOJ) Federal Bureau of Investigation (FBI) criminal history records is the level of access accorded for noncriminal justice purposes (e.g., equal to that of a private company doing an employment check on a new applicant, according to TSA) which limits TSA in accessing certain criminal history data related to charges and convictions. While TSA is seeking criminal justice type access to FBI systems, the FBI reports that it is legally unable to provide this access. The FBI and TSA are collaborating on options, but have not identified the extent to which a potential security risk may exist under the current process, and the costs and benefits of pursuing alternatives to provide additional access. Second, TSA officials reported the agency was not reviewing some state-provided criminal history for HME applicants because TSA did not have a mechanism to efficiently capture the data in its case system. Identifying a solution may help TSA better identify HME applicants posing security threats. Third, the TSA Adjudication Center relies on contractors for adjudicating applicant cases, and contractor turnover has affected the agency's ability to meet its growing workload. Developing a workforce staffing plan that considers the costs and benefits of using contractors will help ensure that TSA meets its growing credentialing workload. GAO recommends that (1) TSA and the FBI conduct a joint risk assessment of TSA's access to criminal history records, (2) TSA assess costs and benefits of using state-provided criminal history information, and (3) TSA develop a workforce staffing plan to address its growing Adjudication Center workload. DHS and DOJ concurred with GAO's recommendations.

Why GAO Did This Study

Within the Department of Homeland Security (DHS), the Transportation Security Administration (TSA) manages several credentialing programs, which include background checking (known as Security Threat Assessments) and issuing credentials to transportation workers requiring unescorted access to the nation's transportation facilities. The number of TSA programs and their potential for redundancy with state and local government programs has raised questions about these credentialing programs. In response to a mandate in the Coast Guard Authorization Act of 2010, GAO examined TSA credentialing programs to identify (1) the roles and responsibilities of federal and nonfederal government entities related to TSA's transportation worker credentialing programs and how they compare, and (2) any key challenges TSA faced in ensuring the effectiveness of its credentialing programs. GAO reviewed program documentation, such as program processes, and conducted structured interviews with selected airports, port authorities, and state agencies. GAO selected nonfederal government entities based on volume of passengers, truckers, and cargo.

Recommendations

GAO recommends that (1) TSA and the FBI conduct a joint risk assessment of TSA’s access to criminal history records, (2) TSA assess costs and benefits of using state-provided criminal history information, and (3) TSA develop a workforce staffing plan to address its growing Adjudication Center workload. DHS and DOJ concurred with GAO’s recommendations.

Recommendations for Executive Action

Agency Affected Recommendation Status
Department of Homeland Security The Secretary of Homeland Security should direct the TSA Administrator, and the Attorney General of the United States should direct the Director of the FBI, to jointly assess the extent to which a security risk may exist with respect to the level of access to criminal history records information currently received by TSA to complete Security Threat Assessments, identify alternatives to address any risks, and assess the costs and benefits of pursuing each alternative.
Closed – Implemented
In December 2011, we reported that the Transportation Security Administration (TSA) faced challenges in ensuring it had the necessary information and appropriate staffing to effectively conduct Security threat assessments for applicants to its transportation worker credentialing programs. Among other things, we reported that the level of access that TSA credentialing programs receive to Federal Bureau of Investigation (FBI) criminal history records is the level of access accorded for noncriminal justice purpose--which limits TSA in accessing certain criminal history data related to charges and convictions. To address this, TSA was seeking criminal justice type access to FBI systems, but the FBI reported that it was legally unable to provide this access. Nonetheless, we found that TSA and the FBI had not assessed whether a potential security risk in TSA's security threat assessment process may exist with TSA's present level of access to FBI criminal records as a noncriminal justice purposes requesting agency. We recommended that the Secretary of Homeland Security should direct the TSA Administrator, and the Attorney General of the United States direct the Director of the FBI, to jointly assess the extent to which a security risk may exist with respect to the level of access to criminal history records information currently received by TSA to complete Security Threat Assessments, identify alternatives to address any risks, and assess the costs and benefits of pursuing each alternative. TSA and the FBI reported evaluating the extent to which a security risk may exist with respect to the level of access to CHRI by the TSA during the security threat assessment process. In February 2012, the FBI reported pursuing several strategies to provide the TSA with access to the most complete criminal history records legally available for non-criminal justice purposes. The FBI reported that it would work in collaboration with the TSA to evaluate the benefits and costs of each initiative and to evaluate the extent that the state-maintained criminal history record information enhanced the security threat assessment process. In November 2014, TSA provided a copy of the joint assessment prepared by TSA and the FBI. According to TSA and FBI officials, the report concluded that the risk of incomplete information does exist when only the FBI rapsheet is returned and that the risk can be mitigated through expanded access to state supplied CHRI through the Purpose Code I identification. According to TSA officials, the analysis determined that additional CHRI significantly increased TSA's ability to effectively and accurately adjudicate the criminal component of the security threat assessment process. TSA reported that the study between the FBI and TSA culminated in the FBI implementing system changes to provide increased value for all system users. For example, according to TSA officials, the FBIs release of its Next Generation Identification System Increment (NGI) 4--which the FBI reported achieving full operational capability in September 2014--has been enhanced such that state provided CHRI is now incorporated into all FBI rapsheet responses and TSA will continue to receive expanded criminal history record information for its security threat assessments. The actions taken by TSA and the FBI are consistent with the intent of our recommendation.
Department of Justice The Secretary of Homeland Security should direct the TSA Administrator, and the Attorney General of the United States should direct the Director of the FBI, to jointly assess the extent to which a security risk may exist with respect to the level of access to criminal history records information currently received by TSA to complete Security Threat Assessments, identify alternatives to address any risks, and assess the costs and benefits of pursuing each alternative.
Closed – Implemented
In December 2011, we reported that the Transportation Security Administration (TSA) faced challenges in ensuring it had the necessary information and appropriate staffing to effectively conduct Security threat assessments for applicants to its transportation worker credentialing programs. Among other things, we reported that the level of access that TSA credentialing programs receive to Federal Bureau of Investigation (FBI) criminal history records is the level of access accorded for noncriminal justice purpose--which limits TSA in accessing certain criminal history data related to charges and convictions. To address this, TSA was seeking criminal justice type access to FBI systems, but the FBI reported that it was legally unable to provide this access. Nonetheless, we found that TSA and the FBI had not assessed whether a potential security risk in TSA's security threat assessment process may exist with TSA's present level of access to FBI criminal records as a noncriminal justice purposes requesting agency. We recommended that the Secretary of Homeland Security should direct the TSA Administrator, and the Attorney General of the United States direct the Director of the FBI, to jointly assess the extent to which a security risk may exist with respect to the level of access to criminal history records information currently received by TSA to complete Security Threat Assessments, identify alternatives to address any risks, and assess the costs and benefits of pursuing each alternative. TSA and the FBI reported evaluating the extent to which a security risk may exist with respect to the level of access to CHRI by the TSA during the security threat assessment process. In February 2012, the FBI reported pursuing several strategies to provide the TSA with access to the most complete criminal history records legally available for non-criminal justice purposes. The FBI reported that it would work in collaboration with the TSA to evaluate the benefits and costs of each initiative and to evaluate the extent that the state-maintained criminal history record information enhanced the security threat assessment process. In November 2014, TSA provided a copy of the joint assessment prepared by TSA and the FBI. According to TSA and FBI officials, the report concluded that the risk of incomplete information does exist when only the FBI rapsheet is returned and that the risk can be mitigated through expanded access to state supplied CHRI through the Purpose Code I identification. According to TSA officials, the analysis determined that additional CHRI significantly increased TSA's ability to effectively and accurately adjudicate the criminal component of the security threat assessment process. TSA reported that the study between the FBI and TSA culminated in the FBI implementing system changes to provide increased value for all system users. For example, according to TSA officials, the FBIs release of its Next Generation Identification System Increment (NGI) 4--which the FBI reported achieving full operational capability in September 2014--has been enhanced such that state provided CHRI is now incorporated into all FBI rapsheet responses and TSA will continue to receive expanded criminal history record information for its security threat assessments. The actions taken by TSA and the FBI are consistent with the intent of our recommendation.
Department of Homeland Security The Secretary of Homeland Secretary should direct the TSA Administrator to conduct an assessment of the risks associated with not utilizing some state-provided criminal history information, as well as an analysis of the costs and benefits of integrating the information into the current adjudication process.
Closed – Implemented
The Department of Homeland Security's Transportation Security Administration (TSA) concurred with the intent of the recommendation, and reported actions underway that would satisfy them. TSA reported that it was no longer necessary to conduct an analysis of the risks and costs and benefits associated with not using some state-provided criminal history information in its security threat assessment process because it had identified a solution for incorporating additional state criminal history information. According to TSA officials and a Federal Bureau of Investigation (FBI) memorandum, using the established Federal FBI Interstate Identification Index (III) system to request and receive data from all states would be the most effective and efficient solution to address the identified risk. In November 2012, TSA reported that the two agencies had collaborated to implement a pilot project to receive additional state level criminal history data via the FBI III system. TSA reported that through this pilot project, it now received criminal history record information (CHRI) data from an additional 24 states that are able to provide responses through the FBI III using Purpose Code I along with 16 National Fingerprint File (NFF) from participant states. Since that initial implementation, the FBI has reportedly been working with other states to sign on for Purpose Code I or convert to NFF to allow access to state level data. TSA and the FBI reported targeting 2014 for completion of its pilot project at which time the FBI would implement its Next Generation Identification Increment 4 solution with the same functionality as the pilot project. In May 2013, TSA reported that it continued to receive state level data through the pilot project and requested GAO close the recommendation. These TSA and FBI actions are consistent with the intent of our recommendation.
Department of Homeland Security The Secretary of Homeland Secretary should direct the TSA Administrator to develop a workforce staffing plan with timelines articulating how the Transportation Threat Assessment and Credentialing (TTAC) Adjudication Center will effectively and efficiently meet its current and emerging workload requirements, and incorporate the results of TSA's study examining the appropriateness and costs and benefits of using contractors.
Closed – Implemented
In December 2011, to help ensure that the Transportation Security Administration (TSA) is able to meet its growing credentialing workload, we recommended that the Secretary of Homeland Security direct the TSA to develop a workforce staffing plan with timelines articulating how the TSA's Adjudication Center will effectively and efficiently meet its current and emerging workload requirements, and incorporate the results of TSA's study examining the appropriateness and costs and benefits of using contractors. DHS concurred with our recommendation. In response, TSA updated its Adjudication Center staffing plan, most recently in July 2013, to reflect current and estimated workload estimates with timelines showing how the TSA may address growing workload responsibilities--such as for increasing its staffing to meet demands for adjudicating Pre Check program applicants. In addition, in January 2014, TSA approved plans to address the findings of a DHS assessment that concluded that Adjudication Center functions are inherently governmental and that the functions and associated contract positions should be converted from contractor to federal positions. In a January 2014 TSA memorandum, the TSA Deputy Administrator approved a plan to convert 46 contractor positions to 46 federal full time positions under TSA's Office of Law Enforcement/Federal Air Marshall Service during 2014. TSA began its hiring process in April 2014 and officials report plans to complete hiring by September 2014, while phasing out its contract by December 2014. According to the memorandum, this action will have an immediate impact by creating direct oversight, long-term stability, and anticipated cost savings for the government. TSA's actions to address its growing credentialing workload are consistent with our recommendation. We are closing the recommendation as implemented.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Airport securityAirportsAuthorized accessAviationBackground investigationsBiometric identificationContractorsCost analysisCriminal background checksCriminalsFederal agenciesFederal regulationsLocally administered programsProgram evaluationProgram managementSecurity assessmentsSecurity threatsTransportation securityTransportation workers