This is the accessible text file for GAO report number GAO-14-32 entitled 'Maritime Security: DHS Could Benefit from Tracking Progress in Implementing the Small Vessel Security Strategy' which was released on November 19, 2013. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States Government Accountability Office: GAO: Report to Congressional Requesters: October 2013: Maritime Security: DHS Could Benefit from Tracking Progress in Implementing the Small Vessel Security Strategy: GAO-14-32: GAO Highlights: Highlights of GAO-14-32, a report to congressional requesters. Why GAO Did This Study: The Coast Guard estimates that there were more than 22 million small vessels operating in the United States in 2012. Terrorists, smugglers, and other criminals can use small vessels as platforms for their activities because small vessels are generally unregulated and largely anonymous. Law enforcement agencies face the challenge of distinguishing between legitimate small vessel operators and the relatively few individuals estimated to be engaged in illicit activities. DHS issued its SVSS in April 2008 and its follow-on SVSS Implementation Plan in January 2011 to help guide actions to mitigate the security risks arising from small vessels. Given the importance of small vessel security, GAO was asked to review DHS’s efforts in developing and implementing the SVSS Implementation Plan. This report examines what actions, if any, DHS and its components have taken to address small vessel security concerns, and the extent to which they have implemented action items in the SVSS Implementation Plan. GAO analyzed DHS documents; interviewed DHS officials; and visited two ports selected on the basis of the volume of small vessel traffic and security initiatives in place, among other things. While the results of the port visits cannot be generalized across all ports, they provided insights on small vessel security issues and operations. What GAO Found: The Department of Homeland Security (DHS) and its components—such as the U.S. Coast Guard and Customs and Border Protection (CBP)—have started or completed initiatives to address small vessel security risks, but DHS is not tracking the progress being made to address action items in the Small Vessel Security Strategy (SVSS) Implementation Plan. “Small vessels” are characterized as any watercraft—-regardless of method of propulsion—-less than 300 gross tons, and used for recreational or commercial purposes. DHS component officials GAO met with identified examples of key initiatives that they have completed or have under way to enhance small vessel security, including an initiative to help CBP better track small vessels arriving from foreign locations and another to assist the Coast Guard in assessing and monitoring small vessel launch sites. Although the SVSS Implementation Plan states that DHS is to assess and update the plan, DHS has not determined the progress its components and other relevant stakeholders—such as the Department of Defense—are making in completing the action items and has no current plans to do so. DHS officials stated that this is due, in part, to budget constraints that make this a low priority. DHS officials stated that updating the SVSS Implementation Plan would be valuable, and doing so is particularly important since more than one component could be responsible for action items in the plan. Accordingly, by systematically gathering information from its components and other relevant stakeholders to regularly update the progress they are making in addressing the action items in the plan, DHS could help prioritize initiatives given constrained budgets and better identify successes and lessons learned, among other things. Figure: The Results of a Small Vessel Attack on the USS Cole: [Refer to PDF for image: photograph] Source: Department of Defense. [End of figure] What GAO Recommends: GAO recommends that DHS regularly update the progress its components and other relevant stakeholders are making in addressing action items in the SVSS Implementation Plan. DHS concurred with the recommendation. View [hyperlink, http://www.gao.gov/products/GAO-14-32]. For more information, contact Stephen Caldwell at (202) 512-9610 or caldwells@gao.gov. [End of section] Contents: Letter: Background: DHS and Its Components Are Taking Actions, but DHS Is Not Tracking Progress in Addressing the SVSS Implementation Plan: Conclusions: Recommendation for Executive Action: Agency Comments: Appendix I: Stakeholders Involved in Small Vessel Security: Appendix II: Examples of DHS Components' Initiatives to Address Small Vessel Security: Appendix III: Comments from the Department of Homeland Security: Appendix IV: GAO Contact and Staff Acknowledgments: Related GAO Products: Tables: Table 1: Examples of Key DHS Components' Roles and Responsibilities Regarding Small Vessel Security: Table 2: Number of Participants, Float Plans, and Vessels Registered in the Small Vessel Reporting System, May 2010 through May 2013: Figures: Figure 1: The Results of a Small Vessel Attack on the USS Cole: Figure 2: Coast Guard Vessels Escorting a Cruise Ship and a Liquid Natural Gas Tanker: Figure 3: A Floating Security Barrier (Foreground): Figure 4: A Citizen Awareness Program Poster: Figure 5: Portable Radiation Detectors: Abbreviations: CBP: Customs and Border Protection: CSS: Coastal Surveillance System: DHS: Department of Homeland Security: DNDO: Domestic Nuclear Detection Office: MSRAM: Maritime Security Risk Analysis Model: OIG: Office of Inspector General: PRND: preventive radiological/nuclear detection: RIID: Radioisotope Identification Device: SVRS: Small Vessel Reporting System: SVSS: Small Vessel Security Strategy: S&T: Science and Technology: WCMP: West Coast Maritime Pilot: [End of section] GAO: United States Government Accountability Office: 441 G St. N.W. Washington, DC 20548: October 31, 2013: The Honorable John D. Rockefeller: Chairman: Committee on Commerce, Science, and Transportation: United States Senate: The Honorable Bennie G. Thompson: Ranking Member: Committee on Homeland Security: House of Representatives: The U.S. Coast Guard estimates that there were more than 22 million small vessels operating in the United States in 2012.[Footnote 1] Terrorists, smugglers, and other criminals can use small vessels as platforms for their activities because small vessels are generally unregulated and largely anonymous. Consequently, law enforcement agencies face the challenge of distinguishing between the vast number of legitimate small vessel operators and the comparatively few individuals that are estimated to be engaged in illicit activities. On any given day, small vessels share waterways with commercial and military vessels, operating at hundreds of U.S. ports and waterways. According to the Coast Guard's Strategy for Maritime Safety, Security, and Stewardship, a small vessel represents one of the greatest risks from terrorism in the maritime domain.[Footnote 2] Further, small vessels have the potential to be used to smuggle terrorists or weapons of mass destruction into the United States. According to the Department of Homeland Security (DHS), the consequences of a weapon of mass destruction attack in the United States could be catastrophic, and potentially include the loss of life, direct and indirect economic costs, and adverse environmental effects, including the contamination of the impact area with subsequent loss of its use for decades. [Footnote 3] Recognizing the risks posed by terrorists using small vessels to attack targets or as a conveyance for terrorists and their contraband to enter the United States, DHS issued its Small Vessel Security Strategy (SVSS) in April 2008 and its follow-on SVSS Implementation Plan in January 2011 to help guide its efforts to mitigate the security risks arising from small vessels.[Footnote 4] The SVSS and Implementation Plan identify several DHS components that have a key role in addressing small vessel security, including the U.S. Coast Guard, Customs and Border Protection (CBP), DHS's Science and Technology (S&T) Directorate, and DHS's Domestic Nuclear Detection Office (DNDO), as well as other federal stakeholders.[Footnote 5] For more information on the roles and responsibilities of these DHS components, see appendix I. Given the importance of small vessel security, you asked us to review DHS's efforts in developing and implementing the SVSS Implementation Plan. This report addresses the following question: * What actions, if any, have DHS and its components taken to address small vessel security concerns, and to what extent have they implemented action items from the SVSS Implementation Plan? To answer this question, we analyzed DHS documents, such as the SVSS, the SVSS Implementation Plan, and the Report of the DHS National Small Vessel Security Summit.[Footnote 6] We also reviewed relevant federal legislation, such as the Maritime Transportation Security Act of 2002, [Footnote 7] as well as corresponding regulations and guidance. We compared DHS's actions for tracking the SVSS Implementation Plan with (1) Standards for Internal Control in the Federal Government,[Footnote 8] (2) provisions in DHS's SVSS, (3) key management practices, [Footnote 9] and (4) useful practices for performance management and measurement.[Footnote 10] Further, we interviewed headquarters officials responsible for developing or addressing the action items in the SVSS Implementation Plan from the DHS Office of Policy, as well as four DHS components--the Coast Guard, CBP, DNDO, and DHS S&T.[Footnote 11] In these meetings, we also discussed key initiatives that each of the four DHS components' have in place to address small vessel security and reviewed related documents on these initiatives. Although these initiatives relate to the overarching goals of the SVSS, each initiative is not directly aligned with a specific action item in the SVSS Implementation Plan.[Footnote 12] Accordingly, we focused on describing these key initiatives identified by the DHS components, not the individual action items in the plan. In addition, we conducted visits to two ports--San Diego, California and Miami, Florida--to interview port security stakeholders and observe small vessel security activities. We selected these ports on the basis of various factors, including the (1) relatively high volume of small vessel traffic and (2) initiatives initiated at these ports by DHS components to address small vessel security risks. At these ports, we interviewed officials from local Coast Guard units, as well as from CBP's Office of Field Operations and Office of Air and Marine. Further, we interviewed representatives from the U.S. Navy, two local law enforcement agencies, two port authorities, and six industry associations--who were selected because they worked with DHS components regarding small vessel security issues and operations. While we cannot generalize the results of our interviews and observations to all ports, officials we interviewed and observations we made provided us with a general overview and perspective on small vessel security issues and operations at the selected locations. We conducted this performance audit from February 2013 to October 2013, in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Background: Small Vessels Pose Security Risks: Larger vessels--such as cruise ships, container ships, and oil and natural gas tankers--can travel among small vessels that operate with little scrutiny or notice, and some of these larger vessels have suffered waterborne attacks overseas by terrorists or pirates who operated from small vessels. Although there have not been any small vessel attacks in the United States, terrorists have used small vessels to facilitate their attacks, such as those on the USS Cole in 2000 (see fig. 1), the French oil tanker Limburg in Yemen in 2002, and the Japanese tanker M Star in 2010. Our prior work has found that the use of small vessels to deliver improvised explosive devices was one of the most significant concerns for larger vessels.[Footnote 13] The concern about small vessel attacks is exacerbated by the fact that some larger vessels, such as cruise ships, sail according to precise schedules and preplanned itineraries that could provide information to terrorists in preparing for and carrying out an attack against a vessel. Small vessels have also been successfully employed by pirates to hijack international cargo vessels, and at least three cruise ships have been attacked by pirates aboard small vessels who were armed with automatic weapons and rocket-propelled grenades. Figure 1: The Results of a Small Vessel Attack on the USS Cole: [Refer to PDF for image: 2 photographs] Source: Department of Defense. [End of figure] In addition, DHS reported that small vessels have the potential to be used to smuggle weapons of mass destruction into the United States. According to the International Atomic Energy Agency, from 1993 through 2012, there were 2,331 confirmed incidents of illicit trafficking of nuclear and other radioactive material.[Footnote 14] Although these incidents do not all involve the use of small vessels, the former commandant of the Coast Guard testified that small vessels pose a greater threat than cargo containers for smuggling nuclear materials. [Footnote 15] In addition, DHS reported that there is limited ability to screen small vessels for weapons of mass destruction, and as a result, small vessels could be used by terrorists to transport such weapons.[Footnote 16] In January 2009, we reported that DNDO had developed and tested equipment for detecting nuclear material on small vessels, but that efforts to use this equipment in a port area had been limited to pilot programs.[Footnote 17] We further reported that DNDO had not established a detailed plan to address gaps and vulnerabilities and recommended that DHS develop a plan to help ensure the future success of initiatives aimed at closing gaps and vulnerabilities and that this plan should focus on, among other things, small vessels. To address this recommendation, DHS issued a strategic plan in December 2010 and an implementation plan in April 2012. Small Vessels Are Generally Unregulated: Since the terrorist attacks of September 11, 2001, maritime enforcement efforts have been primarily focused on large commercial vessels (over 300 gross tons), while federal efforts to address small vessels are more limited. In particular, large commercial vessel security is governed by Coast Guard regulations issued pursuant to the Maritime Transportation Security Act of 2002 and other relevant legislation.[Footnote 18] For example, certain larger vessels are required to submit information--in advance of U.S. arrival or departure--on crew members, passengers, cargo, and vessel operations. [Footnote 19] This advance information allows the Coast Guard and CBP to conduct risk-based analyses and gain a greater awareness of large commercial vessel operations, their passengers, and their crews. In addition, certain large commercial vessels are also required to carry and operate transponders--such as an automatic identification system-- which broadcast information on the vessels and their locations, allowing authorities to track their movements.[Footnote 20] In contrast, small vessels are generally exempt from these requirements. [Footnote 21] As a result, the federal government has limited knowledge regarding the owners and locations of small vessels. [Footnote 22] Although small vessels are generally unregulated, the federal government has put in place some requirements for these vessels. For example, small vessel operators traveling to foreign ports or places are required to report to CBP upon their return to the United States. [Footnote 23] However, CBP estimates that a small percentage of the international small vessel traffic returning to the United States actually report this information. According to CBP, this low level of compliance is due, in part, to a lack of (1) public awareness of the reporting requirements, and (2) inspections to emphasize and ensure compliance. CBP has taken actions to help address this issue as part of its Small Vessel Reporting System initiative, which is discussed later in this report. At the international level, the International Maritime Organization issued guidelines in 2008 regarding the security of small vessels that are not subject to the International Ship and Port Facility Security Code, but these guidelines are voluntary. [Footnote 24] In March 2009, we reported on the challenges of tracking small vessels using available technologies.[Footnote 25] For example, we reported that although the Coast Guard and other agencies may have technology systems that can track small vessels within some ports, these did not always work in bad weather or at night. Further, we reported that even with systems in place to track small vessels, there is agreement among maritime stakeholders that it is difficult to detect threatening activity by small vessels without prior knowledge of a planned attack. Ultimately, DHS documents report that the U.S. government has only limited knowledge about international recreational boaters and their travel patterns. According to the SVSS, in the United States, there is a tradition and expectation among small vessel operators to generally have unrestricted access to U.S. waterways. In addition, small vessel operators have expressed concerns about the cost of requirements that would allow the government to track their movements. For example, DHS conducted outreach efforts with the small vessel community while developing the SVSS, and DHS reported that small vessel operators and national recreational vessel associations expressed concern that the cost of transponders would present an objectionable burden for recreational boaters. Accordingly, DHS faces a challenge in balancing the collection of information necessary for the proper assessment of risks posed by small vessels with the freedom of the seas expected by small vessel operators. Development of the SVSS and SVSS Implementation Plan: In June 2007, DHS held an initial small vessel security summit to engage private, commercial, and government stakeholders in discussions on a range of issues involving the security risks posed by small vessels in the U.S. maritime environment.[Footnote 26] During this summit, the stakeholders that attended provided numerous recommendations to DHS, including a recommendation that DHS develop a national strategy regarding small vessel security. In response to this recommendation, DHS convened the Small Vessel Security Working Group in August 2007, which consisted of representatives from DHS components, such as the Coast Guard, CBP, and the Transportation Security Administration, as well as participation by representatives from the Departments of Justice and Defense. The working group developed the SVSS in April 2008 to address the potential for small vessels to be used (1) to smuggle terrorists or weapons, including weapons of mass destruction, into the United States; (2) as a standoff weapon platform; or (3) as a direct attack method to deliver a waterborne improvised explosive device.[Footnote 27] The four overarching goals--which include more specific objectives--of the SVSS are to: * develop and leverage a strong partnership with the small vessel community and public and private sectors in order to enhance maritime domain awareness;[Footnote 28] * enhance maritime security and safety based on a coherent plan with a layered, innovative approach; * leverage technology to enhance the ability to detect; determine intent; and, when necessary, interdict small vessels; and: * enhance coordination, cooperation, and communications between federal, state, local and tribal partners and the private sector, as well as international partners. DHS subsequently issued the SVSS Implementation Plan in January 2011. [Footnote 29] In developing the plan, the SVSS Working Group relied on subject matter experts at DHS components to provide input on what action items should be included. From these efforts, DHS includes a total of 132 action items in the plan, organized according to the four overarching SVSS goals. Each of the action items provides a description of the action to be taken and the lead federal department or component responsible for coordinating and implementing the action. Examples of action items include the following: * increase systematic visits to maritime facilities to build relationships, improve knowledge of threat conditions at marinas, and deter criminals; * partner and coordinate with foreign countries, particularly in the Caribbean region, on radiological and nuclear detection and interdiction; * explore research and development of a permanent sensor system to detect and track noncooperative vessels; and: * improve federal, state, tribal, and local interagency information sharing, joint targeting, collaboration on boardings, and related operations. Based on input from the DHS components' subject matter experts, the SVSS Implementation Plan also includes information on the general time frames, estimated relative costs, and anticipated impacts that each action item may have in achieving the goals of the SVSS.[Footnote 30] After DHS issued the SVSS Implementation Plan, each federal agency or component was responsible for separately determining the feasibility of the relevant action items and deciding which ones to implement after taking into account its specific mission, priorities, and the resources available.[Footnote 31] The SVSS Implementation Plan states that it is intended to be a guidance document to provide greater specificity about how preexisting programs may be developed and coordinated to achieve the goals and objectives outlined in the SVSS. DHS and Its Components Are Taking Actions, but DHS Is Not Tracking Progress in Addressing the SVSS Implementation Plan: DHS Components Have Various Initiatives to Address Small Vessel Security Concerns: DHS components have completed some initiatives and have other initiatives under way to address small vessel security concerns. Some of these initiatives go back more than a decade, and include security measures that the components have implemented to protect vessels and infrastructure from small vessel attacks, including the enforcement of security zones around certain vessels--such as ferries--or infrastructure. Another security measure is the escort of larger vessels--such as cruise ships and liquid natural gas tankers--into a port, as shown in figure 2. Figure 2: Coast Guard Vessels Escorting a Cruise Ship and a Liquid Natural Gas Tanker: [Refer to PDF for image: 2 photographs] Source: U.S. Coast Guard (left photograph; GAO (right photograph. [End of figure] More recently, DHS components developed initiatives to address small vessel security concerns that relate to the four goals of the SVSS-- although many initiatives began prior to issuance of the SVSS Implementation Plan. The SVSS Implementation Plan states that many of the initiatives in the plan are not new or uniquely dedicated to terrorist threats or small vessels, and that a number of the initiatives are ongoing in the various federal agencies responsible for facilitating maritime safety, security, recreation, and commerce. [Footnote 32] Further, more than one DHS component may be responsible for addressing a single action item in the SVSS Implementation Plan, and a single action item could be addressed through several initiatives. In addition, DHS officials stated that initiatives often aligned with multiple action items in the plan.[Footnote 33] DHS component officials we met with identified the following key initiatives that they have completed or have under way to enhance small vessel security. These initiatives relate to the goals of the SVSS and are linked to multiple action items in the SVSS Implementation Plan. For additional information on these four initiatives, see appendix II. * Focused Lens. Originally piloted by the Coast Guard in 2008, Focused Lens is an ongoing initiative intended to assist Coast Guard units in preventing small vessel attacks in their areas of operation by identifying and directing additional resources and efforts toward the most likely points of origin for a small vessel attack, such as marinas and boat ramps. * Small Vessel Reporting System. In May 2010, CBP developed this voluntary, online program to enable small vessel operators to expedite the reporting of their foreign voyages to and planned arrivals in the United States. This program is intended to allow CBP to assess the risks for known small vessels and associated passengers in advance of arrival in the United States and, as a result, make it easier to identify suspicious or unknown small vessels. * West Coast Maritime Pilot. Under this pilot, DNDO provided equipment and training to a variety of federal, state, local, and tribal agencies to enhance their ability to detect and interdict the smuggling of radiological and nuclear materials onboard small vessels. The pilot ran from September 2007 to December 2010, and according to DNDO officials, has integrated the lessons learned and standard operating procedures developed to expand assistance efforts in other regions around the country. * Coastal Surveillance System. DHS S&T is developing a system that is designed to integrate information from publicly available data sources and sensors to improve (1) maritime domain awareness by tracking vessels in real time and (2) the interdiction of vessels involved in illegal or illicit activities by identifying anomalies or suspicious behavior. In addition to specific initiatives, DHS officials and port security stakeholders cited general efforts that they believed have helped to improve coordination among federal, state, and local agencies--one of the goals of the SVSS. For example, federal and local port security stakeholders at one of the ports we visited stated that their joint operations center has helped them coordinate security operations, such as the security boarding of small vessels. According to Coast Guard officials, the Coast Guard performed 11,399 small vessel security boardings in 2012, and with the assistance of other port security stakeholders, an additional 789 small vessels security boardings were conducted that year.[Footnote 34] In addition, in one of the ports we visited, the Coast Guard and local law enforcement officials developed a memorandum of understanding to conduct joint boardings of small vessels. Local law enforcement and port authority officials at the two ports we visited stated that enhanced coordination with federal agencies has improved the overall level of communication and cooperation related to small vessel security operations. DHS Is Not Tracking Progress on the SVSS Implementation Plan: Although DHS components have various initiatives under way, DHS does not know the extent to which its components or other relevant stakeholders have made progress in addressing SVSS Implementation Plan action items because DHS is not systematically gathering information on their efforts. The SVSS Implementation Plan states that DHS is to assess and update the plan annually and focus on realigning the plan with the activities under way by its components and other federal agencies. The SVSS Implementation Plan directs that this review is also to (1) eliminate short-term action items that have been completed over the previous year; (2) transition action items from long-term to short-term status, as appropriate; and (3) augment the plan with new action items. Since the SVSS Implementation Plan was issued in 2011, however, neither DHS nor its components are tracking progress on the action items in the plan. Officials we spoke with from four of the key DHS components that have responsibility for leading the majority of the action items in the SVSS Implementation Plan (the Coast Guard, CBP, DNDO, and DHS S&T) stated that while they are tracking efforts and initiatives of their component-specific missions that may address risks posed by small vessels, they are not systematically tracking these efforts as they relate to the specific action items listed in the plan. After the SVSS Implementation Plan was issued, the Coast Guard conducted a one-time review in November 2011 of the action items in the plan where it was identified as a lead or colead. This review included information on the status of preexisting or planned Coast Guard initiatives that were related to each action item and which action items were determined to not be implementable. DHS officials we spoke with stated that there is no plan to update the SVSS Implementation Plan because it is not a priority, given budget constraints, and it is too early to measure the effectiveness of action items in the plan. According to a senior DHS Policy official, although the SVSS Implementation Plan states that DHS should assess and update the plan annually, given these constraints, an annual review is too frequent. The senior DHS official added that per the Secretary of Homeland Security's direction, DHS components are focusing on maintaining their ongoing operations under constrained budgets, and so efforts to update the SVSS Implementation Plan are not currently a priority. For example, Coast Guard officials we met with stated that, in many instances, the ability to expand certain efforts in scope or scale so as to more effectively address small vessel security risks may be dependent on the funding of particular port programs or the availability of related grant funding, which can be affected by budget constraints. Coast Guard officials added that America's Waterway Watch--a program highlighted in the SVSS Implementation Plan that provides outreach to the public, including the small vessel community, on awareness of threats and how to report suspicious activity--may not receive funding in DHS's fiscal year 2014 appropriation. DHS officials also stated that because the SVSS Implementation Plan was issued in early 2011, it is too early to expect a majority of the action items to be completed or, especially for the long-term action items, to have been implemented. These officials stated that accomplishing the SVSS's goals and objectives through implementation of the many action items in the SVSS Implementation Plan will require a significant investment of time and resources, along with buy-in from state and local maritime security stakeholders. Accordingly, it could take years to fully implement some of the action items and determine whether they are effective. Further, according to DHS officials, not all action items listed in the SVSS Implementation Plan may be feasible or implemented at all port locations nationally. For example, Coast Guard officials we met with stated that while the placement of floating security barriers is an effective security strategy used by the U.S. Navy to protect certain high-value assets (see fig. 3), it would not be economically feasible to install such barriers at all ports because they would have to be designed for the specific characteristics and needs of each port location.[Footnote 35] Figure 3: A Floating Security Barrier (Foreground): [Refer to PDF for image: photograph] Source: U.S. Navy. [End of figure] DHS officials involved with the SVSS Working Group, as well as officials from four of the DHS components we spoke with, stated that receiving updates on progress or lessons learned from efforts to implement the action items in the SVSS Implementation Plan would be valuable information. For example, officials we met with from DHS Policy and the Coast Guard stated that they recognize the value in updating the progress of the SVSS Implementation Plan to incorporate new information about threats, changes in technologies, requirements, and lessons learned as programs are assessed, prioritized, and implemented. In addition, a Coast Guard port security specialist we met with at one of the ports added that updating the progress of the plan could help DHS better determine where to focus its research and development efforts and prioritize the related funding and resources needs. Further, DNDO officials we met with stated that there is value in understanding what individual DHS components are implementing regarding the SVSS Implementation Plan, as well as the methods and techniques that are being used. The DNDO officials added that obtaining a common understanding of ongoing efforts to implement related initiatives could prevent duplication of effort, provide a means of sharing lessons learned among components, and potentially save time and resources. DHS S&T officials we met with similarly stated that there is value in learning about the overall progress of the SVSS Implementation Plan and that, to do this effectively, this information needs to be collected in a more systematic way and then be made widely available to all the agencies involved. Although it may be too early to measure the effectiveness of some action items in the SVSS Implementation Plan, updating the progress made in addressing the action items could help DHS and its components prioritize their efforts given constrained budgets; better identify successes and lessons learned; and enhance collaboration with federal, state, and local stakeholders regarding small vessel security issues. The SVSS Implementation Plan states that, because of risk, the unpredictability of budgets, policy changes, and administrative priorities, the plan must be reviewed regularly to ensure that it remains current and accurate. By engaging in this review process, the plan states that it is intended to be a living document that provides a strategic overview of participating agencies' implementation of the SVSS. Standards for Internal Control in the Federal Government calls for federal agencies to design and implement control activities to enforce management's directives.[Footnote 36] Further, the SVSS Implementation Plan calls for DHS to assess and update the plan to determine the progress that has been made to address the action items in the plan. This provision is a control activity to help ensure the achievement of the goals and objectives of the SVSS. The SVSS Implementation Plan calls for this review to be conducted annually, but given resource constraints and the time it will take to complete some of the action items, less frequent but regular assessments may be warranted. By systematically gathering information from its components and other relevant stakeholders to update the action items in the SVSS Implementation Plan on a regular basis, DHS would be better able to monitor progress against the plan and the goals and objectives of the SVSS. This is particularly important given that more than one agency or component may be responsible for addressing action items in the plan and because, according to DHS officials, accomplishing the SVSS's goals and objectives will require a significant investment of time and resources. According to key management practices, for agency efforts that require a substantial commitment and that could take years to complete, it is essential to track implementation goals to pinpoint performance shortfalls and gaps and suggest any needed corrections. [Footnote 37] Further, according to useful practices for performance management and measurement, having a clear understanding of current performance--a baseline--is essential to determining whether new initiatives will result in accomplishing the goals and objectives of the SVSS.[Footnote 38] Conclusions: Recognizing the risks posed by terrorists using small vessels to attack targets or as a conveyance for terrorists and their contraband to enter the United States, DHS issued its SVSS Implementation Plan in January 2011 to help guide efforts to mitigate the security risks arising from small vessels. DHS component agencies have completed some initiatives and have other initiatives under way to address the risk of a small vessel attack, but DHS is not gathering information on the progress its components or relevant stakeholders are making to address action items in the SVSS Implementation Plan and has no plans to do so. The SVSS Implementation Plan, by design, is to be revised to accommodate new information about threats, technologies, requirements, and lessons learned as action items are implemented, but DHS has not updated the plan since it was issued in 2011. Given that internal controls call for federal agencies to design and implement control activities to enforce management's directives, DHS could better prioritize initiatives and identify successes if it was to regularly update the progress its components and other relevant stakeholders are making to address the action items in the SVSS Implementation Plan. This information could be particularly useful to DHS components that may be operating under more constrained budgets than when the plan was first issued. Recommendation for Executive Action: To improve DHS's ability to monitor progress, prioritize action items, and identify successes, we recommend that the Secretary of Homeland Security systematically gather information from the department's components and other relevant stakeholders to regularly update the progress they are making in addressing action items in the SVSS Implementation Plan. Agency Comments: In September 2013, we requested comments on a draft of this report from the Department of Homeland Security. The department provided technical comments, which we have incorporated into the report, as appropriate. In addition to its technical comments, DHS provided an official letter for inclusion in the report, which can be seen in appendix III. In the letter, DHS stated it concurred with the recommendation and, by October 31, 2014, plans to complete a review of the progress its components are making in addressing SVSS Implementation Plan actions. We think this review is an important first step, but want to emphasize that such progress reviews should be conducted on a periodic basis until the SVSS Implementation Plan action items are fully addressed. As agreed with your offices, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days from the report date. At that time, we will send copies to the Secretary of Homeland Security, appropriate congressional committees, and other interested parties. In addition, the report will be available at no charge on the GAO website at [hyperlink, http://www.gao.gov]. If you or your staff have any questions about this report, please contact me at (202) 512-9610 or caldwells@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this report. Key contributors to this report are listed in appendix IV. Signed by: Stephen L. Caldwell, Director Homeland Security and Justice Issues: [End of section] Appendix I: Stakeholders Involved in Small Vessel Security: This appendix provides details on the numerous stakeholders that play a role in small vessel security. These stakeholders include various Department of Homeland Security (DHS) components with regulatory, statutory, and management responsibilities that affect small vessel security. See table 1 for key DHS components involved in small vessel security, including the components that are the lead or colead for the majority of the action items in the Small Vessel Security Strategy (SVSS) Implementation Plan. Table 1: Examples of Key Department of Homeland Security (DHS) Components' Roles and Responsibilities Regarding Small Vessel Security: DHS component/role: U.S. Customs and Border Protection (CBP); CBP's top priority is to keep terrorists and their weapons from entering the United States; Small vessel security-related responsibilities: * Makes final admissibility determinations regarding cargo and persons arriving from a foreign port or place; * Enforces applicable requirements for commercial vessel operations, including requirements to provide and screen inbound and outbound cargo declarations and passenger manifests, and provide entry and clearance notifications; * Employs resources to identify and interdict terrorists and terrorists' weapons as far from the U.S. shores as possible; * Served as one of the lead DHS components for the development of the SVSS and SVSS Implementation Plan. DHS component/role: U.S. Coast Guard; The Coast Guard's core roles are to protect the public, the environment, and U.S. economic and security interests in the U.S. maritime domain; Small vessel security-related responsibilities: * Inspects and assesses the security of U.S. ports in accordance with pertinent legislation; * Facilitates efforts to enhance maritime domain awareness--including the monitoring of all vessels in U.S. waters; * Provides operational capabilities to deter, respond to, and mitigate small vessel attacks; * Served as one of the lead DHS components for the development of the SVSS and SVSS Implementation Plan. DHS component/role: Domestic Nuclear Detection Office (DNDO); DNDO was established to improve the capability to detect and report the presence of nuclear or radiological material; Small vessel security-related responsibilities: * Develops the global nuclear detection and reporting architecture; * Establishes operation protocols to ensure that nuclear detection leads to effective response; * Conducts research and development program in nuclear detection; * Partners with DHS components, including the Coast Guard and CBP for the acquisition of radiation and nuclear detection equipment. DHS component/role: DHS Science and Technology (S&T) Directorate; DHS S&T is the primary research and development arm of DHS; Small vessel security-related responsibilities: * Drives development and use of technology in support of homeland security missions; * Develops technologies that are to provide real-world capabilities to support the reduction of risk from the exploitation of small vessels by terrorists; * Develops technologies to support the mission of other DHS components. Source: GAO analysis of information provided by DHS components. Note: In addition to the DHS components listed above, DHS's Office of Policy--which is the primary policy formulation and coordination component for DHS--also helped develop the SVSS and SVSS Implementation Plan. [End of table] To enhance deterrence and improve preparedness, state, local, and tribal governments are also involved in small vessel security. For example, state and local law enforcement agencies carry out a variety of security operations at their respective ports, such as small vessel boardings or escorts of vessels into port. Finally, the general public, including the small vessel community and fishing associations, play a role in small vessel security by identifying and reporting suspicious activity to relevant law enforcement agencies. [End of section] Appendix II: Examples of DHS Components' Initiatives to Address Small Vessel Security: This appendix provides additional details on four key initiatives that DHS components have completed or have under way to improve small vessel security. Each of these initiatives is led by one of the four DHS components with a key role in addressing small vessel security-- the Coast Guard, CBP, DNDO, and DHS's S&T. The initiatives included in this appendix are illustrative of actions DHS components have taken to enhance small vessel security and are linked to multiple action items in the SVSS Implementation Plan. Focused Lens: Originally created by the Coast Guard's District Eleven as Operation Focused Lens, the initiative was piloted in 2008 to address small vessel security risks.[Footnote 39] As a continuing Coast Guard initiative, Focused Lens is intended to increase awareness of suspicious activity in and around U.S. ports. In particular, Focused Lens is intended to assist Coast Guard units in preventing small vessel attacks in their areas of operation by directing additional resources and efforts toward the most likely points of origin for a small vessel attack, such as marinas and vessel ramps. Focused Lens relates to the SVSS goals, particularly the goal to develop and leverage a strong partnership with the small vessel community and public and private sectors. Focused Lens is composed of three phases. In phase 1, Coast Guard officials are to identify small vessel launch sites in their area of operation and assess their attributes, including the size of the launch sites and their proximity to people, homes, and businesses, and whether the sites have security measures in place, such as video cameras and lighting.[Footnote 40] In phase 2, Coast Guard officials are to enter the data they collect on launch sites in their area of operation into the Coast Guard's Maritime Security Risk Analysis Model (MSRAM).[Footnote 41] A MSRAM analyst is to evaluate the data to determine the potential of the launch sites to be used by terrorists based on the various attributes, and prioritize the launch sites accordingly. In phase 3, the Coast Guard is to decide on where to conduct security activities (i.e., boarding small vessels, conducting surveillance patrols, or promoting citizen awareness programs) based on the prioritization of the launch sites. These security activities are to be conducted at the discretion of Coast Guard officials in their specific areas of operation to prevent and deter terrorist activity.[Footnote 42] Even if activities are not routinely conducted, MSRAM data can be used to provide the Coast Guard with important information on launch sites so that it can prioritize and focus its security activities during times of emerging terrorist threat conditions. According to Coast Guard documentation, citizen awareness programs can help to increase understanding among the general public-- including marina and small vessel operators--regarding the process for reporting suspicious activities. See figure 4 for a poster promoting a citizen awareness program. Figure 4: A Citizen Awareness Program Poster: [Refer to PDF for image: copy of poster] Poster text: America's Waterway Watch: Help Keep America's Waterways Safe and Secure. Report Suspicious Activity on the Waterfront. Call 911, VHF Channel 16, or 877-24WATCH. [hyperlink, http://www.americaswaterwatch.uscg.mil] Source: U.S. Coast Guard. [End of figure] Since the initiative was first piloted in District Eleven in 2008, the Coast Guard has identified Focused Lens as a best practice, and it began to expand the initiative in fiscal year 2012. Focused Lens has been implemented, or is being implemented, in various locations within Coast Guard districts and sectors. According to Coast Guard officials, it is left to the discretion of Coast Guard commanding officers whether to implement Focused Lens in their area of operation, given their competing priorities and limited resources. Coast Guard officials stated that Focused Lens may not be feasible to implement in some locations, such as areas that include a river that has no designated launch sites, and where a vessel could be launched at any location along its length. Further, Focused Lens may not be implemented in locations where the area of operation is relatively small and response teams can respond in a timely manner. For example, Coast Guard officials in one of the ports we visited stated that they decided not to implement Focused Lens because their area of operation was condensed and all launch sites could be reached within a matter of minutes. Through regular analysis and refinement, and with feedback from its field units, the Coast Guard reports that Focused Lens is expected to remain a useful tool for operational decision makers. Small Vessel Reporting System: CBP developed the Small Vessel Reporting System (SVRS)--a voluntary, online program for small vessel operators and passengers (participants) to report their foreign travels--to better track small vessels and make it easier to identify suspicious or unknown vessels. To enroll in the SVRS program, participants are to first complete an online application and then make an appointment for a face-to-face interview with a CBP officer who verifies the information provided and, if needed, obtains their digital fingerprints and photograph. [Footnote 43] Once enrolled, participants are able to submit float plans for their intended international travel online.[Footnote 44] By doing so, participants can expedite the process for reporting their intended arrivals from foreign locations and may not have to appear in person for inspection by CBP officers each time they enter the United States.[Footnote 45] Since the SVRS enables CBP to capture certain biographical and vessel data much earlier than upon a vessel's arrival at the United States from a foreign location, CBP can review this information to identify potential high-risk small vessels and determine, in advance of the vessels' arrival, if a face-to-face inspection may need to be conducted. A CBP official we met with who is familiar with the SVRS stated that if the SVRS is used by a participant, CBP inspection officers will be better able to determine if a face-to-face inspection is needed and, if so, what level of resources is needed to conduct an inspection upon the participant entering the United States. Further, CBP officials we spoke with at one of the ports we visited stated that the SVRS enables them to increase the amount of time CBP officers are spending in the field to conduct enforcement activities by limiting the amount of time officers spend collecting and entering data from boaters reporting their arrival by phone. The SVRS relates to the goals of the SVSS, particularly the goal of enhancing maritime security and safety through the implementation of advanced data submission procedures and efforts to increase reporting compliance. The SVRS was initially piloted in Miami, Florida, in May 2010. Miami was selected as the pilot location because of the large population of small vessels operating in that area. The pilot was made available to participants already enrolled in a local CBP registered traveler program. Later in 2010, the SVRS pilot was expanded to additional CBP field offices covering southern Florida, Puerto Rico, and the U.S. Virgin Islands. In May 2011, CBP further expanded the pilot to include five additional field offices--Boston, Buffalo, Chicago, Detroit, and Seattle--and eligibility was also expanded to include all U.S. and Canadian citizens, among others.[Footnote 46] As of October 2011, the SVRS pilot was deployed to all CBP field offices nationwide with the exception of two--El Paso and Tucson--that do not have a nexus to water. According to CBP, as of May 28, 2013, the number of participants enrolled in the SVRS had grown to 30,190, along with a total of 5,862 float plans submitted, and 11,189 vessels registered, as shown in table 2. Table 2: Number of Participants, Float Plans, and Vessels Registered in the Small Vessel Reporting System, May 2010 through May 2013: Milestone: May 2010, to May 22, 2011; (pilot deployed in South Florida, Puerto Rico, and the U.S. Virgin Islands); U.S. citizens: 8,253; Legal permanent residents: 1; Canadian citizens: 47; Total participants: 8,301; Submitted float plans: 822; Registered vessels: 3,225. Milestone: May 23, 2011, to October 28, 2011; (pilot expanded to Boston, Buffalo, Chicago, Detroit, and Seattle); U.S. citizens: 6,659; Legal permanent residents: 2; Canadian citizens: 488; Total participants: 7,149; Submitted float plans: 1,428; Registered vessels: 2,389. Milestone: October 29, 2011, to May 28, 2013; (pilot expanded to all CBP field offices nationwide); U.S. citizens: 13,892; Legal permanent residents: 8; Canadian citizens: 840; Total participants: 14,740; Submitted float plans: 3,612; Registered vessels: 5,575. Milestones: Totals; U.S. citizens: 28,804; Legal permanent residents: 11; Canadian citizens: 1,375; Total participants: 30,190; Submitted float plans: 5,862[A]; Registered vessels: 11,189. Source: U.S. Customs and Border Protection. [A] Of the float plans submitted, 4,634 (79 percent) of them have been completed. The remaining 1,228 (21 percent) were float plans that were submitted but not used or were for future trips that had not yet taken place. [End of table] As of May 2013, three CBP field office locations--Miami and Tampa, Florida, and San Juan, Puerto Rico--accounted for 79 percent of the SVRS registrants. CBP officials attributed this to the fact that the SVRS pilot originated in these locations and the number of small vessels operating in these locations is very high relative to the number in other locations. CBP officials added that the number of SVRS registrations is not very high in some locations and noted that CBP is attempting to address challenges to implementing the SVRS in other locations. For example, CBP officials we met with at one of the ports we visited stated that, as of April 2013, a total of 14 people had enrolled in the SVRS at their location and a few float plans had been submitted. The CBP officials stated that they believed these numbers were low, in part, because of the lack of publicity regarding the SVRS program. CBP officials added that CBP is in the process of increasing its efforts to promote the SVRS through various community outreach efforts at a number of locations in an attempt to expand public awareness and increase use of the SVRS among small vessel operators and passengers. Finally, CBP officials told us that because of the proximity of many locations along the U.S. border to Canada, a trip between the two countries may require only a few minutes to complete. As a result, a program to expedite the reporting process is already being utilized in this region, thereby negating the need to register in the SVRS.[Footnote 47] CBP officials stated that CBP is in the process of determining whether modifications can be made to the SVRS in an effort to increase its use in this region. West Coast Maritime Pilot: DNDO conducted the West Coast Maritime Pilot (WCMP) program from September 2007 to December 2010. The pilot program--which provided equipment and training to a variety of federal, state, local, and tribal agencies--was designed to enhance agencies' ability to detect and interdict the smuggling of radiological and nuclear materials being transported onboard small vessels. DNDO implemented the WMCP program in two locations--Puget Sound, Washington, and San Diego, California--and coordinated it through local Area Maritime Security Committees.[Footnote 48] The objective of the WCMP program was to create a layered, preventive radiological/nuclear detection (PRND) defense across the participating state and local agencies that would enhance the limited resources of federal agencies. The WCMP program also sought to develop, implement, and evaluate standard operating procedures for detecting and interdicting radiological and nuclear materials transported onboard small vessels that could then be adapted to the needs of other ports or regions. The WCMP program relates to the goals of the SVSS, including enhancing maritime security and safety based on a coherent plan with a layered, innovative approach. In both of the pilot locations, DNDO procured commercially available boat-mounted and portable radiation detection equipment (for examples of the latter, see fig. 5), trained agency personnel on how to use the equipment, and evaluated agencies' maritime PRND operations in exercises involving small vessels that were carrying radiological or nuclear materials onboard. Figure 5: Portable Radiation Detectors: [Refer to PDF for image: 3 photographs] Source: DNDO. Note: Pictured, from left to right, are (1) the Polimaster PM 1703GN PRD, which is designed to be worn on a belt and to alert in the presence of radiation levels above a defined threshold; (2) the ThermoFisher IdentiFINDER-U RIID (Radioisotope Identification Device-- or RIID--which is designed to detect and localize radiation sources, identify specific types of radiation and the specific isotope emitting the radiation, and store radiation data for transmission to subject matter experts for analysis; and (3) the ORTEC MicroDetective-EX, which is a more advanced, high-resolution type of RIID. [End of figure] According to DNDO's final reports, the WCMP program resulted in the successful development of a regionally coordinated, layered, maritime PRND capability to reduce the risk of radiological and nuclear threats transported onboard small vessels at each of the two pilot locations. The final report for one of the pilot locations stated that more than 250 additional radiation detectors were deployed, new training materials were developed, and training was provided to over 400 emergency responders. Further, the final report for the other pilot location stated that the number of agency boats conducting PRND screenings of small vessels has more than doubled and the number of screenings has increased significantly because of leveraging the resources and expertise of state, local, and tribal agencies. These reports also stated that the participating agencies successfully detected the presence of radiological or nuclear materials transported on small vessels during exercises.[Footnote 49] Additionally, according to DNDO officials, the WCMP program demonstrated that it is possible for maritime PRND operations to be integrated into the operations of law enforcement and emergency responders with limited impact on their duties. The final WCMP program reports also highlighted some challenges related to the development of maritime PRND capability focused on small vessels. For example, although these reports stated that the WCMP program exercises proved successful, DNDO officials stated that reducing the risk posed by small vessels containing illicit radiological or nuclear materials in the real world is a challenge, in part because, at any given time, there could be a large number of small vessels that would need to be screened. DNDO reported that further analysis is needed at the port level to determine the numbers and placement of PRND equipment and operational tactics that would be most effective.[Footnote 50] Since completion of the pilots, DNDO has integrated the lessons learned from the WCMP program to expand its maritime PRND program assistance efforts in other regions around the country. For example, according to DNDO officials, lessons learned from the WCMP program were used to develop a regional maritime PRND program in Boston, Massachusetts, and similar efforts are under way in Charleston, South Carolina; Rochester, New York; and San Francisco, California. DNDO also developed generic standard operating procedures for a regional maritime PRND program and provided these to the Coast Guard for potential distribution to all of the Area Maritime Security Committees around the nation. Further, both WCMP programs in Puget Sound and San Diego have been sustained with continued use of the equipment from the pilot, and, according to DNDO officials, the maritime PRND program in Puget Sound continues to grow with additional agencies joining the effort and the number of boat-mounted detection systems in the region increasing as well. Coastal Surveillance System: DHS S&T is developing and piloting the Coastal Surveillance System (CSS),[Footnote 51] which is intended to improve (1) maritime domain awareness by tracking vessels in real time and (2) the interdiction of vessels involved in illegal or illicit activities by identifying anomalies or suspicious behavior. With respect to small vessels, DHS S&T officials stated that the key benefit of the CSS, once fully developed, will be its ability to help users--such as CBP, the Coast Guard, and law enforcement agencies--distinguish small vessels that are not a threat from those that may warrant further action. Specifically, DHS S&T officials stated that they believe the CSS will be able to improve interdiction effectiveness--the number of boardings that result in apprehensions and prosecutions. Accordingly, the CSS relates to the goals of the SVSS, particularly the goal to leverage technology to enhance the ability to detect; determine intent; and, when necessary, interdict small vessels. According to DHS S&T documents, the CSS is intended to improve maritime domain awareness and interdiction effectiveness by integrating a variety of unclassified information on vessels collected from publicly available data sources, as well as data collected from sensors.[Footnote 52] Through analytical tools, the CSS is intended to alert users to suspicious vessels. According to DHS S&T officials, the CSS is intended to provide users with an operational picture similar to what the Federal Aviation Administration uses to identify the location of all airplanes at all times. Although the 3-year CSS pilot program was to be initiated in fiscal year 2014, DHS S&T officials stated that they were ahead of scheduled time frames and deployed the CSS to three DHS field locations in December 2012 to obtain early feedback on the system.[Footnote 53] DHS S&T officials stated that they are documenting feedback they receive on the CSS and are making changes before the pilot is officially launched in fiscal year 2014 and the CSS is deployed to other entities, including state and local law enforcement agencies and international partners. Although DHS S&T intends for the CSS to track small vessels, DHS S&T officials stated that, as of May 2013, the CSS does not have the capability to detect most small vessels, since these vessels are generally not required to submit information to systems that would feed into the CSS. DHS S&T officials stated that more information sources are needed to be able to track small vessels. For example, according to an April 2013 CBP assessment of the CSS, the initial rollout of the CSS to its Air and Marine Operations Center had limited sensor integration to track small vessels. DHS S&T reports that it plans to take advantage of technological advances to detect small vessels that are being developed under two DHS S&T programs, and incorporate these data sources into the CSS over time.[Footnote 54] DHS S&T officials identified some examples of technologies DHS S&T is in the process of developing or piloting, including the Smart Chart Automatic Identification System--a smart phone application that is to provide free nautical maps to the user but is to also provide vessel positioning information to authorized federal agencies--and the SeaWeb acoustic tripwire, which is to deliver an acoustic sensor to detect small vessels. DHS S&T officials stated that these are currently in different phases of development and are not yet integrated into the CSS. [End of section] Appendix III: Comments from the Department of Homeland Security: U.S. Department of Homeland Security: Washington, DC 20528: October 23, 2013: Stephen L. Caldwell: Director, Homeland Security and Justice Issues: U.S. Government Accountability Office: 441 G Street, NW: Washington, DC 20548: Re: Draft Report GAO-14-32, "Maritime Security: DHS Could Benefit from Tracking Progress in Implementing the Small Vessel Security Strategy" Dear Mr. Caldwell: Thank you for the opportunity to review and comment on this draft report. The U.S. Department of Homeland Security (DHS) appreciates the U.S. Government Accountability Office's (GAO's) work in conducting its review and issuing this report. The Department is pleased to note GAO's positive acknowledgment of the many initiatives that DHS Components have completed or are under way to address small vessel security concerns. Generally conducted under the auspices of the Small Vessel Security Strategy (SVSS) Implementation Plan, these activities are critical to the Department's success in fulfilling its missions and have definitely helped facilitate increased coordination among federal, state, and local agencies, which is one of the goals of the SVSS. The draft report contained one recommendation with which the Department concurs. Specifically, GAO recommended that the Secretary of Homeland Security: Recommendation: Systematically gather information from the department's components and other relevant stakeholders to regularly update the progress they are making in addressing action items in the SVSS Implementation Plan. Response: Concur. The DHS Office of Policy, Office of Policy Integration and Implementation, will initiate a review of the progress in implementing SVSS Implementation Plan actions as soon as reasonably practical, given available resources, and competing priorities and demands, as appropriate. DHS Office of Policy program officials and subject matter experts agree that collecting additional information on existing progress from Components may be beneficial. However, they also emphasize that oversight of the Components is best accomplished when the Components act within their authority during periods of budgetary constraints. Estimated Completion Date: October 31, 2014. Again, thank you for the opportunity to review and provide comments on this draft report. Technical comments were previously provided under separate cover. Please feel free to contact me if you have any questions. We look forward to working with you in the future. Sincerely, Signed by: Jim H. Crumpacker: Director: Departmental GAO-OIG Liaison Office: [End of section] Appendix IV: GAO Contact and Staff Acknowledgments: GAO Contact: Stephen L. Caldwell, (202) 512-9610 or caldwells@gao.gov: Staff Acknowledgments: In addition to the contact named above, Christopher Conrad (Assistant Director), Tracey Cross, Julian King, Tracey King, Stanley J. Kostyla, Jessica Orr, and Hugh Paquette made significant contributions to the work. [End of section] Related GAO Products: Coast Guard: Observations on Progress Made and Challenges Faced in Developing and Implementing a Common Operational Picture. [hyperlink, http://www.gao.gov/products/GAO-13-784T]. Washington, D.C.: July 31, 2013. Coast Guard: Clarifying the Application of Guidance for Common Operational Picture Development Would Strengthen Program. [hyperlink, http://www.gao.gov/products/GAO-13-321]. Washington, D.C.: April 25, 2013. Critical Infrastructure Protection: An Implementation Strategy Could Advance DHS's Coordination of Resilience Efforts across Ports and Other Infrastructure. [hyperlink, http://www.gao.gov/products/GAO-13-11]. Washington, D.C.: October 25, 2012. Supply Chain Security: CBP Needs to Conduct Regular Assessments of Its Cargo Targeting System. [hyperlink, http://www.gao.gov/products/GAO-13-9]. Washington, D.C.: October 25, 2012. Maritime Security: Progress and Challenges 10 Years after the Maritime Transportation Security Act. [hyperlink, http://www.gao.gov/products/GAO-12-1009T]. Washington, D.C.: September 11, 2012. Combating Nuclear Smuggling: DHS has Developed Plans for Its Global Nuclear Detection Architecture, but Challenges Remain in Deploying Equipment. [hyperlink, http://www.gao.gov/products/GAO-12-941T]. Washington, D.C.: July 26, 2012. Maritime Security: Coast Guard Efforts to Address Port Recovery and Salvage Response. [hyperlink, http://www.gao.gov/products/GAO-12-494R]. Washington, D.C.: April 6, 2012. Maritime Security: Coast Guard Needs to Improve Use and Management of Interagency Operations Centers. [hyperlink, http://www.gao.gov/products/GAO-12-202]. Washington, D.C.: February 13, 2012. Coast Guard: Security Risk Model Meets DHS Criteria, but More Training Could Enhance Its Use for Managing Programs and Operations. [hyperlink, http://www.gao.gov/products/GAO-12-14]. Washington, D.C.: November 17, 2011. Maritime Security: Progress Made but Further Actions Needed to Secure the Maritime Energy Supply. [hyperlink, http://www.gao.gov/products/GAO-11-883T]. Washington, D.C.: August 24, 2011. Maritime Security: Federal Agencies Have Taken Actions to Address Risks Posed by Seafarers, but Efforts Can Be Strengthened. [hyperlink, http://www.gao.gov/products/GAO-11-195]. Washington, D.C.: January 14, 2011. Maritime Security: Ferry Security Measures Have Been Implemented, but Evaluating Existing Studies Could Further Enhance Security. [hyperlink, http://www.gao.gov/products/GAO-11-207]. Washington, D.C.: December 3, 2010. Maritime Security Responses to Questions for the Record. [hyperlink, http://www.gao.gov/products/GAO-11-140R]. Washington, D.C.: October 22, 2010. Maritime Security: DHS Progress and Challenges in Key Areas of Port Security. [hyperlink, http://www.gao.gov/products/GAO-10-940T]. Washington, D.C.: July 21, 2010. Combating Nuclear Smuggling: DHS Has Made Some Progress but Not Yet Completed a Strategic Plan for Its Global Nuclear Detection Efforts or Closed Identified Gaps. [hyperlink, http://www.gao.gov/products/GAO-10-883T]. Washington, D.C.: June 30, 2010. Maritime Security: Varied Actions Taken to Enhance Cruise Ship Security, but Some Concerns Remain. [hyperlink, http://www.gao.gov/products/GAO-10-400]. Washington, D.C.: April 9, 2010. Supply Chain Security: Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers. [hyperlink, http://www.gao.gov/products/GAO-10-12]. Washington, D.C.: October 30, 2009. Maritime Security: Vessel Tracking Systems Provide Key Information, but the Need for Duplicate Data Should Be Reviewed. [hyperlink, http://www.gao.gov/products/GAO-09-337]. Washington, D.C.: March 17, 2009. Supply Chain Security: CBP Works with International Entities to Promote Global Customs Security Standards and Initiatives, but Challenges Remain. [hyperlink, http://www.gao.gov/products/GAO-08-538]. Washington, D.C.: August 15, 2008. Maritime Security: National Strategy and Supporting Plans Were Generally Well-Developed and Are Being Implemented. [hyperlink, http://www.gao.gov/products/GAO-08-672]. Washington, D.C.: June 20, 2008. Supply Chain Security: Challenges to Scanning 100 Percent of U.S.- Bound Cargo Containers. [hyperlink, http://www.gao.gov/products/GAO-08-533T]. Washington, D.C.: June 12, 2008. Supply Chain Security: U.S. Customs and Border Protection Has Enhanced Its Partnership with Import Trade Sectors, but Challenges Remain in Verifying Security Practices. [hyperlink, http://www.gao.gov/products/GAO-08-240. Washington, D.C.: April 25, 2008. Maritime Security: Coast Guard Inspections Identify and Correct Facility Deficiencies, but More Analysis Needed of Program's Staffing, Practices, and Data. [hyperlink, http://www.gao.gov/products/GAO-08-12]. Washington, D.C.: February 14, 2008. Supply Chain Security: Examinations of High-Risk Cargo at Foreign Seaports Have Increased, but Improved Data Collection and Performance Measures Are Needed. [hyperlink, http://www.gao.gov/products/GAO-08-187]. Washington, D.C.: January 25, 2008. Maritime Security: Federal Efforts Needed to Address Challenges in Preventing and Responding to Terrorist Attacks on Energy Commodity Tankers. [hyperlink, http://www.gao.gov/products/GAO-08-141]. Washington, D.C.: December 10, 2007. Maritime Security: The SAFE Port Act: Status and Implementation One Year Later. [hyperlink, http://www.gao.gov/products/GAO-08-126T]. Washington, D.C.: October 30, 2007. Combating Nuclear Smuggling: Additional Actions Needed to Ensure Adequate Testing of Next Generation Radiation Detection Equipment. [hyperlink, http://www.gao.gov/products/GAO-07-1247T]. Washington, D.C.: September 18, 2007. Information on Port Security in the Caribbean Basin. [hyperlink, http://www.gao.gov/products/GAO-07-804R]. Washington, D.C.: June 29, 2007. Port Risk Management: Additional Federal Guidance Would Aid Ports in Disaster Planning and Recovery. [hyperlink, http://www.gao.gov/products/GAO-07-412]. Washington, D.C.: March 28, 2007. Maritime Security: Public Safety Consequences of a Terrorist Attack on a Tanker Carrying Liquefied Natural Gas Need Clarification. [hyperlink, http://www.gao.gov/products/GAO-07-316]. Washington, D.C.: February 22, 2007. [End of section] Footnotes: [1] This number is based on Coast Guard statistics compiled in 2011 and 2012 from its national recreational boating survey. "Small vessels" are characterized as any watercraft--regardless of method of propulsion--less than 300 gross tons, and used for recreational or commercial purposes. Small vessels include commercial fishing vessels, recreational boats and yachts, towing vessels, uninspected passenger vessels, and any other small commercial vessels involved in foreign or U.S. voyages. [2] U.S. Coast Guard, The U.S. Coast Guard Strategy for Maritime Safety, Security, and Stewardship (Washington, D.C.: Jan. 19, 2007). [3] Department of Homeland Security, Small Vessel Security Strategy (Washington, D.C.: April 2008). [4] Department of Homeland Security, Small Vessel Security Strategy (Washington, D.C.: April 2008), and Small Vessel Security Implementation Plan Report to the Public (Washington, D.C.: January 2011). DHS also issued a sensitive security information version of the SVSS Implementation Plan. [5] Other federal stakeholders include the Departments of Justice and Defense and the Bureau of Alcohol, Tobacco, Firearms and Explosives. [6] Homeland Security Institute, Report of the DHS National Small Vessel Security Summit (Arlington, Virginia: Oct. 19, 2007). The Homeland Security Institute prepared this report for DHS. [7] See Pub. L. No. 107-295, 116 Stat. 2064. [8] GAO, Standards for Internal Control in the Federal Government, [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: Nov. 1, 1999). [9] GAO, Results-Oriented Cultures: Implementation Steps to Assist Mergers and Organizational Transformations, [hyperlink, http://www.gao.gov/products/GAO-03-669] (Washington, D.C.: July 2, 2003). We convened a forum in September 2002 to identify and discuss useful practices and lessons learned from major private and public sector organizational mergers, acquisitions, and transformations. The participants--who were a cross section of leaders who have experience managing large-scale organizational mergers, acquisitions, and transformations; academics; and others who have studied these efforts-- identified key practices that have been found at the center of successful mergers, acquisitions, and transformations. These criteria remain relevant today, and are applicable to the tracking of the SVSS Implementation Plan because of their emphasis on tracking implementation goals. [10] GAO, Managing for Results: Strengthening Regulatory Agencies' Performance Management Practices, [hyperlink, http://www.gao.gov/products/GAO/GGD-00-10] (Washington, D.C.: Oct. 28, 1999). We gathered information from 23 federal and state organizations that we or other sources identified as using or planning to use a variety of useful practices to enhance specific aspects of their performance management and measurement processes. As we concluded in 1999, we continue to believe these procedures are readily transferable to governmental agencies seeking to improve their implementation of performance-based management, as they are consistent practices identified in our previous work. We have applied these practices in other reports assessing federal efforts; see, for example, GAO, Aviation Weather: FAA and the National Weather Service Are Considering Plans to Consolidate Weather Service Offices, but Face Significant Challenges, [hyperlink, http://www.gao.gov/products/GAO-09-761] (Washington, D.C.: Sept. 9, 2009). [11] Although other DHS components or federal agencies may be listed as lead or colead for some of the action items in the SVSS Implementation Plan, DHS officials we met with stated that these four components were the key ones involved in the development or implementation of the plan. Further, these DHS components, along with DHS, are listed as the lead or colead for the majority of the action items in the SVSS Implementation Plan. These entities are specifically listed as the lead or colead for 119 of the 132 action items. [12] Initiatives may help to address multiple SVSS goals and action items in the SVSS Implementation Plan, rather than one specific action item. Further, specific action items in the plan could be addressed through several initiatives implemented by multiple DHS components. [13] GAO, Maritime Security: Ferry Security Measures Have Been Implemented, but Existing Studies Could Further Enhance Security, [hyperlink, http://www.gao.gov/products/GAO-11-207] (Washington, D.C.: Dec. 3, 2010); Maritime Security: Varied Actions Taken to Enhance Cruise Ship Security, but Some Concerns Remain, [hyperlink, http://www.gao.gov/products/GAO-10-400] (Washington, D.C.: Apr. 9, 2010); and Maritime Security: Federal Efforts Needed to Address Challenges in Preventing and Responding to Terrorist Attacks on Energy Commodity Tankers, [hyperlink, http://www.gao.gov/products/GAO-08-141] (Washington, D.C.: Dec. 10, 2007). [14] International Atomic Energy Agency, Nuclear Security Achievements 2002-2012 (Vienna, Austria: May 2013). [15] From testimony delivered by Vice Admiral Thad Allen, Chief of Staff, United States Coast Guard, during a hearing on the Coast Guard's role in border and maritime security, before the Committee on Appropriations, Subcommittee on Homeland Security, U.S. Senate (Apr. 6, 2006). [16] Department of Homeland Security, Small Vessel Security Strategy. [17] GAO, Nuclear Detection: Domestic Nuclear Detection Office Should Improve Planning to Better Address Gaps and Vulnerabilities, [hyperlink, http://www.gao.gov/products/GAO-09-257] (Washington, D.C.: Jan. 29, 2009). [18] See Pub. L. No. 107-295, 116 Stat. 2064. [19] 33 C.F.R. § 160.201-.215. [20] 33 C.F.R. § 164.46. According to Coast Guard officials, most large commercial vessels fall under this provision. [21] For example, vessels 300 gross tons or less are generally exempt from the notice of arrival and transponder requirements. 33 C.F.R §§ 164.46(a)(2)(iv).160.203(b)(1). [22] States require certain small vessels to be registered, and according to Coast Guard officials, 33 states have voluntarily entered into memorandums of agreement with the Coast Guard to share their registry data through the Vessel Identification System. However, there is no federal repository for registration or ownership information that encompasses all 50 states. [23] 19 C.F.R. § 4.2. This requirement is generally applicable to any vessel arriving from a foreign port or place, any foreign vessel arriving from a port or place within the United States, or any U.S. vessel carrying foreign merchandise for which entry has not been made. A foreign port or place includes a hovering vessel or any point in customs waters beyond the territorial sea or on the high seas at which the vessel has received merchandise. [24] The International Maritime Organization is a specialized agency of the United Nations that is responsible for developing an international regulatory framework addressing, among other things, maritime safety and security. [25] For more information on vessel tracking systems, see GAO, Maritime Security: Vessel Tracking Systems Provide Key Information, but the Need for Duplicate Data Should Be Reviewed, [hyperlink, http://www.gao.gov/products/GAO-09-337] (Washington, D.C.: Mar. 17, 2009). [26] The objectives of the 2007 summit--which brought together approximately 260 stakeholder and federal observers--were to (1) educate small vessel stakeholders on security risks in the U.S. maritime domain; (2) provide a national forum for small vessel stakeholders to present and discuss their ideas on the development of security measures to mitigate gaps in small vessel management and control in the maritime domain; (3) provide a national forum for state and local government officials, as well as private members of the small vessel population, to discuss transportation concerns regarding security threats and present their ideas toward addressing those threats; and (4) record all issues and concerns from the small vessel stakeholders, and complete an after-action report for public, industry, and government to support conclusions for national-level decisions involving the development of small vessel security measures to detect, deter, interdict, and defeat terrorist use of small vessels in the U.S. maritime domain. [27] The SVSS is to provide a framework to improve maritime security and safety through coordinating the efforts of federal, state, local, and tribal authorities, as well as with international partners, private industry, and recreational boaters. Further, the intent of the SVSS is to reduce potential security and safety risks posed by small vessels through operations that balance fundamental freedoms, adequate security, and continued economic stability. [28] Maritime domain awareness is the effective understanding of anything in the maritime environment that could affect the security, safety, economy, or environment of the United States. [29] According to DHS, the SVSS Implementation Plan (1) serves as a road map for stakeholders to work together and focus on achieving the goals and objectives set forth in the SVSS, (2) lays out ongoing and contemplated action items, and (3) is a living document. [30] Implementation of the action items in the SVSS Implementation Plan is based on two time frames for accomplishing its strategic goals. The plan defines short-term action items as those that are intended to be evaluated or implemented within 5 years of plan approval. The plan defines long-term action items as those that are most likely to require more than 5 years to achieve because of resource, technological, and statutory challenges. [31] The SVSS Implementation Plan states that all action items, whether short-or long-term, are expected to be implemented through standard U.S. government appropriation processes, budgetary processes, and regulatory review procedures. [32] Officials we met with from four key DHS components involved in the implementation of the SVSS Implementation Plan--the Coast Guard, CBP, DNDO, and DHS S&T--stated that they are not conducting new initiatives or programs as a result of the SVSS Implementation Plan. For example, Coast Guard officials stated that implementing the action items in the SVSS Implementation Plan did not create separate, new programs addressing small vessel risks, but were preexisting programs or operations. [33] Given the general nature of the action items in the plan, we were not able to directly align action items in the plan to component initiatives. [34] Specifically, the Coast Guard and other government agencies jointly performed 254 small vessel security boardings, and other government agencies alone performed 535 small vessel security boardings. [35] According to Coast Guard officials, the decision to use floating security barriers is up to individual facilities or port authorities, and some ports have purchased these barriers with the use of federal grant funding. [36] [hyperlink, http://www.gao.gov/products/GAO/AIMD-00-21.3.1]. [37] See, for example, [hyperlink, http://www.gao.gov/products/GAO-03-669]. [38] [hyperlink, http://www.gao.gov/products/GAO/GGD-00-10]. [39] The term "operation" has been dropped for the expansion of Focused Lens, as that word generally denotes--especially among military and law enforcement agencies--an initiative that has a specific end date. Coast Guard District Eleven, headquartered in Alameda, California, encompasses the states of California, Arizona, Nevada, and Utah; the coastal and offshore waters out over 1,000 miles; and the offshore waters of Mexico and Central America down to South America. [40] Phase 1 activities can be conducted by the Coast Guard, the Coast Guard Auxiliary (a voluntary organization), or local law enforcement officials. Under the pilot initiative, District Eleven identified any location that could be used as a launch site. The expansion of Focused Lens is limited to identifying and assessing privately owned or public access marinas and boat launch ramps, per the guidance of local Coast Guard officials. [41] MSRAM is the Coast Guard's primary approach to assessing and managing security risks. MSRAM is designed to capture the security risks facing different types of targets, allowing comparison between different targets and geographic areas at the local, regional, and national levels. After District Eleven piloted Focused Lens, the Coast Guard modified MSRAM to accept launch site attributes, and MSRAM is capable of prioritizing launch sites based on security inadequacies, the proximity of those sites to and vulnerability of infrastructure, and the consequences of a successful attack. [42] The Coast Guard does not have a requirement to conduct operations in support of Focused Lens. Such operations are left to the Coast Guard officials responsible for determining which activities to undertake given the MSRAM analysis of launch sites. [43] The online enrollment application requires biographical information, address, e-mail address, citizenship documentation, and vessel registration data if a person is registering as a master of a vessel. [44] A float plan consists of biographical information of all persons traveling, vessel registration information, and itinerary information. [45] CBP requires that vessels must report their arrival if they (1) arrive or return from a foreign location, (2) are a foreign vessel arriving from a port or place within the United States, or (3) a U.S. vessel carrying foreign merchandise for which entry has not been made. 19 C.F.R. § 4.2. Small vessels' crew and passengers seeking U.S. entry must physically report to a designated CBP location for a face-to-face inspection unless they are enrolled in an alternative inspection program, like the SVRS, which allows reporting arrival by telephone or other means. See 8 C.F.R. § 235.1. [46] Specifically, eligibility was expanded to include all U.S. citizens, nationals, and lawful permanent residents; Canadian citizens and permanent residents of Canada who are nationals of a Visa Waiver Program country or who hold a U.S. visa, a valid passport, and a CBP Form I-94/Arrival-Departure Record; Canadian Border Boat Landing Program participants (CBP Form I-68 holders); and members of CBP trusted traveler programs. Trusted traveler programs provide expedited international travel clearance for preapproved, low-risk travelers. To qualify for one of these programs, applicants must voluntarily undergo a thorough background check and a personal interview with a CBP officer. [47] The program already in place--the Canadian Border Boat Landing Program--allows certain individuals entering the United States by small vessels to be inspected just once per year, and to enter the United States without inspection at other times. [48] To facilitate information sharing with port partners and in response to the Maritime Transportation Security Act of 2002, the Coast Guard has established 43 Area Maritime Security Committees covering the nation's 361 ports. Pub. L. No. 107-295, § 102(a), 116 Stat. 2064, 2081 (codified as amended at 46 U.S.C. § 70112). These committees are typically composed of members from federal, state, and local law enforcement agencies and other port stakeholders and are responsible for, among other things, identifying critical port infrastructure and operations, identifying risks, and providing advice to the Coast Guard on mitigation strategies. [49] Similar to other radiation detection programs, for the WCMP program, secondary screenings are often necessary--in this case onboard the small vessels--to identify the specific isotopes and whether the materials are for a legitimate use. For example, the materials could be legitimate if transported for medical purposes or from an authorized industrial source. [50] Pacific Northwest National Laboratory produced a study that examined the modeling of equipment and assets at the two pilot locations--San Diego and Puget Sound. [51] CSS is a joint effort by the Naval Research Laboratory, the Space and Naval Warfare Systems Center Pacific, the Air Marine Operations Center, and SRI International, in support of DHS S&T Borders and Maritime Security Division. [52] Owners of the data sources that feed into the CSS are to have the ability to provide access rights to other agencies. [53] The CSS is being piloted at CBP's Air and Marine Operations Center in Riverside, California; Coast Guard Sector Los Angeles-Long Beach; and DHS S&T's Maritime Security Technology Pilot in St. Petersburg, Florida. [54] Specifically, the Small Dark Vessel project focuses on technologies to detect the semi-and fully submersible threats, and the Port and Coastal Surveillance Improvement project focuses on technologies to detect the go-fast and panga threats. A panga is an open, outboard-powered fishing boat common throughout much of the developing world, including Central America and Mexico. [End of section] GAO’s Mission: The Government Accountability Office, the audit, evaluation, and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO’s commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO’s website [hyperlink, http://www.gao.gov]. Each weekday afternoon, GAO posts on its website newly released reports, testimony, and correspondence. To have GAO e-mail you a list of newly posted products, go to [hyperlink, http://www.gao.gov] and select “E-mail Updates.” Order by Phone: The price of each GAO publication reflects GAO’s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO’s website, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. Connect with GAO: Connect with GAO on facebook, flickr, twitter, and YouTube. Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts. Visit GAO on the web at [hyperlink, http://www.gao.gov]. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; E-mail: fraudnet@gao.gov; Automated answering system: (800) 424-5454 or (202) 512-7470. Congressional Relations: Katherine Siggerud, Managing Director, siggerudk@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, DC 20548. Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, DC 20548. [End of document]