This is the accessible text file for GAO report number GAO-08-1024T 
entitled 'Aviation Security: Transportation Security Administration Has 
Strengthened Planning to Guide Investments in Key Aviation Security 
Programs, but More Work Remains' which was released on July 24, 2008.

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony before the Subcommittee on Aviation, Committee on 
Transportation and Infrastructure, House of Representatives: 

United States Government Accountability Office: 
GAO: 

For Release on Delivery: 
Expected at 10:00 a.m. EDT:
Thursday, July 24, 2008: 

Aviation Security: 

Transportation Security Administration Has Strengthened Planning to 
Guide Investments in Key Aviation Security Programs, but More Work 
Remains: 

Statement of Cathleen A. Berrick, Director: Homeland Security and 
Justice Issues: 

GAO-08-1024T: 

GAO Highlights: 

Highlights of GAO-08-1024T, a testimony before the Subcommittee on 
Aviation, Committee on Transportation and Infrastructure, House of 
Representatives. 

Why GAO Did This Study: 

Since its inception in November 2001, the Transportation Security 
Administration (TSA) has focused much of its efforts on aviation 
security, and has developed and implemented a variety of programs and 
procedures to secure the commercial aviation system. TSA funding for 
aviation security has totaled about $26 billion since fiscal year 2004. 
This testimony focuses on TSA's efforts to secure the commercial 
aviation system through passenger screening, strengthening air cargo 
security, and watch-list matching programs, as well as challenges that 
remain. It also addresses crosscutting issues that have impeded TSA’s 
efforts in strengthening security. This testimony is based on GAO 
reports and testimonies issued from February 2004 through July 2008 
including selected updates obtained from TSA officials in June and July 
2008. 

What GAO Found: 

DHS and TSA have undertaken numerous initiatives to strengthen the 
security of the nation’s commercial aviation system, including actions 
to address many recommendations made by GAO. TSA has focused its 
efforts on, among other things, more efficiently allocating, deploying, 
and managing the Transportation Security Officer (TSO) 
workforce—formerly known as screeners; strengthening screening 
procedures; developing and deploying more effective and efficient 
screening technologies; strengthening domestic air cargo security; and 
developing a government operated watch-list matching program, known as 
Secure Flight. For example, in response to GAO’s recommendation, TSA 
developed a plan to periodically review assumptions in its Staffing 
Allocation Model used to determine TSO staffing levels at airports, and 
took steps to strengthen its evaluation of proposed procedural changes. 
TSA also explored new passenger checkpoint screening technologies to 
better detect explosives and other threats, and has taken steps to 
strengthen air cargo security, including increasing compliance 
inspections of air carriers. Finally, TSA has instilled more discipline 
and rigor into Secure Flight’s systems development, including preparing 
key documentation and strengthening privacy protections. 

While these efforts should be commended, GAO has identified several 
areas that should be addressed to further strengthen security. For 
example, TSA made limited progress in developing and deploying 
checkpoint technologies due to planning and management challenges. In 
addition, TSA faces resource and other challenges in developing a 
system to screen 100 percent of cargo transported on passenger aircraft 
in accordance with the Implementing Recommendations of the 9/11 
Commission Act of 2007. GAO further identified that TSA faced program 
management challenges in the development and implementation of Secure 
Flight, including developing cost and schedule estimates consistent 
with best practices; fully implementing the program’s risk management 
plan; developing a comprehensive testing strategy; and ensuring that 
information security requirements are fully implemented. 

A variety of crosscutting issues have affected DHS’s and TSA’s efforts 
in implementing its mission and management functions. For example, TSA 
can more fully adopt and apply a risk-management approach in 
implementing its security mission and core management functions, and 
strengthen coordination activities with key stakeholders. For example, 
while TSA incorporated risk-based decision making when modifying 
checkpoint screening procedures, GAO reported that TSA’s analyses that 
supported screening procedural changes could be further strengthened. 
DHS and TSA have strengthened their efforts in these areas, but more 
work remains. 

What GAO Recommends: 

GAO has made recommendations to the Department of Homeland Security 
(DHS) in prior reports and testimony to strengthen screening 
operations, air cargo security, and the implementation of the Secure 
Flight program. DHS generally concurred with our recommendations and 
has taken action to implement a number of them. 

To view the full product, including the scope and methodology, click on 
[hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-1024T]. For more 
information, contact Cathleen Berrick at (202) 512-3404 or 
berrickc@gao.gov. 

[End of section] 

Mr. Chairman and Members of the Subcommittee: 

I appreciate the opportunity to participate in today's hearing to 
discuss the security of our nation's commercial aviation system. The 
Transportation Security Administration (TSA) was established in 
November 2001 with the mission to protect the transportation network 
while also ensuring the free movement of people and commerce. Since its 
inception, TSA has focused much of its efforts on aviation security, 
and has developed and implemented a variety of programs and procedures 
to secure commercial aviation. To implement these efforts, TSA funding 
for aviation security has totaled about $26 billion since fiscal year 
2004. In carrying out its broader homeland security responsibilities, 
the Department of Homeland Security (DHS) faces the daunting challenge 
of determining how to allocate its finite resources within the 
transportation system and across all sectors to address threats and 
strengthen security. 

My testimony today focuses on TSA's efforts to ensure the security of 
the following key areas of commercial aviation, which represent about 
$4.5 billion of the President's budget request for TSA for fiscal year 
2009: 1) screening operations, including transportation security 
officer (TSO) and private screener allocations, screening procedures, 
and checkpoint screening technologies; 2) air cargo; and 3) passenger 
watch-list matching. In particular, I will address the numerous efforts 
TSA has taken or plans to take to strengthen security in these areas 
and the challenges that remain, as well as crosscutting issues that 
have impeded TSA's efforts. 

My comments are based on GAO reports and testimonies issued from 
February 2004 through July 2008 addressing the security of the nation's 
commercial aviation system. We also obtained selected updates to this 
work from TSA officials in June and July 2008. We conducted these 
performance audits in accordance with generally accepted government 
auditing standards. Those standards require that we plan and perform 
the audit to obtain sufficient, appropriate evidence to provide a 
reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a reasonable 
basis for our findings and conclusions based on our audit objectives. 

Summary: 

DHS and TSA have undertaken numerous initiatives to strengthen the 
security of the nation's commercial aviation system and more 
effectively guide program investments, including taking steps to 
address many of our prior recommendations. Specifically, DHS and TSA 
have, among other things, developed and implemented a Staffing 
Allocation Model to determine staffing levels for Transportation 
Security Officers (TSO), formerly known as screeners, at airports that 
reflect current operating conditions, and provided TSOs with additional 
training intended to enhance the detection of threat objects. TSA also 
proposed and implemented modifications to passenger checkpoint 
screening procedures based on risk (threat and vulnerability) 
information, while considering efficiency and customer service needs. 
TSA also explored new passenger checkpoint screening technologies to 
enhance the detection of explosives and other threats, and took steps 
to strengthen air cargo security, including conducting vulnerability 
assessments at several domestic airports and inspections of air 
carriers to ensure that they are complying with existing security 
requirements. Finally, TSA has instilled more discipline and rigor into 
Secure Flight's development and implementation, including preparing key 
systems development documentation and strengthening privacy 
protections. 

While these efforts should be commended, we have reported on several 
areas in which TSA could do more to strengthen security. For example, 
we reported that some assumptions used in TSA's Staffing Allocation 
Model did not accurately reflect airport operating conditions and 
recommended that TSA establish a plan for reviewing these assumptions 
on a periodic basis. TSA agreed with this recommendation and 
subsequently developed a plan that the agency will use to review and 
validate model assumptions. We also reported that TSA could improve its 
process for evaluating the effectiveness of proposed changes to 
passenger screening procedures before implementing them nationwide, and 
that limited progress has been made in developing and deploying 
checkpoint technologies due to planning and management challenges. With 
respect to air cargo, we reported that TSA may face resource and other 
challenges in developing a system to screen 100 percent of cargo 
transported on passenger aircraft in accordance with the Implementing 
Recommendations of the 9/11 Commission Act of 2007. Moreover, while TSA 
has made considerable progress in the development and implementation of 
Secure Flight, it has not fully addressed program management issues 
related to developing cost and schedule estimates consistent with best 
practices and developing a comprehensive testing strategy, among other 
things. We made a number of recommendations to strengthen TSA's efforts 
in these areas, to which TSA agreed. 

A variety of crosscutting issues have affected DHS's and TSA's efforts 
in implementing its mission and management functions. For example, TSA 
has not always implemented effective strategic planning efforts, fully 
developed performance measures, or put into place structures to help 
ensure that it is managing for results. In addition, TSA can more fully 
adopt and apply a risk-management approach in implementing its security 
mission and core management functions, and more fully coordinate its 
activities with key stakeholders.[Footnote 1] For example, while TSA 
incorporated risk-based decision making when modifying checkpoint 
screening procedures, we reported that TSA's analyses that supported 
screening procedural changes could be strengthened. We also reported 
that opportunities exist for TSA to work with foreign governments and 
industry to identify best practices for securing air cargo, and 
recommended that TSA systematically compile and analyze information on 
practices used abroad to identify those that may strengthen the 
department's overall security efforts. TSA has strengthened its efforts 
in these areas, but more work remains. 

Background: 

The Aviation and Transportation Security Act (ATSA), enacted in 
November 2001, created TSA and gave it responsibility for securing all 
modes of transportation.[Footnote 2] As part of this responsibility, 
TSA oversees security operations at the nation's more than 400 
commercial airports, including establishing requirements for passenger 
and checked baggage screening and ensuring the security of air cargo 
transported to, from, and within the United States. TSA has operational 
responsibility for conducting passenger and checked baggage screening 
at most airports, and has regulatory, or oversight, responsibility, for 
air carriers who conduct air cargo screening. While TSA took over 
responsibility for passenger checkpoint and baggage screening, air 
carriers have continued to conduct passenger watch-list matching in 
accordance with TSA requirements, which includes the process of 
matching passenger information against the No Fly List and Selectee 
lists before flights depart.[Footnote 3] TSA is currently developing a 
program, known as Secure Flight, to take over this responsibility from 
air carriers for passengers on domestic flights, and plans to assume 
from the U.S. Customs and Border Protection (CBP) this pre-departure 
name-matching function for passengers on international flights 
traveling to or from the United States. 

Prior to ATSA, passenger and checked baggage screening had been 
performed by private screening companies under contract to airlines. 
ATSA established TSA and required it to create a federal workforce to 
assume the job of conducting passenger and checked baggage screening at 
commercial airports. The federal screener workforce was put into place, 
as required, by November 2002.[Footnote 4] Passenger screening systems 
are composed of three elements: the people (TSOs) responsible for 
conducting the screening of airline passengers and their carry-on 
items, the technology used during the screening process, and the 
procedures TSOs are to follow to conduct screening. Collectively, these 
elements help to determine the effectiveness and efficiency of 
passenger screening operations. 

TSA's responsibilities for securing air cargo include, among other 
things, establishing security rules and regulations governing domestic 
and foreign passenger air carriers that transport cargo, domestic and 
foreign all-cargo carriers that transport cargo, and domestic freight 
forwarders.[Footnote 5] TSA is also responsible for overseeing the 
implementation of air cargo security requirements by air carriers and 
freight forwarders through compliance inspections, and, in coordination 
with DHS's Science and Technology (S&T) Directorate, for conducting 
research and development of air cargo security technologies. Air 
carriers (passenger and all-cargo) are responsible for implementing TSA 
security requirements, predominantly through TSA-approved security 
programs that describe the security policies, procedures, and systems 
the air carrier will implement and maintain to comply with TSA security 
requirements. Air carriers must also abide by security requirements 
issued by TSA through security directives or emergency amendments to 
air carrier security programs. 

Air carriers use several methods and technologies to screen domestic 
and inbound air cargo. These include manual physical searches and 
comparisons between airway bills and cargo contents to ensure that the 
contents of the cargo shipment matches the cargo identified in 
documents filed by the shipper, as well as using approved technology, 
such as X-ray systems, explosives trace detection systems, 
decompression chambers, explosive detection systems, and certified 
explosive detection canine teams.[Footnote 6] Under TSA's security 
requirements for domestic, outbound and inbound air cargo, passenger 
air carriers are currently required to randomly screen a specific 
percentage of nonexempt air cargo pieces listed on each airway bill. 
[Footnote 7] TSA's air cargo security requirements currently allow 
passenger air carriers to exempt certain types of cargo from physical 
screening. For such cargo, TSA has authorized the use of TSA-approved 
alternative methods for screening, which can consist of verifying 
shipper information and conducting a visual inspection of the cargo 
shipment. TSA requires all-cargo carriers to screen 100 percent of air 
cargo that exceeds a specific weight threshold. As of October 2006, 
domestic freight forwarders are also required, under certain 
conditions, to screen a certain percentage of air cargo prior to its 
consolidation. TSA, however, does not regulate foreign freight 
forwarders, or individuals or businesses that have their cargo shipped 
by air to the United States. Under the Implementing Recommendations of 
the 9/11 Commission Act of 2007, DHS is required to implement a system 
to screen 50 percent of air cargo transported on passenger aircraft by 
February 2009, and 100 percent of such cargo by August 2010.[Footnote 
8] 

The prescreening of airline passengers who may pose a security risk 
before they board an aircraft is one of many layers of security 
intended to strengthen commercial aviation. To further enhance 
commercial aviation security and in accordance with the Intelligence 
Reform and Terrorism Prevention Act of 2004, TSA is developing the 
Secure Flight program to assume from air carriers the function of 
matching passenger information against government-supplied terrorist 
watch-lists for domestic flights.[Footnote 9] TSA expects to assume 
from air carriers the watch-list matching for domestic flights 
beginning in January 2009 and to assume this watch-list matching 
function from CBP for flights departing from and to the United States 
by fiscal year 2010. 

TSA Has Made Significant Enhancements to Its Passenger Screening 
Operations, but Can Further Strengthen Its Efforts: 

TSA has taken steps to strengthen the three key elements of the 
screening system--people (TSOs and private screeners), screening 
procedures, and technology--but has faced management, planning and 
funding challenges. For example, TSA has implemented several efforts 
intended to strengthen the allocation of its TSO workforce. We reported 
in February 2004 that staffing shortages and TSA's hiring process had 
hindered the ability of some Federal Security Directors (FSD)--the 
ranking TSA authorities responsible for leading and coordinating 
security activities at airports--to provide sufficient resources to 
staff screening checkpoints and oversee screening operations at their 
checkpoints without using additional measures such as overtime. 
[Footnote 10] Since that time, TSA has developed a Staffing Allocation 
Model to determine TSO staffing levels at airports. FSDs we interviewed 
during 2006 as part of our review of TSA's staffing model generally 
reported that the model is a more accurate predictor of staffing needs 
than TSA's prior staffing model. However, FSDs expressed concerns about 
assumptions used in the fiscal year 2006 model related to the use of 
part-time TSOs, TSO training requirements, and TSOs' operational 
support duties. To help ensure that TSOs are effectively utilized, we 
recommended that TSA establish a policy for when TSOs can be used to 
provide operational support. Consistent with our recommendation, in 
March 2007, TSA issued a management directive that provides guidance on 
assigning TSOs, through detail or permanent promotion, to duties of 
another position for a specified period of time. We also recommended 
that TSA establish a formal, documented plan for reviewing all of the 
model assumptions on a periodic basis to ensure that the assumptions 
result in TSO staffing allocations that accurately reflect operating 
conditions that may change over time. TSA agreed with our 
recommendation and, in December 2007, developed a Staffing Allocation 
Model Rates and Assumptions Validation Plan. The plan identifies the 
process TSA plans to use to review and validate the model's assumptions 
on a periodic basis. 

Although we did not independently review TSA's staffing allocation for 
fiscal year 2008, TSA's fiscal year 2009 budget justification 
identified that the agency has achieved operational and efficiency 
gains that enabled them to implement or expand several workforce 
initiatives involving TSOs. For example, TSA implemented the travel 
document checker program at over 259 of the approximately 450 airports 
nationwide during fiscal year 2007. This program is intended to ensure 
that only passengers with authentic travel documents access the sterile 
areas of airports and board aircraft. TSA also deployed 643 behavior 
detection officers to 42 airports during fiscal year 2007. These 
officers screen passengers by observation techniques to identify 
potentially high-risk passengers based on involuntary physical and 
physiological reactions. 

In addition to TSA's efforts to strengthen the allocation of its TSO 
workforce, TSA has taken steps to strengthen passenger checkpoint 
screening procedures to enhance the detection of prohibited items. 
However, we have identified areas where TSA could improve its 
evaluation and documentation of proposed procedures. In April 2007, we 
reported that TSA officials considered modifications to its standard 
operating procedures (SOP) based on risk information (threat and 
vulnerability information), daily experiences of staff working at 
airports, and complaints and concerns raised by the traveling public. 
[Footnote 11] We further reported that for more significant SOP 
modifications, TSA first tested the proposed modifications at selected 
airports to help determine whether the changes would achieve their 
intended purpose, as well as to assess its impact on screening 
operations. However, we reported that TSA's data collection and 
analyses could be improved to help TSA determine whether proposed 
procedures that are operationally tested would achieve their intended 
purpose. We also found that TSA's documentation on proposed 
modifications to screening procedures was not complete. We recommended 
that TSA develop sound evaluation methods, when possible, to assess 
whether proposed screening changes would achieve their intended purpose 
and generate and maintain documentation on proposed screening changes 
that are deemed significant. DHS generally agreed with our 
recommendations and TSA has taken some steps to implement them. For 
example, for several proposed SOP changes considered during the fall of 
2007, TSA provided documentation that identified the sources of the 
proposed changes and the reasons why the agency decided to accept or 
reject the proposed changes. 

With respect to technologies, we reported in February 2007 that S&T and 
TSA were exploring new passenger checkpoint screening technologies to 
enhance the detection of explosives and other threats.[Footnote 12] Of 
the various emerging checkpoint screening projects funded by TSA and 
S&T, the explosive trace portal, the bottled liquids scanning device, 
and Advanced Technology Systems have been deployed to airport 
checkpoints. A number of additional projects have initiated 
procurements or are being researched and developed. For example, TSA 
has procured 34 scanners for screening passenger casts and prosthetic 
devices to be deployed in July 2008. In addition, TSA has procured 20 
checkpoint explosive detection systems and plans to deploy these in 
August 2008. Further, TSA plans to finish its testing of whole body 
imagers during fiscal year 2009 and begin deploying 150 of these units 
by fiscal year 2010. 

Despite TSA's efforts to develop passenger checkpoint screening 
technologies, we reported that limited progress has been made in 
fielding explosives detection technology at airport checkpoints in part 
due to challenges S&T and TSA faced in coordinating research and 
development efforts. For example, we reported that TSA had anticipated 
that the explosives trace portals would be in operation throughout the 
country during fiscal year 2007. However, due to performance and 
maintenance issues, TSA halted the acquisition and deployment of the 
portals in June 2006. As a result, TSA has fielded less than 25 percent 
of the 434 portals it projected it would deploy by fiscal year 2007. In 
addition to the portals, TSA has fallen behind in its projected 
acquisition of other emerging screening technologies. For example, we 
reported that the acquisition of 91 whole body imagers was previously 
delayed in part because TSA needed to develop a means to protect the 
privacy of passengers screened by this technology. 

While TSA and DHS have taken steps to coordinate the research, 
development and deployment of checkpoint technologies, we reported in 
February 2007 that challenges remained. For example, TSA and S&T 
officials stated that they encountered difficulties in coordinating 
research and development efforts due to reorganizations within TSA and 
S&T. Since our February 2007 testimony, according to TSA and S&T, 
coordination between them has improved. We also reported that TSA did 
not have a strategic plan to guide its efforts to acquire and deploy 
screening technologies, and that a lack of a strategic plan or approach 
could limit TSA's ability to deploy emerging technologies at those 
airport locations deemed at highest risk. TSA officials stated that 
they plan to submit the strategic plan for checkpoint technologies 
mandated by Division E of the Consolidated Appropriations Act, 2008, 
during the summer of 2008. We will continue to evaluate S&T's and TSA's 
efforts to research, develop and deploy checkpoint screening 
technologies as part of our ongoing review. 

TSA Has Taken Action to Strengthen Air Cargo Security, but May Face 
Challenges in Developing a System to Screen All Cargo Transported on 
Passenger Aircraft: 

TSA has taken steps to enhance domestic and inbound air cargo security, 
but more work remains to strengthen this area of aviation security. For 
example, TSA has issued an Air Cargo Strategic Plan that focused on 
securing the domestic air cargo supply chain. However, in April 2007, 
we reported that this plan did not include goals and objectives for 
addressing the security of inbound air cargo, or cargo transported into 
the United States from a foreign location, which presents different 
security challenges than cargo transported domestically.[Footnote 13] 
We also reported that TSA had not conducted vulnerability assessments 
to identify the range of security weaknesses that could be exploited by 
terrorists related to air cargo operations. We further reported that 
TSA had established requirements for air carriers to randomly screen 
air cargo, but had exempted some domestic and inbound cargo from 
screening. With respect to inbound air cargo, we reported that TSA 
lacked an inspection plan with performance goals and measures for its 
inspection efforts, and recommended that TSA develop such a plan. TSA 
is also taking steps to compile and analyze information on air cargo 
security practices used abroad to identify those that may strengthen 
DHS's overall air cargo security program, as we recommended. According 
to TSA officials, the agency's proposed Certified Cargo Screening 
Program (CCSP) is based on their review of foreign countries' models 
for screening air cargo. TSA officials believe this program will assist 
the agency in meeting the requirement to screen 100 percent of cargo 
transported on passenger aircraft by August 2010, as mandated by the 
Implementing Recommendations of the 9/11 Commission Act of 2007. 

Through TSA's proposed CCSP, the agency plans on allowing the screening 
of air cargo to take place at various points throughout the air cargo 
supply chain. Under the CCSP, Certified Cargo Screening Facilities 
(CCSF), such as shippers, manufacturing facilities and freight 
forwarders that meet security requirements established by TSA, will 
volunteer to screen cargo prior to its loading onto an aircraft. Due to 
the voluntary nature of this program, participation of the air cargo 
industry is critical to the successful implementation of the CCSP. 
According to TSA officials, air carriers will ultimately be responsible 
for screening 100 percent of cargo transported on passenger aircraft 
should air cargo industry entities not volunteer to become a CCSF. In 
July 2008, however, we reported that TSA may face challenges as it 
proceeds with its plans to implement a system to screen 100 percent of 
cargo transported on passenger aircraft by August 2010.[Footnote 14] 
Specifically, we reported that DHS has not yet completed its 
assessments of the technologies TSA plans to approve for use as part of 
the CCSP for screening and securing cargo. We also reported that 
although TSA has taken steps to eliminate the majority of exempted 
domestic and outbound cargo that it has not required to be screened, 
the agency currently plans to continue to exempt some types of domestic 
and outbound cargo from screening after August 2010.[Footnote 15] 
Moreover, we found that TSA has begun analyzing the results of air 
cargo compliance inspections and has hired additional compliance 
inspectors dedicated to air cargo. However, according to agency 
officials, TSA will need additional air cargo inspectors to oversee the 
efforts of the potentially thousands of entities that may participate 
in the CCSP once it is fully implemented. Finally, we reported that 
more work remains for TSA to strengthen the security of inbound cargo. 
Specifically, the agency has not yet finalized its strategy for 
securing inbound cargo or determined how, if at all, inbound cargo will 
be screened as part of its proposed CCSP. 

DHS Has Made Progress in Developing and Implementing the Secure Flight 
Program, but Challenges Remain That May Hinder the Program Moving 
Forward: 

Over the past several years, TSA has faced a number of challenges in 
developing and implementing an advanced prescreening system, known as 
Secure Flight, which will allow TSA to assume responsibility from air 
carriers for comparing domestic passenger information against the No 
Fly and Selectee lists. We reported in February 2008 that TSA had made 
substantial progress in instilling more discipline and rigor in 
developing and implementing Secure Flight, but that challenges remain 
that may hinder the program's progress moving forward. For example, TSA 
had taken numerous steps to address previous GAO recommendations 
related to strengthening Secure Flight's development and 
implementation, as well as additional steps designed to strengthen the 
program. Among other things, TSA developed a detailed, conceptual 
description of how the system is to operate, commonly referred to as a 
concept of operations; established a cost and schedule baseline; 
developed security requirements; developed test plans; conducted 
outreach with key stakeholders; published a notice of proposed 
rulemaking on how Secure Flight is to operate; worked with CBP to 
integrate the domestic watch list matching function with the 
international watch list matching function currently operated by CBP; 
and issued a guide to key stakeholders (e.g., air carriers and CBP) 
that defines, among other things, system data requirements. 
Collectively, these efforts have enabled TSA to more effectively manage 
the program's development and implementation. 

However, challenges remain that may hinder the program's progress 
moving forward. In February 2008, we reported that TSA had not (1) 
developed program cost and schedule estimates consistent with best 
practices; (2) fully implemented its risk management plan; (3) planned 
for system end-to-end testing in test plans; and (4) ensured that 
information-security requirements are fully implemented. To address 
these challenges, we made several recommendations to DHS and TSA to 
incorporate best practices in Secure Flight's cost and schedule 
estimates and to fully implement the program's risk-management, 
testing, and information-security requirements. DHS and TSA officials 
generally agreed with these recommendations. We will continue to 
evaluate TSA's efforts to develop and implement Secure Flight as part 
of our ongoing review. 

Crosscutting Issues Have Hindered DHS's and TSA's Efforts in 
Implementing Its Mission and Management Functions: 

Our work has identified homeland security challenges that cut across 
DHS's and TSA's mission and core management functions. These issues 
have impeded the department's and TSA's progress since its inception 
and will continue to confront the department as it moves forward. For 
example, DHS and TSA have not always implemented effective strategic 
planning efforts and have not yet fully developed performance measures 
or put into place structures to help ensure that they are managing for 
results. For example, with regard to TSA's efforts to secure air cargo, 
we reported in October 2005 and April 2007 that TSA completed an Air 
Cargo Strategic Plan that outlined a threat-based risk-management 
approach to securing the nation's domestic air cargo system. However, 
TSA had not developed a similar strategy for addressing the security of 
inbound air cargo, including how best to partner with CBP and 
international air cargo stakeholders. In addition, although DHS and TSA 
have made risk-based decision making a cornerstone of departmental and 
agency policy, TSA could strengthen its application of risk management 
in implementing its mission functions. For example, TSA incorporated 
risk-based decision making when making modifications to airport 
checkpoint screening procedures, to include modifying procedures based 
on intelligence information and vulnerabilities identified through 
covert testing at airport checkpoints. However, in April 2007, we 
reported that TSA's analyses that supported screening procedural 
changes could be strengthened. For example, TSA officials based their 
decision to revise the prohibited items list to allow passengers to 
carry small scissors and tools onto aircraft based on their review of 
threat information--which indicated that these items do not pose a high 
risk to the aviation system--so that TSOs could concentrate on higher 
threat items.[Footnote 16] However, TSA officials did not conduct the 
analysis necessary to help them determine whether this screening change 
would affect TSO's ability to focus on higher-risk threats.[Footnote 
17] 

We also reported that, although improvements are being made, homeland 
security roles and responsibilities within and between the levels of 
government, and with the private sector, are evolving and need to be 
clarified. For example, we reported that opportunities exist for TSA to 
work with foreign governments and industry to identify best practices 
for securing air cargo, and recommended that TSA systematically compile 
and analyze information on practices used abroad to identify those that 
may strengthen the department's overall security efforts.[Footnote 18] 
TSA has subsequently reviewed the models used in two foreign countries 
that rely on government-certified screeners to screen air cargo to 
facilitate the design of the agency's proposed CCSP. Regarding efforts 
to respond to in-flight security threats, which, depending on the 
nature of the threat, could involve more than 15 federal agencies and 
agency components, in July 2007, we recommended that DHS and other 
departments document and share their respective coordination and 
communication strategies and response procedures, to which DHS agreed. 
[Footnote 19] 

Mr. Chairman this concludes my statement. I would be pleased to answer 
any questions that you or other members of the committee may have at 
this time. 

Contacts and Acknowledgements: 

For further information on this testimony, please contact Cathleen A. 
Berrick at (202) 512-3404 or berrickc@gao.gov. Contact points for our 
Offices of Congressional Relations and Public Affairs may be found on 
the last page of this statement. 

In addition to the contact named above, Chris Currie; Joe Dewechter; 
Vanessa DeVeau; Thomas Lombardi; Steve Morris, Assistant Director; Meg 
Ullengren; and Margaret Vo made contributions to this testimony. 

[End of section] 

Footnotes: 

[1] A risk management approach entails a continuous process of managing 
risk through a series of actions, including setting strategic goals and 
objectives, assessing risk, evaluating alternatives, selecting 
initiatives to undertake, and implementing and monitoring those 
initiatives. 

[2] See Pub. L. No. 107-71, 115 Stat. 597 (2001). 

[3] Passengers identified as being on the No Fly List must be denied 
boarding passes and must not be permitted to fly unless cleared in 
accordance with TSA security requirements. Passengers on the Selectee 
List are to be issued boarding passes, but they and their baggage are 
to undergo additional security measures. 

[4] In addition to establishing a federal screening workforce and in 
accordance with ATSA, TSA established a pilot program at five airports 
where private screening companies under contract to TSA performed 
screening activities. See 49 U.S.C. § 44919. In 2004, consistent with 
ATSA, TSA established a program to allow airports to apply to opt-out 
of federal screening and to use private screeners under contract with 
TSA. See 49 U.S.C. § 44920. Ten airports and 1 heliport currently have 
screening operations conducted by private screening contractors under 
TSA's Screening Partnership Program. 

[5] A freight forwarder consolidates cargo from many shippers and takes 
it to air carriers for transport. 

[6] Explosives Trace Detection requires human operators to collect 
samples of items to be screened with swabs, which are chemically 
analyzed to identify any traces of explosive material. Decompression 
chambers simulate the pressures acting on an aircraft by simulating 
flight conditions, which cause explosives that are attached to 
barometric fuses to detonate. An explosive detection system uses 
computer-aided tomography X-rays to examine objects inside baggage and 
identify the characteristic signatures of threat explosives. Certified 
explosives detection canine teams have been evaluated by TSA and shown 
to effectively detect explosive devices. 

[7] Cargo transported by air within the United States is referred to as 
domestic air cargo and cargo that is transported into the United States 
from abroad by either U.S. or foreign-operated air carriers is referred 
to as inbound air cargo. 

[8] See Pub. L. No. 110-53, § 1602(a), 121 Stat. 266, 477-479 (2007) 
(codified at 49 U.S.C. § 44901(g)). 

[9] See Pub. L. No. 108-458, § 4012(a), 118 Stat. 3638, 3714-18 (2004) 
(codified at 49 U.S.C. § 44903(j)(2)(C)). 

[10] GAO, Aviation Security: Challenges Exist in Stabilizing and 
Enhancing Passenger and Baggage Screening Operations, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-04-440T] (Washington, D.C.: Feb. 
12, 2004). 

[11] GAO, Aviation Security: Risk, Experience, and Customer Concerns 
Drive Changes to Airline Passenger Screening Procedures, but Evaluation 
and Documentation of Proposed Changes Could Be Improved, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-07-634] (Washington, D.C.: April 
16, 2007). 

[12] GAO, Aviation Security: Progress Made in Systematic Planning to 
Guide Key Investment Decisions, but More Work Remains, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-07-448T] (Washington, D.C.: 
February 13, 2007). 

[13] GAO, Aviation Security: Federal Efforts to Secure U.S.-Bound Air 
Cargo Are in the Early Stages and Could Be Strengthened, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-07-660] (Washington, D.C.: April 
2007). 

[14] GAO, Aviation Security: Transportation Security Administration May 
Face Resource and other Challenges in Developing a System to Screen All 
Cargo Transported on Passenger Aircraft, [hyperlink, 
http://www.gao.gov/cgi-bin/getrpt?GAO-08-959T (Washington, D.C.: July 
2008). The Implementing Recommendations of the 9/11 Commission Act of 
2007 defines "screening" for purposes of satisfying the 100 percent 
screening mandate. See 49 U.S.C. § 44901(g)(5). 

[15] Cargo transported by air from the United States to a foreign 
location is referred to as outbound air cargo. 

[16] [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-634]. 

[17] [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-634]. 

[18] See [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-660]. 

[19] GAO, Aviation Security: Federal Coordination for Responding to In- 
flight Security Threats Has Matured, but Procedures Can Be 
Strengthened, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-
891R] (Washington, D.C.: July 31, 2007). 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office: 
441 G Street NW, Room LM: 
Washington, D.C. 20548: 

To order by Phone: 
Voice: (202) 512-6000: 
TDD: (202) 512-2537: 
Fax: (202) 512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: