This is the accessible text file for GAO report number GAO-08-1024T entitled 'Aviation Security: Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation Security Programs, but More Work Remains' which was released on July 24, 2008. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Testimony before the Subcommittee on Aviation, Committee on Transportation and Infrastructure, House of Representatives: United States Government Accountability Office: GAO: For Release on Delivery: Expected at 10:00 a.m. EDT: Thursday, July 24, 2008: Aviation Security: Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation Security Programs, but More Work Remains: Statement of Cathleen A. Berrick, Director: Homeland Security and Justice Issues: GAO-08-1024T: GAO Highlights: Highlights of GAO-08-1024T, a testimony before the Subcommittee on Aviation, Committee on Transportation and Infrastructure, House of Representatives. Why GAO Did This Study: Since its inception in November 2001, the Transportation Security Administration (TSA) has focused much of its efforts on aviation security, and has developed and implemented a variety of programs and procedures to secure the commercial aviation system. TSA funding for aviation security has totaled about $26 billion since fiscal year 2004. This testimony focuses on TSA's efforts to secure the commercial aviation system through passenger screening, strengthening air cargo security, and watch-list matching programs, as well as challenges that remain. It also addresses crosscutting issues that have impeded TSA’s efforts in strengthening security. This testimony is based on GAO reports and testimonies issued from February 2004 through July 2008 including selected updates obtained from TSA officials in June and July 2008. What GAO Found: DHS and TSA have undertaken numerous initiatives to strengthen the security of the nation’s commercial aviation system, including actions to address many recommendations made by GAO. TSA has focused its efforts on, among other things, more efficiently allocating, deploying, and managing the Transportation Security Officer (TSO) workforce—formerly known as screeners; strengthening screening procedures; developing and deploying more effective and efficient screening technologies; strengthening domestic air cargo security; and developing a government operated watch-list matching program, known as Secure Flight. For example, in response to GAO’s recommendation, TSA developed a plan to periodically review assumptions in its Staffing Allocation Model used to determine TSO staffing levels at airports, and took steps to strengthen its evaluation of proposed procedural changes. TSA also explored new passenger checkpoint screening technologies to better detect explosives and other threats, and has taken steps to strengthen air cargo security, including increasing compliance inspections of air carriers. Finally, TSA has instilled more discipline and rigor into Secure Flight’s systems development, including preparing key documentation and strengthening privacy protections. While these efforts should be commended, GAO has identified several areas that should be addressed to further strengthen security. For example, TSA made limited progress in developing and deploying checkpoint technologies due to planning and management challenges. In addition, TSA faces resource and other challenges in developing a system to screen 100 percent of cargo transported on passenger aircraft in accordance with the Implementing Recommendations of the 9/11 Commission Act of 2007. GAO further identified that TSA faced program management challenges in the development and implementation of Secure Flight, including developing cost and schedule estimates consistent with best practices; fully implementing the program’s risk management plan; developing a comprehensive testing strategy; and ensuring that information security requirements are fully implemented. A variety of crosscutting issues have affected DHS’s and TSA’s efforts in implementing its mission and management functions. For example, TSA can more fully adopt and apply a risk-management approach in implementing its security mission and core management functions, and strengthen coordination activities with key stakeholders. For example, while TSA incorporated risk-based decision making when modifying checkpoint screening procedures, GAO reported that TSA’s analyses that supported screening procedural changes could be further strengthened. DHS and TSA have strengthened their efforts in these areas, but more work remains. What GAO Recommends: GAO has made recommendations to the Department of Homeland Security (DHS) in prior reports and testimony to strengthen screening operations, air cargo security, and the implementation of the Secure Flight program. DHS generally concurred with our recommendations and has taken action to implement a number of them. To view the full product, including the scope and methodology, click on [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-1024T]. For more information, contact Cathleen Berrick at (202) 512-3404 or berrickc@gao.gov. [End of section] Mr. Chairman and Members of the Subcommittee: I appreciate the opportunity to participate in today's hearing to discuss the security of our nation's commercial aviation system. The Transportation Security Administration (TSA) was established in November 2001 with the mission to protect the transportation network while also ensuring the free movement of people and commerce. Since its inception, TSA has focused much of its efforts on aviation security, and has developed and implemented a variety of programs and procedures to secure commercial aviation. To implement these efforts, TSA funding for aviation security has totaled about $26 billion since fiscal year 2004. In carrying out its broader homeland security responsibilities, the Department of Homeland Security (DHS) faces the daunting challenge of determining how to allocate its finite resources within the transportation system and across all sectors to address threats and strengthen security. My testimony today focuses on TSA's efforts to ensure the security of the following key areas of commercial aviation, which represent about $4.5 billion of the President's budget request for TSA for fiscal year 2009: 1) screening operations, including transportation security officer (TSO) and private screener allocations, screening procedures, and checkpoint screening technologies; 2) air cargo; and 3) passenger watch-list matching. In particular, I will address the numerous efforts TSA has taken or plans to take to strengthen security in these areas and the challenges that remain, as well as crosscutting issues that have impeded TSA's efforts. My comments are based on GAO reports and testimonies issued from February 2004 through July 2008 addressing the security of the nation's commercial aviation system. We also obtained selected updates to this work from TSA officials in June and July 2008. We conducted these performance audits in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Summary: DHS and TSA have undertaken numerous initiatives to strengthen the security of the nation's commercial aviation system and more effectively guide program investments, including taking steps to address many of our prior recommendations. Specifically, DHS and TSA have, among other things, developed and implemented a Staffing Allocation Model to determine staffing levels for Transportation Security Officers (TSO), formerly known as screeners, at airports that reflect current operating conditions, and provided TSOs with additional training intended to enhance the detection of threat objects. TSA also proposed and implemented modifications to passenger checkpoint screening procedures based on risk (threat and vulnerability) information, while considering efficiency and customer service needs. TSA also explored new passenger checkpoint screening technologies to enhance the detection of explosives and other threats, and took steps to strengthen air cargo security, including conducting vulnerability assessments at several domestic airports and inspections of air carriers to ensure that they are complying with existing security requirements. Finally, TSA has instilled more discipline and rigor into Secure Flight's development and implementation, including preparing key systems development documentation and strengthening privacy protections. While these efforts should be commended, we have reported on several areas in which TSA could do more to strengthen security. For example, we reported that some assumptions used in TSA's Staffing Allocation Model did not accurately reflect airport operating conditions and recommended that TSA establish a plan for reviewing these assumptions on a periodic basis. TSA agreed with this recommendation and subsequently developed a plan that the agency will use to review and validate model assumptions. We also reported that TSA could improve its process for evaluating the effectiveness of proposed changes to passenger screening procedures before implementing them nationwide, and that limited progress has been made in developing and deploying checkpoint technologies due to planning and management challenges. With respect to air cargo, we reported that TSA may face resource and other challenges in developing a system to screen 100 percent of cargo transported on passenger aircraft in accordance with the Implementing Recommendations of the 9/11 Commission Act of 2007. Moreover, while TSA has made considerable progress in the development and implementation of Secure Flight, it has not fully addressed program management issues related to developing cost and schedule estimates consistent with best practices and developing a comprehensive testing strategy, among other things. We made a number of recommendations to strengthen TSA's efforts in these areas, to which TSA agreed. A variety of crosscutting issues have affected DHS's and TSA's efforts in implementing its mission and management functions. For example, TSA has not always implemented effective strategic planning efforts, fully developed performance measures, or put into place structures to help ensure that it is managing for results. In addition, TSA can more fully adopt and apply a risk-management approach in implementing its security mission and core management functions, and more fully coordinate its activities with key stakeholders.[Footnote 1] For example, while TSA incorporated risk-based decision making when modifying checkpoint screening procedures, we reported that TSA's analyses that supported screening procedural changes could be strengthened. We also reported that opportunities exist for TSA to work with foreign governments and industry to identify best practices for securing air cargo, and recommended that TSA systematically compile and analyze information on practices used abroad to identify those that may strengthen the department's overall security efforts. TSA has strengthened its efforts in these areas, but more work remains. Background: The Aviation and Transportation Security Act (ATSA), enacted in November 2001, created TSA and gave it responsibility for securing all modes of transportation.[Footnote 2] As part of this responsibility, TSA oversees security operations at the nation's more than 400 commercial airports, including establishing requirements for passenger and checked baggage screening and ensuring the security of air cargo transported to, from, and within the United States. TSA has operational responsibility for conducting passenger and checked baggage screening at most airports, and has regulatory, or oversight, responsibility, for air carriers who conduct air cargo screening. While TSA took over responsibility for passenger checkpoint and baggage screening, air carriers have continued to conduct passenger watch-list matching in accordance with TSA requirements, which includes the process of matching passenger information against the No Fly List and Selectee lists before flights depart.[Footnote 3] TSA is currently developing a program, known as Secure Flight, to take over this responsibility from air carriers for passengers on domestic flights, and plans to assume from the U.S. Customs and Border Protection (CBP) this pre-departure name-matching function for passengers on international flights traveling to or from the United States. Prior to ATSA, passenger and checked baggage screening had been performed by private screening companies under contract to airlines. ATSA established TSA and required it to create a federal workforce to assume the job of conducting passenger and checked baggage screening at commercial airports. The federal screener workforce was put into place, as required, by November 2002.[Footnote 4] Passenger screening systems are composed of three elements: the people (TSOs) responsible for conducting the screening of airline passengers and their carry-on items, the technology used during the screening process, and the procedures TSOs are to follow to conduct screening. Collectively, these elements help to determine the effectiveness and efficiency of passenger screening operations. TSA's responsibilities for securing air cargo include, among other things, establishing security rules and regulations governing domestic and foreign passenger air carriers that transport cargo, domestic and foreign all-cargo carriers that transport cargo, and domestic freight forwarders.[Footnote 5] TSA is also responsible for overseeing the implementation of air cargo security requirements by air carriers and freight forwarders through compliance inspections, and, in coordination with DHS's Science and Technology (S&T) Directorate, for conducting research and development of air cargo security technologies. Air carriers (passenger and all-cargo) are responsible for implementing TSA security requirements, predominantly through TSA-approved security programs that describe the security policies, procedures, and systems the air carrier will implement and maintain to comply with TSA security requirements. Air carriers must also abide by security requirements issued by TSA through security directives or emergency amendments to air carrier security programs. Air carriers use several methods and technologies to screen domestic and inbound air cargo. These include manual physical searches and comparisons between airway bills and cargo contents to ensure that the contents of the cargo shipment matches the cargo identified in documents filed by the shipper, as well as using approved technology, such as X-ray systems, explosives trace detection systems, decompression chambers, explosive detection systems, and certified explosive detection canine teams.[Footnote 6] Under TSA's security requirements for domestic, outbound and inbound air cargo, passenger air carriers are currently required to randomly screen a specific percentage of nonexempt air cargo pieces listed on each airway bill. [Footnote 7] TSA's air cargo security requirements currently allow passenger air carriers to exempt certain types of cargo from physical screening. For such cargo, TSA has authorized the use of TSA-approved alternative methods for screening, which can consist of verifying shipper information and conducting a visual inspection of the cargo shipment. TSA requires all-cargo carriers to screen 100 percent of air cargo that exceeds a specific weight threshold. As of October 2006, domestic freight forwarders are also required, under certain conditions, to screen a certain percentage of air cargo prior to its consolidation. TSA, however, does not regulate foreign freight forwarders, or individuals or businesses that have their cargo shipped by air to the United States. Under the Implementing Recommendations of the 9/11 Commission Act of 2007, DHS is required to implement a system to screen 50 percent of air cargo transported on passenger aircraft by February 2009, and 100 percent of such cargo by August 2010.[Footnote 8] The prescreening of airline passengers who may pose a security risk before they board an aircraft is one of many layers of security intended to strengthen commercial aviation. To further enhance commercial aviation security and in accordance with the Intelligence Reform and Terrorism Prevention Act of 2004, TSA is developing the Secure Flight program to assume from air carriers the function of matching passenger information against government-supplied terrorist watch-lists for domestic flights.[Footnote 9] TSA expects to assume from air carriers the watch-list matching for domestic flights beginning in January 2009 and to assume this watch-list matching function from CBP for flights departing from and to the United States by fiscal year 2010. TSA Has Made Significant Enhancements to Its Passenger Screening Operations, but Can Further Strengthen Its Efforts: TSA has taken steps to strengthen the three key elements of the screening system--people (TSOs and private screeners), screening procedures, and technology--but has faced management, planning and funding challenges. For example, TSA has implemented several efforts intended to strengthen the allocation of its TSO workforce. We reported in February 2004 that staffing shortages and TSA's hiring process had hindered the ability of some Federal Security Directors (FSD)--the ranking TSA authorities responsible for leading and coordinating security activities at airports--to provide sufficient resources to staff screening checkpoints and oversee screening operations at their checkpoints without using additional measures such as overtime. [Footnote 10] Since that time, TSA has developed a Staffing Allocation Model to determine TSO staffing levels at airports. FSDs we interviewed during 2006 as part of our review of TSA's staffing model generally reported that the model is a more accurate predictor of staffing needs than TSA's prior staffing model. However, FSDs expressed concerns about assumptions used in the fiscal year 2006 model related to the use of part-time TSOs, TSO training requirements, and TSOs' operational support duties. To help ensure that TSOs are effectively utilized, we recommended that TSA establish a policy for when TSOs can be used to provide operational support. Consistent with our recommendation, in March 2007, TSA issued a management directive that provides guidance on assigning TSOs, through detail or permanent promotion, to duties of another position for a specified period of time. We also recommended that TSA establish a formal, documented plan for reviewing all of the model assumptions on a periodic basis to ensure that the assumptions result in TSO staffing allocations that accurately reflect operating conditions that may change over time. TSA agreed with our recommendation and, in December 2007, developed a Staffing Allocation Model Rates and Assumptions Validation Plan. The plan identifies the process TSA plans to use to review and validate the model's assumptions on a periodic basis. Although we did not independently review TSA's staffing allocation for fiscal year 2008, TSA's fiscal year 2009 budget justification identified that the agency has achieved operational and efficiency gains that enabled them to implement or expand several workforce initiatives involving TSOs. For example, TSA implemented the travel document checker program at over 259 of the approximately 450 airports nationwide during fiscal year 2007. This program is intended to ensure that only passengers with authentic travel documents access the sterile areas of airports and board aircraft. TSA also deployed 643 behavior detection officers to 42 airports during fiscal year 2007. These officers screen passengers by observation techniques to identify potentially high-risk passengers based on involuntary physical and physiological reactions. In addition to TSA's efforts to strengthen the allocation of its TSO workforce, TSA has taken steps to strengthen passenger checkpoint screening procedures to enhance the detection of prohibited items. However, we have identified areas where TSA could improve its evaluation and documentation of proposed procedures. In April 2007, we reported that TSA officials considered modifications to its standard operating procedures (SOP) based on risk information (threat and vulnerability information), daily experiences of staff working at airports, and complaints and concerns raised by the traveling public. [Footnote 11] We further reported that for more significant SOP modifications, TSA first tested the proposed modifications at selected airports to help determine whether the changes would achieve their intended purpose, as well as to assess its impact on screening operations. However, we reported that TSA's data collection and analyses could be improved to help TSA determine whether proposed procedures that are operationally tested would achieve their intended purpose. We also found that TSA's documentation on proposed modifications to screening procedures was not complete. We recommended that TSA develop sound evaluation methods, when possible, to assess whether proposed screening changes would achieve their intended purpose and generate and maintain documentation on proposed screening changes that are deemed significant. DHS generally agreed with our recommendations and TSA has taken some steps to implement them. For example, for several proposed SOP changes considered during the fall of 2007, TSA provided documentation that identified the sources of the proposed changes and the reasons why the agency decided to accept or reject the proposed changes. With respect to technologies, we reported in February 2007 that S&T and TSA were exploring new passenger checkpoint screening technologies to enhance the detection of explosives and other threats.[Footnote 12] Of the various emerging checkpoint screening projects funded by TSA and S&T, the explosive trace portal, the bottled liquids scanning device, and Advanced Technology Systems have been deployed to airport checkpoints. A number of additional projects have initiated procurements or are being researched and developed. For example, TSA has procured 34 scanners for screening passenger casts and prosthetic devices to be deployed in July 2008. In addition, TSA has procured 20 checkpoint explosive detection systems and plans to deploy these in August 2008. Further, TSA plans to finish its testing of whole body imagers during fiscal year 2009 and begin deploying 150 of these units by fiscal year 2010. Despite TSA's efforts to develop passenger checkpoint screening technologies, we reported that limited progress has been made in fielding explosives detection technology at airport checkpoints in part due to challenges S&T and TSA faced in coordinating research and development efforts. For example, we reported that TSA had anticipated that the explosives trace portals would be in operation throughout the country during fiscal year 2007. However, due to performance and maintenance issues, TSA halted the acquisition and deployment of the portals in June 2006. As a result, TSA has fielded less than 25 percent of the 434 portals it projected it would deploy by fiscal year 2007. In addition to the portals, TSA has fallen behind in its projected acquisition of other emerging screening technologies. For example, we reported that the acquisition of 91 whole body imagers was previously delayed in part because TSA needed to develop a means to protect the privacy of passengers screened by this technology. While TSA and DHS have taken steps to coordinate the research, development and deployment of checkpoint technologies, we reported in February 2007 that challenges remained. For example, TSA and S&T officials stated that they encountered difficulties in coordinating research and development efforts due to reorganizations within TSA and S&T. Since our February 2007 testimony, according to TSA and S&T, coordination between them has improved. We also reported that TSA did not have a strategic plan to guide its efforts to acquire and deploy screening technologies, and that a lack of a strategic plan or approach could limit TSA's ability to deploy emerging technologies at those airport locations deemed at highest risk. TSA officials stated that they plan to submit the strategic plan for checkpoint technologies mandated by Division E of the Consolidated Appropriations Act, 2008, during the summer of 2008. We will continue to evaluate S&T's and TSA's efforts to research, develop and deploy checkpoint screening technologies as part of our ongoing review. TSA Has Taken Action to Strengthen Air Cargo Security, but May Face Challenges in Developing a System to Screen All Cargo Transported on Passenger Aircraft: TSA has taken steps to enhance domestic and inbound air cargo security, but more work remains to strengthen this area of aviation security. For example, TSA has issued an Air Cargo Strategic Plan that focused on securing the domestic air cargo supply chain. However, in April 2007, we reported that this plan did not include goals and objectives for addressing the security of inbound air cargo, or cargo transported into the United States from a foreign location, which presents different security challenges than cargo transported domestically.[Footnote 13] We also reported that TSA had not conducted vulnerability assessments to identify the range of security weaknesses that could be exploited by terrorists related to air cargo operations. We further reported that TSA had established requirements for air carriers to randomly screen air cargo, but had exempted some domestic and inbound cargo from screening. With respect to inbound air cargo, we reported that TSA lacked an inspection plan with performance goals and measures for its inspection efforts, and recommended that TSA develop such a plan. TSA is also taking steps to compile and analyze information on air cargo security practices used abroad to identify those that may strengthen DHS's overall air cargo security program, as we recommended. According to TSA officials, the agency's proposed Certified Cargo Screening Program (CCSP) is based on their review of foreign countries' models for screening air cargo. TSA officials believe this program will assist the agency in meeting the requirement to screen 100 percent of cargo transported on passenger aircraft by August 2010, as mandated by the Implementing Recommendations of the 9/11 Commission Act of 2007. Through TSA's proposed CCSP, the agency plans on allowing the screening of air cargo to take place at various points throughout the air cargo supply chain. Under the CCSP, Certified Cargo Screening Facilities (CCSF), such as shippers, manufacturing facilities and freight forwarders that meet security requirements established by TSA, will volunteer to screen cargo prior to its loading onto an aircraft. Due to the voluntary nature of this program, participation of the air cargo industry is critical to the successful implementation of the CCSP. According to TSA officials, air carriers will ultimately be responsible for screening 100 percent of cargo transported on passenger aircraft should air cargo industry entities not volunteer to become a CCSF. In July 2008, however, we reported that TSA may face challenges as it proceeds with its plans to implement a system to screen 100 percent of cargo transported on passenger aircraft by August 2010.[Footnote 14] Specifically, we reported that DHS has not yet completed its assessments of the technologies TSA plans to approve for use as part of the CCSP for screening and securing cargo. We also reported that although TSA has taken steps to eliminate the majority of exempted domestic and outbound cargo that it has not required to be screened, the agency currently plans to continue to exempt some types of domestic and outbound cargo from screening after August 2010.[Footnote 15] Moreover, we found that TSA has begun analyzing the results of air cargo compliance inspections and has hired additional compliance inspectors dedicated to air cargo. However, according to agency officials, TSA will need additional air cargo inspectors to oversee the efforts of the potentially thousands of entities that may participate in the CCSP once it is fully implemented. Finally, we reported that more work remains for TSA to strengthen the security of inbound cargo. Specifically, the agency has not yet finalized its strategy for securing inbound cargo or determined how, if at all, inbound cargo will be screened as part of its proposed CCSP. DHS Has Made Progress in Developing and Implementing the Secure Flight Program, but Challenges Remain That May Hinder the Program Moving Forward: Over the past several years, TSA has faced a number of challenges in developing and implementing an advanced prescreening system, known as Secure Flight, which will allow TSA to assume responsibility from air carriers for comparing domestic passenger information against the No Fly and Selectee lists. We reported in February 2008 that TSA had made substantial progress in instilling more discipline and rigor in developing and implementing Secure Flight, but that challenges remain that may hinder the program's progress moving forward. For example, TSA had taken numerous steps to address previous GAO recommendations related to strengthening Secure Flight's development and implementation, as well as additional steps designed to strengthen the program. Among other things, TSA developed a detailed, conceptual description of how the system is to operate, commonly referred to as a concept of operations; established a cost and schedule baseline; developed security requirements; developed test plans; conducted outreach with key stakeholders; published a notice of proposed rulemaking on how Secure Flight is to operate; worked with CBP to integrate the domestic watch list matching function with the international watch list matching function currently operated by CBP; and issued a guide to key stakeholders (e.g., air carriers and CBP) that defines, among other things, system data requirements. Collectively, these efforts have enabled TSA to more effectively manage the program's development and implementation. However, challenges remain that may hinder the program's progress moving forward. In February 2008, we reported that TSA had not (1) developed program cost and schedule estimates consistent with best practices; (2) fully implemented its risk management plan; (3) planned for system end-to-end testing in test plans; and (4) ensured that information-security requirements are fully implemented. To address these challenges, we made several recommendations to DHS and TSA to incorporate best practices in Secure Flight's cost and schedule estimates and to fully implement the program's risk-management, testing, and information-security requirements. DHS and TSA officials generally agreed with these recommendations. We will continue to evaluate TSA's efforts to develop and implement Secure Flight as part of our ongoing review. Crosscutting Issues Have Hindered DHS's and TSA's Efforts in Implementing Its Mission and Management Functions: Our work has identified homeland security challenges that cut across DHS's and TSA's mission and core management functions. These issues have impeded the department's and TSA's progress since its inception and will continue to confront the department as it moves forward. For example, DHS and TSA have not always implemented effective strategic planning efforts and have not yet fully developed performance measures or put into place structures to help ensure that they are managing for results. For example, with regard to TSA's efforts to secure air cargo, we reported in October 2005 and April 2007 that TSA completed an Air Cargo Strategic Plan that outlined a threat-based risk-management approach to securing the nation's domestic air cargo system. However, TSA had not developed a similar strategy for addressing the security of inbound air cargo, including how best to partner with CBP and international air cargo stakeholders. In addition, although DHS and TSA have made risk-based decision making a cornerstone of departmental and agency policy, TSA could strengthen its application of risk management in implementing its mission functions. For example, TSA incorporated risk-based decision making when making modifications to airport checkpoint screening procedures, to include modifying procedures based on intelligence information and vulnerabilities identified through covert testing at airport checkpoints. However, in April 2007, we reported that TSA's analyses that supported screening procedural changes could be strengthened. For example, TSA officials based their decision to revise the prohibited items list to allow passengers to carry small scissors and tools onto aircraft based on their review of threat information--which indicated that these items do not pose a high risk to the aviation system--so that TSOs could concentrate on higher threat items.[Footnote 16] However, TSA officials did not conduct the analysis necessary to help them determine whether this screening change would affect TSO's ability to focus on higher-risk threats.[Footnote 17] We also reported that, although improvements are being made, homeland security roles and responsibilities within and between the levels of government, and with the private sector, are evolving and need to be clarified. For example, we reported that opportunities exist for TSA to work with foreign governments and industry to identify best practices for securing air cargo, and recommended that TSA systematically compile and analyze information on practices used abroad to identify those that may strengthen the department's overall security efforts.[Footnote 18] TSA has subsequently reviewed the models used in two foreign countries that rely on government-certified screeners to screen air cargo to facilitate the design of the agency's proposed CCSP. Regarding efforts to respond to in-flight security threats, which, depending on the nature of the threat, could involve more than 15 federal agencies and agency components, in July 2007, we recommended that DHS and other departments document and share their respective coordination and communication strategies and response procedures, to which DHS agreed. [Footnote 19] Mr. Chairman this concludes my statement. I would be pleased to answer any questions that you or other members of the committee may have at this time. Contacts and Acknowledgements: For further information on this testimony, please contact Cathleen A. Berrick at (202) 512-3404 or berrickc@gao.gov. Contact points for our Offices of Congressional Relations and Public Affairs may be found on the last page of this statement. In addition to the contact named above, Chris Currie; Joe Dewechter; Vanessa DeVeau; Thomas Lombardi; Steve Morris, Assistant Director; Meg Ullengren; and Margaret Vo made contributions to this testimony. [End of section] Footnotes: [1] A risk management approach entails a continuous process of managing risk through a series of actions, including setting strategic goals and objectives, assessing risk, evaluating alternatives, selecting initiatives to undertake, and implementing and monitoring those initiatives. [2] See Pub. L. No. 107-71, 115 Stat. 597 (2001). [3] Passengers identified as being on the No Fly List must be denied boarding passes and must not be permitted to fly unless cleared in accordance with TSA security requirements. Passengers on the Selectee List are to be issued boarding passes, but they and their baggage are to undergo additional security measures. [4] In addition to establishing a federal screening workforce and in accordance with ATSA, TSA established a pilot program at five airports where private screening companies under contract to TSA performed screening activities. See 49 U.S.C. § 44919. In 2004, consistent with ATSA, TSA established a program to allow airports to apply to opt-out of federal screening and to use private screeners under contract with TSA. See 49 U.S.C. § 44920. Ten airports and 1 heliport currently have screening operations conducted by private screening contractors under TSA's Screening Partnership Program. [5] A freight forwarder consolidates cargo from many shippers and takes it to air carriers for transport. [6] Explosives Trace Detection requires human operators to collect samples of items to be screened with swabs, which are chemically analyzed to identify any traces of explosive material. Decompression chambers simulate the pressures acting on an aircraft by simulating flight conditions, which cause explosives that are attached to barometric fuses to detonate. An explosive detection system uses computer-aided tomography X-rays to examine objects inside baggage and identify the characteristic signatures of threat explosives. Certified explosives detection canine teams have been evaluated by TSA and shown to effectively detect explosive devices. [7] Cargo transported by air within the United States is referred to as domestic air cargo and cargo that is transported into the United States from abroad by either U.S. or foreign-operated air carriers is referred to as inbound air cargo. [8] See Pub. L. No. 110-53, § 1602(a), 121 Stat. 266, 477-479 (2007) (codified at 49 U.S.C. § 44901(g)). [9] See Pub. L. No. 108-458, § 4012(a), 118 Stat. 3638, 3714-18 (2004) (codified at 49 U.S.C. § 44903(j)(2)(C)). [10] GAO, Aviation Security: Challenges Exist in Stabilizing and Enhancing Passenger and Baggage Screening Operations, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-04-440T] (Washington, D.C.: Feb. 12, 2004). [11] GAO, Aviation Security: Risk, Experience, and Customer Concerns Drive Changes to Airline Passenger Screening Procedures, but Evaluation and Documentation of Proposed Changes Could Be Improved, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-634] (Washington, D.C.: April 16, 2007). [12] GAO, Aviation Security: Progress Made in Systematic Planning to Guide Key Investment Decisions, but More Work Remains, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-448T] (Washington, D.C.: February 13, 2007). [13] GAO, Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and Could Be Strengthened, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-660] (Washington, D.C.: April 2007). [14] GAO, Aviation Security: Transportation Security Administration May Face Resource and other Challenges in Developing a System to Screen All Cargo Transported on Passenger Aircraft, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-08-959T (Washington, D.C.: July 2008). The Implementing Recommendations of the 9/11 Commission Act of 2007 defines "screening" for purposes of satisfying the 100 percent screening mandate. See 49 U.S.C. § 44901(g)(5). [15] Cargo transported by air from the United States to a foreign location is referred to as outbound air cargo. [16] [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-634]. [17] [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-634]. [18] See [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-660]. [19] GAO, Aviation Security: Federal Coordination for Responding to In- flight Security Threats Has Matured, but Procedures Can Be Strengthened, [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07- 891R] (Washington, D.C.: July 31, 2007). [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. Government Accountability Office: 441 G Street NW, Room LM: Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: