This is the accessible text file for GAO report number GAO-07-660 
entitled 'Aviation Security: Federal Efforts to Secure U.S.-Bound Air 
Cargo in the Early Stages and Could Be Strengthened' which was released 
on May 4, 2007. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Report to Congressional Requesters: 

United States Government Accountability Office: 

GAO: 

April 2007: 

Aviation Security: 

Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages 
and Could Be Strengthened: 

GAO-07-660: 

GAO Highlights: 

Highlights of GAO-07-660, a report to congressional requesters 

Why GAO Did This Study: 

The Department of Homeland Security (DHS) has primary responsibility 
for securing air cargo transported into the United States from another 
country, referred to as inbound air cargo, and preventing implements of 
terrorism from entering the country. GAO examined (1) what actions DHS 
has taken to secure inbound air cargo, and how, if at all, these 
efforts could be strengthened; and (2) what practices the air cargo 
industry and foreign governments have adopted that could enhance DHS’s 
efforts to strengthen inbound air cargo security, and to what extent 
DHS has worked with foreign governments to enhance their air cargo 
security efforts. To conduct this study, GAO reviewed relevant DHS 
documents, interviewed DHS officials, and conducted site visits to 
seven countries in Europe and Asia. 

What GAO Found: 

Within DHS, the Transportation Security Administration (TSA) and U.S. 
Customs and Border Protection (CBP) have taken a number of actions 
designed to secure inbound air cargo, but these efforts are still 
largely in the early stages and could be strengthened. For instance, 
TSA completed a risk-based strategic plan to address domestic air cargo 
security, but has not developed a similar strategy for addressing 
inbound air cargo security, including how best to partner with CBP and 
international air cargo stakeholders. In addition, while TSA has 
identified the primary threats to inbound air cargo, it has not yet 
assessed inbound air cargo vulnerabilities and critical assets. 
Moreover, TSA’s air cargo security rule incorporated a number of 
provisions aimed at enhancing the security of inbound air cargo. This 
final rule also acknowledges that TSA amended its security directives 
and programs to triple the percentage of cargo inspected on domestic 
and foreign passenger aircraft. However, TSA continues to exempt 
certain types of inbound air cargo transported on passenger air 
carriers from inspection. Further, TSA inspects domestic and foreign 
passenger air carriers with service to the United States to assess 
whether they are complying with air cargo security requirements, but 
currently does not conduct compliance inspections of all air carriers 
transporting inbound air cargo. Moreover, TSA has not developed 
performance goals and measures to determine to what extent air carriers 
are complying with security requirements. In addition, CBP recently 
began targeting inbound air cargo transported on passenger and all-
cargo aircraft that may pose a security risk and inspecting such cargo 
once it arrives in the United States. TSA and CBP, however, do not have 
a systematic process in place to share information that could be used 
to strengthen the department’s efforts in securing inbound air cargo, 
such as the results of TSA air carrier compliance inspections and 
foreign airport assessments. 

The air cargo industry and foreign governments have implemented various 
security practices that could provide opportunities for strengthening 
DHS’s overall air cargo security program. TSA officials acknowledged 
that compiling and analyzing security practices implemented by foreign 
air cargo stakeholders and foreign governments may provide 
opportunities to enhance U.S. air cargo security, and have begun an 
initial review of practices in select foreign countries. TSA has also 
begun working with foreign governments to coordinate security practices 
to enhance security and improve oversight, referred to as 
harmonization, but these efforts may be challenging to implement. For 
example, some foreign countries do not share the United States’ view 
regarding air cargo security threats and risks, which may make the 
harmonization of air cargo security practices difficult to achieve. 

What GAO Recommends: 

GAO recommends that DHS develop a risk-based inbound air cargo security 
strategy; develop a systematic process to improve interagency 
communication; and analyze air cargo security practices used by air 
cargo industry stakeholders and foreign governments to determine their 
applicability to the United States. DHS generally concurred with GAO’s 
recommendations. However, we have concerns that DHS’s plans may not 
fully address our recommendations. 

[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-660]. 

To view the full product, including the scope and methodology, click on 
the link above.
For more information, contact Cathleen Berrick at (202) 512-3404 or 
berrickc@gao.gov. 

[End of section] 

Contents: 

Letter: 

Results in Brief: 

Background: 

DHS Has Taken Initial Steps to Secure Inbound Air Cargo, and 
Opportunities Exist to Strengthen These Efforts: 

Foreign Air Cargo Security Practices and International Harmonization 
Efforts Have Potential to Enhance Air Cargo Security, but May Be 
Challenging to Implement: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments and Our Evaluation: 

Appendix I: Objectives, Scope, and Methodology: 

Appendix II: TSA's Efforts to Assess Air Carrier Compliance with 
Inbound Air Cargo Security Requirements: 

Appendix III: TSA's Assessments of Foreign Airport Security Procedures: 

Appendix IV: Description of GAO's Risk Management Framework: 

Appendix V: DHS and TSA Air Cargo Security Technology Pilot Tests: 

Appendix VI: Actions Taken by Select Domestic Air Carriers with 
Operations Overseas and Foreign Air Cargo Industry Stakeholders to 
Secure Air Cargo: 

Appendix VII: Actions We Identified That Select Foreign Governments Are 
Taking to Secure Air Cargo: 

Appendix VIII: Comments from the Department of Homeland Security: 

Appendix IX: GAO Contact and Staff Acknowledgments: 

Table: 

Table 1: Elements of a Typical Homeland Security Risk Assessment: 

Figures: 

Figure 1: Flow of Air Cargo Transported to the United States: 

Figure 2: Type of X-ray Technology Used by Some Foreign Air Carriers to 
Inspect Air Cargo Bound for the United States: 

Figure 3: CBP Officers Using Nonintrusive Technology to Inspect Inbound 
Air Cargo: 

Figure 4: Inspections of Air Carrier Cargo Procedures Conducted from 
January 2004 to December 2005: 

Figure 5: Air Cargo Security Violations Found during Inbound Passenger 
Air Carrier Inspections at Foreign Airports for the Period July 2003 to 
February 2006: 

Figure 6: Risk Management Cycle: 

Abbreviations: 

ACISP: All-Cargo International Security Program: 
AOSSP: Aircraft Operator Standard Security Program: 
ATS: Automated Targeting System: 
ATSA: Aviation and Transportation Security Act: 
CBP: Customs and Border Protection: 
CBSA: Canadian Border Services Agency: 
C-TPAT: Customs-Trade Partnership Against Terrorism: 
DHS: Department of Homeland Security: 
EDS: explosive detection system: 
ETD: explosive trace detection: 
FACAOSSP: Full All-Cargo Aircraft Operator Standard Security Program: 
GPRA: Government Performance and Results Act: 
HSPD: Homeland Security Presidential Directive: 
IAC: indirect air carrier: 
IATA: International Air Transport Association: 
ICAO: International Civil Aviation Organization: 
MSP: Model Security Program: 
NIPP: National Infrastructure Protection Plan: 
PARIS: Performance and Results Information System:
PFNA: pulsed fast neutron analysis: 
RASCO: Remote Air Sampling for Canine Olfaction: 
RFID: radio frequency identification: 
S&T: Directorate of Science and Technology: 
SIDA: secure identification display area: 
TSA: Transportation Security Administration: 
TSIS: Transportation Security Intelligence Service: 
VACIS: vehicle and cargo inspection system: 
WCO: World Customs Organization: 
WMD: weapon of mass destruction: 

United States Government Accountability Office: 
Washington, DC 20548: 

April 30, 2007: 

Congressional Requesters: 

Recent instances of human stowaways hiding in cargo holds on 
international flights bound for the United States, and cargo smuggling 
and theft at foreign cargo facilities, have heightened concern over the 
security of air cargo by revealing vulnerabilities that could be 
exploited by terrorists. According to Department of Homeland Security 
(DHS) officials and air cargo industry stakeholders, terrorists could 
exploit such vulnerabilities to introduce an explosive device in cargo 
transported onboard a passenger aircraft, hijack an all-cargo aircraft 
and use it as a missile, or smuggle a weapon of mass destruction (WMD) 
in cargo transported on either type of aircraft.[Footnote 1] While DHS 
reports that it has no specific intelligence indicating terrorist plans 
to exploit air cargo vulnerabilities, DHS's National Strategy for 
Transportation Security identifies cargo aircraft operations and high- 
volume cargo facilities as aviation assets at significant risk of 
terrorist attack.[Footnote 2] 

In response to the terrorist attacks of September 11, 2001, the 
Aviation and Transportation Security Act was enacted in November 2001, 
which created the Transportation Security Administration (TSA) and 
required it to provide for the screening of all passengers and 
property, including cargo, U.S. mail, and carry-on and checked baggage 
that is transported onboard passenger aircraft.[Footnote 3] It also 
required that a system be put into place as soon as practicable to 
screen, inspect, or otherwise ensure the security of cargo transported 
on all-cargo aircraft.[Footnote 4] The act applies to air cargo 
transported into the United States from foreign countries onboard 
passenger and all-cargo aircraft, as well as cargo transported 
domestically and out of the United States to a foreign location on 
these aircraft. 

Within DHS, two agencies have responsibilities related to the security 
of air cargo bound for the United States from a foreign country, 
referred to as inbound air cargo.[Footnote 5] TSA has primary 
responsibility for securing U.S.-bound flights from destruction or 
hijacking, and as a result, is primarily concerned with preventing the 
illicit loading of explosives or stowaways onto aircraft prior to 
departure for the United States. TSA enforces statutory and regulatory 
requirements on passenger and all-cargo air carriers to secure air 
cargo bound for the United States. Both domestic air carriers and 
foreign air carriers with service to the United States are responsible 
for implementing security requirements, such as inspecting a portion of 
air cargo transported to the United States, in accordance with the 
applicable laws, TSA regulations, security directives, emergency 
amendments, and security programs. DHS's U.S. Customs and Border 
Protection (CBP) has primary responsibility for preventing terrorists 
and implements of terrorism from entering the United States. 
Specifically, CBP screens and inspects international air cargo upon its 
arrival in the United States to ensure that cargo entering the country 
complies with applicable laws and does not pose a security 
risk.[Footnote 6] CBP's efforts include analyzing information on cargo 
shipments to identify high-risk air cargo arriving in the United States 
that may contain terrorists or weapons of mass destruction, commonly 
known as targeting, and physically inspecting this cargo upon its 
arrival.[Footnote 7] According to DHS and industry estimates, only a 
small percentage of the air cargo that is bound for the United States 
from a foreign country is inspected by passenger and all-cargo air 
carriers prior to an aircraft's departure for the United States, and a 
very small percentage of international air cargo is inspected by CBP 
officers upon its arrival in the United States.[Footnote 8] Congress 
has allocated at least $255 million from fiscal years 2005 through 2007 
for the purpose of enhancing the security of air cargo, through such 
actions as the development and testing of new and existing inspection 
technologies. Further, several laws have required TSA to take 
additional steps to secure domestic, outbound, and inbound air cargo. 
For example, the Department of Homeland Security Appropriations Act of 
2005 required the Secretary to amend security directives and programs 
to, at a minimum, triple the percentage of cargo inspected on passenger 
aircraft.[Footnote 9] In addition, the Intelligence Reform and 
Terrorism Prevention Act of 2004 required, among other things, that TSA 
develop technology to better identify, track, and screen air cargo, and 
issue a final rule to enhance and improve the security of air cargo 
transported on both passenger and all-cargo aircraft.[Footnote 10] 

In October 2005, we reported on TSA's efforts to secure domestic air 
cargo, or cargo transported on passenger and all-cargo aircraft within 
the United States.[Footnote 11] We reported that while TSA had taken a 
number of actions intended to strengthen air cargo security, such as 
establishing a centralized database on people and businesses that 
routinely ship air cargo within the United States, and implementing 
requirements for the random inspection of air cargo, factors existed 
that potentially limited their effectiveness. For example, TSA exempted 
certain types of air cargo from inspection, potentially creating 
security weaknesses. We also reported that TSA's plans for enhancing 
air cargo security posed financial, operational and technological 
challenges to both the agency and to air cargo industry stakeholders. 
In addition, we reported that while TSA had taken initial steps toward 
applying a risk-based approach to address air cargo security, it had 
not yet established a methodology and schedule for completing 
assessments of air cargo vulnerabilities and critical assets. Moreover, 
we reported on the potential challenges the agency and air cargo 
industry stakeholders may face in implementing measures to strengthen 
air cargo security. We made several recommendations to assist TSA in 
developing a comprehensive risk-based approach for securing the 
domestic air cargo transportation system. TSA agreed with our 
recommendations and informed us that it is taking steps to address some 
of these recommendations. For example, in October 2006, TSA revised 
some of the inspection exemptions for domestic and outbound air cargo 
transported on passenger air carriers, consistent with our 
recommendation. TSA also issued an air cargo security rule in May 2006 
that included a number of provisions aimed at enhancing the security of 
inbound air cargo. 

This report provides the results of our examination of the efforts of 
DHS, through TSA and CBP, to secure inbound air cargo, and represents 
the second phase of our congressionally requested work addressing air 
cargo security.[Footnote 12] To help Congress evaluate the status of 
DHS's efforts to secure inbound air cargo, we answered the following 
questions: (1) Within DHS, what actions have TSA and CBP taken to 
secure inbound air cargo, and how, if at all, could these efforts be 
strengthened? (2) What practices have the air cargo industry and select 
foreign governments adopted that could potentially be used to enhance 
TSA's efforts to strengthen inbound air cargo security, and to what 
extent have TSA and CBP worked with foreign governments to enhance 
their air cargo security efforts? 

To determine what actions DHS, through TSA and CBP, has taken to secure 
inbound air cargo, and how, if at all, these efforts could be 
strengthened, we reviewed relevant documents such as TSA's air cargo 
strategic plan, air carrier security programs, and related TSA guidance 
to determine the requirements placed on air carriers for ensuring 
inbound air cargo security.[Footnote 13] We interviewed officials from 
DHS, TSA, and CBP regarding their efforts to develop a strategy for 
securing inbound air cargo and conduct assessments of the 
vulnerabilities and critical assets associated with this area of 
aviation security and compared these efforts with GAO's risk management 
framework. In addition, we interviewed TSA and CBP officials to obtain 
information on their current and planned efforts to secure inbound air 
cargo. We also reviewed the results of TSA's compliance inspections to 
determine the agency's progress in evaluating air carriers' compliance 
with air cargo security requirements, and we reviewed the results of 
foreign airport assessments to identify any deficiencies found related 
to international air cargo standards. We discussed the reliability of 
TSA's compliance inspection data for the period July 2003 to February 
2006 with TSA officials and concluded that they were sufficiently 
reliable for the purposes of this review. We conducted site visits to 
three U.S. airports, which collectively receive about 50 percent of the 
total amount of air cargo transported into the United States, to 
observe inbound air cargo security operations and CBP efforts to 
inspect inbound air cargo. We selected these airports based on several 
factors, including airport size, the volume of air cargo transported to 
these airports from foreign locations, and geographical dispersion. 
Because we selected a nonprobability sample of airports, the results 
from these visits cannot be generalized to other U.S. airports. 
Further, we conducted site visits to seven countries in Europe and Asia 
to observe air cargo security processes and technologies, observe air 
cargo facilities, and obtain information on air cargo security 
practices implemented by foreign governments and industry stakeholders 
to identify those practices that could potentially enhance the 
department's efforts to secure air cargo.[Footnote 14] We selected 
these countries based on several factors, including TSA threat 
rankings, airports located within these countries that process high 
volumes of air cargo, and discussions with U.S. and foreign government 
officials and air cargo industry representatives regarding air cargo 
security practices that may have application to TSA's efforts to secure 
air cargo. Moreover, we observed air cargo security practices at 8 
foreign airports, 4 of which rank among the world's 10 busiest cargo 
airports in terms of volumes of cargo transported. We also obtained 
information on the air cargo security requirements implemented by 10 
additional foreign countries from foreign government officials and 
publicly available documents. We selected these countries based on 
geographical dispersion as well as additional stakeholder input on 
countries implementing air cargo security practices that differ from 
those in the United States. To obtain information on air cargo industry 
and foreign government actions to secure air cargo, and TSA's and CBP's 
efforts to coordinate their security practices to enhance security and 
increase efficiency, referred to as harmonization, we interviewed 
foreign and domestic air carrier (passenger and all-cargo) officials 
from those air carriers that transport the largest volume of air cargo. 
Specifically, we spoke with officials representing 7 of the top 10 air 
cargo carriers based on volume of cargo transported. We also 
interviewed representatives of foreign freight forwarders foreign and 
domestic airport authorities, air cargo industry associations, and U.S. 
and foreign governments.[Footnote 15] More detailed information on our 
scope and methodology is contained in appendix I. 

We conducted our work from October 2005 through February 2007 in 
accordance with generally accepted government auditing standards. 

Results in Brief: 

The two DHS components with responsibilities related to air cargo 
security, TSA and CBP, have taken initial steps to enhance the security 
of inbound air cargo. However, the agencies are only beginning to 
implement inbound air cargo security programs,and opportunities exist 
to strengthen these efforts. TSA and CBP have taken some preliminary 
steps to use risk management principles to guide their investment 
decisions related to inbound air cargo, as advocated by DHS, but most 
of these efforts are in the planning stages. For instance, TSA 
completed a risk-based strategic plan to address domestic air cargo 
security, but has not developed a similar strategy for addressing 
inbound air cargo security, including how best to partner with CBP and 
international air cargo stakeholders. Further, TSA has identified the 
primary threats associated with inbound air cargo, but has not yet 
assessed which areas of inbound air cargo are most vulnerable to attack 
and which inbound air cargo assets are deemed most critical to protect. 
TSA plans to assess inbound air cargo vulnerabilities and critical 
assets--two crucial elements of a risk-based management approach--but 
has not yet established a methodology or time frame for how and when 
these assessments will be completed. Without such assessments, TSA may 
not be able to appropriately focus its resources on the most critical 
security needs. 

Another action TSA has taken is the issuance of its May 2006 air cargo 
security rule, which includes a number of provisions aimed at enhancing 
the security of inbound air cargo. For example, the final rule 
acknowledges that TSA amended its security directives and programs to 
triple the percentage of cargo inspected on domestic and foreign 
passenger aircraft. To implement the requirements contained in the air 
cargo security rule, TSA drafted revisions to its existing security 
programs for domestic and foreign passenger air carriers and created 
new security programs for domestic and foreign all-cargo carriers. 
However, TSA requirements continue to allow inspection exemptions for 
certain types of inbound air cargo transported on passenger air 
carriers.[Footnote 16] This risk is further heightened because TSA has 
limited information on the background and security risk posed by 
foreign shippers whose cargo may fall within these exemptions. TSA 
officials stated that the agency is holding discussions with industry 
stakeholders to determine whether additional revisions to current air 
cargo inspection exemptions are needed. TSA also inspects domestic and 
foreign passenger air carriers with service to the United States to 
assess whether the air carriers are complying with air cargo security 
requirements, such as inspecting a certain percentage of air cargo. 
TSA, however, does not currently inspect all air carriers transporting 
cargo into the United States. While TSA's compliance inspections 
provide useful information, the agency has not developed an inspection 
plan that includes performance goals and measures to determine to what 
extent air carriers are complying with security requirements. 

In addition, while CBP was previously targeting inbound air cargo on 
passenger and all-cargo aircraft for illicit items such as drugs and 
contraband, CBP has only recently begun targeting inbound air cargo 
transported on passenger and all-cargo aircraft that may pose a 
security risk and inspecting such cargo once it arrives in the United 
States. Further, TSA and CBP have taken steps to coordinate their 
efforts to safeguard air cargo transported into the United States to 
include sharing information on TSA's technology development programs, 
among other efforts. However, TSA and CBP do not have a systematic 
process in place to share information that could be used to strengthen 
their efforts, such as the results of TSA air carrier compliance 
inspections, assessments of foreign airports, and air carrier 
inspections of inbound air cargo. Without a systematic process to share 
relevant air cargo security information, TSA and CBP could be missing 
opportunities to more effectively secure inbound air cargo. 

Foreign governments that regulate airports with high volumes of cargo, 
and domestic and foreign air carriers that transport large volumes of 
cargo, employ various air cargo security practices that might have the 
potential to strengthen TSA's efforts to secure inbound air cargo. Some 
of these practices may also help strengthen the security of domestic 
air cargo. We identified four categories of security practices required 
or employed by foreign governments and foreign air carriers, as well as 
domestic air carriers implementing practices required by host 
governments, that are currently not used in the United States. TSA 
officials acknowledged that the agency has not systematically analyzed 
these foreign practices to determine whether they would help strengthen 
the domestic and U.S.-bound air cargo supply chains or the costs 
associated with implementing such practices. For example, air carriers 
in some foreign counties inspect air cargo for potential WMDs prior to 
its loading on a U.S.-bound flight, which neither TSA nor CBP 
requires.[Footnote 17] TSA officials acknowledged that compiling and 
analyzing information on air cargo security practices implemented by 
foreign air carriers and foreign governments may provide opportunities 
to enhance the department's air cargo security program, and they have 
begun an initial review of practices in select countries. However, 
officials also cited challenges to applying these practices in the 
United States and the inbound air cargo supply chain. For example, TSA 
officials stated that increasing the percentage of cargo inspections 
and utilizing various inspection technologies may not be applicable to 
the United States because the volume of air cargo processed in the 
United States is much larger than in most countries. While we recognize 
that differences in cargo volumes and inspection capabilities exist and 
could affect the feasibility and cost of implementing certain practices 
to secure domestic and inbound air cargo, we believe that 
systematically identifying and evaluating the feasibility and costs 
associated with promising foreign air cargo security practices has the 
potential to benefit TSA's efforts to secure domestic and inbound air 
cargo. TSA has also begun working with foreign governments to 
coordinate their security practices to enhance security and increase 
efficiency, referred to as harmonization. For example, TSA officials 
worked with foreign governments to develop internationally agreed upon 
standards for securing air cargo. However, challenges to harmonizing 
security practices may limit the effectiveness of these efforts. For 
instance, some countries may be hesitant to expend additional resources 
that may be necessary to implement common security standards that 
exceed their current security requirements. In addition, some foreign 
governments may have different views than TSA regarding the threats and 
risks associated with air cargo and where their resources should be 
directed. 

To better ensure the security of inbound air cargo, we are recommending 
that DHS direct TSA and CBP to take several actions. These include more 
fully developing a risk-based strategy to address inbound air cargo 
security, including establishing goals and objectives for securing 
inbound air cargo and establishing a methodology and time frames for 
completing assessments of inbound air cargo vulnerabilities and 
critical assets that can be used to help prioritize the actions 
necessary to enhance security; establishing a time frame for completing 
an assessment of whether existing inspection exemptions for inbound air 
cargo pose an unacceptable security vulnerability, and taking steps, if 
necessary, to address identified vulnerabilities; developing 
performance goals and measures to evaluate foreign and domestic air 
carrier compliance with inbound air cargo security requirements; 
developing a systematic process for ensuring communication between TSA 
and CBP regarding their efforts to secure inbound air cargo; and 
compiling and analyzing information on air cargo security practices 
implemented by domestic and foreign air cargo industry stakeholders and 
foreign governments to identify those that could be used to strengthen 
DHS's overall air cargo security program. 

We provided a draft of this report to DHS for review. DHS, in its 
written comments, generally concurred with the report and 
recommendations. However, we have concerns that the actions DHS intends 
to take may not fully address our recommendations. The full text of 
DHS's comments is included in appendix VIII. 

Background: 

The transportation of air cargo between global trading partners 
provides the world economy with critical goods and components. Air 
cargo valued at almost $400 billion entered the United States in fiscal 
year 2004. According to TSA, approximately 200 U.S. and foreign air 
carriers currently transport cargo into the United States from foreign 
countries. During calendar year 2005, almost 9.4 billion pounds of 
cargo was shipped by air into the United States. About 40 percent of 
this amount, or 4 billion pounds, traveled onboard passenger aircraft. 
Typically, about one-half of the hulls of each passenger aircraft 
transporting cargo are filled with cargo. 

Air cargo includes freight and express packages that range in size from 
small to very large, and in type from perishables to machinery, and can 
include items such as electronic equipment, automobile parts, clothing, 
medical supplies, other dry goods, fresh cut flowers, fresh seafood, 
fresh produce, tropical fish, and human remains. Cargo can be shipped 
in various forms, including large containers known as unit loading 
devices that allow many packages to be consolidated into one container 
that can be loaded on an aircraft, wooden crates, assembled pallets, or 
individually wrapped/boxed pieces, known as break bulk cargo. 

Participants in the international air cargo shipping process include 
shippers, such as individuals and manufacturers; freight forwarders or 
regulated agents, who consolidate shipments and deliver them to air 
carriers; air cargo handling agents, who process and load cargo onto 
aircraft on behalf of air carriers; and passenger and all-cargo 
carriers that store, load, and transport air cargo.[Footnote 18] 
International air cargo may have been transported via ship, train, or 
truck prior to its loading onboard an aircraft. Shippers typically send 
cargo by air in one of two ways. Figure 1 depicts the two primary ways 
in which a shipper may send cargo by air to the United States. 

Figure 1: Flow of Air Cargo Transported to the United States: 

[See PDF for image] 

Source: GAO (analysis(; MapArt (map); ArtExplosion and GAO (art). 

[End of figure] 

A shipper may take its packages to a freight forwarder, or regulated 
agent, which consolidates cargo from many shippers and delivers it to 
air carriers. The freight forwarder usually has cargo facilities at or 
near airports and uses trucks to deliver bulk freight to air carriers-
-either to a cargo facility or to a small-package receiving area at the 
ticket counter. A shipper may also send freight by directly packaging 
and delivering it to an air carrier's ticket counter or sorting center 
where either the air carrier or a cargo handling agent will sort and 
load cargo onto the aircraft. The shipper may also have cargo picked up 
and delivered by an all-cargo carrier, or choose to take cargo directly 
to a carriers' retail facility for delivery. As noted in figure 1, the 
inspections of air cargo can take place at several different points 
throughout the supply chain. For example, inspections can take place at 
freight forwarders or regulated agent's consolidation facility, or at 
the air carrier's sorting center. 

TSA and CBP Responsibilities for Ensuring the Security of Inbound Air 
Cargo: 

TSA's Responsibilities Related to Securing Inbound Air Cargo: 

The Aviation and Transportation Security Act (ATSA) charged TSA with 
the responsibility for ensuring the security of the nation's 
transportation systems, including the transportation of cargo by air 
into the United States.[Footnote 19] In fulfilling this responsibility, 
TSA (1) enforces security requirements established by law and 
implemented through regulations, security directives, TSA-approved 
security programs, and emergency amendments, covering domestic and 
foreign passenger and all-cargo carriers that transport cargo into the 
United States; (2) conducts inspections to assess air carriers' 
compliance with established requirements and procedures; (3) conducts 
assessments at foreign airports to assess compliance with international 
aviation security standards, including those related to air cargo; and 
(4) conducts research and development of air cargo security 
technologies.[Footnote 20] 

Air carriers (passenger and all-cargo) are responsible for implementing 
TSA security requirements, predominantly through a TSA-approved 
security program that describes the security policies, procedures, and 
systems the air carrier will implement and maintain in order to comply 
with TSA security requirements.[Footnote 21] These requirements include 
measures related to the acceptance, handling, and inspection of cargo; 
training of employees in security and cargo inspection procedures; 
testing employee proficiency in cargo inspection; and access to cargo 
areas and aircraft. If threat information or events indicate that 
additional security measures are needed to secure the aviation sector, 
TSA may issue revised or new security requirements in the form of 
security directives or emergency amendments applicable to domestic or 
foreign air carriers. The air carriers must implement the requirements 
set forth in the security directives or emergency amendments in 
addition to those requirements already imposed and enforced by TSA. 

Under TSA regulations, the responsibility for inspecting air cargo is 
assigned to air carriers. TSA requirements, described in air carrier 
security programs, security directives, and emergency amendments, allow 
air carriers to use several methods and technologies to inspect 
domestic and inbound air cargo. These include manual physical searches 
and comparisons between airway bills and cargo contents to ensure that 
the contents of the cargo shipment matches the cargo identified in 
documents filed by the shipper, as well as using approved technology, 
such as X-ray systems, explosive trace detection systems, decompression 
chambers, explosive detection systems, and TSA explosives detection 
canine teams.[Footnote 22] (For an example of X-ray technology used by 
air carriers to inspect air cargo prior to its transportation to the 
United States, see fig. 2). TSA currently requires passenger air 
carriers to randomly inspect a specific percentage of non exempt air 
cargo pieces listed on each airway bill.[Footnote 23] Under TSA's 
inbound air cargo inspection requirements, passenger air carriers can 
exempt certain cargo from inspection.[Footnote 24] TSA does not 
regulate foreign freight forwarders, or individuals or businesses that 
have their cargo shipped by air to the United States. 

Figure 2: Type of X-ray Technology Used by Some Foreign Air Carriers to 
Inspect Air Cargo Bound for the United States: 

[See PDF for image] 

Source: GAO. 

[End of figure] 

To assess whether air carriers properly implement TSA inbound air cargo 
security regulations, the agency conducts regulatory compliance 
inspections of foreign and domestic air carriers at foreign airports. 
Currently, TSA conducts compliance inspections of domestic and foreign 
passenger carriers transporting cargo into the United States, but does 
not perform such inspections of all air carriers transporting inbound 
air cargo. TSA inspects air cargo procedures as part of its broader 
international aviation security inspections program, which also 
includes reviews of regulations such as aircraft and passenger 
security. Compliance inspections can include reviews of documentation, 
interviews of air carrier personnel, and direct observations of air 
cargo operations.[Footnote 25] Air carriers are subject to inspection 
in several areas of cargo security, including accepting cargo from 
unknown shippers, access to cargo, and security training and testing. 
Appendix II contains a detailed description of TSA's efforts to assess 
air carrier compliance with inbound air cargo security requirements. 

In addition, TSA assesses the effectiveness of the security measures 
maintained at foreign airports that serve U.S. air carriers, from which 
foreign air carriers serve the United States, or that pose a high risk 
of introducing danger to international air travel.[Footnote 26] To 
conduct its assessments, TSA must consult with appropriate foreign 
officials to establish a schedule to visit each of these foreign 
airports. TSA assessments evaluate the security policies and procedures 
in place at a foreign airport to ensure that the procedures meet 
baseline international aviation security standards, including air cargo 
security standards. For further information on TSA's foreign airport 
assessments including the results of its assessment conducted during 
fiscal year 2005, see appendix III. 

CBP's Responsibilities Related to Inbound Air Cargo Security: 

CBP determines the admissibility of cargo entering the United States 
and is authorized to inspect inbound air cargo for security purposes. 
Specifically, CBP requires air carriers to submit cargo manifest 
information prior to the aircraft's arrival in the United 
States.[Footnote 27] CBP also has authority to negotiate with foreign 
nations to place CBP officers abroad to inspect persons and merchandise 
prior to their arrival in, or subsequent to their exit from, the United 
States, but has not yet negotiated arrangements with foreign host 
nations to station CBP officers overseas for the purpose of inspecting 
high-risk air cargo shipments.[Footnote 28] At U.S. airports, CBP 
officers may conduct searches of persons, vehicles, baggage, cargo, and 
merchandise entering or departing the United States.[Footnote 29] Since 
September 11, 2001, CBP's priority mission has focused on keeping 
terrorists and their weapons from entering the United States.[Footnote 
30] To carry out this responsibility, CBP employs several systems and 
programs. CBP's Automated Targeting System (ATS) is a model that 
combines manifest and entry declaration information into shipment 
transactions and uses historical, specific enforcement, and other data 
to help target cargo shipments for inspection.[Footnote 31] ATS also 
has targeting rules that assign a risk score to each arriving shipment 
based in part on manifest information, as well as other shipment 
information, and potential threat or vulnerability information, which 
CBP staff use to make decisions on the extent of inspection to be 
conducted once the cargo enters the United States.[Footnote 32] To 
support its targeting system, CBP requires air carriers to submit cargo 
manifest information prior to the flight arriving in the United 
States.[Footnote 33] CBP officers use the ATS risk scores to help them 
make decisions regarding the extent of inspection to be conducted once 
the cargo arrives in the United States.[Footnote 34] Shipments 
identified by CBP as high risk through its ATS targeting system are to 
undergo mandatory security inspections. CBP officers may also inspect 
air cargo if they determine that a particular shipment is suspicious or 
somehow poses a threat.[Footnote 35] 

CBP uses a variety of non intrusive technologies and methods to inspect 
some air cargo once it arrives in the United States. For example, CBP 
officers carry personal handheld radiation detectors, as well as 
handheld radioactive isotope identification devices which can 
distinguish between different types of radiological material, such as 
that used in medicine or industry from weapons-grade material. Other 
technologies and methods CBP uses to inspect inbound air cargo include 
mobile X-ray machines contained in vans, pallet X-ray systems, mobile 
vehicle and cargo inspection systems (VACIS), and canine 
teams.[Footnote 36] The results of the nonintrusive inspections 
determine the need for additional measures, which could include 
physical inspections conducted by CBP officers. Figure 3 shows an 
example of CBP officers using nonintrusive technology to inspect 
inbound air cargo upon its arrival in the United States. 

Figure 3: CBP Officers Using Nonintrusive Technology to Inspect Inbound 
Air Cargo: 

[See PDF for image] 

Source: GAO. 

Mobile X-ray machines. 

[End of figure] 

To strengthen the security of the inbound cargo supply chain, the U.S. 
Customs Service (now CBP) initiated the voluntary Customs-Trade 
Partnership Against Terrorism (C-TPAT) program in November 2001. This 
program provides companies that implement CBP-defined security 
practices a reduced likelihood that their cargo will be inspected once 
it arrives in the United States.[Footnote 37] To become a member of C- 
TPAT, companies must first submit signed C-TPAT agreements affirming 
their desire to participate in the voluntary program. Companies must 
also provide CBP with security profiles that describe the current 
security procedures they have in place, such as pre-employment 
screening, periodic background reviews, and employee training on 
security awareness and procedures. CBP reviews a company's application 
to identify any weaknesses in the company's security procedures and 
work with the company to resolve these weaknesses. Once any weaknesses 
are addressed, CBP signs an agreement stating that the company is 
considered to be a certified C-TPAT member, eligible for program 
benefits.[Footnote 38] 

After certification, CBP has a process for validating that C-TPAT 
members have implemented security measures. During the validation 
process, CBP staff meet with company representatives to verify supply 
chain security measures. The validation process includes visits to the 
company's U.S. and foreign sites, if any. Upon completion of the 
validation process, CBP reports back to the company on any identified 
areas that need improvement and suggested corrective actions, as well 
as a determination of whether program benefits are still warranted for 
the company. According to CBP officials, they use a risk-based approach 
for identifying the priority in which C-TPAT participants should be 
validated.[Footnote 39] 

International Air Cargo Security Standards and Recommended Practices: 

The International Civil Aviation Organization (ICAO) is a specialized 
agency of the United Nations in charge of coordinating and regulating 
international air transportation. ICAO was established by the 
Convention on International Civil Aviation (also known as the Chicago 
Convention) in 1944 and is composed of over 180 member nations with 
aviation service capabilities. In 1974, ICAO established aviation 
security standards and recommended practices to ensure a baseline level 
of security. These standards are aimed at preventing suspicious 
objects, weapons, explosives, or other dangerous devices from being 
placed on board passenger aircraft either through concealment, in 
otherwise legitimate shipments, or through gaining access to air cargo 
shipments via cargo-handling areas. The standards call for member 
nations to implement measures to ensure the protection of air cargo 
being moved within an airport and intended for transport on an 
aircraft, and to ensure that aircraft operators do not accept cargo on 
passenger flights unless application of security controls has been 
confirmed and accounted for by a regulated agent or that such cargo has 
been subjected to appropriate security controls. ICAO standards also 
provide that except for reasons of aviation security, member states 
should not require the physical inspection of all air cargo that is 
imported or exported. In general, member states should apply risk 
management principles (such as targeting higher-risk cargo) to 
determine which goods should be examined and the extent of that 
examination. While compliance with these standards is voluntary, all 
180 ICAO members, including the United States, have committed to 
incorporating these standards into their national air cargo security 
programs.[Footnote 40] 

The International Air Transport Association (IATA) represents about 260 
air carriers constituting 94 percent of international scheduled air 
traffic. Building upon ICAO's standards, IATA issued voluntary 
recommended practices and guidelines to help ensure that global air 
cargo security measures are uniform and operationally manageable. For 
example, IATA published a manual that, among other things, encourages 
air carriers to implement measures and procedures to prevent explosives 
or other dangerous devices from being accepted for transport by air, 
conduct pre-employment checks on individuals involved in the handling 
or inspection of air cargo, and ensure the security of all shipments 
accepted from persons other than known shippers[Footnote 41] or 
regulated agents through physical inspection or some type of screening 
process. IATA also developed guidelines to assist air carriers in 
developing security policies by providing detailed suggestions for 
accepting, handling, inspecting, storing, and transporting air cargo. 

The World Customs Organization (WCO) consists of 166 member nations, 
representing 99 percent of global trade, including cargo transported by 
air. In June 2005, WCO established its Framework of Standards to Secure 
and Facilitate Global Trade that, among other things, sets forth 
principles and voluntary minimum security standards to be adopted by 
its members. The framework provides guidance for developing methods to 
target and inspect high-risk cargo, establishes time frames for the 
submission of information on cargo shipments, and identifies inspection 
technology that could be used to inspect high-risk cargo. 

Applying a Risk-Managed Approach for Securing Inbound Air Cargo: 

Risk management is a tool for informing policy makers' decisions about 
assessing risks, allocating resources, and taking actions under 
conditions of uncertainty. In recent years, the President, through 
Homeland Security Presidential Directives (HSPD), and Congress, more 
recently through the Intelligence Reform and Terrorism Prevention Act 
of 2004, required federal agencies with homeland security 
responsibilities to apply risk-based principles to inform their 
decision making regarding allocating limited resources and prioritizing 
security activities. The National Commission on Terrorist Attacks Upon 
the United States (also known as the 9/11 Commission), recommended that 
the U.S. government identify and evaluate the transportation assets 
that need to be protected, set risk-based priorities for defending 
them, select the most practical and cost-effective ways of doing so, 
and then develop a plan, budget, and funding to implement the 
effort.[Footnote 42] In addition, DHS issued the National Strategy for 
Transportation Security in 2005 that describes the policies DHS will 
apply when managing risks to the security of the U.S. transportation 
system.[Footnote 43] We have previously reported that a risk management 
approach can help to prioritize and focus the programs designed to 
combat terrorism. As applied in the homeland security context, risk 
management can help officials make decisions about resource allocations 
and associated trade-offs in preparing defenses against acts of 
terrorism and other threats. We have recommended that TSA apply a 
comprehensive risk-based approach for securing the domestic air cargo 
transportation system.[Footnote 44] 

The Homeland Security Act of 2002 also directed the department's 
Directorate of Information Analysis and Infrastructure Protection to 
use risk management principles in coordinating the nation's critical 
infrastructure protection efforts.[Footnote 45] This includes 
integrating relevant information, and analysis and vulnerability 
assessments to identify priorities for protective and support measures 
by the department, other federal agencies, state and local government 
agencies and authorities, the private sector, and other entities. 
Homeland Security Presidential Directive 7 and the Intelligence Reform 
and Terrorism Prevention Act of 2004 further define and establish 
critical infrastructure protection responsibilities for DHS and those 
federal agencies given responsibility for particular industry sectors, 
such as transportation. In June 2006, DHS issued the National 
Infrastructure Protection Plan (NIPP), which named TSA as the primary 
federal agency responsible for coordinating critical infrastructure 
protection efforts within the transportation sector, which includes all 
modes of transportation.[Footnote 46] The NIPP requires federal 
agencies to work with the private sector to develop plans that, among 
other things, identify and prioritize critical assets for their 
respective sectors. In accordance with the NIPP, TSA must conduct and 
facilitate risk assessments in order to identify, prioritize, and 
coordinate the protection of critical transportation systems 
infrastructure, as well as develop risk-based priorities for the 
transportation sector. TSA officials reported that work is now under 
way on specific plans for each mode of transportation, but as of 
January 2007, they were not completed. 

To provide guidance to agency decision makers, we have created a risk 
management framework, which is intended to be a starting point for 
applying risk-based principles. Our risk management framework entails a 
continuous process of managing risk through a series of actions, 
including setting strategic goals and objectives, assessing risk, 
evaluating alternatives, selecting initiatives to undertake, and 
implementing and monitoring those initiatives. DHS's NIPP describes a 
risk management process that closely mirrors our risk management 
framework. 

Setting strategic goals, objectives, and constraints is a key first 
step in applying risk management principles and helps to ensure that 
management decisions are focused on achieving a purpose. These 
decisions should take place in the context of an agency's strategic 
plan that includes goals and objectives that are clear and concise. 
These goals and objectives should identify resource issues and other 
factors to achieving the goals. Further, the goals and objectives of an 
agency should link to a department's overall strategic plan. The 
ability to achieve strategic goals depends, in part, on how well an 
agency manages risk. The agency's strategic plan should address risk- 
related issues that are central to the agency's overall mission. 

Risk assessment, an important element of a risk-based approach, helps 
decision makers identify and evaluate potential risks so that 
countermeasures can be designed and implemented to prevent or mitigate 
the effects of the risks. Risk assessment is a qualitative and/or 
quantitative determination of the likelihood of an adverse event 
occurring and the severity, or impact, of its consequences. Risk 
assessment in a homeland security application often involves assessing 
three key elements--threat, vulnerability, and criticality or 
consequence. A threat assessment identifies and evaluates potential 
threats on the basis of factors such as capabilities, intentions, and 
past activities. A vulnerability assessment identifies weaknesses that 
may be exploited by identified threats and suggests options to address 
those weaknesses. A criticality or consequence assessment evaluates and 
prioritizes assets and functions in terms of specific criteria, such as 
their importance to public safety and the economy, as a basis for 
identifying which structures or processes are relatively more important 
to protect from attack. Information from these three assessments 
contributes to an overall risk assessment that may characterize risks 
on a scale such as high, medium, or low and provides input for 
evaluating alternatives and management prioritization of security 
initiatives. The risk assessment element in the overall risk management 
cycle may be the largest change from standard management steps and can 
be important to informing the remaining steps of the cycle. For further 
details on our risk management framework, see appendix IV. 

DHS Has Taken Initial Steps to Secure Inbound Air Cargo, and 
Opportunities Exist to Strengthen These Efforts: 

The two components within DHS responsible for air cargo security, TSA 
and CBP, have initiated efforts to better secure inbound air cargo, but 
these efforts are in the early stages and could be enhanced. While TSA 
and CBP have taken some preliminary steps to use risk management 
principles to guide their decisions related to inbound air cargo 
security, most of TSA's and CBP's efforts to enhance inbound air cargo 
security are still largely in the planning stages. For instance, TSA 
has completed a strategic plan to address domestic air cargo security 
and has identified the primary threats associated with inbound air 
cargo. However, the agency has not identified goals and objectives for 
addressing inbound air cargo security, such as how it will coordinate 
with CBP to ensure that all relevant areas of inbound air cargo 
security are addressed. Further, TSA has not assessed which areas of 
inbound air cargo are most vulnerable to attack and which assets are 
deemed most critical to protect. Another action TSA has taken is the 
publication of its final air cargo security rule in May 2006 that 
included a number of provisions aimed at enhancing the security of 
inbound air cargo. However, TSA's inbound air cargo inspection 
requirements continue to allow for a number of exemptions for cargo 
transported on passenger air carriers, which could be exploited to 
transport an explosive device. In addition, TSA conducts compliance 
inspections of domestic and foreign passenger air carriers transporting 
cargo into the United States, but the agency has not developed an 
inspection plan that would establish goals and measures for its 
inspection program to evaluate air carriers' performance against 
expected results. Also within DHS, CBP has recently initiated efforts 
to mitigate the threat of a WMD entering the United States by targeting 
inbound air cargo transported on passenger and all-cargo aircraft that 
may pose a security risk and inspecting such cargo once it arrives in 
the United States. CBP also manages the C-TPAT program, which 
encourages those businesses involved in the transportation of cargo 
into the United States to enhance their security practices. However, 
CBP is still in the early stages of developing specific security 
criteria for air carriers participating in the program. In addition, 
DHS is in the early stages of researching, developing, and testing 
technologies to enhance the security of air cargo, but has not yet 
assessed the results or determined whether these technologies will be 
deployed abroad. Finally, TSA and CBP have taken steps to coordinate 
their responsibilities to safeguard air cargo transported into the 
United States, but the two agencies do not have a systematic process in 
place to share information that could be used to strengthen their 
efforts to secure inbound air cargo. 

TSA and CBP Have Taken Preliminary Steps to Incorporate Risk Management 
Principles into Their Decision Making to Secure Inbound Air Cargo, but 
Most Efforts Are in the Planning Stages: 

Within DHS, TSA and CBP have begun incorporating risk management 
principles into their inbound air cargo security programs, but these 
efforts are in the early stages and more work remains to be done. 
Applying a risk management framework to decision making is one tool to 
help provide assurance that programs designed to combat terrorism are 
properly prioritized and focused. Thus, risk management, as applied in 
the homeland security context, can help decision makers to more 
effectively and efficiently prepare defenses against acts of terrorism 
and other threats. Risk management principles can be incorporated on a 
number of different levels within an agency's operations. For example, 
CBP's ATS system uses information from various sources to assign risk 
scores to cargo, as part of its risk-managed approach to cargo 
security. Another example of a risk management activity is considering 
risk when allocating resources. TSA has underscored the importance of 
implementing a risk-based approach that protects against known threats, 
but that is also sufficiently flexible to direct resources to mitigate 
new and emerging threats. According to TSA, the ideal risk model would 
be one that could be used throughout the transportation sector and 
applicable to different threat scenarios. 

As part of TSA's risk-based approach, the agency issued an Air Cargo 
Strategic Plan in November 2003 that focused on securing the domestic 
air cargo supply chain and transportation system. However, this plan 
does not describe how the agency plans to secure inbound air 
cargo.[Footnote 47] TSA's Air Cargo Strategic Plan describes an 
approach for screening or reviewing information on all domestic air 
cargo shipments to determine their level of relative risk, ensuring 
that 100 percent of cargo identified as posing an elevated risk is 
physically inspected, and pursuing technological solutions to 
physically inspect air cargo. This approach to target elevated risk 
domestic air cargo for inspection, however, is not yet in place. In 
developing its Air Cargo Strategic Plan, TSA coordinated with air cargo 
industry stakeholders representing passenger and all-cargo carriers, as 
well as with CBP to assist in developing a system for targeting 
domestic air cargo.[Footnote 48] TSA's Air Cargo Strategic Plan, 
however, does not include goals and objectives for addressing inbound 
air cargo security, which presents different security challenges than 
domestic air cargo.[Footnote 49] 

According to CBP, the agency has begun a comprehensive review of its 
current air cargo security strategy, including how C-TPAT as well as 
relevant TSA programs can be incorporated into this strategy. As part 
of its risk management efforts, CBP developed a strategic plan covering 
fiscal years 2007-2011 focusing on securing the nation's borders at 
ports of entry, including airports. This plan includes a discussion on 
how CBP will use risk-based principles to guide decisions related to 
securing inbound air cargo. For example, to achieve CBP's strategic 
objective of screening all goods entering the United States by air, CBP 
plans to develop an approach to increase the percentage of goods for 
which it receives advance information. By increasing the amount of 
information available, CBP can better identify low-risk goods and move 
them quickly through the port of entry, while focusing its resources on 
inspecting cargo that represents higher risks. 

As TSA develops a strategy for inbound air cargo, it will be important 
to work with CBP to ensure that the two agencies coordinate their 
respective responsibilities for securing inbound air cargo and leverage 
available information to ensure vulnerabilities are addressed. For 
example, during discussions with TSA and CBP officials, we determined 
that, due in part to a lack of coordination between the two agencies, 
neither agency was addressing an area that both considered a potential 
threat to air cargo security. Although TSA and CBP have not stated 
whether this issue results in a vulnerability to the cargo's transport 
to the United States, some air cargo industry stakeholders with whom we 
spoke told us it represents a security vulnerability.[Footnote 50] 

TSA officials acknowledged that it is important to partner with CBP, 
foreign governments, and international air cargo stakeholders in 
developing a strategy for securing inbound air cargo. TSA officials 
stated that they plan to revise their existing domestic air cargo 
strategic plan and will consider incorporating a strategy for 
addressing inbound air cargo security at that time. However, as of 
January 2007, agency officials had not set a time frame for when TSA 
will complete this revision, and the extent to which this plan will 
address inbound air cargo is unclear. CBP officials stated that their 
input could contribute to any strategy developed by TSA, and that CBP 
is in the initial stages of developing its own air cargo strategic 
plan, scheduled for completion by the end of 2007. 

In addition to developing a strategic plan, a risk management framework 
in the homeland security context should include risk assessments, which 
typically involve three key elements--threats, vulnerabilities, and 
criticality or consequence (for more information on our risk management 
framework, see app. IV). Information from these three assessments 
provides input for setting priorities, evaluating alternatives, 
allocating resources, and monitoring security initiatives. TSA has 
completed an assessment of air cargo threats, but has not assessed air 
cargo vulnerabilities or critical assets. 

In September 2005, TSA's Transportation Security Intelligence Service 
(TSIS) completed an overall threat assessment for air cargo, which 
identified general and specific threats related to both domestic and 
inbound air cargo.[Footnote 51] According to TSA, the primary threats 
to inbound air cargo focus on the introduction of an explosive device 
in cargo loaded on a passenger aircraft, and the hijacking of an all- 
cargo aircraft resulting in its use as a weapon to inflict mass 
destruction.[Footnote 52] As stated previously, TSA, CBP, and industry 
stakeholders have also identified the introduction and transport of a 
WMD or its component parts as a potential threat.[Footnote 53] TSA has 
characterized the threats to inbound air cargo as high and has 
identified air cargo as a primary aviation target for terrorists in the 
short term. However, TSA has not evaluated the relative security risk 
presented by inbound air cargo compared to other areas of aviation 
security, such as passengers and checked baggage.[Footnote 54] 

While TSA has acknowledged that the vulnerabilities to inbound air 
cargo would likely be similar to those of domestic air cargo, TSA has 
not conducted a vulnerability assessment, nor has it identified 
vulnerabilities specific to inbound air cargo.[Footnote 55] TSA 
officials stated that the agency is first planning to conduct an 
assessment of domestic air cargo vulnerabilities before initiating an 
assessment of inbound air cargo vulnerabilities. TSA does not plan to 
complete its assessment of domestic air cargo vulnerabilities until 
late in 2007, thus potentially delaying the start of an assessment of 
the inbound air cargo vulnerabilities until 2008. According to TSA 
officials, limited resources and competing priorities have delayed 
agency efforts to conduct an assessment of inbound air cargo security 
vulnerabilities. Nevertheless, TSA officials acknowledge that 
vulnerabilities to inbound air cargo exist and that these 
vulnerabilities are in some cases similar to those facing the domestic 
air cargo supply chain.[Footnote 56] 

TSA officials stated that conducting vulnerability assessments for 
inbound air cargo will be difficult because these assessments require 
an understanding of the inbound air cargo supply chain, and while the 
agency has some information on the supply chains of several foreign 
countries, it does not have access to that information for many others. 
Although agency officials reported that they have taken initial steps 
toward developing a methodology for assessing inbound air cargo 
security vulnerabilities, they have not established a time frame for 
completing the methodology or determined when the vulnerability 
assessments will be conducted. TSA officials acknowledged that 
conducting assessments to identify vulnerabilities associated with 
inbound air cargo, and analyzing the results of such assessments, could 
help to strengthen the agency's efforts to secure inbound air cargo by 
providing information that could be used to develop measures to address 
identified vulnerabilities. Air cargo industry stakeholders we spoke 
with, including those representing domestic and foreign air carriers, 
agreed that TSA-led vulnerability assessments could help to identify 
air cargo security weaknesses and develop measures to mitigate these 
weaknesses. 

TSA also has not developed a methodology or schedule for completing an 
assessment to identify those inbound air cargo assets deemed most 
critical to protect, or whose destruction would cause the most severe 
damage to the United States. TSA officials stated that inbound air 
cargo assets mirror domestic air cargo assets, and could include 
workers, facilities, and aircraft. According to TSA, factors that could 
be used to define critical inbound air cargo assets include the number 
of fatalities resulting from a terrorist attack on a domestic or 
foreign cargo facility or aircraft; the economic or political 
importance of the asset; and consequences that an attack would have on 
the public's confidence in the U.S. government's ability to maintain 
order, among other things. According to TSA officials, the agency will 
conduct an assessment of critical inbound air cargo assets once it has 
completed its vulnerability and criticality assessments for domestic 
air cargo expected in 2007. 

The need for an assessment of critical transportation infrastructure, 
which could include inbound air cargo assets, has been identified by 
various sources, including DHS's NIPP and National Strategy for 
Transportation Security, and a number of Presidential Directives. The 
9/11 Commission also recommended that the U.S. government identify and 
evaluate the transportation assets that need to be protected, set risk- 
based priorities for defending them, select the most practical and cost-
effective ways of doing so, and develop a plan, budget, and funding to 
implement the effort. TSA officials we spoke with acknowledged that 
such assessments could better enable the agency to prioritize its 
efforts by focusing on high-priority or high-value inbound air cargo 
assets, and by targeting resources to address the most critical inbound 
air cargo security risks. Moreover, TSA officials agreed that analyzing 
the results of a criticality assessment could provide the basis for 
taking immediate protective actions depending on the threat 
environment, and guiding future agency decisions related to securing 
the inbound air cargo transportation system. 

TSA Revised its Security Programs to Require Air Carriers Transporting 
Cargo into the United States to Implement Additional Air Cargo Security 
Measures, but the Programs Do Not Address Some Areas of Inbound Air 
Cargo Security: 

In May 2006, TSA issued a final rule that revised some of the 
requirements air carriers need to follow to ensure air cargo security. 
While TSA's air cargo security rule is focused primarily on domestic 
air cargo, it also includes more stringent security requirements for 
passenger and all-cargo carriers transporting cargo into the United 
States.[Footnote 57] For example, TSA created a new mandatory security 
regime for domestic and foreign all-cargo air carrier operations. The 
final rule also acknowledges that TSA amended its security directives 
and programs to triple the percentage of cargo inspected on domestic 
and foreign passenger aircraft.[Footnote 58] TSA currently requires 
foreign and domestic all-cargo carriers to inspect a different 
percentage of nonexempt items prior to the cargo's loading.[Footnote 
59] 

While the air cargo security rule establishes general requirements air 
carriers must follow to secure inbound air cargo, TSA is currently 
drafting and revising security programs to incorporate applicable 
elements of the rule and with which air carriers will need to comply. 
These security programs will address inbound, outbound, and domestic 
air cargo operations. TSA regulations require that each air carrier, 
foreign or domestic, adopt a security program that incorporates 
applicable security requirements and that is approved by TSA. Once TSA 
finalizes revisions to the security programs--which for domestic 
passenger air carriers is known as the Aircraft Operator Standard 
Security Program (AOSSP) and for foreign passenger air carriers is 
known as the Model Security.  

Program (MSP)--TSA will require air carriers to amend their security 
programs to reflect TSA's new requirements.[Footnote 60] TSA also 
drafted new security programs for domestic all-cargo carriers, referred 
to as the Full All-Cargo Aircraft Operator Standard Security Program 
(FACAOSSP), and for foreign all-cargo carriers, referred to as the All- 
Cargo International Security Program (ACISP).[Footnote 61] As of 
January 2007, TSA had yet to issue the final security programs. Air 
carriers will be required to be in full compliance with the revised and 
new security programs on a date to be established by the agency. 
However, TSA officials could not provide a time frame for when these 
programs would be finalized, nor has the date that air carriers will be 
required to be in compliance with the new and revised security programs 
been announced.[Footnote 62] 

After TSA issued its final air cargo security rule and released its 
draft security programs for comment, the agency held eight listening 
sessions in five cities to provide industry an opportunity to share its 
views on the proposed requirements before the final security programs 
are issued. At these listening sessions, some air carriers were pleased 
that TSA had taken action to strengthen air cargo security. Other air 
carriers, however, expressed concerns regarding the cost and 
feasibility of implementing TSA's air cargo security requirements 
contained in the agency's draft security programs.[Footnote 63] Air 
carriers present at these listening sessions also stated that given the 
operational changes they would need to make to implement TSA's new air 
cargo security requirements, TSA should provide air carriers sufficient 
time to fully comply with the new and revised security programs. 
Although passenger air carriers expressed concern regarding the 
implementation of measures contained in the final rule and draft 
security programs, most of their comments relate to domestic air cargo 
security. Domestic and foreign all-cargo carriers cited several 
challenges related to TSA's draft security programs for all-cargo 
carriers. These included: 

* new requirements for inspecting 100 percent of certain nonexempt 
inbound air cargo viewed as unnecessary, burdensome to implement, and 
costly; 

* proposed revisions to existing inspection exemptions based on weight 
and packaging viewed as negatively affecting delivery of specific cargo 
shipments; 

* application of new inspection and other requirements viewed as not 
consistent with identified threats to the air cargo industry; 

* difficultly determining which TSA requirements apply to all-cargo 
carriers versus which apply to cargo transferred from an all-cargo 
aircraft to a passenger aircraft; and: 

* a proposed requirement to train carrier personnel to screen 
individuals and their property transported on an all-cargo flight 
viewed as unwarranted because very few individuals other than crew 
members fly on these aircraft. 

Among other things, the draft security programs for foreign and 
domestic passenger carriers would require the physical inspection of 
air cargo shipments, including manual searches and the use of 
technology, in addition to other methods currently in use. The primary 
concern expressed by all-cargo carriers about the draft security 
programs focus on air cargo inspection requirements. Specifically, some 
all-cargo carriers did not understand TSA's rationale for requiring 
them to inspect 100 percent of certain types of nonexempt cargo and 
noted that this would require them to inspect three times more cargo 
than passenger carriers are required to inspect. According to some all- 
cargo carriers, TSA has not adequately explained any additional risk to 
all-cargo carriers that would justify the new inspection requirements. 
TSA officials stated that the agency will review the comments submitted 
by industry stakeholders regarding the new and revised security 
programs prior to issuing the final security programs. 

Inspection Exemptions Pose a Potential Vulnerability for Air Cargo 
Transported into the United States: 

In our October 2005 report, we noted that TSA's inspection requirements 
allowed carriers to exempt certain types of air cargo from 
inspection.[Footnote 64] These exemptions may leave the air cargo 
transportation system vulnerable to terrorist attack. We reported that 
a terrorist could place an explosive device in an exempt piece of 
cargo, which would not be detected prior to its loading onto aircraft 
because such cargo is not subject to inspection. We recommended that 
TSA assess the rationale for the exemptions, determine whether these 
exemptions pose vulnerabilities, and determine whether adjustments were 
needed.[Footnote 65] According to TSA officials, the agency originally 
chose to exempt certain cargo from the inspection requirements because 
it did not view the exempted cargo as posing a significant security 
risk and because the time required to inspect certain cargo could 
adversely affect the flow of commerce. 

TSA recognized, however, that some of the inspection exemptions could 
pose a potential vulnerability, and convened an internal cargo policy 
working group in February 2006 to examine air cargo policies and 
regulations that apply to inbound, outbound, and domestic air cargo, 
including inspection exemptions, to identify requirements that may 
allow for unacceptable security gaps. In March 2006, the working group 
made several recommendations to TSA related to the inspection 
exemptions for cargo transported on passenger aircraft. The working 
group's recommendations included more stringent inspection requirements 
for passenger carriers. In October 2006, TSA issued a security 
directive and emergency amendment to domestic and foreign passenger air 
carriers operating within and from the United States that implemented 
elements of the recommendations of the internal working group. However, 
these new requirements do not cover all air carriers.[Footnote 66] 

In addition to the actions TSA took to address the working group's 
recommendations, the agency is also considering limiting some of the 
inspection exemptions for all-cargo carriers, and has drafted security 
programs for foreign and domestic all-cargo carriers aimed at 
strengthening the security of inbound, outbound, and domestic air 
cargo. The draft programs for all-cargo carriers would require all- 
cargo carriers to inspect 100 percent of certain nonexempt air 
cargo.[Footnote 67] TSA officials stated that prior to issuing the 
final security programs, the agency will consider comments by all-cargo 
carriers on this proposed requirement. 

Under TSA's revisions to the inspection exemptions for passenger air 
carriers transporting cargo from and within the United States, and 
TSA's proposed changes to the inspection exemptions contained in the 
draft security programs for all-cargo carriers, certain types of air 
cargo will remain exempt from inspection.[Footnote 68] These remaining 
exemptions for both all-cargo and passenger air carriers transporting 
cargo into the United States continue to represent potential 
vulnerabilities to the air cargo transportation system.[Footnote 69] 
According to TSA officials, the agency has not established a time frame 
for completing its assessment of whether existing inspection exemptions 
pose an unacceptable security vulnerability. 

Some all-cargo carriers expressed concern over TSA's proposal to 
eliminate the inspection exemption for certain types of cargo, and 
recommended that this proposal be reconsidered.[Footnote 70] TSA 
officials stated that the proposed revisions to the inspection 
requirements are aimed at increasing the overall security of air cargo 
transported on all-cargo aircraft. According to TSA officials, the 
agency is still evaluating industry's comments to the proposed security 
programs, including those related to removing the inspection exemption 
for certain types of cargo transported on all-cargo carriers. TSA 
officials noted that the agency is also holding discussions with the 
air cargo industry to determine whether or not the current inspection 
exemptions leave the air cargo transportation system vulnerable to 
attack and what impact further revisions to the inspection exemptions 
would have on air carriers' operations.[Footnote 71] According to TSA 
officials, while ongoing discussions with industry are focused on the 
domestic air cargo transportation system, any decisions made as a 
result of these discussions could affect inbound air cargo. TSA 
officials added that while industry stakeholder concerns are 
considered, decisions regarding what requirements will be issued will 
be based on the agency's assessment of air cargo risks and security 
needs. 

TSA Developed a Program to Assess Passenger Air Carrier Compliance with 
Inbound Air Cargo Security Requirements, but This Program Could Be 
Strengthened by Developing an Inspection Plan That Includes Performance 
Goals and Measures: 

TSA currently inspects domestic and foreign passenger air carriers 
transporting cargo into the United States to assess their compliance 
with TSA inbound air cargo security requirements. The agency, however, 
does not perform compliance inspections of all air carriers 
transporting cargo into the United States.[Footnote 72] 

Between July 2003 and February 2006, TSA conducted about 1,000 
inspections of domestic and foreign passenger air carriers that 
included a review of air cargo security procedures.[Footnote 73] TSA's 
inbound air cargo security inspections differ from its domestic air 
cargo security inspections in that the agency does not have an 
inspection plan that focuses solely on air cargo security regulations. 
Instead, TSA inspectors evaluate inbound cargo security procedures as a 
part of its international aviation security inspection program, which 
also includes reviews of areas such as aircraft, passenger, and baggage 
security. TSA's five international field offices are responsible for 
scheduling and conducting the international air carrier 
inspections.[Footnote 74] TSA inspections may include areas of cargo 
security, such as cargo acceptance procedures, security testing and 
training, and ensuring that foreign air carriers implement a cargo 
security plan that is consistent with TSA standards. 

According to TSA records, inspectors have found instances where 
passenger air carriers were not complying with inbound air cargo 
security procedures. For example, TSA found that some passenger air 
carriers were accepting cargo from unknown shippers, not physically 
screening cargo in accordance with TSA regulations, and failing to 
search empty cargo holds on an aircraft to prevent unauthorized access 
prior to loading and unloading. If not corrected, these problems could 
create vulnerabilities in the security of inbound air cargo. For 
information on TSA's inspections conducted, including inspection 
results from July 2003 to February 2006, see appendix II. 

TSA has a domestic aviation security inspection plan that, among other 
things, describes how the agency will ensure that air carriers that use 
domestic airports are complying with TSA security requirements, 
including those that apply to passengers, baggage, and air cargo. 
However, TSA has not developed a similar inspection plan for 
international aviation security. As a result, there is no inspection 
plan that would establish performance goals and measures that provide a 
clear picture of the intended objectives and performance of its 
inspections of passenger and all-cargo carriers that transport cargo 
into the United States. The Government Performance and Results Act of 
1993 (GPRA), among other things, requires agencies to prepare an annual 
performance plan for their programs and directs executive agencies to 
articulate goals and strategies for achieving those goals.[Footnote 75] 
These plans should include performance goals and measures to determine 
the extent to which agencies are achieving their intended results. 
TSA's annual domestic inspection plan describes how the agency will 
ensure air carrier compliance with federal aviation security 
requirements, including those related to air cargo security. The 
domestic inspection plan includes goals, such as the number of air 
cargo inspections of air carriers each inspector is to conduct for the 
year. TSA officials stated that the agency applied risk management 
principles that considered threat factors, local security issues, and 
input from law enforcement to target key vulnerabilities and critical 
assets to develop its domestic inspection plan goals. According to TSA, 
its plan for conducting domestic cargo inspections also takes into 
account how to use the agency's limited inspection resources most 
effectively. 

Within the context of TSA's international inspections program, an 
inspection plan should describe the agency's approach for conducting 
compliance inspections of air carriers that transport cargo into the 
United States. This plan should include performance goals and measures 
to gauge air carriers' compliance with inbound air cargo security 
requirements. Developing such indicators is also recommended by our 
standards for internal control in order for agencies to compare and 
analyze actual performance data against established goals.[Footnote 76] 
For example, we reported that successful organizations try to link 
performance goals and measures to the organization's strategic goals 
and, to the extent possible, have performance goals that will show 
annual progress toward achieving their long-term strategic 
goals.[Footnote 77] With regard to TSA's inspection plan, a goal could 
be to ensure that passenger and all-cargo air carriers transporting 
cargo to the United States are meeting an acceptable level of 
compliance with air cargo security requirements. Another goal could be 
to assess all-cargo carriers transporting inbound air cargo within a 
specified time frame based on the identified risk posed by these 
carriers to the United States. In addition, we reported that a 
successful agency focuses its goals on the results it expects the 
program to achieve. For example, TSA could measure the achievement of a 
compliance inspection goal by establishing the number and type of 
inspections the agency wants to conduct, and determining appropriate 
measures to gauge air carrier compliance with air cargo security 
requirements. 

TSA officials stated that the agency uses its foreign airport 
assessment schedule as its plan for determining where it will conduct 
compliance inspections of passenger air carriers during each fiscal 
year. Officials added that they select passenger air carriers for 
inspection based on factors such as the results of previous 
inspections, when the air carrier was last inspected, and the 
availability of inspection resources. While TSA's schedule for 
completing airport assessment is an important step in focusing TSA's 
international compliance inspection efforts, this schedule does not 
include goals or measures for evaluating passenger carrier compliance 
with TSA's inbound air cargo security requirements. Further, the 
schedule does not include inspections of all-cargo carriers. Without an 
inspection plan, TSA may not be able to clearly show the relationship 
between its inspections efforts and its longer-term goals to secure 
inbound air cargo. Moreover, without establishing performance goals and 
measures, TSA is limited in its ability to assess the agency's 
performance and the performance of the air carriers it regulates 
against expected outcomes. While we understand that TSA has competing 
demands and must address numerous areas of aviation security with 
limited resources, developing a risk-based plan would help the agency 
better plan for and articulate how it intends to address inbound air 
cargo security inspections using its limited resources. Further, 
developing goals and measures to benchmark its performance would 
demonstrate the effectiveness of its inbound air cargo security efforts 
and help TSA determine the extent to which the inspections are 
contributing to the agency's overall aviation security goals and 
objectives. 

TSA Implemented a Risk-Based Scheduling System to Assess Certain 
Foreign Airports' Security Measures, but Not All Foreign Airports Have 
Been Assessed: 

TSA is authorized by U.S. law to assess the effectiveness of security 
measures maintained at foreign airports that serve U.S. air carriers or 
from which foreign air carriers serve the United States, or that pose a 
high risk of introducing danger to international air travel.[Footnote 
78] TSA staff located at five international field offices conduct these 
assessments. During an assessment, TSA inspectors are to evaluate the 
security policies and procedures in place at a foreign airport to 
determine whether procedures meet ICAO aviation security standards and 
recommended practices. TSA consults with foreign government officials 
to schedule these assessments. According to TSA officials, however, 
some foreign governments are sensitive to permitting the United States 
to come into their country and assess their airport security and may 
put conditions on the assessments, such as limiting the number of days 
that TSA has to conduct its assessments. TSA supplements its limited 
international inspection resources by using inspectors that are 
assigned to conduct aviation security inspections inside the United 
States to help international aviation security inspectors conduct 
foreign airport assessments. In October 2006, TSA implemented a risk- 
based methodology to prioritize which foreign airports to assess based 
on an analysis of the risk of an attack at an airport as determined by 
credible threat information, the vulnerability of the airport's 
security based on previous airport assessments, and the number of 
flights coming to the United States from a foreign airport.[Footnote 
79] TSA officials stated that this approach will allow the agency to 
focus its limited resources on airports that pose the most significant 
risk to the United States and aviation security.[Footnote 80] 

TSA officials stated that the agency has not performed assessments of 
all foreign airports with service to the United States, in part because 
of political sensitivities associated with foreign airport assessments 
and because limited international oversight resources may affect 
whether TSA assesses additional airports. Therefore, TSA cannot 
determine whether cargo transported from foreign airports at which it 
has not performed an airport assessment poses a security risk. 

CBP Has Begun Efforts to Address the Security of Inbound Air Cargo, but 
These Efforts Can Be Expanded: 

To prevent WMD and other elements of terrorism from unlawfully entering 
the United States, CBP uses its automated targeting system, referred to 
as ATS, and other information to identify cargo that may pose a 
relatively high security risk, so it can undergo inspection once the 
cargo arrives in the United States. In July 2006, CBP began using ATS 
to target inbound air cargo on passenger and all-cargo aircraft that 
may pose a security risk.[Footnote 81] As discussed previously, ATS 
uses weighted rules or criteria that assign a risk score to each 
arriving shipment based on a variety of factors. This includes the 
submission of cargo manifest information required by CBP either at an 
aircraft's time of departure for the United States or no later than 4 
hours prior to arrival, as specified in regulation.[Footnote 82] 
Inbound air cargo transported by passenger and all-cargo air carriers 
that is targeted for security reasons by ATS is inspected by CBP 
personnel stationed at airports in the United States.[Footnote 83] CBP 
officials stated that the extent to which a cargo shipment is inspected 
depends on the risk score it receives, as well as the type of commodity 
that is shipped.[Footnote 84] 

CBP's targeting policy describes the roles and responsibilities of CBP 
personnel involved in targeting air cargo transported on passenger and 
all-cargo air carriers that may pose a security risk and inspecting 
such cargo once it enters the United States.[Footnote 85] CBP's 
targeting policy also includes details on the risk scores given to 
shipments that require inspection by CBP personnel.[Footnote 86] The 
policy also describes what an inspection of high-risk air cargo should 
include, such as the use of X-rays; inspection with radiation detection 
technology, such as personal handheld radiation detectors; and physical 
inspection. CBP has also established performance goals related to its 
efforts to target and inspect air cargo transported into the United 
States on passenger and all-cargo aircraft. Specifically, these 
performance goals relate to (1) targeting, controlling, inspecting, and 
interdicting high-risk air cargo shipments that may pose a threat to 
the national security of the United States, including instruments of 
terror or any commodity with a link to terrorism, narcotics, and other 
contraband, and agriculture risks, and (2) the accountability and 
reconciliation of all identified high-risk air cargo shipments. To 
gauge its effectiveness of meeting these goals, CBP recently drafted 
performance measures in conjunction with its targeting policy. 
According to CBP, many of the measures are new and will first be tested 
at selected airports to assess their feasibility, utility, and 
relevancy. These performance measures include the number of shipments 
identified by CBP as having direct ties to terrorism, the number of 
shipments that have been identified for further examination based on an 
anomaly in a nonintrusive inspection, the number of shipments that CBP 
holds, and the type of inspection findings. CBP did not provide us with 
a time frame for when these performance measures would be fully 
implemented. 

Our previous reports identified challenges that CBP faced when 
targeting oceangoing cargo shipped in containers for 
inspection.[Footnote 87] Specifically, we reported that CBP did not 
have a comprehensive, integrated process for analyzing inspection 
results of oceangoing cargo and incorporating these results into its 
targeting system. We also identified limitations with the information 
CBP used to target oceangoing cargo, such as vague or incomplete cargo 
manifests. We concluded that without complete and accurate information 
on shipments, it was difficult for CBP's targeting system to accurately 
assess the risk of shipments and to conduct thorough targeting. We also 
found that CBP did not yet have a system in place to report sufficient 
details of the results of security inspections nationwide that could 
allow management to analyze those inspections and systematically adjust 
its targeting system. We noted that without a more comprehensive 
feedback system, the effectiveness of CBP's targeting system could be 
limited. CBP officials acknowledged that the problems identified with 
ATS's effectiveness in targeting oceangoing cargo would also apply to 
CBP's efforts to target inbound air cargo. For example, CBP uses cargo 
manifests as a data source to identify high-risk cargo shipments, but 
according to some air carrier representatives, the information 
contained in these manifests is not always complete or accurate. CBP's 
new effort to target and inspect inbound air cargo transported on 
passenger carriers that may pose a security risk provides CBP an 
opportunity to strengthen its targeting activities by addressing the 
issues with its targeting system that we previously identified. 

DHS's strategy for addressing the threat of nuclear and radiological 
terrorism includes deploying radiation detection equipment at U.S. 
ports of entry, including airports. CBP plans to deploy radiation 
portal monitors at international airports by September 2009 in order to 
inspect 100 percent of inbound cargo for radiation.[Footnote 88] We 
have previously reported that currently deployed radiation portal 
monitors have limitations and that CBP is behind schedule in deploying 
radiation portal monitors at U.S. ports of entry, including 
airports.[Footnote 89] Specifically, we reported that the portal 
monitors are limited by the type of radioactive materials they are able 
to detect and they cannot differentiate naturally occurring 
radiological material from radiological threat material. We also 
reported that meeting DHS's goal to deploy over 3,000 radiation portal 
monitors at U.S. ports of entry, including U.S. airports, by September 
2009 was unlikely. As of December 2005, CBP had deployed 57 radiation 
portal monitors at U.S. facilities that receive international mail and 
express consignment courier facilities in the United States, but had 
not yet deployed monitors at U.S. airports that receive inbound air 
cargo.[Footnote 90] CBP officials cited a lack of resources as the 
primary reason for not being able to purchase and deploy more monitors, 
including those at U.S. international airports. Until CBP fully deploys 
radiation portal monitors at international airports that receive 
inbound air cargo, CBP's efforts to effectively inspect air cargo once 
it enters into the United States for radiological weapons or the 
materials to build such a weapon may be limited. 

Another effort CBP has under way to secure the security of inbound air 
cargo is the voluntary C-TPAT program. This program is aimed at 
strengthening the international supply chain and U.S. border security. 
In exchange for implementing security policies and procedures, such as 
pre-employment screening, periodic background reviews, and employee 
training on security awareness and procedures, CBP provides C-TPAT 
participants, including foreign and domestic air carriers, with a 
reduced likelihood that their cargo will be inspected once it arrives 
in the United States. According to CBP, while there are more than 6,000 
participants in the C-TPAT program, as of June 2006, only 31 of the 
approximately 200 foreign and domestic air carriers that transport 
cargo into the United States, and only 52 of the potentially thousands 
of freight forwarders that consolidate cargo departing by air for the 
United States, are participating in the program. 

Some foreign air carriers and foreign freight forwarders we spoke with 
stated that although CBP has made them aware of C-TPAT benefits, they 
have not applied for program membership because they do not see the 
value of participating in C-TPAT. Specifically, these air carriers and 
freight forwarders noted that participation in C-TPAT does not ensure 
quicker delivery times of their shipments and therefore does not 
benefit them. According to CBP officials, while C-TPAT offers 
participants a wide range of benefits, such as a reduced number of 
inspections and priority processing for inspections, CBP cannot compel 
air carriers to participate in the program because the C-TPAT program 
is voluntary. CBP has, however, identified expanding the number C-TPAT 
participants, including air carriers, as one of its objectives in CBP's 
fiscal years 2007-2011 Strategic Plan for Securing America's Borders at 
Ports of Entry. 

At present, the requirements to become a member of C-TPAT are more 
broadly written for air carriers and freight forwarders than they are 
for importers, sea carriers, and highway carriers because CBP has not 
yet finalized specific security criteria for air carriers and freight 
forwarders participating in the program. According to CBP officials, 
they have drafted specific security criteria for air carriers. However, 
the finalization of the air carrier criteria has been placed on hold, 
as CBP is in the process of conducting a comprehensive review of its 
current air cargo strategy, including how CBP will incorporate C-TPAT. 

DHS Is in the Early Stages of Testing Technologies to Strengthen Air 
Cargo Security: 

DHS has taken some steps to incorporate new technologies into 
strengthening the security of air cargo, which will affect both 
domestic and inbound air cargo. However, TSA and DHS's Science and 
Technology (S&T) Directorate are in the early stages of evaluating 
available aviation security technologies to determine their 
applicability to the domestic air cargo environment. TSA and S&T are 
seeking to identify and develop technologies that can effectively 
inspect and secure air cargo with minimal impact on the flow of 
commerce. DHS officials added that once the department has determined 
which technologies it will approve for use on domestic air cargo, they 
will consider the use of these technologies for enhancing the security 
of inbound air cargo shipments. According to TSA officials, there is no 
single technology capable of efficiently and effectively inspecting all 
types of air cargo for the full range of potential terrorist threats, 
including explosives and WMDs. As such, TSA, together with S&T, is 
conducting a number of pilot programs that are testing a variety of 
different technologies that may be used separately or in combination to 
inspect and secure air cargo. These pilot programs seek to enhance the 
security of air cargo by improving the effectiveness of air cargo 
inspections through increased detection rates and reduced false alarm 
rates, while addressing the two primary threats to air cargo identified 
by TSA--hijackers on an all-cargo aircraft and explosives on passenger 
aircraft.[Footnote 91] 

DHS's pilot programs are testing a number of currently employed 
technologies used in other areas of aviation and transportation 
security, as well as new technologies. These pilot programs include: 

* an air cargo explosives detection pilot program implemented at three 
airports, testing the use of explosive detection systems, explosive 
trace detectors, standard X-ray machines, canine teams, technologies 
that can locate a stowaway through detection of a heartbeat or 
increased carbon dioxide levels in cargo, and manual inspections of air 
cargo;[Footnote 92] 

* an explosive detection system (EDS) pilot program, which is testing 
the use of computer-aided tomography to compare the densities of 
objects to locate explosives in air cargo and to determine the long- 
term feasibility of using EDS equipment as a total screening process 
for break bulk air cargo;[Footnote 93] 

* an air cargo security seals pilot, which is exploring the viability 
of potential security countermeasures, such as tamper-evident security 
seals, for use with certain classifications of exempt cargo; 

* the use of hardened unit loading devices, which are containers made 
of blast-resistant materials that could withstand an explosion on board 
the aircraft; and: 

* the use of pulsed fast neutron analysis (PFNA) which allows for the 
identification of the chemical signatures of contraband, explosives, 
and other threat objects (see appendix V for more detailed information 
on DHS's and TSA's air cargo security pilot tests). 

TSA anticipates completing its pilot tests by 2008, but has not yet 
established time frames for when it might implement these methods or 
technologies for the inbound air cargo system. As noted, some of the 
technologies being pilot-tested are currently employed or certified for 
use in other areas of aviation security, to include air cargo. 
According to DHS and TSA officials, further testing and analysis will 
be necessary to make determinations about the capabilities and costs of 
these technologies when employed for inspecting inbound air cargo at 
foreign locations. 

TSA and CBP Have Taken Some Steps to Coordinate Efforts Related to 
Inbound Air Cargo Security, but Do Not Have Processes in Place to 
Communicate Important Information: 

Pursuant to Homeland Security Presidential Directive 7, TSA is 
responsible for coordinating with relevant federal agencies, such as 
CBP, to secure the nation's transportation sector, including the air 
cargo system.[Footnote 94] TSA and CBP have taken a number of steps to 
coordinate their respective efforts to safeguard air cargo transported 
into the United States. For example, CBP shared its experience in 
targeting international cargo shipments with TSA to help the agency 
develop a system to target elevated-risk domestic air cargo shipments 
for inspection.[Footnote 95] Moreover, in 2003, interagency working 
groups were established to share information on TSA's technology 
development programs and CBP's air cargo targeting activities, among 
other things. In addition, TSA and CBP officials at the three U.S. 
airports we visited told us that both agencies discuss aviation 
security issues, including inbound air cargo, during weekly or monthly 
meetings with airport representatives and other aviation industry 
stakeholders. These officials also stated that TSA and CBP staff 
located at U.S. airports participate in operational planning and 
compliance inspection activities, and that these task forces and 
inspection activities may include inbound air cargo security issues. 

While these collaborative efforts are important, the two agencies do 
not have a systematic process in place to ensure that they are 
communicating information on air cargo security programs and 
requirements, such as the results of compliance oversight and targeting 
activities that could be used to enhance the security of inbound air 
cargo. Both collect information that each other could use. For example, 
if TSA's compliance inspection results indicated that certain air 
carriers were in violation of TSA air cargo inspection requirements, 
CBP could use this information to assess the risk of inbound air cargo 
shipments from these particular air carriers. Moreover, if air carrier 
inspections revealed routine problems with certain types of shipments 
or certain shippers, CBP could use this information to apply greater 
scrutiny to those types of shipments or shippers. Likewise, if TSA's 
foreign airport assessments identify airports that are not meeting 
international security standards, CBP could use this information to 
improve its inbound air cargo targeting efforts. TSA also requires air 
carriers transporting cargo into the United States to randomly inspect 
a certain percentage of inbound cargo and compile information on these 
inspections. These inspection results could indicate which shipments 
were inspected, the outcome of those inspections, and the location at 
which the inspections took place. Similarly, CBP collects information 
that could be useful to TSA's efforts to secure inbound air cargo. For 
example, information gathered from CBP's inbound air cargo targeting 
and inspection activities could be used by TSA to help focus its 
compliance oversight efforts on those air carriers whose shipments have 
been identified by CBP as posing an elevated security risk. In 
addition, the results of CBP officers' inspection of inbound air cargo 
could be used by TSA to make risk-based decisions regarding the types 
of cargo air carriers should be required to inspect, based on its 
contents and points of origin, prior to its departure to the United 
States. 

Without a systematic process to communicate relevant air cargo security 
information, TSA and CBP are limited in their ability to most 
effectively secure inbound air cargo. TSA and CBP officials agreed that 
a process to improve information sharing could provide opportunities 
for enhancing their respective efforts to secure inbound air cargo. 
Specifically, CBP officials stated that information on the results of 
TSA's compliance inspections of air carriers and assessments of foreign 
airport security, as well as the results of air carrier inspections of 
air cargo prior to its transport to the United States, could 
potentially help CBP in targeting high-risk inbound air cargo shipments 
for inspection upon its arrival in the United States. TSA officials 
also stated that having access to the results of CBP's inbound air 
cargo targeting and inspection activities could be used to potentially 
strengthen existing TSA air cargo security requirements. Although both 
agencies agree that sharing relevant air cargo information could help 
to more effectively secure inbound air cargo, neither TSA or CBP has 
plans to establish a process to share information on the other's air 
cargo security programs and requirements and the results of compliance 
oversight and targeting activities that could be used to enhance the 
security of inbound air cargo. 

Foreign Air Cargo Security Practices and International Harmonization 
Efforts Have Potential to Enhance Air Cargo Security, but May Be 
Challenging to Implement: 

While some of the security practices employed by foreign governments 
that regulate airports with high volumes of cargo and domestic and 
foreign air carriers that transport large volumes of cargo are similar 
to those required by TSA, we identified some security practices that 
are currently not used by TSA that could have potential for 
strengthening the security of inbound and domestic air cargo supply 
chains.[Footnote 96] Although TSA has initiated a review of select 
countries' air cargo security practices, the agency has not 
systematically compiled and analyzed information on actions taken by 
foreign countries and foreign and domestic air carriers to determine 
whether the benefits that these practices could potentially have in 
strengthening the security of the U.S. and inbound air cargo supply 
chain are worth the cost. In addition, DHS has begun working with 
foreign governments to develop uniform air cargo security standards and 
to mutually recognize each other's security standards, referred to as 
harmonization. However, challenges to harmonizing security practices 
may limit the overall impact of TSA's efforts. 

Foreign Governments and Air Cargo Industry Stakeholders Have Taken Some 
Actions That Might Provide Opportunities to Strengthen U.S. Domestic 
and Inbound Air Cargo Security, but TSA Has Not Systematically Compiled 
and Analyzed This Information: 

TSA, foreign governments, and foreign and domestic industry 
stakeholders employ some similar air cargo security practices, such as 
inspecting a specific percentage of air cargo or the use of specific 
technologies to inspect air cargo. However, 18 of the 22 industry 
stakeholders and 9 of the 11 countries we compiled information on 
reported that they have implemented security practices that differ in 
some way from those required by TSA to ensure the security of air cargo 
they transport both within their own countries and into the United 
States. Some of these practices could potentially be used to mitigate 
terrorist threats and strengthen TSA efforts to secure inbound air 
cargo when employed in conjunction with current TSA security practices. 
While we observed a range of security practices used by foreign 
countries, we identified four categories of security practices 
implemented by foreign governments and foreign and domestic air 
carriers that could potentially enhance the agencies' efforts to secure 
air cargo. These practices include (1) the use of air cargo inspection 
technologies and methods, (2) the percentage of air cargo inspected, 
(3) physical security and access control methods for air cargo 
facilities, and (4) procedures for validating known shippers.[Footnote 
97] We focused on these practices based on input from air cargo 
industry stakeholders. We did not compare the effectiveness or cost of 
foreign practices with current TSA requirements and practices. Rather, 
we determined whether the use of these security practices differed from 
existing TSA efforts to secure domestic and inbound air cargo and could 
have the potential to augment the department's current efforts to 
secure domestic and inbound air cargo. For additional information on 
actions taken by domestic and foreign air carriers with operations 
overseas and air cargo industry stakeholders to secure air cargo, see 
the table in appendix VI. Additional information about the actions 
taken by foreign governments to secure air cargo is included in the 
table in appendix VII. 

Air Cargo Inspection Technologies and Methods: 

Three of the 17 air carriers and 1 of the 7 countries we visited 
require the use of large X-ray machines to inspect entire pallets of 
cargo transported on passenger aircraft.[Footnote 98] These machines 
allow for cargo on pallets to undergo X-ray inspection without 
requiring the pallet to be broken down and reconfigured. Government 
officials from the country that uses large X-ray machines stated that 
this technology allows for the expedited inspection of high volumes of 
large cargo items, without impeding the flow of commerce. CBP also uses 
this technology to inspect inbound air cargo once it enters the United 
States. While DHS's S&T and TSA have recently begun to research large X-
ray technology, TSA officials stated that the agency has not 
established time frames for developing and testing X-ray technology 
capable of inspecting large pallets of cargo transported domestically 
or at a foreign location prior to its transport to the United States. 
Without further consideration of the use of large X-ray technology, 
which may have been enhanced over the past 8 years, TSA may be limited 
in its ability to make such determinations regarding its effectiveness 
in the post-September 11 air cargo environment. 

In addition, three domestic all-cargo carriers with operations overseas 
have independently chosen to employ radiation detection technologies to 
inspect air cargo for potential WMD and other radiological items prior 
to the cargo being transported on an all-cargo aircraft. Specifically, 
one all-cargo air carrier determined that the introduction of a WMD 
onto aircraft poses a significant threat. As a result, this carrier 
inspects cargo shipments using radiation detection portals and handheld 
radiation detectors. According to TSA officials, the agency does not 
currently require air carriers to conduct inspections of air cargo to 
detect WMD prior to its transport into the United States because the 
agency considers mitigating the threat of WMD to be the responsibility 
of CBP. 

Further, two European countries are currently using canines in a 
different manner than TSA to inspect air cargo for explosives. 
Specifically, these countries are using the Remote Air Sampling for 
Canine Olfaction (RASCO) technique, which involves the use of highly 
trained dogs to sniff air samples collected from air cargo or trucks 
through a specially designed filter. The dogs sniff a series of air 
samples to determine whether or not there is a trace of explosives and 
indicate a positive detection by sitting beside the sample. According 
to foreign government officials representing two of the countries that 
use this technique, tests to determine the effectiveness of this 
practice have shown that RASCO has a very high rate of effectiveness in 
detecting traces of explosives in cargo. According to foreign 
government officials, this inspection method can be used on cargo that 
is difficult to inspect using other methods, due to size, density, or 
clutter, and does not require the breakdown of large cargo pallets. 
Further, officials stated that the dogs used in RASCO do not tire as 
easily as dogs involved in searching cargo warehouses, and can 
therefore be used for a longer period of time.[Footnote 99] Both TSA 
and CBP have certified canine teams for use in detecting explosives in 
baggage and currently use dogs for air cargo inspection. These canine 
teams are currently used to search narrow and wide-body aircraft, 
vehicles, terminals, warehouses, and luggage in the airport 
environment. According to TSA officials, while the results of previous 
agency tests of RASCO raised questions about its effectiveness, they 
continue to work with their international counterparts to obtain 
information on the feasibility of using RASCO to inspect air cargo. TSA 
officials stated that the agency has not yet determined whether RASCO 
is sufficiently effective at finding explosive in quantities that could 
cause catastrophic damage to an aircraft and whether this technique 
will be approved for use in the United States. 

Percentage of Air Cargo Inspected: 

The majority of the countries we visited and the majority of air 
carriers we spoke with have taken several actions to increase the 
percentage of air cargo that is inspected as well as using threat 
information to target certain cargo for inspection prior to transport. 
For example, 6 of the 17 foreign and domestic air carriers we met with 
are either required by their host government or have independently 
chosen to inspect a higher percentage of air cargo shipments, with X- 
ray technology or other inspection methods, than is currently required 
by TSA.[Footnote 100] Air carrier officials stated that the decision to 
inspect a higher percentage of air cargo is based on several 
considerations, including concerns about the terrorist threat to 
passenger aircraft, as well as concerns regarding the security of the 
air cargo supply chain in their host country. In addition, in 4 of the 
7 countries we visited, air cargo inspections are conducted earlier in 
the supply chain prior to the cargo's consolidation and delivery to 
airports. Specifically, the governments in these 4 countries permit 
inspections to be conducted by regulated agents who meet certain 
government requirements, such as maintaining an approved security 
program.[Footnote 101] Foreign government officials we spoke with 
stated that this practice contributed to the security of air cargo 
because it increased the total amount of cargo inspected and 
facilitated the inspection of cargo earlier in the supply chain. 
Finally, the majority of air carriers we spoke with have independently 
chosen to use available threat information to determine how much 
scrutiny and what methods to apply to certain cargo prior to its 
transport on aircraft. Specifically, 9 of the 17 passenger and all- 
cargo air carriers we interviewed target their air cargo inspection 
efforts based on analyses of available threat information, among other 
factors that could affect air cargo security. 

TSA recently increased the amount of cargo air carriers are required to 
inspect and initiated efforts to require freight forwarders to inspect 
domestic air cargo earlier in the supply chain. The agency, however, 
has not evaluated the procedures foreign countries and air carriers use 
to inspect a higher percentage of air cargo without affecting the flow 
of commerce to determine whether the cost of using these procedures 
would be worth the potential benefits of enhanced security. Moreover, 
unlike the majority of foreign and domestic air carriers we 
interviewed, TSA does not adjust the percentage of air cargo air 
carriers are required to inspect based on threat information related to 
specific locations. While TSA requires passenger air carriers to 
implement additional security requirements for inspecting checked 
baggage and passengers for flights departing from high-risk locations, 
the agency has not implemented additional requirements for air cargo 
departing from these same locations. Agency officials stated that new 
air cargo security requirements, contained in the agency's air cargo 
security rule, are adequate to safeguard all air cargo transported into 
the United States, including cargo transported from high-risk 
locations. TSA officials added that the agency would consider 
implementing additional air cargo security requirements for high-risk 
locations if intelligence information became available that identified 
air cargo transported from these locations as posing a high risk to the 
United States. CBP, however, currently considers information on high- 
risk locations to identify cargo that should undergo inspection upon 
its arrival in the United States. In October 2006, TSA issued an 
emergency amendment requiring indirect air carriers, under certain 
conditions, to inspect a certain percentage of air cargo prior to its 
consolidation. While TSA's efforts to require freight forwarders to 
inspect domestic air cargo earlier in the supply chain have the 
potential for enhancing domestic air cargo security, we have previously 
identified problems with TSA's oversight of freight forwarders to 
ensure they are complying with air cargo security regulations.[Footnote 
102] 

Physical Security and Access Controls for Air Cargo Facilities: 

In addition to inspecting air cargo prior to its transport on aircraft, 
we identified additional security practices implemented by air carriers 
and foreign governments to physically secure air cargo and air cargo 
facilities. For example, two foreign governments require that all air 
cargo be stored in a secured terminal facility located within a 
restricted area of the airport to prohibit tampering to the cargo prior 
to its loading onto an aircraft. At some airports with restricted 
areas, individuals accessing these areas must first undergo physical 
screening through the use of walk-through metal detectors or biometric 
identification systems. For instance, one all-cargo air carrier uses a 
biometric hand-scanning identification system to grant employees access 
to air cargo storage facilities. In addition, 10 of the 17 air carriers 
we interviewed are subject to audits of the access controls at air 
cargo facilities to assess security vulnerabilities at such a facility. 
If the test results in a breach of security, all cargo contained within 
the breached facility must be inspected before it is permitted to be 
loaded onto a passenger or all-cargo aircraft. TSA acknowledged the 
importance of enhancing the security of air cargo and air cargo 
facilities, and included provisions in the agency's air cargo security 
rule for applying or expanding the secure identification display area 
(SIDA) requirements at U.S. airports to include areas where cargo is 
loaded and unloaded.[Footnote 103] However, TSA has no plans to require 
additional air cargo access control measures. 

Procedures for Validating Known Shippers: 

Two of the 7 countries we visited employ stringent programs for 
validating known shippers that differ from the program used in the 
United States. For example, 1 country we visited requires its known 
shippers or those shippers that have met certain criteria and have an 
established shipping history, referred to as known consignors in the 
country, to be validated by government-approved contractors. Prior to 
implementing this requirement, the country's consignor program allowed 
regulated agents and airlines to assess and validate their own 
consignors with whom they did business. However, according to 
government officials, the previous program was ineffective because it 
allowed for breaches in the security of the air cargo supply chain, 
such as the implementation of weak security programs by shippers and 
conflicts of interest among air carriers and their customers.[Footnote 
104] We previously reported on the limitations of TSA's current known 
shipper program, such as the relative ease of TSA's requirements for 
becoming a known shipper.[Footnote 105] Under this foreign country's 
new program, validations of known consignors are conducted by 
independent third parties that have been selected, trained, and 
accredited by the government. The government maintains the authority to 
remove a validator from an approved list, accompany a validator on a 
site visit, or conduct unscheduled spot visits to known consignor 
sites. 

To become known in this particular country, the consignor can choose 
from a list of over 100 validators to schedule a validation inspection. 
The validation process is conducted using a checklist of security 
requirements that includes the physical security measures in place at 
the site, staff recruitment, personnel background checking and security 
checks, access control to the site, air cargo packing procedures, and 
storage of secure cargo, among other things.[Footnote 106] After the 
initial validation inspection, consignors must be reassessed every 12 
months to retain their known status. During the first round of 
assessments conducted, 70 percent of existing known customers failed to 
become known consignors because of the stricter security requirements 
in place under the new scheme. Since the new validation program 
requires program participants to implement stricter security practices 
for securing air cargo before it is delivered to the air carrier, it 
helps to ensure that cargo coming from known consignors has been 
adequately safeguarded. 

While TSA's air cargo security rule contains provisions for enhancing 
the agency's known shipper program, such as making air carrier and 
indirect air carrier participation in the agency's centralized database 
mandatory, it did not modify TSA's current process for validating known 
shippers, which remains the responsibility of indirect air carriers and 
air carriers.[Footnote 107] Accordingly, passenger, all-cargo, and 
indirect air carriers will continue to be responsible for entering 
shipper information into TSA's central known shipper database, which 
may allow for potential conflicts of interest because air carriers who 
conduct business with shippers will also continue to have the authority 
to validate these same shipping customers. TSA officials stated that 
the agency will continue to rely on its mandatory centralized known 
shipper database that allows air carriers and indirect air carriers to 
validate shippers as known until it develops a system that would enable 
TSA to validate known shippers. According to TSA officials, however, 
the agency is not considering implementing a program that relies on an 
independent third party to validate shippers because high 
administrative costs, combined with the large number of shippers 
located within the United States, may make it difficult to implement a 
third-party validation program. Foreign government officials stated 
that using third parties to validate shippers has enhanced the 
countries' air cargo security by reducing the number of shippers that 
are considered known and by introducing more security controls at an 
earlier point in the supply chain. Although the implementation of a 
third-party validation program may be challenging in the United States, 
without further analysis of such a program, TSA may be missing an 
opportunity to determine the extent to which all or parts of a similar 
scheme could be incorporated into the agency's current air cargo 
security practices. 

TSA Is Exploring the Applicability of Some Foreign Air Cargo Security 
Practices to the United States, but the Agency Has Not Systematically 
Compiled and Analyzed These Practices to Assess Their Viability: 

We previously reported that in order to identify innovative security 
practices that could help further mitigate terrorism-related risk to 
transportation sector assets--especially as part of a broader risk 
management approach discussed earlier--it is important to assess the 
feasibility as well as the costs and benefits of implementing security 
practices currently used by foreign countries.[Footnote 108] However, 
DHS has not taken systematic steps to compile or analyze information 
that could contribute to the security of both domestic and inbound air 
cargo. In response to a recommendation made by DHS's Science and 
Technology Directorate, TSA has taken initial steps to learn more about 
foreign air cargo security technologies and practices that could be 
applied in the United States.[Footnote 109] For example, according to 
TSA officials, the agency collects information on the security measures 
implemented by countries from which air carriers transport air cargo 
into the United States. In addition, the United States has agreements 
with several countries that allow TSA to visit and compile information 
on their aviation security efforts, including those related to air 
cargo. Likewise, officials from these countries are allowed to visit 
the United States to learn about DHS's aviation security measures. 

TSA officials acknowledge that further examination of how foreign air 
cargo security practices may be applied in the United States could 
yield opportunities to strengthen the department's overall air cargo 
security program. While TSA has obtained some information on foreign 
air cargo security efforts, TSA officials acknowledged that the agency 
has not systematically compiled and analyzed information on foreign air 
cargo security practices to determine those, if any, that could be used 
to strengthen the agency's efforts to secure air cargo. TSA officials 
stated that while some foreign air cargo security practices may hold 
promise for use in the United States, the agency and the air cargo 
industry face challenges in implementing some of these practices 
because the U.S. air cargo transportation system involves multiple 
stakeholders and is responsible for transporting large amounts of cargo 
on both passenger and all-cargo aircraft. While large amounts of air 
cargo are transported to and from U.S. airports on a daily basis, we 
identified air cargo security practices implemented at foreign airports 
that also process large volumes of air cargo shipments that may have 
application to securing domestic and inbound air cargo operations. For 
example, we observed the security practices at 8 foreign airports, 4 of 
which rank among the world's 10 busiest cargo airports. In addition, 
some of the security practices we identified are being implemented by 
air carriers that transport large volumes of air cargo. Specifically, 
we spoke with air carrier officials representing 7 of the world's 10 
largest air cargo carriers. 

DHS Is Working with Foreign Governments and Air Cargo Stakeholders to 
Harmonize Air Cargo Security Efforts, but Inherent Challenges May 
Affect Their Progress: 

In addition to taking initial steps to collect information on foreign 
air cargo security practices, DHS has also begun efforts to work with 
foreign governments to develop uniform air cargo security standards and 
to mutually recognize each other's air cargo security practices-- 
referred to as harmonization. Harmonization has security as well as 
efficiency benefits, including better use of resources and more 
effective information sharing. However, working with foreign 
governments to achieve harmonization may be challenging because these 
efforts are voluntary. Additionally, many countries around the world 
may lack the resources or infrastructure needed to develop an air cargo 
security program as developed as that of the United States. 

TSA and CBP Are Working with Foreign Governments to Develop Uniform 
Standards: 

One way TSA is working with foreign governments is by collaborating on 
the drafting of international air cargo security standards. For 
example, according to TSA officials, agency representatives worked with 
foreign counterparts to develop Amendment 11 to ICAO's Annex 17, issued 
in June 2006, which sets forth new standards and recommended practices 
related to air cargo security. In addition, TSA is working with the 
European Union to develop a database containing information on shippers 
and freight forwarders that will be shared between the United States 
and European Union member states. As of January 2007, TSA was 
negotiating with the European Union on (1) how information in the 
databases will be shared, (2) what information will be shared, and (3) 
how the shared information will be used by each entity. Currently, the 
European Union database can transmit data to the TSA system as part of 
the development and testing of the European Union system. However, 
TSA's system will not be able to transmit data to the European Union's 
database until TSA's new known shipper and indirect air carrier 
databases are online, which TSA expects to occur sometime in late 2007. 

CBP has also engaged in efforts to develop uniform air cargo security 
standards with select foreign countries. Specifically, CBP undertook a 
study with the Canadian Border Services Agency (CBSA) to identify 
similar air cargo security practices being carried out by CBP and CBSA 
and areas in need of improvement. The study made recommendations to 
enhance both agencies' efforts to secure air cargo that included 
specific steps the agencies can take to harmonize security measures. 
For example, the study recommended that CBP and CBSA explore 
harmonizing air cargo targeting and inspection protocols, including the 
use of detection technology. The study also recommended that the two 
agencies share knowledge of emerging technologies. CBP's fiscal years 
2007-2011 Strategic Plan for Securing the Nation's Borders at Ports of 
Entry recognizes the need to partner with foreign governments to share 
relevant information in an effort to improve cargo security, including 
cargo transported by air. 

According to foreign government and international air cargo industry 
representatives, the development of uniform air cargo security 
requirements and measures could provide security benefits by 
eliminating ineffective requirements and practices and focusing on 
automated or nonintrusive inspection technologies that could be 
universally employed to reduce the potential for human error. The cargo 
security mission of the International Air Transport Association, 
according to the association's cargo security strategy 2006/2007, is to 
simplify cargo security by developing an integrated approach that 
involves all key supply chain stakeholder groups, and which is 
proportionate to the threat, effective, harmonized, and sustainable. 
The World Customs Organization's Framework of Standards to Secure and 
Facilitate Global Trade has also called for aviation and customs 
security requirements to be harmonized into one integrated solution, to 
the extent possible. 

Foreign air carrier officials we spoke with also stated that developing 
uniform air cargo security standards related to performing background 
checks on air cargo workers, training air cargo workers, and 
controlling access to air cargo facilities would increase security 
levels in these areas. These officials added that uniform air cargo 
security requirements could facilitate industry compliance with 
security requirements. Further, foreign air carrier representatives and 
foreign government officials discussed the need to harmonize the terms 
used in the air cargo environment. For example, TSA uses the term 
"indirect air carriers" when referring to certified freight forwarders, 
whereas most other countries refer to these entities as "regulated 
agents." In addition, TSA uses the term "known shipper" to refer to 
certified shippers, while most other nations use the term "known 
consignor" when referring to these same entities. Harmonized 
terminology would provide air cargo industry stakeholders clarification 
on which security requirements apply to them. 

Foreign and U.S. air cargo industry representatives and foreign 
government officials added that there is currently too much variation 
among countries regarding what type of air cargo must be inspected, 
what types of cargo are exempt from inspection, which entities should 
conduct the inspections, and what methods or technologies should be 
used to inspect air cargo. These representatives and officials stated 
that a harmonized inspection process would reduce duplicative efforts 
to inspect cargo shipments in order to meet different countries' 
security requirements. According to industry officials, having to 
implement duplicative security requirements, particularly those related 
to air cargo inspections, can impede the flow of commerce, expose air 
cargo shipments to theft, and damage high-value items. For example, 
representatives from a U.S. air carrier stated that in one Asian 
country, government employees inspect 100 percent of outbound air cargo 
transported on a passenger air carrier. However, to meet U.S. 
requirements, TSA requires passenger air carriers transporting air 
cargo into the United States to inspect a certain percentage of 
nonexempt cargo shipments, which would have already been inspected by 
the foreign government. Air carrier representatives stated that meeting 
TSA inspection requirements is problematic in certain foreign countries 
because air carriers are not permitted to re-inspect air cargo 
shipments that have already been inspected by foreign government 
employees and deemed secure. These conflicts and duplication of effort 
could be avoided through mutually acceptable uniform air cargo security 
standards developed jointly between the United States and foreign 
countries. However, we recognize that because foreign countries' 
requirements are so varied, and the threats to certain foreign airports 
are less than to others, TSA would have to consider accepting other 
countries' inspection requirements on a case-by-case basis to determine 
the viability of such an option. According to TSA officials, developing 
stronger uniform international standards would improve the security of 
inbound air cargo and assist TSA in performing its mission. For 
example, TSA officials stated that the harmonization of air cargo 
security standards would provide a level of security to those entities 
not currently regulated by the agency, such as foreign freight 
forwarders and shippers. 

TSA and CBP Are Partnering with Foreign Governments to Begin Mutual 
Recognition of Air Cargo Security Requirements: 

TSA has taken additional steps to begin mutual recognition of foreign 
air cargo security requirements in an effort to enhance the security of 
inbound air cargo. For example, TSA officials stated that the agency 
approved amendments to air carriers' security programs in November 2001 
permitting those carriers operating out of the United Kingdom, France, 
Switzerland, Israel, and Australia to implement the air cargo security 
requirements of these foreign countries, in lieu of TSA's. TSA 
officials stated that these five countries were selected based on 
agency officials' recommendations and a review of the countries' 
security programs to determine if country requirements and practices 
met or exceeded TSA requirements.[Footnote 110] In contrast, those air 
carriers operating out of a foreign country other than the five 
previously identified must implement their host government's 
requirements in addition to TSA's. Officials added that in order for 
these countries' air cargo security programs to remain recognized by 
TSA, they must have met or exceeded TSA's air cargo security 
requirements, including new requirements set forth in the air cargo 
security rule. TSA officials further stated that they do not currently 
have plans to review other countries' air cargo security measures and 
that such reviews would be predicated on a host countries' request. 

In addition, air carriers may seek TSA's approval of amendments to 
their security programs that would enable the air carrier to implement 
alternative air cargo security measures that satisfy TSA's minimum 
security requirements while maintaining compliance with the security 
requirements of the host government. According to TSA officials, the 
agency will approve these alternative measures as long as TSA deems 
that they meet ICAO's standards and TSA's minimum requirements. For 
example, officials noted that some foreign governments allow cargo from 
unknown shippers to be transported on passenger aircraft after that 
cargo is inspected. Although this measure differs from the requirements 
in place in the United States that do not permit cargo from unknown 
shippers to be transported on passenger aircraft, TSA officials stated 
that the ICAO standards are being met and air carriers operating out of 
such countries are permitted to transport cargo into the United States. 

Foreign government officials, embassy officials, and foreign industry 
members with whom we met also stated that to lessen the burden on 
airports and air carriers, TSA should consider accepting the results of 
ICAO or European assessments of airports with passenger air carrier 
service to the United States, and air carrier compliance inspections 
conducted by the European Union in lieu of conducting their own 
assessments and inspections. According to foreign government officials, 
in addition to TSA air carrier inspections and foreign airport 
assessments, air carriers located at foreign locations and airports 
around the world are subject to inspections by ICAO, as well as their 
host country. The European Union has also recently begun to conduct its 
own assessments of the security of airports located within its member 
states. Officials from one country told us that TSA should consider 
accepting the results of European Union assessments in light of the 
progress the European Union has made in developing its oversight 
program. 

Foreign government officials also expressed concern over TSA's 
inspections of foreign air carriers, saying that TSA lacks the 
authority under host government or international laws to assess foreign 
air carriers' compliance with TSA's security requirements that exceed 
ICAO's standards. Notwithstanding this view, TSA is authorized under 
U.S. law to ensure that all air carriers, foreign and domestic, 
operating to, from, or within the United States maintain the security 
measures included in their TSA-approved security programs and any 
applicable security directives or emergency amendments issued by 
TSA.[Footnote 111] Although TSA security requirements support the ICAO 
standards and recommended practices, TSA may subject air carriers 
operating to, from, or within the United States to any requirements 
necessary and assess compliance with such requirements, as the 
interests of aviation and national security dictate.[Footnote 112] 

TSA officials acknowledged that they have discussed the possibility of 
using European Union airport assessment results to either prioritize 
the frequency of TSA's assessments or to conduct more focused TSA 
assessments at European Union airports. According to TSA officials, the 
agency may also be able to use host government or third-party 
assessments to determine the aviation security measures to focus on 
during TSA's own airport assessments in foreign countries. TSA is also 
considering reducing the number of assessments conducted at airports 
that are known to have effective security measures in place and focus 
inspector resources on airports that are known to have less effective 
security measures in place. In addition, TSA is considering having a 
TSA inspector shadow a European Union inspection team for 1 or 2 days 
to validate the results of European Union assessments. Another option 
would be for TSA and the European Union to leverage their resources by 
conducting joint airport assessments. According to a European Union 
official, however, member states recently met to discuss sharing 
European Union assessment results with TSA. Specifically, member states 
determined that until the European Union and TSA agree on how they will 
share sensitive security information with each other and how they will 
conduct joint assessments of each other's airports, that at this time 
they will not share the results of European Union airport assessments 
with TSA. The European Union official further stated that member states 
will not share their European Union airport assessment results with TSA 
unless TSA reciprocates. The official added that member states may 
share the results of airport assessments conducted by their own 
internal auditing entities with TSA, but it would be illegal for member 
states to share their European Union assessment results with TSA. 

TSA is also working closely with the European Union to develop mutually 
acceptable air cargo security measures. For example, in March 2005 a 
bilateral meeting on air cargo security was held between the European 
Union and the United States. An objective of this meeting was to share 
information on the air cargo security policies being developed by both, 
which, in turn, may encourage mutual acceptance. The development of the 
European Union/United States joint air cargo database was a focus of 
this meeting. The meeting also provided the European Union an 
opportunity to comment on TSA's notice of proposed rule making on air 
cargo security before the rule was finalized. 

Challenges to DHS's Harmonization Efforts May Affect Progress: 

Despite DHS's efforts to harmonize international air cargo security 
practices, a number of key obstacles, many of which are outside of 
DHS's control, may impede their progress. For example, because 
international aviation organizations, such as ICAO, have limited 
enforcement authority, they can only encourage, but generally not 
require, countries to implement air cargo security standards or 
mutually accept other countries' security measures. In addition, the 
implementation of uniform air cargo security standards may require the 
expenditure of limited resources. For example, according to European 
Union and air cargo industry officials, those countries with air cargo 
security programs that are less advanced than those of the European 
Union and the United States may not have the resources or 
infrastructure necessary to enhance their air cargo security programs. 

In addition, some foreign governments do not share DHS's view regarding 
the threats and risk associated with air cargo. For example, CBP has 
identified the introduction of terrorist weapons, including a WMD, as 
the primary threat to cargo entering the United States. Government 
officials from one country we met with, however, stated that they do 
not view the introduction of a WMD as a significant threat to air cargo 
security. Officials from another country stated that, unlike DHS, they 
do not consider stowaways as a primary threat to air cargo, while an 
official from a third country noted that it does not differentiate 
between the threats to passenger air carriers and those to all-cargo 
carriers. In addition, while TSA prohibits cargo from unknown shippers 
from being transported on passenger aircraft, the European Union and 
one Asian country we obtained information from allows cargo from 
unknown shippers to be transported on passenger aircraft after the 
cargo is inspected. These countries also inspect 100 percent of cargo 
from unknown shippers that is transported on all-cargo aircraft, while 
TSA requires all-cargo air carriers to randomly inspect a portion of 
the air cargo they transport. These differing approaches to air cargo 
security may make the harmonization of inspection requirements 
difficult to achieve. 

Further, TSA faces legal challenges in mutually accepting the results 
of other entities' airport assessments. According to TSA officials, the 
agency interprets its statutory mandate to conduct assessments of 
foreign airports to mean that TSA must physically observe security 
operations at a foreign airport. This interpretation, according to TSA, 
precludes TSA from relying solely on third-party or host government 
assessments. If the Secretary of DHS, on the basis of the results of a 
TSA assessment, determines that a foreign airport does not maintain and 
carry out effective security measures, the Secretary must take further 
action. Such actions include, among others, notifying appropriate 
authorities of the foreign government of deficiencies identified, 
providing public notice that the airport does not maintain and carry 
out effective security measures, or suspending service between the 
United States and the airport if it is determined a condition exists 
that threatens the safety or security of the passengers, aircraft, or 
crew, and such action is in the public interest.[Footnote 113] TSA 
officials noted that unlike DHS, ICAO has limited enforcement 
capabilities. However, TSA officials stated that the agency is taking 
steps to further emphasize reciprocity with other governments by 
encouraging them to assess airports within the United States.[Footnote 
114] Such an effort could help facilitate the agency's foreign airport 
assessments and air carrier inspections. 

TSA officials also stated that although they are working with the 
European Union to develop a process to share airport assessment and 
inspection results, the agency currently does not have an agreement 
with either the European Union or ICAO to share assessment results. TSA 
officials added that even if they obtain access to these results, TSA 
is still legally required to conduct its own assessments of airports at 
which air carriers have operations into the United States and will 
continue with inspections of air carriers that transport cargo into the 
United States. Information on the results of other governments' airport 
assessments and air carrier inspections could help TSA focus its 
oversight resources on those countries and carriers that may pose a 
greater risk to the United States. In addition, foreign government and 
embassy officials noted that it will be difficult to harmonize air 
cargo security standards and requirements until the international 
community develops an approach for sharing sensitive information, such 
as security requirements. Developing a process for sharing sensitive 
information could help the United States and other countries improve 
their understanding of each others' security measures and identify 
overlapping or contradicting security requirements. 

Conclusions: 

While DHS has made significant strides in strengthening aviation 
security, it is still in the early stages of developing a comprehensive 
approach to ensuring inbound air cargo security. Until TSA and CBP take 
additional actions to assess the risks posed by inbound air cargo and 
implement appropriate risk-based security measures, U.S.-bound aircraft 
transporting cargo will continue to be vulnerable to terrorist attack. 
In October 2005, we recommended that TSA take a number of actions 
designed to strengthen the security of the nation's domestic air cargo 
transportation system. Similar actions, if effectively implemented, 
could also strengthen the department's overall efforts to enhance the 
security of inbound air cargo, both before the cargo has departed a 
foreign nation and once it has arrived in the United States. We are 
encouraged by TSA's initial efforts to use a risk-based approach to 
guide its investment decisions related to inbound air cargo security 
while at the same time addressing other pressing aviation and 
transportation security priorities. However, risk management efforts 
should begin with a strategy that includes specific goals and 
objectives, which TSA has not yet identified. Likewise, TSA's efforts 
to prioritize inbound air cargo assets and guide decisions about 
protecting them could be strengthened by establishing a methodology and 
time frames for completing risk assessments of inbound air cargo and 
determining how to use the results to target security programs and 
investments. Further, while TSA has drafted new requirements for 
securing inbound air cargo, without reexamining the rationale for 
existing inspection exemptions specific to air cargo transported into 
the United States on passenger aircraft and making any needed 
adjustments to these exemptions, there will continue to be a 
vulnerability that could be exploited by terrorists. Moreover, without 
developing an inspection plan that includes performance goals and 
measures to gauge air carrier compliance with air cargo security 
requirements, TSA cannot readily identify those air carriers that are 
achieving an acceptable level of compliance and focus the agency's 
inspection resources on those air carriers with higher levels of 
noncompliance that may pose a greater risk. 

Coordination and communication between TSA and CBP is also important to 
ensuring that gaps do not exist in the security of inbound air cargo. 
Without effectively sharing information, TSA's and CBP's inbound air 
cargo security activities may be less efficient and effective. While 
TSA and CBP have separate missions within DHS, their responsibilities 
for the security of air cargo are complementary. A strategy that 
clearly defines TSA's and CBP's roles and responsibilities with regard 
to securing inbound air cargo could help ensure that all areas of 
inbound air cargo security are being addressed. TSA and CBP also lack a 
systematic process to share relevant air cargo security information, 
such as the results of air carrier compliance inspections and foreign 
airport assessments that could enhance both agencies' efforts to secure 
air cargo. Such a process could provide opportunities for enhancing 
TSA's and CBP's respective efforts to secure inbound air cargo. 

TSA's efforts to coordinate with foreign governments and air cargo 
stakeholders are an important step toward developing enhanced and 
mutually agreeable international air cargo security standards. While 
TSA has taken steps to obtain information on foreign air cargo security 
practices, further examination of how these practices may be applied in 
the United States could yield opportunities to strengthen the 
department's overall air cargo security program. Doing so could also 
enable the United States to leverage the experiences and knowledge of 
foreign governments and international air cargo industry stakeholders 
and help identify additional innovative practices to secure air cargo 
against a terrorist attack in this country. 

Recommendations for Executive Action: 

To help ensure that the Transportation Security Administration and 
Customs and Border Protection take a comprehensive approach to securing 
air cargo transported into the United States, in the restricted version 
of this report we recommended that the Secretary of Homeland Security 
direct the Assistant Secretary for the Transportation Security 
Administration and the Commissioner of U.S. Customs and Border 
Protection to take the following two actions: 

(1) Develop a risk-based strategy, either as part of the existing air 
cargo strategic plan or as a separate plan, to address inbound air 
cargo security, including specific goals and objectives for securing 
this area of aviation security. This strategy should clearly define 
TSA's and CBP's responsibilities for securing inbound air cargo, as 
well as how the agencies should coordinate their efforts to ensure that 
all relevant areas of inbound air cargo security are being addressed, 
particularly as they relate to mitigating the threat posed by weapons 
of mass destruction. 

(2) Develop a systematic process for sharing information between TSA 
and CBP that could be used to strengthen the department's efforts to 
enhance the overall security of inbound air cargo, including, but not 
limited to, information on the results of TSA inspections of air 
carrier compliance with TSA inbound air cargo security requirements and 
TSA assessments of foreign airports' compliance with international air 
cargo security standards. 

To help strengthen the Transportation Security Administration's inbound 
air cargo security efforts, we recommend that the Secretary of Homeland 
Security direct the Assistant Secretary for the Transportation Security 
Administration to take the following four actions: 

(3) establish a methodology and time frame for completing assessments 
of inbound air cargo vulnerabilities and critical assets, and use these 
assessments as a basis for prioritizing the actions necessary to 
enhance the security of inbound air cargo; 

(4) establish a time frame for completing the assessment of whether 
existing inspection exemptions for inbound air cargo pose an 
unacceptable vulnerability to the security of air cargo, and take 
steps, if necessary, to address identified vulnerabilities; 

(5) develop and implement an inspection plan that includes performance 
goals and measures to evaluate foreign and domestic air carrier 
compliance with inbound air cargo security requirements; and: 

(6) in collaboration with foreign governments and the U.S. air cargo 
industry, systematically compile and analyze information on air cargo 
security practices used abroad to identify those that may strengthen 
the department's overall air cargo security program, including 
assessing whether the benefits that these practices could provide in 
strengthening the security of the U.S. and inbound air cargo supply 
chain are cost-effective, without impeding the flow of commerce. 

Agency Comments and Our Evaluation: 

We provided a draft of this report to DHS for review and comments. On 
April 19, 2007, we received written comments on the draft report, which 
are reproduced in full in appendix VIII. DHS generally concurred with 
the report and recommendations. 

With regard to our recommendation to develop a risk-based strategy to 
address inbound air cargo security which clearly defines TSA's and 
CBP's responsibilities for securing inbound air cargo, particularly as 
they relate to mitigating the threat posed by weapons of mass 
destruction, DHS stated that CBP is in the preliminary stages of 
developing its Air Cargo Security Strategic Plan. According to DHS, the 
draft plan includes goals and objectives, such as capturing accurate 
advance information to effectively screen air cargo shipments; 
accounting for and reconciling all high-risk air cargo shipments 
arriving from foreign destinations; developing and enhancing 
partnerships to strengthen air cargo security while continuing to 
facilitate the movement of legitimate trade; and controlling, 
inspecting and interdicting all air cargo that may pose a threat to 
national security of the United States. DHS also stated that CBP is 
coordinating with TSA in the refinement of CBP's Air Cargo Security 
Strategic Plan. Current efforts include discussions with TSA management 
and the review of relevant information in the classified TSA air cargo 
threat assessment. DHS further stated that CBP plans to collaborate 
with TSA during the vetting stage of CBP's Air Cargo Strategic Plan to 
ensure coordination of efforts and seamless implementation. Further, 
DHS stated that TSA plans to revise its existing Air Cargo Strategic 
Plan in fiscal year 2007, and will consider including a strategy for 
addressing inbound air cargo transported on passenger and all-cargo 
aircraft. DHS stated that TSA will identify and include specific goals 
and objectives for securing this area of aviation security and will 
work with CBP to share best practices in mitigating threats posed by 
weapons of mass destruction. While DHS has recognized the need for CBP 
and TSA to work together to address inbound air cargo security threats, 
DHS has not indicated whether the Air Cargo Strategic Plan CBP is 
developing or TSA's revised Air Cargo Strategic Plan will provide a 
risk-based strategy for how the agencies will coordinate their 
respective efforts to ensure the security of air cargo transported into 
the United States, particularly as they relate to mitigating the threat 
posed by weapons of mass destruction. Taking such action would be 
necessary to fully address our recommendation. 

Concerning our recommendation to develop a systematic process for 
sharing information between TSA and CBP that could be used to 
strengthen the department's efforts to enhance the overall security of 
inbound air cargo, DHS stated that CBP and TSA plan to meet monthly to 
continue working on ensuring air cargo security and to determine 
whether they can work more collaboratively to ensure air cargo 
security. DHS stated that these meetings will also focus on its air 
cargo security strategy, including proposed DHS definitions for the 
terms "screen," "scan" and "inspection." DHS also noted that TSA and 
CBP have previously collaborated on air cargo security initiatives and 
efforts through their ongoing participation in the Aviation Security 
Advisory Committee Air Cargo Working Group, and CBP has shared 
information on its Automated Targeting System with TSA staff who are 
developing a Freight Assessment System to target elevated risk domestic 
cargo. DHS further stated that TSA recognizes that CBP's Customs-Trade 
Partnership Against Terrorism program may include some information that 
could help TSA in its efforts to strengthen the security requirements 
for individuals and businesses that ship air cargo domestically. While 
CBP's and TSA's efforts to collaborate on their air cargo security 
activities are worthwhile, it is also important that TSA and CBP 
develop a system to share information--such as the results of TSA 
inspections of air carrier compliance with TSA inbound air cargo 
security requirements and TSA assessments of foreign airports' 
compliance with international air cargo security standards--that could 
be used to strengthen the department's efforts to secure inbound air 
cargo. Ensuring that TSA and CBP incorporate systematic information 
sharing into their ongoing coordination efforts would more fully 
address our recommendation. 

Regarding our recommendation to establish a methodology and time frame 
for completing assessments of inbound air cargo vulnerabilities and 
critical assets, and use these assessments as a basis for prioritizing 
the actions necessary to enhance the security of inbound air cargo, TSA 
acknowledged that assessments of inbound air cargo vulnerabilities and 
critical assets can assist in the prioritization of programs and 
initiatives developed to enhance air cargo security. While TSA stated 
that it has taken steps to develop a methodology and a framework to 
complete vulnerability assessments of the domestic air cargo supply 
chain, TSA does not plan to begin work on assessments of 
vulnerabilities of the inbound air cargo supply chain until after the 
domestic assessments are completed. TSA stated that it will pursue 
partnerships with foreign countries to assess the security 
vulnerabilities associated with U.S.-bound air cargo. TSA's efforts to 
complete a vulnerability assessment for domestic air cargo are an 
important step in applying a risk management approach to securing air 
cargo. However, TSA did not provide a time frame for completing the 
domestic vulnerability assessments and therefore could not provide a 
schedule for when it will conduct an assessment of inbound air cargo 
security vulnerabilities. Moreover, TSA has not determined whether it 
will conduct a criticality assessment of inbound air cargo assets or 
indicated how it plans to use information resulting from these 
assessments of inbound air cargo to prioritize the agency's efforts to 
enhance the security of inbound air cargo. Taking these steps would be 
necessary to fully address our recommendation. 

With regard to our recommendation to establish a time frame for 
completing the assessment of whether existing inspection exemptions for 
inbound air cargo pose an unacceptable security vulnerability, and 
taking steps, if necessary, to address identified vulnerabilities, TSA 
acknowledged that air cargo inspection exemptions represent a security 
risk and described several actions it had taken to revise the air cargo 
inspection exemptions. For example, TSA stated that in October 2006, 
the agency issued a series of security enhancements in the form of a 
security directive, removing air cargo inspection exemptions. While 
TSA's actions are an important step in addressing a recommendation we 
made in our October 2005 report on domestic air cargo security, TSA's 
recent security directive does not remove all inspection exemptions for 
air cargo. Specifically, TSA's action only applies to air cargo 
transported from and within the United States and not to air cargo 
transported into the United States from a foreign country, and only 
applies to air cargo transported on passenger air carriers, not all- 
cargo carriers. Until TSA assesses whether existing inspection 
exemptions for cargo transported on passenger and all-cargo aircraft 
into the United States pose an unacceptable vulnerability, and takes 
any necessary steps to address the identified vulnerabilities, TSA 
cannot be assured that the agency's inbound air cargo inspection 
requirements for air carriers provide a reasonable level of security. 
Taking this important step is necessary to fully address our 
recommendation. 

Concerning our recommendation to develop and implement an inspection 
plan that includes performance goals and measures to evaluate foreign 
and domestic air carrier compliance with inbound air cargo security 
requirements, TSA stated that it recognizes the importance of 
evaluating air carrier compliance using performance measures and goals. 
TSA also stated that its international and domestic field offices 
establish comprehensive inspection schedules for field staff to visit 
air carriers based on risk factors, inspection histories, and security 
determinations. In addition, TSA noted that it is hiring 10 dedicated 
international air cargo inspectors, who will be deployed to four 
international field offices to inspect all-cargo operations at last 
points of departure to the United States on an annual basis to ensure 
that they are in compliance with relevant all-cargo security programs 
and applicable security directives or emergency amendments. TSA stated 
that it will also track the progress on these inspections utilizing the 
tracking system developed for its Foreign Airport Assessment Program. 
Hiring additional inspectors to conduct compliance inspections of all- 
cargo carriers that transport cargo into the United States is an 
important step for enhancing the agency's oversight of such carriers. 
However, TSA has not indicated whether it will develop an inspection 
plan that includes performance goals and measures to evaluate foreign 
and domestic air carrier compliance with inbound air cargo security 
requirements. Developing such a plan will be important to fulfilling 
the agency's oversight responsibilities and is a necessary action in 
addressing our recommendation. 

Regarding our recommendation to collaborate with foreign governments 
and the U.S. air cargo industry and compile and analyze information on 
air cargo security practices used abroad to identify those that may 
strengthen the department's overall air cargo security program, TSA 
stated that it recognizes the importance of collaborating with foreign 
governments and U.S. industry to identify best practices and lessons 
learned for enhancing air cargo security. Specifically, TSA stated that 
it has taken numerous steps to increase collaboration with foreign 
governments and industry, including developing relations with United 
Kingdom and Irish officials to better understand their air cargo 
security practices and programs. TSA also noted that it actively 
coordinates with Canadian transportation security officials to share 
lessons learned and improve air cargo security between the two 
countries. Moreover, TSA stated that it is continuing to build 
relationships with foreign governments, including European Union 
members and southeast Asian nations. TSA also stated that it is 
collaborating with U.S. industry through the Aviation Security Advisory 
Committee Air Cargo Working Group to partner with air cargo supply 
chain stakeholders on new initiatives and existing programs and pilot 
programs. TSA's efforts to collaborate with foreign governments and 
industry are important steps toward improving inbound air cargo 
security. However, TSA has not indicated whether it plans to compile or 
analyze information on air cargo security practices used abroad to 
identify those that may strengthen the department's overall air cargo 
security program, including assessing whether the benefits that these 
practices could provide in strengthening the security of the U.S. and 
inbound air cargo supply chain are cost-effective, without impeding the 
flow of commerce. Taking such actions would be necessary to fully 
address the intent of this recommendation. 

DHS also offered technical comments and clarifications, which we have 
considered and incorporated where appropriate. 

As agreed with your offices, unless you publicly announce its contents 
earlier, we plan no further distribution of this report until 30 days 
after its issue date. At that time, we will provide copies of this 
report to the Secretary of Homeland Security, the Assistant Secretary 
of the Transportation Security Administration, the Commissioner of U.S. 
Customs and Border Protection, and interested congressional committees. 

If you have any further questions about this report, please contact me 
at (202) 512-3404 or berrickc@gao.gov. Key contributors to this report 
are listed in appendix IX. 

Signed by: 

Cathleen A. Berrick: 
Director: 
Homeland Security and Justice Issues: 

Congressional Requesters: 

The Honorable Bennie G. Thompson: 
Chairman: 
The Honorable Peter T. King: 
Ranking Minority Member: 
Committee on Homeland Security: 
House of Representatives: 

The Honorable Loretta Sanchez: 
Chairwoman: 
Subcommittee on Border, Maritime and Global Counterterrorism: 
Committee on Homeland Security: 
House of Representatives: 

The Honorable Tom Davis: 
Ranking Minority Member: 
Committee on Oversight and Government Reform: 
House of Representatives: 

The Honorable Daniel E. Lungren: 
Ranking Minority Member: 
Subcommittee on Transportation Security and Infrastructure Protection: 
Committee on Homeland Security: 
House of Representatives: 

The Honorable Christopher Shays: 
Ranking Minority Member: 
Subcommittee on National Security and Foreign Affairs: 
Committee on Oversight and Government Reform: 
House of Representatives: 

The Honorable Edward J. Markey: 
House of Representatives: 

[End of section] 

Appendix I: Objectives, Scope, and Methodology: 

This report addresses the following questions: (1) What actions has the 
Department of Homeland Security (DHS) taken to secure inbound air 
cargo, and how, if at all, could these efforts be strengthened? (2) 
What practices have the air cargo industry and select foreign countries 
adopted that could potentially be used to enhance DHS's efforts to 
strengthen air cargo security, and to what extent have the 
Transportation Security Administration (TSA) and the U.S. Customs and 
Border Protection (CBP) worked with foreign government stakeholders to 
enhance its air cargo security efforts? 

To determine what actions DHS has taken to secure inbound air cargo, 
and how, if at all, these efforts could be strengthened, we reviewed 
TSA's domestic air cargo strategic plan, proposed and final air cargo 
security rules, air cargo-related security directives and emergency 
amendments, aircraft operator security programs, and related guidance 
to determine the requirements placed on air carriers for ensuring 
inbound air cargo security.[Footnote 115] We also interviewed TSA and 
CBP officials to obtain information on their current and planned 
efforts to secure inbound air cargo. Further, we reviewed CBP's 
programs and performance measures related to targeting and inspecting 
air cargo once it reaches the United States. Specifically, we reviewed 
CBP's Customs and Trade Partnership Against Terrorism (C-TPAT) program 
and its Automated Targeting System (ATS) related to air cargo to obtain 
information on CBP's efforts to secure, target, and inspect inbound air 
cargo. We analyzed TSA foreign airport assessment reports conducted 
during fiscal year 2005, compliance inspection data from July 2003 to 
February 2006, and performance measures to determine the agency's 
progress in evaluating air carriers' compliance with existing air cargo 
security requirements. We also discussed the reliability of TSA's 
compliance inspection data for the period July 2003 to February 2006 
with TSA officials. Although our initial reliability testing indicated 
that there were some inconsistencies in the data provided by TSA, we 
were able to resolve most of the discrepancies and concluded that the 
data were sufficiently reliable for the purposes of this review. For 
example, we found spelling variations in the inspections for the same 
air carrier, which we identified and made uniform in the dataset. We 
found that some records contained duplicate information. We removed 
these records based on a comparison of information such as the 
inspection record number, the date of the inspection, the specific 
requirement the TSA inspector assessed, and the determination of the 
air carriers' compliance with the requirement. We also found some 
inspections in the dataset that had occurred at U.S. airports. We 
identified these by the airport name and removed them from the data. To 
identify DHS's plans for enhancing inbound air cargo security, we 
reviewed DHS Science and Technology Directorate, TSA, and CBP documents 
to identify pilot programs for inspection technology, including program 
funding levels, time frames, results, and implementation plans. We 
discussed how, if at all, DHS efforts could be strengthened to secure 
inbound air cargo with TSA and CBP officials and air cargo industry 
stakeholders. 

To identify any challenges DHS and its components may face in 
strengthening inbound air cargo security, we interviewed TSA and CBP 
officials about how they coordinate and share information on their 
respective inbound air cargo security efforts. We obtained information 
on DHS's, TSA's, and CBP's efforts to apply risk management principles 
to inform their decisions related to securing inbound air cargo and 
compared these actions against our risk management framework. Our 
complete risk management framework includes a specific set of risk 
management activities: setting strategic goals and objectives, 
assessing risk (threat, vulnerabilities, and criticality), evaluating 
alternatives, selecting initiatives to undertake, and implementing and 
monitoring those initiatives. This report examines the two risk 
management efforts TSA has focused on thus far related to inbound air 
cargo security--setting strategic goals and objectives and assessing 
risk. With regard to establishing strategic goals and objectives, we 
reviewed DHS's Strategic Plan, National Infrastructure Protection Plan, 
and National Strategy for Transportation Security. We also reviewed 
TSA's strategic plan and TSA's air cargo strategic plan to determine 
DHS's strategy for addressing the security of inbound air cargo. 
Regarding risk assessments, we interviewed DHS officials to discuss the 
department's plans to conduct assessments of the vulnerabilities and 
critical assets associated with inbound air cargo. In addition, we 
interviewed TSA and CBP officials, foreign government officials, and 
air cargo industry stakeholders to identify efforts to develop 
international air cargo security standards, and DHS's efforts to work 
with foreign governments to develop uniform air cargo security 
standards that would apply to participant countries, including a 
structure for mutually recognizing and accepting other countries' air 
cargo security practices. 

To identify actions the air cargo industry and select foreign countries 
have taken to secure air cargo and whether such actions have the 
potential to be used to strengthen air cargo security in the United 
States, we interviewed foreign and domestic air carrier (passenger and 
all-cargo) officials, foreign freight forwarder representatives, 
airport authorities, air cargo industry associations, and DHS and 
foreign government officials. We also conducted site visits to 3 U.S. 
airports to observe inbound air cargo security operations and industry 
and CBP efforts to inspect inbound air cargo using nonintrusive 
inspection technologies, including radiation detection 
systems.[Footnote 116] We selected these airports based on several 
factors, including airport size, the volume of air cargo transported to 
these airports from foreign locations, geographical dispersion, the 
presence of CBP officers, and TSA international field office 
officials.[Footnote 117] Because we selected a nonprobability sample of 
airports, the results from these visits cannot be generalized to other 
U.S. airports. Further, we conducted site visits to 7 countries in 
Europe and Asia to observe air cargo facilities on and off airport 
grounds, observe air cargo security processes and technologies, and 
obtain information on air cargo security measures implemented by 
foreign governments and industry stakeholders.[Footnote 118] During our 
international site visits, we also met with officials from the European 
Union and TSA's international field offices. We selected these 
countries based on several factors, including geographical dispersion; 
TSA threat rankings; and discussions with DHS, State Department, and 
foreign government officials and air cargo industry representatives and 
experts regarding air cargo security practices that may have 
application to DHS's efforts to secure air cargo. We also considered 
information on 4 additional countries whose air cargo security 
practices differ from those used in the United States.[Footnote 119] 
According to TSA and air cargo industry stakeholders, these countries 
have implemented stringent air cargo security programs. Specifically, 
we observed security practices at 8 foreign airports, 4 of which rank 
among the world's 10 busiest cargo airports. We also obtained 
information on the air cargo security requirements implemented by 4 
additional foreign countries. In addition, some of the security 
practices we identified are being implemented by air carriers that 
transport large volumes of air cargo. Specifically, we spoke with air 
carrier officials representing 7of the world's 10 largest air cargo 
carriers. We also discussed the feasibility of applying foreign air 
cargo security measures in the United States with TSA officials. We did 
not, however, evaluate the effectiveness of the foreign measures we 
identified during this review. We also discussed efforts to develop, 
harmonize, and mutually recognize international air cargo security 
standards with TSA, foreign government, and air cargo industry 
officials. 

TSA's and CBP's roles and responsibilities for securing air cargo 
transported from the United States to a foreign location were not 
included in the scope of this review. TSA's requirements for outbound 
air cargo are similar to those governing the security of air cargo 
transported within the United States. For a review of TSA's practices 
related to securing domestic air cargo, GAO-05-446SU. 

We conducted our work from October 2005 through February 2007 in 
accordance with generally accepted government auditing standards. 

[End of section] 

Appendix II: TSA's Efforts to Assess Air Carrier Compliance with 
Inbound Air Cargo Security Requirements: 

TSA's inspections at foreign airports are conducted by aviation 
inspectors who are responsible for reviewing aviation security measures 
of foreign and domestic passenger air carriers to determine their 
compliance with a variety of TSA aviation security requirements, 
including those related to inbound air cargo. These inspectors are 
responsible for conducting foreign airport assessments as well as 
domestic and foreign air carrier inspections at foreign airports. 
According to international field office officials, the agency usually 
conducts inspections and foreign airport assessments during the same 
visit to an airport. The agency also trains and utilizes domestic 
aviation security inspectors to conduct inspections under the 
supervision of the international field offices to supplement its 
international inspection resources. 

TSA uses its automated Performance and Results Information System 
(PARIS) to compile the results of its aviation inspections and the 
actions taken when violations are identified. As shown in figure 4, our 
analysis of PARIS inspection records determined that between July 2003 
and February 2006, TSA conducted 1,020 international compliance 
inspections of domestic and foreign carriers that included a review of 
one or more areas of cargo security. TSA data also show that inspectors 
conducted 747 inspections at 452 separate domestic air carrier stations 
and 273 inspections at 177 separate foreign air carrier 
stations.[Footnote 120] 

Figure 4: Inspections of Air Carrier Cargo Procedures Conducted from 
January 2004 to December 2005: 

[See PDF for image] 

Source: GAO analysis of TSA's data. 

Note: TSA provided us information on the number of inspections 
conducted from July 2003 to February 2006. DHS determined that details 
on the number of inspections conducted on air carrier cargo procedures 
are Sensitive Security Information. Details on the number of 
inspections are provided in the restricted version of this report, GAO-
07-337SU. 

[End of figure] 

TSA has taken initial steps to compile information on the violations 
found during its inspections of inbound air carrier cargo security 
requirements. For example, from July 2003 to February 2006, TSA 
inspectors identified 57 air cargo security violations committed by 
foreign and domestic passenger air carriers at foreign airports in 
several areas of air cargo security responsibility. Specifically, as 
shown in figure 5, these violations covered areas such as cargo 
acceptance procedures, cargo screening procedures, and air carrier 
cargo hold search procedures. 

Figure 5: Air Cargo Security Violations Found during Inbound Passenger 
Air Carrier Inspections at Foreign Airports for the Period July 2003 to 
February 2006: 

[See PDF for image] 

Source: GAO analysis of TSA's PARIS database. 

Note: TSA provided us information on the number of violations found 
during inspections conducted from July 2003 to February 2006. DHS 
determined that details on the number of each type of violation found 
are Sensitive Security Information. Details on the number of each type 
of violation are provided in the restricted version of this report, GAO-
07-337SU. 

[End of figure] 

[End of section] 

Appendix III: TSA's Assessments of Foreign Airport Security Procedures: 

During fiscal year 2005, TSA conducted 128 foreign airport assessments 
at the approximately 260 airports that service passenger air carriers 
departing for the United States.[Footnote 121] As part of the foreign 
airport assessment process, TSA develops a report that identifies 
recommendations for the airport to improve its airport security to meet 
ICAO standards, which include air cargo security standards. Of the 128 
assessments TSA conducted during fiscal year 2005, the agency made 28 
recommendations to improve air cargo security. As of October 2005, 2 
cargo security recommendations were adopted by the airports and 26 
recommendations remained to be addressed. Examples of TSA 
recommendations include developing a national cargo security program to 
establish government authorities and air cargo industry 
responsibilities for securing air cargo, among other things. 

When TSA inspectors identify a deficiency that requires immediate 
action, they work with the airport and government officials to resolve 
the deficiency. If TSA inspectors determine that effective security is 
still not being maintained, the law prescribes steps and actions 
available for encouraging compliance with the standards used in TSA's 
assessment.[Footnote 122] Such actions include, among other things, 
notifying appropriate authorities of the foreign government of 
deficiencies identified, providing public notice that the airport does 
not maintain and carry out effective security measures, or suspending 
service between the United States and the airport if it is determined a 
condition exists that threatens the safety or security of the 
passengers, aircraft, or crew, and such action is in the public 
interest.[Footnote 123] The agency has not issued a travel advisory or 
suspended service solely for air cargo security deficiencies at an 
airport since its inception. 

[End of section] 

Appendix IV: Description of GAO's Risk Management Framework: 

GAO's risk management framework is intended to be a starting point for 
risk management activities and will likely evolve as processes mature 
and lessons are learned. A risk management approach entails a 
continuous process of managing risk through a series of actions, 
including setting strategic goals and objectives, assessing risk, 
evaluating alternatives, selecting initiatives to undertake, and 
implementing and monitoring those initiatives. Figure 6 depicts a risk 
management cycle. 

Figure 6: Risk Management Cycle: 

[See PDF for image] 

Source: GAO. 

[End of figure] 

Risk assessment, a critical element of a risk management approach, 
helps decision makers identify and evaluate potential risks so that 
countermeasures can be designed and implemented to prevent or mitigate 
the effects of the risks. The risk assessment element in the overall 
risk management cycle may be the largest change from standard 
management steps and is central to informing the remaining steps of the 
cycle. Table 1 describes the elements of a risk assessment. 

Table 1: Elements of a Typical Homeland Security Risk Assessment: 

Threat assessment: "Threat" is defined as a potential intent to cause 
harm or damage to an asset (e.g., natural environment, people, man-made 
infrastructures, and activities and operations). Threat assessments 
consist of the identification of adverse events that can potentially 
affect an entity. Threats might be present at the global, national, or 
local level and their sources include terrorists and criminal 
enterprises. Specific threat information may indicate vulnerabilities 
that are subject to attack or following the completion of a risk 
management process, may, for instance, indicate that resources should 
be temporarily deployed to protect cargo in a particular region of the 
country or a specific airport. Even if updated frequently, a threat 
assessment might not adequately capture some emerging threats. 

Vulnerability assessment: "Vulnerability" is defined as the inherent 
state (either physical, technical, or operational) of an asset that can 
be exploited by an adversary to cause harm or damage. Vulnerability 
assessments identify these inherent states and the extent of their 
susceptibility to exploitation, relative to the existence of any 
countermeasures. A vulnerability assessment is generally conducted by a 
team of experts skilled in such areas as engineering, intelligence, 
security, information systems, finance, and other disciplines. 

Criticality/Consequence assessment: "Criticality" is defined as an 
asset's relative importance given that an event occurs. Criticality or 
similar consequence assessments identify and evaluate an entity's 
assets based on a variety of factors, including the importance of its 
mission or function, the extent to which people are at risk, or the 
significance of a structure or system in terms of, for example, 
national security, economic activity, or public safety. Criticality or 
consequence assessments are important because they provide, in 
combination with threat and vulnerability assessments, information for 
later stages of the risk management process. 

Source: GAO. 

[End of table] 

Another element of our risk management approach--alternatives 
evaluation--considers what actions may be needed to address identified 
risks, the associated costs of taking these actions, and any resulting 
benefits. This information can be provided to agency management to 
assist in the selection of alternative actions best suited to the 
unique needs of the organization. An additional step in the risk 
management approach is the implementation and monitoring of actions 
taken to address the risks, including evaluating the extent to which 
risk was mitigated by these actions. Once the agency has implemented 
the actions to address risks, it should develop criteria for and 
continually monitor the performance of these actions to ensure that 
they are effective and also reflect evolving risk. 

[End of section] 

Appendix V: DHS and TSA Air Cargo Security Technology Pilot Tests: 

According to DHS officials, the department's ongoing pilot programs 
seek to enhance the physical security of air cargo and improve the 
effectiveness of air cargo inspections by increasing detection rates 
and reducing false alarm rates. DHS officials stated that its air cargo 
technology pilot programs focus on securing domestic air cargo, and 
while these pilot methods have yet to be implemented, the results of 
these tests could be applied to securing inbound air cargo against 
similar threats. These technology pilots focus on addressing the two 
primary threats to air cargo identified by TSA--hijackers on an all- 
cargo aircraft and explosives on passenger aircraft--but do not include 
tests to identify weapons of mass destruction. DHS's pilot programs are 
described below. 

Air Cargo Explosives Detection Pilot Program: 

Of the amounts appropriated to DHS in fiscal year 2006, $30 million was 
allocated to the Science and Technology (S&T) Directorate to conduct 
three cargo screening pilot programs.[Footnote 124] DHS's S&T, working 
in conjunction with TSA, selected San Francisco International Airport, 
Seattle-Tacoma International Airport, and Cincinnati/Northern Kentucky 
International Airport as the sites for the pilot and commenced cargo 
inspection operations at all three airports in September 2006. The 
pilots will test different concepts of operation at each of the 
airports. At San Francisco International Airport, the program will test 
the use of approved inspection technologies, including explosive 
detection systems, such as CTX 9000, explosive trace detectors, 
standard X-ray machines, canine teams, and manual inspections of air 
cargo, in attempts to determine the technological and operational 
issues involved in explosives detection. The pilot at San Francisco 
International Airport will further examine how the use of these 
existing checked baggage inspection technologies at a higher rate than 
is currently required by TSA will affect air cargo personnel and 
operations on, for example, throughput.[Footnote 125] The pilot at 
Seattle-Tacoma International Airport will use canines and stowaway 
detection technologies, for example, technologies that can locate a 
stowaway through detection of increased carbon dioxide levels in cargo, 
to detect threats in freighter air cargo,[Footnote 126] while the 
Cincinnati/Northern Kentucky International Airport pilot program will 
test existing passenger infrastructure for inspecting air cargo, 
including explosive detection systems (EDS) technology. The projected 
benefits of these pilots include the following: increases in the amount 
of cargo inspected, increases in detection reliability without 
adversely affecting commerce, and a better understanding of the 
necessary procedures and costs associated with greater cargo security. 

Pilot Program Evaluating Explosives Detection System Technology: 

EDS is a form of X-ray technology that can be highly automated to 
screen several hundred bags an hour. EDS machines, in contrast to 
explosive trace detection technology, are much larger, up to the size 
of a minivan and cost in excess of $1 million. EDS technology uses 
computer tomography to scan objects and compare their density to the 
density of known objects in order to locate explosives.[Footnote 127] 
According to TSA, EDS provides an equivalent level of security as 
explosive trace detection (ETD) technology. However EDS provides a 
higher level of efficiency. 

TSA's EDS Cargo Pilot Program is currently in the third phase of a 
three-phased program testing the use and effectiveness of explosive 
detection systems at 12 participating sites.[Footnote 128] While the 
Air Cargo Explosives Detection Pilot Program will test a range of 
explosives detection technologies, the EDS pilot focuses specifically 
on EDS technology for its use in the air cargo environment. Phase I, 
referred to as Developmental Test and Evaluation, was conducted using 
live explosives to test the detection capability and technical 
performance of the systems screening simulated break bulk air cargo. 
Phase II, referred to as Operational Utility Evaluation, was conducted 
in cargo facilities to test the system's effectiveness in the air cargo 
environment, in addition to determining the operational alarm and false 
alarm rates of the technology. Phase III of TSA's testing is referred 
to as the Extended Field Test and is designed as a longer-term 
evaluation of available EDS technologies in the air cargo environment. 
According to TSA officials, the extended time frame of Phase III (a 
minimum of 1 year) will allow TSA to evaluate the reliability, 
maintainability, and availability of the EDS technology, in addition to 
establishing operational parameters and procedures within a realistic 
operational environment. 

Air Cargo Security Seals Pilot Program: 

TSA officials stated that the agency is exploring the viability of 
potential security countermeasures, such as tamper-evident security 
seals, for use with certain classifications of exempt cargo. 
Traditionally used in the maritime environment, container seals include 
a number of tamper-evident technologies that range from tamper-evident 
tape to more advanced technologies used to secure air cargo on 
aircraft. Tamper-evident tape can identify cargo that requires further 
screening and inspection to safeguard against the introduction of 
explosives and incendiary devices. Indicative seals are made of plastic 
and show signs of tampering. Ranging in price from 5 to 20 cents, they 
provide the cheapest solution to air cargo security. Barrier seals, 
which cost between 50 cents and $2 or more, are stronger seals that are 
generally used on more sensitive cargo because they require bolt 
cutters to remove. The most advanced seal technology allows shipping 
companies to track a container through the entire shipping process 
through a radio frequency identification (RFID) tag that is embedded in 
the seal. Average RFID seals can range in cost from $1 to $10, with the 
most sophisticated models costing upward of $100. Security seals could 
be used in combination with known shipper protocols to insure that 
known shippers provide security in their packaging facilities and deter 
tampering during shipping and handling. 

In 2003, the Congressional Research Service reported that the utility 
of electronic seals in air cargo operations has been questioned by some 
experts because currently available electronic seals have a limited 
transmission range that may make detecting and identifying seals 
difficult. In 2006, GAO reported that container seals provide limited 
value in detecting tampering with cargo containers.[Footnote 129] 
However, according to TSA officials, such countermeasures could provide 
an additional layer of security and warrant further examination. In 
January 2006, the agency issued a public request for information 
regarding security seals. Although the agency has since acquired 
information on seals from five vendors, officials stated that efforts 
to begin the pilot program have been delayed due to funding issues, 
among other things. TSA officials stated that the agency plans to 
implement the pilot at four airports by the first quarter of 2007. 
These airports include Portland International Airport, John F. Kennedy 
International Airport, Chicago O'Hare International Airport, and Ronald 
Reagan Washington National Airport. 

Hardened Unit Load Devices/Hardened Cargo Containers: 

While the Federal Aviation Administration, TSA, and DHS have been 
involved in testing hardened unit load devices since the mid-1990s, 
testing of these devices has increased since the 9/11 Commission 
recommended that all U.S. airliners deploy at least one hardened cargo 
container in the hold of every passenger aircraft to carry suspect 
passenger baggage or air cargo.[Footnote 130] Hardened unit load 
devices are blast-resistant containers capable of transporting 
passenger baggage or air cargo within the lower deck cargo holds of 
wide-body aircraft. These containers are required to withstand an 
explosive blast up to a certain magnitude while maintaining the 
integrity of the container and aircraft structure. The container must 
also be capable of extinguishing any fire that results from the 
detonation of an incendiary device. 

In accordance with the Intelligence Reform and Terrorism Prevention Act 
of 2004, TSA began a pilot program in June 2005 to conduct airline 
operational testing of the ability of hardened or blast-resistant 
containers to minimize the potential effects, including explosion or 
fire, of a detonation caused by an explosive device smuggled into the 
belly of an aircraft.[Footnote 131] TSA officials stated that the start 
up of the pilot program was slow because one of the two participating 
vendors dropped out of the program and because there were few available 
domestic wide-body flights in which to conduct the tests. TSA officials 
added that the agency has since made progress in conducting the pilot 
and is collecting test data. TSA officials stated that the agency 
expects to conclude the data collection phase of the program by summer 
2007 and make policy decisions regarding the possible implementation of 
hardened unit loading devices by December 2007. In addition, TSA has 
been working with vendors and airlines to develop and test a hardened 
unit load device that would satisfy industry's request for a lighter, 
less cost-prohibitive model while still providing the necessary level 
of security to the aircraft. 

Pulsed Fast Neutron Analysis Testing: 

TSA officials reported that the agency's efforts to test pulsed fast 
neutron analysis (PFNA) are currently in the proof-of-concept design 
stage, which is focusing on the development of the technology. PFNA 
technology allows for bulk inspection of containerized air cargo by 
measuring the reaction to injected neutrons and identifying elemental 
chemical signatures of contraband, explosives, and other threat 
objects. The agency plans to complete the proof-of-concept phase of 
testing by March 2007, at which point TSA and DHS will evaluate the 
technology on its technical, environmental, operational, and 
performance specifications. Testing of this technology will then 
proceed to the Development Testing and Evaluation phase. Agency 
officials project that the next two phases, Development Testing and 
Evaluation and Operational Testing and Evaluation, will take another 2 
to 3 years (after the completion of the proof-of-concept design phase) 
to fully determine the operational readiness and maturity of the 
technology. Agency officials were unable to provide us with a time 
frame for when PFNA would be operational at the George Bush 
Intercontinental Airport. 

[End of section] 

Appendix VI: Actions Taken by Select Domestic Air Carriers with 
Operations Overseas and Foreign Air Cargo Industry Stakeholders to 
Secure Air Cargo: 

Area of Action: Cargo Inspection: Methods and Focus; 
Passenger Air Carriers: Inspect a higher percentage of cargo placed on 
passenger aircraft than is required by TSA or host government; 
100 percent of air cargo loaded onto passenger aircraft bound for the 
United States required to undergo inspection; 
Large palletized cargo is broken down in order to pass cargo through X-
ray machines; 
Canines used to sniff air samples taken from cargo shipments; 
Limited or no air cargo inspection exemptions; 
Large X-ray machines used to inspect entire pallets of cargo bound for 
passenger craft; 
Additional targeted inspections are conducted based on analysis of 
available threat information, among other things; 
All-Cargo Air Carriers: 100 percent inspection performed on: 
express cargo on passenger aircraft bound for the United States; 
air cargo from unknown (cash paying) customers; 
air cargo shipped in or out of locations deemed high-risk by the air 
carrier is inspected via X-ray; 
air cargo bound for passenger flights to the United States are 
inspected via X-ray; 
Color-coded threat assessment system indicates when air cargo should be 
inspected and when other procedures should apply. The color assigned 
(red, amber, or green) is based on the cargo's point of origin, 
destination, and other relevant intelligence information; 
Radiation detection technology is used to inspect cargo transported to 
the United States and differentiate between legitimate and illegitimate 
sources of radiation; 
Canines used to sniff air samples from cargo shipments; 
Freight Forwarders: Freight forwarders, also known as regulated agents, 
are validated by the government and are responsible for conducting 
inspections; 
Canines and decompression chambers are used to inspect cargo that 
cannot be X- rayed; 
Customers are charged a fee when use of decompression chamber is 
required. 

Area of Action: Identification of Known Shippers/ Cosigners; 
Passenger Air Carriers: [Empty]; 
All-Cargo Air Carriers: [Empty]; 
Freight Forwarders: Work with known cosigners to prepare for annual 
audits; new identification numbers are given post-audit to ensure 
security of cosigner identity. 

Area of Action: Employee Security; 
Passenger Air Carriers: Air cargo workers undergo additional and 
stringent background checks, including criminal and employment history 
checks; 
Program provides monetary incentives to employees in order to increase 
employee awareness of access controls, including rewards for reporting 
suspicious individuals; 
All personnel are trained to identify and handle security risks; 
quarterly training is provided to security personnel on a range of 
issues, including security updates and the use of new technology; 
All-Cargo Air Carriers: [Empty]; 
Freight Forwarders: Database tracks training completed by employees; 
employees are not permitted to enter facility if training lapses or 
requirements are not met; 
Managers are required to remain knowledgeable on security policies and 
regulations in destination countries. 

Area of Action: Compiling and Disseminating Air Cargo Data; 
Passenger Air Carriers: Threat information is derived from 
public/private intelligence. This information includes data on the 
sociopolitical/economic conditions of countries; 
Independent risk assessments are conducted based on internal testing to 
identify cargo security weaknesses; 
Representatives from the air carrier industry meet to identify best 
practices in aviation security; 
All-Cargo Air Carriers: Annual audits of carrier facilities are 
conducted using an online questionnaire; facilities undergo a 
certification process that is linked to the audits; 
Security incident database tracks worldwide security issues; 
Freight Forwarders: Manifest information is provided to CBP earlier 
than is required by CBP. 

Area of Action: Physical Security and Access Controls; 
Passenger Air Carriers: Truck drivers entering carrier facilities to 
deliver air cargo are escorted by an airline representative at all 
times; 
Security guards control access to freighters at every stop made by the 
aircraft; 
Secured cart system transports cargo within cargo storage facility; 
Pallets are locked and sealed in a completely enclosed chain-like 
container after they are built to prevent the possibility of tampering; 
Biometric badge required to gain access to secured areas; 
All-Cargo Air Carriers: All employees/visitors are required to pass 
through a metal detector before entering/exiting cargo facility; 
Assessments are conducted of security conditions in foreign 
destinations where staff are located; armed security personnel are 
assigned to those locations deemed high risk; 
High-tech camera and surveillance system monitor all-cargo areas 24 
hours a day; 
Biometric identification system that scans the hand to grant access air 
carrier facilities and cargo areas; 
Strategic placement of air cargo in the aircraft to secure the cockpit 
and minimize the potential for a hijacking by a stowaway; 
Freight Forwarders: Monthly internal audits of cargo facilities, 
including testing of access controls to identify security weaknesses; 
Seals and plastic straps are applied to all cargo crates, containers, 
and boxes to prevent tampering; 
Cargo is consolidated whenever possible into larger units and sealed 
with steel banding to limit the possibility of tampering; 
Only authorized company employees are permitted to pick up, pack, and 
transport cargo to cargo facilities and the airport; 
Fingerprints and photographs of all truck drivers that transport cargo 
are taken, kept on file, and used to authorize access. 

Area of Action: Cargo Acceptance; 
Passenger Air Carriers: Refusal of all express cargo brought directly 
to the ticketing or check-in counter by an unknown shipper; 
Palletized cargo is refused unless airline security personnel are 
present when pallet is built; 
All-Cargo Air Carriers: Thorough security review is conducted of 
potential customers prior to acceptance of their business or cargo; 
Freight Forwarders: Refusal of improperly documented that could pose a 
potential security threat; 
Refusal of express cargo brought directly to the counter; 
Refuse all inbound and outbound cargo from unknown shippers. 

Area of Action: Air Cargo Technology Testing; 
Passenger Air Carriers: Examining use of inspection technology capable 
of detecting traces of explosives; 
All-Cargo Air Carriers: Pilot testing the use of bees to detect 
explosive traces in air cargo shipments; 
Freight Forwarders: [Empty]. 

Source: GAO analysis of industry efforts to secure air cargo that 
differ from those implemented in the United States. 

[End of table] 

[End of section] 

Appendix VII: Actions We Identified That Select Foreign Governments Are 
Taking to Secure Air Cargo: 

Actions Taken by Select Foreign Governments to Secure Air Cargo. 

Cargo Inspection; 
Methods and Technology; 
* Twenty-four hour holding period used as form of inspection; 
* Random selection of inspection methods to avoid detection of 
inspection patterns; 
* Canines used to sniff air samples from air cargo shipments-Remote Air 
Sampling for Canine Olfaction (RASCO); 
Performing Entity; 
* Government, airport, or freight forwarder representatives are 
responsible for inspecting air cargo; 
* Military police conduct air cargo inspections; 
Inspection Focus; 
* One hundred percent of unknown cargo loaded on either passenger or 
all-cargo aircraft is physically inspected; 
* No differentiation between cargo placed on passenger aircraft versus 
all-cargo aircraft in regards to type or degree of inspection; 
* Unknown cargo that undergoes inspection becomes known and is 
permitted on passenger aircraft; 
* No, or limited number of, air cargo inspections exemptions; 
* Palletized cargo from unknown shippers, broken up, inspected, and re-
palletized before being loaded unto aircraft. 

Regulated Agents and Shippers; 
* Process to become a regulated agent is strict and costly; 
decertification for unsatisfactory performance; 
* Third-party validation required to become a known shipper/consignor; 
annual third-party compliance inspections conducted of known shippers/ 
cosigners; 
Regulated agents are validated by aviation authority prior to 
regulating and auditing shippers and conducting inspections of air 
cargo. 

Employee Security; 
* Air cargo handlers and workers attend government- certified schools 
to receive mandatory training in air cargo security awareness and 
quality control; 
* Air cargo workers undergo background checks that include a criminal 
history records check before being granted access to cargo facilities; 
Air cargo workers must be of native descent to be hired. 

Screening Air Cargo Data; 
* Developing multicountry database containing information on all known 
consignors and regulated agents to facilitate the exchange of 
information among countries. 

Physical Security and Access Controls; 
To Aircraft and Cargo; 
* Security personnel accompany and surround aircraft upon landing to 
guard aircraft and its contents, including cargo; 
* Cargo is stored in secured terminal facility, located within a 
"restricted" area of the airport; 
* All individuals accessing cargo facilities are required to pass 
through a walk-through metal detector; 
To Cargo Facilities; 
* Biometric technologies used to control access to cargo facilities; 
* Government personnel conduct testing and attempt to gain access to 
cargo warehouses/facilities; if successful, all cargo in the breached 
facility is considered unknown and must be inspected before being 
loaded unto aircraft. 

Technology Certification and Funding; 
* Government and airport authority subsidize the costs of purchasing X-
ray equipment to inspect air cargo. 

Source: GAO analysis of foreign government efforts to secure air cargo 
that differ from those implemented in the United States. 

[End of table] 

[End of section] 

Appendix VIII: Comments from the Department of Homeland Security: 

U.S. Department of Homeland Security: 
Washington, DC 20528: 

April 19, 2007: 

Ms. Cathleen A. Berrick: 
Director: 
Homeland Security and Justice Issues: 
U.S. Government Accountability Office: 
441 G Street, NW: 
Washington, DC 20548: 

Dear Ms. Berrick: 

Thank you for the opportunity to review and comment on the Government 
Accountability Office's (GAO's) draft report GAO-07-660 entitled, 
Aviation Security: Federal Efforts to Secure U.S. Bound Air Cargo Are 
in the Early Stages and Could be Strengthened. 

We appreciate the analysis GAO has done over the past 16 months to 
reflect on our program development and for recognizing our progress in 
strengthening the Nation's air cargo security. The Department of 
Homeland Security (DHS) generally concurs with the report and 
recommendations. 

The threat of a terrorist exploiting vulnerability within the air cargo 
supply chain is real. Addressing this threat is a high priority for 
DHS, and the activities taken to improve significantly procedures and 
the security layers for air cargo the last two years highlight that 
commitment. At the same time, the movement of cargo via air, onboard 
both passenger and all-cargo aircraft, represents a critical component 
of global and domestic supply chains. Accordingly, the manner and 
extent to which DHS secures the air cargo domain continues to evolve, 
and the balance between security and the flow of commerce is critical 
in this evolution. The complexity of the foreign air cargo environment 
requires thoughtful analysis of alternatives and subsequent trade-offs 
among a wide array of security options. This requires a threat based 
risk management approach that balances the twin goals of enhancing air 
cargo security without unduly impeding the flow of commerce. 

The current air cargo security program has reached a number of 
significant milestones to improve the security of cargo traveling on 
passenger aircraft. In May 2006, the Transportation Security 
Administration (TSA) issued an air cargo security rule and subsequently 
drafted revisions to existing security programs for domestic and 
foreign passenger air carriers and for indirect air carriers. Because 
the Aviation and Transportation Security Act (ATSA) set specific 
milestones for screening cargo and baggage carried aboard passenger 
aircraft, TSA focused first on passenger aircraft. 

Nevertheless, TSA has begun to move out aggressively in creating new 
security programs for domestic and foreign all-cargo carriers. TSA also 
created new security programs for domestic and foreign all-cargo 
carriers. TSA has increased its screening requirements and tightened 
the rules governing shipments believed to be of elevated risk. Finally, 
TSA has eliminated exemptions from screening so that now all cargo is 
subject to some form of screening or detailed authentication procedure. 

To continue the significant progress we have made in air cargo, TSA is 
committed to prioritizing its foreign air cargo security efforts using 
a risk-based management approach. Both government and industry 
recognize that foreign inbound air cargo vulnerabilities must be 
addressed to effectively combat current threats. 

TSA is committed to working with our trading partners and air cargo 
industry stakeholders to enhance foreign inbound air cargo security. In 
October 2006, TSA issued a series of security enhancements through 
Security Directives (SDs) and Emergency Amendments (EAs) which 
eliminated the air cargo screening exemptions to operations within the 
United States. All cargo that was once considered exempt from screening 
is now subject to some method of screening or detailed authentication 
procedure. TSA will continue to work with the International Civil 
Aviation Organization (ICAO) members to raise security standards. 

With regard to ensuring compliance, TSA is in the process of hiring 10 
International Cargo Inspectors, who will eventually be deployed to four 
international field offices. These new Cargo Inspectors will inspect 
all-cargo operations at last points of departure to the United States 
to ensure that they are in compliance with relevant TSA all-cargo 
security programs and applicable SDs or EAs. 

TSA continues to collaborate with Customs and Border Protection (CBP) 
through a number of efforts. CBP is a member of the TSA-led Aviation 
Security Advisory Committee (ASAC) Air Cargo Working Group. CBP is 
assisting TSA in exploring the feasibility of implementing a voluntary 
government-business initiative built on cooperative relationships that 
strengthen and improve security throughout the air cargo supply chain. 
CBP's Customs-Trade Partnership against Terrorism (C-TPAT) is an 
excellent template for development of TSA government-business 
initiatives. TSA worked closely with CBP to incorporate lessons learned 
under the development of CBP's Automated Commercial Environment and 
Automated Targeting System (ATS) in order to avoid duplication of 
effort during development of the Freight Assessment System (FAS). This 
will allow TSA to better identify air cargo that poses an elevated 
security risk and enable TSA to target additional resources for 
screening. 

Your recommendations will help DHS develop a comprehensive risk-based 
approach for securing the foreign air cargo transportation system. We 
generally concur with your recommendations and have already taken steps 
to address some of them. 

The draft report's first two recommendations are directed to both CBP 
and TSA. Their composite response is as follows: 

Recommendation 1: Develop a risk-based strategy, either as part of the 
existing air cargo strategic plan or as a separate plan, to address 
inbound air cargo security, including specific goals and objectives for 
securing this area of aviation security. This strategy should clearly 
define TSA's and CBP's responsibilities for securing inbound air cargo, 
as well as how the agencies should coordinate their efforts to ensure 
that all relevant areas of inbound air cargo security are being 
addressed, particularly as they relate to mitigating the threat posed 
by weapons of mass destruction. 

Response: CBP is in the preliminary stages of developing its Air Cargo 
Security Strategic Plan. In 2006, CBP conducted surveys and on-site 
visits to assess current CBP air cargo enforcement operations. 
Additionally, in January 2007 a two-week workshop was conducted with 
CBP subject matter experts to facilitate the development of the 
strategic plan in accordance with GAO requirements (GAO-04-408T). As a 
result, CBP has developed a draft plan, which includes goals and 
objectives. The following is a general outline of the stated goals in 
the draft plan: 

* Goal l - Advanced Knowledge: Capture accurate advance information to 
effectively screen air cargo shipments. 

* Goal 2 - Effective Risk Management: Accountability and reconciliation 
of all "high-risk" air cargo shipments arriving from foreign 
destinations. 

* Goal 3 - Enriched Partnerships: Develop and enhance partnerships to 
strengthen air cargo security while continuing to facilitate the 
movement of legitimate trade. 

* Goal 4 - Enhance Enforcement Capabilities: Control, inspect and 
interdict all air cargo that may pose a threat to national security of 
the United States. 

To date, the draft plan is under development. CBP is coordinating with 
TSA in the refinement of the Air Cargo Security Strategic Plan. Current 
efforts include discussions with TSA management and the review of 
relevant information in the classified TSA air cargo threat assessment. 
Lastly, collaboration is anticipated during the vetting stage of the 
strategic plan to ensure coordination of efforts and seamless 
implementation. 

TSA plans to revise its Air Cargo Strategic Plan in the third quarter 
of FY 2007, and will consider including a strategy for addressing in- 
bound air cargo from all-cargo aircrafts. TSA will leverage its 
information sharing efforts with CBP, including monthly air cargo 
meetings, Aviation Security Advisory Committee (ASAC) Air Cargo Working 
Group partnership, and CBP's sharing of its Air Cargo Security 
Strategic Plan to develop a risk-based strategic plan for in-bound air 
cargo security. 

Recommendation 2: Develop a systematic process for sharing information 
between TSA and CBP that could be used to strengthen the department's 
efforts to enhance the overall security of inbound air cargo, 
including, but not limited to, information on the results of TSA 
inspections of air carrier compliance with TSA inbound air cargo 
security requirements and TSA assessments of foreign airports' 
compliance with international air cargo security standards. 

Response: CBP and TSA plan to meet monthly on these issues. An initial 
introductory meeting was conducted on Jan 17, 2007 at TSA HQ. CBP 
management met with TSA's new General Manager for Cargo Transportation, 
and discussed each others role in the air cargo security arena and how 
CBP and TSA could work more collaboratively in the future. This meeting 
was followed up on February 2, 2007 in which representatives from DHS, 
TSA and CBP met to discuss air cargo security strategy. 

Topics of discussion included: 

* Proposed DHS definition of terms for screen, scan & inspection: 

* Advanced cargo manifest information prior to arrival: 

* Steps that TSA and CBP could take to work more collaboratively in the 
domestic and international air cargo arenas: 

* GAO's findings - international air cargo audit: 

* TSA's certified shipper vetting criteria and process: 

* TSA's Freight Assessment System (FAS): 

* CBP's Customs Trade Partnership Against Terrorism (C-TPAT) Program: 

* CBP's Automated Targeting System: 

CBP and TSA plan to hold these monthly meetings to maintain 
communication, momentum and to continue the positive steps of working 
together in the air cargo security environment. However, the two 
components have previously been collaborating on air cargo security 
initiatives and efforts through their ongoing participation in the 
Aviation Security Advisory Committee Air Cargo Working Group. Also, 
another specific area for collaboration has been CBP's Automated 
Targeting System and TSA's Freight Assessment System (FAS). CBP and TSA 
have been sharing lessons learned, and providing input into the 
development of these systems for three years. Additionally, TSA and CBP 
have recently been collaborating on the development of TSA's Certified 
Shipper (CS) program. TSA recognizes that CBP's C-TPAT program may 
include some elements similar to the proposed CS program, and will 
continue to partner with CBP to include those elements and lessons 
learned in the development of the program. 

With respect to those recommendations that were directed solely to TSA: 

Recommendation 3: Establish a methodology and time frame for completing 
assessments of inbound air cargo vulnerabilities and critical assets, 
and use these assessments as a basis for prioritizing the actions 
necessary to enhance the security of inbound air cargo. 

Response: TSA recognizes that assessments of inbound air cargo 
vulnerabilities and critical assets can assist in the prioritization of 
programs and initiatives developed to enhance air cargo security. TSA 
has taken the initial steps to develop a methodology and a framework to 
address this issue in partnership with a working group of aviation 
security stakeholders. 

One specific program designed to complete these assessments is the Air 
Cargo Vulnerability Assessment, which is currently underway at three 
U.S. airports. The scope of these assessments is to identify weaknesses 
in the domestic air cargo supply chain. Functional security 
requirements will be developed to mitigate any weaknesses identified 
through the program. After the completion of these assessments TSA will 
pursue partnership opportunities with foreign countries to assess 
inbound cargo. 

Similarly, TSA has dedicated International Aviation Security Inspectors 
(I-ASIs), who perform inspections of international carriers to ensure 
compliance with TSA cargo regulations, at many domestic and foreign 
airports. TSA recognizes this vulnerability to air cargo security and 
is hiring 10 International Cargo Inspectors to inspect all-cargo 
operations at last point of departure to the United States. 

Recommendation 4: Establish a time frame for completing the assessment 
of whether existing inspection exemptions for inbound air cargo pose an 
unacceptable vulnerability to the security of air cargo, and take 
steps, if necessary, to address identified vulnerabilities. 

Response: TSA recognizes that screening exemptions for air cargo pose a 
risk to the security of air cargo and will work as quickly as 
practicable to complete the vulnerability assessment. Toward that end, 
TSA has already taken a number of steps. For example, in October 2006, 
TSA issued a series of security enhancements in the form of a Security 
Directive (SDI 544-06-04A) removing air cargo screening exemptions for 
flights departing from and operating within the United States. For such 
flights, all cargo that was once considered exempt from screening is 
now subject to some form of screening or detailed authentication 
procedure. TSA will continue to work with ICAO members in conducting a 
vulnerability assessment and subsequently raising international 
security standards. 

Recommendation 5: Develop and implement an inspection plan that 
includes performance goals and measures to evaluate foreign and 
domestic air carrier compliance with inbound air cargo security 
requirements. 

Response: TSA recognizes the importance of evaluating air carrier 
compliance using performance measures and goals. TSA inspectors embark 
on rigorous inspection procedures on air carriers all over the world, 
including a focus on carriers with perceived risk and non-compliant 
histories. TSA international and domestic field offices establish 
comprehensive inspection schedules for field staff to visit air 
carriers based on risk factors, inspection histories, and security 
determinations. 

TSA establishes schedules to inspect air carriers based on several 
factors including the perception of the risk posed by the air carrier 
based on a risk-based methodology. 

Additionally, TSA is hiring 10 International Cargo Inspectors, which 
will be deployed to four international field offices. These new Cargo 
Inspectors will inspect all-cargo operations at last points of 
departure to the United States to ensure that they are in compliance 
with relevant all-cargo security programs and applicable SDs or EAs. To 
assess international all-cargo carrier's compliance to TSA security 
requirements, TSA will conduct annual inspections of all-cargo carriers 
operating at last points of departure to the United States. TSA will 
track the progress on these inspections utilizing the tracking system 
developed for the Foreign Airport Assessment Program. 

Recommendation 6: In collaboration with foreign governments and the 
U.S. air cargo industry, compile and analyze information on air cargo 
security practices used abroad to identify those that may strengthen 
the department's overall air cargo security program, including 
assessing whether the benefits that these practices could provide in 
strengthening the security of the United States and inbound air cargo 
supply chain are cost-effective, without impeding the flow of commerce. 

Response: TSA recognizes the importance of collaborating with foreign 
governments and U.S. industry stakeholders to identify best practices 
and lessons learned for enhancing air cargo security. Specifically, TSA 
has taken significant steps to increase collaboration with foreign 
governments and industry, including extensive consultations with United 
Kingdom and Irish aviation officials to better understand their air 
cargo security practices, particularly their Known Consignor programs. 
Further, as part of the US/EU Transportation Security Cooperation 
Group, there is an air cargo workstream initiative to harmonize 
security measures to the extent possible. This collaboration will help 
TSA develop the Certified Shipper (CS) program, which will assist in 
its 3-year strategy to achieve 100 percent screening of cargo on 
passenger aircraft. 

TSA also actively participates in the U.S./Canada Transportation 
Security Cooperative Group to share lessons learned and improve air 
cargo security between the two countries. 

Additionally, TSA is continuing to build relationships with foreign 
government associations, including: 

* Building relationships with European Union countries through multiple 
collaborative meetings both here at TSA and overseas; and: 

* Forming partnerships with Association of Southeast Asian Nations 
(ASEAN) countries through a visit and presentation to an ASEAN aviation 
security conference. 

The security of the nation's air cargo system and TSA benefit greatly 
from our collaboration with U.S. industry. Specifically, TSA convenes 
and facilitates the Aviation Security Advisory Committee (ASAC) Air 
Cargo Working Group to partner with important air cargo supply chain 
stakeholders on new initiatives and existing programs and pilots. 
Additionally, TSA meets regularly with representatives from the 
International Air Transport Association (a trade association that 
represents and serves the airline industry world-wide) to discuss 
ongoing and emerging air cargo security initiatives. 

The Department has already begun making progress implementing GAO's 
recommendations. This progress demonstrates our commitment to continual 
improvement to ensure the security of the traveling public. 

Thank you again for the opportunity to comment on this draft report and 
we look forward to working with you on future homeland security issues. 

Sincerely, 

Signed by: 

Steven J. Pecinovsky: 
Director: 
Departmental GAO/OIG Liaison Office: 

[End of section] 

Appendix IX: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

Cathleen A. Berrick, (202) 512-3404: 

Acknowledgments: 

In addition to the contact named above, John C. Hansen, Assistant 
Director; Susan Baker; Charles W. Bausell; Katherine Davis; Jennifer 
Harman; Richard Hung; Cathy Hurley; Tom Lombardi; Jeremy Manion; Linda 
Miller; Steve D. Morris; and Meg Ullengren made key contributions to 
this report. 

FOOTNOTES 

[1] A weapon of mass destruction could include nuclear, biological, 
chemical, or radiological devices. For the purposes of this report, the 
term "weapon of mass destruction" also encompasses weapons of mass 
effect or scenarios that could result in a great loss of life and 
destruction. 

[2] DHS and Department of Transportation, National Strategy for 
Transportation Security, 2005. Other aviation assets identified as 
being at significant risk of terrorist attack include passenger 
aircraft operations, major and midsized airport facilities, general 
aviation aircraft operations and airports/airfields near major urban 
areas, and critical national airspace system infrastructure. DHS is 
required to update its National Strategy for Transportation Security, 
and planned to update it for submission to Congress by the end of 2006, 
and every 2 years thereafter. However as of February 2007 it had not 
been updated. 

[3] Aviation and Transportation Security Act, Pub. L. No. 107-71, 115 
Stat. 597 (2001). See 49 U.S.C. §§ 114(a), 44901(a). 

[4] The terms "inspecting" and "screening" have been used 
interchangeably by TSA to denote some level of examination of a person 
or good, which can entail a number of different actions, including 
manual physical inspections to ensure that cargo does not contain 
weapons, explosives, or stowaways, or inspections using nonintrusive 
technologies that do not require the cargo to be opened in order to be 
inspected. For the purposes of this report, the term "screening" is 
used when referring to TSA or CBP efforts to apply a filter to analyze 
cargo related information to identify cargo shipment characteristics or 
anomalies for security risks. Moreover, for the purposes of this 
report, we use the term "inspection" to refer only to air carrier, TSA, 
or CBP efforts to examine air cargo through physical searches and the 
use of nonintrusive technologies. 

[5] Cargo transported by air within the United States is referred to as 
domestic air cargo, and cargo transported by air from the United States 
to a foreign location is referred to as outbound air cargo. 

[6] CBP aids in the enforcement of law and regulations of non-DHS 
agencies. For example, CBP regulates the entry of sugar into the United 
States. (see 7 U.S.C. §§ 3601-04, pertaining to the U.S. Department of 
Agriculture), assists in the enforcement of the Bank Secrecy Act (see 
12 U.S.C. §§ 1951-59, pertaining to the U.S. Department of the 
Treasury), and aids in the enforcement of regulations related to safety 
standards for the transportation of hazardous materials (see 49 U.S.C. 
§§ 5101-28, pertaining to the U.S. Department of Transportation). 

[7] In this report, the term "targeting" refers to the use of 
information obtained from the screening process to identify high-risk 
air cargo shipments for inspection. 

[8] DHS determined that the exact percentage of air cargo physically 
screened or inspected is Sensitive Security Information. 

[9] See Pub. L. No. 108-334, § 513, 118 Stat. 1298, 1317 (2004). 

[10] See Pub. L. No. 108-458, §§ 4051-54, 118 Stat. 3638, 3728-29 
(2004). 

[11] GAO, Aviation Security: Federal Action Needed to Strengthen 
Domestic Air Cargo Security, GAO-06-76 (Washington, D.C.: October 
2005). 

[12] The security of cargo transported from the United States to other 
countries, referred to as outbound air cargo, is subject to similar 
security requirements and procedures that apply to domestic air cargo. 
Because these security measures were addressed in our October 2005 
report (GAO-06-76), they are not included in this report except in our 
discussion of how foreign air cargo security measures could be 
considered for strengthening domestic air cargo. 

[13] "Air carriers" refers to both foreign and U.S.-based passenger air 
carriers whose aircraft have been configured to accommodate both 
passengers and cargo, and all-cargo carriers whose aircraft transport 
only cargo. 

[14] For the purposes of this report, the term "air cargo security 
practices" collectively refers to requirements, standards, processes, 
and measures aimed at securing air cargo. 

[15] A freight forwarder is an entity that consolidates air cargo 
shipments and delivers them to air carriers. 

[16] DHS determined that details on the types of inbound air cargo 
transported on passenger and all-cargo aircraft exempt from TSA 
inspection requirements are considered Sensitive Security Information. 
A description of these exemptions is provided in the restricted version 
of this report, GAO-07-337SU. 

[17] DHS determined that other examples of air carriers' efforts to 
secure air cargo are Sensitive Security Information. Information on 
these examples is provided in the restricted version of this report, 
GAO-07-337SU. 

[18] The International Civil Aviation Organization defines a regulated 
agent as an agent, freight forwarder, or any other entity that conducts 
business with an aircraft operator and provides security controls that 
are accepted or required by the appropriate government authority with 
respect to cargo or mail. 

[19] Other federal entities involved in securing or safeguarding air 
cargo include the Department of Homeland Security-U.S. Customs and 
Border Protection, the United States Postal Service, the Department of 
Commerce, the Department of Transportation, and the Department of the 
Treasury. 

[20] Foreign air carriers landing or taking off in the United States 
must adopt and use a TSA-approved security program that requires 
adherence to the identical security measures required of U.S. air 
carriers serving the same airports. See 49 U.S.C. § 44906. TSA 
regulations provide that a foreign air carrier security program will 
only be deemed acceptable if it provides passengers a level of 
protection similar to the level of protection provided by U.S. air 
carriers serving the same airports. See 49 C.F.R. § 1546.103(a)(1). For 
example, a foreign air carrier must prohibit cargo from being loaded on 
board its aircraft unless handled in accordance with the foreign air 
carrier's TSA-approved security program. 

[21] As of January 2007, TSA security programs include the (1) Aircraft 
Operator Standard Security Program, which applies to domestic passenger 
air carriers; (2) Indirect Air Carrier Standard Security Program, which 
applies to domestic indirect air carriers; (3) Domestic Security 
Integration Program, a voluntary program that applies to domestic all- 
cargo carriers; (4) Twelve-Five Program, which applies to certain 
operators of aircraft weighing more than 12,500 pounds in scheduled or 
charter service that carry passengers, cargo, or both; (5) Model 
Security Program, which applies to foreign passenger air carriers; and 
(6) All-Cargo International Security Procedures, which applies to each 
foreign air carrier engaged in the transportation of cargo to, from, 
within, or overflying the United States in all-cargo aircraft with a 
maximum certified takeoff weight of more than 12,500 pounds. TSA 
drafted new security programs for foreign and U.S. all-cargo carriers 
with operations to, from, and within the United States. TSA expects to 
finalize these programs in early 2007. 

[22] Explosive trace detection (ETD) equipment requires human operators 
to collect samples of items to be inspected with swabs, which are 
chemically analyzed to identify any traces of explosive material. 
Explosive detection systems use probing radiation to examine objects 
inside baggage and identify the characteristic signatures of threat 
explosives. Certified explosive detection canine teams have been 
evaluated by TSA and shown to effectively detect explosive devices. 
Decompression chambers simulate the pressures acting on aircraft by 
simulating flight conditions, which cause explosives that are attached 
to barometric fuses to detonate. 

[23] DHS determined that details on the percentage of air cargo 
required to be randomly inspected are considered Sensitive Security 
Information. Information on the percentage of air cargo randomly 
inspected is provided in the restricted version of this report, GAO-07- 
337SU. 

[24] DHS determined that details on the types of inbound air cargo 
transported on passenger and all-cargo aircraft exempt from TSA 
inspection requirements are considered Sensitive Security Information. 
A description of these exemptions is provided in the restricted version 
of this report, GAO-07-337SU. 

[25] Unlike its domestic air cargo inspection program, TSA's inbound 
air cargo security program does not include a covert testing component 
to identify air cargo security weaknesses. TSA officials stated that 
foreign governments do not allow the agency to conduct such tests. 

[26] 49 U.S.C. § 44907(a)(1). TSA assumed responsibility for conducting 
foreign airport assessments from the Secretary of Transportation (as 
delegated to the Federal Aviation Administration) in accordance with 
the Aviation and Transportation Security Act, enacted in November 2001. 
See 49 U.S.C. § 114(d). TSA conducts these assessments utilizing a 
standard for analysis based, at least, on the standards and appropriate 
recommended practices of Annex 17 to the Convention on International 
Civil Aviation. § 44907(a)(2). The Secretary of Homeland Security 
determines whether an airport maintains and carries out effective 
security measures using the results of TSA's assessments. See § 
44907(c). 

[27] See 19 C.F.R. § 122.48a (implementing a provision of the Trade Act 
of 2002, Pub. L. No. 107-210, § 343, 116 Stat. 933, 981-83, as amended, 
requiring the electronic submission of inbound cargo information prior 
to arrival in the United States). 

[28] See 19 U.S.C. § 1629. 

[29] See 19 U.S.C. §§ 482, 1467, 1499, 1581, and 1582. 

[30] Historically, CBP has been responsible for interdicting and 
seizing contraband and illegal drugs. CBP targets and inspects cargo on 
behalf of 16 other federal agencies, including the U.S. Dept. of 
Agriculture, the Food and Drug Administration, Bureau of Alcohol, 
Tobacco, Firearms and Explosives, and the Drug Enforcement Agency. 

[31] CBP defines an inspection as a physical examination and/or the 
imaging of cargo using non-intrusive inspection technology to identify 
contraband and terrorist-related items. 

[32] DHS determined that details on the type of shipment information 
used by ATS to assign a risk score to air cargo shipments are 
considered Sensitive Security Information. A description of the 
shipment information used by ATS is discussed in the restricted version 
of this report, GAO-07-337SU. 

[33] Pursuant to the Trade Act of 2002, as amended, CBP established 
time frames in which air carriers are required to electronically submit 
air cargo manifest information. See 19 C.F.R. § 122.48a(b). Air 
carriers departing from any foreign location in the Americas, including 
Mexico, Central America, and areas of South America north of the 
equator, must submit manifest information no later than the time of 
flight departure (the time at which wheels are up on the aircraft and 
the aircraft is en route directly to the United States.) In the case of 
air carriers departing from any other foreign location, CBP requires 
that manifest information be submitted 4 hours prior to the flight's 
arrival in the United States. 

[34] Officers who are members of CBP's Anti-terrorism Contraband 
Enforcement Teams specialize in targeting and examining inbound air 
cargo shipments to identify potential contraband and terrorist-related 
items. 

[35] CBP also conducts inspections based on specific, usually 
classified, intelligence that points to a specific threat and directs 
field officers in specific airports to take certain actions. The 
results of field officer efforts may be analyzed and shared with the 
intelligence community. These inspections are not part of CBP's routine 
efforts to address ongoing air cargo threats associated with the 
smuggling of contraband or WMD. 

[36] The pallet VACIS unit consists of a self-contained gamma ray 
imaging system designed to quickly image pallets or pallet-sized 
containers. A mobile VACIS, similar to pallet VACIS unit consists of a 
truck-mounted, gamma ray imaging system that produces a radiographic 
image used to evaluate the contents of trucks, containers, cargo, and 
passenger vehicles in order to determine the possible presence of 
contraband. 

[37] The SAFE Port Act, enacted in October 2006, specifically 
authorized the Secretary of Homeland Security, acting through the 
Commissioner of CBP, to establish the C-TPAT program in accordance with 
requirements set forth in the law. Security and Accountability for 
Every (SAFE) Port Act of 2006, Pub. L. No. 109-347, §§ 211-223, 120 
Stat. 1884, 1909-15. 

[38] In May 2005, CBP began using a three-tiered approach in providing 
C-TPAT participants with benefits. Under this approach, air carriers' 
benefits, including a reduction in their risk score, increase based on 
(1) whether the carriers are certified,(2) whether they are validated, 
and (3) whether they are implementing security requirements that exceed 
minimum guidelines. 

[39] DHS determined that details on the information CBP uses to 
prioritize which C-TPAT participants should be validated are Sensitive 
Security Information. A description of this information is included in 
the restricted version of this report, GAO-07-337SU. 

[40] Although adopting these standards is voluntary, in the sense that 
each contracting state signs onto the convention of its own accord, a 
state may face consequences for not adopting and following the ICAO 
standards. For example, if a state does not amend its own regulations 
or practices in light of amendments to the ICAO standards, all other 
states will be notified of the difference existing between the 
international standards and the corresponding national practice of the 
state. Similarly, TSA is authorized under U.S. law to conduct foreign 
airport assessments using, at least, the ICAO standards and appropriate 
recommended practices to determine if the airport maintains and carries 
out effective security measures, and to take appropriate actions in the 
event the airport does not maintain effective security measures. See 49 
U.S.C. § 44907. 

[41] A known shipper is an individual or business with an established 
history of shipping cargo on passenger carriers. 

[42] National Commission on Terrorist Attacks upon the United States, 
The 9/11 Commission Report: Final Report of the National Commission on 
Terrorist Attacks upon the United States (Washington, D.C.: 2004). The 
9/11 Commission was an independent, bipartisan commission established 
in late 2002, to prepare a complete account of the circumstances 
surrounding the September 11 terrorist attacks, including preparedness 
for and the immediate response to the attacks. The commission was also 
mandated to provide recommendations designed to guard against future 
attacks. 

[43] The Intelligence Reform and Terrorism Prevention Act of 2004 
requires the Secretary of Homeland Security to develop, prepare, 
implement, and update, as needed a National Strategy for Transportation 
Security and transportation modal security plans. See Pub. L. No. 108- 
458, § 4001, 118 Stat. 3638, 3710-12 (codified at 49 U.S.C. §§ 114(t), 
44904(c)-(d)). 

[44] GAO-06-76. 

[45] In 2006, DHS reorganized the Information Analysis and 
Infrastructure Protection Directorate and moved its functions to the 
Office of Intelligence and Analysis and Office of Infrastructure 
Protection. 

[46] DHS designated TSA as the lead agency for addressing HSPD-7 as it 
relates to securing the nation's transportation sector. The Department 
of Transportation also has a collaborative role for addressing HSPD-7. 

[47] U.S. Department of Homeland Security, TSA's Air Cargo Strategic 
Plan, November 2003. 

[48] According to CBP officials, CBP provided TSA with information on 
CBP's targeting efforts and systems to assist TSA in the development of 
a system to target domestic air cargo for inspection. However, 
according to CBP officials, TSA has not sought further assistance from 
CBP on developing a targeting system for domestic air cargo. 

[49] DHS determined that examples of the specific challenges TSA may 
face in addressing inbound air cargo security are considered Sensitive 
Security Information. A description of the specific challenges TSA may 
face is included in the restricted version of this report, GAO-07- 
337SU. In July 2006, DHS issued its goals and priorities to be achieved 
prior to January 2009. The department identified protecting air cargo 
transported on passenger aircraft as one of its top priorities, and 
called for the implementation of a system to protect against hidden 
explosives devices in air cargo transported on passenger aircraft by 
the end of 2007. Although the goals and priorities do not specify 
whether they apply to domestic, inbound, or outbound air cargo, TSA 
officials stated that they apply only to domestic air cargo. 

[50] DHS determined that details on the potential vulnerability are 
considered sensitive security information. Information on the potential 
vulnerabilities is discussed in the restricted version of this report, 
GAO-07-337SU. 

[51] TSA's Office of Intelligence, formerly known as TSIS, does not 
independently gather intelligence information but rather produces 
threat assessments using available intelligence from sources such as 
DHS's Directorate of Intelligence and Analysis, the Federal Bureau of 
Investigation, and the Central Intelligence Agency. The details of 
TSA's threat assessment are classified. 

[52] DHS defines "threat" as the capabilities (demonstrated and 
theoretically feasible) of terrorist organizations/affiliates to 
attack/damage/destroy critical infrastructure such as transportation 
assets, coupled with the intentions (both demonstrated and articulated 
publicly) to actually perpetrate these attacks. 

[53] According to CBP, mitigating the threat of a WMD entering the 
United States via any transportation mode is its priority mission. 
According to CBP officials, CBP will not conduct its own air cargo 
specific threat assessment, but rather rely on TSA's air cargo threat 
assessments and information obtained from the Central Intelligence 
Agency. 

[54] In April 2005, TSA briefed a congressional committee on the 
threats to the nation's entire transportation sector, including 
aviation. The briefing included a threat matrix that ranked the risk 
associated with the different transportation modes and showed threats 
to air cargo that were consistent with previous TSA threat assessments. 

[55] At a departmental level, DHS does not have any efforts under way 
specifically aimed at assessing the vulnerabilities of inbound air 
cargo. However, agency officials stated that the Office of 
Infrastructure Protection, an office within DHS charged with 
coordinating national critical infrastructure protection efforts, is 
coordinating with TSA on conducting risk assessments associated with 
U.S. airports. 

[56] DHS determined that examples of inbound air cargo security 
vulnerabilities are Sensitive Security Information. Examples of inbound 
air cargo security vulnerabilities are discussed in the restricted 
version of this report, GAO-07-337SU. In our October 2005 report on 
domestic air cargo security, we cited air cargo system vulnerabilities 
related to the adequacy of background investigations for persons 
handling cargo, the possible tampering with cargo during land transport 
to the airport or at the cargo handling facilities of air carriers and 
freight forwarders, and the illegal shipments of hazardous materials. 
See GAO-06-76. 

[57] TSA's rule sets forth domestic air cargo security requirements, 
such as requiring airports to expand the secure identification display 
area (SIDA)at airports to include areas where cargo is loaded and 
unloaded, and conduct security threat assessments on individuals with 
access to air cargo to assess any terrorist threats from those 
individuals. 

[58] TSA amended this requirement in response to the DHS Appropriations 
Act, 2005, in July 2005. Pub. L. No. 108-334, § 513, 118 Stat. 1298, 
1317 (2004). 

[59] DHS determined that details on the percentage of inbound air cargo 
transported on passenger and all-cargo aircraft required to be 
inspected is Sensitive Security Information. Information on the 
percentage of inbound air cargo required to be inspected is included in 
the restricted version of this report, GAO-07-337SU. 

[60] The AOSSP and MSP also contain new security requirements for 
carriers transporting cargo within the United States and from the 
United States to a foreign location. 

[61] Previously, distinct security programs did not exist for domestic 
and foreign all-cargo carriers. All-cargo carriers, however, were 
required to implement security measures contained in TSA security 
directives and emergency amendments. Some of the proposed requirements 
in the proposed all-cargo security programs are already implemented by 
all-cargo carriers. 

[62] DHS determined that details on the draft requirements contained in 
security programs for passenger and all-cargo carriers that relate to 
inbound air cargo security are Sensitive Security Information. The 
draft requirements are discussed in the restricted version of this 
report, GAO-07-337SU. 

[63] According to TSA, the increased cost estimates contained in the 
final rule were largely due to tripling the percentage of cargo 
passenger air carriers are required to inspect, which was required by 
the DHS Appropriations Act of 2005. 

[64] The inspection exemptions apply to inbound, outbound, and domestic 
air cargo. See GAO-06-76. 

[65] GAO-06-76. 

[66] DHS determined that details on the specific policy changes TSA 
made as a result of the working group are considered Sensitive Security 
Information. A description of these policy changes is provided in the 
restricted version of this report, GAO-07-337SU. 

[67] DHS determined that details on the requirements contained in the 
draft security programs for all-cargo carriers are Sensitive Security 
Information. A description of these requirements is provided in the 
restricted version of this report, GAO-07-337SU. 

[68] DHS determined that the specific types of cargo exempted are 
considered Sensitive Security Information. A description of these 
policy changes is provided in the restricted version of this report, 
GAO-07-337SU. 

[69] DHS determined that details on specific vulnerabilities associated 
with inbound air cargo inspection exemptions are Sensitive Security 
Information. A description of the vulnerabilities is provided in the 
restricted version of this report, GAO-07-337SU. 

[70] DHS determined that details on the specific concerns expressed by 
all-cargo air carriers are Sensitive Security Information. A 
description of these concerns is included in the restricted version of 
this report, GAO-07-337SU. 

[71] In an October 20, 2005, meeting with a wide range of industry 
stakeholders, TSA announced its intent to review current policies and 
processes. During a follow-on meeting held November 9, 2005, with 
corporate security representatives from most of the major passenger air 
carriers, TSA continued that dialogue and specifically addressed the 
need to reevaluate the rationale for existing inspection exemptions. 

[72] DHS determined that the specific actions TSA is taking to address 
this issue are considered Sensitive Security Information. These actions 
are discussed in the restricted version of this report, GAO-07-337SU. 

[73] TSA compliance inspections are fundamentally different from air 
carriers' inspections of air cargo. TSA inspections are designed to 
ensure air carrier compliance with air cargo security requirements, 
while air carrier inspections focus on ensuring that air cargo does not 
contain an improvised explosive device or human stowaway. 

[74] International field office officials stated that these inspections 
may occur in conjunction with a foreign airport assessment. 

[75] The Government Performance and Results Act of 1993, Pub. L. No. 
103-62, 107 Stat. 285, as amended, focuses the federal government on 
providing objective, results-oriented information to improve the 
efficiency and effectiveness of federal programs, among other things. 
Under GPRA, developing performance goals and measures is a component of 
results-oriented management. See 31 U.S.C. § 1115. 

[76] GAO, Internal Control Management and Evaluation Tool, GAO-01-1008G 
(Washington, D.C.: August 2001). 

[77] GAO, The Results Act: An Evaluator's Guide to Assessing Agency 
Annual Performance Plans, GAO/GGD-10.1.20 (Washington, D.C.: April 
1998). 

[78] See 49 U.S.C. § 44907(a)(1). TSA may conduct assessments at 
intervals it considers necessary to ensure that airports maintain and 
carry out effective security measures based, at least, on the standards 
and recommended practices of ICAO Annex 17. See § 44907(a)(2). 

[79] Prior to October 2006, TSA scheduled assessments by categorizing 
airports into two groups. Airports that historically had met or 
exceeded international security standards were assessed once every 3 
years, while airports that did not regularly meet international 
standards or had not been previously assessed were visited annually. 

[80] We are currently conducting an evaluation of TSA's foreign airport 
assessment program and air carrier compliance inspection program, and 
are scheduled to publish a Sensitive Security Information report in 
April 2007. 

[81] In addition to cargo identified through ATS, CBP also performs 
random inspections of cargo through its compliance measurement program. 
According to CBP officials, these inspections are conducted on a 
stratified sample, using data contained in ATS. CBP officials noted 
that the results of the random inspections are compared with the 
results of ATS inspections to improve future targeting efforts. 

[82] See 19 C.F.R. § 122.48a. 

[83] CBP is currently not using ATS, but rather the proprietary systems 
of express consignment couriers, such as UPS and Fed Ex, to target 
inbound air cargo these carriers transport. According to CBP officials, 
CBP officers are provided access to the proprietary systems and inspect 
high-risk shipments identified through these systems. CBP is in the 
process of developing policies and procedures to screen information on 
cargo transported on express consignment couriers through ATS. 

[84] CBP officials added that the knowledge and experience of the CBP 
officer conducting the inspection factors in on the extent to which a 
cargo shipment is inspected. Specifically, the extent to which a cargo 
shipment is inspected depends on what the officer needs to see to feel 
comfortable that the cargo shipment does not pose a threat. 

[85] According to CBP officials, its targeting policy does not apply to 
express consignment couriers that sometimes make a stop at an 
intermediate airport in the United States, prior to its final arrival 
at an all-cargo carrier's hub facility, such as Memphis for FedEx or 
Louisville for UPS. According to CBP, air carrier hubs are adequately 
staffed to conduct air cargo inspections, while intermediate airports 
have limited inspection resources. CBP officials acknowledge the 
importance of developing a targeting policy that specifically applies 
to express consignment couriers and plans to issue such a policy 
sometime during 2007. 

[86] CBP's policy also states that any shipment determined to be 
related to terrorism or terrorist activities, regardless of score, 
should be examined at the first airport of arrival. Factors that may 
contribute to this determination include, but are not limited to, 
national intelligence, a validated exact terrorism match, FBI terrorist 
information, and alerts from a foreign country intelligence service or 
similar factors. 

[87] GAO, Cargo Container Inspections: Further Improvements to the 
Automated Targeting System Are Needed, GAO-06-809SU (Washington, D.C.: 
August 2006), Cargo Container Inspections: Preliminary Observations on 
the Status of Efforts to Improve the Automated Targeting System, GAO- 
06-591T (Washington, D.C.: March, 30, 2006), Homeland Security: 
Challenges Remain in the Targeting of Oceangoing Cargo Containers for 
Inspection, GAO-04-352NI (Washington, D.C.: Feb. 20, 2004), and 
Container Security: A Flexible Staffing Model and Minimum Equipment 
Requirements Would Improve Overseas Targeting and Inspection Efforts, 
GAO-05-557 (Washington, D.C.: April 2005). 

[88] The first four phases of CBP deployment of radiation portal 
monitors include (1) international mail and express courier facilities, 
(2) major northern border crossings, (3) major seaports, and (4) 
southwestern border crossings. 

[89] GAO, Combating Nuclear Smuggling: DHS Has Made Progress Deploying 
Radiation Detection Equipment at U.S. Ports of Entry, but Concerns 
Remain, GAO-06-389 (Washington, D.C.: March 2006). 

[90] The 57 radiation portal monitors do not include those monitors 
deployed at Fed Ex and UPS, both of whom inspect air cargo at their 
overseas facilities as agreed in a memorandum of understanding with 
CBP. 

[91] The current technology pilots do not include tests to identify 
chemical or biological weapons. 

[92] The Conference Report accompanying the Department of Homeland 
Security Appropriations Act, 2006, Pub. L. No. 109-90, 119 Stat. 2064 
(2005), directed $30 million to the Science and Technology Directorate 
to conduct three cargo screening pilot programs testing different 
concepts of operations. See H.R. Conf. Rep. No. 109-241, at 53 (2005). 

[93] Computer-aided tomography is a method of producing a three- 
dimensional image of the internal structures of an object from a large 
series of two-dimensional X-ray images taken around a single axis of 
rotation. 

[94] Homeland Security Presidential Directive 7 (HSPD-7), issued in 
December 2003, defines critical infrastructure protection 
responsibilities for DHS, sector-specific agencies (those federal 
agencies given responsibility for transportation, energy, 
telecommunications, and so forth), and other departments and agencies. 
HSPD-7 specifically directed the Department of Transportation and DHS 
to collaborate on all matters relating to transportation security and 
transportation infrastructure protection. DHS subsequently designated 
TSA as the lead agency for addressing HSPD-7 as it relates to securing 
the nation's transportation sector. 

[95] According to CBP officials, CBP is not currently assisting TSA 
with the development of a system to target domestic air cargo for 
inspection. 

[96] Specifically, these include security practices at 8 foreign 
airports, 4 of which rank among the world's 10 busiest cargo airports, 
and security practices implemented by 7 of the world's 10 largest air 
cargo carriers. 

[97] TSA uses the term "known shipper" to refer to shippers of cargo 
that have met certain criteria established by the agency and have an 
established shipping history with an air carrier or indirect air 
carrier. These entities are also referred to as known consignors in 
other countries. 

[98] These figures may be higher than reported because some countries 
we visited and air carriers we met with were not specific about the 
type of X-ray technology they employ. 

[99] Unlike for RASCO, canines used to physically search cargo storage 
facilities and aircraft can typically work for about 30-minute 
intervals at a time before needing to rest. 

[100] Officials from one foreign passenger air carrier stated that, 
because of unique security concerns, their personnel are required to 
inspect 100 percent of air cargo transported on their aircraft. These 
officials also acknowledged that they are able to inspect 100 percent 
of air cargo because of the small volume of cargo transported in this 
country and the small amount of passenger flights. 

[101] According to European Union Regulation 2320, a regulated agent is 
an agent, freight forwarder, or other entity that conducts business 
with an air carrier and provides security controls that are accepted or 
required by the appropriate authority in respect of cargo, courier, and 
express parcels or mail. In the United States, "indirect air carrier" 
(IAC) is the term used to refer to freight forwarders validated by TSA. 

[102] GAO-06-76. 

[103] An airport's SIDA is not to be accessed by passengers and 
typically encompasses areas near terminal buildings, baggage loading 
areas, and other areas that are close to parked aircraft and airports 
facilities, including air traffic control towers and runways used for 
landing, take off, or surface maneuvering. SIDA security requirements 
include security awareness training for all workers with access to 
area, measures to detect and respond to unauthorized presence in the 
SIDA area, and access controls that meet performance standards (for 
example, proximity cards and personal identification number). 

[104] Under this foreign country's previous validation program, 
shippers could become known if they were validated by a certified 
regulated agent and underwent site and operations inspections at least 
once a year. The cargo from these customers was then considered 
"secure" or "known." In 2003, the country's government introduced a new 
program that removed the responsibility for assessing consignors from 
regulated agents and airlines. Validations have since been carried out 
by independent, government-appointed validators. 

[105] GAO-06-76. 

[106] Recruitment procedures must include a reference check of at least 
5 years, or until the end of full-time education, without gaps. 

[107] Additional information on TSA's Known Shipper program and 
database is contained in our report on domestic air cargo security (GAO-
06-76). 

[108] GAO, Passenger Rail Security: Enhanced Federal Leadership Needed 
to Prioritize and Guide Security Efforts, GAO-05-851 (Washington, D.C.: 
September 2005), and GAO, Aviation Security: Further Steps Needed to 
Strengthen the Security of Commercial Airport Perimeters and Access 
Controls, GAO-04-728 (Washington, D.C.: June 2004). 

[109] DHS, Science and Technology Directorate, "Systems Engineering 
Study of Civil Aviation Security-Phase I," April 7, 2005. 

[110] TSA officials stated that as of October 2006, the agency had 
completed its reexamination of the air cargo security requirements of 
these five countries and confirmed that security procedures were in 
place to meet the requirements. 

[111] See 49 U.S.C. §§ 44903, 44906; see also 49 C.F.R. §§ 1544.3, 
1546.3. 

[112] See 49 U.S.C. § 44906. 

[113] See 49 U.S.C. § 44907(c)-(e). 

[114] According to TSA officials, the concept of reciprocity has been a 
part of TSA's airport assessment program since its inception. 

[115] "Air carriers" refers to both foreign and U.S.-based passenger 
air carriers whose aircraft have been configured to accommodate both 
passengers and cargo and all-cargo carriers whose aircraft transport 
only cargo. 

[116] TSA classifies over 400 commercial airports in the United States 
into one of five categories (X, I, II, III, and IV) based on various 
factors, such as the total number of takeoffs and landings annually and 
other special security considerations. 

[117] DHS determined that information on the specific domestic airports 
we visited is Sensitive Security Information. The domestic airports we 
visited are listed in the restricted version of this report, GAO-07- 
337SU. 

[118] DHS determined that information on the specific international 
airports we visited is sensitive security information. The 
international airports we visited are listed in the restricted version 
of this report, GAO-07-337SU. 

[119] DHS determined that the names of specific countries on whose air 
cargo security practices and requirements we collected information are 
Sensitive Security Information. These countries are identified in the 
restricted version of this report, GAO-07-337SU. 

[120] "Air carrier station" refers to those locations at an airport 
where an air carrier conducts its operations. 

[121] See 49 U.S.C. § 44907 (authorizing TSA to conduct foreign airport 
assessments). 

[122] TSA conducts assessments to determine the extent to which a 
foreign airport effectively maintains and carries out security measures 
using a standard of analysis based at least on the standards and 
appropriate recommended practices contained in ICAO Annex 17. 49 U.S.C. 
§ 44907(a)(2). 

[123] See 49 U.S.C. § 44907(c)-(f). 

[124] H.R. Conf. Rep. No. 109-241, at 53 (2005) (accompanying H.R. 
5441, enacted as the Department of Homeland Security Appropriations 
Act, 2006, Pub. L. No. 109-90, 110 Stat. 2064 (2005)). 

[125] "Throughput" means the amount of cargo screened during a given 
period of time, for example, per hour. 

[126] The Seattle-Tacoma International Airport pilot requires 
technology for stowaway detection that has not been operationally 
tested and evaluated in that environment. According to DHS officials, 
this technology was being acquired as of May 2006. 

[127] Computer tomography generates a three-dimensional image of the 
internals of an object from a large series of two-dimensional X-ray 
images taken around a single axis of rotation. 

[128] Five air carriers have agreed to participate in TSA's EDS Cargo 
Pilot Program. 

[129] GAO, Technology Assessment: Securing the Transport of Cargo 
Containers, GAO-06-68SU, (Washington: DC: January 2006). 

[130] Previous research and development efforts examining blast- 
resistant containers were conducted by the Federal Aviation 
Administration. For more than 10 years the agency examined the 
airworthiness, ground handling, and blast resistance of hardened 
containers. 

[131] See Pub. L. No 108-458, § 4051, 118 Stat. 3638, 3728 (2004), 
authorizing $2 million for the Assistant Secretary of Homeland Security 
(Transportation Security Administration) to carry out this pilot 
program. 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts 
newly released reports, testimony, and correspondence on its Web site. 
To have GAO e-mail you a list of newly posted products every afternoon, 
go to www.gao.gov and select "Subscribe to Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office 441 G Street NW, Room LM 
Washington, D.C. 20548: 

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 
512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S. 
Government Accountability Office, 441 G Street NW, Room 7125 
Washington, D.C. 20548: 

Public Affairs: 

Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800 
U.S. Government Accountability Office, 441 G Street NW, Room 7149 
Washington, D.C. 20548: