This is the accessible text file for GAO report number GAO-11-207 
entitled 'Maritime Security: Ferry Security Measures Have Been 
Implemented, but Evaluating Existing Studies Could Further Enhance 
Security' which was released on December 6, 2010. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

United States Government Accountability Office: 
GAO: 

Report to the Chairman, Committee on Homeland Security, House of 
Representatives: 

December 2010: 

Maritime Security: 

Ferry Security Measures Have Been Implemented, but Evaluating Existing 
Studies Could Further Enhance Security: 

GAO-11-207: 

GAO Highlights: 

Highlights of GAO-11-207, a report to the Chairman, Committee on 
Homeland Security, House of Representatives. 

Why GAO Did This Study: 

Ferries are a vital component of the U.S. transportation system and 
2008 data show that U.S. ferries carried more than 82 million 
passengers and over 25 million vehicles. Ferries are also potential 
targets for terrorism in the United States and have been terrorist 
targets overseas. GAO was asked to review ferry security, and this 
report addresses the extent to which (1) the Coast Guard, the lead 
federal agency for maritime security, assessed risk in accordance with 
the Department of Homeland Security’s (DHS) guidance and what risks it 
identified; and (2) federal agencies, ferry and facility operators, 
and law enforcement entities have taken actions to protect ferries and 
their facilities. GAO reviewed relevant requirements, analyzed 2006 
through 2009 security operations data, interviewed federal and 
industry officials, and made observations at five domestic and one 
international locations with varying passenger volumes and relative 
risk profiles. Site visits provided information on security, but were 
not projectable to all ports. This is the public version of a 
sensitive report that GAO issued in October 2010. Information that DHS 
deemed sensitive has been redacted. 

What GAO Found: 

The Coast Guard assessed the risk—including threats, vulnerabilities, 
and consequences—to ferries in accordance with DHS guidance on risk 
assessment and, along with other maritime stakeholders, identified 
risks associated with explosive devices, among other things. Although 
in April 2010, Coast Guard intelligence officials stated that there 
have been no credible terrorist threats identified against ferries and 
their facilities in at least the last 12 months, maritime intelligence 
officials have identified the presence of terrorist groups with the 
capability of attacking a ferry. Many of the Coast Guard, ferry system 
and law enforcement officials GAO spoke with generally believe ferries 
are vulnerable to passenger- or vehicle-borne improvised explosive 
devices, although not all ferry systems transport vehicles. The Coast 
Guard has also identified the potential consequences of an attack, 
which could include possible loss of life and negative economic 
effects. In April 2010, Coast Guard officials stated that the relative 
risk to ferries is increasing, as evidenced by attacks against land-
based mass transit and other targets overseas. 

Federal agencies-—including the Coast Guard, the Transportation 
Security Administration (TSA), and Customs and Border Protection 
(CBP)—-ferry operators, and law enforcement entities report that they 
have taken various actions to enhance the security of ferries and 
facilities and have implemented related laws, regulations, and 
guidance, but the Coast Guard may be missing opportunities to enhance 
ferry security. Security measures taken by the Coast Guard have 
included providing a security presence on ferries during transit. 
Coast Guard officials also reported that they are revising regulations 
to improve ferry operator training and developing guidance on 
screening. Ferry operators’ security actions have included developing 
and implementing security plans and screening vehicles and passengers, 
among other things. However, the Coast Guard had not evaluated and, if 
determined warranted, acted on all findings and recommendations 
resulting from five agency-contracted studies on ferry security 
completed in 2005 and 2006. Reports from these studies included 
several recommendations for standardizing and enhancing screening 
across ferry operators. Standards for internal control in the federal 
government state that agencies should ensure that findings of audits 
and other reviews are promptly resolved, and that managers take action 
to evaluate and resolve matters identified in these audits and 
reviews. As a result of our work on ferry security, in August 2010, 
Coast Guard officials stated they planned to review the reports. 
Taking action to address the recommendations in these reports, if 
determined warranted by the Coast Guard’s evaluation, could enhance 
ferry security. Furthermore, Coast Guard documents from 2004 state 
that the agency should reassess vehicle screening requirements pending 
the completion of the ferry security reports or if the threat changes. 
However, no specific plans were in place to reassess these 
requirements. By taking action to reassess its screening requirements, 
the agency would be better positioned to determine if changes are 
warranted. 

What GAO Recommends: 

GAO recommends that the Commandant of the Coast Guard, after 
evaluating the completed studies on ferry security, reassess vehicle 
screening requirements and take further actions to enhance security, 
if determined warranted. DHS concurred with our recommendations. 

View [hyperlink, http://www.gao.gov/products/GAO-11-207] or key 
components. For more information, contact Stephen L. Caldwell at (202) 
512-9610 or caldwells@gao.gov. 

[End of section] 

Contents: 

Letter: 

Background: 

The Coast Guard Assessed Risk to Ferries and Their Facilities in 
Accordance with DHS's Risk Assessment Guidance and Security Concerns 
Exist: 

Stakeholders Have Implemented Ferry Security Measures, but the Coast 
Guard Has Not Acted on Other Identified Opportunities That May Enhance 
Security: 

Conclusions: 

Recommendations for Executive Action: 

Agency Comments: 

Appendix I: GAO Contact and Staff Acknowledgments: 

Related GAO Products: 

Tables: 

Table 1: Selected Stakeholders with Security Responsibilities 
Applicable to Ferries: 

Table 2: Key Security Requirements Applicable to Ferries and Ferry 
Facilities: 

Figures: 

Figure 1: 2008 National Census Data on States with Ferry Systems 
Operating High Capacity Passenger Ferries and the Number of Passengers 
and Vehicles Carried: 

Figure 2: Coast Guard Escorts of Ferries: 

Figure 3: TSA Testing of a Vehicle Screening Technology: 

Figure 4: Security Signage Posted at a Ferry Facility: 

Figure 5: Security Deficiencies by Vessel Type, 2006 through 2009: 

Figure 6: Security Deficiencies by Facility Type, 2006 through 2009: 

Abbreviations: 

CBP: Customs and Border Protection: 

DHS: Department of Homeland Security: 

ISPS: International Ship and Port Facility Security: 

MTSA: Maritime Transportation Security Act of 2002: 

SAFE Port Act: Security and Accountability for Every Port Act of 2006: 

TSA: Transportation Security Administration: 

VIPR: Visible Intermodal Prevention and Response: 

[End of section] 

United States Government Accountability Office: 
Washington, DC 20548: 

December 3, 2010: 

The Honorable Bennie G. Thompson: 
Chairman: 
Committee on Homeland Security: 
House of Representatives: 

Dear Mr. Chairman: 

Ferries are an important component of the U.S. transportation system, 
and according to respondents to the 2008 National Census of Ferry 
Operators, carried more than 82 million passengers and over 25 million 
vehicles.[Footnote 1] Ferries are also potential targets for terrorism 
in the United States and have been terrorist targets overseas. A 2005 
Coast Guard study stated that as part of the U.S. maritime 
transportation system, ferry operations are potential terrorist 
targets, and according to a 2006 RAND Corporation study, certain 
traits inherent to ferries make them especially attractive to 
terrorist aggression.[Footnote 2] For example, the RAND study reported 
that attacks on ferries are easy to execute, have the potential to 
kill many people, are likely to capture significant media attention, 
and can be exploited to visibly demonstrate a terrorist group's 
salience and vibrancy. While these fears have not been realized in the 
United States, ferries and their facilities in the Philippines have 
repeatedly been targeted by terrorists. For example, successful 
bombings on Philippine ferries killed or wounded at least 130 people 
in 2004 and 2005. Attacks on ferries and their facilities have 
continued, and in 2009 there were three more attempted bombings in the 
Philippines. These attacks led the Transportation Security 
Administration (TSA)--the lead U.S. federal agency for transportation 
security--to report in 2009 that violent extremists around the 
Philippines have the intent and capability to attack ferries or use 
them as a means of conveyance to transport materials. Coast Guard and 
Navy intelligence officials also stated that the overall risk to 
ferries may be increasing given the attempts in the Philippines and 
the attacks against land-based mass transit and other soft targets 
overseas. Although not caused by a terrorist attack, one of the 
greatest maritime disasters ever occurred in the Philippines in 1987 
when an overloaded ferry collided with a tanker and an estimated 4,300 
people died. Although the circumstances of this ferry sinking may be 
different than those faced by ferries in the United States, they 
illustrate that an attack on a crowded ferry could have dire 
consequences. The U.S. Coast Guard, a component of the Department of 
Homeland Security (DHS), is the lead federal agency responsible for a 
wide array of maritime safety and security activities, including those 
involving ferries and their facilities under the Maritime 
Transportation Security Act of 2002 (MTSA).[Footnote 3] 

This report is the second of two reviewing the security of high 
capacity passenger vessels--vessels capable of carrying 500 or more 
passengers. The first report focused on cruise ship and cruise ship 
facility security and was issued in April 2010.[Footnote 4] The report 
found that while governmental agencies, cruise ship operators, and 
other maritime security stakeholders have taken significant steps to 
protect against a possible terrorist attack, the U.S. Customs and 
Border Protection (CBP)--the federal agency primarily responsible for 
border security--should consider obtaining additional information 
about cruise ship passengers to enhance its screening process. This 
report focuses on the security issues of high capacity passenger 
ferries and their facilities.[Footnote 5] While we limited our review 
to ferry systems that operate larger, high capacity passenger ferries, 
these systems often also operate smaller ferries, and according to 
Coast Guard officials, smaller ferries face similar security concerns. 

You requested that we identify risks associated with ferries and their 
facilities and the measures being taken to protect them.[Footnote 6] 
Specifically, this report responds to the following questions: 

* To what extent has the U.S. Coast Guard assessed risk related to 
high capacity passenger ferries and their facilities in accordance 
with DHS's guidance, and what are the identified risks? 

* To what extent have maritime security stakeholders taken actions to 
mitigate the potential risks to high capacity passenger ferries and 
their facilities, and to implement applicable federal laws, 
regulations, and guidance; and what additional actions, if any, could 
enhance ferry security? 

This is the public version of the report we issued in October 2010 
that contained information related to risks to high capacity passenger 
ferries and efforts made to secure these ferries from terrorist 
attacks. DHS deemed specific details of ferries, the risks to ferries, 
and methods used by the Coast Guard and others to secure ferries to be 
sensitive security information, which must be protected from public 
disclosure. Therefore, this report omits those details. Although 
information provided in this report is more limited in scope, it 
addresses the same questions as the previously issued report. Also, 
the overall methodology used for both reports is the same. The 
conclusions and recommendations contained in our October 2010 version 
of this report remain generally unchanged. 

To determine the extent to which the Coast Guard assessed the risks to 
ferries and their facilities in accordance with DHS's guidance, and to 
identify the risks associated with ferries and their facilities, we 
reviewed relevant federal guidance on the use of risk management, 
including DHS's National Infrastructure Protection Plan.[Footnote 7] 
We also reviewed documents describing the methodology and use of the 
Coast Guard's primary risk assessment tool--the Maritime Security Risk 
Analysis Model. We analyzed the elements of the Coast Guard's risk 
analysis model process and compared it to criteria from two 
components--risk assessment and prioritization--of the National 
Infrastructure Protection Plan, the document that articulates the risk 
management framework for DHS. We also analyzed the nationwide results 
for 2009 of the risk analysis model to determine the relative risks 
facing ferries and their facilities. In addition, we interviewed Coast 
Guard headquarters personnel responsible for the risk analysis model 
and Coast Guard Sector personnel responsible at the local level to 
discuss the relative risks in their areas of responsibility.[Footnote 
8] 

In addition, we interviewed Coast Guard and U.S. Navy intelligence 
personnel actively engaged in determining possible threats to ferries 
and their facilities. We also interviewed Coast Guard, CBP, and U.S. 
Park Police officials, as well as personnel from seven nonfederal law 
enforcement agencies. The Coast Guard and CBP officials were those 
responsible for ferry and ferry facility security at both the national 
level and at the locations where we made site visits. Similarly, the 
law enforcement personnel we met with represented jurisdictions 
covered in our site visits where they provided security for ferries 
and their facilities. We made these visits to a nonprobability sample 
of five domestic locations. Ferry operations at these locations are 
overseen by five Coast Guard Sectors.[Footnote 9] We selected these 
locations based on the number of passengers carried by the ferry 
systems operating in these locations and the relative risk associated 
with the ferry systems. We also selected locations that had domestic 
and international ferries. While the information we obtained from 
personnel at these locations cannot be generalized across all U.S. 
ferry systems, it provided us with a perspective on the risks to 
ferries and their facilities at the selected locations. While their 
views may not represent the views of all high capacity passenger ferry 
operators, these ferry systems represented about 70 percent of 
passengers and about 80 percent of vehicles carried by U.S. ferry 
operators that in 2008 reported that they had vessels in service 
capable of carrying 500 or more passengers. 

To determine the extent to which maritime security stakeholders-- 
including federal agencies, ferry and ferry facility operators, and 
law enforcement agencies--have taken actions to mitigate the potential 
risks to ferries and their facilities and to implement applicable 
federal laws, regulations, and guidance, we reviewed relevant federal 
legislation, regulations, and guidance. These included pertinent 
provisions of MTSA, as amended, including the Security and 
Accountability For Every Port Act of 2006 (SAFE Port Act) amendments 
to MTSA; implementing regulations--such as 33 CFR Parts 101, 102, 103, 
104, and 105; the Coast Guard's Operation Neptune Shield operations 
order; Navigation and Vessel Inspection Circulars; and Maritime 
Security Directives, respectively. We analyzed data on the Coast 
Guard's security performance in meeting internal standards established 
for Operation Neptune Shield during 2009, and on ferry and ferry 
facility operator's security performance in meeting requirements 
identified in Coast Guard regulations from 2006 to 2009. We found 
these data to be sufficiently reliable for the purpose of providing 
contextual or background information. To make this determination we 
conducted interviews with knowledgeable agency officials and performed 
data testing for missing data, outliers, and obvious errors. We also 
interviewed federal officials from various agencies, including the 
Coast Guard, CBP, and U.S. Park Police to discuss their actions to 
reduce risks to ferries and their facilities. We observed security 
activities and interviewed law enforcement personnel from seven 
nonfederal police departments responsible for protecting ferries and 
their facilities from terrorist attacks at the domestic locations we 
visited. As part of our observations of security measures, we traveled 
aboard international and domestic ferries at these locations. While 
our observations at these locations cannot be generalized across all 
U.S. ports, they provided us with a general overview and perspective 
on ferry and ferry facility security at the selected locations. We 
also made a site visit to one foreign location where a major high 
capacity ferry system operated to observe possible security actions 
other than those used in the United States. Although this location 
does not represent all international locations with high capacity 
passenger ferry operators, we selected this location because Coast 
Guard officials stated that this ferry system was similar to one of 
the larger systems in the United States and would serve as a good 
comparison to U.S. ferry systems. We also reviewed three Coast Guard- 
funded reports issued in 2005 and 2006 on ferry security to determine 
what actions the reports recommended that the Coast Guard take to help 
ensure ferry security. We interviewed Coast Guard officials to 
determine what actions had been taken in response to these reports. We 
also reviewed the scope and methodology for these reports and 
determined they were sufficient for us to rely on for the purposes of 
this report. 

We conducted this performance audit from January 2009 to December 2010 
in accordance with generally accepted government auditing standards. 
[Footnote 10] Those standards require that we plan and perform the 
audit to obtain sufficient, appropriate evidence to provide a 
reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a 
reasonable basis for our findings and conclusions based on our audit 
objectives. 

Background: 

Ferries Transport Passengers and Vehicles: 

According to the 190 ferry operators responding to the 2008 National 
Census of Ferry Operators, more than 82 million passengers and over 25 
million vehicles were carried on their vessels in the United States. 
[Footnote 11] As reported in 2008, the ferry systems that carried the 
most passengers and vehicles in 2008 were the New York City Department 
of Transportation Ferry Division (Staten Island Ferry) which carried 
19 million passengers, but no vehicles, and the Washington State 
Ferries that carried over 13 million passengers and almost 11 million 
vehicles. In addition, California, Louisiana, Massachusetts, New 
Jersey, North Carolina, Ohio, Texas, and Virginia all had ferry 
systems that carried over 1 million passengers. See figure 1 for a map 
identifying the states where ferry systems operate vessels that can 
carry 500 or more passengers, as well as the number of passengers and 
vehicles carried by these systems. In addition to the ferries that 
operate solely inside the United States, CBP identified 28 ferries 
that sailed in 2009 to the United States from a port in Canada, 
Mexico, the British Virgin Islands, or the Dominican Republic. 

Figure 1: 2008 National Census Data on States with Ferry Systems 
Operating High Capacity Passenger Ferries and the Number of Passengers 
and Vehicles Carried: 

[Refer to PDF for image: illustrated U.S. map] 

Depicted on the map are the states with ferry systems along with 
symbols indicating the number of passengers and vehicles carried in 
2008: 

Symbol scale: 
100,000; 
1,000,000; 
5,000,000; 
15,000,000; 
20,000,000. 

States: 

California: approximately 5,000,000 passengers; 
Connecticut: approximately 1,000,000 passengers and 100,000 vehicles; 
Delaware: approximately 1,000,000 passengers and 100,000 vehicles; 
Florida: approximately 100,000 passengers; 
Massachusetts: approximately 5,000,000 passengers and 1,000,000 
vehicles; 
Michigan: approximately 1,000,000 passengers and 100,000 vehicles; 
New Jersey: approximately 1,000,000 passengers; 
New York: approximately 20,000,000 passengers and 100,000 vehicles; 
Ohio: approximately 1,000,000 passengers and 100,000 vehicles; 
Texas: approximately 10,000,000 passengers and 5,000,000 vehicles; 
Washington: approximately 15,000,000 passengers and 15,000,000 
vehicles. 

Sources: National Census of Ferry Operators; Map Resources (map). 

Note: This graphic is based on data reported by the Bureau of 
Transportation Statistics in the 2008 National Census of Ferry 
Operators. These data included self-reported data to the census by the 
responding ferry systems, along with information obtained from 
agencies such as the Coast Guard and the Army Corps of Engineers. As 
reported by the Bureau of Transportation Statistics, data was not 
available for all questions for all systems. For example, the reported 
data for one system in Louisiana included that it operated high 
capacity passenger ferries, but did not include the total number of 
passengers it carried. That system is not included in figure 1. Of the 
systems included in the census, data show that 29 operated ferries 
capable of carrying 500 or more passengers. Twenty-eight of these 29 
ferry systems operate in the 11 states highlighted in figure 1 above. 
No systems reported operating ferries capable of carrying 500 or more 
passengers in Alaska or Hawaii. 

[End of figure] 

Many Stakeholders Involved in Securing Ferry Operations: 

Numerous organizations play a role in the security of ferries 
operating in U.S. waters. Table 1 lists selected federal agencies and 
other stakeholders together with examples of the ferry-related 
maritime security activities that they conduct. 

Table 1: Selected Stakeholders with Security Responsibilities 
Applicable to Ferries: 

International organization: 

Stakeholder: 
* International Maritime Organization[A]; 
Selected maritime security-related responsibilities: 
* Develop international standards for port and vessel security. 

Federal government: Department of Homeland Security: 

Stakeholder: 
* U.S. Coast Guard; 
Selected maritime security-related responsibilities: 
* Conduct vessel escorts, boardings of selected vessels, and security 
patrols of key port areas; 
* Ensure vessels in U.S. waters comply with domestic and international 
maritime security standards; 
* Review U.S. vessel and facility security plans and oversee 
compliance with these plans. 

Stakeholder: 
* Transportation Security Administration (TSA); 
Selected maritime security-related responsibilities: 
* Test technologies, practices, and techniques for passenger screening 
systems in the maritime environment; 
* Coordinate with the Coast Guard on security training and surge 
operations. 

Stakeholder: 
* U.S. Customs and Border Protection (CBP); 
Selected maritime security-related responsibilities: 
* Review documentation of persons, baggage, and cargo arriving from 
foreign ports on international ferries; 
* Take action to deny entrance to the United States if concerns about 
persons, baggage, or cargo exist. 

State and local governments. 

Stakeholders: 
* Law enforcement agencies; 
Selected maritime security-related responsibilities: 
* Often act as land-based security for ferry operators; 
* Support Coast Guard role through water patrols and possibly escort 
vessels if the agency operates a marine unit. 

Stakeholder: 
* State and city Departments of Transportation and Port Authorities; 
Selected maritime security-related responsibilities: 
* Own many ferry systems and thus assume responsibility for ensuring 
their security by conducting vulnerability assessments and developing 
and implementing security plans to mitigate vulnerabilities and comply 
with applicable international and domestic standards; 
* Conduct risk-mitigating actions including maintaining secure areas 
and screening passengers and vehicles. 

Private sector: 

Stakeholder: 
* Private owners or operators; 
Selected maritime security-related responsibilities: 
* Own or operate many ferry systems and thus assume responsibility for 
ensuring their security by conducting vulnerability assessments and 
developing and implementing security plans to mitigate the 
vulnerabilities and comply with applicable international and domestic 
standards; 
* Conduct risk-mitigating actions including maintaining secure areas 
and screening passengers and vehicles. 

Stakeholder: 
* Security contractors; 
Selected maritime security-related responsibilities: 
* Provide security services at ferry facilities. 

Source: GAO. 

[A] The International Maritime Organization is a specialized agency of 
the United Nations with 169 member states that is responsible for 
developing an international regulatory framework addressing, among 
other things, maritime safety and security. 

[End of table] 

Maritime Security Actions Are Guided by a Legal and Regulatory 
Framework: 

International standards and national laws, regulations, and guidance 
direct federal agencies and vessel and facility operators nationwide 
in their security efforts (see table 2). 

Table 2: Key Security Requirements Applicable to Ferries and Ferry 
Facilities: 

Promulgator: International Maritime Organization; 
Law or guidance: International Ship and Port Facility Security (ISPS) 
Code,[A] as implemented through Chapter XI-2 of the International 
Convention for the Safety of Life at Sea[B]; 
Key provisions: Sets out many of the international standards for 
vessel and port facility security. For example, all covered vessels 
shall have a designated security officer. 

Promulgator: U.S. Federal Government; 
Law or guidance: Maritime Transportation Security Act of 2002 
(MTSA)[C]; 
Key provisions: Establishes a maritime security framework including 
many of the U.S. vessel and port facility security requirements and 
standards and for Coast Guard enforcement of many of such provisions. 
One such provision, for example, requires regulated facilities and 
vessels to have vulnerability assessments. 

Promulgator: U.S. Federal Government; 
Law or guidance: SAFE Port Act amendments to MTSA (2006)[D]; 
Key provisions: Sets additional requirements for Coast Guard 
regulation of port facility security. For example, at least one 
security inspection to verify the effectiveness of a regulated 
facility security plan shall be unannounced. 

Promulgator: Coast Guard; 
Law or guidance: Implementing Regulations (such as 33 C.F.R. Parts 
101, 104, and 105); 
Key provisions: Based on legislative authority, set specific security 
requirements for U.S. flagged vessels and port facilities. For 
example, owners or operators of ferries must ensure that security 
sweeps of the vessel are performed before getting underway. 

Promulgator: Coast Guard; 
Law or guidance: Operation Neptune Shield Operations Order; 
Key provisions: Sets internal Coast Guard standards for vessel 
(including ferries) security activities, which include escorts and 
security boardings--boardings performed to verify that the ship and 
crew are operating as expected and to act on intelligence that may 
have prompted security concerns. For example, Coast Guard units are 
required to escort a certain percentage of high capacity passenger 
vessels under different Maritime Security threat levels.[E] (Specific 
percentages are classified.) Operation Neptune Shield activities are 
based on an understanding of maritime risk and mitigation. 

Promulgator: Coast Guard; 
Law or guidance: Navigation and Vessel Inspection Circulars; 
Key provisions: Provide Coast Guard guidance about the enforcement of, 
or compliance with, certain federal maritime regulations and Coast 
Guard maritime safety and security programs. For example, these state 
how Coast Guard inspectors are to ensure operators' compliance with 
higher standards for passenger screening and security sweeps on 
ferries. 

Promulgator: Coast Guard; 
Law or guidance: Maritime Security Directives; 
Key provisions: Set security performance standards for stakeholders 
responsible for taking security actions commensurate with various 
Maritime Security threat levels. For example, one standard includes 
the varying percentages of vehicles to be screened before boarding 
ferries under different Maritime Security threat levels. 

Source: GAO. 

[A] IMO Doc. SOLAS/CONF. 5/34 (Dec. 12, 2002). 

[B] 32 U.S.T. 47, T.I.A.S. No. 9700. 

[C] Pub. L. No. 107-295, 116 Stat. 2064 (2002). 

[D] Pub. L. No. 109-347, 120 Stat. 1884 (2006). 

[E] Maritime Security threat levels are a three-tiered (Maritime 
Security Level 1, Maritime Security Level 2, and Maritime Security 
Level 3) threat warning system to provide a means to easily 
communicate preplanned scalable responses to increased threat levels. 
They are set by the Coast Guard, in consultation with DHS, to reflect 
the prevailing threat environment to the marine elements of the 
national transportation system, including ports, vessels, facilities, 
and critical assets and infrastructure located on or adjacent to 
waters subject to the jurisdiction of the United States. For the 
purpose of these requirements, the Coast Guard defines high capacity 
passenger vessels as those carrying 500 or more passengers. 

[End of table] 

Risk Management Is Important for Maritime Security: 

DHS is required by statute to utilize risk management principles with 
respect to various DHS functions.[Footnote 12] In 2006, DHS issued the 
National Infrastructure Protection Plan, which is DHS's base plan that 
guides how DHS and other relevant stakeholders should use risk 
management principles to prioritize protection activities in an 
integrated and coordinated fashion. Updated in 2009, the National 
Infrastructure Protection Plan requires that federal agencies use 
relative risk to inform the selection of priorities and the continuous 
improvement of security strategies and programs to protect people and 
critical infrastructure by reducing the risk of acts of terrorism. The 
framework for the plan includes six components: (1) set goals and 
objectives; (2) identify assets, systems, and networks; (3) assess 
risk; (4) prioritize; (5) implement programs; and (6) measure 
effectiveness. 

In the assess risk component, the National Infrastructure Protection 
Plan establishes baseline criteria for conducting risk assessments. 
According to the National Infrastructure Protection Plan, risk 
assessments are a qualitative or quantitative determination of the 
likelihood of an adverse event occurring and are a critical element of 
the National Infrastructure Protection Plan's risk management 
framework. Risk assessments can also help decision makers identify and 
evaluate potential risks so that countermeasures can be designed and 
implemented to prevent or mitigate the potential effects of the risks. 
The National Infrastructure Protection Plan also characterizes risk 
assessment as a function of three elements: 

* Threat: The likelihood that a particular asset, system, or network 
will suffer an attack or an incident. In the context of risk 
associated with a terrorist attack, the estimate of threat is based on 
the analysis of the intent and the capability of an adversary; in the 
context of a natural disaster or accident, the likelihood is based on 
the probability of occurrence. 

* Vulnerability: The likelihood that a characteristic of, or flaw in, 
an asset's, system's, or network's design, location, security posture, 
process, or operation renders it susceptible to destruction, 
incapacitation, or exploitation by terrorist or other intentional 
acts, mechanical failures, and natural hazards. 

* Consequence: The negative effects on public health and safety, the 
economy, public confidence in institutions, and the functioning of 
government, both direct and indirect, that can be expected if an 
asset, system, or network is damaged, destroyed, or disrupted by a 
terrorist attack, natural disaster, or other incident. 

Information from the three elements that assess risk--threat, 
vulnerability, and consequence--can lead to a risk characterization 
and provide input for prioritizing security goals--the fourth 
component within the framework. For example, MTSA requires the Coast 
Guard to prepare Area Maritime Transportation Security Plans for ports 
around the United States. These plans convey operational and physical 
security measures, communications procedures, time frames for 
responding to security threats, and other actions to direct the 
prevention of and response to a security incident. In its regulations 
implementing MTSA, the Coast Guard gave primary responsibility for 
creating the Area Maritime Security Plans to the Captain of the Port, 
based on the Area Maritime Security Assessment.[Footnote 13] Area 
Maritime Security Assessments examine the threats and vulnerabilities 
to activities, operations, and infrastructure critical to a port and 
the consequences of a successful terrorist attack on the critical 
activities, operations, and infrastructure at the port. Under the 
regulations, such assessments are to be risk-based, and should assess 
each potential threat and the consequences and vulnerabilities for 
each combination of targets and attack modes in the area. With the 
information supplied in the assessment, the Area Maritime Security 
Plan is to identify, among other things, the operational and physical 
security measures to be implemented at Maritime Security Level 1 and 
those that, as risks increase, will enable the area to progress to 
levels 2 and 3. According to the Coast Guard, procedures and measures 
conveyed in Area Maritime Security Plans are coordinated, 
communicated, and implemented by the Captain of the Port with 
stakeholder communication assistance from Area Maritime Security 
Committees, using existing agency command and control systems, and 
when activated, unified incident management structures. 

The Coast Guard Assessed Risk to Ferries and Their Facilities in 
Accordance with DHS's Risk Assessment Guidance and Security Concerns 
Exist: 

The Coast Guard Adheres to Risk Assessment Guidance from DHS's 
National Infrastructure Protection Plan: 

The Coast Guard uses a tool known as the Maritime Security Risk 
Analysis Model to assess risk to vessels and port infrastructure, 
including ferries and ferry facilities, in accordance with the 
guidance from DHS's National Infrastructure Protection Plan. As we 
reported in April 2010, the Coast Guard uses this analysis tool to 
help implement its strategy and concentrate maritime security 
activities when and where relative risk is believed to be the 
greatest.[Footnote 14] The model assesses the risk--threats, 
vulnerabilities, and consequences--of a terrorist attack based on 
different scenarios; that is, it combines potential targets with 
different means of attack. Examples of a Maritime Security Risk 
Analysis Model scenario related to ferries include those involving a 
suicide bomber or a boat attack. Taking threats, vulnerabilities, and 
consequences into consideration is the approach to assessing risk 
recommended by the National Infrastructure Protection Plan. According 
to the Coast Guard, the model's underlying methodology is designed to 
capture the security risk facing different types of targets, allowing 
comparison between different targets and geographic areas at the 
local, regional, and national levels. Also in accordance with guidance 
from the National Infrastructure Protection Plan, the model is 
designed to support decision making for the Coast Guard. At the 
national level, the model's results are used for (1) long-term 
strategic resource planning, (2) identifying capabilities needed to 
combat future terrorist threats, and (3) identifying the highest-risk 
scenarios and targets in the maritime domain. At the local level, the 
Captain of the Port can use the model as a tactical planning tool, and 
it can help to identify the highest-risk scenarios, allowing the 
Captain of the Port to prioritize needs and better deploy security 
assets. As we reported in March 2009, Intelligence Coordination Center 
officials stated that the Coast Guard uses the model to inform 
allocation decisions, such as the deployment of local resources and 
grants.[Footnote 15] 

Although No Recent Threats Have Been Identified, Stakeholders Reported 
Security Concerns: 

Although there have been no recent, credible terrorist threats against 
ferries and their facilities in the United States, stakeholders 
expressed concerns about various types of attacks that, if successful, 
could have significant consequences. Since the characteristics and 
operations of the ferry systems vary widely, different operations and 
ferry system components face different levels of threats with 
different probabilities of occurrence. In April 2010, Coast Guard 
intelligence officials stated that there have been no credible 
terrorist threats against ferries and their facilities identified in 
at least the last 12 months, but noted the presence of terrorist 
groups that have the capability to attack a ferry. Further, the lack 
of a recent threat does not preclude the possibility of such an 
incident occurring in the future. As reported both by the Coast Guard 
and RAND, ferries have been terrorist targets in the past and are 
considered attractive targets for terrorists. In 2006, the 
Transportation Research Board reported that the same characteristics 
that make ferry systems desirable to passengers--the wide extent of 
service and the popularity of use--also make them potential targets 
and potential instruments of a terrorist act.[Footnote 16] As we 
previously reported in 2007, security officials in the U.S. government 
are concerned about the possibility of a future terrorist attack in a 
U.S. port.[Footnote 17] For example, captured terrorist training 
manuals cite ports as targets and instruct trainees to use covert 
means to obtain surveillance information for use in attack planning. 
Terrorist leaders have also stated their intent to attack 
infrastructure targets within the United States, including ports, in 
an effort to cause physical and economic damage and inflict mass 
casualties. In April 2010, Coast Guard intelligence officials also 
stated that they have seen a gradual shift in terrorist tactics and 
procedures overseas that had been seen in attacks against mass transit 
and other soft targets--characteristics typically shared with ferry 
systems as well. 

Stakeholders Reported Various Security Concerns: 

Maritime security stakeholders reported various ferry-related security 
concerns with the greatest concerns being improvised explosive device 
attacks delivered via vehicles, passengers or small boats. Vehicle- 
borne improvised explosive device concerns, for ferry operations that 
carry vehicles, included concerns about devices carried in cars and 
trucks. Our work from February 2009 supports the likely validity of 
this concern as vehicle-borne improvised explosive devices were the 
most common tactic used in truck and bus terrorist incidents abroad. 
[Footnote 18] However, not all ferry systems allow vehicles on board. 
Coast Guard officials we interviewed expressed concern about passenger-
borne improvised explosive devices on ferries as well--such as a 
passenger carrying a bomb in a backpack. Determining passengers' 
identities, through admissibility inspections, is one type of action 
that CBP has taken to help mitigate concerns posed by passengers 
boarding ferries that originate from Canada.[Footnote 19] Nonetheless, 
according to CBP officials, CBP personnel do not know a person's 
identity until he or she arrives at the facility to board. However, 
Coast Guard officials stated that ferry operators may see the same 
people over and over again and can become familiar with the regular 
passengers. Maritime security stakeholders also consider waterborne 
improvised explosive devices to be a concern for ferries and their 
facilities. According to the Coast Guard's Strategy for Maritime 
Safety, Security, and Stewardship, one of the greatest risks 
associated with maritime scenarios is a direct attack using a 
waterborne improvised explosive device, and a recurring attack mode 
has been the use of small boats to carry out an attack. 

Port security stakeholders we interviewed also reported other ferry- 
related security concerns--some of which were more port specific. For 
example, international ferries pose an additional concern by providing 
a possible transit for terrorists to enter the United States as 
exemplified by the 1999 millennium bomber, who traveled to the United 
States on a ferry from Canada and had planned to bomb the Los Angeles 
International Airport. Port security stakeholders reported other 
security concerns including criminal activity, such as drug or human 
smuggling, particular to where their ferries transit. 

A Successful Attack Could Have Significant Consequences: 

A successful attack on a ferry could affect the ship, its passengers, 
and the U.S. economy. A successful attack could damage a ferry and the 
extent of the loss of life would depend on the severity of the attack, 
according to various studies. A 2006 RAND report stated that scenarios 
involving significant damage could easily result in several hundred 
fatalities and the greater the damage, the more likely it would be 
that the vessel would sink resulting in a higher death toll. 

A successful terrorist attack on a ferry system may also have an 
economic impact. Coast Guard officials stated that an attack on a 
ferry could target a lot of people at one time and shut down port 
operations, which could ultimately have an economic ripple effect. 
Coast Guard officials differed in their opinions, however, on whether 
a ferry attack would likely have a national economic impact or if the 
economic impact would be more localized, but agreed that it would 
depend on the scenario. Furthermore, the reaction to an attack on a 
ferry could also affect the degree of the economic impact. According 
to the Coast Guard and RAND, ferry transit is largely a substitutable 
form of transportation for which passengers may opt to use another 
form of transportation, such as a bridge, following an attack, and, 
therefore, the economic impact of such an action may not necessarily 
be significant. However, an attack on a ferry could also result in 
additional funding spent on enhanced security measures. For example, 
the 2004 attack against the SuperFerry 14 in the Philippines affected 
perceived terrorist threat contingencies and was a central factor in 
subsequent decisions to deploy sea marshals on all ships traveling in 
Philippine waters as well as promulgate heightened surveillance, 
investigation, arrest, and detention powers for the police and 
intelligence services. 

Stakeholders Have Implemented Ferry Security Measures, but the Coast 
Guard Has Not Acted on Other Identified Opportunities That May Enhance 
Security: 

To secure ferries and their facilities, responsible maritime security 
stakeholders--including the Coast Guard, CBP, and TSA, as well as 
owners and operators of ferries and their facilities--reported having 
taken various actions to implement applicable federal maritime laws, 
regulations, and guidance designed to help ensure the security of 
ferries and their facilities. 

The Coast Guard Reports That It Conducts Multiple Types of Security 
Activities: 

The Coast Guard seeks to mitigate risks to ferries and their 
facilities through regulatory and operational activities. The Coast 
Guard's regulatory activity involves ferry and ferry facility 
inspections, conducted by inspections teams who monitor compliance 
with operators' security plans.[Footnote 20] According to Coast Guard 
officials, the Coast Guard conducts inspections of ferries four times 
per year: the annual security inspection, which may be combined with a 
safety inspection and typically occurs when the ferry is out of 
service, and the quarterly inspections, which are shorter in duration, 
and generally take place while the ferry remains in service. During 
calendar years 2006 through 2009, the Coast Guard reported conducting 
over 1,500 ferry inspections--about 670 of which were for high 
capacity passenger ferries. Coast Guard officials stated that although 
ferry operators are responsible for scheduling inspections as a 
condition of their certification, the Coast Guard has a system in 
place to notify the agency if a ferry's certification has expired so 
that the Coast Guard may act accordingly. 

In addition to ferry vessel inspections, the Coast Guard reports that 
it inspects MTSA-regulated maritime facilities, including ferry 
facilities, at least two times a year in accordance with SAFE Port Act 
requirements.[Footnote 21] One of these inspections must be 
unannounced. The Coast Guard reported conducting between approximately 
700 and 850 ferry facility inspections each calendar year for the 
period 2006 through 2009.[Footnote 22] To track its performance in 
completing inspections, Coast Guard officials stated they have the 
ability to create a daily report to inform the Captain of the Port 
when each facility in his or her area of responsibility is due for an 
inspection. The report lists all MTSA-regulated facilities, shows the 
dates on which the Coast Guard performed its last two required 
inspections, and highlights any facilities that are coming due or are 
overdue for an inspection. In addition, a quarterly reporting tool was 
developed for Coast Guard district and headquarters officials to 
determine if facility inspection requirements were being met. 

The Coast Guard also reported that it conducts operational activities 
to secure ferries, including conducting boat escorts of ferries, 
implementing positive control measures--that is, stationing armed 
Coast Guard personnel in key locations aboard a vessel to ensure that 
the operator maintains control--and providing a security presence 
through various actions. Operation Neptune Shield requires Coast Guard 
units to escort a certain percentage of high capacity passenger 
vessels at each maritime security threat level to protect against an 
external threat, such as a waterborne improvised explosive device. 
[Footnote 23] The requirement is applicable to all types of high 
capacity passenger vessels--cruise ships, ferries, and excursion 
vessels--in a Sector's area of responsibility, and is not specific to 
ferries. According to Coast Guard data, although 16 of 28 Sectors with 
high capacity passenger vessels operating in their area of 
responsibility met or exceeded the number of required escorts in 
calendar year 2009, 12 did not meet their escort requirement.[Footnote 
24] However, Coast Guard officials reported that some of the Sectors 
that did not meet escort requirements may not have had high capacity 
passenger ferries operating in their area of responsibility, but 
instead may have had other high capacity passenger vessels, such as 
cruise ships.[Footnote 25] Moreover, Operation Neptune Shield allows 
the Captain of the Port the latitude to manage risk and shift 
resources to other priorities when deemed necessary, for example, when 
resources are not available to fulfill all missions simultaneously. 
Officials from one Sector reported that its local law enforcement 
agency has a large presence in the port, providing a presence on the 
ferries and protecting security zones. See figure 2 for a depiction of 
Coast Guard units escorting ferries. 

Figure 2: Coast Guard Escorts of Ferries: 

[Refer to PDF for image: 3 photographs] 

Source: U.S. Coast Guard. 

[End of figure] 

In addition to conducting escorts and positive control measures, the 
Coast Guard provides a security presence through other activities, 
including patrolling areas in which ferries operate using airborne, 
waterborne, and shoreside assets. In addition, Coast Guard personnel 
may board docked ferries for the purpose of providing a security 
presence once they are in transit. For example, at one location we 
visited, we accompanied a Coast Guard Vessel Boarding Security Team, 
which boarded the ferry and rode for two consecutive trips to provide 
a security presence as part of its regular patrol duties. 

TSA Also Has a Role in Ferry and Ferry Facility Security: 

TSA supports ferry security by demonstrating a security presence, 
providing training, and implementing pilot programs involving security 
technologies. Providing a security presence, TSA's Visible Intermodal 
Prevention and Response (VIPR) teams are comprised of federal air 
marshals, surface transportation security inspectors, transportation 
security officers, behavior detection officers, and explosives 
detection canine teams. In July 2010, TSA officials reported that they 
had deployed VIPR teams to ferry systems 319 times since calendar year 
2006. Law enforcement officials in one location stated they had 
participated in one VIPR operation each year from 2007 to 2009. In 
another location, the Coast Guard Sector cited VIPR operations among 
other best practices for ensuring the security of high capacity 
passenger ferries. In addition to its security presence, TSA developed 
training courses to educate passenger vessel employees on maritime 
security issues such as crowd control, improvised explosive detection 
recognition, and hijacking procedures. TSA also provides training 
through its Intermodal Security Training Exercise Program, which 
allows maritime security stakeholders to practice security exercises 
on ferries and provides training on explosive devices. TSA also 
accepts maritime security stakeholders into its explosive trace 
detection canine training program.[Footnote 26] Law enforcement 
officers affiliated with a ferry system we visited reported they were 
among the first ferry operators to be accepted into the TSA program, 
which has helped them to integrate four canines into their security 
operation. 

TSA also reported that it conducts pilot programs at transportation 
systems, including ferry systems, through its Security Enhancement and 
Capabilities Augmentation Program. TSA documents state that the 
program gives TSA the opportunity to network with different ferry 
operators across the United States, test emerging technologies, and 
develop strategies that the agency can use to respond to specific 
threats that arise from new intelligence or major events. TSA 
officials stated that these pilots help to determine how technologies 
work in different environments and in large-scale applications, and 
allow local agencies to try the technologies. According to one ferry 
operator, as part of their participation in TSA pilot programs, they 
provided feedback to TSA in response to pilots that have been tested 
in their respective systems. TSA officials also stated that the agency 
has visited approximately 12 passenger vessel venues since 2003 to 
test technologies used in the screening of passengers, baggage, and 
stores to be loaded on passenger vessels. Although TSA does not track 
implementation of piloted screening technologies, officials reported 
that five passenger facility operators, some of which were ferry 
facility operators, have adopted new technologies as a result of 
participating in a TSA pilot. See figure 3 for a photographic 
depiction of a technology used to screen vehicles for explosives that 
TSA piloted at a ferry system. 

Figure 3: TSA Testing of a Vehicle Screening Technology: 

[Refer to PDF for image: photograph] 

Source: Transportation Security Administration. 

[End of figure] 

For International Ferries That Enter U.S. Ports, CBP Carries Out 
Several Activities: 

CBP reports that it conducts inspections on international ferries that 
arrive in, or are bound for a U.S. port, and deploys radiation 
detection technologies at international ferry crossings. In the United 
States, CBP inspects passengers, bags, vehicles, and crew that 
disembark from international ferries. Additionally, CBP officers based 
in Canada conduct admissibility inspections of U.S.-bound ferry 
passengers. Furthermore, the SAFE Port Act of 2006 required CBP to 
determine if it could expand its international presence. Specifically, 
the act required CBP to seek to develop a plan by February 2007 for 
the inspection of passengers and vehicles before they board a vehicle- 
carrying ferry bound for the United States.[Footnote 27] In 2009, CBP 
concluded that such actions would not be feasible, and in a 2009 
letter to Congress, listed conditions which would prevent the agency 
from examining all persons seeking to enter the United States. 
Finally, CBP uses radiation detectors called portal monitors to screen 
vehicles inbound from Canada as they disembark in the United States. 
CBP officials stated that beginning in March 2008, radiation portal 
monitors were deployed to U.S. facilities that receive ferries inbound 
from Canada. By October 2009, CBP officials reported that 11 radiation 
portal monitors had been deployed, and in July 2010, officials 
reported that 4 additional devices were estimated to be deployed by 
2013. 

Ferry Operators Have Taken Action to Enhance Security and Their 
Ability to Meet Security Standards Has Been Measured through 
Inspections: 

Ferry and ferry facility operators develop and implement security 
plans. Pursuant to the ISPS Code and its guidance, and Coast Guard's 
implementing MTSA regulations and guidance, like other regulated 
vessels and facilities, ferry and ferry facility operators must 
develop and implement security plans that address, among other things, 
concerns identified in their security assessments. Security plans must 
be reviewed and approved by the Coast Guard. Coast Guard officials 
stated that as part of this process, the Captain of the Port 
determines whether a plan's security measures address the concerns 
identified in a ferry or ferry facility's security assessment. To 
address requirements in their security plans, ferry operators we 
interviewed reported using measures such as establishing a security 
presence that may be provided by either their own law enforcement 
branches or state and local law enforcement agencies; conducting 
security sweeps of the ferries; implementing access controls such as 
cameras, posting signage advising of security procedures, and 
installing proximity card door systems; and screening vehicles. 
[Footnote 28] See figure 4 for a photograph depicting security signage 
posted at a ferry facility. 

Figure 4: Security Signage Posted at a Ferry Facility: 

[Refer to PDF for image: photograph] 

Sign data: 

Security Notice: 
Maritime Security Level: 1: 

Security measures may include ID checks and screening of 
persons/belongings/vehicles. 

Entering this facility is deemed valid consent to ID 
check/screening/inspection. Failure to consent or submit to ID 
check/screening/inspection will result in denial or revocation of 
authorization to enter this facility. 

Source: GAO. 

[End of figure] 

Security methods varied across ferry operations. Ferry systems had a 
range of methods for providing onboard security, though the frequency 
and means they used varied across ferry systems. For example, at one 
ferry system we visited, local law enforcement officers rode on all 
ferry transits, while another ferry system had state law enforcement 
officers ride on selected trips. Similarly, all of the ferry systems 
we visited conducted screening operations to help protect against a 
passenger-or vehicle-borne improvised explosive device, but their 
frequency and screening methods also varied across systems. While the 
Coast Guard sets the minimum screening requirements at each maritime 
security threat level,[Footnote 29] Coast Guard guidance states that 
each ferry operator is permitted to enact measures that protect 
passengers without unduly compromising service to the community. 
Accordingly, operators may select the screening method most 
appropriate for their respective operation and within their resources, 
provided the Coast Guard deems the method sufficient to mitigate 
security risks. On our site visits, we observed variation in screening 
operations with respect to (a) the frequency of screening, (b) the 
personnel involved in screening, and (c) the screening methods used. 

With respect to screening frequency, port security stakeholders with 
screening responsibilities at five of the six ferry systems we 
interviewed generally reported that they met the minimum screening 
requirement set forth by the Coast Guard, and one ferry system 
reported that it screened all passengers, bags, and crew.[Footnote 30] 
This operator noted that its screening frequency was determined by the 
U.S. Park Police because the ferry transits to a national park. 
According to the U.S. Park Police, this national park is listed as the 
national icon that receives the greatest number of threats. During our 
site visits, we also observed one system that did not appear to be 
screening according to its standards, but we did not determine any 
failure to meet minimum screening requirements. 

Ferry and ferry facility operators utilize various personnel in their 
screening operations. Federal regulations require personnel with 
specific security responsibilities--such as screening--to have 
knowledge through training or equivalent job experience in certain 
areas and require operators to maintain personnel training records. 
[Footnote 31] Based on our site visits, screening was performed by a 
variety of personnel in these locations, including ferry crew members, 
contracted security screeners, and state or local law enforcement. 
[Footnote 32] 

Among the ferry systems we visited, canine and manual screening 
methods were utilized. Additionally, one passenger-only ferry system 
we visited screened passengers and baggage using walk-through metal 
detectors and baggage belts. According to a Coast Guard report on 
ferry security, canine screening provides a reliable and proven method 
for detecting concealed explosives.[Footnote 33] The report also 
states that canines provide advantages of superior mobility and the 
ability to follow a scent directly to its source--citing that canines 
have a higher probability of detection compared to manual, x-ray, and 
trace detection methods. Finally, the report states that while manual 
screening is considered a nontechnological screening option, it allows 
for higher passenger throughput than other screening devices. 

Screening operations differ by ferry system due to various factors, 
including system characteristics, state laws, and resource 
availability. System characteristics like passenger throughput 
influence the screening method an operator may feasibly implement, as 
passenger processing rates vary across technologies. For example, two 
ferry operators we interviewed reported that certain screening 
technologies would not be able to accommodate their high passenger 
throughput. Additionally, state provisions, under certain 
circumstances, may limit the ability of security personnel to perform 
certain screening methods. For example, state police officers who 
perform canine screening at one ferry system we visited reported that 
state case law generally prohibits them from opening a vehicle trunk 
without the driver's consent or a search warrant. However, when a 
canine detects a potential threat associated with a vehicle and the 
driver does not consent to trunk screening, officers notify the ferry 
captain. Under the ferry system's security procedures, anyone denying 
such a screening will be prohibited from boarding, preventing a 
potential risk from boarding the ferry. Furthermore, funding may also 
pose a limiting factor in designing security operations. A 2005 Coast 
Guard report on ferry screening indicates that costs vary across 
screening methods, stating that canine screening is over three times 
more expensive than manual screening. The report also notes that 
startup programs for two canines and their handlers are estimated to 
cost $250,000.[Footnote 34] In July 2010, one port security 
stakeholder we interviewed stated that in addition to training costs, 
their four canine units cost $160,000 per year. 

Coast Guard data show that while ferry security deficiency rates 
varied compared to other vessel types, ferry facility deficiency rates 
were generally lower compared to other facility types. Of the nearly 
700 inspections conducted on high capacity passenger ferries during 
calendar years 2006 through 2009, the Coast Guard identified 48 
deficiencies.[Footnote 35] Officials stated that overall, ferry 
security deficiencies were generally no more severe than deficiencies 
cited for cargo vessels and other passenger vessels. As shown in 
figure 5, among nine vessel types, the relative ranking of security 
deficiency rates for ferries--including both high capacity and smaller 
capacity passenger ferries--varied from 2006 to 2009. 

Figure 5: Security Deficiencies by Vessel Type, 2006 through 2009: 

[Refer to PDF for image: vertical bar graph] 

Vessel type: Ferry; 
Deficiency rate[A]: 
2006: 0.29; 
2007: 0.29; 
2008: 0.13; 
2009: 0.32. 

Vessel type: Cruise ship; 
Deficiency rate[A]: 
2006: 0.11; 
2007: 0.33; 
2008: 0.08; 
2009: 0.09. 

Vessel type: Excursion tour vessel; 
Deficiency rate[A]: 
2006: 0.7; 
2007: 0.28; 
2008: 0.39; 
2009: 0.89. 

Vessel type: General dry cargo ship; 
Deficiency rate[A]: 
2006: 0.23; 
2007: 0.3; 
2008: 0.14; 
2009: 0.25. 

Vessel type: Bulk carrier; 
Deficiency rate[A]: 
2006: 0.08; 
2007: 0.21; 
2008: 0.05; 
2009: 0.02. 

Vessel type: Tank ship; 
Deficiency rate[A]: 
2006: 0.23; 
2007: 0.11; 
2008: 0.11; 
2009: 0.21. 

Vessel type: Ro-Ro cargo ship; 
Deficiency rate[A]: 
2006: 0.22; 
2007: 0.29; 
2008: 0.17; 
2009: 0.11. 

Vessel type: Barge; 
Deficiency rate[A]: 
2006: 0.01; 
2007: 0.01; 
2008: 0.01; 
2009: 0.01. 

Vessel type: Towing vessel; 
Deficiency rate[A]: 
2006: 0.18; 
2007: 0.02; 
2008: 0.01; 
2009: 0.01. 

Source: U.S. Coast Guard. 

[A] Within each vessel type, the deficiency rate is the number of 
deficiencies divided by the number of regulated vessels each year. 

[End of figure] 

Coast Guard officials stated that ferry security deficiencies were 
commonly found in the following areas: security plan audits and 
amendments; drills and exercises; records and documentation; and 
access control procedures, including monitoring of secure and 
restricted areas. Coast Guard officials at agency headquarters 
reported that operators were particularly responsive to correcting 
deficiencies, because they understood that deficiencies could lead the 
Coast Guard to remove a vessel from service and interrupt operations. 

With regard to ferry facilities, the Coast Guard identified nearly 
1,300 deficiencies in conducting a total of nearly 3,200 ferry 
facility inspections during calendar years 2006 through 2009. 
According to Coast Guard officials, the majority of the deficiencies 
were related to (1) operations or management issues, such as the 
failure of the security officers to properly perform their duties 
related to required drills or personnel training and (2) documentation 
issues such as the security officer failing to post security signage, 
document security responsibilities, drills or training, or submit 
security plan amendments. Coast Guard officials stated that compared 
to other types of facilities, ferry facilities tended to have more 
security requirements yet they generally outperformed other types of 
facilities in meeting requirements. As shown in figure 6, ferry 
facilities generally had the lowest deficiency rate compared to eight 
other facilities during the period 2006 through 2009. 

Figure 6: Security Deficiencies by Facility Type, 2006 through 2009: 

[Refer to PDF for image: vertical bar graph] 

Facility type: Ferry; 
Deficiency rate[A]: 
2006: 0.61; 
2007: 0.86; 
2008: 0.65; 
2009: 0.84. 

Facility type: Cruise Ship; 
Deficiency rate[A]: 
2006: 1.18; 
2007: 1.29; 
2008: 0.66; 
2009: 0.93. 

Facility type: Bulk Dry/Solid; 
Deficiency rate[A]: 
2006: 1.28; 
2007: 1.47; 
2008: 1.08; 
2009: 1.07. 

Facility type: Break Bulk; 
Deficiency rate[A]: 
2006: 1.48; 
2007: 1.75; 
2008: 1.52; 
2009: 1.44. 

Facility type: Bulk Liquid; 
Deficiency rate[A]: 
2006: 0.77; 
2007: 1.16; 
2008: 0.95; 
2009: 1.14. 

Facility type: Bulk Oil; 
Deficiency rate[A]: 
2006: 0.92; 
2007: 1.24; 
2008: 0.96; 
2009: 0.89. 

Facility type: Barge Fleeting; 
Deficiency rate[A]: 
2006: 2.48; 
2007: 0.45; 
2008: 3.03; 
2009: 3.72. 

Facility type: Assist/Escort Tug; 
Deficiency rate[A]: 
2006: 1.64; 
2007: 1.29; 
2008: 0.79; 
2009: 1.07. 

Facility type: Boat Ramp; 
Deficiency rate[A]: 
2006: 0.67; 
2007: 0.76; 
2008: 0.67; 
2009: 0.19. 

Source: U.S. Coast Guard. 

[A] Within each facility type, the deficiency rate is the number of 
deficiencies recorded each year divided by the number of regulated 
facilities recorded in 2008. Ferry facilities may service both high 
capacity ferries and smaller ferries. 

[End of figure] 

The Coast Guard May Be Missing Opportunities to Enhance Ferry Security: 

The Coast Guard has reported taking various actions to help secure 
ferries, but may be missing opportunities to further enhance ferry 
security, particularly with respect to enhancing screening measures 
because it has not evaluated and, if determined warranted, acted on 
all of the findings and recommendations from several ferry security 
reports completed in 2005 and 2006. In addition, the Coast Guard has 
not reassessed its vehicle screening requirements since 2004. 

The Coast Guard Has Not Evaluated and, if Determined Warranted, Acted 
on Report Findings and Recommendations: 

The Coast Guard spent $1.5 million on contracted studies related to 
ferry security, but has not evaluated and, if determined warranted, 
taken action to address all of the findings and recommendations from 
these studies even though their results were issued in 2005 and 2006. 
Recognizing the security risk posed by vehicle-borne improvised 
explosive devices, the Coast Guard, in consultation with various other 
entities, initiated five studies to conduct more comprehensive 
research and development to enhance security on ferries.[Footnote 36] 
According to Coast Guard documentation from 2004, these studies were 
aimed at establishing a new benchmark for ferry screening and 
enhancing the agency's ability to focus on improving security 
practices, screening technology, and identification of explosive 
hazards. In addition, the document states that the Coast Guard should 
convene an interagency working group with private sector 
representation from the ferry industry to identify areas for 
improvement in the screening process by discussing (a) previously 
implemented screening practices and (b) information from the studies 
once they were completed. The five studies resulted in three reports 
with key findings related to the screening of vehicles boarding a 
ferry, and two of them made recommendations to the Coast Guard. 

The ferry security reports included several findings and 
recommendations. Two of the reports included classified 
recommendations which can not be discussed in our report. The third 
report, issued by ABSG Consulting in April 2005, reported on the 
completed consequence studies that were conducted and included 
classified findings on the potential consequences of a vehicle-borne 
improvised explosive device, but no recommendations resulted from this 
report. The objectives of the consequences studies were to predict 
structural damage to the selected ferries from different charge sizes, 
locations, and methods of attack. 

The Coast Guard has not evaluated and, if determined warranted, taken 
actions on the ferry security reports. Standards for Internal Control 
in the Federal Government state that agencies should have policies and 
procedures for ensuring that findings of audits and other reviews are 
promptly resolved. The guidance further states that managers are to 
(1) promptly evaluate findings from audits and other reviews, 
including those showing deficiencies and recommendations reported by 
auditors and others who evaluate agencies' operations; (2) determine 
proper actions in response to findings and recommendations from audits 
and reviews; and (3) complete, within established time frames, all 
actions that correct or otherwise resolve the matters brought to 
management's attention.[Footnote 37] Although Coast Guard program 
officials stated that the agency does not have a process for 
addressing, responding to, or documenting recommendations stemming 
from research and development studies, they stated that once they 
receive a report they generally review its recommendations and seek 
feedback from Coast Guard program specialists and field units as well 
as industry stakeholders. After this, Coast Guard officials stated 
that they work with port captains and industry stakeholders to 
implement feasible security measures. Coast Guard Research and 
Development officials we met with told us that after the 2005 National 
Ferry Security Study was issued, they communicated the report findings 
to various entities, including the Coast Guard Commandant, Area 
Maritime Security Committees, and stakeholders at the ports included 
in the ferry study. In addition, a 2005 informational memorandum to 
the Secretary of Homeland Security from the Commandant indicated that 
the Coast Guard, in consultation with TSA and the Office for Domestic 
Preparedness, planned to implement new security measures to mitigate 
the risk of an improvised explosive device as a result of the ferry 
security studies. However, in May 2010, Coast Guard program officials 
stated that there were no current actions being taken to address the 
findings and recommendations from the National Ferry Security Study. 
Coast Guard officials explained that the ferry security reports were 
released when the agency was undergoing an internal reorganization and 
as a result the reports were not sent to the appropriate unit after 
the reorganization--which they also believe is the likely reason for 
why no further actions were taken to evaluate or address the reports' 
findings and recommendations. 

In June 2010, Coast Guard program officials reported that they were 
taking actions to improve ferry security through ongoing rulemaking 
and guidance development efforts. Coast Guard officials stated that 
they were in the process of revising the MTSA regulations, through 
which they would amend security training for vessel and facility 
personnel--including ferry screening personnel. Coast Guard officials 
stated that they began these revisions in late 2006, but had to divert 
their attention to the implementation of the Transportation Worker 
Identification Credential program in 2007, and thus, were delayed in 
developing the MTSA regulation revisions. The Coast Guard plans to 
finalize the MTSA regulatory revisions through the proposed rulemaking 
process. In addition, Coast Guard officials stated that they have been 
developing a Navigation and Vessel Inspection Circular for about 2 
years to provide updated guidance for ferry screening. The guidance is 
intended to update existing screening policies and assist owners or 
operators of ferries and ferry facilities in the prevention of 
security incidents by developing and implementing more effective 
passenger screening programs appropriate for each maritime security 
threat level. Although the officials reported these efforts initially 
began in about 2005 or 2006, they did not expect the Navigation and 
Vessel Inspection Circular to be published until fall 2010. Coast 
Guard officials further reported that they plan to review the 2005 and 
2006 reports to determine if additional changes should be incorporated 
into their ongoing development of the Navigation and Vessel Inspection 
Circular. However, officials stated that they could not delay the 
publication of the MTSA regulatory revisions currently under 
development, and thus, it was unlikely they would make any major ferry-
related changes in this rulemaking as a result of reviewing the 2005 
and 2006 reports. Furthermore, Coast Guard officials also informed us 
that DHS is currently evaluating the feasibility of developing 
standards for nonfederal canine programs. The Captain of the Port 
determines whether the qualifications of the canine program used by 
screening personnel are sufficient, as standards for private or 
nonfederal canine programs do not exist as they do for federal canine 
programs.[Footnote 38] 

Although these ongoing efforts may address some of the findings and 
recommendations from the 2005 and 2006 reports, it is not evident that 
the Coast Guard utilized the reports or their recommendations to 
inform the agency's decision making, as officials could not confirm 
whether the 2005 and 2006 reports were the catalyst for the agency's 
actions. In addition, Coast Guard officials confirmed that the ongoing 
actions will not address all of the findings and recommendations from 
the reports. As a result of our work on ferry security, in August 
2010, Coast Guard officials stated that they believe the ferry 
security reports can still provide valuable information and they plan 
to begin evaluating the reports in fall 2010. After conducting this 
evaluation of the reports and considering their recommendations, the 
Coast Guard could be in a better position to determine if additional 
actions could be taken to improve the security of ferries and their 
facilities. Moreover, fully evaluating the study results could assist 
the Coast Guard in determining if its current proposed actions will 
address previously identified deficiencies. 

The Coast Guard Has Not Reassessed Vehicle Screening Requirements in 
Accordance with Agency Guidance: 

Although agency documents have suggested that the Coast Guard reassess 
its vehicle screening requirements for ferry operators, the Coast 
Guard has not taken action to update these requirements since 2004. 
[Footnote 39] Along with MTSA regulations pertaining to vehicle 
screening, the Coast Guard established minimum screening requirements 
for vehicles boarding ferries in a November 2003 Coast Guard maritime 
security directive.[Footnote 40] In September 2004, the Coast Guard 
issued another maritime security directive which increased minimum 
vehicle screening requirements for high capacity passenger ferries, 
citing the use of a vehicle-borne improvised explosive device by a 
terrorist as a primary concern for ferries.[Footnote 41] The directive 
cited three factors that contributed to the decision to increase 
vehicle screening requirements: (1) an increase in suspicious activity 
in the preceding 2 years, (2) possible surveillance of ferry 
operations during that same period, and (3) an anticipated increase in 
risk associated with the January 2005 presidential inauguration. The 
directive further stated that following the period of increased risk 
related to the inauguration and the completion of the aforementioned 
studies on ferry security, screening requirements would be reassessed. 
The directive also called for the establishment of a workgroup to 
address the new screening levels and develop a strategy to monitor 
vehicle screening effectiveness. Lastly, a 2004 Coast Guard document 
on ferry screening stated that the agency should monitor threats to 
ferries and continually reassess screening requirements relative to 
specific threats. 

Despite Coast Guard documents from 2004 stating that a reassessment of 
the screening requirements should be conducted when the ferry security 
studies were completed or if the threat were to change--both of which 
have occurred--as of May 2010, Coast Guard officials stated that they 
had not taken action to reassess and update the requirements since the 
2004 security directive. Reviewing the screening requirements could 
provide the Coast Guard with reasonable assurance that it is setting 
standards for ferry operators that mitigate current threats to ferries 
and take into account the needs of ferry operators in maintaining 
their operations. Again, as a result of our work on ferry security, in 
August 2010, Coast Guard officials stated that they intended to begin 
reviewing the ferry security reports in fall 2010. According to one of 
these officials, although the agency's review of the ferry security 
reports could result in a change to the vehicle screening 
requirements, the agency did not have a specific plan to reassess the 
vehicle screening requirements. 

Conclusions: 

Given the attractiveness of ferries as targets for terrorists and the 
importance of ferry systems as a transportation mode, it is important 
that maritime security stakeholders regularly assess risks and take 
action to best ensure their security. Certainly, federal agencies and 
maritime security stakeholders have implemented security measures to 
enhance ferry system security, and in 2005, the Coast Guard recognized 
the need to further enhance ferry system security. However, the Coast 
Guard's attention was then diverted to other agency priorities and 
thus the agency did not proactively evaluate and take action, if 
determined appropriate, on the findings and recommendations from the 
2005 and 2006 ferry security reports. The reports provide information 
for potentially improving the detection of vehicle-borne improvised 
explosive devices and enhancing security across the nation's ferry 
systems, and in August 2010, Coast Guard officials acknowledged the 
value of this information. Fully assessing and considering these 
report findings and recommendations could provide the Coast Guard with 
valuable information that could augment ferry security. After 
evaluating the report findings and recommendations, the Coast Guard 
could be in a better position to determine what additional actions, if 
any, should be taken to enhance ferry security. 

In addition, although Coast Guard documentation from 2004 states that 
the agency should reassess its vehicle screening requirements after 
the results of the ferry security reports are issued or if the threat 
changes, it has not yet taken action to do so. Taking action to 
reassess screening requirements could provide the Coast Guard with key 
information to help improve its vehicle screening requirements. Thus, 
the Coast Guard could be in a better position to set standards for 
ferry operators that take into consideration the needs of the ferry 
systems to maintain operations while also protecting against current 
threats. 

Recommendations for Executive Action: 

To ensure that the Coast Guard considers all known options for 
securing the ferry transportation system and is not missing 
opportunities to enhance ferry security, we recommend that the 
Commandant of the Coast Guard take the following two actions: 

(1) after fully evaluating the findings and recommendations from the 
Coast Guard's 2005 and 2006 ferry security reports, take appropriate 
actions to address the findings and recommendations identified in 
these reports; and: 

(2) upon review of the reports, ensure that vehicle screening 
requirements are set at an appropriate level that considers both the 
risks to and operating requirements of ferry systems, and when 
warranted, reassess screening requirements for ferries and make 
changes as appropriate. 

Agency Comments: 

We provided a draft of the sensitive version of this report to the 
Departments of Homeland Security, State, and Interior for their review 
and comment. DHS did not provide official written comments to include 
in our report. However, in an e-mail received on September 23, 2010, 
the DHS liaison stated that DHS concurred with our recommendations. 
DHS provided written technical comments, which we incorporated into 
the report, as appropriate. The Departments of State and Interior 
responded that they did not have any comments on the report. 

We are sending copies of this report to the Secretaries of Homeland 
Security, the Interior, and State; and interested congressional 
committees as appropriate. The report is also available at no charge 
on the GAO Web site at [hyperlink, http://www.gao.gov]. 

If you or your staff have any questions about this report, please 
contact me at (202) 512-9610 or caldwells@gao.gov. Contact points for 
our Offices of Congressional Relations and Public Affairs may be found 
on the last page of this report. Key contributors to this report are 
listed in appendix I. 

Sincerely yours, 

Signed by: 

Stephen L. Caldwell: 
Director, Homeland Security and Justice Issues: 

[End of section] 

Appendix I: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

Stephen L. Caldwell, (202) 512-9610 or caldwells@gao.gov: 

Staff Acknowledgments: 

In addition to the contact named above, Dawn Hoff, Assistant Director, 
and Jonathan Bachman, analyst-in-charge, managed this assignment. 
Tracey Cross and Christine Hanson made significant contributions to 
the work. Stanley Kostyla assisted with design and methodology. 
Geoffrey Hamilton provided legal support. Jessica Orr provided 
assistance in report preparation. Josh Ormond and Lydia Araya 
developed the report's graphics. 

[End of section] 

Related GAO Products: 

Maritime Security: DHS Progress and Challenges in Key Areas of Port 
Security. [hyperlink, http://www.gao.gov/products/GAO-10-940T]. 
Washington, D.C.: July 21, 2010. 

Maritime Security: Varied Actions Taken to Enhance Cruise Ship 
Security, but Some Concerns Remain. [hyperlink, 
http://www.gao.gov/products/GAO-10-400]. Washington, D.C.: April 9, 
2010. 

Supply Chain Security: Feasibility and Cost-Benefit Analysis Would 
Assist DHS and Congress in Assessing and Implementing the Requirement 
to Scan 100 Percent of U.S.-Bound Containers. [hyperlink, 
http://www.gao.gov/products/GAO-10-12]. Washington, D.C.: October 30, 
2009. 

Maritime Security: Vessel Tracking Systems Provide Key Information, 
but the Need for Duplicate Data Should Be Reviewed. [hyperlink, 
http://www.gao.gov/products/GAO-09-337]. Washington, D.C.: March 17, 
2009. 

Supply Chain Security: CBP Works with International Entities to 
Promote Global Customs Security Standards and Initiatives, but 
Challenges Remain. [hyperlink, 
http://www.gao.gov/products/GAO-08-538]. Washington, D.C.: August 15, 
2008. 

Maritime Security: National Strategy and Supporting Plans Were 
Generally Well-Developed and Are Being Implemented. [hyperlink, 
http://www.gao.gov/products/GAO-08-672]. Washington, D.C.: June 20, 
2008. 

Supply Chain Security: Challenges to Scanning 100 Percent of U.S.-
Bound Cargo Containers. [hyperlink, 
http://www.gao.gov/products/GAO-08-533T]. Washington, D.C.: June 12, 
2008. 

Supply Chain Security: U.S. Customs and Border Protection Has Enhanced 
Its Partnership with Import Trade Sectors, but Challenges Remain in 
Verifying Security Practices. [hyperlink, 
http://www.gao.gov/products/GAO-08-240]. Washington, D.C.: April 25, 
2008. 

Maritime Security: Coast Guard Inspections Identify and Correct 
Facility Deficiencies, but More Analysis Needed of Program's Staffing, 
Practices, and Data. [hyperlink, 
http://www.gao.gov/products/GAO-08-12]. Washington, D.C.: February 14, 
2008. 

Supply Chain Security: Examinations of High-Risk Cargo at Foreign 
Seaports Have Increased, but Improved Data Collection and Performance 
Measures Are Needed. [hyperlink, 
http://www.gao.gov/products/GAO-08-187]. Washington, D.C.: January 25, 
2008. 

Maritime Security: Federal Efforts Needed to Address Challenges in 
Preventing and Responding to Terrorist Attacks on Energy Commodity 
Tankers. [hyperlink, http://www.gao.gov/products/GAO-08-141]. 
Washington, D.C.: December 10, 2007. 

Maritime Security: The SAFE Port Act: Status and Implementation One 
Year Later. [hyperlink, http://www.gao.gov/products/GAO-08-126T]. 
Washington, D.C.: October 30, 2007. 

Combating Nuclear Smuggling: Additional Actions Needed to Ensure 
Adequate Testing of Next Generation Radiation Detection Equipment. 
[hyperlink, http://www.gao.gov/products/GAO-07-1247T]. Washington, 
D.C.: September 18, 2007. 

Information on Port Security in the Caribbean Basin. [hyperlink, 
http://www.gao.gov/products/GAO-07-804R]. Washington, D.C.: June 29, 
2007. 

Port Risk Management: Additional Federal Guidance Would Aid Ports in 
Disaster Planning and Recovery. [hyperlink, 
http://www.gao.gov/products/GAO-07-412]. Washington, D.C.: March 28, 
2007. 

Maritime Security: Public Safety Consequences of a Terrorist Attack on 
a Tanker Carrying Liquefied Natural Gas Need Clarification. 
[hyperlink, http://www.gao.gov/products/GAO-07-316]. Washington, D.C.: 
February 22, 2007. 

Coast Guard: Observations on the Preparation, Response, and Recovery 
Missions Related to Hurricane Katrina. [hyperlink, 
http://www.gao.gov/products/GAO-06-903]. Washington, D.C.: July 31, 
2006. 

Maritime Security: Information Sharing Efforts Are Improving. 
[hyperlink, http://www.gao.gov/products/GAO-06-933T]. Washington, 
D.C.: July 10, 2006. 

Cargo Container Inspections: Preliminary Observations on the Status of 
Efforts to Improve the Automated Targeting System. [hyperlink, 
http://www.gao.gov/products/GAO-06-591T]. Washington, D.C.: March 30, 
2006. 

Risk Management: Further Refinements Needed to Assess Risks and 
Prioritize Protective Measures at Ports and Other Critical 
Infrastructure. [hyperlink, http://www.gao.gov/products/GAO-06-91]. 
Washington, D.C.: December 15, 2005. 

Homeland Security: Key Cargo Security Programs Can Be Improved. 
[hyperlink, http://www.gao.gov/products/GAO-05-466T]. Washington, 
D.C.: May 26, 2005. 

Maritime Security: Enhancements Made, But Implementation and 
Sustainability Remain Key Challenges. GAO-05-448T. Washington, D.C.: 
May 17, 2005. 

Container Security: A Flexible Staffing Model and Minimum Equipment 
Requirements Would Improve Overseas Targeting and Inspection Efforts. 
[hyperlink, http://www.gao.gov/products/GAO-05-557]. Washington, D.C.: 
April 26, 2005. 

Maritime Security: New Structures Have Improved Information Sharing, 
but Security Clearance Processing Requires Further Attention. 
[hyperlink, http://www.gao.gov/products/GAO-05-394]. Washington, D.C.: 
April 15, 2005. 

Cargo Security: Partnership Program Grants Importers Reduced Scrutiny 
with Limited Assurance of Improved Security. [hyperlink, 
http://www.gao.gov/products/GAO-05-404]. Washington, D.C.: March 11, 
2005. 

Maritime Security: Better Planning Needed to Help Ensure an Effective 
Port Security Assessment Program. [hyperlink, 
http://www.gao.gov/products/GAO-04-1062]. Washington, D.C.: September 
30, 2004. 

Maritime Security: Partnering Could Reduce Federal Costs and 
Facilitate Implementation of Automatic Vessel Identification System. 
[hyperlink, http://www.gao.gov/products/GAO-04-868]. Washington, D.C.: 
July 23, 2004. 

Maritime Security: Substantial Work Remains to Translate New Planning 
Requirements into Effective Port Security. [hyperlink, 
http://www.gao.gov/products/GAO-04-838]. Washington, D.C.: June 30, 
2004. 

Homeland Security: Summary of Challenges Faced in Targeting Oceangoing 
Cargo Containers for Inspection. [hyperlink, 
http://www.gao.gov/products/GAO-04-557T]. Washington, D.C.: March 31, 
2004. 

Homeland Security: Preliminary Observations on Efforts to Target 
Security Inspections of Cargo Containers. [hyperlink, 
http://www.gao.gov/products/GAO-04-325T]. Washington, D.C.: December 
16, 2003. 

Maritime Security: Progress Made in Implementing Maritime 
Transportation Security Act, but Concerns Remain. [hyperlink, 
http://www.gao.gov/products/GAO-03-1155T]. Washington, D.C.: September 
9, 2003. 

Combating Terrorism: Interagency Framework and Agency Programs to 
Address the Overseas Threat. [hyperlink, 
http://www.gao.gov/products/GAO-03-165]. Washington, D.C.: May 23, 
2003. 

Nuclear Nonproliferation: U.S. Efforts to Combat Nuclear Smuggling. 
[hyperlink, http://www.gao.gov/products/GAO-02-989T]. Washington, 
D.C.: July 30, 2002. 

Coast Guard: Vessel Identification System Development Needs to Be 
Reassessed. [hyperlink, http://www.gao.gov/products/GAO-02-477]. 
Washington, D.C.: May 24, 2002. 

[End of section] 

Footnotes: 

[1] Ferry data are based on results from the 2008 National Census of 
Ferry Operators. These data were self-reported by respondents to the 
census, include other sources of ferry data, and are the latest data 
available. The Bureau of Transportation Statistics has ferry data 
available for censuses taken in 2000, 2006, and 2008. 

[2] U.S. Coast Guard Research and Development Center, National Ferry 
Security Study (Groton, Conn.: May 2005); Michael D. Greenberg, Peter 
Chalk, Henry H. Willis, Ivan Khilko, and David S. Ortiz, Maritime 
Terrorism: Risk and Liability (Santa Monica, Calif.: RAND Corporation, 
2006). 

[3] Pub. L. No. 107-295, 116 Stat. 2064 (2002). 

[4] GAO, Maritime Security: Varied Actions Taken to Enhance Cruise 
Ship Security, but Some Concerns Remain, [hyperlink, 
http://www.gao.gov/products/GAO-10-400] (Washington, D.C.: Apr. 9, 
2010). 

[5] Some passenger ferries may also carry cargo and/or vehicles in 
addition to passengers. 

[6] Risk is a function of three elements: (1) threat--the probability 
that a specific type of attack will be initiated against a particular 
target/class of targets, (2) vulnerability--the probability that a 
particular attempted attack will succeed against a particular target 
or class of targets, and (3) consequence--the expected worst case or 
worst reasonable adverse impact of a successful attack. 

[7] The National Infrastructure Protection Plan provides the unifying 
structure and overall framework for the integration of critical 
infrastructure and key resource protection into a single national 
program. 

[8] Coast Guard Sectors run all Coast Guard missions at the local and 
port level, such as search and rescue, port security, environmental 
protection, and law enforcement in ports and surrounding waters, and 
oversee a number of smaller Coast Guard units, including small 
cutters, small boat stations, and Aids to Navigation teams. The Coast 
Guard is divided into 35 Sectors. 

[9] At these five locations, we made observations of six ferry 
systems. Two of the locations also received international ferries. In 
addition to the Coast Guard, we interviewed a total of eight federal, 
state, or local law enforcement agencies; seven ferry operators or 
port authorities; and one Area Maritime Security Committee chair at 
these locations; and one CBP unit at a foreign port. 

[10] During this time, we were concurrently working on another 
passenger vessel security report, issued in April 2010; see GAO-10-
400. In addition, we were also developing the sensitive version of 
this ferry security report, issued in October 2010. 

[11] U.S. Department of Transportation, Research and Innovative 
Technology Administration, Bureau of Transportation Statistics, 
National Census of Ferry Operators 2008, hyperlink, 
http://www.transtats.bts.gov/tables.asp?DB_ID=616&DB_Name=&DB_Short_Name
] (Accessed May 21, 2010). 

[12] For example, the Homeland Security Act of 2002 (Pub. L. No. 107- 
296, §201, 116 Stat. 2135, 2146 (2002)) requires DHS to perform risk 
assessments of key resources and critical infrastructure, and the 
Intelligence Reform and Terrorism Prevention Act of 2004 (Pub. L. No. 
108-458, §4001, 118 Stat. 3638, 3710 (2004)) requires that DHS's 
National Strategy for Transportation Security include the development 
of risk-based priorities across all transportation modes. 

[13] The Captain of the Port is the Coast Guard officer designated by 
the Commandant to enforce within his or her respective areas port 
safety and security and marine environmental protection regulations, 
including, without limitation, regulations for the protection and 
security of vessels, harbors, and waterfront facilities. 

[14] [hyperlink, http://www.gao.gov/products/GAO-10-400]. 

[15] For more information on risk assessment models used in the 
aviation transportation mode, see GAO, Transportation Security: 
Comprehensive Risk Assessments and Stronger Internal Controls Needed 
to Help Inform TSA Resource Allocation, [hyperlink, 
http://www.gao.gov/products/GAO-09-492] (Washington D.C.: Mar. 27, 
2009). 

[16] Transportation Research Board's Transit Cooperative Research 
Program, Security Measures for Ferry Systems (Washington, D.C.: 2006). 

[17] GAO, Maritime Security: Federal Efforts Needed to Address 
Challenges in Preventing and Responding to Terrorist Attacks on Energy 
Commodity Tankers, [hyperlink, http://www.gao.gov/products/GAO-08-141] 
(Washington, D.C.: Dec. 10, 2007). 

[18] GAO, Commercial Vehicle Security: Risk-Based Approach Needed to 
Secure the Commercial Vehicle Sectors, [hyperlink, 
http://www.gao.gov/products/GAO-09-85] (Washington, D.C.: Feb. 27, 
2009). 

[19] Admissibility inspections are conducted to determine the 
nationality and identity of each person wishing to enter the United 
States and to prevent the entry of inadmissible aliens, including 
those thought to be criminals, terrorists, or drug traffickers. In 
this example, the inspection would be conducted while the ferry is 
still in a Canadian port. 

[20] MTSA and its implementing regulations require that ferry and 
ferry facility operators develop security plans and that the Coast 
Guard review and approve these plans to ensure they are sufficient to 
mitigate identified vulnerabilities and that stakeholders are 
complying with them. 

[21] Some ferries operate out of public access facilities for which 
the Coast Guard does not conduct security inspections. For those 
facilities the Coast Guard does inspect, agency guidance requires that 
inspections: (a) ensure the facility complies with the Facility 
Security Plan; (b) ensure the approved Facility Security Plan/ 
Alternative Security Program adequately addresses the performance- 
based criteria as outlined in 33 CFR 105; (c) ensure the adequacy of 
the Facility Security Assessment and the Facility Vulnerability and 
Security Measures Summary (Coast Guard-6025); and (d) ensure that the 
measures in place adequately address the vulnerabilities. 

[22] The total number of MTSA-regulated ferry facilities can vary from 
year to year due to some facilities receiving waivers from MTSA 
regulations or discontinuing their operations. 

[23] Operation Neptune Shield escort percentages are classified. To 
meet escort requirements, the Coast Guard may receive assistance from 
local law enforcement, provided the escorting vessel is equipped 
comparably to Coast Guard vessels. According to Coast Guard officials, 
the Captain of the Port uses historical data for the purpose of 
determining which ferries to escort. 

[24] Seven of the Coast Guard's 35 Sectors did not have any type of 
high capacity passenger vessel operating within their respective area 
of responsibility. 

[25] Coast Guard data on escorts do not differentiate between types of 
high capacity passenger vessels, such as ferries, cruise ships, or 
excursion vessels. Accordingly, it is not possible to determine the 
number of escorts that were performed on ferries or the number of 
ferry transits that did not receive escorts. 

[26] TSA's canine training program consists of a 10-week course which 
pairs law enforcement officers from across the country with canines 
specifically bred for the program. Officers and canines learn to work 
together while being trained to locate and identify a wide variety of 
dangerous materials. 

[27] Pub. L. No. 109-347, § 122, 120 Stat. 1884, 1899 (2006). 

[28] In addition to security actions taken on behalf of the ferry 
operators, state and local law enforcement agencies may engage in 
ferry security efforts as part of their broader law enforcement or 
antiterrorism activities. 

[29] The maritime security threat level is a three tiered rating of 
the terrorist threat in the maritime environment. 

[30] In one location the Coast Guard approved a slight decrease in the 
minimum vehicle screening requirements so the ferry operator could 
more randomly screen and more effectively mitigate risk. 

[31] Required knowledge includes areas such as current security 
threats and patterns; testing, calibration, operation, and maintenance 
of security equipment and systems; methods of physical screening of 
persons; inspection, control, and monitoring techniques; recognition 
of characteristics and behavioral patterns of persons who are likely 
to threaten security; and recognition and detection of dangerous 
substances and devices. 

[32] At one ferry system where both law enforcement and contractors 
participated in security operations, officials stated that personnel 
conducting screening may have varying authorities. For example, sworn 
law enforcement officers would typically have the authority to take 
additional actions beyond those that ferry employees or contractors 
may have been able to take, such as detaining a passenger suspected of 
committing or attempting to commit an illegal act. 

[33] U.S. Coast Guard Research and Development Center, National Ferry 
Security Study (Groton, Conn.: May 2005). 

[34] U.S. Coast Guard Research and Development Center, National Ferry 
Security Study (Groton, Conn.: May 2005). 

[35] The reported number of deficiencies does not include deficiencies 
that may still be open. Coast Guard officials reported that 
deficiencies could be considered open for a number of reasons, such as 
an appeal of the deficiency. Officials stated that prior year 
deficiencies should all be closed, though it is possible that some may 
still be open. According to the Coast Guard's standardized inspection 
checklist, inspectors can check operators' compliance with 
approximately 150 items, many of which could result in more than one 
deficiency. In addition to the items addressed during the inspection, 
other items such as failure to resolve or acquire waivers for 
previously cited deficiencies could generate further deficiencies. 
Conversely, some inspection items may not apply to certain facilities. 
For example, one item applies only to facilities which serve vessels 
that carry vehicles. 

[36] The five studies included a general study, a consequence 
assessment, an explosion screening effectiveness and technology study, 
a study to collect data on screening technology in the ferry-operating 
environment, and a system analysis and deterrence effectiveness study. 
These studies were conducted by members of an integrated product team 
that included members from the Coast Guard's Research and Development 
Center, DHS's Science and Technology Directorate, Department of 
Transportation's Maritime Administration, the Department of Defense's 
Technical Support Working Group, TSA, Homeland Security Institute, and 
ABSG Consulting. 

[37] Federal guidance on internal control also states that the 
resolution process begins when audit or other review results are 
reported to management, and is completed only after action has been 
taken that (1) corrects identified deficiencies, (2) produces 
improvements, or (3) demonstrates the findings and recommendations do 
not warrant management action. In addition, the consideration of 
findings of reviews and audits is a means for an agency to identify 
risk. See GAO, Standards for Internal Control in the Federal 
Government, [hyperlink, 
http://www.gao.gov/products/GAO/AIMD-00-21.3.1] (Washington, D.C.: 
November 1999). 

[38] Participants in TSA's Transit Security Grant Program and DHS's 
Homeland Security Grant Program are required to maintain data to 
document compliance with guidelines for their explosives detection 
canine teams. These guidelines were developed by a scientific working 
group that included officials from DHS. See GAO, TSA's Explosives 
Detection Canine Program: Status of Increasing Number of Explosives 
Detection Canine Teams, [hyperlink, 
http://www.gao.gov/products/GAO-08-933R] (Washington, D.C.: July 2008). 

[39] The requirements employed a random strategy designed to provide 
an effective level of deterrence while also balancing the need to 
maintain an efficient flow of commerce. 

[40] While the Coast Guard required ferry operators to incorporate 
screening into their security plans--plans the Coast Guard must 
approve--operators were permitted to select the method of screening. 
The Captain of the Port may change screening requirements based on 
changes in the risk to or threat level at the port. 

[41] Through the security directive the Coast Guard increased minimum 
screening requirements for vehicles and large enclosed vehicles at two 
of the three maritime security threat levels. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: