[Senate Hearing 110-1183] [From the U.S. Government Publishing Office] S. Hrg. 110-1183 OVERSIGHT OF THE TRANSPORTATION SECURITY ADMINISTRATION (TSA): EXAMINING THE TSA'S EFFORTS AND PROGRESS ON H.R. 1, IMPLEMENTING RECOMMENDATIONS OF THE 9/11 COMMISSION ACT OF 2007 ======================================================================= HEARING before the COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION UNITED STATES SENATE ONE HUNDRED TENTH CONGRESS FIRST SESSION __________ OCTOBER 16, 2007 __________ Printed for the use of the Committee on Commerce, Science, and Transportation U.S. GOVERNMENT PRINTING OFFICE 76-586 WASHINGTON : 2012 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Printing Office, http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202�09512�091800, or 866�09512�091800 (toll-free). E-mail, [email protected]. SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION ONE HUNDRED TENTH CONGRESS FIRST SESSION DANIEL K. INOUYE, Hawaii, Chairman JOHN D. ROCKEFELLER IV, West TED STEVENS, Alaska, Vice Chairman Virginia JOHN McCAIN, Arizona JOHN F. KERRY, Massachusetts TRENT LOTT, Mississippi BYRON L. DORGAN, North Dakota KAY BAILEY HUTCHISON, Texas BARBARA BOXER, California OLYMPIA J. SNOWE, Maine BILL NELSON, Florida GORDON H. SMITH, Oregon MARIA CANTWELL, Washington JOHN ENSIGN, Nevada FRANK R. LAUTENBERG, New Jersey JOHN E. SUNUNU, New Hampshire MARK PRYOR, Arkansas JIM DeMINT, South Carolina THOMAS R. CARPER, Delaware DAVID VITTER, Louisiana CLAIRE McCASKILL, Missouri JOHN THUNE, South Dakota AMY KLOBUCHAR, Minnesota Margaret L. Cummisky, Democratic Staff Director and Chief Counsel Lila Harper Helms, Democratic Deputy Staff Director and Policy Director Christine D. Kurth, Republican Staff Director and General Counsel Paul Nagle, Republican Chief Counsel C O N T E N T S ---------- Page Hearing held on October 16, 2007................................. 1 Statement of Senator Dorgan...................................... 1 Statement of Senator Klobuchar................................... 35 Statement of Senator Lautenberg.................................. 40 Statement of Senator Lott........................................ 48 Prepared statement........................................... 48 Statement of Senator McCaskill................................... 32 Statement of Senator Rockefeller................................. 41 Statement of Senator Smith....................................... 2 Statement of Senator Snowe....................................... 33 Statement of Senator Stevens..................................... 43 Prepared statement........................................... 1 Statement of Senator Thune....................................... 37 Witnesses Berrick, Cathleen A., Director, Homeland Security and Justice Issues, U.S. Government Accountability Office (GAO)............ 13 Prepared statement........................................... 14 Hawley, Hon. Edmund S. ``Kip'', Assistant Secretary, Transportation Security Administration, U.S. Department of Homeland Security.............................................. 3 Prepared statement........................................... 4 Appendix Letter, dated October 26, 2007, from Marshall S. Filler, Managing Director and General Counsel, Aeronautical Repair Station Association to Hon. Daniel K. Inouye and Hon. Ted Stevens.......................... 51 Response to written questions submitted to Hon. Edmund S. ``Kip'' Hawley by: Hon. Daniel K. Inouye........................................ 53 Hon. Frank R. Lautenberg..................................... 60 Hon. Trent Lott.............................................. 64 Hon. Ted Stevens............................................. 60 OVERSIGHT OF THE TRANSPORTATION SECURITY ADMINISTRATION (TSA): EXAMINING THE TSA'S EFFORTS AND PROGRESS ON H.R. 1, IMPLEMENTING RECOMMENDATIONS OF THE 9/11 COMMISSION ACT OF 2007 ---------- TUESDAY, OCTOBER 16, 2007 U.S. Senate, Committee on Commerce, Science, and Transportation, Washington, DC. The Committee met, pursuant to notice, at 10:09 a.m. in room SR-253, Russell Senate Office Building, Hon. Byron L. Dorgan, presiding. OPENING STATEMENT OF HON. BYRON L. DORGAN, U.S. SENATOR FROM NORTH DAKOTA Senator Dorgan. I call the hearing to order this morning. Senator Inouye is unable to be with us. Senator Stevens will be here in about 10 minutes. I'm Senator Dorgan. I'm joined by Senator Smith, from Oregon. We will begin the hearing. We very much appreciate the witnesses being present. This is a full committee hearing of the Senate Commerce Committee, an oversight hearing on the Transportation Security Administration, examining TSA's efforts and progress on H.R. 1, Implementing Recommendations of the 9/11 Commission Act of 2007. We have with us today the Honorable Edmund ``Kip'' Hawley, Assistant Secretary for Homeland Security, and Ms. Cathleen Berrick, the Director of Homeland Security and Justice Issues in the GAO. We appreciate your attendance and your work, and we will proceed by asking Mr. Hawley to present testimony, and then we will hear from the GAO. Let me ask whether we have any members that wish to make any brief opening comments. I will put Senator Stevens' statement in the record. Otherwise, we'll go to the witnesses. [The prepared statement of Senator Stevens follows:] Prepared Statement of Hon. Ted Stevens, U.S. Senator from Alaska The 9/11 bill included a number of significant transportation security provisions in the surface sector modes as well as in aviation, which has been TSA's primary area of focus. Anchorage International Airport continues to be the number one cargo airport in the U.S. based on cargo landed weight and the third largest by cargo landed weight worldwide. In addition to our all cargo operations, the airport is also a major transfer point for passenger air cargo. The improved screening of passenger air cargo will provide a higher level of safety and security to my constituents. However, Alaska's economy will be severely impacted if the cargo screening provision in the 9/11 bill is not instituted in a manner that safeguards the flow of commerce. I encourage TSA to work diligently and quickly to attain 100 percent screening of air cargo, within the bicameral agreed-upon benchmarks that were set within the 9/11 bill. It is essential TSA maximize the screening of cargo on commercial personal aircraft without causing negative repercussions on the flow of commerce. Senator Smith. I have one, Mr. Chairman. Senator Dorgan. Senator Smith? STATEMENT OF HON. GORDON H. SMITH, U.S. SENATOR FROM OREGON Senator Smith. I want to thank our witnesses for being here. It's been more than 6 years since the horrific morning of 9/11. On that day, we all woke up to the fact that there are people in the world who want to do us harm. While we have made notable progress in the last 6 years toward securing our transportation systems, there is still a great deal of work, obviously, to be done. Recently, the GAO released a report detailing the progress of the Department of Homeland Security in implementing its mission and management responsibilities. The report found, among other things, that, in the area of aviation and surface transportation security, moderate progress has been made, while there has been substantial progress in securing the maritime environment. The 9/11 Commission bill, that was signed into law this past summer, and the SAFE Port Act, that was enacted last year, contained a number of mandates aimed at further strengthening the security of our transportation system. I look forward to hearing from our administrator, Assistant Secretary Hawley, on his plans for implementing the portions of the 9/11 Commission bill and the SAFE Port Act that fall to his agency to carry out. I also look forward to hearing his plans to address some of the issues raised by GAO in its progress report. So, thank you, Mr. Chairman. Senator Dorgan. Senator Smith, thank you very much. Let me just make a point on behalf of our Chairman and other Members as well that there's an urgency to this issue. Transportation security is very, very important. We know from our last published National Intelligence Estimate, the leadership of al Qaeda continues to plot additional attacks against our homeland. In fact, the NIE says the most significant threat to our country is al Qaeda and its leadership. They are reconstituted, they are recreating terrorist camps and plotting attacks against our homeland. It seems to me the obligation for all of us is not to try to figure out how to respond to attacks, but, rather, how to prevent attacks, and that's why there's an urgency about this issue of transportation security. We have passed a number of pieces of legislation, as my colleague, Senator Smith, indicated. There is, uneven progress on some of these issues. In some cases, the money has been spent with not as much progress as we would hope; in other cases, there has been some significant strengthening and progress in these issues of transportation security. So, your willingness to come, Secretary Hawley, and describe from your perspective what has happened is something we welcome. And, Ms. Berrick, we appreciate, as always, the work of the Government Accountability Office, and we are anxious to receive your testimony, as well. So, with that, Secretary Hawley, why don't you proceed. Your entire statement will be made a part of the permanent record, and you may summarize. STATEMENT OF HON. EDMUND S. ``KIP'' HAWLEY, ASSISTANT SECRETARY, TRANSPORTATION SECURITY ADMINISTRATION, U.S. DEPARTMENT OF HOMELAND SECURITY Mr. Hawley. Thank you, Chairman Dorgan. Good morning, Senator Smith, Senator McCaskill. I am pleased to be here this morning to talk about TSA's efforts to implement provisions under the new law implementing recommendations of the 9/11 Commission Act of 2007. I'm also pleased to join Cathy Berrick, of the GAO, on the panel this morning. First, I'd like to thank this Committee for its continued support for TSA's mission and for your leadership in writing the 9/11 implementation bill. I particularly appreciate this Committee's detailed understanding of TSA's operational needs and the Committee's focus on practical solutions to complex problems. The challenges of implementing all the provisions of the 9/ 11 Act are formidable, but TSA is committed to achieve the objectives of this Committee, the Congress, and the 9/11 Commission. With all that we have to do, as Senator Dorgan said in his introductory remarks, we must keep our focus on the highest-priority items, priorities informed and driven by the current threat information. Since last June, we have witnessed disrupted attacks in London, Denmark, and Germany, as well as a completed attack on Glasgow's airport in Scotland. There is no reason to think that we are exempt from that kind of attack planning. The National Intelligence Estimate, as Senator Dorgan mentioned, indicates that, over the next 3 years, the threat will continue, with terrorists attempting transportation sector attacks on a grand scale. We know their focus is on using items easily available in grocery- and hardware-store shelves. That means we cannot rely on a checklist mentality, searching bags for a static list of specific prohibited objects or becoming stuck in a predictable, and therefore vulnerable, routine. We must use security measures that are unpredictable, agile, and adaptable, that put us one step ahead of evolving threats. As I've said in previous meetings with this committee, TSA has added layers of security and additional technology to our airport operations. We have continued to provide more training and real-threat testing to our front-line officers. Federal air marshals move invisibly to protect Americans wherever they fly around the globe. And VIPR teams deploy every week, including this one, somewhere in the United States, to support State and local security efforts everywhere in transportation. That is our focus every day. It is on that base of daily operations that we address the new requirements from the 9/11 legislation. In prior hearings, we've discussed TWIC and Secure Flight. We have discussed the challenges and opportunities of both programs. After a great deal of work to strengthen the foundations and build privacy protections into both programs, I am pleased to report that TWIC and Secure Flight are back on track and moving forward. When I appeared before this committee in April, I said the TWIC card was on its way. Today, TWIC is up and running. Over the next 5 years, approximately a million individuals will use a TWIC card, interoperable at 3,200 facilities and 10,000 vessels. Enrollments for TWIC are underway, as we speak, in Delaware this morning. Already, we've had more than 1,000 pre- enrollments online, and the pace will accelerate across the ports through the end of calendar year 2007 and continue at full speed through 2008. When I spoke to you last January, we had a very direct conversation about Secure Flight. I promised that we would complete the rebaselining of the program, build in privacy protections, and publish the rule. We have done those things, and we are ready to go. The rule for Secure Flight has been published, and, after a public hearing in September that was available live on the Internet, the comment period is open now. It closes next week, and we expect to get the final rule out in spring of 2008. Should the Congress choose to fully fund the program in Fiscal Year 2008, we can begin testing in 2008. I am mindful that, despite the progress that TSA has made across the board, that there is still much to do, and I look forward to our work together to further strengthen security throughout our transportation network. Thank you for the opportunity to appear. I would be happy to answer questions. Thank you. [The prepared statement of Mr. Hawley follows:] Prepared Statement of Hon. Edmund S. ``Kip'' Hawley, Assistant Secretary, Transportation Security Administration, U.S. Department of Homeland Security Good morning, Chairman Inouye, Vice Chairman Stevens, and distinguished Members of the Committee. I am pleased to speak with you this morning to discuss the state of transportation security and the Transportation Security Administration's (TSA) efforts to begin implementation of the important bill that you just passed--the Implementing Recommendations of the 9/11 Commission Act of 2007, Pub. L. 110-53, (9/11 Act). First, I would like to thank this Committee for the continued support you have given TSA since its inception and to the Committee staff for its professionalism and the hard work and cooperative spirit they displayed in working with the Department of Homeland Security (Department) and TSA to finalize the provisions of the 9/11 Act. TSA appreciates that the 9/11 Act includes many provisions which we sought as tools to provide better transportation security to the United States. In particular, we are pleased that based on this Committee's leadership, the 9/11 Act gives us the flexibility to craft a robust air cargo security system that will provide security and an unimpeded flow of commerce. We also appreciate that the 9/11 Act recognizes and supports the expansive training that we are providing to our Transportation Security Officer (TSO) workforce to move our security outward from the static checkpoint. We very much needed authority to establish an administrative process for civil enforcement of surface transportation regulations and orders and you gave us that authority. Additionally, you emphatically recognized the importance of our integrated Visible Intermodal Prevention and Response teams (VIPR), which provide a mobile surge of TSA resources in all modes of transportation. It is also important to understand the challenge that the 9/11 Act places on TSA and our resources. Fully half of the many tasks required of the Department by the 9/11 Act fall on TSA's shoulders. They affect all aspects of transportation security, including strategic planning, aviation security, rail security, security of public transit facilities, pipelines, over-the-road buses, and trucking security. TSA has a big task in continuing the implementation of the 9/11 Act and in working with the many stakeholders in the transportation sector to assure the level of security that Congress and the 9/11 Commission envisioned. TSA will now need to integrate the many mandates in the 9/ 11 Act into our current priorities and resources to enable key initiatives to progress without delay while not losing focus on our threat-based operations. The current restriction on funding presents an immediate challenge for TSA's efforts to implement certain requirements of the 9/11 Act. As you know, we are operating under a Continuing Resolution (CR). The CR presents additional financial challenges to TSA as we are limited in our spending to a prescribed formula based on our Fiscal Year (FY) 2007 appropriations, and we are prohibited from initiating new programs or projects that were not funded in Fiscal Year (FY) 2007. Placed in the context of implementing the 9/11 Act, this situation creates particularly difficult challenges. Additionally, many of the rulemaking requirements mandated in the 9/11 Act do not adequately recognize the obligations that TSA must give the many stakeholders affected by proposed regulations and the general public an opportunity to be heard throughout the development process. These requirements are time consuming but are time well spent to assure that our regulations achieve their objective in a way that is transparent to stakeholders and the public and does not adversely affect travel and commerce. TSA is actively working to implement the 9/11 Act and we are assessing what resources are needed to continue the implementation. We are working with our partners in the Department and other Federal agencies toward those goals that require close cooperation to implement inter-Departmental and inter-agency requirements. Ongoing Threat Before I discuss in greater detail the current and future efforts of TSA to secure our Nation's transportation systems and fulfill the requirements of the 9/11 Act, I believe it is important for me to explain the context in which TSA operates and the direction TSA is going to anticipate threats to transportation. The effort to ensure the security of the transportation system remains as important now as it ever has been in the past 6 years. The National Intelligence Estimate on threats to the U.S. Homeland issued in July 2007 confirmed publicly that the terrorist threat is real. This threat is persistent and evolving. Terrorists maintain an undiminished intent to attack the Homeland and show a continued effort to adapt and improve their capabilities. They are innovative in overcoming security obstacles. They are training to use improvised explosive devices (IED). Terror groups continue to focus on prominent infrastructure targets with the goal of producing mass casualties. We know they are working to defeat us, and we must remain vigilant. Keeping Ahead of Terrorists TSA's security strategy is based on flexible, mobile, and unpredictable methods. To counter the evolving threat and adaptive capabilities of terrorists, we are staying ahead by rethinking the entire screening process and changing the legacy systems that originated in the 1970s. We are going on the offense to address current threats. We are being proactive in an effort to stay ahead of the threats. We, therefore, rely heavily upon intelligence. Intelligence and information sharing are at the core of our overall transportation security strategy. Building on the efforts of our partners in the Intelligence Community (IC), we use intelligence and analysis to prioritize our security activities. We begin each day with briefings on the latest intelligence from the IC, and that information drives our decisionmaking process both operationally and strategically. In addition, we share intelligence as appropriate with our front-line employees and stakeholders, enabling them to make informed security decisions. Sharing intelligence information with our stakeholders in surface transportation is especially important as they are primarily responsible for providing the direct staff and resources to secure their respective transportation systems. Providing intelligence to these stakeholders enables us to partner with them through our security grant programs to apply resources in the most effective way possible. We recognize that we cannot protect every person or all property against every possible threat to the system. Given the nature of the threats to aviation, we must manage risk consistent with what we understand of the threats, vulnerabilities, and consequences. We will prioritize our resources to protect against the high-threat, high- consequence events. Aviation Security The discussion of aviation security almost always starts at the familiar TSA security checkpoint. For the two million travelers a day who fly, that is TSA to them. However, TSA looks at the checkpoint as but a piece--an important piece--of a much larger picture. Therefore, before discussing checkpoint issues, I would like to point out that TSA looks at the entire transportation network in evaluating risk, including threat information. A large part of TSA's work involves working closely on a daily basis with the intelligence and law enforcement communities and our global partners to try to stay ahead of the current threat. We have to be strong at the checkpoint, but also many other places--including the back, front, and sides of the airport. Risk-based security means that we take the whole picture into account and implement selective and unpredictable security measures. We must first deny the terrorist a stationary target where a planner can take the time to map an attack with high odds of success. Nothing can be uncovered, but likewise, we cannot fool ourselves into thinking that fixed, robust security is impenetrable. Our security needs to play offense, not just defense. TSA is focusing beyond the physical checkpoint--to push our borders out, so to speak--to look more at people and to identify those with hostile intent or those conducting surveillance even if they are not carrying a prohibited item. By spreading our layers of security throughout the airport environment and elsewhere, we have multiple opportunities to detect terrorists and leverage the capabilities of our workforce, our partners, and our technology. Travel Document Checking We are placing specially trained TSOs at the front of the checkpoint to review travel documents to find fraudulent identification (IDs) and also to look at behavior. The 9/11 Commission recognized that travel documents are akin to weapons for terrorists. We will make it harder for dangerous people to use fraudulent documents and IDs by raising the standard of inspection and providing additional equipment for our TSOs to perform this function. We ask this Committee to fully support the President's budget for this program so that TSA can make a seamless transition from the airlines and continue the program with as little disruption as possible to the flow of passenger screening. Behavior Observation We continue to expand the Screening Passengers by Observation Techniques (SPOT) program, which utilizes non-intrusive behavior observation and analysis techniques to identify potentially high-risk passengers. Individuals exhibiting specific observable behaviors may be referred for additional screening at the checkpoint that may include handwanding, pat down, or physical inspection of their carry-on baggage. SPOT adds an element of unpredictability to the security screening process that is easy for passengers to navigate but difficult for terrorists to manipulate. It serves as an important additional layer of security in the airport environment, requires no additional specialized screening equipment, can easily be deployed to other modes of transportation, and presents yet one more challenge for terrorists attempting to defeat our security system. The SPOT program has already added great value to our overall security system. For example, a Behavior Detection Officer recently identified an individual at a ticket counter carrying a loaded gun and more than 30 rounds of ammunition. Aviation Direct Access Screening Program We continue to expand the Aviation Direct Access Screening Program--deploying TSOs and Transportation Security Inspectors (TSIs) to locations throughout airports to screen airport employees, their accessible property, and vehicles entering a direct access point to secured areas of airports. The random screening at unexpected locations is a valuable measure to increase the protection on the ``back side'' of airports. This random and unpredictable screening allows airport workers to perform their duties with minimal interruptions and keeps the aviation industry operating. TSA's approach is both practical and effective. Requiring 100 percent screening of all airport workers, even in a pilot program, is contrary to this philosophy; it unnecessarily diverts resources from higher risk operations without providing the improvements in security that we need. We would like to continue to work with the Committee to craft a pilot program that will test varying methods of improving an airport worker screening program that will offer better security. This strategy of active, nimble, flexible security depends on the quality of the people involved. TSA has had a major focus on improving security by improving the capabilities of its people. Better recruiting and hiring, better training, better incentive systems, career progression opportunity, more involvement in decisions effecting the workforce, and more recognition of the critical role played by our people--these efforts all have a positive effect on the security result TSA delivers. The success of all these programs in increasing the layers of security would not be possible without the incredible effort, professionalism, and dedication shown by TSA's workforce. Our highly trained and highly motivated workforce--TSOs, TSIs, Federal Air Marshals (FAMs), and other professionals--have proven to be a nimble, adaptable workforce that can quickly adjust to counter an emerging terrorist threat. In August of 2006, TSOs employed new standard operating procedures within hours to deal with the threat identified as part of the United Kingdom (UK) plot to blow up commercial aircraft with liquid explosives. TSA has rapidly deployed FAMs to international destinations to support its mission coverage based on new threats. We are constantly reviewing and adjusting our procedures and strategies to ensure our personnel are ahead of the next threat. TSA's workforce has met every challenge in the past 5 years and I am confident they will continue to do so. Workforce Safety Maintaining a healthy, able-bodied workforce is also critical to TSA's mission. We improved workplace safety through a series of aggressive initiatives, including nurse case managers, Optimization and Safety Teams, automated injury claims filing process, involvement of the National Advisory Council in planning and implementing the Safety Week Campaign and other aspects of the Safety Program, deployment of contract safety specialists to support TSA field operations, and speedy investigations to correct safety problems. Through these programs, TSA has reduced the rate for employees losing time from duty due to injury by almost half from 11.56 per 100 employees in FY 2005 to 6.75 for the 3rd quarter of FY 2007. New Technology We are also adding significant new technology. A lesson from 9/11 is that we must be proactive--we must anticipate threats that continue to grow in sophistication and complexity. This effort includes leveraging the skills of our TSOs with new technology. This next generation of technology will assist our TSOs in separating friend from foe, increasing efficiency, and helping minimize the impact to travelers and businesses:Advanced Technology (AT) X-ray. We will begin deploying AT X-ray equipment for carry-on baggage. It provides TSOs with a better capability to identify and detect threats through improved imagery and analysis tools. Checkpoint Automated Carry-On Explosives Detection Systems (Auto-EDS). We are exploring Auto-EDS for inspecting carry-on items. Auto-EDS may provide additional detection and automation opportunities. Whole Body Imagers. We are pilot testing whole body imagers, such as the backscatter and millimeter wave technologies, to quickly and safely screen passengers for prohibited items without the need for physical contact on a voluntary basis. Cast and Prosthesis Scanner. We are testing new cast and prosthesis scanners to provide a safe, dignified, and non- invasive way to identify potential threats and clear passengers wearing casts, braces, and prosthetic devices. Bottled Liquids Scanners. We have begun deploying liquids scanning devices at checkpoints, and are now using a hand-held liquids scanner for non-checkpoint screening locations. New Explosives Detection Systems. We are evaluating several new products that will greatly increase the speed of handling and screening checked baggage, particularly when integrated into an airport's baggage handling system, while reducing the size of the footprint of the baggage screening location. Improving Security By Improving the Security Experience Despite the critical need for enhanced security measures, such as the requirement to remove all shoes and the restrictions on liquids, gels, and aerosols, we know we need to improve the checkpoint screening process so it is less stressful for the traveling public. Working with our stakeholders, we are pursuing programs and processes that improve the security screening process. We are moving from the legacy approach of simply looking for weapons to a more fluid process focused on the goals of: (1) improving detection of explosives; and (2) developing the capability to evaluate travel documents as well as detect hostile intent or possible surveillance. Looking Ahead in Aviation Security Screening of Air Cargo As you know, the 9/11 Act requires the establishment of a system for industry to screen 100 percent of cargo transported on passenger aircraft within 3 years. As we proceed toward enabling industry to meet the cargo screening requirements, TSA will stress effective security management of the air cargo supply chain. This process will require substantial collaboration with stakeholders, specifically, U.S.-based shippers, freight forwarders, and passenger air carriers. This Committee was a leader in including key language in the bill that authorizes TSA to develop and implement a program that will enable shippers to screen cargo early in the supply chain using currently approved screening methods and meeting additional stringent facility and personnel security standards. This is a critical element in enabling the improved security for air cargo on passenger aircraft that Congress requires. I am grateful to the Committee for its recognition that better screening occurs when shipments are screened and secured at various points along the supply chain. Waiting until the freight is dropped at the airport, often in large pallets, to begin screening would result in less effective screening as well as defeat the whole purpose of the air cargo system that strives to provide expeditious delivery of goods from origin to destination. We are working closely with all stakeholders within the air cargo supply chain and our initial feedback has been very positive. The stakeholders clearly recognize the need to achieve our country's heightened security requirements while continuing the free flow of commerce upon which our economy relies. TSA will build upon our established programs: air cargo security regulations; Security Directives; the Known Shipper Management System; and increased use of TSA-certified explosives detection canine teams and Transportation Security Inspectors for Cargo. In addition, the $80 million dollars appropriated to TSA this year for air cargo security as part of the FY2007 Emergency Supplemental Appropriations Act (Pub. L. 110-28) will contribute to our increased efforts through the hiring of at least 150 additional cargo inspectors and expansion of the National Explosives Detection Canine Program by no fewer than 170 teams. Secure Flight TSA has taken a significant step toward implementing the recommendation of the 9/11 Commission and the requirement of the Intelligence Reform and Terrorism Prevention Act of 2004 to enhance the vetting of aviation passengers against terrorist watch lists. On August 23, 2007, TSA published a Notice of Proposed Rulemaking (NPRM) proposing implementation of the Secure Flight program. Secure Flight, if implemented as proposed, will bring the process of comparing passenger names against the watch list, now performed by aircraft operators, into the government, and will align domestic and international passenger pre-screening. By establishing a more consistent and effective watch list matching process, TSA will strengthen a key layer of security and enhance its ability to stop terrorists before they get to the passenger screening checkpoint. The program is designed to better focus enhanced passenger screening efforts on individuals likely to pose a threat to civil aviation, and to facilitate the secure and efficient travel of the vast majority of the traveling public by distinguishing them from individuals on the watch list. We have taken the time to build the Secure Flight program right, and we believe that the NPRM and associated Privacy Act System of Records Notice and Privacy Impact Assessment demonstrate that TSA has built a program with the operational requirements necessary to enhance aviation security while protecting the privacy and civil liberties of the traveling public. The Traveler Redress Inquiry Program (DHS TRIP) is available for passengers who feel they have been improperly delayed or prohibited from boarding an aircraft. Over the next few months, TSA intends to begin a testing period using data from aircraft operators that volunteer to participate. During testing, air carriers will continue conducting watch list checks for domestic flights, and TSA will compare the results of its watch list matching with air carrier results to ensure the validity of the Secure Flight system. It is therefore extremely critical that Congress provide the necessary funding for Secure Flight requested by the President in the FY 2008 budget. Without the necessary funding, the program will have to scale back benchmark testing with airlines, Secure Flight system to airline system testing, parallel operations with airlines, and the stand up of the Secure Flight Service Center or Secure Flight Operations Center. In short, the program would have a system with no ability to connect, communicate, or test with airlines for the purposes of implementation. Important contract awards would be postponed. From a schedule perspective, rollout of the Secure Flight program would be severely delayed. An immediate concern is the significant budget constraint imposed on the Secure Flight program due to the enactment of the current CR. The restrictions on funding under the CR will inhibit TSA's ability to implement this critical program to improve aviation security and fulfill a key recommendation of the 9/11 Commission. Now that we have demonstrated major progress on the Secure Flight program through the issuance of the NPRM and associated privacy documents, we need your support to fund this vital program. General Aviation TSA is working closely with the general aviation (GA) community to develop reasonable, feasible, and effective security for GA operations while ensuring that these measures support continued operations and increased growth of the industry. TSA is also working with aircraft operators and Fixed Base Operators directly to develop voluntary programs of verifying the identification of passengers on board aircraft and maintaining facility security in and around GA aircraft. TSA is working closely with our interagency partners to improve GA security. The U.S. Customs and Border Protection (CBP) recently issued a NPRM that will require GA operators to submit comprehensive manifest data about passengers, crew, and flight information electronically to CBP, as part of its Electronic Advance Passenger Information System (e- APIS), at least 60 minutes before the aircraft departs for the United States. Currently, we only receive very basic information from GA aircraft coming into the United States, such as who is and is not a U.S. citizen. That is not enough. Having this information an hour before departure will give CBP inspectors more time to fully pre-screen travelers and crews and take necessary actions to resolve threats. Surface Transportation Security As the security framework for transportation continues to grow, TSA is moving to apply many of the same tools to protect all modes of transportation. TSA is building information sharing networks in surface transportation. We work closely with stakeholders in these industries, putting an emphasis on sharing intelligence, capacity, and technology with that of other law enforcement, intelligence or other agencies at every level of government. When I appeared before this Committee in January, I explained TSA's comprehensive strategy that we are applying across all transportation networks, regardless of mode. Today, I want to focus on the last two elements of our strategy: closing gaps; and developing enhanced security systems. Program Improvements Freight Rail. Secretary Chertoff established the priority goal of achieving a 50 percent drop in the objectively measured risk posed by rail cars carrying toxic inhalation hazards (TIH) by the end of 2008. To achieve this goal, TSA is implementing a multi-layered security strategy which includes regulatory development, cooperative agreements, and comprehensive risk-based programs. On December 21, 2006, TSA published a proposed rule (NPRM) to strengthen the security of the Nation's freight rail systems in high threat urban areas (HTUA). The NPRM addressed shippers, carriers, and receivers of TIHs and other security-sensitive materials by rail. Proposed requirements include railcar location reporting within a specific time period and the establishment of a secure chain of custody in and through HTUAs. TSA also proposed requirements for designating rail security coordinators and suspicious incident reporting by rail mass transit, passenger rail, and all freight rail carriers. We intend to publish this final rule by the end of the year. Prior to publishing the NPRM, TSA separately reached an agreement with the rail carrier industry to reduce the standstill time of unattended TIH cars in HTUAs beginning in early 2007. To support this effort, TSA is developing a comprehensive database to identify highest priority risk reduction opportunities. Additionally, working in conjunction with TSA, the Nation's rail carriers are developing site- specific security plans focused on reducing the risk of TIH cars in HTUAs. In addition to reducing the risks to TIH in freight rail transportation, TSA is working with rail carriers to raise the baseline in security training. TSA is developing a training video that addresses inspection of TIH rail cars, emphasizing the recognition of IEDs, as well as general security awareness for rail employees. The video will be available by the end of the year. Passenger Transit Programs and Grants. TSA, in partnership with the Federal Emergency Management Agency and the Federal Transit Administration, leverages the Transit Security Grant Program funds to focus on reducing risk and increasing security capabilities in State and local transit systems with the most risk. We are continuing research to expand our understanding of the vulnerabilities and the consequences of terrorist attacks on our critical infrastructure, applying the results as they are developed in immediate and phased mitigation strategies. We have partnered with the National Laboratories and affected passenger transit systems to complete assessments of the Nation's 29 underwater transit tunnels and produce priorities for risk mitigation. From the information gained, TSA developed action items intended to elevate security, harden targets, and mitigate risk using available resources and investment of grant funds. A recent change to the Transit Security Grant Program supports the ability of high-risk systems to field dedicated anti-terrorism teams through cooperative funding of operational packages. This initiative provides funding for the training and operations of teams specifically deployed to engage in visible and covert activities to detect, disrupt, and deter terrorist activities. TSA trains and certifies explosives detection canine teams to provide a mobile and flexible deterrence and detection capability to passenger transit systems. Since late 2005, TSA's National Explosive Detection Canine Team Program has partnered with passenger transit systems to deploy some 60 explosives detection canine teams to 14 major transit systems using a risk-based application of resources. More than 50 of these teams are currently in place, with the remaining force projected for training, certification, and deployment in the coming months. The Department has awarded roughly $18 billion to State and local governments for programs and equipment that help to manage risk. In passenger transit, the Transit Security Grant Program, which funded $275 million in FY 2007, is the centerpiece of the Department's interagency strategy to close gaps in operator security status and baseline standards. The Department allocates those grants to enhance capabilities in areas of weakness identified in the system security assessments under the BASE program, with particular emphasis on elevating security posture in six fundamental areas underpinning the broader transit security strategy. These priority areas are protection of underwater and underground infrastructure; protection of other high consequence systems and assets; expanded random, unpredictable security activities for deterrent and disruptive effect against terrorist planning and reconnaissance; security training of frontline employees; drills and exercises; and public outreach and awareness. Cooperative efforts through the Regional Transit Security Working Groups in higher risk areas secure agreement on risk-based priorities and security enhancement solutions advanced by targeted application of grant funds. Amtrak participates in these regional meetings. Additionally, TSA engages directly with Amtrak to reach agreement on risk-based priorities and the most effective use of grant funds for risk mitigation and security enhancement. An area security assessment indicated a need for a more focused effort on security training for transit agency employees. Although an extensive Federal security training program has been implemented since 9/11--including 17 security courses, more than 500 course presentations, and more than 78,000 transit employees trained--the assessment results indicate wide variations in the quality of transit agencies' security training programs and an inadequate level of refresher or follow-on training. Well-trained employees are a security force multiplier for security efforts implemented by transit agencies. To close the gap identified in the assessments, TSA produced a Mass Transit Security Training Program that assists agencies in developing and implementing more consistent training programs. The program aligns substantive training areas with specific types of employees, which in turn guides the development and execution of training programs. To support actual delivery of training courses, the Transit Security Grant Program offers a streamlined application process to fund the instruction and overtime costs incurred by substitutions for employees in training. This initiative significantly expands the volume and quality of training for transit employees during 2007. TSA anticipates maintaining this commitment in future years, as resources allow. The collective effort in passenger transit security aims to build security force multipliers in the rail and bus systems--the capabilities of law enforcement and frontline employees and the awareness of the traveling public--and to maximize regional collaboration for the employment of the full range of available resources in random, unpredictable applications for a deterrent effect. Highway. TSA is working on a number of strategies to close gaps in performance. We are currently considering a number of voluntary incentive programs and regulatory options. Prior to the enactment of the 9/11 Act, TSA was developing many programs and initiatives in collaboration with industry within the context of implementing the National Infrastructure Protection Plan, Transportation Systems Sector- Specific Plan (TSSP), Highway and Motor Carrier Modal Annex. These programs and initiatives include the following: Training: The School Transportation Security Awareness Program, Hazardous Materials (HAZMAT) Motor Carrier Security Self- Assessment Program, Federal Law Enforcement Training Center (FLETC) training course for commercial motor vehicle (CMV) enforcement officers and security specialists, and Operation Secure Transport Training Program for the over-the-road bus industry were developed. Standards/Guidelines: Security Standards are currently being developed in collaboration with industry for the HAZMAT Motor Carrier industry, the School Transportation Industry, the over- the-road bus industry, and the Highway Infrastructure sector. Information Sharing: The Highway and Motor Carrier sector Government Coordinating Council (GCC) and Sector Coordinating Council (SCC) have been developed and are actively meeting on a regular basis. In addition, the Homeland Security Information Network Highway portal, TSA Highway & Motor Carrier (HMC) Webpage, internal TSA Highway and Motor monthly newsletter for field personnel, and inclusion of security notes in industry trade periodicals have been developed. The Highway and Motor Carrier Industry Information and Analysis Center and Highway Watch programs are active and continually processing reports from highway operators and sharing information between industry and TSA. Domain Awareness: Corporate Security Reviews (CSRs) are conducted with organizations engaged in transportation by motor vehicle, as well as those that maintain or operate key physical assets within the highway transportation community, with a current focus on the transportation of HAZMAT transported by motor carriers. TSA is developing a pilot project for testing the feasibility of tracking trucks carrying HAZMAT. This practice will allow not only the continual tracking of truck locations, but also hazardous load types in all 50 states. The pilot includes the development of a set of protocols capable of interfacing with existing truck tracking systems, State and local government intelligence operations centers, and Federal law enforcement agencies, as well as first responders. The Integrated Intermodal Information System-Domestic Feasibility Study focused on the transportation of Extremely Hazardous Materials throughout the domestic transportation system. Plans and Exercises: The Highway and Motor Carrier GCC collaborated with the HMC SCC to create the Highway Infrastructure and Motor Carrier Modal Annex to the Transportation System Sector-Specific Plan. This document describes how the goals and objectives of the transportation sector will be achieved to protect the highway transportation system. Risk Management and Grants: The Highway Watch Program is a TSA grant initiative that is administered by the American Trucking Associations with an enrollment of nearly 500,000 driving professionals to observe, assess, and report incidents to the appropriate authorities that are potential terrorist activities, accidents, disabled vehicles, hazardous road conditions, or other highway incidents. In January 2006, TSA initiated a CSR pilot program with the State of Missouri Department of Transportation Motor Carriers Services Division (MoDOT). 44 MoDOT officers were trained to conduct over 2,700 CSRs during their safety audits on trucking companies and their equipment within Missouri. The HAZMAT Motor Carrier Security Self-Assessment Training program focuses on transportation security regulations and specific terrorist and criminal threats to the HAZMAT motor carrier industry. It conducts security assessments, produces security action items, and reports procedures for security related incidents. The HMC office is supporting the Intercity Bus Security Grant Program in assessing which over-the-road motorcoaches qualify for grants and how the grant funding can be used to enhance motorcoach security. Additionally, in partnership with the motorcoach industry, we developed training entitled ``Operation Secure Transport'', which is specifically geared toward passenger motor carrier operators. Pipeline. TSA initiated a number of programs to assist pipeline companies in their efforts to secure these vital systems. For example, through the CSR Program, we compiled the best security practices observed throughout the industry and established that pipeline companies adopt a minimum of 70 percent of TSA pipeline security guidelines. TSA partnered with our counterparts in Natural Resources Canada (NRCan) to hold an International Pipeline Security Forum. This event provided an opportunity for pipeline companies, industry associations, and government representatives to exchange security information and best practices. We continue to work with NRCan on cross border pipeline assessments in accordance with the Security and Prosperity Partnership agreement. Identifying a shortfall in security awareness training through the CSR results, TSA developed a compact disc-based training program. Over 300 U.S. pipeline companies, representing approximately 61,000 industry employees, have requested the CD and accompanying brochure. Enhanced Systems of Security The final part of our strategy is to enhance the systems of security. As we take actions to close gaps, we also need to improve security technology and practices that apply to multiple modes of transportation. Over this past summer we began to more broadly deploy VIPR teams in aviation and surface transportation facilities. Comprised of TSOs, TSIs, and FAMs, VIPR teams collaborate with local law enforcement agencies to intensify the visible presence of security personnel at various points throughout the transportation system. More than 100 VIPR deployments have been conducted at key commuter and regional passenger rail facilities, Amtrak stations, ferries, and airports. VIPR teams have proven that TSA and our stakeholders can greatly improve security by altering and enhancing security measures at transportation facilities. The Department is developing a number of screening techniques and technologies which may be implemented or deployed quickly to systems facing a specific threat, or in support of major events such as National Special Security Events. Pilot programs to test these technologies are already underway in several major American cities. Mitigation of risk to underwater and underground infrastructure is a top priority of the joint Department Science and Technology Directorate and TSA research and development effort. Collaborative efforts with particular systems as operational test beds advance development of anomaly detection and explosives trace detection; smart video surveillance; and integrated prevention and response actions by security and law enforcement personnel. As one example, through the Rail Security Pilot, the Department field tested the effectiveness of explosives detection techniques and imaging technologies in partnership with the Port Authority of New York and New Jersey. Finally, we maintain mobile security equipment, which can fit into two standard size shipping containers, for rapid deployment for use in screening and detection at any major system in the country, should the need arise. In addition to technologies that may apply primarily to passenger modes, TSA is working closely with a number of parties to develop advanced railcar tracking systems with geofenced event-notification capabilities. TSA is also cooperating in efforts to develop next generation hazardous materials rail cars designed to better withstand terrorist attacks and operating accidents. TSA is working with selected hazardous material carriers to test truck tracking and control technologies. We are also in the early stages of security technology applications to the pipeline industry. Two specific areas TSA is involved in are blast mitigation and unmanned aerial surveillance vehicles. In addition to our progress toward implementing the requirements of the 9/11 Act, I am pleased to report to this Committee the success of another milestone for TSA and the Department. Today, port workers, longshoremen, truckers, and others at the port of Wilmington, Delaware became the first workers in the Nation to begin enrollment in the DHS Transportation Worker Identification Credential (TWIC) program. This program will ensure that any individual with unescorted access to secure areas of port facilities and vessels received a thorough background check and is not a security threat. TWIC will be one of the world's most advanced, interoperable biometric credentialing programs and is powered by state-of-the-art technologies. I would like to thank our partners, the U.S. Coast Guard, and maritime stakeholders for their valuable input, for making the launching of the TWIC program a reality. Conclusion Although the threats and challenges to the security of transportation systems are numerous, so are the solutions and efforts of TSA to continue to successfully carry out our mission. We will continue to use our personnel, information, and technology in innovative ways to stay ahead of the evolving threats and facilitate passenger travel and the flow of commerce. Chairman Inouye, Vice Chairman Stevens, thank you again for the opportunity to testify today. I am happy to respond to the Committee's questions. Senator Dorgan. We're going to ask Ms. Berrick to present her testimony from the Government Accountability Office, at which point we will be able to ask questions of both witnesses. Ms. Berrick, thank you very much for being here, and you may proceed. STATEMENT OF CATHLEEN A. BERRICK, DIRECTOR, HOMELAND SECURITY AND JUSTICE ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE (GAO) Ms. Berrick. Thank you, Senator Dorgan, Vice Chairman Stevens, and Members of the Committee, for inviting me here to discuss GAO's work assessing TSA's progress in securing the transportation network. In August 2007, shortly after the Department of Homeland Security's 4-year anniversary, we reported on DHS's progress in satisfying its key mission and management functions, including securing aviation and surface modes of transportation. We based our assessment on over 400 reports and testimonies we've completed, assessing DHS's operations, and, by determining whether DHS generally achieved or generally did not achieve key performance expectations set out for them by Congress, the Administration, and the Department itself. Overall, we reported that TSA has made moderate progress in securing transportation systems. With respect to commercial aviation, we found that TSA generally achieved about 70 percent of the 24 performance expectations established for them. For example, TSA has made significant progress in hiring, deploying, training, and measuring the performance of its aviation security workforce. These efforts include the development of robust training programs for TSO's, including enhanced explosives detection training and standards for determining appropriate TSO staffing levels at airports. TSA also made significant progress in balancing security and efficiency in its checkpoint screening procedures and in deploying checked baggage screening equipment. However, we found that DHS and TSA have made less progress in securing airport perimeters and access to restricted areas, deploying technologies to detect explosives at checkpoints and to screen air cargo, and fielding a system to prescreen airline passengers against terrorist watch lists for domestic flights, although progress is being made in all of these areas. One of the most critical areas in which limited progress has been made is in the deployment of technologies at airport checkpoints to detect explosives on passengers and in their carry-on bags. Although DHS is developing and testing these technologies today, the Department reported that the extensive deployment of new technologies at the checkpoint will not be realized for another 2 years. Regarding the security of surface modes of transportation, we reported that TSA generally achieved about 60 percent of the performance expectations established for them, or three of five expectations, but their efforts, especially related to commercial vehicles and highway infrastructure, are still relatively in the early stages. In terms of progress, DHS and TSA have developed an approach for securing surface transportation modes through a strategy, have conducted risk assessments of related assets, and they have administered grant programs; however, TSA has not determined whether it will issue standards for securing all surface transportation modes, and is still defining what its regulatory and oversight role will be for these modes. We also found that, although TSA has made progress in conducting compliance inspections of some systems, inspectors' roles and missions have not yet been fully defined. We also reported that a variety of cross-cutting issues have affected DHS's and TSA's efforts in implementing its mission and management functions. These include developing results-oriented goals and measures to assess performance, developing and integrating a risk-based approach to guide investment decisions, and establishing effective frameworks and mechanisms for sharing information and coordinating with stakeholders. It will be important for the entire Department to continue to address these issues as it moves forward. In closing, TSA has made considerable progress in securing the transportation network, especially related to commercial aviation, and its efforts should be commended. However, the agency still has work to do in some key areas, most especially related to the deployment of technologies to screen for explosives at checkpoints and in air cargo and more fully defining its regulatory role in security for surface transportation modes. We are currently reviewing many of these key areas, and will continue to report to this committee and others on the results of our work. This concludes my opening statement. I would be pleased to respond to any questions. [The prepared statement of Ms. Berrick follows:] Prepared Statement of Cathleen A. Berrick, Director, Homeland Security and Justice Issues, U.S. Government Accountability Office (GAO) Mr. Chairman and Members of the Committee: I appreciate the opportunity to participate in today's hearing to discuss the Department of Homeland Security's (DHS) progress and challenges in securing our Nation's transportation systems. The Transportation Security Administration (TSA), originally established as an agency within the Department of Transportation in 2001 but now a component within DHS, is charged with securing the transportation network while also ensuring the free movement of people and commerce. TSA has primary responsibility for security in all modes of transportation and since its inception has developed and implemented a variety of programs and procedures to secure commercial aviation and surface modes of transportation, including passenger and freight rail, mass transit, highways, commercial vehicles, and pipelines. Other DHS components, Federal agencies, state and local governments, and the private sector also play a role in transportation security. For example, with respect to commercial aviation, the U.S. Customs and Border Protection (CBP) has responsibility for conducting passenger prescreening--in general, the matching of passenger information against terrorist watch lists prior to an aircraft's departure--for international flights operating to or from the United States, as well as inspecting inbound air cargo upon its arrival in the United States. In addition, responsibility for securing rail and other surface modes of transportation is shared among Federal, state, and local governments and the private sector. My testimony today will focus on: (1) the progress TSA, and other DHS components have made in securing the Nation's aviation and surface transportation systems, and (2) challenges which have impeded DHS's (and, as they relate to transportation security, TSA) efforts to implement its mission and management functions. My comments are based on issued GAO reports and testimonies addressing the security of the Nation's aviation and surface transportation systems, including an August 2007 report that highlights the progress DHS has made in implementing its mission and management functions.\1\ In this report, we reviewed the extent to which DHS has taken actions to achieve performance expectations in each of its mission and management areas that we identified from legislation, Homeland Security Presidential Directives, and DHS strategic planning documents. Based primarily on our past work, we made a determination regarding whether DHS generally achieved or generally did not achieve the key elements of each performance expectation. An assessment of ``generally achieved'' indicates that DHS has taken sufficient actions to satisfy most elements of the expectation; however, an assessment of ``generally achieved'' does not signify that no further action is required of DHS or that functions covered by the expectation cannot be further improved or enhanced. Conversely, an assessment of ``generally not achieved'' indicates that DHS has not yet taken actions to satisfy most elements of the performance expectation. In determining the department's overall level of progress in achieving performance expectations in each of its mission and management areas, we concluded whether the department had made limited, modest, moderate, or substantial progress.\2\ These assessments of progress do not reflect, nor are they intended to reflect, the extent to which actions by DHS and its components have made the Nation more secure. We conducted our work in accordance with generally accepted government auditing standards. Summary Within DHS, TSA is the agency with primary responsibility for securing the transportation sector and has undertaken a number of initiatives to strengthen the security of the Nation's commercial aviation and surface transportation systems. In large part, these efforts have been driven by legislative mandates designed to strengthen the security of commercial aviation following the September 11, 2001, terrorist attacks. In August 2007, we reported that DHS had made moderate progress in securing the aviation and surface transportation networks, but that more work remains.\3\ Specifically, of the 24 performance expectations we identified for DHS in the area of aviation security, we reported that it has generally achieved 17 of these expectations and has generally not achieved 7 expectations. With regard to the security of surface modes of transportation, we reported that DHS generally achieved three performance expectations and has generally not achieved two others. DHS, primarily through TSA, has made progress in many areas related to securing commercial aviation and surface modes of transportation, and their efforts should be commended. Meeting statutory mandates to screen airline passengers and 100 percent of checked baggage alone was a tremendous challenge. To do this, TSA initially hired and deployed a Federal workforce of over 50,000 passenger and checked baggage screeners, and installed equipment at the Nation's more than 400 commercial airports to provide the capability to screen all checked baggage using explosive detection systems, as mandated by law. TSA has since turned its attention to, among other things, strengthening passenger prescreening--in general, the matching of passenger information against terrorist watch lists prior to an aircraft's departure; more efficiently allocating, deploying, and managing the transportation security officer (TSO)--formerly known as screener-- workforce; strengthening screening procedures; developing and deploying more effective and efficient screening technologies; and improving domestic air cargo security. In addition to TSA, CBP has also taken steps to strengthen passenger prescreening for passengers on international flights operating to or from the United States, as well as inspecting inbound air cargo upon its arrival in the United States. DHS's Science and Technology (S&T) Directorate has also taken actions to research and develop aviation security technologies. With regard to surface transportation modes, TSA has taken steps to develop a strategic approach for securing mass transit, passenger and freight rail, commercial vehicles, highways, and pipelines; establish security standards for certain transportation modes; and conduct threat, criticality, and vulnerability assessments of surface transportation assets, particularly passenger and freight rail. TSA also hired and deployed compliance inspectors and conducted inspections of passenger and freight rail systems. DHS also developed and administered grant programs for various surface transportation modes. While these efforts have helped to strengthen the security of the transportation network, DHS still faces a number of key challenges that need to be addressed to meet expectations set out for them by Congress, the Administration, and the Department itself. For example, regarding commercial aviation, TSA has faced challenges in developing and implementing its passenger prescreening system, known as Secure Flight, and has not yet completed development efforts. As planned, this program would initially assume from air carriers the responsibility for matching information on airline passengers traveling domestically against terrorists watch lists. In addition, while TSA has taken actions to enhance perimeter security at airports, these actions may not be sufficient to provide for effective security. TSA has also begun efforts to evaluate the effectiveness of security-related technologies, such as biometric identification systems. However, TSA has not developed a plan for implementing such new technologies to meet the security needs of individual airports and the commercial airport system as a whole. Further, TSA has not yet deployed checkpoint technologies to address key existing vulnerabilities, and has not yet developed and implemented technologies needed to screen air cargo. With regard to surface transportation security, while TSA has initiated efforts to develop security standards for surface transportation modes, these efforts have been limited to passenger and freight rail, and have not addressed commercial vehicle or highway infrastructure, including bridges and tunnels. TSA has yet to provide a rationale or explanation for why standards may not be needed for these modes. Moreover, although TSA has made progress in conducting compliance inspections of some surface transportation systems, inspectors' roles and missions have not been fully defined. A variety of cross-cutting issues have affected DHS's and, as they relate to transportation security, TSA's efforts in implementing its mission and management functions. These key issues include agency transformation, strategic planning and results management, risk management, information sharing, and stakeholder coordination. In working toward transforming the department into an effective and efficient organization, DHS and its components have not always been transparent which has affected our ability to perform our oversight responsibilities in a timely manner. They have also not always implemented effective strategic planning efforts, fully developed performance measures, or put into place structures to help ensure that they are managing for results. In addition, DHS and its components can more fully adopt and apply a risk management approach in implementing its security mission and core management functions.\4\ They could also better share information with Federal agencies, state and local governments and private sector entities, and more fully coordinate their activities with key stakeholders. Background The Aviation and Transportation Security Act (ATSA), enacted in November 2001, created TSA and gave it responsibility for securing all modes of transportation.\5\ TSA's aviation security mission includes strengthening the security of airport perimeters and restricted airport areas; hiring and training a screening workforce; prescreening passengers against terrorist watch lists; and screening passengers, baggage, and cargo at the over 400 commercial airports nation-wide, among other responsibilities. While TSA has operational responsibility for physically screening passengers and their baggage, TSA exercises regulatory, or oversight, responsibility for the security of airports and air cargo. Specifically, airports, air carriers, and other entities are required to implement security measures in accordance with TSA- issued security requirements, against which TSA evaluates their compliance efforts. TSA also oversees air carriers' efforts to prescreen passengers--in general, the matching of passenger information against terrorist watch lists prior to an aircraft's departure--and plans to take over operational responsibility for this function with the implementation of its Secure Flight program initially for passengers traveling domestically. CBP also has responsibility for prescreening airline passengers on international flights departing from and bound for the United States,\6\ while DHS's Science and Technology Directorate is responsible for researching and developing technologies to secure the transportation sector. TSA shares responsibility for securing surface transportation modes with Federal, state, and local governments and the private sector. TSA's security mission includes establishing security standards and conducting assessments and inspections of surface transportation modes, including passenger and freight rail; mass transit; highways and commercial vehicles; and pipelines. The Federal Emergency Management Agency's Grant Programs Directorate provides grant funding to surface transportation operators and state and local governments, and in conjunction with certain grants the National Protection and Programs Directorate conducts risk assessments of surface transportation facilities. Within the Department of Transportation (DOT), the Federal Transit Administration (FTA) and Federal Railroad Administration (FRA) have responsibilities for establishing standards for passenger rail safety and security. In addition, public and private sector transportation operators are responsible for implementing security measures for their systems. For example, the primary responsibility for securing passenger rail systems rests with the passenger rail operators. Passenger rail operators, which can be public or private entities, are responsible for administering and managing passenger rail activities and services, including security. DHS Has Made Progress in Securing the Nation's Aviation and Surface Transportation Systems, but More Work Remains DHS, primarily through the efforts of TSA, has undertaken numerous initiatives to strengthen the security of the Nation's aviation and surface transportation systems. In large part, these efforts have been guided by legislative mandates designed to strengthen the security of commercial aviation following the September 11, 2001 terrorist attacks. These efforts have also been affected by events external to the department, including the alleged August 2006 terrorist plot to blow up commercial aircraft bound from London to the United States, and the 2004 Madrid and 2005 London train bombings. While progress has been made in many areas with respect to securing the transportation network, we found that the department can strengthen its efforts in some key areas outlined by the Congress, the Administration, and the department itself. Specifically, regarding commercial aviation, we reported that DHS has generally achieved 17 performance expectations in this area, and has generally not achieved 7 expectations. Regarding the security of surface transportation modes, we reported that DHS has generally achieved three performance expectations and has generally not achieved two others. We identified these performance expectations through reviews of key legislation, Homeland Security Presidential Directives, and DHS strategic planning documents. Aviation Security Since its inception, TSA has focused much of its efforts on aviation security and has developed and implemented a variety of programs and procedures to secure commercial aviation. For example, TSA has undertaken efforts to hire, train and deploy a screening workforce; and screen passengers, baggage, and cargo. Although TSA has taken important actions to strengthen aviation security, the agency has faced difficulties in implementing an advanced, government-run passenger prescreening program for domestic flights, and in developing and implementing technology to screen passengers at security checkpoints and cargo placed on aircraft, among other areas. As shown in table 1, we identified 24 performance expectations for DHS in the area of aviation security, and found that overall, DHS has made moderate progress in meeting these expectations. Specifically, we found that DHS has generally achieved 17 performance expectations and has generally not achieved 7 performance expectations. ---------------------------------------------------------------------------------------------------------------- Table 1.--Performance Expectations and Progress Made in Aviation Security ---------------------------------------------------------------------------------------------------------------- Assessment ----------------------------------------------------- Performance expectation Generally Generally not No assessment achieved achieved made ---------------------------------------------------------------------------------------------------------------- Aviation security strategic approach ---------------------------------------------------------------------------------------------------------------- Implement a strategic approach for aviation security 3 functions ---------------------------------------------------------------------------------------------------------------- Airport perimeter security and access controls ---------------------------------------------------------------------------------------------------------------- Establish standards and procedures for effective airport 3 perimeter security ---------------------------------------------------------------------------------------------------------------- Establish standards and procedures to effectively control 3 access to airport secured areas ---------------------------------------------------------------------------------------------------------------- Establish procedures for implementing biometric identifier 3 systems for airport secured areas access control ---------------------------------------------------------------------------------------------------------------- Ensure the screening of airport employees against 3 terrorist watch lists ---------------------------------------------------------------------------------------------------------------- Aviation security workforce ---------------------------------------------------------------------------------------------------------------- Hire and deploy a federal screening workforce 3 ---------------------------------------------------------------------------------------------------------------- Develop standards for determining aviation security 3 staffing at airports ---------------------------------------------------------------------------------------------------------------- Establish standards for training and testing the 3 performance of airport screener staff ---------------------------------------------------------------------------------------------------------------- Establish a program and requirements to allow eligible 3 airports to use a private screening workforce ---------------------------------------------------------------------------------------------------------------- Train and deploy federal air marshals on high-risk flights 3 ---------------------------------------------------------------------------------------------------------------- Establish standards for training flight and cabin crews 3 ---------------------------------------------------------------------------------------------------------------- Establish a program to allow authorized flight deck 3 officers to use firearms to defend against any terrorist or criminal acts ---------------------------------------------------------------------------------------------------------------- Passenger prescreening ---------------------------------------------------------------------------------------------------------------- Establish policies and procedures to ensure that 3 individuals known to pose, or suspected of posing, a risk or threat to security are identified and subjected to appropriate action ---------------------------------------------------------------------------------------------------------------- Develop and implement an advanced prescreening system to 3 allow DHS to compare domestic passenger information to the Selectee List and No Fly List ---------------------------------------------------------------------------------------------------------------- Develop and implement an international passenger 3 prescreening process to compare passenger information to terrorist watch lists before aircraft departure ---------------------------------------------------------------------------------------------------------------- Checkpoint screening ---------------------------------------------------------------------------------------------------------------- Develop and implement processes and procedures for 3 physically screening passengers at airport checkpoints ---------------------------------------------------------------------------------------------------------------- Develop and test checkpoint technologies to address 3 vulnerabilities ---------------------------------------------------------------------------------------------------------------- Deploy checkpoint technologies to address vulnerabilities 3 ---------------------------------------------------------------------------------------------------------------- Checked Baggage screening ---------------------------------------------------------------------------------------------------------------- Deploy explosive detection systems (EDS) and explosive 3 trace detection (ETD) systems to screen checked baggage for explosives ---------------------------------------------------------------------------------------------------------------- Develop a plan to deploy in-line baggage screening 3 equipment at airports ---------------------------------------------------------------------------------------------------------------- Pursue the deployment and use of in-line baggage screening 3 equipment at airports ---------------------------------------------------------------------------------------------------------------- Air cargo security ---------------------------------------------------------------------------------------------------------------- Develop a plan for air cargo security 3 ---------------------------------------------------------------------------------------------------------------- Develop and implement procedures to screen air cargo 3 ---------------------------------------------------------------------------------------------------------------- Develop and implement technologies to screen air cargo 3 ---------------------------------------------------------------------------------------------------------------- Total 17 7 0 ---------------------------------------------------------------------------------------------------------------- Source: GAO analysis. Aviation Security Strategic Approach. We concluded that DHS has generally achieved this performance expectation. In our past work, we reported that TSA identified and implemented a wide range of initiatives to strengthen the security of key components of the commercial aviation system. These components are interconnected and each is critical to the overall security of commercial aviation.\7\ \8\ More recently, in March 2007, TSA released its National Strategy on Aviation Security and six supporting plans that provided more detailed strategic planning guidance in the areas of systems security; operational threat response; systems recovery; domain surveillance; and intelligence integration and domestic and international outreach. According to TSA officials, an Interagency Implementation Working Group was established under TSA leadership in January 2007 to initiate implementation efforts for the 112 actions outlined in the supporting plans. Airport Perimeter Security and Access Controls. We concluded that DHS has generally achieved one, and has generally not achieved three, of the performance expectations in this area. For example, TSA has taken action to ensure the screening of airport employees against terrorist watch lists by requiring airport operators to compare applicants' names against the No Fly and Selectee Lists. However, in June 2004, we reported that although TSA had begun evaluating commercial airport perimeter and access control security through regulatory compliance inspections, covert testing of selected access procedures, and vulnerability assessments at selected airports, TSA had not determined how the results of these evaluations could be used to make improvements to the Nation's airport system as a whole. We further reported that although TSA had begun evaluating the controls that limit access into secured airport areas, it had not completed actions to ensure that all airport workers in these areas were vetted prior to being hired and trained.\9\ More recently, in March 2007, the DHS Office of Inspector General, based on the results of its access control testing at 14 domestic airports across the Nation, made various recommendations to enhance the overall effectiveness of controls that limit access to airport secured areas.\10\ In March through July 2007, DHS provided us with updated information on procedures, plans, and other efforts it had implemented to secure airport perimeters and strengthen access controls, including a description of its Aviation Direct Access Screening Program. This program provides for TSOs to randomly screen airport and airline employees and employees' property and vehicles as they enter the secured areas of airports for the presence of explosives, incendiaries, weapons, and other items of interest as well as improper airport identification. However, DHS did not provide us with evidence that these actions provide for effective airport perimeter security, nor information on how the actions addressed all relevant requirements established by law and in our prior recommendations. Regarding procedures for implementing biometric identification systems, we reported that TSA had not developed a plan for implementing new technologies to meet the security needs of individual airports and the commercial airport system as a whole.\11\ In December 2004 and September 2006, we reported on the status of the development and testing of the Transportation Worker Identification Credential program (TWIC) \12\--DHS's effort to develop biometric access control systems to verify the identity of individuals accessing secure transportation areas. Our 2004 report identified challenges that TSA faced in developing regulations and a comprehensive plan for managing the program, as well as several factors that caused TSA to miss initial deadlines for issuing TWIC cards. In our September 2006 report, we identified the challenges that TSA encountered during TWIC program testing, and several problems related to contract planning and oversight. Specifically, we reported that DHS and industry stakeholders faced difficult challenges in ensuring that biometric access control technologies will work effectively in the maritime environment where the Transportation Worker Identification Credential program is being initially tested. In October 2007, we testified that TSA had made progress in implementing the program and addressing our recommendations regarding contract planning and oversight and coordination with stakeholders. For example, TSA reported that it added staff with program and contract management expertise to help oversee the contract and developed plans for conducting public outreach and education efforts.\13\ However, DHS has not yet determined how and when it will implement a biometric identification system for access controls at commercial airports. We have initiated ongoing work to further assess DHS's efforts to establish procedures for implementing biometric identifier systems for airport secured areas access control. Aviation Security Workforce. We concluded that DHS has generally achieved all 7 performance expectations in this area. For example, TSA has hired and deployed a Federal screening workforce at over 400 commercial airports nationwide, and has developed standards for determining TSO staffing levels at airports. TSA also established numerous programs to train and test the performance of its TSO workforce, although we reported that improvements in these efforts can be made. Among other efforts, in December 2005, TSA reported completing enhanced explosives detection training for over 18,000 TSOs, and increased its use of covert testing to assess vulnerabilities of existing screening systems. TSA also established the Screening Partnership Program which allows eligible airports to apply to TSA to use a private screening workforce. In addition, TSA has trained and deployed Federal air marshals on high-risk flights; established standards for training flight and cabin crews; and established a Federal Flight Deck Officer program to select, train, and allow authorized flight deck officers to use firearms to defend against any terrorist or criminal acts. Related to flight and cabin crew training, TSA revised its guidance and standards to include additional training elements required by law and to improve the organization and clarity of the training. TSA also increased its efforts to measure the performance of its TSO workforce through recertification testing and other measures. Passenger Prescreening. We reported that DHS has generally achieved one, and has not generally achieved two, of the performance expectations in this area. For example, TSA established policies and procedures to ensure that individuals known to pose, or suspected of posing, a risk or threat to security are identified and subjected to appropriate action. Specifically, TSA requires that air carriers check all passengers against the Selectee List, which identifies individuals that represent a higher than normal security risk and therefore require additional security screening, and the No Fly List, which identifies individuals who are not allowed to fly.\14\ However, TSA has faced a number of challenges in developing and implementing an advanced prescreening system, known as Secure Flight, which will allow TSA to take over the matching of passenger information against the No Fly and Selectee lists from air carriers, as required by law.\15\ In 2006, we reported that TSA had not conducted critical activities in accordance with best practices for large-scale information technology programs and had not followed a disciplined life cycle approach in developing Secure Flight.\16\ In March 2007, DHS reported that as a result of its rebaselining efforts, more effective government controls were developed to implement Secure Flight and that TSA was following a more disciplined development process. DHS further reported that it plans to begin parallel operations with the first group of domestic air carriers during Fiscal Year 2009 and to take over full responsibility for watch list matching in Fiscal Year 2010. We are continuing to assess TSA's efforts in developing and implementing the Secure Flight program. We have also reported that DHS has not yet implemented enhancements to its passenger prescreening process for passengers on international flights departing from and bound for the United States.\17\ Although CBP recently issued a final rule that will require air carriers to provide passenger information to CBP prior to a flight's departure so that CBP can compare passenger information to the terrorist watch lists before a flight takes off, this requirement is not scheduled to take effect until February 2008. In addition, while DHS plans to align its international and domestic passenger prescreening programs under TSA, full implementation of an integrated system will not occur for several years. Checkpoint Screening. We reported that DHS has generally achieved two, and has not generally achieved one, of the performance expectations in this area. For example, we reported that TSA has developed processes and procedures for screening passengers at security checkpoints and has worked to balance security needs with efficiency and customer service considerations.\18\ More specifically, in April 2007, we reported that modifications to standard operating procedures were proposed based on the professional judgment of TSA senior-level officials and program-level staff, as well as threat information and the results of covert testing. However, we found that TSA's data collection and analyses could be improved to help TSA determine whether proposed procedures that are operationally tested would achieve their intended purpose. We also reported that DHS and its component agencies have taken steps to improve the screening of passengers to address new and emerging threats. For example, TSA established two recent initiatives intended to strengthen the passenger checkpoint screening process: (1) the Screening Passenger by Observation Technique program, which is a behavior observation and analysis program designed to provide TSA with a nonintrusive means of identifying potentially high- risk individuals; and (2) the Travel Document Checker program which replaces current travel document checkers with TSOs who have access to sensitive security information on the threats facing the aviation industry and check for fraudulent documents. However, we found that while TSA has developed and tested checkpoint technologies to address vulnerabilities that may be exploited by identified threats such as improvised explosive devices, it has not yet effectively deployed such technologies. In July 2006, TSA reported that it installed 97 explosives trace portal machines--which use puffs of air to dislodge and detect trace amounts of explosives on persons--at 37 airports. However, DHS identified problems with these machines and has halted their deployment. TSA is also developing backscatter technology, which identifies explosives, plastics and metals, giving them shape and form and allowing them to be visually interpreted.\19\ However, limited progress has been made in fielding this technology at passenger screening checkpoints. The Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Commission Act), enacted in August 2007, restates and amends a requirement that DHS issue a strategic plan for deploying explosive detection equipment at airport checkpoints and requires DHS to expedite research and development efforts to protect passenger aircraft from explosives devices.\20\ We are currently reviewing DHS and TSA's efforts to develop, test and deploy airport checkpoint technologies.\21\ Checked Baggage Screening. We concluded that DHS has generally achieved all three performance expectations in this area. Specifically, from November 2001 through June 2006, TSA procured and installed about 1,600 Explosive Detection Systems (EDS) and about 7,200 Explosive Trace Detection (ETD) machines to screen checked baggage for explosives at over 400 commercial airports.\22\ In response to mandates to field the equipment quickly and to account for limitations in airport design, TSA generally placed this equipment in a stand-alone mode--usually in airport lobbies--to conduct the primary screening of checked baggage for explosives.\23\ Based in part on our previous recommendations, TSA later developed a plan to integrate EDS and ETD machines in-line with airport baggage conveyor systems. The installation of in-line systems can result in considerable savings to TSA through the reduction of TSOs needed to operate the equipment, as well as increased security. Despite delays in the widespread deployment of in-line systems due to the high upfront capital investment required, TSA is pursuing the installation of these systems and is seeking creative financing solutions to fund their deployment. In March 2007, DHS reported that it is working with airport and air carrier stakeholders to improve checked baggage screening solutions to enhance security and free up lobby space at airports. The installation of in-line baggage screening systems continues to be an issue of congressional concern. For example, the 9/ 11 Commission Act reiterates a requirement that DHS submit a cost- sharing study along with a plan and schedule for implementing provisions of the study, and requires TSA to establish a prioritization schedule for airport improvement projects such as the installation of in-line baggage screening systems.\24\ Air Cargo Security. We reported that TSA has generally achieved two, and has not generally achieved one, of the performance expectations in this area. Specifically, TSA has developed a strategic plan for domestic air cargo security and has taken actions to use risk management principles to guide investment decisions related to air cargo bound for the United States from a foreign country, referred to as inbound air cargo, but these actions are not yet complete. For example, TSA plans to assess inbound air cargo vulnerabilities and critical assets--two crucial elements of a risk-based management approach--but has not yet established a methodology or time-frame for how and when these assessments will be completed.\25\ TSA has also developed and implemented procedures to screen domestic and inbound air cargo. We reported in October 2005 that TSA had significantly increased the number of domestic air cargo inspections conducted of air carrier and indirect air carrier compliance with security requirements. However, we also reported that TSA exempted certain cargo from random inspection because it did not view the exempted cargo as posing a significant security risk, although air cargo stakeholders noted that such exemptions may create potential security risks and vulnerabilities since shippers may know how to package their cargo to avoid inspection.\26\ In part based on a recommendation we made, TSA is evaluating existing exemptions to determine whether they pose a security risk, and has removed some exemptions that were previously allowed. The 9/11 Commission Act requires, no later than 3 years after its enactment, that DHS have a system in place to screen 100 percent of cargo transported on passenger aircraft.\27\ Although TSA has taken action to develop plans for securing air cargo and establishing and implementing procedures to screen air cargo, DHS has not yet developed and implemented screening technologies. DHS is pursuing multiple technologies to automate the detection of explosives in the types and quantities that would cause catastrophic damage to an aircraft in flight. However, TSA acknowledged that full development of these technologies may take 5 to 7 years. In April 2007, we reported that TSA and DHS's S&T Directorate were in the early stages of evaluating and piloting available aviation security technologies to determine their applicability to the domestic air cargo environment. We further reported that although TSA anticipates completing its pilot tests by 2008, it has not yet established time frames for when it might implement these methods or technologies for the inbound air cargo system.\28\ Surface Transportation Security Although TSA has devoted the vast majority of its resources to securing commercial aviation and to meeting related statutory requirements, it has more recently increased its focus on the security of surface modes of transportation. However, these efforts are still largely in the early stages. International events such as the March 2004 Madrid and July 2005 London train bombings, have, in part, contributed to this increased focus. Specifically, TSA and other DHS components have developed an approach for securing surface modes of transportation, have taken steps to conduct risk assessments of surface transportation assets; and have administered related grant programs. However, TSA has not issued standards for securing all surface transportation modes, and is still defining what its regulatory role will be. Moreover, although TSA has made progress in conducting compliance inspections of some surface transportation systems, inspectors' roles and missions have not been fully defined. As shown in table 2, we identified five performance expectations for DHS in the area of surface transportation security and found that, overall, DHS primarily through the efforts of TSA has made moderate progress in meeting these expectations. Specifically, we found that DHS has generally achieved three performance expectations and has generally not achieved two performance expectations. ---------------------------------------------------------------------------------------------------------------- Table 2.--Performance Expectations and Progress Made in Surface Transportation Security ---------------------------------------------------------------------------------------------------------------- Assessment ----------------------------------------------------- Performance expectation Generally Generally not No assessment achieved achieved made ---------------------------------------------------------------------------------------------------------------- Develop and adopt a strategic approach for implementing 3 surface transportation security functions ---------------------------------------------------------------------------------------------------------------- Conduct threat, criticality, and vulnerability assessments 3 of surface transportation assets ---------------------------------------------------------------------------------------------------------------- Issue standards for securing surface transportation modes 3 ---------------------------------------------------------------------------------------------------------------- Conduct compliance inspections for surface transportation 3 systems ---------------------------------------------------------------------------------------------------------------- Administer grant programs for surface transportation 3 security ---------------------------------------------------------------------------------------------------------------- Total 3 2 0 ---------------------------------------------------------------------------------------------------------------- Source: GAO analysis. Strategic Approach for Implementing Security Functions. We concluded that DHS has generally achieved this performance expectation. In May 2007, DHS issued the sector-specific plan for transportation systems and supporting annexes for surface transportation modes, and reported taking actions to adopt the strategic approach outlined by the plan. The Transportation Systems Sector-Specific Plan and its supporting modal implementation plans and appendixes establish a strategic approach for securing surface transportation modes based on the National Infrastructure Protection Plan and Executive Order 13416, Strengthening Surface Transportation Security. The Transportation Systems Sector-Specific Plan describes the security framework that is intended to enable sector stakeholders to make effective and appropriate risk-based security and resource allocation decisions. During the course of our work assessing freight rail, commercial vehicles, and highway infrastructure security, we identified that TSA has begun to implement some of the security initiatives outlined in the sector-specific plan and supporting modal plans. While DHS has issued a strategy for securing all transportation modes, and has demonstrated that it has begun to take actions to implement the goals and objectives outlined in the strategy, we have not yet analyzed the overall quality of the plan or supporting modal annexes, the extent to which efforts outlined in the plan and annexes have been implemented, or the effectiveness of identified security initiatives. In addition, we recognize that the acceptance of DHS's approach by Federal, state and local, and private sector stakeholders is crucial to its successful implementation. We also have not assessed the extent to which the plan and supporting modal annexes were coordinated with or adopted by these stakeholders. We will continue to assess DHS's efforts to implement its strategy for securing surface transportation modes as part of our ongoing reviews of mass transit, passenger and freight rail, commercial vehicle, and highway infrastructure security. Threat, Criticality and Vulnerability Assessments. We reported that DHS has generally achieved this performance expectation. TSA has taken actions to conduct threat, criticality, and vulnerability assessments of surface transportation assets, particularly for mass transit, passenger rail, and freight rail, but we have not yet reviewed the quality of many of these assessments. TSA uses threat assessments and information as part of its surface transportation security efforts. For example, TSA has conducted threat assessments of mass transit, passenger rail, and freight rail transportation modes. TSA has also conducted assessments of the vulnerabilities associated with surface transportation assets, to varying degrees, for most surface modes of transportation. For freight rail, for example, we found that TSA has conducted vulnerability assessments of High Threat Urban Area rail corridors where toxic inhalation hazard shipments are transported. However, TSA's vulnerability assessment efforts are still ongoing and in some instances, are in the early stages, particularly for commercial vehicles and highway infrastructure. With regard to criticality assessments, DHS has conducted such assessments for some surface transportation modes. For example, TSA has conducted Corporate Security Reviews with 38 state Department of Transportation highway programs. In addition, the National Protection and Programs Directorate's Office of Infrastructure Protection conducts highway infrastructure assessments that look at critical highway infrastructure assets. We testified in January 2007 that TSA had reported completing an overall threat assessment for mass transit and passenger and freight rail modes, and had conducted criticality assessments of nearly 700 passenger rail stations. In addition, we further reported that the Grant Programs Directorate developed and implemented a risk assessment tool to help passenger rail operators better respond to terrorist attacks and prioritize security measures. We will continue to review threat, criticality and vulnerability assessments conducted by TSA and other DHS components for surface modes of transportation during our ongoing work assessing mass transit, passenger and freight rail, highway infrastructure, and commercial vehicle security.\29\ Issuance of Security Standards. We found that DHS has generally not achieved this performance expectation. TSA has taken actions to develop and issue security standards for mass transit, passenger rail, and freight rail modes. However, TSA did not provide us with evidence of its efforts to develop and issue security standards for all surface transportation modes, or provided a rationale or explanation why standards may not be needed for other modes. Specifically, TSA has developed and issued security directives, security action items-- recommended measures for passenger rail and mass transit operators to implement in their security programs to improve both security and emergency preparedness, and a proposed rule in December 2006 on passenger and freight rail security requirements.\30\ In April 2007, DHS reported that TSA uses field activities to assess compliance with security directives and implementation of noncompulsory security standards and protective measures with the objective of a broad-based enhancement of passenger rail and rail transit security. TSA also reported that in its December 2006 notice of proposed rulemaking on new security measures for freight rail carriers, it proposed requirements designed to ensure 100 percent positive handoff of toxic inhalation hazard shipments that enter high threat urban areas, as well as security protocols for custody transfers of toxic inhalation hazard rail cars in high-threat urban areas. TSA also reported that its High Threat Urban Area rail corridor assessments supported the development of the Recommended Security Action Items for the Rail Transportation of Toxic Inhalation Materials issued by DHS and the Department of Transportation in June 2006. Compliance Inspections. We concluded that DHS has generally not achieved this performance expectation. TSA has made progress in conducting compliance inspections, particularly in hiring and deploying inspectors, but inspectors' roles and missions have not yet been fully defined. TSA officials have reported that the agency has hired 100 surface transportation inspectors whose stated mission is to, among other duties, monitor and enforce compliance with TSA's rail security directives. However, some mass transit and passenger rail operators have expressed confusion and concern about the role of TSA inspectors and the potential that these inspections could duplicate other Federal and state rail inspections. In March and April 2007, with respect to freight rail, TSA reported visiting terminal and railroad yards to measure implementation of 7 of 24 DHS recommended security action items for the transportation of toxic inhalation hazard materials. Through its Surface Transportation Security Inspection program, TSA reported that its inspectors conduct inspections of key facilities for rail and transit systems to assess transit systems' implementation of core transit security fundamentals and comprehensive security action items; conduct examinations of stakeholder operations, including compliance with security directives; identify security gaps; and develop effective practices. Although TSA has deployed inspectors to conduct compliance inspections and carry out other security activities in the mass transit, passenger rail, and freight rail modes, TSA did not provide us with evidence that it has conducted compliance inspections for other surface transportation modes or information on whether the department believes compliance inspections are needed for other modes. The 9/11 Commission Act authorizes funds to be appropriated for TSA to employ additional surface transportation inspectors and requires that surface transportation inspectors have relevant transportation experience and appropriate security and inspection qualifications.\31\ The Act also requires DHS to consult periodically with surface transportation entities on the inspectors' duties, responsibilities, authorities, and mission. We will continue to assess TSA's inspection efforts during our ongoing work.\32\ Grant Programs. We reported that DHS generally achieved this performance expectation. More specifically, DHS has developed and administered grant programs for various surface transportation modes. However, some industry stakeholders have raised concerns regarding DHS's current grant process, such as time delays and other barriers in the provision of grant funding. We have not yet assessed DHS's provision of grant funding or the extent to which DHS monitors the use of the funds. In March 2007, we reported that the DHS Office of Grants and Training, now called the Grant Programs Directorate, has used various programs to fund passenger rail security since 2003.\33\ Through the Urban Area Security Initiative grant program, the Grant Programs Directorate has provided grants to urban areas to help enhance their overall security and preparedness level to prevent, respond to, and recover from acts of terrorism. The Grant Programs Directorate used Fiscal Year 2005, 2006, and 2007 appropriations to build on the work under way through the Urban Area Security Initiative program, and create and administer new programs focused specifically on transportation security, including the Transit Security Grant Program and the Intercity Passenger Rail Security Grant Program. The 9/11 Commission Act requires DHS to establish grant programs for security improvements in the public transportation, passenger and freight rail, and over-the-road bus modes and requires DHS to take certain actions in implementing the grant programs.\34\ For example, the Act requires that DHS determine the requirements for grant recipients and establish the priorities for which grant funding may be used, and it requires that DHS and DOT determine the most effective and efficient way to distribute grant funds, authorizing DHS to transfer funds to DOT for the purpose of disbursement. We will be assessing grants distributed for mass transit and passenger rail as part of our ongoing work.\35\ Cross-cutting Issues Have Hindered DHS's Efforts in Implementing Its Mission and Management Functions Our work has identified homeland security challenges that cut across DHS's mission and core management functions. These issues have impeded the department's progress since its inception and will continue as DHS moves forward. While it is important that DHS continue to work to strengthen each of its mission and core management functions, to include transportation security, it is equally important that these key issues be addressed from a comprehensive, department-wide perspective to help ensure that the department has the structure and processes in place to effectively address the threats and vulnerabilities that face the Nation. These issues include: (1) transforming and integrating DHS's management functions; (2) establishing baseline performance goals and measures and engaging in effective strategic planning efforts; (3) applying and strengthening a risk management approach for implementing missions and making resource allocation decisions; (4) sharing information with key stakeholders; and (5) coordinating and partnering with Federal, state and local, and private sector agencies. We have made numerous recommendations to DHS and its components to strengthen these efforts, and the department has made progress in implementing some of these recommendations. DHS has faced a variety of difficulties in its efforts to transform into a fully functioning department. We designated DHS's implementation and transformation as high-risk in part because failure to effectively address this challenge could have serious consequences for our security and economy. DHS continues to face challenges in key areas including acquisition, financial, human capital, and information technology management. This array of management and programmatic challenges continues to limit DHS' ability to effectively and efficiently carry out its mission. In addition, transparency plays an important role in helping to ensure effective and efficient transformation efforts. We have reported that DHS has not made its management or operational decisions transparent enough so that Congress can be sure it is effectively, efficiently, and economically using the billions of dollars in funding it receives annually. More specifically, in April 2007, we testified that we have encountered access issues during numerous engagements at DHS, including significant delays in obtaining requested documents that have affected our ability to do our work in a timely manner.\36\ The Secretary of DHS and the Under Secretary for Management have stated their desire to work with us to resolve access issues and to provide greater transparency. It will be important for DHS and its components to become more transparent and minimize recurring delays in providing access to information on its programs and operations so that Congress, GAO, and others can independently assess its efforts. In addition, DHS has not always implemented effective strategic planning efforts and has not yet fully developed performance measures or put into place structures to help ensure that the agency is managing for results. We have identified strategic planning as one of the critical success factors for new organizations, and reported that DHS as well as TSA and other component efforts in this area have been mixed. For example, with regards to TSA's efforts to secure air cargo, we reported that TSA completed an Air Cargo Strategic Plan in November 2003 that outlined a threat-based risk management approach to securing the Nation's domestic air cargo system, and that this plan identified strategic objectives and priority actions for enhancing air cargo security based on risk, cost, and deadlines. However, we reported that TSA had not developed a similar strategy for addressing the security of inbound air cargo--cargo transported into the United States from foreign countries, including how best to partner with CBP and international air cargo stakeholders. In another example, we reported that TSA had not yet developed outcome-based performance measures for its foreign airport assessment and air carrier inspection programs, such as the percentage of security deficiencies that were addressed as a result of TSA's on-site assistance and recommendations, to identify any aspects of these programs that may need attention. We recommended that DHS direct TSA and CBP to develop a risk-based strategy, including specific goals and objectives, for securing air cargo; \37\ and develop outcome-based performance measures for its foreign airport assessment and air carrier inspection programs.\38\ DHS generally concurred with GAO's recommendations. DHS has also not fully adopted and applied a risk management approach in implementing its mission and core management functions. Risk management has been widely supported by the President and Congress as an approach for allocating resources to the highest priority homeland security investments, and the Secretary of Homeland Security and the Assistant Secretary for Transportation Security have made it a centerpiece of DHS and TSA policy. Several DHS component agencies and TSA have worked toward integrating risk-based decisionmaking into their security efforts, but we reported that these efforts can be strengthened. For example, TSA has incorporated certain risk management principles into securing air cargo, but has not completed assessments of air cargo vulnerabilities or critical assets--two crucial elements of a risk-based approach without which TSA may not be able to appropriately focus its resources on the most critical security needs. TSA has also incorporated risk-based decisionmaking when making modifications to airport checkpoint screening procedures, to include modifying procedures based on intelligence information and vulnerabilities identified through covert testing at airport checkpoints. However, in April 2007 we reported that TSA's analyses that supported screening procedural changes could be strengthened. For example, TSA officials based their decision to revise the prohibited items list to allow passengers to carry small scissors and tools onto aircraft based on their review of threat information--which indicated that these items do not pose a high risk to the aviation system--so that TSOs could concentrate on higher threat items.\39\ However, TSA officials did not conduct the analysis necessary to help them determine whether this screening change would affect TSO's ability to focus on higher-risk threats.\40\ We have further reported that opportunities exist to enhance the effectiveness of information sharing among Federal agencies, state and local governments, and private sector entities. In August 2003, we reported that efforts to improve intelligence and information sharing need to be strengthened, and in 2005, we designated information sharing for homeland security as high-risk.\41\ In January 2005, we reported that the Nation still lacked an implemented set of government-wide policies and processes for sharing terrorism-related information, but DHS has issued a strategy on how it will put in place the overall framework, policies, and architecture for sharing information with all critical partners--actions that we and others have recommended.\42\ DHS has taken some steps to implement its information sharing responsibilities. States and localities are also creating their own information ``fusion'' centers, some with DHS support. With respect to transportation security, the importance of information sharing was recently highlighted in the 9/11 Commission Act which requires DHS to establish a plan to promote the sharing of transportation security information among DHS and Federal, state and local agencies, tribal governments, and appropriate private entities.\43\ The Act also requires that DHS provide timely threat information to carriers and operators that are preparing and submitting a vulnerability assessment and security plan, including an assessment of the most likely methods that could be used by terrorists to exploit weaknesses in their security.\44\ In addition to providing Federal leadership with respect to homeland security, DHS also plays a large role in coordinating the activities of key stakeholders, but has faced challenges in this regard. To secure the nation, DHS must form effective and sustained partnerships between legacy component agencies and a range of other entities, including other Federal agencies, state and local governments, the private and nonprofit sectors, and international partners. We have reported that successful partnering and coordination involves collaborating and consulting with stakeholders to develop and agree on goals, strategies, and roles to achieve a common purpose; identify resource needs; establish a means to operate across agency boundaries, such as compatible procedures, measures, data, and systems; and agree upon and document mechanisms to monitor, evaluate, and report to the public on the results of joint efforts.\45\ We have found that the appropriate homeland security roles and responsibilities within and between the levels of government, and with the private sector, are evolving and need to be clarified. For example, we reported that opportunities exists for TSA to work with foreign governments and industry to identify best practices for securing passenger rail, and air cargo, and recommended that TSA systematically compile and analyze information on practices used abroad to identify those that may strengthen the department's overall security efforts.\46\ Further, regarding efforts to respond to in-flight security threats, which depending on the nature of the threat could involve more than 15 Federal agencies and agency components, we recommended that DHS and other departments document and share their respective coordination and communication strategies and response procedures.\47\ In September 2005, we reported that TSA did not effectively involve private sector stakeholders in its decisionmaking process for developing security standards for passenger rail assets.\48\ We recommended that DHS develop security standards that reflect industry best practices and can be measured, monitored, and enforced by TSA rail inspectors and, if appropriate, rail asset owners. DHS agreed with these recommendations. In addition, the 9/11 Commission Act includes provisions designed to improve coordination with stakeholders. For example, the Act requires DHS and the Department of Transportation to develop an annex to the Memorandum of Understanding between the two departments governing the specific roles, responsibilities, resources, and commitments in addressing motor carrier transportation security matters, including the processes the departments will follow to promote communications and efficiency, and avoid duplication of effort.\49\ The Act also requires DHS in consultation with the Department of Transportation to establish a program to provide appropriate information that DHS has gathered or developed on the performance, use, and testing of technologies that may be used to enhance surface transportation security to surface transportation entities.\50\ Concluding Observations The magnitude of DHS's and more specifically TSA's responsibilities in securing the Nation's transportation system is significant, and we commend the department on the work it has done and is currently doing to secure this network. Nevertheless, given the dominant role that TSA plays in securing the homeland, it is critical that its programs and initiatives operate as efficiently and effectively as possible. In the almost 6 years since its creation, TSA has had to undertake its critical mission while also establishing and forming a new agency. At the same time, a variety of factors, including threats to and attacks on transportation systems around the world, as well as new legislative requirements, have led the agency to reassess its priorities and reallocate resources to address key events, and to respond to emerging threats. Although TSA has made considerable progress in addressing key aspects of commercial aviation security, more work remains in the areas of checkpoint and air cargo technology, airport security, and passenger prescreening. Further, although TSA has more recently taken actions in a number of areas to help secure surface modes of transportation, its efforts are still largely in the early stage, and the nature of its regulatory role, and relationship with transportation operators, is still being defined. As DHS, TSA, and other components move forward, it will be important for the department to work to address the challenges that have affected its operations thus far, including developing results-oriented goals and measures to assess performance; developing and implementing a risk-based approach to guide resource decisions; and establishing effective frameworks and mechanisms for sharing information and coordinating with homeland security partners. A well- managed, high-performing department is essential to meeting the significant challenge of securing the transportation network. As DHS, TSA, and other components continue to evolve, implement their programs, and integrate their functions, we will continue to review their progress and performance and provide information to Congress and the public on these efforts. Mr. Chairman this concludes my statement. I would be pleased to answer any questions that you or other members of the Committee may have at this time. Endnotes \1\ GAO, Department of Homeland Security: Progress Report on Implementation of Mission and Management Functions, GAO-07-454 (Washington, D.C.: August 2007); GAO, Department of Homeland Security: Progress Report on Implementation of Mission and Management Functions, GAO-07-1081T (Washington, D.C.: September 2007); and GAO, Department of Homeland Security: Progress Report on Implementation of Mission and Management Functions, GAO-07-1240T (Washington, D.C.: September 2007). \2\ Limited progress: DHS has taken actions to generally achieve 25 percent or less of the identified performance expectations. Modest progress: DHS has taken actions to generally achieve more than 25 percent but 50 percent or less of the identified performance expectations. Moderate progress: DHS has taken actions to generally achieve more than 50 percent but 75 percent or less of the identified performance expectations. Substantial progress: DHS has taken actions to generally achieve more than 75 percent of the identified performance expectations. \3\ GAO-07-454. \4\ A risk management approach entails a continuous process of managing risk through a series of actions, including setting strategic goals and objectives, assessing risk, evaluating alternatives, selecting initiatives to undertake, and implementing and monitoring those initiatives. \5\ Pub. L. No. 107-71, 115 Stat. 597 (2001). \6\ Currently, air carriers departing the United States are required to transmit passenger manifest information to CBP no later than 15 minutes prior to departure but, for flights bound for the United States, air carriers are not required to transmit the information until 15 minutes after the flight's departure (in general, after the aircraft is in flight). See 19 C.F.R. 122.49a, 122.75a. In a final rule published in the Federal Register on August 23, 2007, CBP established a requirement for all air carriers to either transmit the passenger manifest information to CBP no later than 30 minutes prior to the securing of the aircraft doors (that is, prior to the flight being airborne), or transmit manifest information on an individual basis as each passenger checks in for the flight up to but no later than the securing of the aircraft. See 72 Fed. Reg. 48320 (Aug. 23, 2007). This requirement is to take effect on February 19, 2008. \7\ For more information, see GAO, Aviation Security: Enhancements Made in Passenger and Checked Baggage Screening, but Challenges Remain, GAO-06-371T (Washington, D.C.: April 2006). \8\ For more information, see GAO, Aviation Security: Transportation Security Administration Has Made Progress in Managing a Federal Security Workforce and Ensuring Security at U.S. Airports, but Challenges Remain, GAO-06-597T, (Washington, D.C.: April 2006) and GAO, Aviation Security: Further Steps Needed to Strengthen the Security of Commercial Airport Perimeters and Access Controls, GAO-04-728 (Washington, D.C.: June 2004). \9\ GAO-06-597T and GAO-04-728. \10\ Department of Homeland Security Office of Inspector General, Audit of Access to Airport Secured Areas (Unclassified Summary), OIG- 07-35 (Washington, D.C.: March 2007). \11\ GAO-06-597T and GAO-04-728. \12\ GAO, Port Security: Better Planning Needed to Develop and Operate Maritime Worker Identification Card Program, GAO-05-106 (Washington, D.C.: December 2004), and Transportation Security: DHS Should Address Key Challenges before Implementing the Transportation Worker Identification Credential Program, GAO-06-982 (Washington, D.C.: September 2006). \13\ GAO, Port Security: Better Planning Needed to Develop and Operate Maritime Worker Identification Card Program, GAO-05-106 (Washington, D.C.: December 2004), and Transportation Security: DHS Should Address Key Challenges before Implementing the Transportation Worker Identification Credential Program, GAO-06-982 (Washington, D.C.: September 2006). \14\ In accordance with TSA-issued security requirements, passengers on the No Fly List are denied boarding passes and are not permitted to fly unless cleared by law enforcement officers. Similarly, passengers who are on the Selectee List are issued boarding passes, and they and their baggage undergo additional security measures. \15\ See 49 U.S.C. 44903(j)(2)(C). \16\ GAO, Aviation Security: Management Challenges Remain for the Transportation Security Administration's Secure Flight Program, GAO-06- 864T (Washington, D.C.: June 2006). \17\ GAO, Aviation Security: Progress Made in Systematic Planning to Guide Key Investment Decisions, but More Work Remains, GAO-07-448T (Washington, D.C.: February 2007) and GAO, Aviation Security: Efforts to Strengthen International Passenger Prescreening Are Under Way, but Planning and Implementation Issues Remain, GAO-07-346 (Washington, D.C.: May 2007). \18\ For more information, see GAO, Aviation Security: Risk, Experience, and Customer Concerns Drive Changes to Airline Passenger Screening Procedures, but Evaluation and Documentation of Proposed Changes Could Be Improved, GAO-07-634 (Washington, D.C.: May 2007); GAO, Aviation Security: TSA's Change to Its Prohibited Items List Has Not Resulted in Any Reported Security Incidents, but the Impact of the Change on Screening Operations Is Inconclusive, GAO-07-623R (Washington, D.C.: April 2007); GAO, Airport Passenger Screening: Preliminary Observations on Progress Made and Challenges Remaining, GAO-03-1173 (Washington, D.C.: September 2003); and GAO, Aviation Security: Enhancements Made in Passenger and Checked Baggage Screening, but Challenges Remain, GAO-06-371T (Washington, D.C.: April 2006). \19\ GAO-06-371T. \20\ See Pub. L. No. 110-53, 1607, 1610, 121 Stat. 266, 483-85 (2007). \21\ For more information, see GAO-06-371T. \22\ Explosive detection systems (EDS) use specialized X-rays to detect characteristics of explosives that may be contained in baggage as it moves along a conveyor belt. Explosive trace detection (ETD) works by detecting vapors and residues of explosives. Human operators collect samples by rubbing swabs along the interior and exterior of an object that TSOs determine to be suspicious, and place the swabs in the ETD machine, which then chemically analyzes the swabs to identify any traces of explosive materials. \23\ For more information, see GAO, Aviation Security: TSA Oversight of Checked Baggage Screening Procedures Could Be Strengthened, GAO-06-869 (Washington, D.C.: July 2006), GAO-06-371T, and GAO-07-448T. \24\ See Pub. L. No. 110-88. 1603-04, 121 Stat. at 480-81. \25\ For more information, see GAO, Aviation Security: Federal Action Needed to Strengthen Domestic Air Cargo Security, GAO-06-76, (Washington, D.C.: October 2005) and GAO, Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and Could Be Strengthened, GAO-07-660 (Washington, D.C.: April 2007). \26\ GAO-06-76. \27\ See Pub. L. No. 110-53, 1602, 121 Stat. at 477-79. This provision defines screening as a physical examination or non-intrusive method of assessing whether cargo poses a threat to transportation security that includes the use of technology, procedures, personnel, or other methods to provide a level of security commensurate with the level of security for the screening of passenger checked baggage. Methods such as solely performing a review of information about the contents of cargo or verifying the identity of a shipper of the cargo, including whether a known shipper is registered in TSA's known shipper database, do not constitute screening under this provision. \28\ GAO-07-660. \29\ For more information, see GAO-06-181T; GAO, Passenger Rail Security: Enhanced Federal Leadership Needed to Prioritize and Guide Security Efforts, GAO-07-225T (Washington, D.C.: January 2007); and GAO-06-181T. \30\ See 71 Fed. Reg. 76,852 (Dec. 21, 2006). \31\ See Pub. L. No. 110-53, 1304, 121 Stat. at 393-94. \32\ For more information, see GAO-07-225T; GAO-06-181T; and GAO, Passenger Rail Security: Enhanced Federal Leadership Needed to Prioritize and Guide Security Efforts, GAO-05-851 (Washington, D.C.: October 2005). \33\ GAO, Passenger Rail Security: Federal Strategy and Enhanced Coordination Needed to Prioritize and Guide Security Efforts GAO-07- 583T (Washington, D.C.: March 2007). \34\ See Pub. L. No. 110-53, 1406, 1513, 1532, 121 Stat. at 405- 08, 433-35, 457-60. \35\ For more information, see GAO-06-181T and GAO-07-583T. \36\ GAO, Department of Homeland Security: Observations on GAO Access to Information on Programs and Activities, GAO-07-700T, (Washington, D.C.: April 2007). \37\ GAO-07-660. \38\ GAO, Aviation Security: Foreign Airport Assessments and Air Carrier Inspections Help Enhance Security, but Oversight of These Efforts Can Be Strengthened, GAO-07-729 (Washington, D.C.: May 11, 2007). \39\ GAO, Aviation Security: Risk, Experience, and Customer Concerns, GAO-07-634 (Washington, D.C.: May 2007). \40\ GAO, Aviation Security: Risk, Experience, and Customer Concerns Drive Changes to Airline Passenger Screening Procedures, but Evaluation and Documentation of Proposed Changes Could Be Improved, GAO-07-634 (Washington, D.C.: April 16, 2007). \41\ GAO, Homeland Security: Efforts to Improve Information Sharing Need to Be Strengthened, GAO-03-760. Washington, D.C.: August 2003, and GAO, HIGH-RISK SERIES: An Update GAO-05-207 (Washington, D.C.: January 2005). \42\ GAO-07-454. \43\ See Pub. L. No. 110-53, 1203, 121 Stat. at 383-86. \44\ See Pub. L. No. 110-53, 1512(d)(2), 1531(d)(2), 121 Stat. at 430, 455. \45\ GAO-07-660. \46\ GAO-07-660 and GAO-05-851. \47\ GAO, Aviation Security: Federal Coordination for Responding to In-flight Security Threats Has Matured, but Procedures Can Be Strengthened, GAO-07-891R (Washington, D.C.: July 31, 2007). \48\ GAO-05-851. \49\ See Pub. L. No. 110-53, 1541, 121 Stat. at 469. \50\ See Pub. L. No. 110-53, 1305, 121 Stat. at 394-95. Senator Dorgan. Ms. Berrick, thank you very much. Mr. Hawley, let me ask you a couple of questions, first, about the Government Accountability Office assessment. One of the things they concluded is that the perimeter security at airports is probably not sufficient, and the plans, at this point, may not be sufficient. All of us who go to airports understand the security inside the airport terminal. We go through it. We watch it. We experience it. But the security with respect to the perimeter of the airport is also very, very important. Tell us your assessment of what you are doing in that area, and what the progress has been. Mr. Hawley. Yes, sir. The--every airport has its own security plan that is tailored for their particular circumstances, and that does include perimeter security. So, first of all, there is perimeter security in place that is inspected by us and owned and operated by the airports themselves. So, the commentary in the report was, I believe, in part, based on some pilot tests that were done and the criticism was, ``Hey, you've tested some of this stuff, but it's not widely deployed.'' And I would agree that more can be done. And it is a partnership that we have with the airports. I think, it is--it is important, as you noted, the security everybody sees at the front of the airport, it really extends to the perimeter and everything inside the perimeter. And I think--I view those as equally important, because if we just set up a strong perimeter, and don't have security that operates on the inside against, perhaps, the insider threat, that that's not a good thing. So, we need to have all of that covered, and that is what we're doing. Senator Dorgan. Mr. Hawley, let me ask about the issue of an award made to BearingPoint in 2004, which you're familiar with, to do a pilot project to provide transportation security credentials to 75,000 workers at various ports, airports, train stations, transportation sites. My understanding is that, by mid-2006, some $26 million had been spent, and there were only 4,000 workers in this whole matrix that had cards. Then, in 2007, TSA awarded a $70 million contract to Lockheed Martin to provide credentials to 850,000 individuals. Deployment had been expected in March of this year, but apparently a botched transfer of data from BearingPoint to Lockheed further delayed that. I ask this question because I was involved, some while ago, in the issue of recruiting for screeners at airports, and we found out that the company that did that had actually had recruiting sessions at the Waldorf Astoria, in New York, at very expensive ski resorts, and so on. And that company, of course, was taken to task for that, but I think there was pretty sloppy oversight of that company. Tell me about this circumstance, where we provide a contract to BearingPoint, didn't get the performance; now we provide a contract to Lockheed Martin, they couldn't transfer the data. Tell me about what's happening. And the reason I ask---- Mr. Hawley. Well---- Senator Dorgan.--the question, is because credentialing people at these critical sites--airports, train stations, and so on--is really important. You've got to know who's there and who has access. Mr. Hawley. Right. And the problems you mentioned have been solved, and it's--we refer to is as the TWIC program, Transportation Worker Identification Credential. And it's rolling out--in fact, today is the first day they're actually physically enrolling transportation workers at the Port of Wilmington, Delaware. And the issue there at the transition was essentially a technological issue of migrating systems so that they would interact with our other vetting systems for aviation and the other modes. And there--we were concerned that, if there was a problem with that integration, it would not only slow down the TWIC part, but would hurt the rest of our vetting. So, we took that slowly and carefully, but it is now resolved. That's--that was a lot of the concern that everybody had, frankly, this spring. But now Lockheed Martin is in place, those issues are behind us, and cards are being issued as we speak. Senator Dorgan. And you feel there is ample and proper oversight by the agency? Mr. Hawley. There is. The security measures--and this also is--a GAO report was critical of a lot of the pieces behind the TWIC program; and those, we did address, have addressed, and I believe they are resolved, at this point. Senator Dorgan. The GAO report was critical of the oversight and management. Ms. Berrick, what is your assessment, having looked at all of this, with respect to rail security? Has rail security been given short shrift? You know, all of us understand what happens when you get on an airplane. And we also understand how little of that occurs when you try to get on Amtrak or a passenger train. Has rail security been given short shrift here? Ms. Berrick. I think, compared to all surface modes of transportation, TSA and DHS have placed more of a focus on passenger rail and mass transit, because, based on intelligence information, they view that as a risk-based decision, focusing on the area--the areas of surface transportation modes where they should be spending their time. So, they've issued security directives for passenger rail, they've issued security action items. They've hired inspectors to follow up on these requirements and work with rail operators to strengthen security. We identified areas where they could do additional work. For example, we reported that inspectors' roles haven't been fully defined. Rail operators aren't completely certain whether or not the security directives are mandatory or voluntary. There can be increased communication between TSA and the rail operators. But we found that they have put more and more focus on it, and they're continuing to do that. Senator Dorgan. Ms. Berrick, thank you very much. I indicated, at the start, before some members were here, that Senator Inouye is not able to be at the hearing, and Senator Stevens will chair in his absence. Senator Stevens, did you wish to go in order of arrival? Senator Stevens. Yes. The Senator---- Senator Dorgan. All right. Senator Stevens.--was ahead of me. Senator Dorgan. All right. Senator Smith, McCaskill, Stevens, Snowe, and Klobuchar would be the order of arrival. Senator Stevens. Right, OK. Thanks. Senator Dorgan. And I have to be over on the floor of the Senate, so Senator Stevens will recognize those Senators. Senator Stevens. Thank you. Senator Dorgan. Senator Smith? Senator Stevens [presiding]. Senator Smith? Thank you. Senator Smith. Thank you, Senator Stevens--Senator Dorgan, as well. Mr. Hawley, in my opening statement I referred to the testimony of the Government Accountability Office that quotes, ``While TSA initiated efforts to develop security standards for surface transportation modes, these efforts have been limited to passenger and freight rail, and have not addressed commercial vehicles or highway infrastructure, including bridges and tunnels.'' How do you respond to that statement? Is that an accurate statement, in your view? Mr. Hawley. Well, on the highway side, we've done--we've worked with the individual states and the trucking community, basically, and are--have started with the hazardous materials drivers, those who have the hazardous materials endorsement, and we do full checks on those people. So, that is in place today, and it really is adding layers as we go. I think the bridges and tunnels would be a very high priority, and that is something that we work on with the states and also other elements of DHS. And the question of exactly what the regulatory scheme is, beyond what we have in place for hazardous materials, would be the next step, and we are looking at the vetting--basically, watch list checking against the CDL holders, those who have commercial driver's license. We also have a ``See Something, Say Something'' program that is good for reporting of suspicious incidents. Senator Smith. I understand from your reports, that roughly three-quarters of your budget goes toward aviation. That must be in response to the threat levels that you hear, or is it for some other reason that that's the preponderance? Mr. Hawley. It is for another reason. And the reason is that the economic model that we use for aviation is--the Federal Government actually does the operation of it; whereas, in the other modes it's done by State and local and private sector. It's a shared responsibility everywhere, but the bulk of our budget comes from paying the officers who work in the airports. Senator Smith. And do you see that shifting, over time, more to surface transportation? Mr. Hawley. No. No. I think that that's the economic model---- Senator Smith. It's just a function of the State and Federal responsibilities. Mr. Hawley. Correct. Senator Smith. OK. I'm curious, in 2004-2005 we saw terrorists attack train systems in Madrid and London, England, and I wonder, if we have similar threats, why our focus hasn't been more on the rail system. Mr. Hawley. Well, I--the focus is on the rail system more than, perhaps, it appears. And you will see that in the transit communities with our pairing with local law enforcement and providing them the technology. And we do VIPR teams with them. But, most importantly, for both rail and transit rail, is the employee training, and we've seen a major shift to something that--in working with the Congress--what we've done is shift the priority of the grant money to front-line training, which we think has an immediate application to stop terrorist attacks. And so, that's on the passenger rail side. On the freight rail side, we have an agreement that's in place that's already reduced the amount of toxic material that is standing unattended in high-threat urban areas. And we're doing a regulation now to back that up, but we've already seen the improvement. Senator Smith. One final question, Mr. Chairman. Mr. Hawley, it's been interesting to follow TSA since 9/11, and the different kinds of technologies employed, and it seems to be getting better and better and more efficient all the time. And I'm wondering, as you look into the future, what is the best technology for providing security to the American people that you see? Mr. Hawley. The best technology is the human brain, because we're fighting an enemy who, when we put in place something that is rigid, will figure a way to go around it. So, we always have to have the human element to not allow them--they have unlimited time to plan--not allow them the ability to plan a perfect attack. But, I think, the technology we're testing now in Phoenix to detect explosives on the body, I think that is-- that has been a concern of all of ours, and that's now getting in place; and the privacy aspects of that are critical, and looking forward to the public debate as we roll that out. I think the explosive detection for baggage is moving along pretty well, but the main--the big bonus will be when we have stand-off explosive detection, to be able to--as people go through a lobby area, be able to detect it without forcing them to go through a bottleneck. Senator Smith. Very good. Thank you. Senator Stevens. Senator McCaskill? STATEMENT OF HON. CLAIRE McCASKILL, U.S. SENATOR FROM MISSOURI Senator McCaskill. Thank you, Mr. Chairman. Mr. Hawley, in December of 2001, according to the IG at the Department of Transportation, a senior aircraft technician at a foreign repair station in Singapore was found to be a member of the terrorist organization al Qaeda. Based on interviews with the repair station personnel, the IG determined that this technician had photographed U.S. aircraft as potential targets for a terrorist attack. That was in December of 2001. That was one of several different facts that the IG revealed in a scathing report concerning foreign repair stations and security issues. There are foreign repair stations located at a minimum of five countries that have been identified by the U.S. State Department as terrorist safe havens. Now, as a result of this report, Congress took it very seriously and passed a law, and said, in that law, by 2004, you had to promulgate a rule concerning foreign repair stations and the auditing and inspection of foreign repair stations for the safety of the flying public. By 2000--18 months later, you were supposed to be auditing all these foreign repair stations. I have here a draft of the rule that was supposed to be finished in 2004. This draft was finished in 2005. And nothing has happened. Now, I know, if we determined there was a member of al Qaeda that was traveling on one of our airplanes by one of the systems we have in place--there would be an outcry. What I can't figure out is why there is no sense of urgency about foreign repair stations, especially in light of the fact that we have, now, noncertified foreign repair stations that are doing significant work. And, by the way, all of these airplanes have the right to leave these foreign repair stations, some which are in countries we've designated as terrorist safe havens, and go directly to an airport and pick up passengers. There's no requirement they come back to be looked at again by people here in the United States or by any of our systems here in the United States. I think it is a disaster waiting to happen, and I would like an explanation as to why your agency has been unable to promulgate a rule that Congress said had to be done by 2004, and this is 2007. Mr. Hawley. I can speak to what has happened recently. I was not with TSA at that time, and I, frankly, don't have any background into what happened there. I think--I know what's happening now, which is, in the 9/11 bill, there is a requirement for us to put out a rulemaking, and then follow it up in 6 months with inspections. And we intend to do that. The regulation is working its way through the process, and that will kick out when it goes through the review process. And I can't exactly predict--except that it is being worked on. And as far as the current vulnerability, that is something that we look at, with what happens in other countries and people's access to the transportation infrastructure, including aviation. And, as you know, there are layers that are in place, so it is not completely uncovered. It's part of the layer and risk management that we look at. And we take the--clearly, the requirement put forth by the Congress to make this happen, and we will make this happen. Senator McCaskill. Well, there is a rule that was drafted, and a former employee got it to us, and nothing's happened with it. And, I gotta tell ya, as you well know, right now there is no rule even requiring background checks. When you've got perimeter security issues at many of these foreign repair stations, certified and noncertified, I would hate to have happen what could happen, and that is, with all the effort and time we're taking checking everyone's suitcases and wanding everyone's knee replacements, that we've got terrorists working under the hoods of these airplanes in foreign countries, and we are basically twiddling our thumbs since the Congress mandated this, back in 2003. I just hope that you leave this hearing with a sense of urgency about the issue of foreign repair stations. I've got some other questions about airport screenings I'd like to address if we get a chance for another around of questions. Thank you, Mr. Chairman. Senator Stevens. Thank you. I'm sure there will be another round, Senator. Senator Snowe? STATEMENT OF HON. OLYMPIA J. SNOWE, U.S. SENATOR FROM MAINE Senator Snowe. Thank you, Mr. Chairman. Mr. Hawley, I'd like to follow up on the issue of commercial airline cargo and what is the status. I noted, in the GAO report, that one of the significant failures, at this point, is the inability to develop and implement the technologies necessary. For too long, this has--cargo loophole has been insufficiently addressed by the Department, and, despite the ramping-up of efforts with the passage of the 9/11 Commission recommendations by this committee last year, and by the Congress, clearly this is a major issue and flaw in the process. And I would like to hear what you intend to provide for an update on this, and why we can't close the gap. I know we've got the Known Shipper Program, but, again, that does not require extensive screening of the cargo under the Known Shipper Program, similar to what, you know, individuals, you know, have to comply with when they're going through screening at the airports. And certainly this provides another gaping hole in our system. And, frankly, it's gone on for far too long. Mr. Hawley. The report that you mention was a snapshot in time, looking backwards over a year ago. And we've been-- Secretary Chertoff has a very high priority of mine, as well as--I have my own priority to do this--to meet those issues. And we've done exactly that. The--there was a category of freight called ``exempted freight,'' and we've gone in and required various security measures on that. We've added the equivalent of 100 canine teams to focus on the cargo that previously had not been inspected. So, that's--that is now happening everywhere. At the 250 smallest airports, they get exactly the same screening as we give for checked baggage. And the 9/11 bill that we're talking about here puts in place--I--and I would really compliment this committee to work with us on practical solutions, a step up from where we are, and we intend to meet the requirements under that deadline. We also have the canine--170 canine teams were put in through the recent appropriation supplemental for air cargo. So, we've--we have been driven on the issue of closing any vulnerabilities that may have existed on air cargo, and I think the picture today is significantly different than it was when that report was written--significantly better. Senator Snowe. So, what is the percentage of air cargo that is now currently screened? And is it done on the--is it conducted under the Known Shipper Program? And is that cargo actually screened? Mr. Hawley. The--I know exactly what you're asking, and, in the new law, it says, explicitly, ``You can't use the Known Shipper Program to meet the requirements that we're saying.'' It says, ``You get 18 months to get 50 percent, and then, at the end of 3 years, you've got to be 100 percent, and you can't count Known Shipper.'' So, it's very clear on what is required. It defines ``screening,'' it defines what the system is required to do, the timeline. And I think it is workable. And, again, I would thank the Committee for working with us to get something that is workable and we will do it. Senator Snowe. I know the Inspector General report in August indicated that there were a dearth of screeners for cargo. So, what is the ratio of cargo screeners to airports? Mr. Hawley. Well, we don't assign our officers to the cargo side. The--where we do that is with either the law enforcement officer paired with a canine, our security inspectors--and we've got about 1,000--and then the airlines themselves have to do screening. Senator Snowe. And so--but what is--so, what's the actual number, though? I mean, isn't that something that you ought to be concerned about? Mr. Hawley. Well, we use our transportation security officers for screening people, and we do have them go in the back of the airport, including cargo, to do checks on the people working there. But the actual screening is not done by those officers, it's done either by the canine teams, who are not TSOs, our inspectors, or airline personnel. Senator Snowe. Ms. Berrick, can you comment on Mr. Hawley's response to cargo screening? Because this is a critical issue, and a major gap in our system that obviously needs to be rectified. And what would you--in response to his--the answer with respect to the timeline for achieving it? Ms. Berrick. Sure. GAO actually looked at two aspects of air cargo. One was cargo domestically transported to the United States, and we also looked at cargo from foreign countries coming into the United States. One point we made was that, for domestic air cargo security, TSA does have a lot of actions underway and are moving in the right direction to strengthen cargo security. We had a number of recommendations and things they can be doing, more. In terms of inbound air cargo coming into the United States, that's much more in the early stages, in terms of both TSA and CBP ensuring the security of this cargo. But, I think, probably the most important points we made in our report was that foreign countries that also secure their cargo were using some measures that potentially could be used in the United States. For example, some countries have a more robust program to verify indirect air carriers, freight forwarders who consolidate cargo. And they over--they're pretty rigorous in their oversight over these entities, which isn't currently happening in the United States. Also, some foreign countries have extra security procedures at airports where cargo is stored, or they have guards monitoring the cargo. People have to be physically screened if they go into the facility. Here in the United States, the cargo is on the airport grounds, which has its own security program, but it doesn't have that extra layer of security. Also, some other countries are using technologies to screen cargo--radiation detection monitors. They're also using large X-ray machines to screen a portion of air cargo. And other countries are also, similar to TSA, working to increase the amount of cargo that they screen. And, in fact, some view the United States--the risk of shipping cargo to the United States as higher, so some countries actually do additional security screening for cargo that's bound for the United States. But I think that the lessons from our report--a good lesson is the fact that other countries do have mechanisms in place to strengthen cargo screening, and some of these, potentially, could be considered and may be applied in the United States. Senator Snowe. Thank you. Thank you, Mr. Chairman. Senator Stevens. Thank you. Senator Klobuchar? STATEMENT OF HON. AMY KLOBUCHAR, U.S. SENATOR FROM MINNESOTA Senator Klobuchar. Thank you, Senator. Thank you. Five years ago, the 9/11 Commission provided Congress and the American people with a clear assessment of the need to reform our approaches for security. And I believe that TSA was created in 2001--is that correct?--has done some good work. But I think of, the assessment that you received in 2005, when ten members of the 9/11 Commission issued a report card that found that the TSA was either failing or providing unsatisfactory progress in a number of key areas. And my questions are really to follow up on Senator Snowe, first, about the cargo screening, and if you think that the 100 percent goal is possible to meet. And I want to clear the record that you did say we would meet the goals of the 9/11 Commission recommendation bill--I think that's 50 percent of all air cargo carried on commercial airplanes screened within 18 months, all commercial air cargo screened within 3 years. Is that correct? Mr. Hawley. That is correct. Yes, ma'am. Senator Klobuchar. And so, do you think it's possible to get to 100 percent? Mr. Hawley. Yes. Senator Klobuchar. How do we do that? Mr. Hawley. Yes. And I think Ms. Berrick, in her answer to Senator Snowe, outlined a lot of the tools that we're going to use. And we have followed, very closely, the work with our international partners, and some of those programs are, we feel, capable of being implemented here, and some of the technology that Ms. Berrick mentioned, that we're not currently using, could be configured to use in cargo. So, we are working through that right now, and I--this committee was instrumental in making it such that we are, in fact, going to be able to do it, and get the real screening that doesn't rely on the so- called Known Shipper Program, that is real screening in the way we all know we mean it. And I think the other important piece is that--with our international partners--that, as we align with them--we are in frequent conversation with our partners around the world to have a unified security measure, that, as we meet those deadlines, it would be a similar security blanket for our trading partners, as well. Senator Klobuchar. OK. Thank you. Ms. Berrick, I had some questions about the GAO report on the passenger screening. I know that the GAO found the lack of a standardized process for all airlines when they look at cleared lists for passengers, and that they've contributed to delays--could you talk a little bit about that and what those problems are? I know the Secure Flight Program can't become operational until you certify that the TSA has satisfied the requirements. What are the barriers to getting that satisfied and how do we fix this? Ms. Berrick. Sure. In terms of the current process, the prescreening of passengers--the way it works is, air carriers match passenger information against the terrorist watch list that TSA supplies to them to determine if there are any high- risk passengers that shouldn't be allowed on a flight. The problem with the current process is that air carriers all do it a little bit differently. Some may have really rigorous methods for doing name-matching, others may use a manual process. So, theoretically, you could be on one flight with one carrier and not be a match, get on the plane with no problem; you could be with another carrier, and be a match, because your name sounds similar to someone that's on the terrorist watch list. So, with the development of Secure Flight, if Secure Flight operates as intended, it should correct that problem, because the government will be taking over the function, they'll be doing the name-matching consistently, they'll be using a more robust methodology to match passenger information. And it also provides a security benefit, in that the government won't have to provide the terrorist watch list to the private sector, because right now, again, the carriers are receiving this--some carriers contract out with foreign countries, and the foreign countries are actually doing the name-matching. So, obviously, there are concerns there. Secure Flight, in the past we've reported that the reason the program has had problems--again, this is in the past--was that TSA wasn't following a disciplined development process. There is--TSA even has procedures on how you go about developing systems like this. And, in the need that they felt to implement the program quickly, some of those requirements were bypassed. Since that time, TSA has stood down and rebaselined their program consistent with GAO's recommendations. They've taken a lot of positive action to help ensure Secure Flight's success, including following more disciplined processes, bringing in people with the appropriate skills. We're still looking at Secure Flight. And, in fact, we're going to be reporting, in response to the 9/11 Act, in January of 2008 on what our assessment is of TSA's progress. Right now it's too early for us to conclude whether---- Senator Klobuchar. Do you know how long it will take to get it certified, and what the timetable is? Ms. Berrick. Well, one of the things we've been asked in the 9/11 mandate was to look at TSA's time-frame for fielding the program to determine whether or not we think it's reasonable. So, that's one of the things we'll report in January. We don't have an answer yet on that. Senator Klobuchar. Mr. Hawley, do you want to add anything? Mr. Hawley. I think that's a good summation. And I think we now have got the program in good shape. The rule is out. We've had the public comment. We're going to be closing off public comment and writing the final rule, and then the various certifications. We're about a third of the way through from our end, of that work. And it will come down to the funding level for FY08 as to exactly how fast the program progresses. Senator Klobuchar. Ms. Berrick, back to the issues you raised about the privacy concerns. So, the actual names of the people on this list are going to foreign governments, or what's happening? Ms. Berrick. In some cases, under the current process, air carriers who do, again, the matching, they'll contract out and have a contractor do the matching. In some cases, they have done that with companies located in foreign countries. So, that has happened. The majority of carriers don't do that, but some have. Senator Klobuchar. Should the Congress take seriously the reports that airlines have supplied DHS with substantial information on passengers without their knowing it, some of these privacy concerns that have been raised? Ms. Berrick. We haven't looked at privacy with respect to the current process. We are looking at that as a part of Secure Flight. In the past, we have reported that there were some problems, in terms of TSA reporting how they're using passenger data during testing of the Secure Flight program. Since that time, in our work with TSA, we've found that they've built in more privacy safeguards into the program--again, that are positive. The recent privacy notice that they've implemented has contained information that, in fact, GAO recommended. So, we think they're moving in the right direction. But, again, in terms of Secure Flight protecting privacy, it's too early for us, at this point to draw any conclusions, but we will be talking about that in our January report. Senator Klobuchar. Thank you. Senator Stevens. Senator Thune? STATEMENT OF HON. JOHN THUNE, U.S. SENATOR FROM SOUTH DAKOTA Senator Thune. Thank you, Mr. Chairman. Thank you for holding the hearing. And thank you, our panelists, for being here today and providing some testimony in what is very valuable input on TSA's progress toward carrying out the important piece of legislation that was passed, the 9/11 Commission Act of 2007. We've got about 9 billion, I think, passengers each year that use mass transit, about a 2 million a day that fly on the airlines, and so, obviously, we have a lot of citizens who depend and--upon accessible, affordable, and efficient travel, both for commerce and leisure, and that--the same things that, you know, we're concerned about, in terms of our vulnerability to terrorist attacks, our--those things, even though we've got safeguards and everything in place, continue to be a concern to a lot of people who travel. And, obviously, we want to make-- take every precaution, but try and do it in a way that provides as much ease and convenience for people that are traveling as possible. One question I have with regard to that, Mr. Hawley, is, can the TSA implement the provisions of the 9/11 Act, while, at the same time, making the airline passenger prescreening process more efficient and passenger friendly? Mr. Hawley. I think that the parts in the 9/11 Commission implementation bill that relate to passenger screening will put us in the right direction. In other words, the Secure Flight, the watch list matching, those programs, I think, will have an immediate--when Secure Flight is up, will have an immediate, positive, enormous effect by eliminating the people who are not on the watch list, who are somehow told that they are, or think that they are; and, when that issue goes away, I think it will elevate the spirit of the traveling public, as well as protect the security of the list. So, we've got some technology that we need to roll out, that we have already started rolling out for passenger checkpoints, and so, all of those things are going to go toward decluttering the checkpoint, calming the environment down so it's not as much of a crush, and that gives us better security, it also gives a better experience. Senator Thune. How close are we to using some of the biometric identifiers? You talked about technology. How far out is that? And are these short-term or long-term objectives for TSA? Mr. Hawley. The ones I mentioned are short-term, immediate- term, and they're happening now. Senator Thune. Right. Mr. Hawley. On the biometrics, it's--one of the criticisms in the GAO report is that we haven't deployed the biometrics in the airport environment. So, that clearly is the next piece for us. We've got the--in the port environment, the TWIC card is being--enrollments are going on now, so that is the sophisticated biometric. The standards are set, and we're working with the airport community to get the--the difficulty is the interoperable card so that, as required in the 9/11 bill, when we're talking about flight crews, that there be interoperability from airport to airport. So, it's much easier to do one airport, but a--but it's much more complicated to have the one issued here work at the other. So, that's the problem that we're working through. But I think you put your finger on it, that's--that is a critical next step in aviation security. Senator Thune. What--how--and what--when you say ``short- term,'' what--``long-term time frame,'' what is the time-frame on that, would you say? Mr. Hawley. The biometrics have been much more difficult to implement than any of us expected. And TWIC, as everybody knows, has taken longer than any of us would have liked. And it come--it is the most sophisticated interoperable biometric system in the world. And so, expanding that into the aviation environment is not trivial, but I think we've solved most of the problems. We now have to figure out, ``OK, how do we--how do we actually implement it? And how do we make the back end connect to our watch-list-checking in a way that allows us to process it all smoothly?'' Senator Thune. Is the interoperability that you referred to, and being able to integrate this on all the airports around the country, the limitation on that, is that a technology limitation or a funding limitation? Is it a--is it a matter of not having enough money to make that---- Mr. Hawley. It's first the--it's first the technology and the operational integration from the point--it's not--nothing needs to be invented, but fitting the pieces together is the difficult part, and then the money--we'll have a big debate about the money. But I think all of us agree it has to happen, and the airports have been a great partner in it, and we'll work that out. Senator Thune. Thanks. Ms. Berrick, some of the critics of the U.S. aviation security policy argue that there has been too much emphasis given to previous attack scenarios, and--for example, hijackings, luggage bombs, those sorts of things. Do you agree with that assessment? Ms. Berrick. I---- Senator Thune. And why, or why not, I guess is---- Ms. Berrick. Yes. It--well, in most of our work we look at to what extent TSA is using threat information--current threat information to drive their decisions. And generally we're finding that they do do that. And, of course, they consider past threats and try to mitigate those. They also look forward: What are the current threats, and where should we be moving, you know, in the next 5 to 10 years? So, generally, we've seen that they've done that. Related to making risk-based decisions, the area where we've probably identified they could do more work is related to doing vulnerability assessments on how vulnerable are we against these various threats? But they've done vulnerability assessments in a lot of different areas. We've reported that we think we can--they can strengthen their efforts to look at how vulnerable we are. But, pretty consistently, in almost all of our work, we've found that TSA has incorporated threat information--and, again, not just past threat information, but looking forward--to help drive their decisions and priorities. Senator Thune. Thank you, Mr. Chairman. Senator Stevens. Thank you. Senator Lautenberg? STATEMENT OF HON. FRANK R. LAUTENBERG, U.S. SENATOR FROM NEW JERSEY Senator Lautenberg. Yes, Mr. Chairman. Thanks very much for conducting this hearing. We have lots of questions about the inability of--a major government agency unable to meet a deadline. And it's a consistent problem, it seems to me, especially with DHS. I know there are lots of loyal, hardworking people there who want to get the job done right, they know that it's an enormous responsibility. But yet, a deadline for dealing with the security of bridges and tunnels in New York/New Jersey region. There is an amendment that I authored, the Fiscal Year 2007 Homeland Security appropriations legislation, and they were supposed to report by March 1, 2007. And I ask you, Mr. Hawley, what's the status of that report? Mr. Hawley. The report is complete, and I believe it is undergoing--it's a classified report, and it is undergoing clearance. But I should also say that anything developed from that report, we've discussed with the appropriate officials in the appropriate regions, so that there--so that we're not holding back information that would allow them to do security improvements. It's the--it's basically going through the clearance process. Senator Lautenberg. Well, this is way past April 2007, in case anybody didn't notice the weather change out there. When will TSA, Mr. Hawley, begin enrolling workers at the Port of New York and New Jersey in the TWIC program? Mr. Hawley. It will be soon. I'm trying to figure out how to give you an answer without making it one---- Senator Lautenberg. Me, too. Mr. Hawley.--that we can't meet. I think it's going to be in the next big series. Obviously, that is the--that is the big port community on the East Coast, and there are a couple of the smaller ones first to get the system burned in, but it will be in the holiday-season/January time-frame that we'll begin in the New York region. Senator Lautenberg. The 10 or 11 test communities or ports--that are identified for establishing the clearance mechanism does not include--a port like the Port of New York and New Jersey, which is one of the largest ports in the country. We're going to smaller ports. And I don't know how long we have to stand and wait. If there is any risk at all with the people who come in, drive the trucks, and so forth-- now, most of the regular port workers have ID cards--but the trucks that come in by the thousands each and every day don't have any checks going on there. And I wonder why it is--that it doesn't require immediate or critical attention to a port like the New York/New Jersey Port, which has exposure to all kinds of things that we dread thinking about, like the most dangerous 2 miles in the country, identified by the FBI, for a terrorist attack. Mr. Hawley. We've spent a lot of time working with the ports there, and there's a lot of security in place. They are right in line to get the TWIC program when it rolls out. And, as you know, today is the first day we've started issuing them, and once we get through this--the first couple of rounds, it will---- Senator Lautenberg. How long might that take? Mr. Hawley. Well, I was projecting in the holiday-to- January time frame. Senator Lautenberg. Holiday? Mr. Hawley. Holiday this year. Yes, between now and sometime in January. Senator Lautenberg. That we might---- Mr. Hawley. Begin---- Senator Lautenberg.--that we might see a rollout in the---- Port of New York/New Jersey---- Mr. Hawley. Yes, sir. Senator Lautenberg.--and I want to take a moment to ask Ms. Berrick--has your office looked at TSA's efforts on assessing security of critical infrastructure--bridges and tunnels? Ms. Berrick. We do. We do have ongoing work, looking at TSA's efforts in that area. We're going to be completing a report, probably in the spring of 2008, so it's ongoing. And we're finding that TSA is doing what they call, ``corporate security reviews,'' where they'll go out to these bridges and tunnels and assess the state of security, work with the states there. Basically, at this point, it's in the early stages. They're getting an understanding of what's being done for security. There are some technologies that DHS is pursuing related to bridges and tunnels, but it's still relatively in the early stages. Senator Lautenberg. Mr. Chairman, we've grown accustomed to the pace here, and--not to be critical of the witness, but the fact is that deadlines made--don't mean that deadlines are met. Any deferrals of the serious problems that we might encounter on the bridges and tunnels is something that ought not to be acceptable, and it isn't. Thanks, Mr. Chairman. Senator Stevens. Senator Rockefeller? STATEMENT OF HON. JOHN D. ROCKEFELLER IV, U.S. SENATOR FROM WEST VIRGINIA Senator Rockefeller. Thank you, Mr. Chairman. Senator Stevens. Sir. Senator Rockefeller. I was going to ask a bunch of questions on air cargo, but I understand they've already been asked. Senator McCaskill. Bunch of them have. Senator Rockefeller. So, that means that if I read the memos that come out of this, I'll know what the answers were. Senator McCaskill. Yes. Senator Rockefeller. Or I could ask them. Senator McCaskill. You could ask them again. Senator Rockefeller. I will. [Laughter.] Senator Stevens. You know, the famous Simpson statement that all the questions have been asked, but not everybody has asked them. [Laughter.] Senator Rockefeller. I am constantly amazed at the asymmetry between everybody going through all of this trouble, which I thoroughly support and was co-conspirator in writing, with their handbags and carry-on bags and all the rest of it, and then knowing that, if it's a 4-ounce something, I can put it in my checked suitcase, or if I was a terrorist, if it was a 2-pound bomb, I could put it in my suitcase, and just check it. I don't care how many times the question has been asked, I don't understand that. I don't understand why we aren't doing more on air cargo. Mr. Hawley. We are doing more. And we talked a little bit about the old report that is now out of date, and some of the things that we have done between then and now. I think the critical point is that the Committee was instrumental in writing the legislation in the 9/11 bill, and I mentioned earlier that we expect to meet the deadlines in the bill by the terms written in the bill. We understand what they mean. Senator Rockefeller. Do you have the money? Mr. Hawley. To start? Yes, we're launching, and then, when we need more money, we'll tell you. I think, around January we're going to know more, in terms of what the---- Senator Rockefeller. Is OMB releasing to you the money you need to do this? Mr. Hawley. It isn't a money issue right now; so, yes. But it's really at the point of program development. We have enough program development money to get it done--to get it rolled out, and then we'll figure out what the costs are. Senator Rockefeller. See, but that sounds to me--like--what you're really saying is, ``We've got good ideas, and we're starting to implement some of those ideas, but we're not really sure if we're going to have the money.'' Mr. Hawley. No, no, no. Senator Rockefeller. That's what it sounds like to me. Mr. Hawley. Well--I'm sorry. The--Ms. Berrick mentioned some of the experience the international community has in air cargo, and that what we'll be doing is adopting some of those methods at--that are compatible with the language of the law, and applying those. Some of those do not require congressional appropriations, some of them are going to require expenses by other parties in the supply chain. I think where the money will come in is when we figure out what kind of technology we can deploy, at airports, that can handle the cargo that we're going to see there, and then we have to fight out who pays for that. So, we are---- Senator Rockefeller. A lot of ``ifs.'' Mr. Hawley. We--pardon me? Senator Rockefeller. A lot of ``ifs.'' Mr. Hawley. No, we pretty much know what we're doing on the program, and it has to be driven down to the operational level of exactly the details. So, I think--I mean, I--this is a tough deadline, to hit 50 percent in 18 months, and we are accepting that challenge, and we will meet that. And I believe that, in future years--i.e., 3 years from now--that the 100 percent will be done, as well. Senator Rockefeller. OK. Oh, boy. Well, good luck. What about general aviation? I've done a lot of flying on that, which I pay for, when I have to get to West Virginia, because we don't have a lot of flight service. And--once, in my entire life, I--have been through a screening device. Once. I forget the airport. And I know that you have plans for identification and things of this sort, but I have the feeling that, in terms of what people carry on, and the cargo, the pilots, the passengers, nobody really has any idea of who they are, and, like in everything else, they're getting a free ride. Mr. Hawley. Our--we are working on, as I think we've discussed, regulations in that area. We've done risk assessment in the GA community to see what the higher-risk aircraft are, and what to do about them. And then--so, I would expect, in the coming months, that we'll come forward with the--a formal program on that. We already are working, as you may know, with our international partners on identifying aircraft as they come to the United States, and also, with the GA community to, as you mentioned, the identity validation of who's flying the aircraft. And then, the passenger screening comes behind that. Senator Rockefeller. Is it--and, I apologize; it'll just take 3 seconds--the--is it not true that if you have the right amount of explosives in a King Air, that you could pretty much demolish this whole complex? Mr. Hawley. You know, I think the answer to that is a classified answer, but your point is well taken. Certainly, an aircraft of that size loaded with explosives would---- Senator Rockefeller. I'm not talking about even a jet, just a King Air. Mr. Hawley. No, I understand. Yes, I'm---- Senator Rockefeller. Thanks. Mr. Hawley. Thank you, Mr. Chairman. STATEMENT OF HON. TED STEVENS, U.S. SENATOR FROM ALASKA Senator Stevens. Thank you. Thank you very much, Senator. Ms. Berrick, we've got your report, and you touched on it in your opening statement, but could you summarize, what does your agency think about the progress that has been made on the major programs, like TWIC and Secure Flight and cargo security and the surface transportation security? Have you judged that, relatively? Ms. Berrick. Well, we have given an overall assessment on TSA's progress in both aviation and surface. In aviation, we concluded, if you look at all the legislative requirements that Congress passed, Homeland Security Presidential Directives, DHS's own plans, for aviation we found that TSA met 70 percent of the expectations that were set out for them related to aviation. This doesn't include the recent requirements in the 9/11 Act. In surface transportation security, there were much less requirements set out in legislation for TSA. There were only five. And we said that TSA met three of the five. So, in terms of progress, much more has been done in commercial aviation. There's definitely becoming, and we're seeing through our work, more of a focus on surface modes of transportation. Senator Stevens. How is that related to the payment into the system from the transportation mechanisms you reviewed? I mean, it seems to me that the bulk of the money is coming from airline passengers, and yet, part of that is going into the other systems. Is that right? Ms. Berrick. That's not our--that's not our understanding. And we haven't looked specifically at how the fees flow in. I know TWIC will be a fee-funded program, the program that you mentioned, which is another major effort that TSA is---- Senator Stevens. But that's, again, airlines. Ms. Berrick. I'm sorry? Senator Stevens. That's, again, an airline program, right? Ms. Berrick. Well, right now it's being implemented at the ports. Eventually, it may be implemented to other transportation modes, including aviation. Right now, it's just being implemented at the ports. Senator Stevens. Will it pay for itself? Ms. Berrick. That may be a better question for Mr. Hawley. I know there were---- Senator Stevens. Well, let me ask---- Ms. Berrick.--appropriations---- Senator Stevens.--him, then. Are these other systems going to pay for themselves? You know, I'm a little provincial. Seventy percent of our travel is by air. And we're paying, every time we travel. I think there are other people, who travel in various modes of transportation, that aren't contributing to this system. Am I wrong? Mr. Hawley. The TWIC cards will be paid for by the people buying them. So, that will be---- Senator Stevens. They're not paying, now, are they? Mr. Hawley. We're just starting the implementation. But I think your larger point, the transit drivers pay a significant part of the--or transit users--pay a significant part of the cost. It is paid for out of the municipality where they exist. So, in an indirect form, I guess through taxes and also from the fare box--but I think your point certainly, in dollars in aviation, it is a large chunk of money that comes to the Federal Government; in transit, it's dispersed throughout---- Senator Stevens. Well, I pay an exit tax, as well as a tax on my airline ticket. The rail passengers don't do that, do they? Mr. Hawley. I don't believe they pay a separate tax. Senator Stevens. How are we going to get to the time when we balance this program so that the people involved pay for the security that they're being delivered? Mr. Hawley. I think that's a larger societal issue. And-- you know, that it goes to the economic model of how we pay for security. Senator Stevens. Well, let me get real provincial. In airports like ours, why don't we have a line for the local residents, and other lines for nonresidents? I would go into one of these airports, and they would say, ``Hi, Ted. Take off your belt and shoes.'' Now, why can't we get to the point of recognition of local people? Mr. Hawley. We're working on making the whole process go more smoothly. And--I mentioned, earlier, in terms of spreading it out, the identity issue--I guess we're feeling that, at this point, everybody should have an exposure to some security, although we are looking at breaking that up, based on--random. So, in other people--some people get shoes, trace detection; other people may have, you know, belts or something else. Senator Stevens. All right. My last question is this. I saw an elderly gentlemen. He was obviously a World War II vet, not very articulate; he came through the system, and he set it off. And he was having a very difficult time, everyone trying to hold wands over him, everything else. He had shrapnel in him. Do we have identifications for those people now, so they don't have to go through that every time they go through that screening? Mr. Hawley. No, we don't. However, we do have--we just deployed machinery that will make that automatic, so that the people with hips and shrapnel or any other implant, basically, will not slow them down, so they won't trigger secondary alarm when they go through. Senator Stevens. How far away is that? Mr. Hawley. Well, we have it in Phoenix today, and we're going to put some--probably four out in 2008. Senator Stevens. Well, what do you do with those people, when no one really understands it? That gentleman was put into a secure room until someone figured out he was a vet with shrapnel in him. Mr. Hawley. They usually are able to resolve it at the-- right there are the magnetometer. And if the individual requests secondary screening, of course they'll take them back. But our officers are extremely well prepared for that situation. It happens every day. Senator Stevens. Senator? Senator McCaskill. Back to foreign repair stations, Mr. Hawley, the law that was passed in 2003 also mandated that you all begin doing auditing of foreign repair stations. How many foreign repair stations has TSA audited in the last year? Mr. Hawley. I don't believe that we've audited any. Senator McCaskill. And so, you've had no inspectors traveling to foreign repair stations, even the five countries where there are foreign repair stations that have been identified, in April of this year, as--terrorist safe havens? Mr. Hawley. Well, the FAA, as you know, has responsibility to be in there, and--for the certified areas--and I think we discussed, in your previous round, that we're preparing the rule, and we'll be deploying our inspectors within 6 months of the rule. Senator McCaskill. Well, the law specifically gives TSA the responsibility to audit for security; FAA just does safety. You specifically have been mandated by Congress to audit for security, and you're saying that has simply not been done. Mr. Hawley. No--I'm saying we intend to meet the obligation under the law, that we have to put out a rule that will give us the regulatory authority to do it. And, when the rule is out, then we go and inspect. And I think the law--the 9/11 law is very clear, and it says, ``We want this rule out quickly''--we are working on it--and, ``Once you get it out, 6 months later you'd better start inspecting,'' and we will. Senator McCaskill. I know you keep referring to the 9/11 law, but I think it's important that you realize that this law, in fact, was a 2003 law. It's not the 9/11 law. It's been on the books now for 4 years, and the requirements are long past due. This is not something that we just passed--and the draft rule has been sitting around for a couple of years. So, I hope you work on that. Let me move to airport screening. I've talked about, a major issue, which are these foreign repair stations. This is kind of a minor issue, but it's like I said in another hearing. The face of our criminal justice system is our municipal courts--people who get traffic tickets, even though our criminal justice system is a labyrinth of people all over the country at various levels doing a myriad of important activities to keep our citizens safe. Our face of homeland security is airport screening. That's where most Americans are getting a sense as to whether or not what we're doing makes sense, and whether or not we are comprehensive and proactive in our security measures, rather than reactive and inconsistent. And I think that many of the things that have occurred--and I understand that they couldn't be helped, but the changing of what you can take on and what you can't take on--the example that Senator Stevens talked about, about the shrapnel, the knees, the hips, all of the things, appear to be, sometimes, nonsensical. And the one that more people have mentioned to me than anything else, and perhaps it's because I'm a woman, is mascara. Mascara does not have a different consistency than lipstick. You can smear either one. Lipstick's OK, mascara isn't. And the reason I think women have mentioned this to me is that--every other makeup product you can get, you can get in a powder form or lipstick, you can get it in a tube form, which is OK. Mascara is the only one that doesn't come in a powder form, which means, if someone wants to avoid having to check a bag, they have to put mascara in the little bag, which means it's not in their purse. If they're on the airplane, they don't want to carry the mascara along with the shampoo in their purse. And no one can explain to me why mascara is different than lipstick. I haven't gotten a good explanation. So, I figured I'd ask the boss. Mr. Hawley. OK. If you can--if you dump it out on the table, and it retains its form, it's OK. If you dump it out on the table, and it kind of goes like that, then it needs to be in the 3-ounce container, put in your baggie. And what quite a lot of people do every day is put whatever it is they want into that baggie, they--and carry it on, and have access to it during the flight. So, it's actually, I think, a pretty convenient way of bring it on. Senator McCaskill. I don't think you've talked to enough women. Mr. Hawley. No, I--well, we've--we do. We have a lot of work to make these things comfortable for people. The fact of the matter is, it's not nonsensical, and there are people trying to blow up aircraft using liquid explosives. And this is the way that we worked with the National Laboratories, the FBI, a lot of testing to determine what is a safe way to allow men and women to bring whatever they want onto the aircraft. What do you do for people who need medicines? What do you do for infants? What do you do for breast milk? All of those things, we've addressed and figured out a way that accommodates the security need, which is a very real threat, I can assure you, and also the passenger customer-service needs so they can travel without necessarily checking a bag. Senator McCaskill. Well, I quarrel with the notion that you can dump mascara out on a table. And I hope the next time we have a hearing, that you are as righteously indignant about foreign repair stations and terrorists potentially working under the hood of airplanes as you are about the mascara. Thank you, Mr. Hawley. Senator Stevens. Senator Lott? Senator Rockefeller. Oh, I'm sorry, he hasn't spoken---- Senator Lott. Please go ahead. Senator Stevens. Go ahead. He hasn't had a first round. That's why I called him. Go ahead. Senator Rockefeller. I defer to Mississippi. Senator Lott. No, please go ahead. Senator Rockefeller. OK. All right. I want to go back to this cargo thing--you said 50 percent will be screened within 18 months, and virtually all of it, within 3 years. I don't believe that. And you can tell me that it's in your plans. I think you are both faced with a fundamental problem that anybody who works for any administration faces. You don't have enough money, you are constrained in what you can say, your testimony this morning was not written by you, free and clear, it was vetted by the Office of Management and Budget; therefore, it has to agree exactly with what the Bush Administration thinks. The Bush Administration puts homeland security as a side issue, relative to some wars that we may be fighting. And I just don't think you can get it done. You've got a whole list of things that you've got to do--you've got to submit a strategic plan to Congress, timelines, testing, you've got a great many things you have to do before you start to spread this out to the big airports, much less the small ones. And if it isn't all of them, since I consider Ames, Iowa, just as vulnerable as I do New York City. I do. You may not, but I do. I don't see any way that you can get it done, and I don't see what's wrong with your telling us that--frankly, you don't think you can, and what you really need is a whole lot more money and a whole lot more emphasis and a whole lot more pushing from the Administration. Mr. Hawley. That, sir---- Senator Rockefeller. You could get fired, but, you'd be telling the truth. Mr. Hawley. Well, I can tell you the--a year ago, I would not have thought that we could do 100 percent screening in 3 years, et cetera. Now I do. And the reason I do is because--and I said, at the beginning, this committee worked with us to go through the provisions of the law that it--was enacted--that is a doable deal, and it is something that we could explain over a period of time--and I could give you a briefing--and it would show you--and it is a layered and shared responsibility that involves the inspection, the screening of a variety of methods, and then securing the supply chain along the way, so that each step along the way there's some screening that will get to the same commensurate level with passenger--or checked-baggage screening by the time it gets to the airport. And it's a very well-developed program, and a lot of it we've taken from our European partners, specifically the U.K. So, this one--I mean, there's--you're right, there are 117, 120 taskings in this law for TSA, and we take them all seriously. This one, I personally was involved in the language and understanding what could be done, because I understand how tough it is. And we originally had had veto, as you may recall, on this provision, as it was earlier in the process, but this was not the subject of a veto threat because--and I give this committee tremendous credit, really, for sitting down and working through the thorny details of how we actually will do it. So, I've--this one, I believe-- regardless of what anybody else says, this one I personally was involved in, and I believe we are going to meet that. Senator Rockefeller. OK. Thank you. STATEMENT OF HON. TRENT LOTT, U.S. SENATOR FROM MISSISSIPPI Senator Lott. Mr. Chairman, if I could, just--I have a couple of questions here. [The prepared statement of Senator Lott follows:] Prepared Statement of Hon. Trent Lott, U.S. Senator from Mississippi I am pleased that the Commerce Committee is having this hearing to get an update from the Transportation Security Administration (TSA) on it's implementation schedule of the recently enacted 9/11 bill. I would like to thank both of our distinguished witnesses for being here today. I think the work that Mr. Hawley has done at the TSA so far is commendable. In the past I have stressed that TSA needs to take a common sense approach to security and I think he has done that so far. One area that I believe that the Department of Homeland Security and TSA need to really focus on is the use of technology to improve the screening process. There are many promising technologies that exist, the challenge is to test and deploy them expeditiously. I am afraid that in many cases this is just taking too long. Our screeners deserve to have the best tool possible to do their jobs. Terrorists are constantly changing their methods and tactics, we need to adjust as well. I encourage TSA to continue to look for practical and innovative ways to address security concerns that face our transportation systems. Thank you, Mr. Chairman and I look forward to hearing from our witnesses. Senator Lott. Mr. Hawley, the GAO testimony points out that, while TSA has developed the so-called backscatter technology, ``limited progress has been made in fielding this technology at passenger screening checkpoints.'' And, as you know, I've long been an advocate of using innovative technology to screen passengers and baggage to move the process along and to also be more thorough. I understand that the testing has indicated the technology is very effective at detecting explosives and weapons that might be concealed on a person. Is that correct? And why are you still experiencing delays fielding the backscatter technology? Mr. Hawley. The backscatter technology is, as you know, tested in prototype, and we are satisfied with its work. We're going to continue to work with it. But it is--it's meeting expectation, and I expect that we will continue the deployment. We've talked about adding additional cities after Phoenix. I also should point out that we've--we are deploying a significant amount of new technology at the passenger checkpoint for carry-on bags, which is a very significant deployment of technology---- Senator Lott. And you are doing that in pilot areas, aren't you? Mr. Hawley. Well, on the checkpoint technology for the passenger bags, we've already done the pilot, and we've put out a buy to get about 250 of the machines right away. Senator Lott. All right, sir. So, you're still planning on trying to go forward with fielding this technology---- Mr. Hawley. Yes, sir. Senator Lott.--correct? Uh-huh. One of the problems, I suspect, is that TSA doesn't have direct control over research and development, but they still have to deploy it. The research and development is done by DHS. You've got one agency doing the research and development, you've got another agency that is charged with deploying it. It seems to me like that's the typical Federal Government bureaucratic process. Ms. Berrick. We are actually looking at that, as it relates specifically to checkpoint technologies. And, as you mentioned, Department of Homeland Security, their Science and Technology Office, has a role. They manage all research and development. And TSA is a major customer of that. What we found was, although DHS Science and Technology manages research for all of the components, all of the components are involved in the requirements for those programs, so there'll be working groups where TSA would be a part of it and could identify to DHS what their requirements are. We did see some break-downs, though, in communication and coordination. There's a Memorandum of Understanding between DHS and TSA on how they're going to work together with technologies. And there have been complaints from both sides that that hasn't been fully implemented. So, we're exploring this further as a part of our work, but--we have found that there have been some breakdowns in communication, but we are seeing that TSA is definitely very much a part of that process and are communicating with S&T in what their requirements are. Senator Lott. I wish you would pursue that, because, again, it appears to me that things are better at these airport terminals. I still see things that, you know, defy common sense, and I still wonder why it takes so long to employ new technology or new processes. For instance, Mr. Hawley, the Registered Traveler plan, that was delayed and delayed and delayed and delayed. I guess it's been implemented. Is it being utilized very much? What's happening with that? Mr. Hawley. It's out there, and we've got seven operations where passengers are going through. And we've got---- Senator Lott. ``Seven operations,'' you mean seven---- Mr. Hawley. Airports. Senator Lott.--airports? Mr. Hawley. Yes. And about 48,000 people have signed up. And so, it is up. It is not running at full speed, I don't think. I certainly wouldn't say that, and I don't think---- Senator Lott. What does it cost a registered traveler to go through this process and get whatever it is he or she gets? Mr. Hawley. It's about $100, and I think either $28 or $31 of that is--goes to the background checking that we do. And the promise for Registered Traveler is to get beyond the ``cut to the front of the line'' privilege, which is what it is now. And that's the part that I see as exciting and promising, is additional security deployed will help and be able to speed up the processing for those people, and other identification things that will smooth their way through the airport. We do have a shoe scanner that one of the providers put out there, on their own money, which was terrific, and we're continuing to work with them to get it to the point where we can use it so the people can keep their shoes on. Senator Lott. That would be very nice. Mr. Hawley. Yup. [Laughter.] Senator Lott. Thank you very much. Mr. Hawley. Yes, sir. Senator Stevens. I'm going to put the statement I would have made, had I been here at the beginning, in the record after Senator Dorgan's comments. I do urge that we find a way to deal with some of these issues that the Members have spoken about, because we still have some legislation that's got to go by--across the floor, and I would like not to get so many amendments to that, these appropriations bills dealing with this subject. So, I'd like to find a chance where we might visit with you, Mr. Hawley, and the Chairman, before those bills come to the floor. Thank you very much, Ms. Berrick. This concludes this hearing. Thank you very much. [Whereupon, at 11:31 a.m., the hearing was adjourned.] A P P E N D I X Aeronautical Repair Station Association Alexandria, VA, October 26, 2007 Hon. Daniel Inouye, Chairman, Senate Committee on Commerce, Science, and Transportation, Washington, DC. Hon. Ted Stevens, Vice Chairman, Senate Committee on Commerce, Science, and Transportation, Washington, DC. Re: Submission to Record for October 16, 2007 Hearing on Oversight of the Transportation Security Administration (TSA) Dear Chairman Inouye and Vice-Chairman Stevens: We are writing to address issues raised about the use of foreign repair stations at the October 16, 2007 hearing on oversight of TSA. In particular, it is important that the leadership of the subcommittee understand the following about foreign repair station security: Foreign repair stations are an essential component of the global aviation system. Without them there would be no international travel. Security standards do exist for repair stations based on their location. Such standards come from existing TSA regulations and the International Civil Aviation Organization (ICAO). Pushing TSA to quickly produce rules mandating additional security requirements will reallocate limited oversight resources from areas where the threat is greatest. Given the broad scope of the aviation maintenance industry, adequate time is needed to review any rules proposed by TSA, and mandates for new repair station security rules by August 2008 are unrealistic given TSA's current resources. While ARSA understands the concern of the Committee that government inaction may be putting the public at risk, we wish to underscore the fact that there are both safety and security regulations already in place. It is in the best interests of the industry to maintain high standards in both of these areas. Foreign repair stations are an essential component of the international aviation system. Without them there would be no international travel. The Chicago Convention of 1944 and ICAO standards require that the State of Registry (i.e., the country in which an aircraft is registered) oversee the maintenance performed on that aircraft and related components, regardless of where the work is performed.\1\ Consequently, a U.S. registered aircraft requiring maintenance while outside of the U.S. must have that work performed by an FAA- certificated maintenance provider. Similarly, when an aircraft of foreign registry requires maintenance while in the U.S., only a repair station certificated or validated by the relevant National Aviation Authority (NAA) may perform the work. For example, only a European Aviation Safety Agency (EASA)-certificated repair station may perform maintenance on an aircraft of French registry within the U.S. --------------------------------------------------------------------------- \1\ See, ICAO Annex 8, Airworthiness, 4.2.1(b). --------------------------------------------------------------------------- Prohibiting or otherwise limiting the use of repair stations overseas would make international travel impossible, since aircraft need some level of work performed when they land at their destination. Furthermore, foreign authorities may choose to take retaliatory action against U.S. counterparts for any restrictions put in place. Indeed, it seems such action is possible. In a letter dated October 22, 2007 from Mark Wilson, Chairman of the EASA Advisory Board, Congress's proposals regarding the requirement for additional inspections of foreign repair stations and proposed drug and alcohol testing were examined. Chairman Wilson stated, ``Adoption of such legislative text would bring to an end any possibility to finalise a balanced, reciprocal EU-US Bilateral Aviation Safety Agreement (BASA) and association Maintenance Implementing Procedures (MIPs) . . .'' Given this warning, it is necessary for Congress to closely examine the effect its proposals will have not just on the traveling public, but on the global aviation community. Security standards do exist for repair stations based on their location. Such standards come from the FAA, existing TSA regulations, and ICAO. Domestically, many repair stations located on an airport are required to have their personnel undergo criminal background checks under TSA regulations if they require unescorted access to the designated airport security identification display area (SIDA). Therefore, a repair station employee that performs line maintenance for an air carrier would have the same 10-year criminal background check requirement as an airline mechanic. Many repair stations voluntarily implement additional security procedures since the quality and safety of their work directly affects their business. However, many U.S. repair stations are located miles away from airports and perform specialized work on component parts that have been removed from the airplane and sent to them for repair. These facilities are usually small businesses; thus, imposing undue security burdens on them would jeopardize an entire sector of highly-specialized workers. Our members understand the need for safety and security, since their livelihood depends upon it, and we ask that Congress recognize the difference in repair facilities, remembering that our industry shares their same goal: maintaining a high level of safety and security. Internationally, each country must implement the types of security procedures to be followed just as they must do in the safety area. These are based on ICAO standards contained in Annex 17 and thus are very similar to TSA regulations. They include, but are not limited to: A national civil aviation security program with continuous threat monitoring and mandatory quality control procedures; Airport security programs for each airport serving international carriers; Air operator security programs; Background checks for persons implementing security control measures and persons with unescorted access to restricted security areas; and Periodic ICAO security audits. The professionals at the TSA, ICAO and other countries' security oversight organizations have concluded that resources should be focused where the threat is greatest. Therefore, FAA foreign repair stations working on components and located miles away from an airport are not required to implement background checks for their employees. However, if they perform line maintenance at an international airport or otherwise require access to the ramp area, foreign repair station employees would be subject to similar security requirements to their FAA counterparts, including background checks. Neither domestic nor international security requirements are based on whether a person works for an airline or a repair station; they are dependent on the degree of access the individual has to an aircraft. Further, mandating additional security requirements where none are truly needed will reallocate limited oversight resources from areas where the threat is greater. This could have the unintended consequence of reducing the level of security for the traveling public. Pushing TSA to quickly produce rules mandating additional security requirements will reallocate limited oversight resources from areas where the threat is greater. The testimony given by Assistant Secretary Kip Hawley mentioned several of the initiatives TSA is working on to increase safety, from highways and rail, to aviation and cargo shipments. Threats exist throughout all modes of transportation, and TSA must be allowed the opportunity to prioritize its resources to those areas where the threat is greatest. During the October 16 hearing, Assistant Secretary Hawley testified that the TSA currently is committed to focusing its resources on ``high priority items'' facing national security interests. Given the broad scope of the aviation maintenance industry, adequate time is needed to review any rules proposed by TSA, and Congressional mandates for new repair station security rules by August 2008 are unrealistic given TSA's current resources. Congress's recently passed mandate in section 1616 of H.R. 1 (Public Law 110-53) severely limits the ability of TSA to conduct an adequate rulemaking. While ARSA understands Congress's concern over the delay, as stated above, TSA must be allowed to prioritize its resources and personnel to address the areas with the greatest need. As Secretary Hawley stated in his written testimony, ``. . . many of the rulemaking requirements mandated in the 9/ 11 Act do not adequately recognize the obligations that TSA must give the many stakeholders affected by proposed regulations and the general public . . . These requirements are time consuming but are time well spent to assure that our regulations achieve their objective in a way that is transparent to stakeholders and the public and does not adversely affect travel and commerce.'' Furthermore, punishing industry for government inaction sets a very dangerous precedent. The penalties in section 1616 hurt repair stations and companies who are doing their best to comply with existing law, and which do not have the ability or influence to force TSA to promulgate these new rules. Congress may not have considered the fact that restrictions such as those in section 1616 may adversely affect the trade balance between the U.S. and other countries, specifically the EU. There are only 698 FAA-certificated repair stations outside the U.S.; yet there are approximately 1,200 EASA-certificated repair stations and numerous other NAA-certificated repair stations in the U.S. Conclusion Although ARSA has testified before on this subject, we felt it was important to underscore the safety and economic necessity of foreign repair stations. With the topic of maintenance overseas gaining more and more visibility with the press, it is important to emphasize the facts, and not allow legislation or news coverage to be based on fear. Furthermore, as the possibility of retaliation by foreign civil aviation authorities looms, now is the time for the Senate to look carefully at the effect it is having on the international aviation community. Should you have any questions or require additional information, do not hesitate to contact me. Regards, Marshall S. Filler, Managing Director and General Counsel. ______ Response to Written Questions Submitted by Hon. Daniel K. Inouye to Hon. Edmund S. ``Kip'' Hawley Question 1. Can you provide greater detail regarding the efforts the TSA is taking to comply with the new requirements in the 9/11 Commission Recommendations Law, that specifies that 50 percent of cargo on commercial passenger aircraft must be screened in 18 months and 100 percent screening be achieved within 3 years? How does the new system compare with current international efforts to screen cargo transported on commercial passenger flights? Answer. The Transportation Security Administration's (TSA) approach to air cargo security is comprised of multiple programs, which form a layered security approach to include vetting, screening, and risk-based targeting of air cargo to guard against potential attack. To comply with the air cargo screening requirements of the Implementing Recommendations of the 9/11 Commission Act of 2007, TSA plans to build upon established programs and is in the process of developing a Certified Cargo Screener Program. Together, enhancements to existing air cargo screening requirements and the planned Certified Cargo Screener Program will satisfy the requirement that 100 percent of air cargo transported on passenger aircraft is screened to provide a level of security commensurate with the level of security for the screening of passenger checked baggage. The Certified Cargo Screener Program is an entirely new program that TSA is developing whereby indirect air carriers, third party logistics entities, and shippers will perform cargo screening functions and implement secure supply chain security practices. The Certified Cargo Screener Program will be a robust combination of stringent security standards at the facility and personnel level. It will require Certified Screeners to implement secure standard operating procedures and utilize chain of custody measures that will establish and maintain the security of cargo as it moves throughout the supply chain. All Certified Screeners will be subject to TSA inspection to ensure that they are complying with all applicable program requirements. TSA's existing security programs concentrate the responsibility for screening cargo to aircraft operators and foreign air carriers, utilizing TSA-approved physical and technological screening methods. The Certified Cargo Screener Program will similarly require entities that are validated and certified to screen air cargo to use TSA- approved physical and technological screening methods. However, a greater level of screening can be achieved because screening will be allocated across the air cargo supply chain. By spreading the responsibility for screening air cargo to entities other than aircraft operators and air carriers, TSA will be able to meet the legislative mandate that 100 percent of air cargo transported on passenger aircraft be screened to provide a level of security commensurate with the level of security for the screening of passenger checked baggage. TSA has examined and leveraged the United Kingdom's and Ireland's Known Consignor Programs to provide a solid framework for TSA's planned Certified Cargo Screener Program. These programs require certification of the entity's supply chain security practices and require the entity to implement secure standard operating procedures as well as utilize chain of custody measures that will establish and maintain the security of cargo as it moves throughout the supply chain. Question 2. What efforts does the TSA have underway to develop ``in-line'' explosive detection systems (EDS) systems at airports that requested support through the agency's Letter of Intent (LOI) process? How long does the TSA expect it will take to deploy in-line EDS systems at the airports that require them? Answer. The Transportation Security Administration (TSA) welcomes the opportunity to make use of the resources provided in the Implementing Recommendations of the 9/11 Commission Act of 2007 to continue its efforts to expand the number of airports with in-line checked baggage screening solutions at those airports where such a system is determined to be the optimal solution. The Implementing Recommendations of the 9/11 Commission Act of 2007 requires TSA to allocate $250 million each Fiscal Year (2008 through 2028) to support airport improvement projects to fulfill Letters of Intent for in-line baggage screening systems. Of the total amount, $50 million is to be allocated to projects at small hub and non-hub airports. In February 2006, TSA published an Electronic Baggage Screening Program (EBSP) Strategic Framework for identifying airports that would benefit from in-line systems, and within that framework we have an airport prioritization model (APM) to prioritize airports for Federal funding of these checked baggage screening systems. Pursuant to the Intelligence Reform and Terrorism Prevention Act of 2004, in February 2007, DHS turned to the Aviation Security Advisory Committee (ASAC) to sponsor a Baggage Screening Investment Study (BSIS). The ASAC, comprised of industry stakeholders, outlined a number of financing and cost sharing options that could be considered for funding in-line systems. TSA is evaluating each of these options, and others, to identify the most efficient and cost effective methods for deploying these resources to the highest priority airports. Because the aviation industry is dynamic and changes to operations are sometimes unpredictable, a spend plan is developed each fiscal year designating the projects that will be funded using appropriated funds for the purchase and installation of checked baggage explosives detection systems (EDS). TSA also determines where it is appropriate to reimburse airports for eligible costs associated with in-line systems that the airports have already built without Federal funding. TSA continues to work with its industry partners and the Administration to effect the most economical and effective process available to support construction of these types of systems. Question 3. When do you expect the TSA to begin testing and implementing the Secure Flight program? What do you believe to be the agency's biggest challenges in implementing the Secure Flight program? Answer. The following key milestones for the program are based on the President's Fiscal Year (FY) 2008 budget request, but are subject to change based on the impact of the Continuing Resolution (CR) and final FY 2008 funding: Benchmark testing with volunteer aircraft operators-- December 2007 Parallel testing begins--Third Quarter FY 2008 Domestic cutovers begin--Second Quarter FY 2009 Funding is the biggest challenge for Secure Flight implementation. In FY 2007, the program expended $31 million, but the rate used to calculate the CR is based on the FY 2007 enacted level of $15 million. This rate leaves the Secure Flight program significantly short of funding for the duration of the CR. If the CR extends into calendar year 2008, TSA will be forced to take steps that would result in significant delays to the Secure Flight program. Furthermore, funding for the FY 2008 budget at less than the President's requested level will delay development and deployment of Secure Flight. The progress the Secure Flight program has made in the last year is substantial with strong forward momentum. The future of this important aviation security program and 9/11 Commission recommendation is in jeopardy unless the current funding is resolved. Stakeholder understanding and commitment are also important to the success of the Secure Flight program. It is a highly visible program including diverse stakeholder groups such as the travel industry, passengers, Congress, airlines, and privacy advocacy groups. TSA will continue to reach out to stakeholders to engage them in the program and to obtain input. Question 4. What actions has DHS taken to establish standards and guidelines for developing and implementing the vulnerability assessments and security plans for railroad carriers and over-the-road bus operators? Answer. Freight Railroad After September 11, 2001, the freight railroad industry developed and implemented their own corporate security plans. In an ongoing effort to ensure a robust level of security planning, the Transportation Security Administration (TSA) in 2007 conducted Corporate Security Reviews on all seven of the Class I carriers. These reviews include an assessment of a carrier's plan, its implementation, and if necessary, TSA recommendations for improvement. TSA's Corporate Security Review (CSR) program is one layer of freight rail security that TSA will use to inform its regulatory efforts. TSA has begun developing the vulnerability assessment and security plan regulations for freight railroad carriers required under section 1512 of the Implementing Recommendations of the 9/11 Commission Act of 2007. TSA will draw on existing Department of Homeland Security (DHS) and private industry knowledge of security planning including the U.S. Coast Guard and infrastructure protection security plan regulations and the Association of American Railroads industry plan in developing its Notice of Proposed Rulemaking (NPRM) required under the Act. Mass Transit TSA has begun developing the concepts that will produce the required regulation of security plans for mass transit and passenger rail systems. We anticipate the conduct of vulnerability assessments will be a component of the required plans. Consultation with the mass transit and passenger rail community--including representatives of systems, law enforcement and security forces, and employee organizations--as well as public safety officials will facilitate the development of requirements that meet the statutory requirements and reflect operational realities. Mass transit and passenger rail systems operating in the Nation's sizable metropolitan areas are among the most thoroughly assessed of all transportation modes. Since 9/11, they have undergone security assessments by the Federal Transit Administration (FTA), the former Office of Grants and Training at DHS (for grant funding eligibility), the American Public Transportation Association, private sector security consultants (funded by DHS grants), and now under the Baseline Assessment for Security Enhancement (BASE) program conducted by TSA Surface Transportation Security Inspectors (STSIs). Through the BASE program, TSA assesses a transit system's security posture on the 17 Security and Emergency Management Action Items. The Actions Items cover a range of areas that are foundational to an effective security program, including security program management and accountability, security and emergency response training, drills and exercises, public awareness, protective measures for Homeland Security Advisory System (HSAS) threat levels, physical security, personnel security, and information sharing and security. Particular emphasis is placed on posture in the six Transit Security Fundamentals (protection of underground/underwater infrastructure; protection of other high consequence systems and assets; random, unpredictable deterrence; training; exercises; and public awareness). This program is dynamic, with regular reviews to ensure assessment tools continue to reflect security realities and priorities. TSA completed BASE reviews of 45 of the largest 50 mass transit and passenger rail agencies, plus 8 others ranked in the 51-100 range in size, with the goal of completing the largest 100 by the end of Fiscal Year (FY) 2008. Simultaneous with the BASE reviews, TSA engaged each of the top 50 agencies directly during January-February 2007 to complete self-assessments on their posture in the Transit Security Fundamentals. All 50 agencies completed these self-assessments, showing remarkable candor in their review of their respective agencies' posture. TSA development and implementation of focused security programs and initiatives and resource allocations, notably Transit Security Grant Program funds, for security enhancement has directly resulted from these reviews. Specific examples include the streamlined security training initiative, authorization of grant funding for deployment of dedicated anti-terrorism teams, and cooperative agreements on risk- based priorities and targeted mitigation projects through the Regional Transit Security Working Groups. Highway and Motor Carrier Many of TSA's surface transportation modal divisions have conducted threat, criticality and vulnerability assessments for two to 3 years under the CSR process. The process places modal security specialists in stakeholder sites for a thorough overview and analysis of the stakeholder's security preparedness plans and points of vulnerability. Despite the fact that most surface modes have not yet been subjected to TSA regulatory requirements for comprehensive security plans, the Agency has made significant progress in identifying security gaps and in recommending appropriate mitigation tools from industry best practices, technology and newly-developed policy guidance. The process is especially valuable when it is combined with DHS's intelligence offices and linked to timely and credible threat information. TSA is expanding its CSR system now with the use of DHS field personnel and on-site law enforcement agencies to reach the massive stakeholder community. TSA is also partnering with the motorcoach industry and is developing a set of security action items (SAI) that when implemented will provide critical gap closures within the industry. These SAIs are being vetted through the industry and other partners. Question 5. What progress has TSA made in implementing its surface transportation inspection program? Answer. Substantial progress has been made in implementing the TSA Surface Transportation Security Inspections Program (STSIP) since its inception in 2005. The surface inspectors develop and implement programs and initiatives to improve regional collaboration and coordination to ensure security resources are applied in the most effective manner. For optimal effectiveness, leadership of the STSIP at Transportation Security Administration (TSA) headquarters and regional levels work in concert with the Office of Security Operations (OSO) Federal Security Directors, the Federal Air Marshal Service (FAMS), and the staffs of Transportation Security Network Management (TSNM)-Mass Transit and TSNM-Freight Rail. National priorities set by TSNM lead to customized security products that are developed in coordination with the STSIP and drive the activities of inspectors on the national level. The Transportation Security Inspectors (TSIs)-Surface act as fact finders and Ambassadors for TSA's security policies and programs in the field. The success of this integrated OSO-TSNM approach through the STSIP is demonstrated in the achievements made since the STSIP began operations in earnest in the fall of 2005. Highlights include: TSA has advanced a regional engagement strategy for mass transit security by networking with transit systems in metropolitan areas to: (1) expand visible, random, and unpredictable security activities; (2) facilitate the delivery of security training programs to broader audiences of transit system employees; and (3) make security tools available for use in systems; In a coordinated effort involving the Federal Transit Administration (FTA) and the Federal Railroad Administration (FRA), TSA developed several comprehensive security assessment and review programs to determine and elevate the security baseline in passenger rail and mass transit. These programs include the Security Analysis and Action Program (SAAP), Security Directive Reviews (SDR), and the more recent Baseline Assessment for Security Enhancement (BASE) program; TSA has completed assessments under the SDR or SAAP programs of multiple rail/transit properties; TSA has conducted BASE assessments of 54 transit agencies nationwide, including 45 of the largest 50 transit systems; STSIP Inspectors have conducted more than 1,000 Transit Station Profiles and 40 rail and mass transit Operations Center Profiles nationwide. These profiles provide valuable critical infrastructure data and give the Department of Homeland Security (DHS) and TSA an accurate picture of security countermeasures that are in place, the location of the transportation asset, and accurate contact information on each asset; In a coordinated effort with the FTA, TSA has engaged with the State Safety Oversight Agencies (SSOA) to support the conduct of on-site security assessments and audits required for heavy rail (i.e., subway) systems under 49 CFR Part 659. The initial effort took place in the Bay Area Rapid Transit (BART) system. The program is expanding dramatically, due in large part to the coordinated Federal effort and engagement with the SSOAs through their biannual conferences; TSA has partnered with the FTA, the DHS Offices of Grants and Training and Science and Technology, the American Public Transportation Association (APTA), and the mass transit industry to develop voluntary security standards and recommended practices for both mass transit rail and bus transportation; The STSIP participates in the interagency Mass Transit Security Information Sharing Network, a forum comprised of subject matter experts from the Department of Transportation, DHS, TSA, and FTA to streamline Federal information gathering and exchange to support timely decision-making and information products in threat situations, incident response, and normal operations. TSIs-Surface channel and receive information through this process in response to incidents in transit systems in their areas of responsibility as well as during international events and regular drills and exercises; TSA has developed a voluntary inspection program of the Nation's freight railroads using the Toxic Inhalation Hazmat (TIH) Freight Rail Security Action Items to elevate the level of security in freight rail yards, storage facilities, and rights of way. To date, STSIs have completed over 1,600 field inspections and interviewed more than 3,000 front-line railroad employees in 46 high-threat urban areas. Although TSA has issued a Notice of Proposed Rule Making for rail and passenger rail, there does not yet exist a regulatory regime for the STSIP. At this stage of its development, the STSIP performs voluntary assessments only and is primarily in a supportive and facilitative role with the mass transit, passenger rail, and freight rail communities. Close alignment of the STSIs with TSA strategies ensures an integrated approach that has demonstrated success in advancing security programs in surface transportation. Priority taskings for the STSIP align with national risk-based strategies as described below: Security Action Item TIH reviews in freight rail through November 2008. BASE reviews of mass transit systems through the completion of the Top 100 systems. Security Analysis and Action Program vulnerability and risk assessments in freight and passenger rail environments with special emphasis on high threat urban areas and major passenger rail infrastructure. Building a nationwide rail and mass transit infrastructure profile database. Supporting Visible Intermodal Protection and Response (VIPR) teams, which consist of varying force packages of Federal Air Marshals, TSIs, Transportation Security Officers, behavior detection officers, TSA explosives detection canine teams, and supporting equipment, that work with local security and law enforcement officials to supplement existing security resources, provide deterrent presence and detection capabilities, and introduce an element of unpredictability to disrupt potential terrorist planning activities. In addition to these primary responsibilities, TSIs-Surface are actively involved in a variety of other functions critical to TSA's surface transportation security efforts. These include: Security Incident Response--TSIs are responsible for responding on scene to a significant surface transportation security incident or natural disaster in order to ensure the timely and accurate communication of information to TSA headquarters and the Freedom Center and effective liaison with passenger rail and rail and bus transit systems. Heightened Threat Deployments--TSIs staff stakeholder transportation operations centers or emergency operations centers, as directed, during periods of heightened threat in order to provide timely information from the local level to TSA headquarters and the Freedom Center and ensure effective liaison with passenger rail and rail and bus transit systems. Additionally, TSIs support other TSA operations during specific threats (for example, providing support to TSA airport operations during an aviation-specific threat). Special Event Support--TSIs provide additional operational and subject matter expertise to multiagency task forces during National Special Security Events (NSSE) or other high threat events. Stakeholder Outreach--TSIs establish and maintain partnerships among public and private transportation stakeholders in order to enhance information sharing capabilities, best practice development, and coordinated response planning. Transportation Security Grant Program (TSGP)--TSIs participate as subject matter experts to review grant applications under the DHS TSGP. TSIs regularly collaborate with other government and private industry stakeholders on large scale assessments that cross jurisdictions and/or have regional implications. TSIs coordinate their activities, when appropriate, with the FRA pursuant to the TSA/FRA Memorandum of Understanding (MOU) (September 2006), which outlines roles and responsibilities of inspectors as well as inspection coordination requirements. Additionally, there are MOUs between TSA and the FTA and TSA and the Pipeline and Hazardous Materials Safety Administration that govern coordination of mass transit security and hazardous materials transportation security issues, respectively. TSIs accompany FRA safety inspectors on their compliance reviews under 49 CFR Part 239 (emergency preparedness plans and programs for passenger/commuter rail). TSIs coordinate with other agencies during response to significant security or other incidents that impact surface transportation. TSIs regularly participate on regional security roundtables and working groups that include Federal, State, and local governments, as well as industry representatives. TSIs collaborate with the SSOAs that have a specific responsibility for security oversight of rail fixed guideway systems under 49 CFR Part 659. TSIs regularly participate in local emergency response drills and exercises. TSIs participate on TSA VIPR teams, which consist of varying force packages of Federal Air Marshals, TSIs, Transportation Security Officers, Behavior Detection Officers, TSA explosives detection canine teams, and supporting equipment, that work with local security and law enforcement officials to supplement existing security resources, provide deterrent presence and detection capabilities, and introduce an element of unpredictability to disrupt potential terrorist planning activities. TSIs participate on National Transit Security Roundtables, which are twice yearly forums that bring together the security chiefs and directors from the top 50 transit agencies (by passenger volume) in a working seminar to develop effective solutions to security challenges. TSIs participate in PortSTEP exercises, which are intergovernmental, multi-jurisdictional regional exercises executed through the Area Maritime Security committees. TSIs represent TSA in the joint initiative of the American Public Transportation Association Standards Development Committee and Federal security partners (TSA, FTA, and DHS Standards Executive and the Federal Emergency Management Agency) to develop operational and technology security standards. Question 6. The 9/11 Commission Recommendations Law requires significant levels of cooperation and coordination between the TSA and the DOT in order to enhance security while improving efficiency and the use of Department resources. Can you describe the efforts that your agency is taking to strengthen your relationship with DOT? Are you getting the cooperation you need from Transportation Secretary Mary Peters? Answer. The Department of Homeland Security (DHS), the Transportation Security Administration (TSA), and the Department of Transportation (DOT) have an ongoing, active, and cooperative relationship concerning security matters. Each mode maintains a Government Coordinating Council that includes representatives from DHS, TSA, DOT, and other appropriate Federal agencies. The tasks from the Implementing the Recommendations of the 9/11 Commission Act of 2007 are discussed and, as appropriate, are collaboratively addressed through these councils. In addition, DHS, TSA, and DOT jointly evaluated the requirements of the Act, agreed to the designations of lead agencies, and identified points of contact. DHS, TSA and DOT are also cooperating through other existing committees, councils, and working groups to coordinate research and development, cyber security, and threat assessments, HAZMAT regulations, transportation system recovery planning, and aviation security operations and planning. Question 7. Your testimony suggests that since the budget allocations and homeland security appropriations bill were considered prior to enactment of the 9/11 Commission Recommendations Law, appropriations equal to the funding authorized by it are unlikely. Given that these programs and funding levels were provided based on the recommendations of the 9/11 Commission, will the President be requesting additional funding in FY 2008 either through a Supplemental Appropriations request, or a budget amendment? Answer. The President has submitted an Amendment to the Fiscal Year (FY) 2008 Budget Request to address critical security gaps identified in the FY 2007 National Intelligence Estimate. While the Amendment was not specifically formulated to address the Implementing Recommendations of the 9/11 Commission Act of 2007 requirements, it does contain funding for two of the mission-critical items identified by the Act. The FY 2008 Budget Amendment proposes $20 million in funding for 10 additional Visible Intermodal Protection and Response teams which will provide protection in multiple modes of transportation as well as $10 million to support 92 additional K-9 teams for multi-modal coverage (46 teams through Cooperative agreements and 46 TSA-led teams). Question 8. The Department of Homeland Security Appropriations Act of 2006 consolidated all of the funding for the Department's research and development functions within the Science and Technology Directorate (S&T). In August 2006, you signed a Memorandum of Understanding (MOU) with S&T which shifted the Transportation Security Laboratory (TSL) from TSA to S&T. Do you think this consolidation has weakened the TSL's core mission and made the process for certifying EDS for the TSA more inefficient? Please explain why or why not. Answer. Shifting the Transportation Security Laboratory (TSL) from the Transportation Security Administration (TSA) to the Science and Technology Directorate (S&T) has not weakened TSL's core mission. As a customer of the S&T Directorate, TSA's work remains the number one priority of TSL. The S&T Directorate is working closely with TSA to ensure that the S&T Directorate is meeting TSA's priorities and requirements. TSL has accomplished priority certifications and qualifications of equipment for TSA, including work with EDS, in a timely fashion. Question 9. To what extend has the DHS, the TSA and the TSL considered the qualification and certification of EDS for use in modes of transportation other than aviation? Answer. The Transportation Security Administration (TSA) is responsible for certifying and qualifying technology across all modes of transportation. The Science and Technology (S&T) Directorate and TSL support TSA and other customers in developing solutions that can fill their technology gaps. These technology gaps are identified in a collaborative process where TSA works with S&T and TSL on a continuing and reoccurring basis. Question 10. On Wednesday, October 3, 2007, you announced that Honolulu, Hawaii, would begin to enroll seaport personnel for TWIC in mid-November. That time has arrived and no one with the TSA nor with the contractor Lockheed Martin can provide the most basic operational information such as how many trusted agents are hired and trained to enroll workers; how many fixed and mobile enrollment stations will be deployed; or what the enrollment facilities' hours of operation will be. How confident are you that this enrollment process will be implemented efficiently, successfully, and on time? Answer. The enrollment center in Honolulu opened on November 7, 2007. Lockheed Martin provided Port stakeholders with advance notice of the plans for when pre-enrollment and enrollment activities were to begin. There are 4 trusted agents staffed at the Honolulu enrollment center, with two fixed and one mobile enrollment station. The hours of operation are Monday through Friday from 8 a.m. to 5 p.m. However, Lockheed is currently evaluating changing these hours to 7:30 a.m. to 4:30 p.m. in order to better accommodate the workforce. Question 11. When can we expect to see the deployment schedule for the TWIC program at the other 134 enrollment locations? Answer. On October 31, 2007, the Transportation Security Administration (TSA) released a general schedule for all 147 enrollment locations. TSA and the U.S. Coast Guard expanded the original list of 134 to 147 based on stakeholder input. This listing provides monthly or quarterly deployment time-frames. The list is available to the public on TSA's website at www.tsa.gov/twic. As the start of the enrollment period for each grouping of ports nears, TSA will post a specific enrollment start date in the Federal Register. To date, TSA has announced the start of enrollment for 22 locations in the Federal Register. Question 12. How does an employer go about arranging for a trusted agent to enroll employees at its facility? Answer. If an employer is interested in arranging for a mobile enrollment center, they should contact the Lockheed Martin Operations Manager, Stacy Bonnah-DeMoss at 703310-9157 or the Field Coordinator to discuss arrangements at the requestor's facility. ______ Response to Written Question Submitted by Hon. Ted Stevens to Hon. Edmund S. ``Kip'' Hawley Question. The recently enacted 9/11 Commission recommendations legislation (Pub. L. 110-53) provides significant resources and an expanded Letter of Intent program to expedite the installation of in- line electronic screening systems for the enhanced screening of checked baggage at our Nation's airports. The Committee was clear on its intent that TSA and the Administration should fully utilize the 20 year horizon for LOIs. However, the Committee is concerned by rumblings that the Administration may be pursuing a limited short-term view of the program, which would have detrimental effects on the ability of airports to obtain requisite funding from the financial bond markets. Is it TSA's intention to issue multi-year Letters of Intent to airports for in-line projects? Can TSA assure the Committee that the Department will issue multi-year LOIs for in-line systems in FY 2008, in accordance with the law? Answer. The Transportation Security Administration (TSA) welcomes the opportunity to make use of the resources provided for in the 9/11 Commission recommendations legislation to continue its efforts to expand the number of airports with in-line checked baggage screening solutions, at those airports where such a system is determined to be the optimal solution. TSA will continue to work with its industry partners and the Administration throughout Fiscal Year 2008 to affect the most economical and effective process available to support construction of these types of systems. ______ Response to Written Questions Submitted by Hon. Frank R. Lautenberg to Hon. Edmund S. ``Kip'' Hawley Question 1. When will TSA begin enrolling workers at the Port of New York and New Jersey in the TWIC program? What about the Port of Philadelphia/Camden? Answer. Enrollments at the Port of New York and New Jersey are currently targeted to begin the week of December 17, 2007. There will be a total of 3 sites. The other two will open within a month of the opening of the first site. Enrollment at the Port of Philadelphia/ Camden is currently targeted to begin the week of December 10, 2007. A second site is targeted for mid-2008. Plans are being finalized for these locations and notifications to port stakeholders will begin shortly. Question 2. Do you believe our Nation's rail and vehicle bridges and tunnels are sufficiently protected against terrorist attack? Has the Department completed a security assessment of the Nation's rail and vehicle bridges and tunnels? Answer. The Transportation Security Administration (TSA) considers mitigation of risk to underwater transit tunnels as a strategic priority. Protecting this infrastructure requires an integrated approach aligning Federal capabilities with mass transit and passenger rail systems that operate in this infrastructure. To harness Federal expertise and advance coordinated effort, TSA convened an interagency Tunnel Risk Mitigation Working Group in 2006. This interagency effort brings together Subject Matter Experts from a range of relevant fields among Department of Homeland Security and Department of Transportation organizational elements to identify, assess, and prioritize the risk to mass transit and passenger rail systems with underwater tunnels in the United States. This effort also assists transit agencies in planning and implementing protective measures to deter and prevent attacks as well as blast mitigation and emergency response strategies in the event of a terrorist attack and/or all hazards incident or event. Through regular meetings, this working group has developed mitigation strategies, engaged stakeholders, analyzed and applied the results of risk assessments, prepared statements of work for testing and modeling programs, and integrated the overall risk mitigation effort for a cohesive, coordinated, and effective approach. The initiative has: Identified and assessed risk to all 29 underwater tunnels in the nation; Prioritized tunnel risk mitigation based on risk to drive grant funding to most pressing areas; Developed strategies for funding future technology research and development aimed at producing novel approaches to this challenging problem; and Produced and disseminated recommended protective measures transit agencies may implement to enhance security with available resources or through targeted grant funding. These recommended measures derive from the experience gained in Federal security assessments and the ongoing work to identify and prioritize tunnels and develop a strategic plan to mitigate risk. The interagency group is working closely with the transit industry to ensure the implementation of protective measures to mitigate risk in transit tunnels. TSA security assessments of passenger rail and mass transit agencies with tunnel infrastructure include review of protective measures implemented to mitigate risk. To advance this concerted effort, the Transit Security Grant Program has made projects to protect high risk underwater and underground assets and systems a top funding priority. Question 3. A report on the security of bridges and tunnels in the New York/New Jersey region was due last March. When will you submit this report to Congress? Answer. A classified report, as required by the Department of Homeland Security Appropriations Act, 2007, was delivered to the Chairman and Ranking Members of the Senate Committee on Commerce, Science, and Transportation, the House Committee on Transportation and Infrastructure, and the House and Senate Committees on Appropriations on October 22, 2007. Question 4. Do you know how much funding will be required to better secure our Nation's highest-priority bridges and tunnels, especially high-priority rail tunnels? Answer. The Transportation Security Administration (TSA) recognizes, through the assessments it has conducted, that there are operational and structural aspects to improving bridge and tunnel security and that each bridge and tunnel requires varying approaches to achieve the desired level of security. TSA, State and regional authorities, and the owners and operators of the highest priority bridges and tunnels have focused their efforts primarily on operational security solutions that include: establishment of an interagency Tunnel Risk Mitigation Working Group, assessment of vulnerabilities of the Nation's 29 underwater transit tunnels, development of security recommendations and guidelines, assessment of risk mitigation measures employed through the Baseline Assessment for Security Enhancement Program inspections conducted by TSA Surface Transportation Security Inspectors, deployments of Visible Intermodal Protection and Response Teams, and increased security awareness campaigns. As an example, one of the most symbolic of America's highway bridges has been spending approximately $6 million annually just on security. They have invested in intruder detection technology and personnel to monitor those devices, perimeter fencing, structural hardening, and both full- and part-time emergency response staff as well as oversight contracts with local law enforcement units. While improvements in technology may help displace personnel costs in the future, the security needs of just the Nation's most critical bridges and tunnels will involve significant costs for many years to come. The Transit Security Grant Program funds many operational initiatives. In Fiscal Year (FY) 2006, $136 million was awarded under the TSGP. About one-third of that amount was awarded for operational security improvements in the Nation's most critical tunnels. The FY 2007 awards have not been finalized. Structural security improvements require a substantially greater investment. Efforts are underway to determine the requirements for security improvements, and ultimately the costs of those improvements, at some of the Nation's highest priority underwater tunnels. Structural options under consideration include the replacement of antiquated structures or hardening existing structures to improve their resilience to attack. The costs of these initiatives are roughly estimated to be between $100 million to $500 million per structure for hardening and up to several billion dollars per structure for replacement. Question 5. When will TSA comply with Section 125 of the SAFE Port Act of 2006 concerning threat assessments of port truck drivers? Answer. The Transportation Security Administration (TSA) anticipates completion of the threat assessments for port truck drivers by summer 2008. Collection of driver information from all state motor vehicle licensing agencies is underway at this time. There is substantial variation in the technological capabilities of the states, leading some to respond to TSA's request earlier than others. Also, as the Transportation Worker Identification Credential is deployed across the country we will enroll these drivers and they will go through a much more thorough check than the name-based check, and it will be done perpetually. Question 6. Will the President request sufficient levels of security funding for Amtrak's capital and operating needs in the Department of Homeland Security's 2009 budget? Do you anticipate that Amtrak will be required to use funding from sources other than DHS grants for these functions? Answer: The Department of Homeland Security has been working in conjunction with the Department of Transportation and the National Railroad Passenger Corporation to identify and address security needs for Amtrak. Historically, Federal grant assistance has been provided to Amtrak through FEMA's Grant Programs Directorate both for capital and operating needs. DHS believes that sufficient levels of security funding for Amtrak's capital and operating needs will be included in the President's Fiscal Year 2009 Budget Request, and does not anticipate additional funding requirements from sources other than DHS grants. Question 7. Since the inception of the agency, how many TSA employees have notified the Office of Special Counsel of agency abuse, fraud, or waste pursuant to whistleblower complaint procedures and are still employed by the TSA? How many complainants are no longer employed by the TSA? Answer. The Office of Special Counsel (OSC) does not provide the Transportation Security Administration (TSA) with the names of all complainants or the number of employees who have filed complaints pursuant to the whistleblower complaint procedures. OSC only notifies TSA when OSC determines that it is appropriate for a complaint to proceed to mediation or a full investigation. Throughout Fiscal Years 2006 and 2007, there were 14 active complaints in OSC's investigative process. Two of these are still open investigations and one has been settled. The remaining 11 have all been closed by OSC with no further action taken. Three of these 14 individuals are currently TSA employees (one has one of the open investigations, two had cases closed with no further action). Question 8. What is TSA doing to improve its ability to check passenger carry-on bags for explosives? Answer. To drive improvement in the screening system nationwide, the Transportation Security Administration (TSA) has made covert assessments very difficult for our screening workforce, and we frequently use high-level vulnerability testing to identify best practices in explosives detection. We believe that covert testing is a powerful tool to identify vulnerabilities in the system, and we are building a culture of heightened awareness of threat items at every airport in the country. A key to building this culture is the implementation of covert drills involving simulated improvised explosive devices (IEDs) for the screening workforce. As part of this effort, TSA deployed 5,800 bomb test kits to the field and provided intensive onsite training to every Transportation Security Officer (ISO). IED recognition is at the forefront of our training objectives, and we have incorporated emerging threats such as liquid explosives. Today, TSA conducts 2,500 IED recognition drills a day, and we are currently conducting a study to identify an optimal level and frequency of drills. Further, TSA recognized that a more systematic, nationwide framework to assess the effectiveness of the screening process and identify areas to focus our resources in training and technology was needed. Therefore, TSA instituted a comprehensive program to measure screening performance called the Aviation Screening Assessment Program (ASAP). ASAP is aggressively focused on improving recognition of IEDs, and TSA has performed thousands of covert assessments at airports across the country in just 6 months. Through ASAP, we are assessing our performance every day in every aspect of the screening process. Findings from ASAP are reported directly to TSA leadership, and we will use these performance metrics to make strategic decisions within the screening environment, from the type of equipment TSA purchases to the type of training TSA delivers to our TSOs. In addition, TSOs undergo extensive individual training using the Threat Image Projection (TIP) system, which displays fictional threat items within x-ray images of actual passenger bags in order to evaluate the ISO's ability to detect threat items. TSO responses are recorded and downloaded monthly for analysis and reporting. TIP is a multifunctional system that extends well beyond an evaluation tool. It provides screeners with real-time experience in detecting threats and resolving alarms in passenger baggage. It is an immediate feedback and reinforcement system that increases screener accuracy. At a higher level, TIP data shows performance trends by airport and nationally and these trends help TSA identify national training needs. The result of all of these performance assessment efforts is that our TSOs are the most tested workforce in the country. TSOs are tested every day, on every shift, at every checkpoint in the United States, and we believe that this intensive activity will drive the improvements we all desire in our explosives detection capabilities. To support our IED training initiatives, the Bomb Appraisal Officer (BAO) Program has been instituted at our Nation's airports. BAOs spend a substantial amount of their time providing IED training to TSOs. Their expertise proves invaluable when conducting this training. This program is still in the deployment phase, having grown from an initial class of 13 to more than 100 BAOs currently in the field. As of October 2007, BAOs have conducted over 12,500 hours of training to approximately 40,000 TSOs. In addition to the training and testing of TSOs, we are working hard to deploy new explosives detection technology, including backscatter and millimeter wave imaging, automated explosives detection systems, and other technologies that will play an important role in TSA's layered security approach. The deployment of advanced technology will be guided by a 5-year strategic plan that has two core goals: (1) improving explosives detection capabilities, and (2) developing the capacity to detect hostile intent before and during the screening process. Examples of this technology include: Whole Body Imagers. We are field testing whole body imagers, such as the backscatter and millimeter wave technologies, to quickly and safely screen passengers for prohibited items without the need for physical contact. Field testing is underway at Phoenix, and test sites will be expanded to two other major airports in early 2008. Bottled Liquids Scanners. After recently completing field testing at six major airports, we have purchased and are deploying over 200 bottled liquids scanning devices at checkpoints, and are now using a hand-held liquids scanner for non-checkpoint screening locations. Hand-Held Explosives Scanners. In the 3rd quarter of the 2007 Fiscal Year, we purchased 23 hand-held explosives scanners to supplement the over 50 devices now in use. These devices are mobile and can be used for explosives detection at non- checkpoint locations. Advanced Technology (AT) X-ray. We have recently completed field testing of AT X-ray equipment for carry-on baggage at four airports. This technology will provide TSOs with enhanced capability to identify and detect threats through improved imagery and analysis tools. We will begin deploying these systems in 2008. Checkpoint Automated Carry-On Explosives Detection Systems (Auto-EDS). We are field testing Auto-EDS for inspecting carry- on items at four additional airports, and we have plans to test these systems' capabilities to inspect both carry-on and checked baggage at smaller airports. Auto-EDS supports enhanced threat detection through computed tomography X-ray, 3D imagery and automated explosives and weapons detection. A limited quantity of these systems is expected to be deployed in 2008. Cast and Prosthesis Scanner. After completing field testing at three airports, we have purchased cast and prosthesis scanners to provide a safe, dignified, and non-invasive way to identify potential threats and clear passengers wearing casts, braces, and prosthetic devices. Deployment activities for these units are expected to begin in 2008. We will continue to explore additional technologies to maintain our evolving ability to detect prohibited items at checkpoints. An initiative critical to the second core goal is Screening of Passengers by Observation Techniques (SPOT), a program initiated to develop strong behavior observation skills in our TSOs. TSA must not make the mistake of focusing so intently on the property individuals carry through checkpoints that we miss indicators that an individual could be engaged in criminal and/or terrorist activity. SPOT systematically identifies high-risk passengers exhibiting significant levels of stress, fear, and deception associated with criminal intent, allowing our officers to either refer the passenger for enhanced screening or to law enforcement. Because behavioral screening has a strong record of effectiveness in the prevention of criminal and terrorist activity, TSA has significantly increased the number of airports with SPOT to now cover over 75 percent of the traveling public. To date, TSA Behavior Detection Officers have made passenger referrals resulting in 391 arrests. The program will be expanded to 155 airports in 2008. A third initiative strengthening security at our checkpoints is the Optimization Program. Through this effort, TSA sends optimization teams to airports to observe their checkpoints in action and find ways to improve how they operate. The teams are made up of experts in screening procedures, staffing models, equipment and checkpoint design, and passenger flow, and they improve security by reducing passenger delays and frustration and eliminating structural problems that are obstacles to an effective screening process. Recommendations from the optimization team are presented to the airport's Federal Security Director, and every recommendation is tracked at TSA headquarters to ensure that airports are provided the assistance they need to be successful. ______ Response to Written Questions Submitted by Hon. Trent Lott to Hon. Edmund S. ``Kip'' Hawley Question 1. The GAO's testimony points out that while TSA has developed backscatter technology, ``limited progress has been made in fielding this technology at passenger screening checkpoints.'' As you know, I have long been an advocate of using innovative technology to screen passengers and baggage. My understating is that testing has indicated that this technology is very effective at detecting explosives and weapons that might be concealed on a person, is this correct? Why have there been delays in fielding backscatter technology? Answer. The Transportation Security Administration (TSA) is currently conducting a field operational pilot of whole body imaging technology; which includes both backscatter and millimeter wave technology. While laboratory testing has validated detection capabilities of whole body imaging technology, it is crucial to also evaluate technology on its operational effectiveness and efficiency prior to procuring technology for full deployment. Additionally, TSA, in consultation with the DHS Privacy Office, continues to work closely with the vendors in the development of privacy protection algorithms that will not diminish the effectiveness of the technology. TSA is currently conducting the pilot of backscatter and millimeter wave technologies at Phoenix Sky Harbor International Airport and is expanding it to Los Angeles International Airport and John F. Kennedy International Airport in New York. A pilot using only millimeter wave technology is planned for the Miami International Airport. TSA anticipates completing the operational pilots by the end of the third quarter in Fiscal Year 2008 and will make procurement and deployment decisions based on the results of the pilot. Question 2. The 9/11 bill requires that TSA develop a strategic plan for deploying explosive detection equipment at airport checkpoints. What is the status of this plan? Answer. The report to Congress required by the Implementing Recommendations of the 9/11 Commission Act of 2007, entitled ``Aviation Security Report--Development of a Passenger Checkpoint Strategic Plan,'' dated September 2007, was delivered to Congress, including the Senate Committee on Commerce, Science, and Transportation, on October 4, 2007.