oversight

Transportation Security: Post-September 11th Initiatives and Long-Term Challenges

Published by the Government Accountability Office on 2003-04-01.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                             United States General Accounting Office

GAO                          Testimony
                             Before the National Commission on
                             Terrorist Attacks Upon the United States


For Release on Delivery
Expected at 10:30 a.m. EST
in New York, New York
Tuesday, April 1, 2003
                             TRANSPORTATION
                             SECURITY
                             Post-September 11th
                             Initiatives and Long-Term
                             Challenges
                             Statement of Gerald L. Dillingham
                             Director, Physical Infrastructure Issues




GAO-03-616T
This is a work of the U.S. government and is not subject to copyright protection in the
United States. It may be reproduced and distributed in its entirety without further
permission from GAO. However, because this work may contain copyrighted images or
other material, permission from the copyright holder may be necessary if you wish to
reproduce this material separately.
                                               March 31, 2003


                                               TRANSPORTATION SECURITY

                                               Post-September 11th Initiatives and
Highlights of GAO-03-616T, a testimony
before the National Commission on              Long-Term Challenges
Terrorist Attacks Upon the United States




This testimony responds to the                 Before September 2001, GAO’s work in transportation security focused
request of the National                        largely on aviation security, which was then the responsibility of the Federal
Commission on Terrorist Attacks                Aviation Administration, within the Department of Transportation. This
Upon the United States for                     work often demonstrated the existence of significant, long-standing
information on GAO’s work in                   vulnerabilities in aviation security. Among these vulnerabilities were airport
transportation security. It
addresses (1) transportation
                                               screeners’ inadequate detection of threats when screening passengers and
security before September 2001; (2)            their carry-on bags prior to their boarding aircraft; the absence of any
what the federal government has                requirement to screen checked baggage on domestic flights; inadequate
done since September 11th to                   controls for limiting access to secure areas at airports; and inadequate
strengthen transportation security,            security for air traffic control computer systems and facilities.
particularly aviation, mass transit,
and port security; and (3) what                Since September 2001, securing the nation’s transportation systems from
long-term institutional challenges             terrorist attacks has assumed great urgency. The Congress and the
face the federal agencies                      administration have reorganized the federal agencies responsible for
responsible for transportation                 transportation security, transferring them to the new Department of
security. The testimony is based               Homeland Security, and the agencies are attempting to enhance security
on a body of work that GAO has
performed over the years.
                                               without unduly inhibiting the movement of goods and people. The
                                               Transportation Security Administration, which was created in November
                                               2001 and has assumed overall responsibility for transportation security, has
                                               made considerable progress in addressing aviation security challenges. By
                                               the end of December 2002, the agency had hired and deployed a workforce
                                               of over 60,000, including passenger and baggage screeners and federal air
                                               marshals, and was screening about 90 percent of all checked baggage for
                                               explosives. In addition, local mass transit agencies have assessed
                                               vulnerabilities, increased training for emergency preparedness, and
This testimony does not contain
recommendations. However, GAO                  conducted emergency drills. The Coast Guard has also performed initial risk
reports and testimonies on                     assessments of ports, established new security guidelines, and initiated a
aviation, transit, and port security           comprehensive assessment of security conditions at 55 U.S. ports. The
and on management issues are                   Customs Service and the Immigration and Naturalization Service have
listed at the end of the statement.            actions under way to strengthen port security. Nevertheless, air cargo
Many of these reports and                      shipments, general aviation airports, and mass transit systems remain
testimonies contain GAO                        vulnerable to attack, and an effective port security environment may be
recommendations.                               many years away.

                                               The Departments of Transportation and Homeland Security face long-term
                                               transportation security challenges that include (1) developing a
                                               comprehensive transportation risk management approach; (2) ensuring that
                                               transportation security funding needs are identified and prioritized and that
                                               costs are controlled; (3) establishing effective coordination among the many
                                               public and private entities responsible for transportation security; (4)
                                               ensuring adequate workforce competence and staffing levels; and (5)
                                               implementing security standards for transportation facilities, workers, and
www.gao.gov/cgi-bin/getrpt?GAO-03-616T
                                               security equipment. We have issued reports and made recommendations
To view the full report, including the scope   that address many of these challenges, and in response some actions are
and methodology, click on the link above.      under way.
For more information, contact Gerald L.
Dillingham, Ph.D., at (202) 512-2834 or
dillinghamg@gao.gov.
Mr. Chairman and Members of the Commission:1

We are here today to discuss our public work on transportation security.
As you know, the General Accounting Office is the audit, evaluation, and
investigative arm of the Congress. Our mission is to support the Congress
in meeting its constitutional responsibilities and to help improve the
performance and accountability of the federal government for the
American people. We examine the use of public funds; evaluate federal
programs and policies; and provide analyses, recommendations, and other
assistance to help the Congress make informed oversight, policy, and
funding decisions. Our commitment to good government is reflected in our
core values of accountability, integrity, and reliability. We wish to thank
the Commission for inviting us today to share our knowledge of
transportation security issues, and we look forward to continuing to work
with you.

Since September 11, 2001, securing our nation’s transportation system
from terrorist attacks has assumed great urgency. On November 19, 2001,
the Congress enacted the Aviation and Transportation Security Act, which
created the Transportation Security Administration (TSA) within the
Department of Transportation (DOT) and defined its primary
responsibility as ensuring security in all modes of transportation. DOT
then worked to strengthen security through its modal administrations
while simultaneously organizing the new agency to meet the longer-term
challenge of implementing security improvements that will not excessively
inhibit commerce and travel or interfere with other critical agency
missions. With the passage of the Homeland Security Act on November 25,
2002, TSA was transferred to the new Department of Homeland Security,
which assumed overall responsibility for transportation security.

My testimony today addresses (1) transportation security before
September 2001; (2) what the federal government has done since
September 11th to strengthen transportation security, particularly
aviation, mass transit, and port security; and (3) the long-term institutional
challenges that face the federal agencies responsible for transportation
security.



1
 The National Commission on Terrorist Attacks Upon the United States is an independent,
bipartisan commission created by Public Law 107-306 to investigate the circumstances
surrounding the events of September 11, 2001, and make recommendations for corrective
measures that can be taken to prevent acts of terrorism.



Page 1                                                                    GAO-03-616T
In summary:

Before September 2001, our work in transportation security focused
largely on aviation security, which was then the responsibility of DOT’s
Federal Aviation Administration (FAA). Together with other studies, our
work often demonstrated the existence of significant, long-standing
vulnerabilities in aviation security. These vulnerabilities included failure to
detect threats when screening passengers and their carry-on bags prior to
their boarding aircraft and the absence of any requirement to screen
checked baggage on domestic flights; inadequate controls for limiting
access to secure areas at airports; and failure to secure air traffic control
computer systems and facilities.

Since September 2001, securing our nation’s transportation system from
terrorist attacks has assumed great urgency. The Congress and the
administration have reorganized the federal agencies responsible for
transportation security, transferring them to the new Department of
Homeland Security, and the agencies are attempting to enhance security
without unduly inhibiting the movement of goods and people. TSA has
made considerable progress in addressing aviation security challenges. By
the end of December 2002, the agency had hired and deployed a workforce
of over 60,000, including passenger and baggage screeners and federal air
marshals, and was screening about 90 percent of all checked baggage for
explosives. In addition, local mass transit agencies have assessed
vulnerabilities, increased training for emergency preparedness, and
conducted emergency drills. The Coast Guard has also performed initial
risk assessments of ports, established new security guidelines, and
initiated a comprehensive assessment of security conditions at 55 U.S.
ports, and the Customs Service and the Immigration and Naturalization
Service have actions under way to strengthen port security. Nevertheless,
air cargo shipments, general aviation airports, and mass transit systems
remain vulnerable to attack, and an effective port security environment
may be many years away.

DOT and the Department of Homeland Security face long-term
transportation security challenges that include (1) developing a
comprehensive risk-management approach; (2) ensuring that
transportation security funding needs are identified and prioritized and
that costs are controlled; (3) establishing effective coordination among the
many public and private entities responsible for transportation security;
(4) ensuring adequate workforce competence and staffing levels; and (5)
implementing security standards for transportation facilities, workers, and



Page 2                                                            GAO-03-616T
                       security equipment. We have issued reports and made recommendations
                       that address many of these challenges, and some actions are under way.


                       Our work on transportation security prior to September 2001 primarily
Some Vulnerabilities   addressed vulnerabilities in aviation security. These included ineffective
in Transportation      screening of passengers and baggage for threat objects and explosives,
                       inadequate controls for limiting access to secure areas at airports, and
Security Were Known    inadequate security for air traffic control computer systems and facilities.
before September       Mass transit agencies were taking actions to enhance security, and
                       concerns about port security were raised.
2001
                       Before September 2001, screeners, who were then hired by the airlines,
                       often failed to detect threat objects located on passengers or in their carry-
                       on luggage. As we reported in June 2000, tests of screeners conducted in
                       1987 revealed that screeners missed 20 percent of the potentially
                       dangerous objects that FAA used in its tests, and test data from 1991
                       through 1999 showed a declining trend in the rate of detection.2 At that
                       time, FAA characterized this level of performance as unsatisfactory. The
                       more recent results showed that as testing got more realistic—that is, as
                       tests more closely approximated how a terrorist might attempt to
                       penetrate a checkpoint—screeners’ performance declined significantly. A
                       principal cause of screeners’ performance problems was rapid turnover
                       and insufficient training. Turnover exceeded over 100 percent a year at
                       most large airports, leaving few skilled and experienced screeners,
                       primarily because of low wages, limited benefits, and repetitive,
                       monotonous work.

                       Before September 2001, controls for limiting access to secure areas of
                       airports, including aircraft, did not always work as intended. As we
                       reported in May 2000, our special agents used fictitious law enforcement
                       badges and credentials to gain access to secure areas, bypass security
                       checkpoints at two airports, and walk unescorted to aircraft departure
                       gates.3 The agents, who had been issued tickets and boarding passes, could
                       have carried weapons, explosives, or other dangerous objects onto
                       aircraft. DOT’s Inspector General also documented numerous problems


                       2
                       U.S. General Accounting Office, Aviation Security: Long-Standing Problems Impair
                       Airport Screeners’ Performance, GAO/RCED-00-74 (Washington, D.C.: June 28, 2000).
                       3
                       U.S. General Accounting Office, Security: Breaches at Federal Agencies and Airports,
                       GAO/OSI-0010 (Washington, D.C.: May 25, 2000).



                       Page 3                                                                    GAO-03-616T
with airport access controls, and in one series of tests, nearly 7 out of
every 10 attempts by the Inspector General’s staff to gain access to secure
areas were successful.

Before September 2001, our reviews of FAA’s oversight of air traffic
control computer systems showed that FAA had not ensured the security
of these systems or of the facilities that house them.4 Our reviews also
found that FAA had not ensured that the contractors who had access to
the air traffic control computer systems had undergone background
checks. The air traffic control computer systems provide information to
air traffic controllers and aircraft flight crews to help ensure the safe and
expeditious movement of aircraft. Failure to protect these systems and
their facilities could cause a nationwide disruption of air traffic or even a
loss of life because of collisions. Because of the vulnerabilities we
identified, the air traffic control system was susceptible to intrusion and
malicious attacks.

Over the years, we made numerous recommendations to FAA to improve
screeners’ performance, strengthen airport access controls, and better
protect air traffic control computer systems and facilities. As of September
2001, FAA had implemented some of these recommendations and was
addressing others, but its progress was often slow. In addition, many
initiatives were not linked to specific deadlines, making it difficult to
monitor and oversee their implementation.

Before September 2001, many transit agencies were implementing
measures to enhance transit safety and security, such as revising
emergency plans and training employees in emergency preparedness.
According to transit agency officials, the 1995 sarin gas attack on the
Tokyo subway system and experiences during natural disasters had served
as catalysts for the agencies to focus on safety and security. The officials
said that the terrorist attacks on September 11th elevated the importance
of security.


4
 Aviation Security: Weak Computer Security Practices Jeopardize Flight Safety,
GAO/AIMD-98-155 (Washington, D.C.: May 18, 1998); Computer Security: FAA Needs to
Improve Controls over Use of Foreign Nationals to Remediate and Review Software,
GAO/AIMD-00-55 (Washington, D.C.: Dec. 23, 1999); Computer Security: FAA Is
Addressing Personnel Weaknesses, but Further Action Is Required, GAO/AIMD-00-169
(Washington, D.C.: May 31, 2000); FAA Computer Security: Concerns Remain Due to
Personnel and Other Continuing Weaknesses, GAO/AIMD-00-252 (Washington, D.C.: Aug.
16, 2000); and FAA Computer Security: Recommendations to Address Continuing
Weaknesses, GAO-01-171 (Washington, D.C.: Dec. 6, 2000).



Page 4                                                                GAO-03-616T
                        Concerns about the security of the nation’s ports were recognized even
                        before the September 11th attacks. Ports are inherently vulnerable to
                        terrorist attacks and make desirable targets because of their size,
                        accessibility by water and land, location in metropolitan areas, volume of
                        material transported, and ready transportation links to interior locations.
                        Moreover, a terrorist act at one of these seaports could result in extensive
                        loss of lives, property, and business, and could impact the nation’s
                        economy if the free flow of trade is disrupted. In August 2000, the
                        Interagency Commission on Crime and Security in U.S. Seaports estimated
                        that the costs to upgrade the security infrastructure at the nation’s 361
                        ports ranged from $10 million to $50 million per port.


                        Since September 2001, federal and local agencies have been trying to
Since September         assess and address the monumental challenges they face in attempting to
2001, Federal           strengthen the security of the nation’s transportation systems. As we
                        testified on September 20, 2001, the enormous size of the U.S. airspace
Agencies Have Put       alone defies easy protection, and no form of travel can ever be made
People, Policies, and   totally secure. Providing aviation security means protecting hundreds of
                        airports, thousands of planes, and tens of thousands of daily flights.
Procedures in Place     Providing transit and port security also poses daunting challenges. For
to Strengthen           example, about 6,000 agencies provide transit services through buses,
Transportation          subways, ferries, and light rail service to about 14 million Americans each
                        weekday, and millions of containers are imported into the United States
Security                through more than 300 public and private U.S. seaports, with more than
                        3,700 cargo and passenger terminals.

                        The federal government’s role in transportation security has been evolving
                        since September 2001. TSA was created in November 2001 by the Aviation
                        and Transportation Security Act and has assumed overall responsibility for
                        transportation security. Although the agency has thus far focused
                        primarily on aviation, it is responsible under the act for the security of all
                        modes of transportation, which also include mass transit, maritime, rail,
                        highway, and pipelines. TSA is in the early stages of working with the
                        other transportation modes. We highlight some of the progress that has
                        been made in aviation, mass transit, and port security.


Aviation Security       Following the September 11th attacks, DOT faced several urgent aviation
                        security challenges, such as meeting newly established screening
                        deadlines and addressing security gaps that we and others, including
                        DOT’s Inspector General, had identified. In November 2001, TSA assumed
                        responsibility under the Aviation and Transportation Security Act for

                        Page 5                                                           GAO-03-616T
screening passengers and property. (See fig. 1.) The act required it to hire
and deploy federal passenger screeners by November 19, 2002, and to
screen all checked baggage using explosives detection systems by
December 31, 2002.5 In addition, FAA established a requirement for
installing reinforced cockpit doors in aircraft.




5
 The Homeland Security Act of 2002 amends this requirement. According to the legislation,
if, in his discretion or at the request of an airport, the Under Secretary of Transportation for
Security determines that TSA is not able to deploy the explosives detection systems
required in the Aviation and Transportation Security Act by December 31, 2002, then for
each airport for which the Under Secretary makes this determination, the Under Secretary
shall submit to specific congressional committees a detailed plan for the deployment of the
number of explosives detection systems at that airport necessary to meet the requirements
as soon as practicable at that airport but no later than December 31, 2003; the Under
Secretary shall take all necessary action to ensure that alternative means of screening all
checked baggage are implemented until the requirements have been met.



Page 6                                                                           GAO-03-616T
    Figure 1: Passengers Being Screened at a Security Checkpoint




    TSA has made considerable progress in addressing aviation security
    challenges. For example, according to TSA, it

•   met the November 2002 deadline by hiring and deploying over 40,000
    passenger screeners to screen passengers at 429 commercial airports;
•   hired and deployed more than 20,000 of an estimated 22,000 baggage
    screeners as of mid-December 2002 to screen all checked baggage;
•   has been using explosives detection systems or explosives trace detection
    equipment to screen about 90 percent of all checked baggage as of
    December 31, 2002;6



    6
     Explosives detection machines are used to screen baggage for explosives and work by
    using CAT scan X-ray to take fundamental measurements of materials in bags to recognize
    characteristic signatures of threat explosives. Explosives trace detection systems (trace
    detection machines) are used to screen baggage for explosives, and work by detecting
    vapors and residues of explosives.



    Page 7                                                                      GAO-03-616T
•   has been using alternative means such as canine teams, hand searches,
    and passenger-bag matching to screen the remaining checked baggage;
    and
•   has made substantial progress in expanding the Federal Air Marshal
    Service.

    Furthermore, according to an FAA official, as of March 21, 2003, FAA had
    approved designs for reinforcing the cockpit doors of over 98 percent of
    the commercial fleet’s 5,750 aircraft, 80 percent of the doors had been
    installed, and kits had been ordered for the remaining doors. As of mid-
    December 2002, however, TSA still had to complete the installation of
    most of the explosives detection equipment needed to screen baggage to
    meet the act’s baggage-screening requirements. At that time, according to
    TSA, it had installed 239 of the 1,100 explosives detection machines and
    1,951 of the 6,000 trace detection machines that it had estimated were
    needed.

    Although TSA has focused much effort and funding on ensuring that
    bombs and other threat items are not carried onto planes by passengers or
    in their luggage, vulnerabilities exist in securing the cargo carried aboard
    commercial passenger and all-cargo aircraft. The Aviation and
    Transportation Security Act requires that all cargo carried aboard
    commercial passenger aircraft be screened and that TSA have a system in
    place as soon as practicable to screen, inspect, or otherwise ensure the
    security of cargo on all-cargo aircraft. The “known shipper” program—
    which allows shippers that have established business histories with air
    carriers or freight forwarders7 to ship cargo on planes—is TSA’s primary
    approach to ensuring air cargo security and safety and to complying with
    the cargo-screening requirement of the act. However, we and DOT’s
    Inspector General have identified weaknesses in the known shipper
    program and in TSA’s procedures for approving freight forwarders.8

    Since September 2001, TSA has taken a number of actions to enhance
    cargo security, such as implementing a database of known shippers in
    October 2002. The database is the first phase in developing a cargo-
    profiling system similar to the computer-assisted passenger prescreening



    7
     Freight forwarders consolidate shipments and deliver them to air carriers and cargo
    facilities of passenger and all-cargo air carriers.
    8
     U.S. General Accounting Office, Aviation Security: Vulnerabilities and Potential
    Improvements for the Air Cargo System, GAO-03-344 (Washington, D.C.: Dec. 20, 2002).



    Page 8                                                                      GAO-03-616T
system. However, in December 2002, we reported that additional
operational and technological measures, such as checking the identity of
individuals making cargo deliveries, have the potential to improve air
cargo security in the near term.9 We further reported that TSA lacks a
comprehensive plan with long-term goals and performance targets for
cargo security, time frames for completing security improvements, and
risk-based criteria for prioritizing actions to achieve those goals.10
Accordingly, we recommended that TSA develop a comprehensive plan for
air cargo security that incorporates a risk management approach, includes
a list of security priorities, and sets deadlines for completing actions. TSA
agreed with this recommendation.

Since September 2001, TSA has taken only a few actions related to general
aviation security, leaving it far more open and potentially vulnerable than
commercial aviation. General aviation includes more than 200,000
privately owned airplanes, which are located in every state at more than
19,000 airports. Over 550 of these airports also provide commercial
service. General aviation’s vulnerability was revealed in January 2002,
when a Florida teenager (and flight student) crashed a single-engine
Cessna airplane into a Tampa skyscraper. FAA has since issued a notice
with voluntary guidance for flight schools that suggests such measures as
using different keys to gain access to an aircraft and start the ignition, not
giving students access to aircraft keys, ensuring positive identification of
flight students, and reporting suspicious activities. However, because the
guidance is voluntary, it is unknown how many flight schools have
implemented these measures.

Since September 2001, FAA has continued to strengthen the security of the
nation’s air traffic control computer systems and facilities in response to
39 recommendations we made between May 1998 and December 2000.
However, more must be done to ensure that critical information systems
are not at risk of intrusion and attack. Among its accomplishments, FAA
has established an information systems security management structure
under its Chief Information Officer, whose office has developed an
information systems security strategy, security architecture (that is,
overall blueprint), security policies and directives, and a security
awareness training campaign. This office has also managed FAA’s incident
response center and implemented a certification and accreditation process


9
GAO-03-344.
10
    GAO-03-344.



Page 9                                                            GAO-03-616T
               to ensure that vulnerabilities in current and future air traffic control
               systems are identified and weaknesses addressed. Nevertheless, the office
               faces continued challenges in increasing its intrusion detection
               capabilities, obtaining accreditation for systems that are already
               operational, and managing information systems security throughout the
               agency. In addition, according to senior security officials, FAA has
               completed assessments of the physical security of its staffed facilities, but
               it has not yet accredited all of these air traffic control facilities as secure in
               compliance with agency policy. Finally, FAA has worked aggressively over
               the past 2 years to complete background investigations on numerous
               contractor employees. However, ensuring that all new contractors are
               assessed to determine which employees require background checks, and
               that those checks are completed in a timely manner, will be a continuing
               challenge for the agency.


Mass Transit   Transit agencies face significant challenges in making their systems
               secure, in part because certain characteristics that make them vulnerable
               also make them difficult to secure. For example, the high ridership of
               some transit agencies makes them attractive targets for terrorists but also
               makes the use of certain security measures, like metal detectors,
               impractical. Despite such challenges, transit agencies have taken a number
               of steps to improve the security of their systems. In December 2002, after
               visiting 10 transit agencies and surveying 200, we reported that these
               agencies had implemented new security initiatives or increased the
               frequency of existing activities since September 2001.11 For example, many
               transit agencies had assessed vulnerabilities, provided additional training
               on emergency preparedness, revised emergency plans, and conducted
               multiple emergency drills. (See fig. 2.) Several agencies we visited had also
               implemented innovative practices to enhance safety and security, such as
               training police officers to drive buses and implementing an employee
               suggestion program to solicit ideas for improving security.




               11
                U.S. General Accounting Office, Mass Transit: Federal Action Could Help Transit
               Agencies Address Security Challenges, GAO-03-263 (Washington, D.C.: Dec. 13, 2002).



               Page 10                                                                   GAO-03-616T
Figure 2: Emergency Transit Drill in Progress




After September 2001, the Federal Transit Administration (FTA), which
has limited authority to oversee and regulate transit security, launched a
multipart security initiative. Although most of the transit agencies we
visited said this initiative was useful, they wanted the federal government
to provide more assistance to support transit security, such as more
information, help in obtaining security clearances, increased funding, and
more security-related research and development. To give transit agencies
greater flexibility in paying for transit security improvements, we
recommended that the Secretary of Transportation consider seeking a
legislative change to allow all transit agencies, regardless of the size of the




Page 11                                                            GAO-03-616T
                urbanized area they serve, to use urbanized area formula funds12 for
                security-related operating expenses. We also recommended that the
                Secretary of Transportation develop risk-based criteria for distributing
                federal funds to transit agencies for high-priority security improvements.
                The department agreed to carefully consider our recommendations as it
                continues working to improve transit security around the country.13


Port Security   Since September 2001, federal agencies, state and local authorities, and
                private-sector stakeholders have done much to address vulnerabilities in
                the security of the nation’s ports.14 The Coast Guard, in particular, has
                acted as a focal point for assessing and addressing security concerns. After
                September 11th, the Coast Guard responded by refocusing its efforts and
                repositioning vessels, aircraft, and personnel not only to provide security,
                but also to increase visibility in key maritime locations. Some of its actions
                included (1) conducting initial risk assessments of ports, which identified
                high-risk infrastructure and facilities and helped determine how the Coast
                Guard’s small boats would be used for harbor security patrols; (2)
                initiating new guidelines for developing security plans and implementing
                security measures for passenger vessels and passenger terminals; and (3)
                beginning a process to comprehensively assess the security conditions of
                55 U.S. ports over a 3-year period.

                In addition, shortly after September 11th, the Coast Guard began requiring
                ships to provide earlier notification of their scheduled arrival at a U.S.
                port. All vessels over 300 gross tons are now required to contact the Coast
                Guard 96 hours—up from 24 hours—before they are scheduled to arrive at
                a U.S. port. Each vessel must provide information on its destination, its
                scheduled arrival, the cargo it is carrying, and a roster of its crew
                members. The information, which is processed and reviewed by the Coast
                Guard’s National Vessel Movement Center, is used in conjunction with
                data from various intelligence agencies to identify “high-interest” vessels.
                Decisions on appropriate actions to be taken with respect to such vessels,



                12
                  The federal urbanized area formula program provides federal funds to urbanized areas
                (jurisdictions with populations of 50,000 or more) for transit capital investments, operating
                expenses, and transportation-related planning.
                13
                  We are currently examining TSA’s role in the security of transit and all other modes of
                transportation. We expect to report on this work later this spring.
                14
                 U.S. General Accounting Office, Port Security: Nation Faces Formidable Challenges in
                Making New Initiatives Successful, GAO-02-993T (Washington, D.C.: Aug. 5, 2002).



                Page 12                                                                       GAO-03-616T
such as whether to board, escort, or deny entry to them, are based on
established criteria and procedures.15 (See fig. 3.)

Figure 3: Inspecting Millions of Containers That Arrive at U.S. Ports Remains a
Challenge




Two other key federal agencies—the Customs Service and the
Immigration and Naturalization Service—also have actions under way to
begin to address such issues as container security and the screening of
persons seeking entry into the United States. With more than 6 million
containers a year entering U.S. ports, examining them all has not been
possible. Using a targeted approach, Customs physically inspects about 2
percent of the containers that enter the country. New initiatives by the


15
 U.S. General Accounting Office, Container Security: Current Efforts to Detect Nuclear
Materials, New Initiatives, and Challenges, GAO-03-297T (Washington, D.C.: Nov. 18,
2002).



Page 13                                                                   GAO-03-616T
                       Customs Service would widen inspection coverage. For example, the
                       Customs Service’s Container Security Initiative focuses on placing U.S.
                       Customs inspectors at the ports of embarkation to target containers for
                       inspection; the Customs Trade Partnership against Terrorism focuses on
                       efforts by importers and others to enhance security procedures along their
                       supply chain; and Operation Safe Commerce focuses on using new
                       technology, such as container seals, to help shippers ensure the integrity
                       of the cargo included in containers being sent to the United States.


                       Efforts to strengthen transportation security face several long-term
Transportation         institutional challenges that include (1) developing a comprehensive risk
Security Poses Long-   management approach; (2) ensuring that funding needs are identified and
                       prioritized and that costs are controlled; (3) establishing effective
Term Institutional     coordination among the many responsible public and private entities; (4)
Challenges             ensuring adequate workforce competence and staffing levels; and (5)
                       implementing security standards for transportation facilities, workers, and
                       security equipment.


Risk Management        To achieve transportation security as well as homeland security, it will be
                       important to effectively manage the risks posed by terrorist threats and to
                       direct national resources to the areas of highest priority. We have
                       advocated the use of a risk management approach to guide federal
                       programs and responses to better prepare for and withstand terrorist
                       threats.16 A risk management approach is a systematic process to analyze
                       threats, vulnerabilities, and the criticality (or relative importance) of
                       assets, to better support key decisions linking resources with prioritized
                       efforts for results. Figure 4 describes this approach.




                       16
                        U.S. General Accounting Office, Homeland Security: A Risk Management Approach Can
                       Guide Preparedness Efforts, GAO-02-208T (Washington, D.C.: Oct. 31, 2001).



                       Page 14                                                              GAO-03-616T
Figure 4: Elements of a Risk Management Approach




Our work has shown that TSA and some of DOT’s modal administrations
have partially developed risk management approaches. For example, in
the fall of 2001, FAA completed an assessment of the threats to and
vulnerabilities of air cargo. The assessment examined a single scenario—a
terrorist attempting to place a bomb on a commercial passenger aircraft—
but did not address the shipment’s vulnerability to tampering along the
route from the shipper to the aircraft. In December 2002, we also reported
that FTA obtains threat information from a variety of sources, including
the Federal Bureau of Investigation, and had started to identify the most
critical transit infrastructure. Moreover, according to agency officials and
our survey results, many transit agencies are conducting vulnerability or
security assessments. Finally, as noted, the Coast Guard has already
conducted initial risk assessments of the nation’s ports, has established
new security guidelines, and is planning for comprehensive assessments of
security conditions at 55 U.S. ports. We have recommended that TSA
conduct a comprehensive plan for air cargo security that incorporates a
risk management approach, and we have recommended that FTA use a
risk-based approach in prioritizing funding decisions for security projects.
Both TSA and FTA agreed with our recommendations. Comprehensive
risk-based assessments are important for all the modes, and they support
effective planning and resource allocation.




Page 15                                                         GAO-03-616T
Funding   Two key funding and accountability challenges will be (1) paying for
          increased transportation security and (2) ensuring that these costs are
          controlled. The costs associated with acquiring equipment and personnel
          for improving aviation security alone are huge. Although TSA estimates
          that it will need about $4.8 billion for aviation security in fiscal year 2003,
          it estimates that revenues from the new passenger security fee will pay for
          only around one-third ($1.7 billion) of that amount. As a result, TSA will
          need a major cash infusion at a time when federal budget deficits are
          growing. Similarly, many of the planned security improvements for surface
          transportation facilities, such as seaports and mass transit, require costly
          outlays for infrastructure, technology, and personnel at a time when
          weakening local economies have reduced local transportation agencies’
          abilities to fund security improvements.

          Estimates of the funding needed to pay for port security far outstrip the
          amounts made available to date.17 As we reported in August 2002, the
          Congress appropriated $93 million to fund security improvements at the
          nation’s 361 ports in fiscal year 2002, but TSA received applications for as
          much as $697 million for these improvements. Efforts by the Coast Guard
          to develop security standards for ports, which we reported in August 2002,
          should help to identify and prioritize needs so that limited funds can be
          targeted to the highest risks at each port. Additional funding will be
          needed to comply with provisions of the Maritime Transportation Security
          Act, enacted in November 2002, which require, among other things, that
          regulations be developed for the preparation and submission of vessel and
          facility security plans, and that vulnerability assessments be conducted for
          vessels and U.S. port facilities.

          In July 2002, we reported that long-term attention to cost and
          accountability controls for acquisition and related business processes will
          be critical both to ensuring TSA’s success and to maintaining its integrity
          and accountability.18 According to DOT’s Inspector General, although TSA
          has made progress in addressing certain cost-related issues, it has not
          established an infrastructure that provides effective controls to monitor
          contractors’ costs and performance. To ensure control over TSA contracts,
          DOT’s Inspector General has recommended that the Congress set aside a


          17
           GAO-02-993T.
          18
           U.S. General Accounting Office, Aviation Security: Transportation Security
          Administration Faces Immediate and Long-Term Challenges, GAO-02-971T (Washington,
          D.C.: July 25, 2002).



          Page 16                                                             GAO-03-616T
               specific amount of TSA’s contracting budget for overseeing contractors’
               performance with respect to cost, schedule, and quality.19

               In considering the federal government’s role in meeting long-term funding
               challenges, several issues will need to be addressed beyond determining
               who should pay for the security enhancements and to what extent the
               agency functions should be funded. An important consideration is, which
               criteria are most appropriate for distributing federal funds? The chief
               criteria considered have been ridership level, population, identified
               vulnerabilities, and criticality of assets. Another important consideration,
               as we reported in September 2002, is, which federal policy instruments—
               grants, loan guarantees, tax incentives, or partnerships—are most
               appropriate to motivate or mandate other levels of government or the
               private sector to help address security concerns?20 Finally, it will be
               important to consider how to allocate funds between competing needs and
               to measure whether we are achieving the increased security benefits
               envisioned.


Coordination   Since September 2001, federal, state, and local surface transportation
               agencies and the private sector have begun rethinking roles and
               responsibilities for transportation security. One challenge to achieving
               national preparedness hinges on the federal government’s ability to form
               effective partnerships among entities that implement security measures at
               the local level. Effective, well-coordinated partnerships require identifying
               roles and responsibilities; developing effective, collaborative relationships
               with local and regional transportation, emergency management, and law
               enforcement agencies; agreeing on performance-based standards that
               describe desired outcomes; testing procedures that implement roles and
               responsibilities; and sharing intelligence information.

               Although TSA has focused primarily on aviation security challenges since
               its creation in 2001, it is working toward defining the roles and
               responsibilities for other modes. TSA has developed a memorandum of
               agreement with FAA that laid out general principles of cooperation and



               19
                 U.S. Department of Transportation, Office of Inspector General, Key Challenges Facing
               the Transportation Security Administration, CC-2002-180 (Washington, D.C.: June 20,
               2002).
               20
                U.S. General Accounting Office, Mass Transit: Challenges in Securing Transit Systems,
               GAO-02-1075T (Washington, D.C.: Sept. 18, 2002).



               Page 17                                                                    GAO-03-616T
                consultation between the two agencies. DOT and TSA expect that
                agreement to also serve as a guide to relations between TSA and DOT’s
                other modal administrations.

                Coordination challenges will continue now that TSA has been transferred
                to the new Department of Homeland Security. TSA will act as a national
                transportation system security manager and expects to work closely with
                DOT to establish security standards for all modes of transportation (air,
                mass transit, maritime, rail, highway, and pipelines). Both TSA and DOT
                will have to ensure the development of sound security policies and
                procedures and the effective implementation of those procedures by the
                many public and private transportation systems’ stakeholders.

                TSA will also have to ensure that the terrorist and threat information
                gathered and maintained by law enforcement and other agencies—
                including the Federal Bureau of Investigation, the Immigration and
                Naturalization Service, the Central Intelligence Agency, and the
                Department of State—is quickly and efficiently communicated among
                federal agencies and to state and local authorities, as needed. In aviation
                security, timely information-sharing among agencies has been hampered
                by organizational cultures reluctant to share sensitive information and by
                outdated, incompatible computer systems. In surface transportation,
                timely information-sharing has been hampered by the lack of standard
                protocols to exchange information among federal, state, and local
                government agencies and private entities. Finally, as we reported in
                September 2002, intelligence-sharing can be hampered if personnel in
                surface transportation agencies have difficulty in acquiring the security
                clearances needed to obtain critical intelligence information.21

Human Capital   As it organizes itself to protect the nation’s transportation system, TSA
                faces the challenge of strategically managing its workforce of more than
                60,000 people, most of whom are deployed at airports or on aircraft to
                detect weapons and explosives and to prevent them from being taken
                aboard and used on aircraft. To assist agencies in managing their human
                capital more strategically, we have developed a model that identifies
                cornerstones and related critical success factors that agencies should
                apply and steps they can take.22 Our model is designed to help agency


                21
                 GAO-02-1075T.
                22
                 U.S. General Accounting Office, A Model of Strategic Human Capital Management,
                GAO-02-373SP (Washington, D.C.: March 2002).



                Page 18                                                                GAO-03-616T
                         leaders effectively lead and manage their people and integrate human
                         capital considerations into daily decisionmaking and the program results
                         they seek to achieve. In January 2003, we reported that TSA is addressing
                         some critical human capital success factors by hiring personnel, using a
                         wide range of tools available for hiring, and beginning to link individual
                         performance to organizational goals.23 However, concerns remain about
                         TSA’s approach to compensation and progress in setting up a performance
                         management system. For example, DOT’s Inspector General expressed
                         concern about TSA’s approach to compensation. TSA is basing its
                         compensation system on FAA’s pay banding approach, which allows the
                         agency to hire employees anywhere within broad pay bands for their
                         positions. Last summer, the Inspector General reported that TSA’s salary
                         levels for law enforcement and general and administrative positions were
                         higher than for comparable positions in other agencies. 24 TSA was also
                         behind schedule in establishing a performance management system linked
                         to organizational goals. Such a system will be critical in order for TSA to
                         motivate and manage staff, ensure the quality of screeners’ performance,
                         and, ultimately, restore public confidence in air travel.


Security Standards for   Security standards for transportation facilities, workers, and security
Surface Transportation   equipment define the level of security that is needed and the safeguards
                         that should be in place to meet identified security needs. Adequate
                         standards, consistently applied, are important to ensure that operators
                         improve their security practices in modes where lax security could make
                         surface transportation facilities attractive targets for terrorists. New
                         security standards are being developed in some modes and are being
                         considered in other modes. For example, new security standards are being
                         developed for ports, to prevent unauthorized persons from gaining access
                         to sensitive areas, to detect and intercept intrusions, to check the
                         backgrounds of those whose jobs require access to port facilities, and to
                         screen travelers and other visitors to port facilities. The Maritime
                         Transportation Security Act of 2002, enacted November 25, 2002, requires
                         the development of (1) port security regulations for access controls,
                         background checks, and vessel and facility security plans and (2)



                         23
                          U.S. General Accounting Office, Transportation Security Administration: Actions and
                         Plans to Build a Results-Oriented Culture, GAO-03-190 (Washington, D.C.: Jan. 13, 2003).
                         24
                          U.S. Department of Transportation, Office of Inspector General, Progress in
                         Implementing Provisions of the Aviation and Transportation Security Act, CC-2002-203
                         (Washington, D.C.: Aug. 7, 2002).



                         Page 19                                                                    GAO-03-616T
               performance standards for seals and locks on shipping containers. In
               addition, legislation proposed in the last session of Congress would
               require DOT to prescribe standards for pipeline security programs and to
               approve or disapprove each pipeline operator’s program on the basis of
               the operator’s adherence to these standards.25 However, industry
               representatives have told us that they would prefer a nonregulatory
               approach, citing concerns about the need for flexibility in designing
               security programs suitable for each pipeline facility.

               While progress has been made in developing security standards,
               challenges remain in implementing them. There is little precedent for how
               to enforce standards, because the size, complexity, and diversity of
               surface transportation facilities do not lend themselves to an enforcement
               approach similar to the one adopted for airports after September 11th.
               Implementing standards is also difficult because it requires consensus and
               compromises on the part of stakeholders. To the degree that some
               stakeholders believe that security actions are unnecessary or conflict with
               other goals and interests, achieving consensus about what to do will be
               difficult.


               Where do we stand today? How much more secure are we now than we
Concluding     were before September 11th? After spending billions of dollars on people,
Observations   policies, and procedures to improve security, we are much more secure
               now than we were then, but we can never be completely secure. Today,
               we have better intelligence, coordination, and communication; we have
               plans to alert the public to threats; and we are all more alert to the
               possibility of threats. Yet major vulnerabilities remain, particularly in air
               cargo, general aviation, mass transit, and port security. Addressing these
               vulnerabilities will continue to require risk assessments and plans that
               balance security concerns against mobility needs, and that consider how
               much the nation can afford to spend for security improvements in light of
               other, competing demands for limited funds.

               Mr. Chairman, this concludes my statement. I would be pleased to answer
               any questions that you or other members of the Commission may have.




               25
                Pipeline Infrastructure Protection to Enhance Security and Safety Act, H.R. 3609, 107th
               Congress (2001).



               Page 20                                                                     GAO-03-616T
                      For further information on this testimony, please contact Gerald L.
Contact information   Dillingham at (202) 512-2834. Individuals making key contributions to this
                      testimony include Elizabeth Eisenstadt, Maren McAvoy, John W.
                      Shumann, and Teresa Spisak.




                      Page 21                                                        GAO-03-616T
Related GAO Products


                    Aviation Security: FAA Needs to Update Curriculum and Certification
Aviation Security   Requirements for Aviation Mechanics. GAO-03-317. Washington, D.C.:
                    March 6, 2003.

                    Aviation Security: Measures Needed to Improve Security of Pilot
                    Certification Process. GAO-03-248NI. Washington, D.C.: February 3, 2003.
                    (NOT FOR PUBLIC DISSEMINATION)

                    Aviation Safety: Undeclared Air Shipments of Dangerous Goods and
                    DOT’s Enforcement Approach. GAO-03-22. Washington, D.C.: January 10,
                    2003.

                    Aviation Security: Vulnerabilities and Potential Improvements for the
                    Air Cargo System. GAO-03-286NI. Washington, D.C.: December 20, 2002.
                    (NOT FOR PUBLIC DISSEMINATION)

                    Aviation Security: Vulnerabilities and Potential Improvements for the
                    Air Cargo System. GAO-03-344. Washington, D.C.: December 20, 2002.

                    Aviation Security: Vulnerability of Commercial Aviation to Attacks by
                    Terrorists Using Dangerous Goods. GAO-03-30C. Washington, D.C.:
                    December 3, 2002.

                    Aviation Safety: Better Guidance and Training Needed on Providing
                    Files on Pilots’ Background Information. GAO-02-722. August 30, 2002.

                    Aviation Security: Transportation Security Administration Faces
                    Immediate and Long-Term Challenges. GAO-02-971T. Washington, D.C.:
                    July 25, 2002.

                    Aviation Security: Information Concerning the Arming of Commercial
                    Pilots. GAO-02-822R. Washington, D.C.: June 28, 2002.

                    Aviation Security: Deployment and Capabilities of Explosive Detection
                    Equipment. GAO-02-713C. Washington, D.C.: June 20, 2002. (CLASSIFIED)

                    Aviation Security: Information on Vulnerabilities in the Nation’s Air
                    Transportation System. GAO-01-1164T. Washington, D.C.: September 26,
                    2001. (NOT FOR PUBLIC DISSEMINATION)

                    Aviation Security: Information on the Nation’s Air Transportation
                    System Vulnerabilities. GAO-01-1174T. Washington, D.C.: September 26,
                    2001. (NOT FOR PUBLIC DISSEMINATION)

                    Page 22                                                      GAO-03-616T
Aviation Security: Vulnerabilities in, and Alternatives for, Preboard
Screening Security Operations. GAO-01-1171T. Washington, D.C.:
September 25, 2001.

Aviation Security: Weaknesses in Airport Security and Options for
Assigning Screening Responsibilities. GAO-01-1165T. Washington, D.C.:
September 21, 2001.

Aviation Security: Terrorist Acts Demonstrate Urgent Need to Improve
Security at the Nation’s Airports. GAO-01-1162T. Washington, D.C.:
September 20, 2001.

Aviation Security: Terrorist Acts Illustrate Severe Weaknesses in
Aviation Security. GAO-01-1166T. Washington, D.C.: September 20, 2001.

Responses of Federal Agencies and Airports We Surveyed about Access
Security Improvements. GAO-01-1069R. Washington, D.C.: August 31,
2001.

Responses of Federal Agencies and Airports We Surveyed about Access
Security Improvements. GAO-01-1068R. Washington, D.C.: August 31,
2001. (RESTRICTED)

FAA Computer Security: Recommendations to Address Continuing
Weaknesses. GAO-01-171. Washington, D.C.: December 6, 2000.

Aviation Security: Additional Controls Needed to Address Weaknesses in
Carriage of Weapons Regulations. GAO/RCED-00-181. Washington, D.C.:
September 29, 2000.

FAA Computer Security: Actions Needed to Address Critical Weaknesses
That Jeopardize Aviation Operations. GAO/T-AIMD-00-330. Washington,
D.C.: September 27, 2000.

FAA Computer Security: Concerns Remain Due to Personnel and Other
Continuing Weaknesses. GAO/AIMD-00-252. Washington, D.C.: August 16,
2000.

Aviation Security: Long-Standing Problems Impair Airport Screeners’
Performance. GAO/RCED-00-75. Washington, D.C.: June 28, 2000.




Page 23                                                      GAO-03-616T
Aviation Security: Screeners Continue to Have Serious Problems
Detecting Dangerous Objects. GAO/RCED-00-159. Washington, D.C.: June
22, 2000. (NOT FOR PUBLIC DISSEMINATION)

Computer Security: FAA Is Addressing Personnel Weaknesses, but
Further Action Is Required. GAO/AIMD-00-169. Washington, D.C.: May 31,
2000.

Security: Breaches at Federal Agencies and Airports. GAO/OSI-00-10.
Washington, D.C.: May 25, 2000.

Aviation Security: Screener Performance in Detecting Dangerous
Objects during FAA Testing Is Not Adequate. GAO/T-RCED-00-143.
Washington, D.C.: April 6, 2000. (NOT FOR PUBLIC DISSEMINATION)

Combating Terrorism: How Five Foreign Countries Are Organized to
Combat Terrorism. GAO/NSIAD-00-85. Washington, D.C.: April 7, 2000.

Aviation Security: Vulnerabilities Still Exist in the Aviation Security
System. GAO/T-RCED/AIMD-00-142. Washington, D.C.: April 6, 2000.

U.S. Customs Service: Better Targeting of Airline Passengers for
Personal Searches Could Produce Better Results. GAO/GGD-00-38.
Washington, D.C.: March 17, 2000.

Aviation Security: Screeners Not Adequately Detecting Threat Objects
during FAA Testing. GAO/T-RCED-00-124. Washington, D.C.: March 16,
2000. (NOT FOR PUBLIC DISSEMINATION)

Aviation Security: Slow Progress in Addressing Long-Standing Screener
Performance Problems. GAO/T-RCED-00-125. Washington, D.C.: March 16,
2000.

Computer Security: FAA Needs to Improve Controls Over Use of Foreign
Nationals to Remediate and Review Software. GAO/AIMD-00-55.
Washington, D.C.: December 23, 1999.

Aviation Security: FAA’s Actions to Study Responsibilities and Funding
for Airport Security and to Certify Screening Companies. GAO/RCED-
99-53. Washington, D.C.: February 24, 1999.

Aviation Security: FAA’s Deployments of Equipment to Detect Traces of
Explosives. GAO/RCED-99-32R. Washington, D.C.: November 13, 1998.

Page 24                                                       GAO-03-616T
Air Traffic Control: Weak Computer Security Practices Jeopardize Flight
Safety. GAO/AIMD-98-155. Washington, D.C.: May 18, 1998.

Aviation Security: Progress Being Made, but Long-Term Attention Is
Needed. GAO/T-RCED-98-190. Washington, D.C.: May 14, 1998.

Air Traffic Control: Weak Computer Security Practices Jeopardize Flight
Safety. GAO/AIMD-98-60. Washington, D.C.: April 29, 1998. (LIMITED
OFFICIAL USE –DO NOT DISSEMINATE)

Aviation Security: Implementation of Recommendations Is Under Way,
but Completion Will Take Several Years. GAO/RCED-98-102. Washington,
D.C.: April 24, 1998.

Combating Terrorism: Observations on Crosscutting Issues. GAO/T-NSIAD-98-
164. Washington, D.C.: April 23, 1998.

Aviation Safety: Weaknesses in Inspection and Enforcement Limit FAA
in Identifying and Responding to Risks. GAO/RCED-98-6. Washington,
D.C.: February 27, 1998.

Aviation Security: FAA’s Procurement of Explosives Detection Devices.
GAO/RCED-97-111R. Washington, D.C.: May 1, 1997.

Aviation Security: Commercially Available Advanced Explosives
Detection Devices. GAO/RCED-97-ll9R. Washington, D.C.: April 24, 1997.

Aviation Safety and Security: Challenges to Implementing the
Recommendations of the White House Commission on Aviation Safety
and Security. GAO/T-RCED-97-90. Washington, D.C.: March 5, 1997.

Aviation Security: Technology’s Role in Addressing Vulnerabilities.
GAO/T-RCED/NSIAD-96-262. Washington, D.C.: September 19, 1996.

Aviation Security: Oversight of Initiatives Will Be Needed. C-GAO/T-
RCED/NSIAD-96-20. Washington, D.C.: September 17, 1996. (CLASSIFIED)

Aviation Security: Urgent Issues Need to Be Addressed. GAO/T-
RCED/NSIAD-96-251. Washington, D.C.: September 11, 1996.

Aviation Security: Immediate Action Needed to Improve Security.
GAO/T-RCED/NSIAD-96-237. Washington, D.C.: August 1, 1996.



Page 25                                                      GAO-03-616T
                    Aviation Security: FAA Can Help Ensure That Airports’ Access Control
                    Systems Are Cost Effective. GAO/RCED-95-25. Washington, D.C.: March 1,
                    1995.

                    Aviation Security: Development of New Security Technology Has Not Met
                    Expectations. GAO/RCED-94-142. Washington, D.C.: May 19, 1994.

                    Aviation Security: Additional Actions Needed to Meet Domestic and
                    International Challenges. GAO/RCED-94-38. Washington, D.C.: January
                    27, 1994.


                    Mass Transit: Federal Action Could Help Transit Agencies Address
Transit Security    Security Challenges. GAO-03-263. Washington, D.C.: December 13, 2002.

                    Mass Transit: Challenges in Securing Transit Systems. GAO-02-1075T.
                    Washington, D.C.: September 18, 2002.


                    Coast Guard: Comprehensive Blueprint Needed to Balance and Monitor
Maritime Security   Resource Use and Measure Performance for All Missions. GAO-03-544T.
                    Washington, D.C.: March 12, 2003.

                    Homeland Security: Challenges Facing the Coast Guard as It
                    Transitions to the New Department. GAO-03-467T. Washington, D.C.:
                    February 12, 2003.

                    Container Security: Current Efforts to Detect Nuclear Materials, New
                    Initiatives, and Challenges. GAO-03-297T. Washington, D.C.: November
                    18, 2002.

                    Port Security: Nation Faces Formidable Challenges in Making New
                    Initiatives Successful. GAO-02-993T. Washington, D.C.: August 5, 2002.


                    Combating Terrorism: Observations on National Strategies Related to
Other               Terrorism. GAO-03-519T. Washington, D.C.: March 3, 2003.

                    Transportation Security Administration: Actions and Plans to Build a
                    Results-Oriented Culture. GAO-03-190. Washington, D.C.: January 17,
                    2003.




                    Page 26                                                       GAO-03-616T
           Major Management Challenges and Program Risks: Department of
           Homeland Security. GAO-03-102. Washington, D.C.: January 1, 2003.

           Major Management Challenges and Program Risks: Department of
           Transportation. GAO-03-108. Washington, D.C.: January 2003.

           National Preparedness: Integration of Federal, State, Local, and Private
           Sector Efforts Is Critical to an Effective National Strategy for Homeland
           Security. GAO-02-621T. Washington, D.C.: April 11, 2002.

           Homeland Security: Progress Made, More Direction and Partnership
           Sought. GAO-02-490T. Washington, D.C.: March 12, 2002.

           A Model of Human Capital Management. GAO-02-373SP. Washington,
           D.C.: March 2002.




(540059)
           Page 27                                                       GAO-03-616T