oversight

Maritime Security: Progress and Challenges 10 Years after the Maritime Transportation Security Act

Published by the Government Accountability Office on 2012-09-11.

Below is a raw (and likely hideous) rendition of the original report. (PDF)

                              United States Government Accountability Office

GAO                           Testimony
                              Before the Subcommittee on Coast Guard
                              and Maritime Transportation, Committee
                              on Transportation and Infrastructure,
                              House of Representatives
                              MARITIME SECURITY
For Release on Delivery
Expected at 9:30 a.m. EST
Tuesday, September 11, 2012



                              Progress and Challenges
                              10 Years after the Maritime
                              Transportation Security Act
                              Statement of Stephen L. Caldwell, Director
                              Homeland Security and Justice




GAO-12-1009T
                                                September 11, 2012

                                                MARITIME SECURITY
                                                Progress and Challenges 10 Years After the Maritime
                                                Transportation Security Act
Highlights of GAO-12-1009T, a testimony for
the Subcommittee on Coast Guard and
Maritime Transportation, Committee on
Transportation and Infrastructure, House of
Representatives


Why GAO Did This Study                          What GAO Found
Ports, waterways, and vessels handle            GAO’s work has shown that the Department of Homeland Security (DHS),
billions of dollars in cargo annually and       through its component agencies, particularly the Coast Guard and U.S. Customs
an attack on this maritime                      and Border Protection (CBP), have made substantial progress in implementing
transportation system could impact the          various programs that, collectively, have improved maritime security. In general,
global economy. November 2012                   GAO’s work on maritime security programs falls under four areas: (1) security
marks the 10-year anniversary of                planning, (2) port facility and vessel security, (3) maritime domain awareness and
MTSA, which required a wide range of            information sharing, and (4) international supply chain security. DHS has, among
security improvements. DHS is the               other things, developed various maritime security programs and strategies and
lead federal department responsible for         has implemented and exercised security plans. For example, the Coast Guard
implementing MTSA and it relies on its          has developed Area Maritime Security Plans around the country to identify and
component agencies, such as the                 coordinate Coast Guard procedures related to prevention, protection, and
Coast Guard and CBP, to help                    security response at domestic ports. In addition, to enhance the security of U.S.
implement the act. The Coast Guard is           ports, the Coast Guard has implemented programs to conduct annual inspections
responsible for U.S. maritime security
                                                of port facilities. To enhance the security of vessels, both CBP and the Coast
interests and CBP is responsible for
                                                Guard receive and screen advance information on commercial vessels and their
screening arriving vessel crew and
cargo. This testimony summarizes
                                                crews before they arrive at U.S. ports and prepare risk assessments based on
GAO’s work on implementation of                 this information. Further, DHS and its component agencies have increased
MTSA requirements over the last                 maritime domain awareness and have taken steps to better share information by
decade and addresses (1) progress               improving risk management and implementing a vessel tracking system, among
the federal government has made in              other things. For example, in July 2011, CBP developed the Small Vessel
improving maritime security and (2)             Reporting System to better track small boats arriving from foreign locations and
key challenges that DHS and its                 deployed this system to eight field locations. DHS and its component agencies
component agencies have                         have also taken actions to improve international supply chain security, including
encountered in implementing maritime            developing new technologies to detect contraband, implementing programs to
security-related programs. GAO was              inspect U.S.-bound cargo at foreign ports, and establishing partnerships with the
unable to identify all related federal          trade industry community and foreign governments.
spending, but estimated funding for
certain programs. For example, from             Although DHS and its components have made substantial progress, they have
2004 through May 2012, CBP obligated            encountered challenges in implementing initiatives and programs to enhance
over $390 million to fund its program to        maritime security since the enactment of the Maritime Security Transportation
partner with companies to review the            Act (MTSA) in 2002 in the areas of: (1) program management and
security of their supply chains. This           implementation; (2) partnerships and collaboration; (3) resources, funding, and
statement is based on GAO products              sustainability; and (4) performance measures. For example, CBP designed and
issued from August 2002 through July            implemented an initiative that placed CBP staff at foreign seaports to work with
2012, as well as updates on the status          host nation customs officials to identify high-risk, U.S.-bound container cargo, but
of recommendations made and budget              CBP initially did not have a strategic or workforce plan to guide its efforts.
data obtained in August 2012.                   Further, the Coast Guard faced collaboration challenges when developing and
                                                implementing its information management system for enhancing information
What GAO Recommends                             sharing with key federal, state, and local law enforcement agencies because it
GAO has made recommendations to                 did not systematically solicit input from these stakeholders. Budget and funding
DHS in prior reports and testimonies to         decisions have also affected the implementation of maritime security programs.
strengthen its maritime security                For example, Coast Guard data indicate that some of its units are not able to
programs. DHS generally concurred               meet self-imposed standards related to certain security activities—including
and has implemented or is in the                boarding and escorting vessels. In addition, DHS has experienced challenges in
process of implementing them.                   developing effective performance measures for assessing the progress of its
View GAO-12-1009T. For more information,        maritime security programs. For example, the Coast Guard developed a
contact Stephen L. Caldwell at (202) 512-9610   performance measure to assess its performance in reducing maritime risk, but
or caldwells@gao.gov.                           has faced challenges using this measure to inform decisions.

                                                                                         United States Government Accountability Office
Mr. Chairman and Members of the Subcommittee:

I am pleased to be here today to discuss the Department of Homeland
Security’s (DHS) and other agencies’ implementation of the Maritime
Transportation Security Act of 2002 (MTSA). 1 Ports, waterways, and
vessels handle billions of dollars in cargo annually, and an attack on our
nation’s maritime transportation system could have dire consequences.
Ports are inherently vulnerable to terrorist attacks because of their size,
general proximity to metropolitan areas, the volume of cargo being
processed, and the ready access the ports have to transportation links
into the United States. An attack on a port could have a widespread
impact on international trade and the global economy. Balancing security
concerns with the need to facilitate the free flow of people and commerce
remains an ongoing challenge for the public and private sectors alike.

November 2012 will mark the 10th anniversary of the enactment of
MTSA, which requires a wide range of security improvements designed to
help protect the nation’s ports, waterways, and coastal areas from
terrorist attacks by requiring a wide range of security improvements. Prior
to the terrorist attacks of September 11, 2001, federal attention at ports
tended to focus on navigation and safety issues, such as dredging
channels and environmental protection.

DHS is the lead federal agency responsible for implementing MTSA
requirements and it relies on a number of its component agencies that
have responsibilities related to maritime security, as follows. 2

•   U.S. Coast Guard: The Coast Guard has primary responsibility for
    ensuring the safety and security of U.S. maritime interests and leading
    homeland security efforts in the maritime domain. In this capacity,
    among other things, the Coast Guard conducts port facility and
    commercial vessel inspections, leads the coordination of maritime




1
Pub. L. No. 107-295, 116 Stat. 2064.
2
  Immigration and Customs Enforcement (ICE) also contributes to maritime security in that
its mission is to detect and prevent terrorist and criminal acts by targeting the people,
money, and materials that support terrorist and criminal networks. In this capacity, ICE
contributes to DHS border security efforts, including in the maritime environment, even
though its main focus is not on interdicting or screening operations.




Page 1                                                                      GAO-12-1009T
    information sharing efforts, and promotes domain awareness in the
    maritime environment. 3

•   U.S. Customs and Border Protection (CBP): CBP is responsible for
    the screening of incoming vessels’ crew and maritime cargo for the
    presence of contraband, such as weapons of mass destruction, illicit
    drugs, or explosives, while facilitating the flow of legitimate trade and
    passengers.

•   Transportation Security Administration (TSA): TSA has
    responsibility for managing the Transportation Worker Identification
    Credential program, which is designed to control the access of
    maritime workers to regulated maritime facilities in the United States. 4

•   Domestic Nuclear Detection Office (DNDO): DNDO is responsible
    for acquiring and supporting the deployment of radiation detection
    equipment, including radiation portal monitors at domestic seaports to
    support the scanning of cargo containers before they enter U.S.
    commerce.

•   Federal Emergency Management Agency (FEMA): FEMA is
    responsible for administering grants to improve the security of the
    nation’s highest risk port areas.

It is important to note that some of these agencies were made
responsible for implementing MTSA requirements in the midst of the most
extensive federal reorganization in over 50 years, as most were
reorganized into DHS in March 2003, when DHS began operating—less
than 5 months after MTSA enactment. This reorganization introduced
new chains of command and reporting responsibilities. MTSA
implementation also involved coordination with other executive branch
agencies, including the Departments of Justice, State, and
Transportation.




3
 Maritime domain awareness is the understanding by stakeholders involved in maritime
security of anything associated with the global maritime environment that could adversely
affect the security, safety, economy or environment of the United States.
4
  The Coast Guard is responsible for enforcement of the Transportation Worker
Identification Credential program.




Page 2                                                                      GAO-12-1009T
In 2006, the Security and Accountability For Every Port Act of 2006
(SAFE Port Act) became law. 5 The act amended MTSA and required
DHS to develop, implement, and update, as appropriate, a strategic plan
to enhance the security of the international supply chain—the flow of
goods from manufacturers to retailers. 6 Further, the SAFE Port Act
required DHS to establish pilot projects at three ports to test the feasibility
of scanning 100 percent of U.S.-bound cargo containers at foreign ports. 7

My statement today summarizes our work on maritime security since the
enactment of MTSA and is focused on

•     progress the federal government has made in improving maritime
      security, and
•     key challenges that DHS and its component agencies have
      encountered in implementing maritime security-related programs.

We were unable to identify all federal spending for these purposes, but
were able to estimate obligations or expenditures for certain programs.
For example, we were not able to determine obligations for many of the
MTSA-related Coast Guard programs—such as port security exercises—
because they are funded at the account level (i.e., operating expenses)
rather than as specific line items. However, we were able to estimate
obligations or expenditures in some instances. For example, from fiscal
years 2004 through May 2012, CBP obligated over $390 million for a
voluntary program that enables CBP officials to work in partnership with
private companies to review and validate companies’ practices for
securing their international supply chains.




5
    Pub. L. No. 109-347, 120 Stat. 1884.
6
  The SAFE Port Act required DHS to report to Congress on this strategic plan by July
2007, with an update of the strategic plan to be submitted to Congress 3 years later. See
6 U.S.C. § 941(a), (g).
7
 6 U.S.C. § 981. Related to this SAFE Port Act requirement, in August 2007, the
Implementing Recommendations of the 9/11 Commission Act of 2007 was enacted, which
required, among other things, that by July 2012, 100 percent of all U.S.-bound cargo
containers be scanned at foreign ports, with possible extensions for ports at which certain
conditions exist. See Pub. L. No. 110-53, § 1701(a), 121 Stat. 266, 489-90 (amending 6
U.S.C. § 982(b)). Such extensions have been granted, as explained later in this
statement.




Page 3                                                                       GAO-12-1009T
                        In addition to the statement, appendix I summarizes select programs and
                        activities that have been implemented since November 2002 to address
                        maritime security and the associated expenditures, where information
                        was available. The appendix also includes key findings from our work
                        regarding these programs and activities in the last 10 years, as well as
                        the progress that DHS and its component agencies have made in
                        responding to our recommendations.

                        This statement is based primarily on reports and testimonies we have
                        issued from August 2002 through July 2012 related to maritime, port,
                        vessel, and cargo security efforts of the federal government, and other
                        related aspects of implementing MTSA requirements. The statement also
                        includes selected updates—conducted in August 2012—to the
                        information provided in these previously-issued products on the actions
                        DHS and its component agencies have taken to address
                        recommendations made in these products. Where available, we have
                        also included information on the funding for key maritime security related
                        programs through May 2012. This additional information can be seen in
                        appendix I. We conducted the work in accordance with generally
                        accepted government auditing standards. Those standards require that
                        we plan and perform the audit to obtain sufficient, appropriate evidence to
                        provide a reasonable basis for our findings and conclusions based on our
                        audit objectives. We believe the evidence obtained provides a reasonable
                        basis for our findings and conclusions based on our audit objectives.

                        To perform the work, we visited domestic and overseas ports; reviewed
                        agency program documents, port security plans, and postexercise
                        reports, and other documents; and interviewed officials from the federal,
                        state, local, private, and international sectors, among other things. The
                        officials were from a wide variety of stakeholders to include the Coast
                        Guard, CBP, TSA, port authorities, terminal operators, vessel operators,
                        foreign governments, and international trade organizations. Further
                        details on the scope and methodology for the previously issued reports
                        and testimonies are available within each of the published products.


                        Our work has shown that DHS and its component agencies—particularly
DHS Has Made            the Coast Guard and CBP—have made substantial progress in
Substantial Progress    implementing various programs that, collectively, have improved maritime
                        security. In general, our maritime security-related work has addressed
in Improving Maritime   four areas: (1) national and port-level security planning, (2) port facility
Security                and vessel security, (3) maritime domain awareness and information



                        Page 4                                                          GAO-12-1009T
                          sharing, and (4) international supply chain security. Detailed examples of
                          progress in each of these four areas are discussed below.


National and Port-Level   The federal government has made progress in national and port-level
Security Planning         security planning by, for example, developing various maritime security
                          strategies and plans, and conducting exercises to test these plans.

                          •   Developing national-level security strategies: The federal
                              government has made progress developing national maritime security
                              plans. For example, the President and the Secretaries of Homeland
                              Security, Defense, and State approved the National Strategy for
                              Maritime Security and its supporting plans in 2005. The strategy has
                              eight supporting plans that are intended to address the specific
                              threats and challenges of the maritime environment, such as maritime
                              commerce security. We reported in June 2008 that these plans were
                              generally well developed and, collectively, included desirable
                              characteristics, such as (1) purpose, scope, and methodology; (2)
                              problem definition and risk assessment; (3) organizational roles,
                              responsibilities, and coordination; and (4) integration and
                              implementation. Including these characteristics in the strategy and its
                              supporting plans can help the federal government enhance maritime
                              security. 8 For example, better problem definition and risk assessment
                              provide greater latitude to responsible parties for developing
                              approaches that are tailored to the needs of their specific regions or
                              sectors. In addition, in April 2008 DHS released its Small Vessel
                              Security Strategy, which identified the gravest risk scenarios involving
                              the use of small vessels for launching terrorist attacks, as well as
                              specific goals where efforts can achieve the greatest risk reduction
                              across the maritime domain. 9

                          •   Developing port-level security plans: The Coast Guard has
                              developed Area Maritime Security Plans (AMSP) around the country
                              to enhance the security of domestic ports. AMSPs, which are
                              developed by the Coast Guard with input from applicable
                              governmental and private entities, serve as the primary means to


                          8
                           GAO, Maritime Security: National Strategy and Supporting Plans Were Generally Well-
                          Developed and Are Being Implemented, GAO-08-672 (Washington, D.C.: June 20, 2008).
                          9
                           Department of Homeland Security, Small Vessel Security Strategy (Washington, D.C.,
                          April 2008).




                          Page 5                                                                   GAO-12-1009T
      identify and coordinate Coast Guard procedures related to prevention,
      protection, and security response. Implementing regulations for MTSA
      specified that these plans include, among other things, (1) operational
      and physical security measures that can be intensified if security
      threats warrant it; (2) procedures for responding to security threats,
      including provisions for maintaining operations at domestic ports; and
      (3) procedures to facilitate the recovery of the maritime transportation
      system after a security incident. 10 We reported in October 2007 that to
      assist domestic ports in implementing the AMSPs, the Coast Guard
      provided a common template that specified the responsibilities of port
      stakeholders. 11 Further, the Coast Guard has established Area
      Maritime Security Committees—forums that involve federal and
      nonfederal officials who identify and address risks in a port—to,
      among other things, provide advice to the Coast Guard for developing
      the associated AMSPs. These plans provide a framework for
      communication and coordination among port stakeholders and law
      enforcement officials and identify and reduce vulnerabilities to security
      threats throughout the port area.

•     Exercising security plans: DHS has taken a number of steps to
      exercise its security plans. The Coast Guard and the Area Maritime
      Security Committee are required to conduct or participate in exercises
      to test the effectiveness of AMSPs at least once each calendar year,
      with no more than 18 months between exercises. 12 These exercises
      are designed to continually improve preparedness by validating
      information and procedures in the AMSPs, identifying strengths and
      weaknesses, and practicing command and control within an incident
      command/unified command framework. To aid in this effort, the Coast
      Guard initiated the Area Maritime Security Training and Exercise
      Program in October 2005. This program is designed to involve all port
      stakeholders in the implementation of the AMSPs. Our prior work has
      shown that the Coast Guard has exercised these plans and that, since
      development of the AMSPs, all Area Maritime Security Committees
      have participated in a port security exercise. 13 Lessons learned from


10
     33 C.F.R. § 103.505.
11
 GAO, Maritime Security: The SAFE Port Act and Efforts to Secure Our Nation’s
Seaports, GAO-08-86T (Washington, D.C.: Oct. 4, 2007).
12
     33 C.F.R. § 103.515.
13
  GAO. Maritime Security: The SAFE Port Act: Status and Implementation One Year
Later, GAO-08-126T (Washington, D.C.: Oct. 30, 2006).




Page 6                                                                  GAO-12-1009T
                                the exercises are incorporated into plans, which Coast Guard officials
                                said lead to planning process improvements and better plans.

Port Facility and Vessel   In addition to developing security plans, DHS has taken a number of
Security                   actions to identify and address the risks to port facilities and vessels by
                           conducting facility inspections and screening and boarding vessels,
                           among other things.

                           •    Requiring facility security plans and conducting inspections: To
                                enhance the security of port facilities, the Coast Guard has
                                implemented programs to require port facility security plans and to
                                conduct annual inspections of the facilities. Owners and operators of
                                certain maritime facilities are required to conduct assessments of
                                security vulnerabilities, develop security plans to mitigate these
                                vulnerabilities, and implement measures called for in their security
                                plans. Coast Guard guidance calls for at least one announced and
                                one unannounced inspection each year to ensure that security plans
                                are being followed. We reported in February 2008, on the basis of
                                these inspections, the Coast Guard had identified and corrected port
                                facility deficiencies. For example, the Coast Guard identified
                                deficiencies in about one-third of the port facilities inspected from
                                2004 through 2006, with deficiencies concentrated in certain
                                categories, such as failing to follow facility security plans for port
                                access control. 14 In addition to inspecting port facilities, the Coast
                                Guard also conducts inspections at offshore facilities, such as oil rigs.
                                Requiring the development of these security plans and inspecting
                                facilities to correct deficiencies helps the Coast Guard mitigate
                                vulnerabilities that could be exploited by those with the intent to kill
                                people, cause environmental damage, or disrupt transportation
                                systems and the economy.

                           •    Issuing facility access cards: DHS and its component agencies
                                have made less progress in controlling access to secure areas of port
                                facilities and vessels. To control access to these areas, DHS was
                                required by MTSA to, among other things, issue a transportation
                                worker identification credential that uses biometrics, such as




                           14
                            GAO, Maritime Security: Coast Guard Inspections Identify and Correct Facility
                           Deficiencies, but More Analysis Needed of Program’s Staffing, Practices, and Data,
                           GAO-08-12 (Washington, D.C.: Feb. 14, 2008).




                           Page 7                                                                     GAO-12-1009T
      fingerprints. 15 TSA had already initiated a program to create an
      identification credential that could be used by workers in all modes of
      transportation when MTSA was enacted. This program, called the
      Transportation Worker Identification Credential (TWIC) program, is
      designed to collect personal and biometric information to validate
      workers’ identities and to conduct background checks on
      transportation workers to ensure they do not pose a threat to security.
      We reported in November 2009 that TSA, the Coast Guard, and the
      maritime industry took a number of steps to enroll 1,121,461 workers
      in the TWIC program, or over 93 percent of the estimated 1.2 million
      potential users, by the April 15, 2009, national compliance deadline. 16
      However, as discussed later in this statement, internal control
      weaknesses governing the enrollment, background check process,
      and use of these credentials potentially limit the program’s ability to
      provide reasonable assurance that access to secure areas of MTSA-
      regulated facilities is restricted to qualified individuals.

•     Administering the Port Security Grant Program: DHS has taken
      steps to improve the security of port facilities by administering the Port
      Security Grant Program. To help defray some of the costs of
      implementing security at ports around the United States, this program
      was established in January 2002 when TSA was appropriated $93.3
      million to award grants to critical national seaports. 17 MTSA codified
      the program when it was enacted in November 2002. 18 The Port
      Security Grant Program awards funds to states, localities, and private
      port operators to strengthen the nation’s ports against risks
      associated with potential terrorist attacks. We reported in November
      2011 that, for fiscal years 2010 and 2011, allocations of these funds
      were based on DHS’s risk model and implementation decisions, and
      were made largely in accordance with risk. For example, we found




15
    46 U.S.C. § 70105.
16
  GAO, Transportation Worker Identification Credential: Progress Made in Enrolling
Workers and Activating Credentials but Evaluation Plan Needed to Help Inform the
Implementation of Card Readers, GAO-10-43 (Washington, D.C.: Nov. 18, 2009).
17
    Pub. L. No. 107-117, 115 Stat. 2230, 2327 (2002).
18
    46 U.S.C. § 70107.




Page 8                                                                     GAO-12-1009T
      that allocations of funds to port areas were highly positively correlated
      to port risk, as calculated by DHS’s risk model. 19

•     Reviewing vessel plans and conducting inspections: To enhance
      vessel security, the Coast Guard has taken steps to help vessel
      owners and operators develop security plans and the Coast Guard
      regularly inspects these vessels for compliance with the plans. MTSA
      requires certain vessel owners and operators to develop security
      plans, and the Coast Guard is to approve these plans. 20 Vessel
      security plans are to designate security officers; include information
      on procedures for establishing and maintaining physical security,
      passenger and cargo security, and personnel security; describe
      training and drills, and identify the availability of appropriate security
      measures necessary to deter transportation security incidents, among
      other things. The Coast Guard took several steps to help vessel
      owners and operators understand and comply with these
      requirements. In particular, the Coast Guard (1) issued updated
      guidance and established a “help desk” to provide stakeholders with a
      single point of contact, both through the Internet and over the
      telephone; (2) hired contractors to provide expertise in reviewing
      vessel security plans; and (3) conducts regular inspections of vessels.
      For example, we reported in December 2010 that, according to Coast
      Guard officials, the Coast Guard is to inspect ferries four times per
      year. The annual security inspection, which may be combined with a
      safety inspection and typically occurs when the ferry is out of service,
      and the quarterly inspections, which are shorter in duration, and
      generally take place while the ferry remains in service. During
      calendar years 2006 through 2009, the most recent years for which
      we have data, the Coast Guard reports that it conducted over 1,500
      ferry inspections. 21 These security plan reviews and inspections have
      enhanced vessel security.

•     Conducting vessel crew screenings: To enhance the security of
      port facilities, both CBP and the Coast Guard receive and screen
      advance information on commercial vessels and their crew before


19
  GAO, Port Security Grant Program: Risk Model, Grant Management, and Effectiveness
Measures Could Be Strengthened, GAO-12-47 (Washington, D.C.: Nov. 17, 2011).
20
    46 U.S.C. § 70103(c)
21
  GAO, Maritime Security: Ferry Security Measures Have Been Implemented, but Existing
Studies Could Further Enhance Security, GAO-11-207 (Washington, D.C.: Dec. 3, 2010).




Page 9                                                                  GAO-12-1009T
                          they arrive at U.S. ports and assess risks based on this information.
                          Among the risk factors considered in assessing each vessel and crew
                          member are whether the vessel operator has had past instances of
                          invalid or incorrect crew manifest lists, whether the vessel has a
                          history of seafarers unlawfully landing in the United States, or whether
                          the vessel is making its first arrival at a U.S. seaport within the past
                          year. The Coast Guard may also conduct armed security boardings of
                          arriving commercial vessels based on various factors, including the
                          intelligence it received to examine crew passports and visas, among
                          other things, to ensure the submitted crew lists are accurate.

                      •   Conducting vessel escorts and boardings: The Coast Guard
                          escorts and boards certain vessels to help ensure their security. The
                          Coast Guard escorts a certain percentage of high capacity passenger
                          vessels—cruise ships, ferries, and excursion vessels—to protect
                          against an external threat, such as a waterborne improvised explosive
                          device. The Coast Guard has provided escorts for cruise ships to help
                          prevent waterside attacks and has also provided a security presence
                          on passenger ferries during their transit. Further, the Coast Guard has
                          conducted energy commodity tanker security activities, such as
                          security boardings, escorts, and patrols. Such actions enhance the
                          security of these vessels.

Maritime Domain       DHS has worked with its component agencies to increase maritime
Awareness and         domain awareness and taken steps to (1) conduct risk assessments, (2)
Information Sharing   establish area security committees, (3) implement a vessel tracking
                      system, and (4) better share information with other law enforcement
                      agencies through interagency operations centers.

                      •   Conducting risk assessments: Recognizing the shortcomings of its
                          existing risk-based models, in 2005 the Coast Guard developed and
                          implemented the Maritime Security Risk Assessment Model (MSRAM)
                          to better assess risks in the maritime domain. We reported in
                          November 2011 that MSRAM provides the Coast Guard with a
                          standardized way of assessing risk to maritime infrastructure, such as
                          chemical facilities, oil refineries, and ferry and cruise ship terminals,
                          among others. Coast Guard units throughout the country use this




                      Page 10                                                          GAO-12-1009T
      model to improve maritime domain awareness and better assess
      security risks to key maritime infrastructure. 22

•     Establishing Area Maritime Security Committees: To facilitate
      information sharing with port partners and in response to MTSA, 23 the
      Coast Guard has established Area Maritime Security Committees.
      These committees are typically composed of members from federal,
      state, and local law enforcement agencies; maritime industry and
      labor organizations; and other port stakeholders that may be affected
      by security policies. An Area Maritime Security Committee is
      responsible for, among other things, identifying critical infrastructure
      and operations, identifying risks, and providing advice to the Coast
      Guard for developing the associated AMSP. These committees
      provide a structure that improves information sharing among port
      stakeholders.

•     Developing vessel tracking systems: The Coast Guard relies on a
      diverse array of systems operated by various entities to track vessels
      and provide maritime domain awareness. For tracking vessels at sea,
      the Coast Guard uses a long-range identification and tracking system
      and a commercially provided long-range automatic identification
      system. 24 For tracking vessels in U.S. coastal areas, inland
      waterways, and ports, the Coast Guard operates a land-based
      automatic identification system and also obtains information from
      radar and cameras in some ports. In addition, in July 2011, CBP
      developed the Small Vessel Reporting System to better track small
      boats arriving from foreign locations and deployed this system to eight
      field locations. Among other things, this system is to allow CBP to


22
 GAO, Coast Guard: Security Risk Model Meets DHS Criteria, but More Training Could
Enhance Its Use for Managing Programs and Operations, GAO-12-14 (Washington, D.C.:
Nov. 17, 2011).
23
     46 U.S.C. § 70112(a)(2).
24
  The International Maritime Organization is the international body responsible for
improving maritime safety. The organization primarily regulates maritime safety and
security through the International Convention for the Safety of Life at Sea, 1974. In 2006,
amendments to this treaty were adopted that mandated the creation of an international
long-range identification and tracking system that, in general, requires the International
Maritime Organization member state vessels on international voyages to transmit certain
information; the creation of data centers that will, among other roles, receive long-range
identification and tracking system information from the vessels; and an information
exchange network, centered on an international data exchange for receiving and
transmitting long-range identification and tracking information to authorized nations.




Page 11                                                                       GAO-12-1009T
                                   identify potential high-risk small boats to better determine which need
                                   to be boarded.

                             •     Establishing interagency operations centers: DHS and its
                                   component agencies have made limited progress in establishing
                                   interagency operations centers. The Coast Guard—in coordination
                                   with other federal, state, and local law enforcement agencies (port
                                   partners)—is working to establish interagency operations centers at
                                   its sectors throughout the country. These interagency operations
                                   centers are designed to, among other things, improve maritime
                                   domain awareness and the sharing of information among port
                                   partners. In October 2007, we reported that the Coast Guard was
                                   piloting various aspects of future interagency operations centers at its
                                   35 existing command centers and working with multiple interagency
                                   partners to further their development. 25 We further reported in
                                   February 2012 that DHS had also begun to support efforts to increase
                                   port partner participation and further interagency operations center
                                   implementation, such as facilitating the review of an interagency
                                   operations center management directive. 26 However, as discussed
                                   later in this statement, despite the DHS assistance, the Coast Guard
                                   has experienced coordination challenges that have limited
                                   implementation of interagency operations centers.

International Supply Chain   DHS and its component agencies have implemented a number of
Security                     programs and activities intended to improve the security of the
                             international supply chain, including: enhancing cargo screening and
                             inspections, deploying new cargo screening technologies to better detect
                             contraband, implementing programs to inspect U.S.-bound cargo at
                             foreign ports, partnering with the trade industry, and engaging with
                             international partners.

                             •     Enhancing cargo screening and inspections: DHS has
                                   implemented several programs to enhance the screening of cargo
                                   containers in advance of their arrival in the United States. In
                                   particular, DHS developed a system for screening incoming cargo,
                                   called the Automated Targeting System. The Automated Targeting



                             25
                                 GAO-08-126T.
                             26
                               GAO, Maritime Security: Coast Guard Needs to Improve Use and Management of
                             Interagency Operations Centers, GAO-12-202 (Washington, D.C.: Feb. 13, 2012).




                             Page 12                                                               GAO-12-1009T
      System is a computerized system that assesses information on each
      cargo shipment that is to arrive in the United States to assign a risk
      score. CBP officers then use this risk score, along with other
      information, such as the shipment’s contents, to determine which
      shipments to examine. In February 2003, CBP began enforcing new
      regulations about cargo manifests—called the 24 hour rule—that
      requires the submission of complete and accurate manifest
      information 24 hours before a container is loaded onto a U.S.-bound
      vessel at a foreign port. To enhance CBP’s ability to target high-risk
      shipments, the SAFE Port Act required CBP to collect additional
      information related to the movement of cargo to better identify high-
      risk cargo for inspection. 27 In response to this requirement, in 2009,
      CBP implemented the Importer Security Filing and Additional Carrier
      Requirements, collectively known as the 10+2 rule. 28 The cargo
      information required by the 10+2 rule comprises 10 data elements
      from importers, such as country of origin, and 2 data elements from
      vessel carriers, such as the position of each container transported on
      a vessel (or stow plan), that are to be provided to CBP in advance of
      arrival of a shipment at a U.S. port. These additional data elements
      can enhance maritime security. For example, during our review of
      CBP’s supply chain security efforts in 2010, CBP officials stated that
      access to vessel stow plans has enhanced their ability to identify
      containers that are not correctly listed on manifests that could
      potentially pose a security risk in that no information is known about
      their origin or contents. 29

•     Deploying technologies: DHS technological improvements have
      been focused on developing and deploying equipment to scan cargo
      containers for nuclear materials and other contraband to better secure
      the supply chain. Specifically, to detect nuclear materials, CBP, in
      coordination with DNDO, has deployed over 1,400 radiation portal




27
    See 6 U.S.C. § 943(b).
28
  Importer Security Filing and Additional Carrier Requirements, 73 Fed. Reg. 71,730 (Nov.
25, 2008) (codified at 19 C.F.R. pts. 4, 12, 18, 101, 103, 113, 122, 123, 141, 143, 149,
178, & 192).
29
  GAO, Supply Chain Security: CBP Has Made Progress in Assisting the Trade Industry in
Implementing the New Importer Security Filing Requirements, but Some Challenges
Remain, GAO-10-841 (Washington, D.C.: Sept. 10, 2010).




Page 13                                                                    GAO-12-1009T
     monitors at U.S. ports of entry. 30 Most of the radiation portal monitors
     are installed in primary inspection lanes through which nearly all traffic
     and shipping containers must pass. These monitors alarm when they
     detect radiation coming from a package, vehicle, or shipping
     container. CBP then conducts further inspections at its secondary
     inspection locations to identify the cause of the alarm and determine
     whether there is a reason for concern.

•    Establishing the Container Security Initiative: CBP has enhanced
     the security of U.S.-bound cargo containers through its Container
     Security Initiative (CSI). CBP launched CSI in January 2002 and the
     initiative involves partnerships between CBP and foreign customs
     agencies in select countries to allow for the targeting and examination
     of U.S.-bound cargo containers before they reach U.S. ports. As part
     of this initiative, CBP officers use intelligence and automated risk
     assessment information to identify those U.S.-bound cargo shipments
     at risk of containing weapons of mass destruction or other terrorist
     contraband. We reported in January 2008 that through CSI, CBP has
     placed staff at 58 foreign seaports that, collectively, account for about
     86 percent of the container shipments to the United States. 31
     According to CBP officials, the overseas presence of CBP officials
     has led to more effective information sharing between CBP and host
     government officials regarding targeting of U.S.-bound shipments.

•    Partnering with the trade industry: CBP efforts to improve supply
     chain security include partnering with members of the trade industry.
     In an effort to strike a balance between the need to secure the
     international supply chain while also facilitating the flow of legitimate
     commerce, CBP developed and administers the Customs-Trade
     Partnership Against Terrorism program. The program is voluntary and
     enables CBP officials to work in partnership with private companies to
     review the security of their international supply chains and improve
     the security of their shipments to the United States. For example,
     participating companies develop security measures and agree to
     allow CBP to verify, among other things, that their security measures



30
  Radiation portal monitors are large stationary detectors through which cargo containers
and trucks pass as they enter the United States.
31
  GAO, Supply Chain Security: Examinations of High-Risk Cargo at Foreign Seaports
Have Increased, but Improved Data Collection and Performance Measures Are Needed,
GAO-08-187 (Washington, D.C.: Jan. 25, 2008).




Page 14                                                                     GAO-12-1009T
      (1) meet or exceed CBP’s minimum security requirements and (2) are
      actually in place and effective. In return for their participation,
      members receive benefits, such as a reduced number of inspections
      or shorter wait times for their cargo shipments. CBP initiated the
      Customs-Trade Partnership Against Terrorism program in November
      2001, and as of November 2010, the most recent date for which we
      had data, CBP had awarded initial certification—or acceptance of the
      company’s agreement to voluntarily participate in the program 32—to
      over 10,000 companies. 33 During the course of a company’s
      membership, CBP security specialists observe and validate the
      company’s security practices. Thus, CBP is in a position to identify
      security changes and improvements that could enhance supply chain
      security.

•     Achieving mutual recognition arrangements: CBP has actively
      engaged with international partners to define and achieve mutual
      recognition of customs security practices. For example, in June 2007,
      CBP signed a mutual recognition arrangement with New Zealand—
      the first such arrangement in the world—to recognize each other’s
      customs-to-business partnership programs, such as CBP’s Customs-
      Trade Partnership Against Terrorism. As of July 2012, CBP had
      signed six mutual recognition arrangements. 34

•     Implementing the International Port Security Program: Pursuant
      to MTSA, the Coast Guard implemented the International Port
      Security Program in April 2004. 35 Under this program, the Coast
      Guard and host nations jointly review the security measures in place
      at host nations’ ports to compare their practices against established
      security standards, such as the International Maritime Organization’s




32
  Acceptance occurs after a review of the company’s security profile and compliance with
customs laws and regulations.
33
  Aside from maritime container shippers, members include many top air carriers and
freight forwarders.
34
  CBP has signed mutual recognition arrangements with Canada, the European Union,
Japan, Jordan, Korea, and New Zealand.
35
     46 U.S.C. § 70108.




Page 15                                                                    GAO-12-1009T
                              International Ship and Port Facility Security Code. 36 Coast Guard
                              teams have been established to conduct country visits, discuss
                              security measures implemented, and collect and share best practices
                              to help ensure a comprehensive and consistent approach to maritime
                              security at ports worldwide. 37 If a country is not in compliance, vessels
                              from that country may be subject to delays before being allowed into
                              the United States. According to Coast Guard documentation, the
                              Coast Guard has visited almost all of the countries that have vessel
                              traffic between them and the United States and attempts to visit
                              countries at least annually to maintain a cooperative relationship.

                         DHS and its component agencies have encountered a number of
Challenges Have          challenges in implementing programs and activities to enhance maritime
Hindered                 security since the enactment of MTSA in 2002. In general, these
                         challenges are related to (1) program management and implementation;
Implementation of        (2) partnerships and collaboration; (3) resources, funding, and
Maritime Security        sustainability; and (4) performance measures. Many of our testimonies
Programs                 and reports in the last 10 years have cited these challenges and appendix
                         I summarizes some of the key findings from those products. Examples of
                         challenges in each of these four areas are detailed below.


Program Management and   DHS and its component agencies have faced program management and
Implementation           implementation challenges in developing MTSA-related security
                         programs, including a lack of adequate planning and internal controls, as
                         well as problems with acquisition programs.

                         •    Lack of planning: Given the urgency to take steps to protect the
                              country against terrorism after the September 11, 2001 attacks, some
                              of the actions taken by DHS and its component agencies used an


                         36
                           The International Port Security Program (ISPS) uses the ISPS Code as the benchmark
                         by which it measures the effectiveness of a country’s antiterrorism measures in a port.
                         The code was developed after the September 11, 2001 attacks and established measures
                         to enhance the security of ships and port facilities with a standardized and consistent
                         security framework. The ISPS Code requires facilities to conduct an assessment to
                         identify threats and vulnerabilities and then develop security plans based on the
                         assessment. The requirements of this code are performance-based; therefore compliance
                         can be achieved through a variety of security measures.
                         37
                           Subsequently, in October 2006, the SAFE Port Act required the Coast Guard to
                         reassess security measures at such foreign ports at least once every 3 years. Pub. L. No.
                         109-347, § 234, 120 Stat. 1884, 1918-19.




                         Page 16                                                                     GAO-12-1009T
     “implement and amend” approach, which has negatively affected the
     management of some programs. For example, CBP quickly designed
     and rolled out CSI in January 2002. However, as we reported in July
     2003, CBP initially did not have a strategic plan or workforce plan for
     this security program, which are essential to long-term success and
     accountability. 38 As a result, CBP subsequently had to take actions to
     address these risks by, for example, developing CSI goals. The
     Customs-Trade Partnership Against Terrorism program experienced
     similar problems. For example, when the program was first
     implemented, CBP lacked a human capital plan. CBP has taken steps
     to address C-TPAT management and staffing challenges, including
     implementing a human capital plan.

•    Lack of adequate internal controls: Several maritime security
     programs implemented by DHS and its component agencies did not
     have adequate internal controls. For example, we reported in May
     2011 that internal controls over the TWIC program were not designed
     to provide reasonable assurance that only qualified applicants could
     acquire the credentials. During covert tests at several selected ports,
     our investigators were successful in accessing ports using counterfeit
     credentials and authentic credentials acquired through fraudulent
     means. 39 As a result of our findings, DHS is in the process of
     assessing internal controls to identify needed corrective actions. In
     another example, we found that the Coast Guard did not have
     procedures in place to ensure that its field units conducted security
     inspections of offshore energy facilities annually in accordance with its
     guidance. 40 In response to this finding, the Coast Guard has taken
     steps to update its inspections database to ensure inspections of
     offshore facilities are completed.

•    Inadequate acquisitions management: DHS has also experienced
     challenges managing some of its acquisition programs. As discussed
     earlier, CBP coordinated with DNDO to deploy radiation detection


38
  GAO, Container Security: Expansion of Key Customs Programs Will Require Greater
Attention to Critical Success Factors, GAO-03-770 (Washington, D.C.: July 25, 2003).
39
  GAO, Transportation Worker Identification Credential: Internal Control Weaknesses
Need to Be Corrected to Help Achieve Security Objectives, GAO-11-657 (Washington,
D.C.: May 10, 2011).
40
 GAO, Maritime Security: Coast Guard Should Conduct Required Inspections of Offshore
Energy Infrastructure, GAO-12-37 (Washington, D.C.: Oct. 28, 2011).




Page 17                                                                   GAO-12-1009T
                       monitors at U.S. ports of entry. However, we reported in June 2009
                       that DHS’s cost analysis of one type of device—the advanced
                       spectroscopic portal radiation detection monitors—did not provide a
                       sound analytical basis for DHS’s decision to deploy the devices. 41
                       DNDO officials stated that they planned to update the cost-benefit
                       analysis; however, after spending more than $200 million on the
                       program, DHS announced, in February 2010, that it was scaling back
                       its plans for development and use of the devices, and subsequently
                       announced, in July 2011, that it was ending the program. DNDO was
                       also involved in developing more advanced nonintrusive inspection
                       equipment—the cargo advanced automated radiography system—in
                       order to better detect nuclear materials that might be heavily shielded.
                       In September 2010 we reported that DNDO was engaged in the
                       research and development phase while simultaneously planning for
                       the acquisition phase and pursued the acquisition and deployment of
                       the radiography machines without fully understanding that the
                       machines would not fit within existing inspection lanes at CBP ports of
                       entry because it had not sufficiently coordinated the operating
                       requirements with CBP. 42 DHS spent $113 million on the program and
                       ended up canceling the acquisition and deployment phase of the
                       program in 2007.

Partnerships and   DHS has improved how it collaborates with maritime security partners,
Collaboration      but challenges in this area remain that stem from issues such as the
                   launch of programs without adequate stakeholder coordination and
                   problems inherent in working with a wide variety of stakeholders.

                   •   Lack of port partner coordination: The Coast Guard experienced
                       coordination challenges in developing its information-management
                       and sharing system, called WatchKeeper, which is designed to
                       enhance information sharing with law enforcement agencies and other
                       partners. In particular, we found in February 2012 that the Coast
                       Guard did not systematically solicit input from key federal, state, and
                       local law enforcement agencies that are its port partners at the
                       interagency operations centers, and that port partner involvement in


                   41
                     GAO, Combating Nuclear Smuggling: Lessons Learned from DHS Testing of Advanced
                   Radiation Detection Portal Monitors, GAO-09-804T (Washington, D.C.: June 25, 2009).
                   42
                     GAO, Combating Nuclear Smuggling: Inadequate Communication and Oversight
                   Hampered DHS Efforts to Develop an Advanced Radiography System to Detect Nuclear
                   Materials, GAO-10-1041T (Washington D.C.: Sept. 15, 2010).




                   Page 18                                                                GAO-12-1009T
     the development of WatchKeeper requirements and the interagency
     operations center concept was primarily limited to CBP. 43 As a result,
     this lack of port partner input has jeopardized such centers from
     meeting their intended purpose of improving information sharing and
     enhancing maritime domain awareness. We reported that the Coast
     Guard had begun to better coordinate with its port partners to solicit
     their input on WatchKeeper requirements, but noted that the Coast
     Guard still faced challenges in getting other port partners to use
     WatchKeeper as an information sharing tool. We further found that
     DHS did not initially assist the Coast Guard in encouraging other DHS
     components to use WatchKeeper to enhance information sharing.
     However, DHS had increased its involvement in the program so we
     did not make any recommendations relative to this issue. We did,
     however, recommend that the Coast Guard implement a more
     systematic process to solicit and incorporate port partner input to
     WatchKeeper and the Coast Guard has begun to take actions to
     address this recommendation. We believe, though, that it is too soon
     to tell if such efforts will be successful in ensuring that the interagency
     operations centers serve as more than Coast Guard–centric
     command and control centers.

•    Challenges in coordinating with multiple levels of stakeholders:
     One example of challenges that DHS and its component agencies
     have faced with state, local, and tribal stakeholders concerns Coast
     Guard planning for Arctic operations. The Coast Guard’s success in
     implementing an Arctic plan rests in part on how successfully it
     communicates with key stakeholders—including the more than 200
     Alaska native tribal governments and interest groups—but we found in
     September 2010 that the Coast Guard did not initially share plans with
     them. 44 Coast Guard officials told us that they had been focused on
     communication with congressional and federal stakeholders and
     intended to share Arctic plans with other stakeholders once plans
     were determined. DHS agrees that it needs to communicate with
     additional stakeholders and has taken steps to do so.




43
  GAO, Maritime Security: Coast Guard Needs to Improve Use and Management of
Interagency Operations Centers, GAO-12-202 (Washington, D.C.: Feb. 13, 2012).
44
  GAO, Coast Guard: Efforts to Identify Arctic Requirements Are Ongoing, but More
Communication about Agency Planning Efforts Would Be Beneficial, GAO-10-870
(Washington, D.C.: Sept. 15, 2010).




Page 19                                                                   GAO-12-1009T
•    Difficulties in coordinating with other federal agencies: DHS has
     at times experienced challenges coordinating with other federal
     agencies to enhance maritime security. For example, we reported in
     September 2010 that federal agencies, including DHS, had
     collaborated with international and industry partners to counter piracy,
     but they had not implemented some key practices for enhancing and
     sustaining collaboration. 45 Somali pirates have attacked hundreds of
     ships and taken thousands of hostages since 2007. As Somalia lacks
     a functioning government and is unable to repress piracy in its waters,
     the National Security Council—the President’s principal arm for
     coordinating national security policy among government agencies—
     developed the interagency Countering Piracy off the Horn of Africa:
     Partnership and Action Plan (Action Plan) in December 2008 to
     prevent, disrupt, and prosecute piracy off the Horn of Africa in
     collaboration with international and industry partners. According to
     U.S. and international stakeholders, the U.S. government has shared
     information with partners for military coordination. However, agencies
     have made less progress on several key efforts that involve multiple
     agencies—such as those to address piracy through strategic
     communications, disrupt pirate finances, and hold pirates
     accountable—in part because the Action Plan does not designate
     which agencies should lead or carry out 13 of the 14 tasks. We
     recommended that the National Security Council bolster interagency
     collaboration and the U.S. contribution to counterpiracy efforts by
     clarifying agency roles and responsibilities and encouraging the
     agencies to develop joint guidance to implement their efforts. In March
     2011, a National Security Staff official stated that an interagency
     policy review will examine roles and responsibilities and
     implementation actions to focus U.S. efforts for the next several years.

•    Difficulties in coordinating with private sector stakeholders: In
     some cases progress has been hindered because of difficulties in
     coordination with private sector stakeholders. For example, CBP
     program officials reported in 2010 that having access to Passenger
     Name Record data for cruise line passengers—such as a passenger’s
     full itinerary, reservation booking date, phone number, and billing
     information—could offer security benefits similar to those derived from
     screening airline passengers. However, CBP does not require this


45
 GAO, Maritime Security: Actions Needed to Assess and Update Plan and Enhance
Collaboration among Partners Involved in Countering Piracy off the Horn of Africa,
GAO-10-856 (Washington, D.C.: Sept. 24, 2010).




Page 20                                                                   GAO-12-1009T
                               information from all cruise lines on a systematic basis because CBP
                               officials stated that they would need further knowledge about the
                               cruise lines’ connectivity capabilities to estimate the cost to both CBP
                               and the cruise lines to obtain such passenger data. In April 2010, we
                               recommended that CBP conduct a study to determine whether
                               requiring cruise lines to provide automated Passenger Name Record
                               data to CBP on a systematic basis would benefit homeland security. 46
                               In July 2011, CBP reported that it had conducted site surveys at three
                               ports of entry to assess the advantage of having cruise line booking
                               data considered in a national targeting process, and had initial
                               discussions with a cruise line association on the feasibility of CBP
                               gaining national access to cruise line booking data.

                          •    Limitations in working with international stakeholders: DHS and
                               its component agencies face inherent challenges and limitations
                               working with international partners because of sovereignty issues. For
                               example, we reported in July 2010 that sovereignty concerns have
                               limited the Coast Guard’s ability to assess the security of foreign
                               ports. In particular, reluctance by some countries to allow the Coast
                               Guard to visit their ports because of concerns over sovereignty was a
                               challenge cited by Coast Guard officials who were trying to complete
                               port visits under the International Port Security Program. 47 According
                               to the Coast Guard officials, before permitting Coast Guard officials to
                               visit their ports, some countries insisted on visiting and assessing a
                               sample of U.S ports. Similarly, we reported in April 2005 that CBP had
                               developed a staffing model for CSI to determine staffing needs at
                               foreign ports to implement the program, but was unable to fully staff
                               some ports because of the need for host government permission,
                               among other diplomatic and practical considerations. 48


Resources, Funding, and   Economic constraints, such as declining revenues and increased security
Sustainability            costs, have required DHS to make choices about how to allocate its



                          46
                           GAO, Maritime Security: Varied Actions Taken to Enhance Cruise Ship Security, but
                          Some Concerns Remain, GAO-10-400 (Washington, D.C.: Apr. 9, 2010).
                          47
                           GAO, Maritime Security: DHS Progress and Challenges in Key Areas of Port Security,
                          GAO-10-940T (Washington, D.C.: July 21, 2010).
                          48
                            GAO, Container Security: A Flexible Staffing Model and Minimum Equipment
                          Requirements Would Improve Overseas Targeting and Inspection Efforts, GAO-05-557
                          (Washington, D.C.: Apr. 26, 2005).




                          Page 21                                                                  GAO-12-1009T
resources to most effectively address human capital issues and sustain
the programs and activities it has implemented to enhance maritime
security.

•     Human capital shortfalls: Human capital issues continue to pose a
      challenge to maritime security. For example, we reported in
      November 2011 that Coast Guard officials from 21 of its 35 sectors
      (60 percent) told us that limited staff time posed a challenge to
      incorporating MSRAM into strategic, operational, and tactical planning
      efforts. 49 Similarly, Coast Guard officials responsible for conducting
      maritime facility inspections in 4 of the 7 sectors we visited to support
      our 2008 report on inspections said meeting all mission requirements
      for which they were responsible was or could be a challenge because
      of more stringent inspection requirements and a lack of inspectors,
      among other things. Officials in another sector said available staffing
      could adequately cover only part of the sector’s area of
      responsibility. 50

•     Budget and funding constraints: Budget and funding decisions also
      affect the implementation of maritime security programs. For example,
      within the constrained fiscal environment that the federal government
      is operating, the Coast Guard has had to prioritize its activities and
      Coast Guard data indicate that some units are not able to meet self-
      imposed standards related to certain security activities—including
      boarding and escorting vessels. We reported in October 2007 that this
      prioritization of activities had also led to a decrease in resources the
      Coast Guard had available to provide technical assistance to foreign
      countries to improve their port security. 51 To overcome this, Coast
      Guard officials have worked with other agencies, such as the
      Departments of Defense and State, and international organizations,
      such as the Organization of American States, to secure funding for
      training and assistance. Further, in the fiscal year 2013 budget, the
      Coast Guard will have less funding to sustain current assets needed
      for security missions so that more funds will be available for its top
      priority—long-term recapitalization of vessels.




49
    GAO-12-14.
50
     GAO-08-12.
51
    GAO-08-126T.




Page 22                                                            GAO-12-1009T
Performance Measures   Another challenge that DHS and its component agencies have faced in
                       implementing maritime security-related programs has been the lack of
                       adequate performance measures. In particular, DHS has not always
                       implemented standard practices in performance management. 52 These
                       practices include, among other things, collecting reliable and accurate
                       data, using data to support missions, and developing outcome measures.

                       •    Lack of reliable and accurate data: DHS and its component
                            agencies have experienced challenges collecting complete, accurate,
                            and reliable data. For example, in January 2011 we reported that both
                            CBP and the Coast Guard tracked the frequency of illegal seafarer
                            incidents at U.S. seaports, but the records of these incidents varied
                            considerably among the two component agencies and between the
                            agencies’ field and headquarters units. 53 As a result, the data DHS
                            used to inform its strategic and tactical plans were of undetermined
                            reliability. 54 We recommended that CBP and the Coast Guard
                            determine why their data varied and jointly establish a process for
                            sharing and reconciling records of illegal seafarer entries at U.S.
                            seaports. DHS concurred and has made progress in addressing the
                            recommendation. Another example of a lack of reliable or accurate
                            data pertains to the Maritime Information for Safety & Law
                            Enforcement database (MISLE). The MISLE database is the Coast
                            Guard’s primary data system for documenting facility inspections and
                            other activities, but flaws in this database have limited the Coast
                            Guard’s ability to accurately assess these activities. For example,
                            during the course of our 2011 review of security inspections of
                            offshore energy infrastructure, we found inconsistencies in how
                            offshore facility inspection results and other data were recorded in
                            MISLE. 55 In July 2011, and partly in response to our review, the Coast


                       52
                        The standard practices discussed in this statement can be found in GAO, Executive
                       Guide: Effectively Implementing the Government Performance and Results Act, GAO-
                       GGD-96-118 (Washington D.C.: June 1996).
                       53
                         Illegal seafarers include both absconders (a seafarer CBP has ordered detained on
                       board a vessel in port, but who departs a vessel without permission) and deserters (a
                       seafarer CBP grants permission to leave a vessel, but who does not return when
                       required).
                       54
                         GAO, Maritime Security: Federal Agencies Have Taken Actions to Address Risks Posed
                       by Seafarers, but Efforts Can Be Strengthened, GAO-11-195 (Washington D.C.: Jan. 14,
                       2011).
                       55
                        GAO, Maritime Security: Coast Guard Should Conduct Required Inspections of Offshore
                       Energy Infrastructure, GAO-12-37 (Washington D.C.: Oct. 28, 2011).




                       Page 23                                                                     GAO-12-1009T
      Guard issued new MISLE guidance on documenting the annual
      security inspections of offshore facilities in MISLE and distributed this
      guidance to all relevant field units. While this action should improve
      accountability, the updated guidance does not address all of the
      limitations we noted with the MISLE database.

•     Not using data to manage programs: DHS and its component
      agencies have not always had or used performance information to
      manage their missions. For example, work we completed in 2008
      showed that Coast Guard officials used MISLE to review the results of
      inspectors’ data entries for individual maritime facilities, but the
      officials did not use the data to evaluate the facility inspection program
      overall. 56 We found that a more thorough evaluation of the facility
      compliance program could provide information on, for example, the
      variations we identified between Coast Guard units in oversight
      approaches, the advantages and disadvantages of each approach,
      and whether some approaches work better than others.

•     Lack of outcome-based performance measures: DHS and its
      component agencies have also experienced difficulties developing
      and using performance measures that focus on outcomes. Outcome-
      based performance measures describe the intended result of carrying
      out a program or activity. For example, although CBP had
      performance measures in place for its Customs-Trade Partnership
      Against Terrorism program, these measures focused on program
      participation and facilitating trade and travel and not on improving
      supply chain security, which is the program’s purpose. We
      recommended in July 2003, March 2005, and April 2008 that CBP
      develop outcome-based performance measures for this program. 57 In
      response to our recommendations, CBP has identified measures to
      quantify actions required and to gauge Customs-Trade Partnership
      Against Terrorism’s impact on supply chain security. The Coast Guard
      has faced similar issues with developing and using outcome-based
      performance measures. For example, we reported in November 2011
      that the Coast Guard developed a measure to report its performance


56
     GAO-08-12.
57
  See GAO-03-770, Cargo Security, Partnership Program Grants Importers Reduced
Scrutiny with Limited Assurance of Improved Security, GAO-05-404 (Washington, D.C.:
Mar. 11, 2005); and Supply Chain Security: U.S. Customs and Border Protection Has
Enhanced Its Partnership with Import Trade Sectors, but Challenges Remain in Verifying
Security Practices, GAO-08-240 (Washington, D.C.: Apr. 25, 2008).




Page 24                                                                   GAO-12-1009T
     in reducing maritime risk, but faced challenges using this measure to
     inform decisions. 58 The Coast Guard has improved the measure to
     make it more valid and reliable and believes it is a useful proxy
     measure of performance, but notes that developing outcome-based
     performance measures is challenging because of limited historical
     data on maritime terrorist attacks. Given the uncertainties in
     estimating risk reduction, though, it is unclear if the measure will
     provide meaningful performance information with which to track
     progress over time. Similarly, FEMA has experienced difficulties
     developing outcome-based performance measures. For example, in
     November 2011 we reported that FEMA was developing performance
     measures to assess its administration of the Port Security Grant
     Program, but had not implemented measures to assess the program’s
     grant effectiveness. 59 FEMA has taken initial steps to develop
     measures to assess the effectiveness of its grant programs, but it
     does not have a plan and related milestones for implementing
     measures specifically for the Port Security Grant Program. Without
     such performance measures it could be difficult for FEMA to
     effectively manage the process of assessing whether the program is
     achieving its stated purpose of strengthening critical maritime
     infrastructure against risks associated with potential terrorist attacks.
     We recommended that DHS develop a plan with milestones for
     implementing performance measures for the Port Security Grant
     Program. DHS concurred with the recommendation and stated that
     FEMA is taking actions to implement it.

Mr. Chairman and members of the subcommittee, this completes my
prepared statement. I would be happy to respond to any questions you or
other members of the subcommittee may have at this time.




58
 GAO-12-14.
59
 GAO-12-47.




Page 25                                                           GAO-12-1009T
Appendix I: Summary of Select Maritime
              Appendix I: Summary of Select Maritime
              Security-Related Programs and Activities



Security-Related Programs and Activities

              This appendix provides information on select programs and activities that
              have been implemented in maritime security since enactment of the
              Maritime Transportation Security Act (MTSA) in 2002. The information
              includes an overview of each program or activity; obligations information,
              where available; a summary of key findings and recommendations from
              prior GAO work, if applicable; and a list of relevant GAO products.

              The Department of Homeland Security (DHS) is the lead federal agency
              responsible for implementing MTSA requirements and related maritime
              security programs. DHS relies on a number of its component agencies
              that have responsibilities related to maritime security, including the
              following: 1

              •   U.S. Coast Guard: The Coast Guard has primary responsibility for
                  ensuring the safety and security of U.S. maritime interests and leading
                  homeland security efforts in the maritime domain.

              •   U.S. Customs and Border Protection (CBP): CBP is responsible for
                  the maritime screening of incoming commercial cargo for the
                  presence of contraband, such as weapons of mass destruction, illicit
                  drugs, or explosives, while facilitating the flow of legitimate trade and
                  passengers.

              •   Transportation Security Administration (TSA): TSA has
                  responsibility for managing the Transportation Worker Identification
                  Credential (TWIC) program, which is designed to control the access of
                  maritime workers to regulated maritime facilities. 2

              •   Domestic Nuclear Detection Office (DNDO): DNDO is responsible
                  for acquiring and supporting the deployment of radiation detection
                  equipment, including radiation portal monitors at U.S. ports of entry.



              1
                In addition to the DHS component agencies, the Department of Defense has worked
              with DHS to draft a National Strategy for Maritime Security and has placed staff at
              Interagency Operations Centers to coordinate information sharing on maritime security
              issues with DHS component agencies and other law enforcement agencies. The
              Department of Energy funds the installation of radiation detection equipment at select
              seaports overseas through its Megaports Initiative, and the Department of State reviews
              foreign seafarers’ applications for U.S. visas.
              2
               The Coast Guard is responsible for enforcement of the Transportation Worker
              Identification Credential program.




              Page 26                                                                    GAO-12-1009T
Appendix I: Summary of Select Maritime
Security-Related Programs and Activities




•     Federal Emergency Management Agency (FEMA): FEMA is
      responsible for administering grants to improve the security of the
      nation’s highest risk port areas.

This appendix is based primarily on GAO reports and testimonies issued
from August 2002 through July 2012 related to maritime, port, vessel, and
cargo security efforts of the federal government, and other aspects of
implementing MTSA-related security requirements. The appendix also
includes selected updates—conducted in August 2012—to the
information provided in these previously-issued products on the actions
DHS and its component agencies have taken to address
recommendations made in these products and the obligations for key
programs and activities through May 2012.

The obligations information provided in this appendix represents
obligations for certain maritime security programs and activities that we
were able to identify from available agency sources, such as agency
congressional budget justifications, budget in brief documents, and prior
GAO products. 3 It does not represent the total amount obligated for
maritime security. In some cases, information was not available because
of agency reporting practices. For example, we were not able to
determine obligations for many of the MTSA-related Coast Guard
programs and activities because they are funded at the account level (i.e.,
operating expenses) rather than as specific line items.

While we were not able to identify obligations for every maritime security
program and activity, many of the Coast Guard’s programs and activities
in maritime security fall under its ports, waterways, and coastal security
mission. Table 1 shows the reported budget authority for the Coast
Guard’s ports, waterways, and coastal security mission for fiscal years
2004 through 2013. The remainder of the budget-related information
contained in this appendix generally pertains to obligations. In several
instances we obtained appropriations information when obligations
information was not available.




3
    The information provided generally reflects agency obligations, unless noted otherwise.




Page 27                                                                       GAO-12-1009T
                                         Appendix I: Summary of Select Maritime
                                         Security-Related Programs and Activities




Table 1: Ports, Waterways, and Coastal Security Mission’s Reported Budget Authority (in millions), Fiscal Years 2004 through
2013
                                                                                            a
                                                                           Fiscal year
Funding           2004       2005       2006              2007              2008                2009    2010     2011       2012           2013
                $1,853     $1,638      $1,760          $1,362            $1,554             $1,641     $1,598   $1,651   $1,918           $1,738
                                         Source: GAO analysis of Budget in Brief reports.
                                         a
                                          Budget authority data for fiscal year 2003 were not available. Fiscal year 2013 is requested.




                                         Page 28                                                                                GAO-12-1009T
                                          National Strategy for Maritime
                                          Security


National Strategy for                     Funding Information
Maritime Security                         We were unable to obtain funding information for this strategy.

The National Strategy for Maritime
Security, published in September          Summary of Key Findings and Recommendations
2005, aimed to align all federal
government maritime security              In June 2008, we reported that the National Strategy for Maritime Security and
programs and activities into a            the supporting plans that implement the strategy show that, collectively, the plans
comprehensive and cohesive national       address four of the six desirable characteristics of an effective national strategy
effort involving appropriate federal,     that we identified in 2004 and partially address the remaining two. The four
state, local, and private sector          characteristics that are addressed include: (1) purpose, scope, and methodology;
entities. Homeland Security               (2) problem definition and risk assessment; (3) organizational roles,
Presidential Directive 13 (HSPD-13)       responsibilities, and coordination; and (4) integration and implementation. The
directed the Secretaries of Defense       two characteristics that are partially addressed are: (1) goals, objectives,
and Homeland Security to lead a joint
                                          activities, and performance measures and (2) resources, investments, and risk
effort to draft a National Strategy for
                                          management. Specifically, only one of the supporting plans mentions
Maritime Security.
                                          performance measures and many of these measures are presented as possible
In addition to the National Strategy,     or potential performance measures. However, in other work reported on in
HSPD-13 directed DHS to develop           August 2007, we noted the existence of performance measures for individual
eight supporting implementation plans     maritime security programs. These characteristics are partially addressed
to address the specific threats and       primarily because the strategy and its plans did not contain information on
challenges of the maritime                performance measures and the resources and investments elements of these
environment. While the plans address      characteristics. The resources, investments, and risk management characteristic
different aspects of maritime security,   is also partially addressed. While the strategic actions and recommendations
they are mutually linked and reinforce    discussed in the maritime security strategy and supporting implementation plans
each other. The supporting plans are      constitute an approach to minimizing risk and investing resources, the strategy
as follows:                               and seven of its supporting implementation plans did not include information on
                                          the sources and types of resources needed for their implementation. In addition,
•   National Plan to Achieve Domain       the national strategy and three of the supporting plans also lack investment
    Awareness                             strategies to direct resources to necessary actions. To address this, the working
•   Global Maritime Intelligence          group tasked with monitoring implementation of the plans recommended that the
    Integration Plan                      Maritime Security Policy Coordination Committee—the primary forum for
•   Interim Maritime Operational          coordinating U.S. national maritime strategy—examine the feasibility of creating
    Threat Response Plan                  an interagency investment strategy for the supporting plans. We recognized that
•   International Outreach and            other documents were used for allocating resources and, accordingly, we did not
    Coordination Strategy                 make any recommendations.
•   Maritime Infrastructure Recovery
    Plan
•   Maritime Transportation System
                                          Relevant GAO Products
    Security Plan
•   Maritime Commerce Security            Maritime Security: Coast Guard Efforts to Address Port Recovery and Salvage
    Plan                                  Response. GAO-12-494R. Washington, D.C.: April 6, 2012. See page 4.
•   Domestic Outreach Plan
                                          National Strategy and Supporting Plans Were Generally Well-Developed and Are
                                          Being Implemented. GAO-08-672. Washington, D.C.: June 20, 2008.
                                          Department of Homeland Security: Progress Report on Implementation of
                                          Mission and Management Functions. GAO-07-454. Washington, D.C.: August
                                          17, 2007. See pages 108-109.



                                          Page 29                                                           GAO-12-1009T
                                         Area Maritime Security Plans


Area Maritime Security                   Budget Authority Information
Plans                                    Activities related to AMSPs are not specifically identified in the Coast Guard
                                         budget. Such activities fall under the Coast Guard’s ports, waterways and coastal
Area Maritime Security Plans             security mission. See table 1 for the reported budget authority for that mission for
(AMSPs) are developed by the Coast       fiscal years 2004 through 2013.
Guard with input from applicable
governmental and private entities and    Summary of Key Findings and Recommendations
these plans serve as the primary
means to identify and coordinate         Our work on AMSP showed progress and an evolution toward plans that were
Coast Guard procedures related to        focused on preventing terrorism and included discussion regarding natural
prevention, protection, and security     disasters with detailed information on plans for recovery after an incident. We
response. Among other requirements,      reported in October 2007 that the Coast Guard developed guidance and a
MTSA directed the Coast Guard to         template to help ensure that all major ports had an original AMSP that was to be
develop AMSPs—to be updated              updated every 5 years. Our 2007 reports stated that there was a wide variance in
every 5 years—for ports throughout       ports’ natural disaster planning efforts and that AMSPs—limited to security
the nation (46 U.S.C. §                  incidents—could benefit from unified planning to include an all-hazards
70103(b)(2)(G)). AMSPs are               approach. In our March 2007 report on this issue, we recommended that DHS
developed for each of 43                 encourage port stakeholders to use existing forums for discussing all-hazards
geographically defined port areas. In
                                         planning. The Coast Guard’s early attempts to set out the general priorities for
2006, the Security and Accountability
                                         recovery operations in its guidelines for the development of AMSPs offered
for Every Port Act (SAFE Port Act)
added a requirement that AMSPs           limited instruction and assistance for developing procedures to address recovery
include recovery issues by identifying   situations. Our April 2012 report stated that each of the seven Coast Guard
salvage equipment able to restore        AMSPs that we reviewed had incorporated key recovery and salvage response
                                                                                                                       1
operational trade capacity (46 U.S.C.    planning elements as called for by legislation and Coast Guard guidance.
§ 70103(b)(2)(G)).                       Specifically, the plans included the roles and responsibilities of special recovery
                                         units, instructions for gathering key information on the status of maritime assets
                                         (such as bridges), identification of recovery priorities, and plans for salvage of
                                         assets following an incident.

                                         Relevant GAO Products
                                         Maritime Security: Coast Guard Efforts to Address Port Recovery and Salvage
                                         Response. GAO-12-494R. Washington, D.C.: April 6, 2012.
                                         The SAFE Port Act: Status and Implementation One Year Later. GAO-08-126T.
                                         Washington, D.C.: October 30, 2007. Pages 12-14.
                                         Port Risk Management: Additional Federal Guidance Would Aid Ports in Disaster
                                         Planning and Recovery. GAO-07-412. Washington, D.C.: March 28, 2007.




                                         1
                                             See 46 U.S.C. § 70103(b)(2)(E), (G).



                                         Page 30                                                           GAO-12-1009T
                                             Port Security Exercises


Port Security Exercises                   Budget Authority Information
                                          Activities related to port security exercises are not specifically identified in the
Port Security Exercises are designed      Coast Guard budget. Such activities fall under the Coast Guard’s ports,
to continuously improve preparedness      waterways and coastal security mission. See table 1 for the reported budget
by validating information and
                                          authority for that mission for fiscal years 2004 through 2013.
procedures in the AMSPs, identifying
strengths and weaknesses, and
practicing command and control            Summary of Key Findings and Recommendations
within an incident command/unified
                                          In January 2005, we reported that the Coast Guard had conducted many
command framework. The Coast
                                          exercises and was successful in identifying areas for improvement—which is the
Guard Captain of the Port—the port
                                          purpose of such exercises. For example, Coast Guard port security exercises
officer designated to enforce, among
other things, port security—and the       identified opportunities to improve incident response in the areas of
Area Maritime Security Committee—a        communication, resources, coordination, and decision-making authority. Further,
committee of key port stakeholders        we reported that after-action reports were not being completed in a timely
who share information and develop         manner. We recommended that the Coast Guard review its actions for ensuring
port security plans—are required by       the timely submission of after-action reports on terrorism-related exercises and
Coast Guard regulations to conduct or     determine if further actions are needed. To address the issue of timeliness, the
participate in exercises to test the      Coast Guard reduced the timeframe allowed for submitting an after-action report.
effectiveness of AMSPs annually, with     All reports are now required to be reviewed, validated, and entered into the
no more than 18 months between            applicable database within 21 days of the end of an exercise or operation. In
exercises (33 C.F.R § 103.515). After     addition, our analysis of 26 after-action reports for calendar year 2006 showed an
these exercises are conducted, the        improvement in the quality of these reports in that each report listed specific
Coast Guard requires that the units       exercise objectives and lessons learned. As a result of these improvements in
participating in the exercise submit an   meeting requirements for after action reports, the Coast Guard is in a better
after-action report describing the        position to identify and correct barriers to a successful response to a terrorist
results and highlighting any lessons      threat. Our October 2011 report on offshore energy infrastructure stated that the
learned.                                  Coast Guard had conducted exercises and taken corrective actions, as
In August 2005, the Coast Guard and       appropriate, to strengthen its ability to prevent a terrorist attack on an offshore
TSA initiated the Port Security           facility. This included a national-level exercise that focused on, among other
Training Exercise Program.                things, protecting offshore facilities in the Gulf of Mexico. The exercise resulted in
Additionally, the Coast Guard initiated   more than 100 after-action items and, according to Coast Guard documentation,
its own Area Maritime Security            the Coast Guard had taken steps to resolve the majority of them and was
Training and Exercise Program in          working on the others.
October 2005. Both programs were
designed to involve the entire port
community in exercises. In 2006, the      Relevant GAO Products
SAFE Port Act included several new
requirements related to security          Maritime Security: Coast Guard Should Conduct Required Inspections of
exercises, such as establishing a Port    Offshore Energy Infrastructure. GAO-12-37. Washington, D.C.: October 28,
Security Exercise Program and an          2011. See pages 17-18 and 48-49.
improvement plan process that would
identify, disseminate, and monitor the    The SAFE Port Act: Status and Implementation One Year Later. GAO-08-126T.
implementation of lessons learned         Washington, D.C.: October 30, 2007. See pages 14-15.
and best practices from port security
exercises (6 U.S.C. § 912).               Homeland Security: Process for Reporting Lessons Learned from Seaport
                                          Exercises Needs Further Attention. GAO-05-170, January 14, 2004.




                                          Page 31                                                              GAO-12-1009T
                                         Maritime Facility Security Plans



Maritime Facility                        Budget Authority Information
Security Plans                           Activities related to maritime facility security plans are not specifically identified in
                                         the Coast Guard budget. Such activities fall under the Coast Guard’s ports,
MTSA requires various types of           waterways and coastal security mission. See table 1 for the reported budget
maritime facilities to develop and       authority for that mission for fiscal years 2004 through 2013.
implement security plans and it places
federal responsibility for approving     Summary of Key Findings and Recommendations
and overseeing these plans with DHS
(46 U.S.C. § 70103(c)). DHS, in turn,    Our work on this issue found that the Coast Guard has made progress by
has delegated this administrative        generally requiring maritime facilities to develop security plans and conducting
responsibility to the Coast Guard. The   required annual inspections. We also reported that the Coast Guard’s inspections
SAFE Port Act, enacted in 2006,          were identifying and correcting facility deficiencies. For example, in February
requires the Coast Guard to conduct      2008, we reported that the Coast Guard identified deficiencies in about one-third
at least two inspections of each         of the facilities inspected from 2004 through 2006, with deficiencies concentrated
maritime facility annually—one of        in certain categories, such as failing to follow facility security plans for access
which is to be unannounced—to verify     control. Our work also found areas for improvement as well. For example, in
continued compliance with each           February 2008 we made recommendations to help ensure effective
facility’s security plan (46 U.S.C. §    implementation of MTSA-required facility inspections. For example, we
70103(c)(4)(D)). As of June 2004,
                                         recommended that the Coast Guard reassess the number of inspections staff
approximately 3,150 facilities were
                                         needed, among other things. In response, the Coast Guard took action to
required to develop facility security
plans.                                   implement these recommendations. In our October 2011 report on inspections of
                                         offshore energy facilities, we noted that the Coast Guard had taken actions to
                                         help ensure the security of offshore energy facilities, such as developing and
                                         reviewing security plans, but faced difficulties ensuring that all facilities complied
                                         with requirements. We recommended that the Coast Guard develop policies or
                                         guidance to ensure that annual security inspections are conducted and
                                         information entered into databases is more useful for management. The Coast
                                         Guard concurred with these recommendations and stated that it plans to update
                                         its guidance and improve its inspection database in 2013.

                                         Relevant GAO Products
                                         Maritime Security: Coast Guard Should Conduct Required Inspections of
                                         Offshore Energy Infrastructure. GAO-12-37. Washington, D.C.: October. 28,
                                         2011.
                                         Maritime Security: The SAFE Port Act: Status and Implementation One Year
                                         Later. GAO-08-126T. Washington D.C.: October 30, 2007. See pages 19-21.
                                         Maritime Security: Coast Guard Inspections Identify and Correct Facility
                                         Deficiencies, but More Analysis Needed of Program's Staffing, Practices, and
                                         Data. GAO-08-12. Washington D.C.: February 14, 2008.
                                         Department of Homeland Security: Progress Report on Implementation of
                                         Mission and Management Functions. GAO-07-454. Washington D.C.: August 17,
                                         2007. See page 110.
                                         Maritime Security: Substantial Work Remains to Translate New Planning
                                         Requirements to Effective Port Security. GAO-04-838. Washington, D.C.: June
                                         30, 2004.



                                         Page 32                                                               GAO-12-1009T
                                              Port Security Grant Program


                                                                              a
Port Security Grant                       Table 2: Total PSGP Funding Fiscal Year 2003 through 2012 (in millions)

Program                                                                                              Fiscal year
                                              PSGP                   2003    2004    2005    2006    2007    2008    2009     2010    2011      2012
The Port Security Grant Program               Funding amount         244b     179     141     168     311c     389     389     288     235      97.5
(PSGP) provides federal funding to            Total for all years                                                                       $2,441.5dd
defray some of the costs of
                                          Source: FEMA’s annual PSGP grant guidance and GAO analysis of DHS appropriations
implementing security measures at         a
                                           Target funding amounts as presented in FEMA’s annual grant guidance.
domestic ports. The program was           b
                                           This figure includes $169 million in PSGP funding and $75 million in additional funding for port
established in January 2002 and           security under the Urban Areas Security Initiative—another DHS grant program that provides funding
codified by MTSA (46 U.S.C. §             for building and sustaining national preparedness capabilities.
70107). DHS administers the PSGP          c
                                           This figure includes fiscal year 2007 appropriations , as well as $110 million in fiscal year 2007
through the Federal Emergency             supplemental appropriation.
Management Agency (FEMA), and             d
                                           Total funding includes totals through fiscal year 2012, as well as $150 million provided pursuant to
the Coast Guard provides subject          the American Recovery and Reinvestment Act (ARRA). Pub. L. No. 111-5, 123 Stat. 145, 164 (2009).
matter expertise to FEMA on the
maritime industry to inform grant         Summary of Key Findings and Recommendations
award decisions.
                                          We reported in November 2011 that the PSGP is one of DHS’s tools to protect
Based on risk, each port is placed into   critical maritime infrastructure from risks such as terrorist attacks. Consistent with
one of three funding groups—Group I       risk management principles, in November 2011, we also reported that PSGP
(highest risk group), Group II (next      allocations were highly correlated to risk and DHS has taken steps to strengthen
highest risk group), or Group III. Port   the PSGP risk allocation model by improving the quality and precision of the data
areas not identified in these groups      inputs. However, since fiscal year 2006, we have also reported that DHS did not
are eligible to apply for funding as      have measures to assess the programs’ effectiveness and recommended that
part of the “All Other Port Areas”        DHS develop performance measures. In November 2011, we reported that DHS
Group. Port areas use PSGP funding
                                          was not in the best position to monitor the program’s effectiveness and
to increase portwide risk
                                          recommended that FEMA establish time frames and related milestones for
management, enhance maritime
domain awareness, and improve port        implementing performance measures. We also recommended that FEMA update
recovery and resiliency efforts           the PSGP risk model to incorporate variability in port vulnerabilities. DHS
through developing security plans,        concurred with our recommendations and is taking steps to address them. For
purchasing security equipment, and        example, DHS officials stated that FEMA is in the process of developing
providing security training to            performance measures.
employees.
                                          Relevant GAO Products
                                          Port Security Grant Program: Risk Model, Grant Management, and Effectiveness
                                          Measures Could Be Strengthened. GAO-12-47. Washington, D.C.: November
                                          17, 2011.
                                          Maritime Security: Responses to Questions for the Record. GAO-11-140R.
                                          Washington D.C.: October 22, 2010. See pages 12-15.
                                          Risk Management: Further Refinements Needed to Assess Risks and Prioritize
                                          Protective Measures at Ports and Other Critical Infrastructure. GAO-06-91.
                                          Washington, D.C.: December 15, 2005. See pages 49-67.




                                          Page 33                                                                            GAO-12-1009T
                                         Transportation Worker Identification
                                         Credential

Transportation Worker                    Table 3: Total TWIC Funding Authority, Fiscal Years 2003 through June 2012 (in
                                         millions)
Identification Credential
                                                                                                     Fiscal year
The Transportation Worker                TWIC                       2003    2004     2005    2006 2007       2008     2009    2010    2011     2012
Identification Credential (TWIC)         Funding authoritya          25.0    49.7      5.0   15.0     18.6    50.6 109.3      45.0     45.0     30.2
program, administered by the Coast
                                         Total for all years                                                                                  $393.4
Guard and TSA, requires maritime
workers to complete background           Source: GAO analysis of TWIC program funding reported by TSA and FEMA.
checks and obtain a biometric            a
                                          Funding authority includes appropriations with reprogramming and adjustments and TWIC fee
identification card to gain unescorted   authority. TWIC fee authority represent the dollar amount TSA is authorized to collect from TWIC
access to secure areas of regulated      enrollment fees and not the actual dollars collected. TSA reports it has collected $41.7 million for
                                         fiscal year 2008, $76.2 million for fiscal year 2009, $30.6 million for fiscal year 2010, $26.5 million for
maritime facilities.                     fiscal year 2011, and $21.1 million for fiscal year 2012 (as of June 30). The total does not include
                                         $151 million in FEMA security grant funding.
MTSA required the Secretary of
Homeland Security to prescribe           Summary of Key Findings and Recommendations
regulations preventing individuals
from having unescorted access to         Our work on TWIC has shown that DHS, TSA, and the Coast Guard have made
secure areas of MTSA-regulated           progress in enrolling workers and activating TWICs. For example, in November
facilities unless they possess a         2009, we reported that over 93 percent of the estimated TWIC users were
biometric transportation security card   enrolled in the program by the April 15, 2009 compliance deadline. However,
and are authorized to be in such an
                                         TSA, the Coast Guard, and maritime industry stakeholders have faced
area. It also tasked DHS with the
responsibility to issue identification   challenges in implementing the TWIC program. These challenges include
cards to eligible individuals.           enrolling and issuing TWICs to a larger population than was originally
                                         anticipated, ensuring that TWIC access control technologies perform effectively
According to the most recently-          in the harsh maritime environment, and balancing security requirements with the
available data from the Coast Guard,     need to facilitate the flow of legitimate maritime commerce. We have
as of December 2010 and January
2011, there were 2,509 facilities and    recommended that DHS take actions to identify effective and cost-efficient
12,908 vessels, respectively, that       methods for meeting TWIC program objectives and evaluate those actions. In
were subject to MTSA regulations and     general DHS concurred with our recommendations and has plans underway to
had to implement TWIC provisions.        implement them. In addition, as mandated by the Coast Guard Authorization Act
According to TSA, as of August 9,                 2
                                         of 2010, we are currently assessing the results of the TWIC pilot and will report
2012, it has activated over 2 million
TWIC cards.
                                         on our findings later this year.

                                         Relevant GAO Products
                                         Transportation Worker Identification Credential: Internal Control Weaknesses
                                         Need to be Corrected to Help Achieve Security Objectives. GAO-11-657.
                                         Washington, D.C.: May 10, 2011.
                                         Transportation Worker Identification Credential: Progress Made in Enrolling
                                         Works and Activating Credentials but Evaluation Plan Needed to Help Inform the
                                         Implementation of Card Readers. GAO-10-43. Washington, D.C.: November 18,
                                         2009.



                                         2
                                             Pub. L. No. 111-281, § 802, 124 Stat. 2905, 2989 (2010).



                                         Page 34                                                                              GAO-12-1009T
                                            Vessel Security Plans



Vessel Security Plans                       Budget Authority Information

                                            Activities related to vessel security plans are not specifically identified in the
Coast Guard regulations require             Coast Guard budget. Such activities fall under the Coast Guard’s ports,
owners and operators of certain             waterways and coastal security mission. See table 1 for the reported budget
vessels to conduct assessments to           authority for that mission for fiscal years 2004 through 2013.
identify security vulnerabilities, and to
develop plans to mitigate these
vulnerabilities (33 C.F.R. §§ 104.300-      Summary of Key Findings and Recommendations
.415). The Coast Guard set a
deadline for vessels to operate under       We reported in June 2004 that the Coast Guard had identified and corrected
an approved or self certified security      deficiencies in vessel security plans, though the extent of review and approval of
plan by July 1, 2004. The U.S. Coast        such plans varied widely. Our more recent vessel security work has focused on
Guard was responsible for (1)               specific types of vessels—including ferries, cruise ships, and energy commodity
determining which vessels are               tankers—and found that the Coast Guard has taken a number of steps to
required to create these plans and (2)      improve their security, such as screening vehicles and passengers on ferries.
reviewing and approving the vessel          Our September 2010 report on piracy found that the Coast Guard had ensured
security plans.                             that the security plans for U.S.-flagged vessels have been updated with piracy
                                            annexes if they transited high risk areas. Our work has also identified additional
According to the Coast Guard, as of
                                            opportunities to enhance vessel security. For example, in 2010 we reported that
June 2004 there were almost 10,000
vessels operating in more than 300          the Coast Guard had not implemented recommendations from five agency
domestic ports that were required to        contracted studies on ferry security and that the Coast Guard faced challenges
comply with these MTSA                      protecting energy tankers. We made recommendations aimed at increasing
requirements. These maritime                security aboard vessels. In general DHS has concurred with these
vessels, ranging from oil tankers and       recommendations and is in the process of implementing them.
freighters to tugboats and passenger
ferries, can be vulnerable on many
security-related fronts and, therefore,     Relevant GAO Products
must be able to restrict access to          Maritime Security: Ferry Security Measures Have Been Implemented, but
areas on board, such as the pilot           Evaluating Existing Studies Could Further Enhance Security. GAO-11-207.
house or other control stations critical
                                            Washington D.C.: December 3, 2010.
to the vessels’ operation.
                                            Maritime Security: Actions Needed to Assess and Update Plan and Enhance
The effect of the Coast Guard’s             Collaboration Among Partners Involved in Countering Piracy off the Horn of
oversight of vessel security plans          Africa. GAO-10-856. Washington D.C: September 30, 2010. See pages 57-59.
extends far beyond U.S. waters to
high risk areas—such as the Horn of         Maritime Security: Varied Actions Taken to Enhance Cruise Ship Security, but
Africa—where piracy has surged in           Some Concerns Remain. GAO-10-400. Washington, D.C.: April 9, 2010.
the last few years. For example, the        Maritime Security: Federal Efforts Needed to Address Challenges in Preventing
Coast Guard ensures that the more
                                            and Responding to Terrorist Attacks on Energy Commodity Tankers. GAO-08-
than 100 U.S.-flagged vessels that
                                            141. Washington, D.C.: December 10, 2007.
travel through that region have
updated security plans, and the Coast       Maritime Security: Substantial Work Remains to Translate New Planning
Guard checks for compliance when            Requirements to Effective Port Security. GAO-04-838. Washington, D.C.: June
these vessels are at certain ports.         30, 2004.




                                            Page 35                                                              GAO-12-1009T
                                                        Small Vessel Security Activities



Small Vessel Security                                   Budget Authority Information
Activities                                               Activities related to small vessel security activities are not specifically identified
                                                        in the Coast Guard budget. Such activities fall under the Coast Guard’s ports,
Small vessel
Small    vessel security
                    security activities
                                activities areare       waterways and coastal security mission. See table 1 for the reported budget
those in
those    in place
             place to to address
                         address the  the threat
                                           threat       authority for that mission for fiscal years 2004 through 2013.
posed by
posed     by the
              the millions
                    millions of of small
                                   small vessels
                                             vessels
in use
in use in in U.S.
              U.S. waterways.
                     waterways. Related
                                      Related to  to    Summary of Key Findings and Recommendations
this threat,
this  threat, DHSDHS released
                        released its  its Small
                                          Small
Vessel Security
Vessel     Security Strategy
                        Strategy in  in April
                                         April 2008
                                                 2008   We reported in October 2010 that DHS—including the Coast Guard and CBP—
as part
as  part ofof its
               its effort
                   effort to
                           to mitigate
                               mitigate the the         and other entities are taking actions to reduce the risk from small vessels attacks.
vulnerability of
vulnerability      of vessels
                       vessels to to waterside
                                      waterside         These actions include the development of the Small Vessel Security Strategy,
attacks from
attacks    from small
                   small vessels.
                           vessels. As   As part
                                              part of
                                                   of   community outreach, the establishment of security zones in U.S. ports and
the Strategy,
the  Strategy, DHS  DHS identified
                           identified the the four
                                                four    waterways, escorts of vessels that could be targeted for attack and port-level
gravest risk
gravest     risk scenarios
                  scenarios involving
                                 involving the the      vessel tracking with radars and cameras since other vessel tracking systems—
use of
use   of small
          small vessels
                   vessels forfor terrorist
                                   terrorist            such as the Automatic Identification System—are only required on larger vessels.
attacks—(1) aa waterborne
attacks—(1)           waterborne improvised             Our October 2010 work indicates, however, that the expansion of vessel tracking
explosive device,
explosive      device, (2)(2) aa means
                                  means of   of         to all small vessels may be of limited utility because of, among other things, the
smuggling weapons
smuggling        weapons intointo the
                                    the United
                                          United        large number of small vessels, the difficulty identifying threatening actions, and
States, (3)
States,    (3) aa means
                   means of  of smuggling
                                  smuggling             the challenges associated with getting resources on scene in time to prevent an
humans into
humans       into the
                   the United
                         United States,
                                   States, andand
                                                        attack once it has been identified. To enhance actions to address the small
(4) aa platform
(4)    platform for  for conducting
                         conducting an     an attack
                                               attack
                                                        vessel threat DNDO has worked with the Coast Guard and local ports to develop
that uses
that  uses aa rocket
                 rocket or or other
                               other weapon
                                        weapon
launched at    at aa sufficient
                     sufficient distance
                                   distance to
                                                        and test equipment for detecting nuclear material on small maritime vessels. As
launched
allow the
        the attackers
              attackers to  to evade
                                evade                   part of our broader work on DNDO’s nuclear detection architecture, in January
allow
defensive fire.
defensive      fire.                                    2009 we recommended that DNDO develop a comprehensive plan for installing
                                                        radiation detection equipment that would define how DNDO would achieve and
Several DHS component agencies                          monitor its goal of detecting the movement of radiological and nuclear materials
have roles in protecting against                        through potential smuggling routes, such as small maritime vessels. DHS
threats posed by small vessels. The                     generally concurred with the recommendation and is in the process of
Coast Guard is responsible for                          implementing it.
protecting the maritime region; CBP is
responsible for keeping terrorists and                  Relevant GAO Products
their weapons out of the United
States, securing and facilitating trade,                Maritime Security: DHS Progress and Challenges in Key Areas of Port Security.
and cargo container security; and                       GAO-10-940T. Washington, D.C.: July 21, 2010. See pages 7-10.
DNDO is responsible for developing,
                                                        Maritime Security: Vessel Tracking Systems Provide Key Information, but the
acquiring, and deploying radiation
detection equipment to support the                      Need for Duplicate Data Should Be Reviewed. GAO-09-337. Washington, D.C.:
efforts of DHS and other federal                        March 17, 2009. See pages 30-37.
agencies. MTSA, and other legislation                   Nuclear Detection: Domestic Nuclear Detection Office Should Improve Planning
and directives, require that these                      to Better Address Gaps and Vulnerabilities. GAO-09-257. Washington, D.C.:
component agencies protect the                          January 29, 2009. See pages 18-23.
nation’s ports and waterways from
terrorist attacks through a wide range                  Nuclear Detection: Preliminary Observations on the Domestic Nuclear Detection
of security improvements.                               Office’s Efforts to Develop a Global Nuclear Detection Architecture. GAO-08-
                                                        999T Washington, D.C.: July 16, 2008.




                                                        Page 36                                                               GAO-12-1009T
                                           Controls over Foreign Seafarers



Controls over Foreign                      Budget Authority Information
Seafarers                                  Activities related to controls over foreign seafarers are not specifically identified
                                           in the Coast Guard budget. Some of these fall under the Coast Guard’s ports,
In fiscal year 2009, maritime crew—        waterways and coastal security mission. See table 1 for the reported budget
known as seafarers—made about 5            authority amounts for that mission for fiscal years 2004 through 2013
million entries into U.S. ports on
commercial cargo and cruise ship           Summary of Key Findings and Recommendations
vessels. This is important because
the overwhelming majority of               We reported in January 2011 that the federal government uses a multi-faceted
seafarers on arriving vessels are          strategy to address foreign seafarer risks. The State Department starts the
aliens. Because the U.S. government
                                           process by reviewing seafarer applications for U.S. visas. As part of this process,
has no control over foreign seafarer
                                           consular officers review applications, interview applicants’, screen applicant
credentialing practices, concerns
have been raised that it is possible for   information against federal databases, and review supporting documents to
aliens to fraudulently obtain seafarer     assess whether the applicants pose a potential threat to national security, among
credentials to gain entry into the         other things. In addition, DHS and its component agencies conduct advance-
United States or conduct attacks.          screening inspections, assess risks, and screen seafarers. However, our work
Therefore, DHS considers the illegal       noted opportunities to enhance seafarer inspection methods. For example, in
entry of an alien through a U.S.           January 2011, we reported that CBP inspected all seafarers entering the United
seaport through exploitation of            States, but noted that CBP did not have the technology to electronically verify the
maritime industry practices to be a        identity and immigration status of crews on board cargo vessels, thus limiting
key concern. Within DHS, the Coast         CBP’s ability to ensure it could identify fraudulent documents presented by
Guard and CBP conduct a variety of         foreign seafarers. We made several recommendations to, among other things,
seafarer-related enforcement and           facilitate better understanding of the potential need and feasibility of expanding
compliance boardings and                   electronic verification of seafarers on board vessels and to improve data
inspections. For example, the Coast        collection and sharing. In that same report we also noted discrepancies between
Guard conducts inspections of vessel       CBP and Coast Guard data on illegal seafarer entries at domestic ports and we
crew as part of its regulatory             recommended that the two agencies jointly establish a process for sharing and
responsibility under MTSA. Other           reconciling such records. DHS concurred with our recommendations and is in the
departments participate as well, such      process of taking actions to implement them. For example, CBP met with the
as the State Department, which
                                           DHS Screening Coordination Office to determine risks associated with not
reviews foreign seafarers’
                                           electronically verifying foreign seafarers for admissibility. Further, DHS reported
applications for U.S. visas.
                                           in July 2011 that CBP and the Coast Guard were working to assess the costs
A few countries account for a large        associated with deploying equipment to provide biometric reading capabilities on
share of arriving foreign seafarers,       board vessels.
with the Philippines, India, and Russia
supplying the most. According to the
Coast Guard, approximately 80              Relevant GAO Product
percent of seafarers arriving by           Maritime Security: Federal Agencies Have Taken Actions to Address Risks
commercial vessel did so aboard            Posed by Seafarers, but Efforts Can Be Strengthened. GAO-11-195.
passenger vessels, such as cruise
                                           Washington, D.C.: January 14, 2011.
ships.




                                           Page 37                                                             GAO-12-1009T
                                           Maritime Security Risk Analysis
                                           Model


Maritime Security Risk                     Budget Authority Information
Analysis Model                             Activities related to MSRAM are not specifically identified in the Coast Guard
                                           budget. Such activities fall under the Coast Guard’s ports, waterways and coastal
The Maritime Security Risk Analysis        security mission. See table 1 for the reported budget authority for that mission for
Model (MSRAM) is the Coast Guard’s         fiscal years 2004 through 2013.
primary tool for assessing and
managing security risks in the             Summary of Key Findings and Recommendations
maritime domain. The Coast Guard
uses MSRAM to meet DHS’s                   Our work on MSRAM found that the Coast Guard’s risk management and risk
requirement for using risk-informed        assessment efforts have developed and evolved and that the Coast Guard has
approaches to prioritize its               made progress in assessing maritime security risks using MSRAM. For example,
investments.                               our work in this area in 2005 found that the Coast Guard was ahead of other
                                           DHS components in establishing a foundation for using risk management. After
MSRAM provides the Coast Guard             the September 11, 2001 terrorist attacks, the Coast Guard greatly expanded the
with a standardized way of assessing       scope of its risk assessment activities. It conducted three major security
risk to maritime infrastructure, such as   assessments at ports, which collectively resulted in progress in understanding
chemical facilities, oil refineries,       and prioritizing risks within a port. We also reported in July 2010 that by
hazardous cargo vessels, passenger         developing MSRAM, the Coast Guard had begun to address the limitations of its
ferries, and cruise ship terminals,
                                           previous port security risk model. In our more recent work, we reported that
among others. MSRAM calculates the
                                           MSRAM generally aligns with DHS risk assessment criteria, but noted that
risk of a terrorist attack based on
scenarios—a combination of target          additional documentation and training could benefit MSRAM users. We made
and attack modes—in terms of               recommendations to the Coast Guard to strengthen MSRAM, better align it with
threats, vulnerabilities, and              risk management guidance, and facilitate its increased use across the agency. In
consequences to more than 28,000           general, the Coast Guard has concurred with our recommendations and has
maritime targets. The model focuses        implemented some and taken actions to implement others. For example, the
on individual facilities and cannot        Coast Guard uses risk management to drive resource allocations across its
model system impacts or more               missions and is in the process of making MSRAM available for external peer
complex scenarios involving adaptive       review. The Coast Guard expects to complete these actions later this year,
or intelligent adversaries. The Coast
Guard also uses MSRAM as input             Relevant GAO Products
into other DHS maritime security
programs, such as FEMA’s Port              Coast Guard: Security Risk Model Meets DHS Criteria, but More Training Could
Security Grant Program.                    Enhance Its Use for Managing Programs and Operations. GAO-12-14.
                                           Washington, D.C: November 17, 2011.
The Coast Guard Authorization Act of
2010 required the Coast Guard to           Maritime Security: DHS Progress and Challenges in Key Areas of Port Security.
make MSRAM available, in an                GAO-10-940T. Washington, D.C.: July 21, 2010. See pages 3-6.
unclassified version, on a limited         Risk Management: Further Refinements Needed To Assess Risks and Prioritize
basis to regulated vessels and             Protective Measures at Ports and Other Critical Infrastructure. GAO-06-91.
facilities to conduct risk assessments     Washington, D.C.: December 15, 2005. See pages 30-48.
of their own facilities and vessels
(Pub. L. No. 111-281, § 827, 124 Stat.
2905, 3004-05).




                                           Page 38                                                           GAO-12-1009T
                                             Area Maritime Security Committees



Area Maritime Security                       Budget Authority Information
Committees                                   Activities related to AMSCs are not specifically identified in the Coast Guard
                                             budget. Such activities fall under the Coast Guard’s ports, waterways and coastal
Area Maritime Security Committees            security mission. See table 1 for the reported budget authority for that mission for
(AMSCs) consist of key stakeholders          fiscal years 2004 through 2013.
who (1) may be affected by security
policies and (2) share information and       Summary of Key Findings and Recommendations
develop port security plans. AMSCs,
which are required by Coast Guard            Our work in this area has noted that the Coast Guard has established AMSCs in
regulations that implement MTSA,             major U.S. ports. We also reported in April 2005 that the AMSCs improved
also identify critical port infrastructure   information sharing among port stakeholders, and made improvements in the
and risks to the port, develop               timeliness, completeness, and usefulness of such information. The types of
mitigation strategies for these risks,       information shared included threats, vulnerabilities, suspicious activities, and
and communicate appropriate                  Coast Guard strategies to protect port infrastructure. The AMSCs also served as
security information to port                 a forum for developing Area Maritime Security Plans. While establishing AMSCs
stakeholders (33 C.F.R. §§ 103.300-
                                             has increased information sharing among port stakeholders, our earlier work
.310). AMSCs were created, in part,
                                             noted that the lack of federal security clearances for non-federal members of
because ports are sprawling
enterprises that often cross
                                             committees hindered some information sharing. To address this issue, we made
jurisdictional boundaries; and the           recommendations to ensure that non-federal officials received needed security
need to share information among              clearances in a timely manner. The Coast Guard agreed with our
federal, state and local agencies is         recommendations and has since taken actions to address them, including (1)
central to effective prevention and          distributing memos to field office officials clarifying their role in granting security
response.                                    clearances to AMSC members, (2) developing a database to track the recipients
                                             of security clearances, and (3) distributing an informational brochure outlining the
According to the Coast Guard, it has         security clearance process.
organized 43 area maritime security
committees, covering the nation’s 361        Relevant GAO Products
ports. Recommended members of
AMSCs are a diverse array of port            Maritime Security: The SAFE Port Act: Status and Implementation One Year
stakeholders to include federal, state       Later. GAO-08-126T. Washington, D.C.: October 30, 2007. See pages 8-11.
and local agencies, as well as private
sector entities to include terminal          Maritime Security: Information-Sharing Efforts are Improving, GAO-06-933T.
operators, yacht clubs, shipyards,           Washington, D.C.: July 10, 2006.
marine exchanges, commercial
fishermen, trucking and railroad             Maritime Security: New Structures Have Improved Information Sharing, but
companies, organized labor, and              Security Clearance Processing Requires Further Attention. GAO-05-394.
trade associations.                          Washington, D.C.: April 15, 2005.




                                             Page 39                                                             GAO-12-1009T
                                          Interagency Operations Centers


Interagency Operations                    Appropriations Information
Centers
                                          The Coast Guard received $60 million in appropriations in fiscal year 2008 that
                                          Congress directed the Coast Guard to use to begin the process of establishing
Interagency Operations Centers            IOCs. The Coast Guard received an additional $14 million in congressionally-
(IOCs) are physical or virtual centers    directed appropriations from fiscal years 2009 through 2012 to fund IOC
of collaboration to improve maritime      implementation, for a total of $74 million in IOC funding since fiscal year 2008.
domain awareness and operational
coordination among port partners—         Summary of Key Findings and Recommendations
including federal, state, and local law
enforcement agencies. These port          Our work on IOCs found that they provided promise in improving maritime
partners use these centers to             domain awareness and information sharing. The Departments of Homeland
participate in maritime security          Security, Defense, and Justice all participated to some extent in three early
activities, such as the implementation    prototype IOCs. These IOCs improved information sharing through the collection
and administration of intelligence        of real time operational information. Thus, IOCs can provide continuous
activities, information sharing, and      information about maritime activities and directly involve participating agencies in
vessel tracking.                          operational decisions using this information. For example, agencies have
                                          collaborated in vessel boardings, cargo examinations, and enforcement of port
The SAFE Port Act required the            security zones. In February 2012, however, we reported that the Coast Guard did
establishment of certain IOCs, and        not meet the SAFE Port Act’s deadline to establish IOCs at all high-risk ports
the Coast Guard Authorization Act of      within 3 years of enactment. This was due, in part because the Coast Guard was
2010 further specified that IOCs          not appropriated funds to establish the IOCs in a timely manner and because the
should provide, where practicable, for
                                          definition of a fully operational IOC was evolving during this period. As of October
the physical collocation of the Coast
                                          2010—the most recent date for which we had data available—32 of the Coast
Guard with its port partners, where
practicable, and that IOCs should         Guard’s 35 sectors had made progress in implementing IOCs, but none of the
include information-management            IOCs had achieved full operating capability. In our February 2012 report, we
systems (46 U.S.C. § 70107A).             made several recommendations to the Coast Guard to help ensure effective
                                          implementation and management of its WatchKeeper information sharing
To facilitate IOC implementation and      system, such as revising the integrated master schedule. DHS concurred with
the sharing of information across IOC     the recommendations, subject to the availability of funds.
participants, the Coast Guard began
implementing implemented a web-           Relevant GAO Products
based information management and          Maritime Security: Coast Guard Needs to Improve Use and Management of
sharing system called WatchKeeper
in 2005.                                  Interagency Operations Centers. GAO-12-202. Washington, D.C.: February 13,
                                          2012.
                                          Maritime Security: The SAFE Port Act: Status and Implementation One Year
                                          Later. GAO-08-126T. Washington, D.C.: October 30, 2007. See pages 8-11.
                                          Maritime Security: Information-Sharing Efforts are Improving, GAO-06-933T.
                                          Washington, D.C.: July 10, 2006.
                                          Maritime Security: New Structures have Improved Information Sharing, but
                                          Security Clearance Processing Requires Further Attention. GAO-05-394.
                                          Washington, D.C. April 15, 2005.




                                          Page 40                                                           GAO-12-1009T
                                         Vessel Tracking


Vessel Tracking                          Funding Information
                                         Funding for vessel tracking is not specifically identified in the DHS budget and so
Vessel tracking activities are those     we were not able to determine costs allocated for the program. In March 2009,
used to track vessels at sea and in
                                         however, we reported that the Coast Guard expected its long-range identification
coastal areas in order to attempt to
                                         and tracking system, one element of vessel tracking, to cost $5.3 million in fiscal
determine the degree of risk
presented by each vessel while
                                         year 2009 and approximately $4.2 million per year after that. We also noted in
minimizing disruption on the marine      that report that long-range automatic identification system technology, another
transportation system. Within DHS,       vessel tracking effort, was not far enough along to know how much it would cost.
the Coast Guard has programs and
uses several technologies to track
vessels. In general, these vessel
                                         Summary of Key Findings and Recommendations
tracking systems work for larger         Our work on vessel tracking found that the Coast Guard has developed a variety
commercial vessels, such as those        of vessel tracking systems that provide information key to identifying high risk
300 gross tons or more, with             vessels and developing a system of security measures to reduce risks
requirements to have the tracking        associated with them. We reported on the Coast Guard’s early efforts to develop
technologies. These systems are not      a vessel information system, as well as more recent efforts to develop an
effective at tracking smaller vessels,   automatic information system to track vessels at sea. Our work in the vessel
which can present a threat to larger     tracking area showed opportunities for the Coast Guard to reduce costs and
vessels and maritime infrastructure.
                                         eliminate duplication. For example, in July 2004 we reported that some local port
                                         entities were willing to assume the expense and responsibility for automatic
MTSA included the first federal vessel
tracking requirements to improve the     information tracking if they were able to use the data, along with the Coast
nation’s security by mandating that      Guard, for their own purposes. Further, in March 2009, we reported that the
certain vessels operate an automatic     Coast Guard was using three different means to track large vessels at sea,
identification system—a tracking         resulting in potential duplication in information provided. As a result, we made
system used for identifying and          several recommendations to reduce costs, including that the Coast Guard
locating vessels—while in U.S. waters    partner with local ports and analyze the extent to which duplicate information is
(46 U.S.C. § 70114). MTSA also           needed to track large vessels. In general, the Coast Guard concurred with our
allowed for the development of a         recommendations and has taken steps to partner with local port entities and
long-range automated vessel tracking     analyze the performance of vessel tracking systems.
system that would track vessels at
sea based on existing onboard radio      Relevant GAO Products
equipment and data communication
systems that can transmit the vessel’s   Maritime Security: Vessel Tracking Systems Provide Key Information, but the
identity and position to rescue forces   Need for Duplicate Data Should Be Reviewed. GAO-09-337. Washington, D.C.:
in the case of an emergency. Later,
                                         March 17, 2009.
the Coast Guard and Maritime
Transportation Act of 2004 amended       Maritime Security: Partnering Could Reduce Federal Costs and Facilitate
MTSA to require the development of a     Implementation of Automatic Vessel Identification System. GAO-04-868.
long-range tracking system (46
U.S.C. § 70115).                         Washington, D.C.: July 23, 2004.
                                         Coast Guard: Vessel Identification System Development Needs to Be
                                         Reassessed. GAO-02-477. Washington, D.C.: May 24, 2002.




                                         Page 41                                                          GAO-12-1009T
                                           Automated Targeting System



Automated Targeting                        Table 4: Total ATS Obligations, Fiscal Year 2005 through May 2012 (in millions)

System                                                                                            Fiscal year
                                               ATS                   2005   2006      2007        2008     2009    2010   2011   2012a
                                               Obligations           29.8   27.9      26.8        26.8      32.5   32.6   32.4       7.7
The Automated Targeting System
(ATS) is a computerized model that             Total for all years                                                               $216.5
CBP officers use as a decision             Source: DHS.
support tool to help them identify and     a
target maritime cargo containers for       Represents fiscal year obligations through May 2012.
inspection. ATS was developed in the
aftermath of the terrorist attacks of      Summary of Key Findings and Recommendations
September 11, 2001 to address the
concern that terrorists might attempt      Our work on ATS has shown that CBP made progress in implementing ATS and
to smuggle a weapon of mass                enhancing it through the use of additional data. For example, in March 2004, we
destruction into the United States         reported that CBP has (1) refined ATS to target high risk cargo containers for
using one of the millions of cargo         physical inspection, (2) implemented national targeting training, and (3) sought to
containers that arrive at our nation’s     improve the quality and timeliness of manifest information. Also, in response to
seaports. CBP uses ATS as part of its      our 2004 recommendation that CBP initiate an external peer review of ATS, CBP
mission to enhance container security      contracted with a consulting firm to evaluate CBP’s targeting methodology and
and reduce the vulnerabilities             recommend improvements. Our September 2010 report regarding the additional
associated with the supply chain—the       information required by the 10+2 rule indicated that the new information on
flow of goods from manufacturers to        vessel stow plans enabled CBP to identify containers with incomplete manifest
retailers. Specifically, CBP uses ATS      data, which are inherently higher risk. We also reported, however, that CBP had
to identify high-risk containers that      not yet incorporated the new information and recommended that it set time
require additional research or             frames and milestones for updating its national security targeting criteria. CBP
inspection at foreign or U.S. seaports.    generally concurred with our recommendations and has begun to address them.
                                           We are in the process of completing an updated review of ATS for the House
In 2006, the SAFE Port Act required        Committee on Energy and Commerce and anticipate issuing a report later this
that DHS collect additional data to
                                           year.
identify high-risk cargo for inspection
(6 U.S.C. § 943(b)). In response to
this requirement, in January 2009,         Relevant GAO Products
CBP implemented the Importer
                                           Supply Chain Security: CBP Has Made Progress in Assisting the Trade Industry
Security Filing and Additional Carrier
Requirements, collectively known as        in Implementing the New Importer Security Filing Requirements, but Some
the 10+2 rule. Under this rule,            Challenges Remain. GAO-10-841. Washington, D.C.: September 10, 2010.
importers are required to provide CBP
with additional information, such as       The SAFE Port Act: Status and Implementation One Year Later. GAO-08-126T.
customs entry information, and             Washington, D.C.: October 30, 2007. See pages 6 and 27-28.
carriers are required to provide CBP
                                           Cargo Container Inspections: Preliminary Observations on the Status of Efforts to
with information, such as cargo
                                           Improve the Automated Targeting System. GAO-06-591T. Washington, D.C.:
manifest and vessel stowage
information. The collection of this
                                           March 30, 2006.
additional cargo information is            Homeland Security: Summary of Challenges Faced in Targeting Oceangoing
intended to further enhance CBP’s          Cargo Containers for Inspection. GAO-04-557T. Washington, D.C.: March 31,
ability to use ATS to identify high-risk   2004.
shipments.




                                           Page 42                                                                    GAO-12-1009T
                                          Advanced Spectrographic Portal
                                          Program


Advanced                                  Funding Information
Spectrographic Portal                     Overall, DHS spent more than $280 million developing and testing the ASP
Program                                   program.

The advanced spectroscopic portal         Summary of Key Findings and Recommendations
(ASP) program was designed to             In September 2007, we found that DNDO’s initial testing of the ASP were not an
develop and deploy a more advanced
                                          objective and rigorous assessment of the ASP’s capabilities. For example,
radiation portal monitor to detect and
                                          DNDO used biased test methods that enhanced the performance of the ASP
identify radioactivity coming from
                                          during testing. At the same time, DNDO did not use a critical CBP standard
containers and trucks at seaports and
land border crossings. From 2005 to       operating procedure for testing deployed equipment. We made several
2011, DNDO was developing and             recommendations about improving the testing of ASPs which DNDO
testing the ASP and planned to use        subsequently implemented. In May 2009, we reported that DNDO improved the
these machines to replace some of         rigor of its testing; however, this improved testing revealed that the ASPs had a
the currently deployed radiation portal   limited ability to detect certain nuclear materials at anything more than light
monitors used by CBP at ports-of-         shielding levels. In particular, we reported that ASPs performed better than
entry for primary screening, as well as   currently deployed radiation portal monitors in detecting nuclear materials
the handheld identification devices       concealed by light shielding, but differences in sensitivity were less notable when
currently used by CBP for secondary       shielding was slightly below or above that level. In addition, further testing in
screening. If they performed well,        CBP ports revealed too many false alarms for the detection of certain high-risk
DNDO expected that the ASP could          nuclear materials. According to CBP officials, these false alarms are very
(1) better detect key threat material     disruptive in a port environment in that any alarm for this type of nuclear material
and (2) increase the flow of              would cause CBP to take enhanced security precautions because such materials
commerce by reducing the number of        (1) could be used in producing an improvised nuclear device and (2) are rarely
referrals for secondary inspections.      part of legitimate or routine cargo. In 2012, we reported that once ASP testing
However, ASPs cost significantly          became more rigorous, these machines did not perform well enough to warrant
more than currently deployed portal
                                          deployment. Accordingly, DHS scaled back the program in 2010 and later
monitors. We estimated in September
                                          cancelled the program in July 2012.
2008 that the lifecycle cost of each
ASP (including deployment costs)
was about $822,000, compared with         Relevant GAO Products
about $308,000 for radiation portal
                                          Combating Nuclear Smuggling: DHS has Developed Plans for Its Global Nuclear
monitors, and that the total program
cost for DNDO’s latest plan for           Detection Architecture, but Challenges Remain in Deploying Equipment. GAO-
deploying radiation portal monitors—      12-941T. Washington D.C: July 26, 2012.
including ASPs—would be about $2          Combating Nuclear Smuggling: DHS Improved Testing of Advanced Radiation
billion.                                  Detection Portal Monitors, but Preliminary Results Show Limits of the New
                                          Technology. GAO-09-655. Washington D.C.: May 21, 2009.
                                          Combating Nuclear Smuggling: DHS’s Program to Procure and Deploy
                                          Advanced Radiation Detection Portal Monitors Is Likely to Exceed the
                                          Department’s Previous Cost Estimates. GAO-08-1108R. Washington, D.C.:
                                          September 22, 2008.
                                          Combating Nuclear Smuggling: Additional Actions Needed to Ensure Adequate
                                          Testing of Next Generation Radiation Detection Equipment. GAO-07-1247T.
                                          Washington, D.C.: September 18, 2007.




                                          Page 43                                                           GAO-12-1009T
                                           Container Security Initiative


Container Security                         Table 5: Total CSI and Secure Freight Initiative (SFI) Obligations, Fiscal Year 2004
                                           through May 2012 (in millions)
Initiative                                                                                      Fiscal year
                                                             a
                                               CSI and SFI           2004   2005    2006    2007    2008      2009    2010     2011     2012b
The Container Security Initiative (CSI)        Obligations           61.4   126.1   138.0   138.5   145.9     148.9   145.5   106.9      51.6
is a bilateral government partnership
                                               Total for all years                                                                    $1,062.8
program to station CBP officers at
foreign seaports where they identify       Source: DHS,
U.S.-bound shipments at risk of            a
                                            We were unable to distinguish between CSI and SFI obligations because they are funded out of the
containing weapons of mass
                                           same budget line item.
destruction or other terrorist             b
                                            Represents fiscal year obligations through May 2012.
contraband. CBP launched CSI in
January 2002 in an effort to protect
global trade lanes by targeting and        Summary of Key Findings and Recommendations
examining high-risk containers as          Our work on CSI showed that the program has matured and improved, meeting
early as possible in their movement        its strategic goals by increasing both the number of CSI locations and the
through the global supply chain. The       proportion of total U.S.-bound containers passing through CSI ports. In addition,
program was meant to address               relationships with host governments have improved over time, leading to
concerns (after the terrorist attacks of
                                           increased information sharing between governments and a bolstering of host
September 11, 2001), that terrorists
                                           government customs and port security practices. Our reports made
could smuggle weapons of mass
destruction inside containers bound
                                           recommendations to CBP to further strengthen the CSI program by, among other
for the United States.                     things, revising its staffing model, developing performance measures, and
                                           improving its methods for conducting on-site evaluations. CBP generally agreed
As part of the program, foreign            with our recommendations and has taken actions to address them. For example,
governments allow CBP officers in the      in response to one of our recommendations, in January 2009, CBP began
CSI program to work closely with host      transferring CSI staff from overseas ports to perform targeting remotely from the
customs officials. CBP officers at the     National Targeting Center in the United States. As part of this effort, foreign
CSI seaports are responsible for           staffing levels for CSI decreased and CBP was able to decrease the program’s
targeting U.S.-bound high-risk cargo       operating costs by over $35 million.
shipped in containers and other tasks,
whereas host government customs
officials examine the high-risk cargo—     Relevant GAO Products
when requested by CBP—by                   Supply Chain Security: Container Security Programs Have Matured, but
scanning containers using various
                                           Uncertainty Persists over the Future of 100 Percent Scanning. GAO-12-422T.
types of nonintrusive inspection
                                           Washington, D.C.: February 7, 2012. See pages 12-13.
equipment or by physically searching
the containers before they are loaded      Supply Chain Security: Examinations of High-Risk Cargo at Foreign Seaports
onto vessels bound for the United          Have Increased, but Improved Data Collection and Performance Measures Are
States. By fiscal year 2007 CBP            Needed. GAO-08-187. Washington, D.C.: January 25, 2008.
reached its goal of operating CSI in
58 foreign seaports, which collectively    Container Security: A Flexible Staffing Model and Minimum Equipment
accounted for more than 80 percent         Requirements Would Improve Overseas Targeting and Inspection Efforts. GAO-
of the cargo shipped to the United         05-557. Washington, D.C.: Apr. 26, 2005.
States.
                                           Container Security: Expansion of Key Customs Programs Will Require Greater
                                           Attention to Critical Success Factors. GAO-03-770. Washington, D.C.: July 25,
                                           2003.




                                           Page 44                                                                      GAO-12-1009T
                                          Megaports Initiative



Megaports Initiative                      Table 6: Total Megaports Expenditures, Fiscal Year 2003 through December 2011 (in
                                          millions)

                                              Megaports                                         Fiscal year
The Megaports Initiative seeks to
                                              Initiative            2003   2004   2005   2006   2007   2008   2009   2010    2011    2012
deter, detect, and interdict nuclear or
other radiological materials smuggled         Expenditure
through foreign seaports. Established         amount \a              1.3   56.4   60.9   57.1   88.7 102.7 136.4 167.3 145.1          33.8
by the Department of Energy (DOE)             Total for all years                                                                   $849.8
in 2003, the Initiative funds the
                                          Source: DOE
installation of radiation detection
                                          a
equipment at select seaports               Expenditures are expressed in constant dollars. The total for fiscal year 2012 is as of December
overseas. The Initiative trains foreign   2011.
personnel to use this equipment to
scan shipping containers entering and     Summary of Key Findings and Recommendations
leaving these seaports—regardless of
destination—for nuclear and other         We reported in March 2005 that the Megaports Initiative had established
radioactive material that could be        Megaports at two seaports—Rotterdam, the Netherlands, which is the largest
used against the United States or its     port in Europe, and Piraeus, Greece, where security concerns had increased
allies.                                   prior to the 2004 Olympic Games. DOE had trained foreign customs officials and
                                          provided radiation detection equipment to both seaports. However, we also
To help decision-makers identify and      reported that the Initiative had limited success in initiating work at seaports
prioritize foreign seaports for
                                          identified as high priority. Among other things, we reported that it was difficult to
participation in the Megaports
                                          gain the cooperation of foreign governments, in part because some countries
Initiative, DOE uses a model that
ranks foreign ports according to their    were concerned that scanning large volumes of containers would create delays,
relative attractiveness to potential      thereby inhibiting the flow of commerce at their ports. We also found that the
nuclear smugglers. The Maritime           Initiative did not have a comprehensive long-term plan to guide the Initiative’s
Prioritization Model incorporates         efforts and faced several operational and technical challenges in installing
information, such as port security        radiation detection equipment at foreign seaports. We also previously reported
conditions, volume of container traffic   that DOE had faced several operational and technical challenges specific to
passing through ports, the proximity      installing and maintaining radiation detection equipment, including ensuring the
of the ports to sources of nuclear        ability to detect radioactive material, overcoming the physical layout of ports and
material, and the proximity of the        cargo container-stacking configurations, and sustaining equipment in port
ports to the United States. The model     environments with high winds and sea spray. We recommended that DOE (1)
is updated regularly to incorporate       develop a comprehensive long-term plan for the Initiative that identifies criteria
new information.                          for deciding how to strategically set priorities for establishing Megaports and (2)
                                          reevaluate cost estimates and adjust long-term projections as necessary. DOE
                                          has implemented both recommendations. We are currently updating our work on
                                          the Megaports Initiative and expect to issue a report later this year.


                                          Relevant GAO Products
                                          Maritime Security: The SAFE Port Act: Status and Implementation One Year
                                          Later. GAO-08-126T. Washington, D.C.: October 30, 2007. See pages 41-42.
                                          Preventing Nuclear Smuggling: DOE Has Made Limited Progress in Installing
                                          Radiation Detection Equipment at Highest Priority Foreign Seaports. GAO-05-
                                          375. Washington, D.C.: March 31, 2005.




                                          Page 45                                                                           GAO-12-1009T
                                           Secure Freight Initiative



Secure Freight Initiative                  Obligations Information
                                           Obligations for this initiative are included with obligations for the Container
The Secure Freight Initiative (SFI)        Security Initiative, as shown in table 5 above.
established pilot projects to test the
feasibility of scanning 100 percent of
U.S.-bound containers at foreign ports     Summary of Key Findings and Recommendations
to address concerns that terrorists        We reported in October 2009 that CBP and DOE have been successful in
would smuggle weapons of mass              integrating images and radiological signatures of scanned containers onto a
destruction (WMD) inside cargo             computer screen that can be reviewed remotely from the United States. They
containers bound for the United
                                           have also been able to use SFI as a test bed for new applications of existing
States. CBP shares responsibility for
                                           technology, such as mobile radiation scanners. However, we reported in June
the initiative with the State
Department and the Department of
                                           2008 that CBP has faced difficulties in implementing SFI due to challenges in
Energy (DOE) as part of its                host nation examination practices, performance measures, resource constraints,
responsibilities for overseeing            logistics, and technology limitations. We recommended in October 2009 that
oceangoing container security and          DHS, in consultation with the Secretaries of Energy and State, conduct cost-
reducing the vulnerabilities associated    benefit and feasibility analyses and provide the results to Congress. CBP stated
with the supply chain.                     it does not plan to develop comprehensive cost estimates because SFI has been
                                           reduced to one port and it has no funds to develop such cost estimates. DHS and
SFI was created, in part, due to           CBP have not performed a feasibility assessment of 100 percent scanning to
statutory requirements. The SAFE           inform Congress as to what cargo scanning they can do, so this recommendation
Port Act requires that pilot projects be
                                           has not yet been addressed. We will continue to monitor DHS and CBP actions
established at three ports to test the
                                           that could address this recommendation.
feasibility of scanning 100 percent of
U.S.-bound containers at foreign ports
(6 U.S.C. § 981). In August 2007, 2        Relevant GAO Products
months before the pilot began
operations, the Implementing               Supply Chain Security: Container Security Programs Have Matured, but
Recommendations of the 9/11                Uncertainty Persists over the Future of 100 Percent Scanning. GAO-12-422T.
Commission Act of 2007 (9/11 Act)          Washington, D.C.: February 7, 2012. See pages 15-19.
was enacted, which requires, among
other things, that by July 2012, 100       Maritime Security: Responses to Questions for the Record. GAO-11-140R.
percent of all U.S.-bound cargo            Washington, D.C.: October 22, 2010. See pages 17-21.
containers be scanned before being         Supply Chain Security: Feasibility and Cost-Benefit Analysis Would Assist DHS
placed on a vessel at a foreign port,      and Congress in Assessing and Implementing the Requirement to Scan 100
with possible extensions for ports
                                           Percent of U.S.-Bound Containers. GAO-10-12. Washington, D.C.: October 30,
under certain conditions (6 U.S.C. §
                                           2009.
982(b)). Ultimately, CBP implemented
SFI at six ports.                          CBP Works with International Entities to Promote Global Customs Security
Logistical, technological, and other       Standards and Initiatives, but Challenges Remain. GAO-08-538. Washington,
challenges prevented the participating     D.C.: August 15, 2008. See pages 31-34.
ports from achieving 100 percent
scanning and DHS and CBP have              Supply Chain Security: Challenges to Scanning 100 Percent of U.S.-Bound
since reduced the scope of the SFI         Cargo Containers. GAO-08-533T. Washington, D.C.: June 12, 2008.
program from six ports to one.
Further, in May 2012, the Secretary of
Homeland Security issued a 2-year
extension for all ports, thus delaying
the implementation date for 100
percent scanning until July 2014.




                                           Page 46                                                             GAO-12-1009T
                                          Customs-Trade Partnership Against
                                          Terrorism


Customs-Trade                             Table 7: Total C-TPAT Obligations, Fiscal Year 2005 through May 2012 (in millions)

Partnership Against                                                                              Fiscal year
                                                                                                                                    2012a
Terrorism                                     C-TPAT                2004   2005     2006    2007     2008      2009   2010   2011
                                              Obligations           14.0    37.8    67.4     49.7    57.4      52.4   46.5   44.5     23.6
                                              Total for all years                                                                   $393.5
The Customs-Trade Partnership
Against Terrorism (C-TPAT) program        Source: DHS.

is a voluntary program that enables       a
                                          Represents fiscal year obligations through May 2012.
CBP officials to work in partnership
with private companies to review and
approve the security of their
                                          Summary of Key Findings and Recommendations
international supply chains. In           We reported in April 2008 that the program holds promise as part of CBP’s multi-
November 2001, CBP announced the          faceted maritime security strategy. The program allows CBP to develop
C-TPAT program as part of its efforts     partnerships with the trade community, which is a challenge given the
toward facilitating the free flow of      international nature of the industry and resulting limits on CBP’s jurisdiction and
goods while ensuring that the             activities. C-TPAT provides CBP with a level or information sharing that would
containers do not pose a threat to        otherwise not be available. However, our reports raised a number of concerns
homeland security. In October 2006,
                                          about the overall management of the program and its challenges in verifying that
the SAFE Port Act established a
                                          C-TPAT members meet security criteria. We recommended that CBP strengthen
statutory framework for the C-TPAT
program, codified its existing
                                          program management by developing planning documents, performance
membership processes, and added           measures, and improving the process for validating security practices of C-TPAT
new components—such as time               members. CBP agreed with these recommendations and has addressed them.
frames for certifying, validating, and
revalidating members’ security
practices (6 U.S.C. §§ 961-973).          Relevant GAO Products
                                          Supply Chain Security: Container Security Programs Have Matured, but
Companies that join the C-TPAT            Uncertainty Persists over the Future of 100 Percent Scanning. GAO-12-422T.
program commit to improving the
                                          Washington, D.C.: February 7, 2012. See pages 13-14.
security of their supply chains and
agree to provide CBP with information     Supply Chain Security: Feasibility and Cost-Benefit Analysis Would Assist DHS
on their specific security measures. In   and Congress in Assessing and Implementing the Requirement to Scan 100
addition, the companies agree to          Percent of U.S.-Bound Containers. GAO-10-12. Washington, D.C.: October 30,
allow CBP to verify, among other          2009. See pages 41-43.
things, that their security measures
meet or exceed CBP’s minimum              Supply Chain Security: U.S. Customs and Border Protection Has Enhanced Its
security requirements. This allows        Partnership with Import Trade Sectors, but Challenges Remain in Verifying
CBP to ensure that the security           Security Practices. GAO-08-240. Washington, D.C.: April 25, 2008.
measures outlined in a member's
security profile are in place and         Cargo Security: Partnership Program Grants Importers Reduced Scrutiny with
effective. In return for their            Limited Assurance of Improved Security. GAO-05-404. Washington, D.C.: March
participation in the program, C-TPAT
                                          11, 2005.
members are entitled a reduced
likelihood of scrutiny of their cargo.    Container Security: Expansion of Key Customs Programs Will Require Greater
CBP has awarded initial C-TPAT            Attention to Critical Success Factors. GAO-03-770. Washington, D.C.: July 25,
certification—or acceptance of the
company’s agreement to voluntarily
                                          2003.
participate in the program—to over
10,000 companies, as of February
2012.




                                          Page 47                                                                      GAO-12-1009T
                                          Mutual Recognition Arrangements



Mutual Recognition                        Budget Authority Information
Arrangements                              MRA are included in the Other International Programs budget line item, but there
                                          is no specific line item for these activities. As such, we were unable to determine
                                          MRA obligations information.
Mutual recognition arrangements
(MRAs) allow for the supply chain
security-related practices and            Summary of Key Findings and Recommendations
programs taken by the customs
administration of one country to be       In our work on international supply chain security we reported that CBP has
recognized by the administration of       recognized that the United States is no longer self-contained in security
another. As of July 2012, CBP has         matters—either in its problems or its solutions. That is, the growing
made such arrangements with five          interdependence of nations necessitates that policymakers work in partnerships
countries and an economic union as        across national boundaries to improve supply chain security. We also reported
part of its efforts to partner with       that other countries are interested in developing customs-to-business partnership
international organizations and           programs similar to CBP’s C-TPAT program. Other countries are also interested
develop supply chain security
                                          in bi-lateral or multi-lateral arrangements with other countries to mutually
standards that can be implemented
                                          recognize each others’ supply chain container security programs. For example,
throughout the international
                                          officials within the European Union and elsewhere see the C-TPAT program as
community.
                                          one potential model for enhancing global supply chain security. Thus, CBP has
According to CBP, a network of            committed to promoting mutual recognition arrangements based on an
mutual recognition could lead to          international framework of standards governing customs and related business
greater efficiency in improving           relationships in order to enhance global supply chain security. Our work on other
international supply chain security by,   programs indicated that CBP does not always have critical information on other
for example, reducing redundant           countries’ customs examination procedures and practices, even at CSI ports
examinations of cargo containers and      where we have stationed officers. However, our reports to date have not made
avoiding the unnecessary burden of        any specific recommendations related to mutual recognition arrangements.
addressing different sets of
requirements as a shipment moves          Relevant GAO Products
throughout the global supply chain.
CBP and other international customs       Supply Chain Security: Container Security Programs Have Matured, but
officials see mutual recognition
                                          Uncertainty Persists over the Future of 100 Percent Scanning. GAO-12-422T.
arrangements as providing a possible
                                          Washington, D.C.: February 7, 2012. See pages 13-14.
strategy for the CSI program (which
includes stationing CBP officers          Supply Chain Security: CBP Works with International Entities to Promote Global
abroad). As of July 2012, CBP had         Customs Security Standards and Initiatives, but Challenges Remain. GAO-08-
signed six mutual recognition             538. Washington, D.C.: August 15, 2008. See pages 23-31.
arrangements.
                                          Supply Chain Security: Examinations of High-Risk Cargo at Foreign Seaports
                                          Have Increased, but Improved Data Collection and Performance Measures Are
                                          Needed. GAO-08-187. Washington, D.C.: January 25, 2008. See pages 33-40.




                                          Page 48                                                          GAO-12-1009T
                                         International Port Security Program



International Port                       Budget Authority Information
Security Program                         Activities related to the International Port Security Program are not specifically
                                         identified in the Coast Guard budget. Such activities fall under the Coast Guard’s
                                         ports, waterways and coastal security mission. See table 1 for the reported
The International Port Security
                                         budget authority for that mission for fiscal years 2004 through 2013.
Program (IPSP) provides for the
Coast Guard and other countries’
counterpart agencies to visit and        Summary of Key Findings and Recommendations
assess the implementation of security
measures in each others’ ports           Our work on the International Port Security Program found that the Coast Guard
against established security             had made progress in visiting and assessing port security in foreign ports. We
standards. The underlying                reported in October 2007 that the Coast Guard had visited more than 100
assumption for the program is that the   countries and found that most of the countries had substantially implemented the
security of domestic ports also          ISPS code. The Coast Guard had also consulted with a contractor to develop a
depends upon security at foreign         more risk-based approach to planning foreign country visits, such as
ports where vessels and cargoes          incorporating information on corruption and terrorist activities levels within a
bound for the United States originate.   country. The Coast Guard has made progress despite a number of challenges.
MTSA required the Coast Guard to         For example, the Coast Guard has been able to alleviate challenges related to
develop such a program to assess         sovereignty concerns of some countries by including a reciprocal visit feature in
security measures in foreign ports       which the Coast Guard hosts foreign delegations to visit U.S. ports and observe
and, among other things, recommend       ISPS Code implementation in the United States. Another challenge program
steps necessary to improve security      officials overcame was the lack of resources to improve security in poorer
measures in those ports. To address      countries. Specifically, Coast Guard officials worked with other federal agencies
this requirement, the Coast Guard        (e.g., the Departments of Defense and State) and international organizations
established the International Port       (e.g., the Organization of American States) to secure funding for training and
Security Program in April 2004.          assistance to poorer countries that need to strengthen port security efforts.
Subsequently, in October 2006, the
SAFE Port Act required the Coast
Guard to reassess security measures
at such foreign ports at least once      Relevant GAO Products
every 3 years (46 U.S.C. §§ 70108,
70109).                                  Maritime Security: DHS Progress and Challenges in Key Areas of Port Security.
In implementing the program, the         GAO-10-940T. Washington, D.C.: July 21, 2010. See pages 10-11.
Coast Guard uses the International
Maritime Organization’s International
                                         Maritime Security: The SAFE Port Act: Status and Implementation One Year
Ship and Port Facility Security (ISPS)   Later. GAO-08-126T. Washington, D.C.: October 30, 2007. See pages 15-19.
Code. This code serves as the            Information on Port Security in the Caribbean Basin. GAO-07-804R. Washington,
benchmark by which it measures the       D.C.: June 29, 2007.
effectiveness of a country’s
antiterrorism measures in a port.
Coast Guard teams conduct country
visits, discuss implemented security
measures, and collect and share best
practices to help ensure a
comprehensive and consistent
approach to maritime security in ports
worldwide.




                                         Page 49                                                          GAO-12-1009T
Appendix II: GAO Contact and Staff
              Appendix II: GAO Contact and Staff
              Acknowledgments



Acknowledgments

              For questions about this statement, please contact Stephen L. Caldwell at
              (202) 512-9610 or caldwells@gao.gov. Contact points for our Offices of
              Congressional Relations and Public Affairs may be found on the last page
              of this statement. Individuals making key contributions to this statement
              include Christopher Conrad (Assistant Director), Adam Anguiano, Aryn
              Ehlow, Allyson Goldstein, Paul Hobart, Amanda Kolling, Glen Levis, and
              Edwin Woodward. Additional contributors include Frances Cook, Tracey
              King, and Jessica Orr.




(441104)
              Page 50                                                       GAO-12-1009T
This is a work of the U.S. government and is not subject to copyright protection in the
United States. The published product may be reproduced and distributed in its entirety
without further permission from GAO. However, because this work may contain
copyrighted images or other material, permission from the copyright holder may be
necessary if you wish to reproduce this material separately.
GAO’s Mission         The Government Accountability Office, the audit, evaluation, and
                      investigative arm of Congress, exists to support Congress in meeting its
                      constitutional responsibilities and to help improve the performance and
                      accountability of the federal government for the American people. GAO
                      examines the use of public funds; evaluates federal programs and
                      policies; and provides analyses, recommendations, and other assistance
                      to help Congress make informed oversight, policy, and funding decisions.
                      GAO’s commitment to good government is reflected in its core values of
                      accountability, integrity, and reliability.

                      The fastest and easiest way to obtain copies of GAO documents at no
Obtaining Copies of   cost is through GAO’s website (http://www.gao.gov). Each weekday
GAO Reports and       afternoon, GAO posts on its website newly released reports, testimony,
                      and correspondence. To have GAO e-mail you a list of newly posted
Testimony             products, go to http://www.gao.gov and select “E-mail Updates.”

Order by Phone        The price of each GAO publication reflects GAO’s actual cost of
                      production and distribution and depends on the number of pages in the
                      publication and whether the publication is printed in color or black and
                      white. Pricing and ordering information is posted on GAO’s website,
                      http://www.gao.gov/ordering.htm.
                      Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
                      TDD (202) 512-2537.
                      Orders may be paid for using American Express, Discover Card,
                      MasterCard, Visa, check, or money order. Call for additional information.
                      Connect with GAO on Facebook, Flickr, Twitter, and YouTube.
Connect with GAO      Subscribe to our RSS Feeds or E-mail Updates. Listen to our Podcasts.
                      Visit GAO on the web at www.gao.gov.
                      Contact:
To Report Fraud,
Waste, and Abuse in   Website: http://www.gao.gov/fraudnet/fraudnet.htm
                      E-mail: fraudnet@gao.gov
Federal Programs      Automated answering system: (800) 424-5454 or (202) 512-7470

                      Katherine Siggerud, Managing Director, siggerudk@gao.gov, (202) 512-
Congressional         4400, U.S. Government Accountability Office, 441 G Street NW, Room
Relations             7125, Washington, DC 20548

                      Chuck Young, Managing Director, youngc1@gao.gov, (202) 512-4800
Public Affairs        U.S. Government Accountability Office, 441 G Street NW, Room 7149
                      Washington, DC 20548




                        Please Print on Recycled Paper.