First public hearing of the National Commission on Terrorist Attacks Upon the United States
Statement of Gerald L. Dillingham to the
National Commission on Terrorist Attacks Upon the United States
April 1, 2003
Mr. Chairman and Members of the Commission:
We are here today to discuss our public work on transportation security. As you know, the General Accounting Office is the audit, evaluation, and investigative arm of the Congress. Our mission is to support the Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. We examine the use of public funds; evaluate federal programs and policies; and provide analyses, recommendations, and other assistance to help the Congress make informed oversight, policy, and funding decisions. Our commitment to good government is reflected in our core values of accountability, integrity, and reliability. We wish to thank the Commission for inviting us today to share our knowledge of transportation security issues, and we look forward to continuing to work with you.
Since September 11, 2001, securing our nation's transportation system from terrorist attacks has assumed great urgency. On November 19, 2001, the Congress enacted the Aviation and Transportation Security Act, which created the Transportation Security Administration (TSA) within the Department of Transportation (DOT) and defined its primary responsibility as ensuring security in all modes of transportation. DOT then worked to strengthen security through its modal administrations while simultaneously organizing the new agency to meet the longer-term challenge of implementing security improvements that will not excessively inhibit commerce and travel or interfere with other critical agency missions. With the passage of the Homeland Security Act on November 25, 2002, TSA was transferred to the new Department of Homeland Security, which assumed overall responsibility for transportation security.
My testimony today addresses (1) transportation security before September 2001; (2) what the federal government has done since September 11 to strengthen transportation security, particularly aviation, mass transit, and port security; and (3) the long-term institutional challenges that face the federal agencies responsible for transportation security.
Before September 2001, our work in transportation security focused largely on aviation security, which was then the responsibility of the Federal Aviation Administration (FAA), within DOT. Together with other studies, our work often demonstrated the existence of significant, long-standing vulnerabilities in aviation security. These vulnerabilities included failure to detect threats when screening passengers and their carry-on bags prior to their boarding aircraft and the absence of any requirement to screen checked baggage on domestic flights; inadequate controls for limiting access to secure areas at airports; and failure to secure air traffic control computer systems and facilities.
Since September 2001, securing our nation's transportation system from terrorist attacks has assumed great urgency. The Congress and the administration have reorganized the federal agencies responsible for transportation security, transferring them to the new Department of Homeland Security, and the agencies are attempting to enhance security without unduly inhibiting the movement of goods and people. TSA has made considerable progress in addressing aviation security challenges. By the end of December 2002, the agency had hired and deployed a workforce of over 60,000, including passenger and baggage screeners and federal air marshals, and was screening about 90 percent of all checked baggage for explosives. In addition, local mass transit agencies have assessed vulnerabilities, increased training for emergency preparedness, and conducted emergency drills. The Coast Guard has also performed initial risk assessments of ports, established new security guidelines, and initiated a comprehensive assessment of security conditions at 55 U.S. ports, and the Customs Service and the Immigration and Naturalization Service have actions under way to strengthen port security. Nevertheless, air cargo shipments, general aviation airports, and mass transit systems remain vulnerable to attack, and an effective port security environment may be many years away.
DOT and the Department of Homeland Security face long-term transportation security challenges that include (1) developing a comprehensive risk management approach, (2) ensuring that transportation security funding needs are identified and prioritized and costs are controlled, (3) establishing effective coordination among the many public and private entities responsible for transportation security, (4) ensuring adequate workforce competence and staffing levels, and (5) implementing security standards for transportation facilities, workers, and security equipment. We have issued reports and made recommendations that address many of these challenges, and some actions are under way.
Some Vulnerabilities in Transportation Security Were Known before September 2001
Our work on transportation security prior to September 2001 primarily addressed vulnerabilities in aviation security. These included ineffective screening of passengers and baggage for threat objects and explosives, inadequate controls for limiting access to secure areas at airports, and inadequate security for air traffic control computer systems and facilities. Mass transit agencies were taking actions to enhance security, and concerns about port security were raised.
Before September 2001, screeners, who were then hired by the airlines, often failed to detect threat objects located on passengers or in their carry-on luggage. As we reported in June 2000, tests of screeners conducted in 1987 revealed that screeners missed 20 percent of the potentially dangerous objects that FAA used in its tests, and test data from 1991 through 1999 showed a declining trend in the rate of detection. At that time, FAA characterized this level of performance as unsatisfactory. The more recent results showed that as testing got more realistic-that is, as tests more closely approximated how a terrorist might attempt to penetrate a checkpoint-screeners' performance declined significantly. A principal cause of screeners' performance problems was rapid turnover and insufficient training. Turnover exceeded over 100 percent a year at most large airports, leaving few skilled and experienced screeners, primarily because of low wages, limited benefits, and repetitive, monotonous work.
Before September 2001, controls for limiting access to secure areas of airports, including aircraft, did not always work as intended. As we reported in May 2000, our special agents used fictitious law enforcement badges and credentials to gain access to secure areas, bypass security checkpoints at two airports, and walk unescorted to aircraft departure gates. The agents, who had been issued tickets and boarding passes, could have carried weapons, explosives, or other dangerous objects onto aircraft. DOT's Inspector General also documented numerous problems with airport access controls, and in one series of tests, nearly 7 out of every 10 attempts by the Inspector General's staff to gain access to secure areas were successful.
Before September 2001, our reviews of FAA's oversight of air traffic control computer systems showed that FAA had not ensured the security of these systems or of the facilities that house them. Our reviews also found that FAA had not ensured that the contractors who had access to the air traffic control computer systems had undergone background checks. The air traffic control computer systems provide information to air traffic controllers and aircraft flight crews to help ensure the safe and expeditious movement of aircraft. Failure to protect these systems and their facilities could cause a nationwide disruption of air traffic or even a loss of life due to collisions. Because of the vulnerabilities we identified, the air traffic control system was susceptible to intrusion and malicious attacks.
Over the years, we made numerous recommendations to FAA to improve screeners' performance, strengthen airport access controls, and better protect air traffic control computer systems and facilities. As of September 2001, FAA had implemented some of these recommendations and was addressing others, but its progress was often slow. In addition, many initiatives were not linked to specific deadlines, making it difficult to monitor and oversee their implementation.
Before September 2001, many transit agencies were implementing measures to enhance transit safety and security, such as revising emergency plans and training employees in emergency preparedness. According to transit agency officials, the 1995 sarin gas attack on the Tokyo subway system and experiences during natural disasters had served as catalysts for the agencies to focus on safety and security. The officials said the terrorist attacks on September 11 elevated the importance of security.
Concerns about the security of the nation's ports were recognized even before the September 11 attacks. Ports are inherently vulnerable to terrorist attacks and make desirable targets because of their size, accessibility by water and land, location in metropolitan areas, volume of material transported, and ready transportation links to interior locations. Moreover, a terrorist act at one of these seaports could result in extensive loss of lives, property, and business and could impact the nation's economy if the free flow of trade is disrupted. In August 2000, the Interagency Commission on Crime and Security in U.S. Seaports estimated that the costs to upgrade the security infrastructure at the nation's 361 ports ranged from $10 million to $50 million per port.
Since September 2001, Federal Agencies Have Put People, Policies, and Procedures in Place to Strengthen Transportation Security
Since September 2001, federal and local agencies have been trying to assess and address the monumental challenges they face in attempting to strengthen the security of the nation's transportation systems. As we testified on September 20, 2001, the enormous size of the U.S. airspace alone defies easy protection, and no form of travel can ever be made totally secure. Providing aviation security means protecting hundreds of airports, thousands of planes, and tens of thousands of daily flights. Providing transit and port security also poses daunting challenges. For example, about 6,000 agencies provide transit services through buses, subways, ferries, and light rail service to about 14 million Americans each weekday, and millions of containers are imported into the United States through more than 300 public and private U.S. seaports with more than 3,700 cargo and passenger terminals.
Following the September 11 attacks, DOT faced several urgent aviation security challenges, such as meeting newly-established screening deadlines and addressing security gaps that we and others, including DOT's Inspector General, had identified. In November 2001, TSA assumed responsibility under the Aviation and Transportation Security Act for screening passengers and property. (See fig. 1.) The act required it to hire and deploy federal passenger screeners by November 19, 2002, and to screen all checked baggage using explosives detection systems by December 31, 2002. In addition, FAA established a requirement for installing reinforced cockpit doors in aircraft.
Figure 1: Passengers Being Screened at a Security Checkpoint (Source: FAA)
TSA has made considerable progress in addressing aviation security challenges. For example, according to TSA, it
- met the November 2002 deadline by hiring and deploying over 40,000 passenger screeners to screen passengers at 429 commercial airports;
- hired and deployed more than 20,000 of an estimated 22,000 baggage screeners as of mid-December 2002 to screen all checked baggage;
- has been using explosives detection systems or explosives trace detection equipment to screen about 90 percent of all checked baggage as of December 31, 2002;
- has been using alternative means such as canine teams, hand searches, and passenger-bag matching to screen the remaining checked baggage; and
- has made substantial progress in expanding the Federal Air Marshal Service.
Furthermore, according to an FAA official, as of March 21, 2003, FAA had approved designs for reinforcing the cockpit doors of over 98 percent of the commercial fleet's 5,750 aircraft, 80 percent of the doors had been installed, and kits had been ordered for the remaining doors. As of mid-December 2002, however, TSA still had to complete the installation of most of the explosives detection equipment needed to screen baggage to meet the act's baggage-screening requirements. At that time, according to TSA, it had installed 239 of the 1,100 explosives detection machines and 1,951 of the 6,000 trace detection machines that it had estimated were needed.
Although TSA has focused much effort and funding on ensuring that bombs and other threat items are not carried onto planes by passengers or in their luggage, vulnerabilities exist in securing the cargo carried aboard commercial passenger and all-cargo aircraft. The Aviation and Transportation Security Act requires that all cargo carried aboard commercial passenger aircraft be screened and that TSA have a system in place as soon as practicable to screen, inspect, or otherwise ensure the security of cargo on all-cargo aircraft. The "known shipper" program-which allows shippers that have established business histories with air carriers or freight forwarders to ship cargo on planes-is TSA's primary approach to ensuring air cargo security and safety and to complying with the cargo screening requirement of the act. However, we and DOT's Inspector General have identified weaknesses in the known shipper program and in TSA's procedures for approving freight forwarders.
Since September 2001, TSA has taken a number of actions to enhance cargo security, such as implementing a database of known shippers in October 2002. The database is the first phase in developing a cargo-profiling system similar to the computer-assisted passenger prescreening system. However, in December 2002, we reported that additional operational and technological measures, such as checking the identity of individuals making cargo deliveries, have the potential to improve air cargo security in the near term. We further reported that TSA lacks a comprehensive plan with long-term goals and performance targets for cargo security, time frames for completing security improvements, and risk-based criteria for prioritizing actions to achieve those goals. Accordingly, we recommended that TSA develop a comprehensive plan for air cargo security that incorporates a risk management approach, includes a list of security priorities, and sets deadlines for completing actions; TSA agreed with this recommendation.
Since September 2001, TSA has taken only a few actions related to general aviation security, leaving it far more open and potentially vulnerable than commercial aviation. General aviation includes more than 200,000 privately owned airplanes, which are located in every state at more than 19,000 airports. Over 550 of these airports also provide commercial service. General aviation's vulnerability was revealed in January 2002, when a Florida teenager (and flight student) crashed a single-engine Cessna airplane into a Tampa skyscraper. FAA has since issued a notice with voluntary guidance for flight schools that suggests such measures as using different keys to gain access to an aircraft and start the ignition, not giving students access to aircraft keys, ensuring positive identification of flight students, and reporting suspicious activities. However, because the guidance is voluntary, it is unknown how many flight schools have implemented these measures.
Since September 2001, FAA has continued to strengthen the security of the nation's air traffic control computer systems and facilities in response to 39 recommendations we made between May 1998 and December 2000. However, more must be done to ensure that critical information systems are not at risk of intrusion and attack. Among its accomplishments, FAA has established an information systems security management structure under its Chief Information Officer, whose office has developed an information systems security strategy, security architecture (i.e., overall blueprint), security policies and directives, and a security awareness training campaign. This office has also managed FAA's incident response center and implemented a certification and accreditation process to ensure that vulnerabilities in current and future air traffic control systems are identified and weaknesses addressed. Nevertheless, the office faces continued challenges in increasing its intrusion detection capabilities, obtaining accreditation for systems that are already operational, and managing information systems security throughout the agency. In addition, according to senior security officials, FAA has completed assessments of the physical security of its staffed facilities, but has not yet accredited all of these air traffic control facilities as secure in compliance with agency policy. Finally, FAA has worked aggressively over the past 2 years to complete background investigations on numerous contractor employees. However, ensuring that all new contractors are assessed to determine which employees require background checks and that those checks are completed in a timely manner will be a continuing challenge for the agency.
Transit agencies face significant challenges in making their systems secure, in part because certain characteristics that make them vulnerable also make them difficult to secure. For example, the high ridership of some transit agencies makes them attractive targets for terrorists but also makes the use of certain security measures, like metal detectors, impractical. Despite such challenges, transit agencies have taken a number of steps to improve the security of their systems. In December 2002, after visiting 10 transit agencies and surveying 200, we reported that these agencies had implemented new security initiatives or increased the frequency of existing activities since September 2001. For example, many transit agencies had assessed vulnerabilities, provided additional training on emergency preparedness, revised emergency plans, and conducted multiple emergency drills. (See fig. 2.) Several agencies we visited had also implemented innovative practices to enhance safety and security, such as training police officers to drive buses and implementing an employee suggestion program to solicit ideas for improving security.
Figure 2: Emergency Transit Drill in Progress
After September 2001, the Federal Transit Administration (FTA), which has limited authority to oversee and regulate transit security, launched a multipart security initiative. Although most of the transit agencies we visited said this initiative was useful, they wanted the federal government to provide more assistance to support transit security, such as more information, help in obtaining security clearances, increased funding, and more security-related research and development. To give transit agencies greater flexibility in paying for transit security improvements, we recommended that the Secretary of Transportation consider seeking a legislative change to allow all transit agencies, regardless of the size of the urbanized area they serve, to use urbanized area formula funds for security-related operating expenses. We also recommended that the Secretary of Transportation develop risk-based criteria for distributing federal funds to transit agencies for high-priority security improvements. The department agreed to carefully consider our recommendations as it continues working to improve transit security around the country.
Since September 2001, the federal government's role in transit security has been evolving. Although TSA has thus far focused primarily on aviation, it is responsible under the Aviation and Transportation Security Act for the security of all modes of transportation. In December 2002, we reported that TSA and FTA were working to develop a memorandum of agreement that would define each agency's roles and responsibilities for transit security.
Since September 2001, federal agencies, state and local authorities, and private sector stakeholders have done much to address vulnerabilities in the security of the nation's ports. The Coast Guard, in particular, has acted as a focal point for assessing and addressing security concerns. After September 11, the Coast Guard responded by refocusing its efforts and repositioning vessels, aircraft, and personnel not only to provide security, but also to increase visibility in key maritime locations. Some of its actions included (1) conducting initial risk assessments of ports, which identified high-risk infrastructure and facilities and helped determine how the Coast Guard's small boats would be used for harbor security patrols; (2) initiating new guidelines for developing security plans and implementing security measures for passenger vessels and passenger terminals; and (3) beginning a process to comprehensively assess the security conditions of 55 U.S. ports over a 3-year period.
In addition, shortly after September 11, the Coast Guard began requiring ships to provide earlier notification of their scheduled arrival at a U.S. port. All vessels over 300 gross tons are now required to contact the Coast Guard 96 hours-up from 24 hours-before they are scheduled to arrive at a U.S. port. Each vessel must provide information on its destination, its scheduled arrival, the cargo it is carrying, and a roster of its crew members. The information, which is processed and reviewed by the Coast Guard's National Vessel Movement Center, is used in conjunction with data from various intelligence agencies to identify "high-interest" vessels. Decisions on appropriate actions to be taken with respect to such vessels, such as whether to board, escort, or deny entry to them, are based on established criteria and procedures.
Figure 3: Inspecting Millions of Containers that Arrive at U.S. Ports Remains a Challenge (Source: © 1995 Nova Development Corporation.)
Two other key federal agencies-the Customs Service and the Immigration and Naturalization Service-also have actions under way to begin to address such issues as container security and the screening of persons seeking entry into the United States. With more than 6 million containers a year entering U.S. ports, examining them all has not been possible. Using a targeted approach, Customs physically inspects about 2 percent of the containers that enter the country. New initiatives by the Customs Service would widen inspection coverage. For example, the Customs Service's Container Security Initiative focuses on placing U.S. Customs inspectors at the ports of embarkation to target containers for inspection; the Customs Trade Partnership Against Terrorism focuses on efforts by importers and others to enhance security procedures along their supply chain; and Operation Safe Commerce focuses on using new technology, such as container seals, to help shippers ensure the integrity of the cargo included in containers being sent to the United States.
Transportation Security Poses Long-Term Institutional Challenges
Efforts to strengthen transportation security face several long-term institutional challenges that include (1) developing a comprehensive risk management approach, (2) ensuring that funding needs are identified and prioritized and costs are controlled, (3) establishing effective coordination among the many responsible public and private entities, (4) ensuring adequate workforce competence and staffing levels, and (5) implementing security standards for transportation facilities, workers, and security equipment.
To achieve transportation security as well as homeland security, it will be important to effectively manage the risks posed by terrorist threats and direct national resources to the areas of highest priority. We have advocated the use of a risk management approach to guide federal programs and responses to better prepare for and withstand terrorist threats. A risk management approach is a systematic process to analyze threats, vulnerabilities, and the criticality (or relative importance) of assets to better support key decisions linking resources with prioritized efforts for results. Figure 4 describes this approach.
A threat assessment identifies and evaluates potential threats on the basis of factors such as capabilities, intentions, and past activities. This assessment represents a systematic approach to identifying potential threats before they materialize. However, even if updated often, a threat assessment might not adequately capture some emerging threats. The risk management approach, therefore, uses vulnerability and criticality assessments as additional input to the decision-making process.
A vulnerability assessment identifies weaknesses that may be exploited by identified threats and suggests options to address those weaknesses.
A criticality assessment evaluates and prioritizes assets and functions in terms of specific criteria, such as their importance to public safety and the economy. The assessment provides a basis for identifying which structures or processes are relatively more important to protect from attack. As such, it helps managers to determine operational requirements and target resources to the highest priorities while reducing the potential for targeting resources to lower priorities.
Figure 4: Elements of a Risk Management Approach (Source: GAO.)
Our work has shown that TSA and some of DOT's modal administrations have partially developed risk management approaches. For example, in the fall of 2001, FAA completed an assessment of the threats to and vulnerabilities of air cargo. The assessment examined a single scenario-a terrorist attempting to place a bomb on a commercial passenger aircraft-but did not address the shipment's vulnerability to tampering along the route from the shipper to the aircraft. In December 2002, we also reported that FTA obtains threat information from a variety of sources, including the Federal Bureau of Investigation, and had started to identify the most critical transit infrastructure. Moreover, according to agency officials and our survey results, many transit agencies are conducting vulnerability or security assessments. Finally, as noted, the Coast Guard has already conducted initial risk assessments of the nation's ports, established new security guidelines, and is planning for comprehensive assessments of security conditions at 55 U.S. ports. We have recommended that TSA conduct a comprehensive plan for air cargo security that incorporates a risk management approach, and we have recommended that FTA use a risk-based approach in prioritizing funding decisions for security projects. Both TSA and FTA agreed with our recommendations. Comprehensive risk-based assessments are important for all the modes and support effective planning and resource allocation.
Two key funding and accountability challenges will be (1) paying for increased transportation security and (2) ensuring that these costs are controlled. The costs associated with acquiring equipment and personnel for improving aviation security alone are huge. Although TSA estimates that it will need about $4.8 billion for aviation security in fiscal year 2003, it estimates that revenues from the new passenger security fee will pay for only around one-third ($1.7 billion) of that amount. As a result, TSA will need a major cash infusion at a time when federal budget deficits are growing. Similarly, many of the planned security improvements for surface transportation facilities, such as seaports and mass transit, require costly outlays for infrastructure, technology, and personnel at a time when weakening local economies have reduced local transportation agencies' abilities to fund security improvements.
Estimates of the funding needed to pay for port security far outstrip the amounts made available to date. As we reported in August 2002, the Congress appropriated $93 million to fund security improvements at the nation's 361 ports in fiscal year 2002, but TSA received applications for as much as $697 million for these improvements. Efforts by the Coast Guard to develop security standards for ports, which we reported in August 2002, should help to identify and prioritize needs so that limited funds can be targeted to the highest risks at each port. Additional funding will be needed to comply with provisions of the Maritime Transportation Security Act, enacted in November 2002, which require, among other things, that regulations be developed for the preparation and submission of vessel and facility security plans and that vulnerability assessments be conducted for vessels and U.S. port facilities.
In July 2002, we reported that long-term attention to cost and accountability controls for acquisition and related business processes will be critical both to ensuring TSA's success and to maintaining its integrity and accountability. According to DOT's Inspector General, although TSA has made progress in addressing certain cost-related issues, it has not established an infrastructure that provides effective controls to monitor contractors' costs and performance. To ensure control over TSA contracts, DOT's Inspector General has recommended that the Congress set aside a specific amount of TSA's contracting budget for overseeing contractors' performance with respect to cost, schedule, and quality.
In considering the federal government's role in meeting long-term funding challenges, several issues will need to be addressed beyond determining who should pay for the security enhancements and how much agency functions should be funded. An important consideration is what criteria are most appropriate for distributing federal funds-the most common of which have been ridership level, population, identified vulnerabilities, and criticality of assets. Another important consideration, as we reported in September 2002, is what federal policy instruments-grants, loan guarantees, tax incentives, and partnerships-are most appropriate to motivate or mandate other levels of government or the private sector to help address security concerns. Finally, it will be important to consider how to allocate funds between competing needs and measure whether we are achieving the increased security benefits envisioned.
Since September 2001, federal, state, and local surface transportation agencies and the private sector have begun rethinking roles and responsibilities for transportation security. One challenge to achieving national preparedness hinges on the federal government's ability to form effective partnerships among entities that implement security measures at the local level. Effective, well-coordinated partnerships require identifying roles and responsibilities; developing effective collaborative relationships with local and regional transportation, emergency management, and law enforcement agencies; agreeing on performance-based standards that describe desired outcomes; testing procedures that implement roles and responsibilities; and sharing intelligence information.
Although TSA has focused primarily on aviation security challenges since its creation in November 2001, it is working toward defining the roles and responsibilities for surface transportation security. Specifically, TSA is developing memorandums of agreement with the modal administrations within DOT that are expected to delineate the lines of authority between the parties and establish their specific responsibilities for transportation security. TSA had planned to complete the agreements by March 1, 2003, but has not done so yet.
Coordination challenges will continue now that TSA has been transferred to the new Department of Homeland Security. The Department of Homeland Security and DOT will have to work closely to ensure the development of sound security policies and procedures and the effective implementation of those procedures by the many public and private transportation systems' stakeholders. TSA will also have to ensure that the terrorist and threat information gathered and maintained by law enforcement and other agencies-including the Federal Bureau of Investigation, the Immigration and Naturalization Service, the Central Intelligence Agency, and the Department of State-is quickly and efficiently communicated among federal agencies and to state and local authorities, as needed. In aviation security, timely information sharing among agencies has been hampered by organizational cultures reluctant to share sensitive information and by outdated, incompatible computer systems.
In surface transportation, timely information sharing has been hampered by the lack of standard protocols to exchange information among federal, state, and local government agencies and private entities. DOT should have a critical role in ensuring that information on best practices is shared with local transportation agencies. Finally, as we reported in September 2002, intelligence sharing can be hampered if personnel in surface transportation agencies have difficulty acquiring the security clearances needed to obtain critical intelligence information.
As it organizes itself to protect the nation's transportation system, TSA faces the challenge of strategically managing its workforce of more than 60,000 people, most of whom are deployed at airports or on aircraft to detect weapons and explosives and to prevent them from being taken aboard and used on aircraft. To assist agencies in managing their human capital more strategically, we have developed a model that identifies cornerstones and related critical success factors that agencies should apply and steps they can take. Our model is designed to help agency leaders effectively lead and manage their people and integrate human capital considerations into daily decision-making and the program results they seek to achieve. In January 2003, we reported that TSA is addressing some critical human capital success factors by hiring personnel, using a wide range of tools available for hiring, and beginning to link individual performance to organizational goals. However, concerns about TSA's approach to compensation and progress in setting up a performance management system remain. For example, DOT's Inspector General expressed concern about TSA's approach to compensation. TSA is basing its compensation system on FAA's pay banding approach, which allows the agency to hire employees anywhere within broad pay bands for their positions. Last summer, the Inspector General reported that TSA's salary levels for law enforcement and general and administrative positions were higher than for comparable positions in other agencies. TSA was also behind schedule in establishing a performance management system linked to organizational goals. Such a system will be critical for TSA to motivate and manage staff, ensure the quality of screeners' performance, and ultimately, restore public confidence in air travel.
Security Standards for Surface Transportation
Security standards for transportation facilities, workers, and security equipment define the level of security that is needed and the safeguards that should be in place to meet identified security needs. Adequate standards, consistently applied, are important to ensure that operators improve their security practices in modes where lax security could make surface transportation facilities attractive targets for terrorists. New security standards are being developed in some modes and are being considered in other modes. For example, new security standards are being developed for ports to prevent unauthorized persons from gaining access to sensitive areas, detect and intercept intrusions, check the backgrounds of those whose jobs require access to port facilities, and screen travelers and other visitors to port facilities. The Maritime Transportation Security Act of 2002, enacted November 25, 2002, requires the development of (1) port security regulations for access controls, background checks, and vessel and facility security plans and (2) performance standards for seals and locks on shipping containers. In addition, legislation proposed in the last session of Congress would require DOT to prescribe standards for pipeline security programs and to approve or disapprove each pipeline operator's program on the basis of the operator's adherence to these standards. However, industry representatives have told us that they would prefer a nonregulatory approach, citing concerns about the need for flexibility in designing security programs suitable for each pipeline facility.
While progress has been made in developing security standards, challenges remain in implementing them. There is little precedent for how to enforce standards because the size, complexity, and diversity of surface transportation facilities do not lend themselves to an enforcement approach similar to the one adopted for airports after September 11. Implementing standards is also difficult because it requires consensus and compromises on the part of stakeholders. To the degree that some stakeholders believe that security actions are unnecessary or conflict with other goals and interests, achieving consensus about what to do will be difficult.
Where do we stand today? How much more secure are we now than we were before September 11? After spending billions of dollars on people, policies, and procedures to improve security, we are much more secure now than we were then, but we can never be completely secure. Today, we have better intelligence, coordination, and communication; we have plans to alert the public to threats; and we are all more alert to the possibility of threats. Yet major vulnerabilities remain, particularly in air cargo, general aviation, mass transit, and port security. Addressing these vulnerabilities will continue to require risk assessments and plans that balance security concerns against mobility needs and consider how much the nation can afford to spend for security improvements in light of other competing demands for limited funds.
Mr. Chairman, this concludes my statement. I would be pleased to answer any questions that you or other members of the Commission may have.
Dr. Dillingham is currently serving as the Director of Civil Aviation Issues for the U.S. General Accounting Office (GAO) in Washington, D.C. The General Accounting Office is the investigative and research arm of the U.S. Congress. He is responsible for directing program evaluations and policy analyses related to all aspects of civilian aviation, including safety, environment, air traffic control, airport development and international aviation issues.
Dr. Dillingham received his Masters and Doctorate degrees from the University of Chicago and was a postdoctoral scholar at the University of California-Los Angeles. Recognized as a national authority on aviation issues, he has testified as an expert witness before numerous committees of the U.S. Congress.