GAO reports on TSA Acquisition of Screening Technology and TWIC Pilot
TSA acquisition programs represent billions of dollars in life cycle costs and support a range of aviation security programs, including technologies used to screen passengers and checked baggage. Within DHS, TSA is responsible for establishing requirements for testing and deploying transportation system technologies. Since 2010, GAO has reported that DHS and TSA faced challenges in managing acquisition efforts, including deploying technologies that did not meet requirements and were not appropriately tested and evaluated.
A new GAO testimony entitled "DHS and TSA continue to face challenges developing and acquiring screening technologies" discusses (1) the extent to which TSA addressed challenges relating to developing and meeting program requirements, testing new screening technologies, and delivering capabilities within cost and schedule estimates for selected programs, and (2) DHS efforts to strengthen oversight of component acquisition processes. This testimony is based on GAO products issued from January 2010 through January 2013, including selected updates conducted in March 2013 on TSA's efforts to implement GAO's prior recommendations and preliminary observations from ongoing work. To conduct the updates and ongoing work, GAO analyzed documents, such as the AIT road map, and interviewed TSA officials
For example, in January 2012, GAO reported that TSA faced challenges developing and meeting key performance requirements for the acquisition of advanced imaging technology (AIT) - i.e., full-body scanners. Specifically, GAO found that TSA did not fully follow Department of Homeland Security (DHS) acquisition policies when acquiring AIT, which resulted in DHS approving nationwide AIT deployment without full knowledge of TSA's revised specifications. DHS required TSA to notify DHS's Acquisition Review Board (ARB) if AIT could not meet any of TSA's five key performance parameters or if TSA changed a key performance parameter during testing. However, GAO found that the ARB approved TSA for full-scale production without reviewing the changed parameters.
Within DHS, TSA and USCG manage the TWIC program, which requires maritime workers to complete background checks and obtain biometric identification cards to gain unescorted access to secure areas of Maritime Transportation Security Act (MTSA)-regulated entities. TSA conducted a pilot program to test the use of TWICs with biometric card readers in part to inform the development of a regulation on using TWICs with card readers. As required by law, DHS reported its findings on the pilot to Congress on February 27, 2012. The Coast Guard Authorization Act of 2010 required that GAO assess DHS's reported findings and recommendations. Thus, GAO assessed the extent to which the results from the TWIC pilot were sufficiently complete, accurate, and reliable for informing Congress and the proposed TWIC card reader rule. GAO reviewed pilot test plans, results, and methods used to collect and analyze pilot data since August 2008, compared the pilot data with the pilot report DHS submitted to Congress, and conducted covert tests at four U.S. ports chosen for their geographic locations. The test's results are not generalizable, but provide insights.
GAO's review of the pilot test aimed at assessing the technology and operational impact of using the Transportation Security Administration's (TSA) Transportation Worker Identification Credential (TWIC) with card readers showed that the test's results were incomplete, inaccurate, and unreliable for informing Congress and for developing a regulation (rule) about the readers. Challenges related to pilot planning, data collection, and reporting affected the completeness, accuracy, and reliability of the results. These issues call into question the program's premise and effectiveness in enhancing security.
Planning. The Department of Homeland Security (DHS) did not correct planning shortfalls that GAO identified in November 2009. GAO determined that these weaknesses presented a challenge in ensuring that the pilot would yield information needed to inform Congress and the regulation aimed at defining how TWICs are to be used with biometric card readers (card reader rule). GAO recommended that DHS components implementing the pilot--TSA and the U.S. Coast Guard (USCG)--develop an evaluation plan to guide the remainder of the pilot and identify how it would compensate for areas where the TWIC reader pilot would not provide the information needed. DHS agreed and took initial steps, but did not develop an evaluation plan, as GAO recommended.
Data collection. TSA officials said challenges, such as readers incapable of recording needed data, prevented them from collecting complete and consistent pilot data. Thus, TSA could not determine whether operational problems encountered at pilot sites were due to TWIC cards, readers, or users, or a combination of all three.