This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. GAO Accountability * Integrity * Reliability United States General Accounting Office June 4, 2004 The Honorable Joseph I. Lieberman Committee on Governmental Affairs United States Senate The Honorable Jim Turner Ranking Minority Member Select Committee on Homeland Security House of Representatives In November 2001, shortly after the September 11 terrorist attacks, You requested that we examine TSA's efforts to strengthen security related To perform these assessments, we analyzed TSA data on security evaluations conducted and funds distributed to commercial airports for security improvements. We also reviewed pertinent legislation, regulatory requirements, and policy guidance. To determine to what extent TSA had met requirements, we discussed with our Office of General Counsel specific requirements contained in three sections of the act: Section 106 (requirements for evaluating airport access controls, testing and evaluating security technologies, and providing technical and financial support to small and medium-sized airports); Section 136 (recommending commercially available measures to prevent access to secure airport areas and developing a deployment strategy for available technology at all large airports); and Section 138 (performing background checks for all employees with unescorted access to secured airport areas, among others). We obtained and analyzed TSA data on security breaches, covert testing, inspections of airport compliance with security regulations, and vulnerability assessments. (TSA's covert testing data and information on the test program are classified and are the subject of a separate classified GAO report.) We discussed the threat scenarios used in TSA vulnerability assessments with TSA officials to identify those related to perimeter and access control security. We obtained and analyzed data from the Federal Aviation Administration (FAA) and TSA on perimeter and access controlrelated security funds distributed to commercial airport nationwide. We reviewed reports on aviation security issued previously by GAO and the Department of Transportation Inspector General. In addition, we conducted site visits at 12 commercial airports to observe airport security procedures and discuss issues related to perimeter and access control security with airport operator officials. These were Boston Logan International Airport, Atlanta Hartsfield Jackson International Airport, Ronald Reagan Washington National Airport, Washington Dulles International Airport, Orlando International Airport, Tampa International Airport, Miami International Airport, Los Angeles International Airport, San Francisco International Airport, Middle Georgia Regional Airport, Chattanooga Metropolitan Airport, and Columbus Metropolitan Airport. At 10 of these airports, we analyzed a sample of records to verify that the procedures to reduce the security risk of airport workers were followed. We also discussed security issues with TSA airport and headquarters officials, airport security coordinators at each of the nation's 21 largest Results in Brief and busiest airports (referred to by TSA as "category X" airports), as well as airport industry representatives. More detailed information on our scope and methodology is contained in appendix I. We conducted our review from June 2003 through March 2004 in accordance with generally accepted government auditing standards. TSA has begun evaluating the security of airport perimeters and the TSA has helped some airports enhance perimeter and access control security by providing funds for security equipment, such as electronic surveillance systems. TSA has also begun efforts to evaluate the effectiveness of security-related technologies, such as biometric identification systems. Responsibility for funding most airport security projects shifted in December 2003 from FAA to TSA. As a result, TSA is developing new policies to determine how to review, approve, and prioritize security project funding. However, TSA has not yet begun to gather data on airport operators' historical funding of security projects and current needs to aid the agency in setting funding priorities. Nor has |