TSA

The Transportation Security Administration’s (TSA) methods for classifying its Office of Inspection (OOI) criminal investigators as law enforcement officers were adequate and valid, but the data TSA used were not adequate or valid. TSA’s criminal investigators spend at least 50 percent of their time performing criminal investigative duties to be classified as law enforcement officers. The FY 2017 timesheet data TSA used to validate that its criminal investigators met the 50 percent requirement were not adequate and valid as the data were not always timely submitted and approved. This occurred because OOI officials lacked oversight and accountability for the timesheet submission, review, and approval processes. Further, criminal investigators and their supervisors did not always complete and approve certification forms as required to verify eligibility for premium pay. In some instances, incorrect timesheet calculations inflated the annual average of unscheduled duty hours criminal investigators worked to be eligible for premium pay. OOI management did not develop and implement guidance to review these key calculations annually. Without better oversight and valid timesheet data, TSA cannot ensure it is accurately classifying criminal investigators as law enforcement officers. TSA also may be wasting agency funds on criminal investigators ineligible to receive premium pay. We made four recommendations that, when implemented, should help TSA improve data used to classify its OOI criminal investigators as law enforcement officers. TSA concurred with all of our recommendations.

The Transportation Security Administration (TSA) needs to continue to improve its retention, hiring, and training of Transportation Security Officers (TSO). Specifically, TSA needs to better address its retention challenges because it currently does not share and leverage results of TSO exit surveys and does not always convey job expectations to new-hires. TSA does not fully evaluate applicants for capability as well as compatibility when hiring new TSOs. Thus, the agency may be making uninformed hiring decisions due to inadequate applicant information and a lack of formally documented guidance on ranking potential new-hires

The objective was to determine whether TSA implemented proper procedures to safeguard the secure areas of our Nation’s airports and whether airports, aircraft operators, and contractors were complying with TSA’s security requirements to control access to these areas.

We identified vulnerabilities with various airport access control points and associated access control procedures. We made six recommendations related to standard operating procedures, deployment of new technology, identification of industry best practices, and training.

As a follow-up to our 2017 report on TSA’s Federal Air Marshal Service’s (FAMS) domestic flight operations, we conducted this audit to determine the extent to which FAMS can interdict an improvised explosive device during flight. We identified vulnerabilities with FAMS’ contribution to international flight security. Details related to FAMS operations and flight coverage presented in the report are classified or designated as Sensitive Security Information. We made two recommendations.

The Department of Homeland Security (DHS) did not promptly fulfill its first requirement mandated by Public Law 114-278. Specifically, DHS delayed commissioning a comprehensive assessment of the effectiveness of the Transportation Security Card Program in enhancing security and reducing security risks for facilities and vessels. The public law required the assessment to begin no later than 60 days after its enactment. However, DHS did not award a work order for the assessment for more than a year after the deadline.  TSA only partially complied with requirements mandated by the public law. Of the six required actions, TSA partially complied with two and fully complied with four. We have concerns with aspects of TSA’s responses to all of the required actions.

DHS did not complete an assessment of the security value of the Transportation Worker Identification Credential (TWIC) program as required by law.  This occurred because DHS experienced challenges identifying an office responsible for the effort.  As a result, Coast Guard does not have a full understanding of the extent to which the TWIC program addresses security risks in the maritime environment.  This will continue to impact the Coast Guard’s ability to properly develop and enforce regulations governing the TWIC program. For example, Coast Guard did not clearly define the applicability of facilities that have certain dangerous cargo in bulk when developing a final rule to implement the use of TWIC readers at high-risk maritime facilities.  Without oversight and policy improvements in the TWIC program, high-risk facilities may continue to operate without enhanced security measures, putting these facilities at an increased security risk. In addition, Coast Guard needs to improve its oversight of the TWIC program to reduce the risk of transportation security incidents.  Due to technical problems and lack of awareness of procedures, Coast Guard did not make full use of the TWIC card’s biometric features as intended by Congress to ensure only eligible individuals have unescorted access to secure areas of regulated facilities.  During inspections at regulated facilities from FYs 2016 through 2017, Coast Guard only used electronic readers to verify, on average, about one in every 15 TWIC cards against TSA’s canceled card list.  This occurred because the majority of the TWIC readers in the field have reached the end of their service life.  Furthermore, the Coast Guard’s guidance governing oversight of the TWIC program is fragmented, which led to confusion and inconsistent inspection procedures.  This resulted in fewer regulatory confiscations of TWIC cards.  The Department concurred with our four recommendations, and described the corrective actions it is taking and plans to take.

Despite dedicating approximately $272 million to ground-based activities, including VIPR operations, FAMS could not demonstrate how these activities contributed to TSA’s mission. Visible Intermodal Prevention and Response (VIPR) operations, in which VIPR teams collaborate with local law enforcement to augment security at transportation hubs through an increased visible deterrent force.

FAMS could not demonstrate how these activities contributed to TSA’s mission. During our assessment of FAMS’ contributions to TSA’s layered approach to security, we determined that FAMS lacked performance measures for the 24 strategic initiatives and most ground-based activities outlined in its strategic plan. Additionally, FAMS’ VIPR operations performance measures fail to determine the program’s effectiveness. FAMS could not provide a budget breakout by division or operational area.