Detailed Information on the
Transportation Security Administration: Surface Transportation Security Assessment

TSA will develop a performance management system that clearly defines and quantifies performance standards and accountability for managers. Institutional guidance will be provided to all staff on the establishment of this new system and development of personnel performance evaluation criteria.

TSA will establish baselines and targets for its long-term, annual and efficiency measures in FY 2009.

TSA will establish baselines and targets for its long-term, annual and efficiency measures in FY 2009.

By the end of FY 2008, TSA Surface Transportation will create a timeline and project plan for developing a long term risk reduction outcome measure for the Pipeline mode

Measure: Percent reduction in risk from Toxic Inhalation Hazard bulk cargoes in rail transportation

Explanation:The Toxic Inhalation Hazard (TIH) Risk Reduction Program strives to reduce the risk posed by TIH materials, the most toxic chemicals transported by rail in the US, including chlorine and anhydrous ammonia. Through a partnership with American and Canadian railroads, TSA gathers railcar movement data, focusing on the time a loaded rail car is standing unattended in a DHS-designated high threat urban area (HTUA). This period of time is referred to as "dwell time". TSA uses a risk calculation comprised of 4 elements: 1) the amount of "dwell time" in hours; 2) the specific HTUA; 3) the Population Proximity Factor (PPF); and 4) whether the car is attended or unattended. The level of risk will be compared to the baseline risk level, which is calculated from the period prior to the adoption of TSA/DOT issued Security Action Items (SAI) designed to enhance the security of TIH shipments. The rail industry began implementing the voluntary SAI's in June 2006 making the preceding 12 month period, June 1, 2005 through May 31, 2006 the most accurate reflection of rail industry security prior to SAI implementation and therefore the appropriate baseline period. A risk score for the baseline 12 month period has been computed using the following formula: (total unattended TIH dwell hours) X (HTUA Value ) X (PPF Rating). The unattended TIH dwell hours are derived from documented railcar movement data and historical surveys. The HTUA Value is a multiplier of 1 to 5 and is predicated on the total population within the HTUA. A greater population results in a higher value. The PPF rating is a multiplier of 1 to 3 and is predicated on the population density within a 1 mile radius of unattended TIH railcars. A greater population results in a higher rating. TSA will employ the same methodology to compute yearly risk scores which will be compared to the baseline risk score for variance. The targets detailed below represent risk score reductions i.e. improvements from the baseline risk score.

Measure: Percent of mass transit and passenger rail agencies that are in full compliance with industry agreed upon Security and Emergency Management Action items to improve security

Explanation:TSA assesses and evaluates the security posture of the mass transit and passenger rail modes through the Baseline Assessment for Security Enhancement (BASE) program. Transportation Security Inspectors-Surface assess the security posture of mass transit and passenger rail agencies in 17 Security and Emergency Management Action Items. The Action Items cover a range of areas that are foundational to an effective security program, including security program management and accountability, security and emergency response training, drills and exercises, public awareness, protective measures for Homeland Security Advisory System (HSAS) threat levels, physical security, personnel security, and information sharing and security. Particular emphasis is placed on posture in the six Transit Security Fundamentals: protection of underwater/underground infrastructure; protection of high risk assets and systems identified in system risk assessments; random, unpredictable security activities; security training; exercises and drills; and public awareness and preparedness campaigns. The Action Items are rooted in an approach initiated by the Federal Transit Administration (FTA) in the aftermath of the 9/11 attacks. FTA produced the Top 20 Security Actions for Mass Transit Systems in the aftermath of the 9/11 attacks, completing assessments of 37 of the largest transit agencies in the country. The current 17 Action Items resulted from a coordinated review and update among TSA, FTA, and the mass transit and passenger rail community represented by the Mass Transit Sector Coordinating Council. These entities also coordinated in the development of the assessment checklist, along with the Transit Policing and Security Peer Advisory Group, a representative body of 15 law enforcement chiefs and security directors from mass transit and passenger rail agencies around the country. Periodic review and completion of needed refinements will remain a key component of this program. During FY 2007, TSA focused on the 50 largest mass transit and passenger rail agencies by passenger volume. In FY 2008, TSA expanded the effort to cover agencies ranked 51 to 100 in size. Additionally, in order to assure compliance with a specific requirement of the Implementing Recommendations of the 9/11 Commission Act of 2007 (Public Law 1110-53), surface inspectors completed assessments on several smaller agencies and numerous bus-only transit systems. The results of the security assessments inform development and implementation of security enhancement priorities, risk mitigation programs, and targeted resource allocations, most notably security grants. Of note, during the BASE assessments the TSA surface inspectors cite the most effective security practices developed and implemented by mass transit and passenger rail agencies. TSA has compiled these practices and contact information for the implementing agencies into a resource for dissemination throughout the mass transit and passenger rail community to inspire the consultations among security professionals that will foster broader adoption of effective security practices, adapted to the operating circumstances of other systems. This comprehensive effort achieves the strategic priority of elevating the security baseline, both generally and in particular agencies.

Measure: Number of rail inspections conducted per 1,000 inspector hours

Explanation:Compliance/Surface: This measure demonstrates the efficiency of inspection activities by quantifying the number of inspections conducted per 1,000 hours of inspection time. The number of inspections is generated by weighting the number of completed Station Profiles, Baseline Assessment for Security Enhancement (BASE) reviews (Mass Transit mode), and Security Action Item (SAI) reviews (Freight Rail mode). Weights have been assigned to these assessment types based on their general scopes. As inspection processes mature and become more standardized, it is expected that a greater number of inspections will be achieved per 1,000 hours of inspection time thus increasing efficiencies. It is important to note that surface transportation inspection processes and requirements are continually evolving and maturing and as a result may require adjustments to future targets.

Measure: Percentage of applicable passenger and mass transit rail systems having undergone a Security Directive review (rail)

Explanation:A Security Directive Review evaluates a passenger rail system's compliance with the Security Directives issued to passenger rail carriers by TSA in May 2004. Prior to Fall 2006, TSA Surface Transportation Security Inspectors conducted these reviews as independent actions. The Baseline Assessment for Security Enhancement (BASE) program, initiated fully as of November 2006, includes Security Directive Reviews in the comprehensive assessment of a passenger rail agency's posture in the Security and Emergency Management Action Items. The Security and Emergency Management Action items were jointly developed by TSA and the Federal Transit Administration in coordination with the mass transit and passenger rail community through the Mass Transit Sector Coordinating Council. A separate performance measure evaluates TSA's effectiveness in security enhancement by tracking annually the percentage of mass transit and passenger rail agencies that have fully implemented the Security and Emergency Management Action Items. The target for this measure is completion of Security Directive Reviews on 100% of covered passenger rail agencies by FY08. Systems reviewed in FY 06-08 will be revisited at a rate of 33% per year in FYs 09-12, unless the Security Directives are superseded by other regulatory action.

Measure: Number of high risk Pipeline corporate systems on which Pipeline Corporate Security Reviews will be conducted

Explanation:Together, the Nation's corporate pipeline systems define a mode of transportation with unique infrastructure security characteristics and requirements. Being corporate, accountability for the pipeline systems lies with their corporate directors, management and employees. Vast networks of pipelines traverse hundreds of thousands of miles to transport nearly all of the natural gas and about 65 percent of hazardous liquids, including crude and refined petroleum products consumed within the United States. Pipelines are an efficient and fundamentally safe means of transportation. However, pipelines also transport hydrocarbons that potentially can cause death and injury in the general public, and/or inflict damage to the environment. Most pipelines are privately owned and operated, and with rare exceptions, are buried underground. The pipeline industry's current security posture is based on voluntary guidelines that were developed, issued, and implemented based on a collaborative effort between the Federal Government and industry associations. TSA is assessing and elevating the security posture of the pipeline mode through the Pipeline Corporate Security Reviews (PCSRs). The focus of the PCSRs is on the high consequence (based on energy throughput) corporate pipelines, which carry approximately 84 percent of the nation's energy throughput. The objectives of an onsite security review are to develop first hand knowledge of security planning and execution at critical pipeline systems, establish communication with key pipeline security personnel, and identify and share smart practices. TSA's Pipeline Division conducts PCSRs in partnership with the pipeline systems staff. As industry wide security gaps are identified through the PCSR process, the TSA pipeline security division develops programs to address gaps throughout the pipeline industry.

Measure: Percent of highway infrastructure systems that have undergone a Corporate Security Review (CSR)

Explanation:TSA assesses security posture of state Departments of Transportation (DOT) and the District of Columbia through the Highway and Motor Carrier Corporate Security Review Program (CSR). Corporate Security Reviews (CSRs) are assessments that TSA conducts with organizations engaged in transportation by motor vehicle, and those that maintain or operate key physical assets/infrastructure/networks/systems within the highway transportation community. A CSR is referred to as a "corporate" security review because they started as reviews of non-governmental entities and because they are a systemic oversight of the entity's security disciplines and environment. As CSRs progressed to include State Departments of Transportation (DOT) reviews, they expanded to include security policies that apply to all of the offices, employees, organizations and structures that are controlled by that State DOT. For instance, in the state of Virginia there are more than 12,000 bridges that are under the control of the state's Department of Transportation for security oversight. With the exception of those bridges, highways and tunnels owned by private or quasi-private corporations, the State CSR project will, when completed, tell TSA what security measures and policies are in place at all highway structures in America. CSRs now include state, local, and tribal governments as well as private sector owners/operators. CSRs serve to evaluate and collect physical and operational preparedness information and critical asset and key point-of-contact lists; review emergency procedures and domain awareness training, and provide an opportunity to share industry best practices. The Highway and Motor Carrier Division CSRs are instructive in that they provide guidance to organizations and personnel about what may represent best practices that have been adopted by other state, local, and tribal governments, as well as private sector owners/operators. During a CSR, teams of TSA modal experts evaluate and collect physical and operational preparedness information, critical assets, key point-of-contact lists, review emergency procedures and domain awareness training, and provide an opportunity to share smart practices. The on-site voluntary reviews serve to establish data against which to evaluate minimum security standards and identify coverage gaps within states to reduce risk.

Is the program purpose clear?

Explanation: The purpose of TSA's Surface Transportation Security Program is to protect the Nation's transportation systems to ensure freedom of movement for people and commerce by reducing the risk that terrorist attacks will cause injury, loss of life, or destruction or disruption of the surface transportation system and consequently public fear and loss of confidence. TSA is responsible for securing surface modes of transportation, including passenger and freight rail, mass transit, maritime, highways, commercial vehicles, and pipelines, in partnership with other federal entities, state, local, and tribal governments, and the private sector. This capability also assures protection of the surface transportation system from security threats during other hazards, such as weather related events or other natural catastrophic events. Under the authority granted by Homeland Security Presidential Directive 7 (HSPD-7), the Department of Homeland Security (DHS) is designated as the Sector-Specific Agency (SSA) responsible for the identification, prioritization and protection of critical infrastructure and key resources in the Transportation Sector. DHS has assigned this responsibility to TSA and in turn, TSA has assigned the responsibility for leading the implementation of the Transportation Systems Sector-Specific Plan (TSSSP) to the Office of Transportation Sector Network Management (TSNM). TSNM leads TSA's Surface Transportation Security Program efforts, which focus primarily on planning, developing, and implementing strategic security solutions in conjunction with other responsible Federal, State, local, tribal, and private entities through processes established in the National Infrastructure Protection Plan (NIPP). TSNM Surface Transportation Security is organized into five modal divisions, which include Freight Rail, Mass Transit, Pipeline, Highway and Motor Carrier, and Maritime (for which the U.S. Coast Guard has the lead). TSA's surface transportation security activities include conducting compliance inspections, developing best practices and standards, assessing security vulnerabilities, establishing baseline data against which to evaluate minimum-security standards, and providing domain awareness training.

Evidence: ??Section 101(a) and 114(d) (2) of the Aviation and Transportation Security Act of 2001 ??FY2007 Congressional Justification ??Executive Order: Strengthening Surface Transportation Security, December 5, 2006 ??Homeland Security

Does the program address a specific and existing problem, interest, or need?

Explanation: The Surface Transportation Security Program addresses the problem of securing the Nation's surface transportation systems from risks posed by terrorists and supports coordination with security partners and other government agencies. TSA's surface transportation security activities include conducting compliance inspections, developing best practices and standards, assessing security vulnerabilities, establishing baseline data against which to evaluate minimum-security standards, and providing domain awareness training. The Surface Transportation Security Program focuses on the percentage of high risk threat, vulnerability, and consequences based on research to determine the areas of risk. Standard scores are assigned based on an analysis of the industries compliance with existing standards. Risk assessments are conducted to determine compliance with existing security-related standards, and plans to close security gaps are developed to mitigate risk and enhance security. Pursuant to the directives in the Executive Order: Strengthening Surface Transportation Security, this effort is a national priority. The task is complicated by multiple challenges, including the massive scale of the surface transportation systems, with thousands of assets and systems across the Nation, a diverse group of stakeholders that include Federal, State, local, tribal and the private sector, and the interconnected nature of the modes. The surface transportation system is an attractive target for terrorist attacks as evidenced by coordinated, near simultaneous attacks on passenger trains in Madrid in 2004, London in 2005 (which targeted a bus as well), and Mumbai in 2006, and attacks on pipeline infrastructure in Saudi Arabia and Iraq in 2006, thus emphasizing the vital importance of the Surface Transportation Security Program. TSA's Surface Transportation Security Program addresses this problem by coordinating with stakeholders at the Federal, State and local level, and industry owners and operators to ensure a consistent approach to preparation, prevention, response, and recovery.

Evidence: ??Transportation Systems Sector-Specific Plan Section ??Sector Government Coordinating Council Charter and member lists ??Sector Coordinating Council member lists

Is the program designed so that it is not redundant or duplicative of any other Federal, state, local or private effort?

Explanation: After 9/11, TSA was established under the Department of Transportation (DOT), prior to the creation of the Department of Homeland Security. As written in the Aviation and Transportation Security Act (ATSA), P.L. 107-71, TSA "shall be responsible for security in all modes of transportation." The Surface Transportation Security Program possesses a unique role with its primary responsibility to plan, develop, and implement strategic security solutions in conjunction with security stakeholders including Federal, State, local, tribal and private entities. While over 80 percent of surface transportation assets are privately owned, and other entities, such as DOT, have regulatory safety oversight over various surface modes, TSA is uniquely responsible for coordinating and ensuring the security of the entire surface transportation system. The Surface Transportation Security Program is designed to complement, rather than duplicate, the roles of security partners and stakeholders involved in surface transportation security efforts. This is achieved by collaborating and partnering with security stakeholders through mechanisms such as the Sector Coordinating Councils (SCC), Government Coordinating Councils (GCC), and Memoranda of Understanding (MOUs). Such mechanisms address jurisdictional issues surrounding transportation security and delineate respective roles and responsibilities. Because State and local entities are not national in scope, the role of TSA's Surface Transportation Security Program does not duplicate their efforts, but helps coordinate and enhance the effectiveness of their security activities. Critical elements of this effort include development of security action items, which are focused on mitigation of identified security gaps, assessment of implementation efforts, consolidation of results to identify trends and weaknesses, and dissemination smart security practices nationwide.

Evidence: ??Aviation and Transportation Security Act (PL 107-71) ??Homeland Security Act of 2002 (PL 107-296) ??Implementing Recommendations of the 9/11 Commission Act of 2007 (PL 110-53) ??Intelligence Reform and Terrorism Prevention Act of 2004 ??Homeland Security Presidential Directive 7, December 17, 2003 ??Government Coordinating Councils Charter and member lists ??Sector Coordinating Councils member lists ??DHS/DOT MOU, September 2004

Is the program design free of major flaws that would limit the program's effectiveness or efficiency?

Explanation: Since the Surface Transportation Security Program's inception, TSA has developed strategic plans, security policies, regulations, security action items, and smart security practices in a concerted effort to create and bolster effective partnerships having clearly delineated roles and responsibilities among Federal, State, local and private sector stakeholders in surface transportation security. While implementation of the Surface Transportation Security program is a continuous and evolving process, there is little evidence to suggest another program design or approach would be more efficient or effective in achieving the program's purpose.

Evidence: ??Transportation Systems-Specific-Security Plan and Modal Annexes ??National Strategy for Transportation Security ??Department of Homeland Security Appropriations Act 2005

Is the program design effectively targeted so that resources will address the program's purpose directly and will reach intended beneficiaries?

Explanation: The Surface Transportation Security Program is designed in a manner that ensures resources are being used directly and effectively to meet the program's purpose. The Program has developed the Transportation Systems Sector Specific Plans (TSSSP) is a comprehensive strategic plan with the specific roles and responsibilities of each mode's security partners. To ensure that resources and benefits will adequately reach the intended beneficiaries, TSA conducted an economic analysis of each Security Action Item (SAI) and regulatory project to determine the costs and benefits of each effort. The program ensures that the right beneficiaries are being targeted by allocating resources based on risk, and focusing on high risk assets and systems. The Surface Transportation Security Program also coordinates with security stakeholders using mechanisms such as the Sector Coordinating Counsel and Government Coordinating Council. Because the program develops national security policies and programs for the identification, prioritization and protection of critical infrastructure and key resources in the Transportation Sector, activities funded under the program cannot be provided by other state, local or Federal organizations. Finally, the structured review of the Transit Security Grant Program ensures that the Surface Transportation Security Program does not fund activities that would have otherwise been funded by other entities.

Evidence: ??National Infrastructure Protection Plan ??Transportation Systems Sector Specific Plan

Does the program have a limited number of specific long-term performance measures that focus on outcomes and meaningfully reflect the purpose of the program?

Explanation: The purpose of TSA's Surface Transportation Security Program is to protect the Nation's transportation systems to ensure freedom of movement for people and commerce by reducing the risk that terrorist attacks will cause injury, loss of life, or destroy or disrupt the surface transportation system and consequently increase public fear and loss of confidence. This capability also assures protection of the surface transportation system from security threats during other hazards, such as weather related events or other naturally occurring catastrophic events. TSA's Surface Transportation Security program has developed two long-term outcome performance measures: ??Percent reduction in risk from Toxic Inhalation Hazard bulk cargoes in rail transportation ??Percent of Mass Transit agencies that are in full compliance with industry agreed upon standards to improve security Because of regulatory differences and other factors unique to each mode, long-term measures were adopted for Rail and Mass Transit but not Highway, Maritime, or Pipeline. TSA is developing outcome measures for Highway, Maritime, and Pipeline under its PART Improvement Action items. Ongoing Program Improvement Plans: ??The Pipeline mode has completed a pipeline infrastructure study and identified the Nations highest risk pipeline systems and outlined the security mitigation initiatives that will address these risks. The mitigation initiatives and timelines for developing a risk reduction outcome measure can be found in the TSSSP pipeline modal implementation plan. ??Action items under TSA's PART Improvement plan include developing long term outcome measures for the Maritime and Highway Motor Carrier modes.

Evidence: ??Measures and Program Improvement Plan can be found in PartWeb (expectmore.gov) ??Future Years Homeland Security Program ??Internal management review documents

Does the program have ambitious targets and timeframes for its long-term measures?

Explanation: TSA's Surface Transportation Security program has established baselines and ambitious targets for all of its long-term measures.

Evidence: ??Measures and Program Improvement Plan can be found in PartWeb (expectmore.gov)

Does the program have a limited number of specific annual performance measures that can demonstrate progress toward achieving the program's long-term goals?

Explanation: TSA's Surface Transportation Security Program has annual performance measures, including one efficiency measure to support the long-term goal to reduce the risk to the surface transportation system. The PartWeb annual measures are: Annual/Efficiency - Number of rail inspections conducted per 1,000 inspector hours; Annual Output - Percentage of applicable passenger and mass transit rail systems having undergone a Security Directive review (rail); Annual Output - Percent of highway infrastructure systems that have undergone an initial or follow up Corporate Security Review (CSR); Annual Output - Number of high risk Pipeline corporate systems on which Pipeline Corporate Security Reviews will be conducted. Because TSA's mission is to reduce the risk of terrorist attacks, the "negative outcome" that many programs are designed to prevent has led to the development of proxy measures to assess the ongoing impact and effectiveness of this program. These proxy measures demonstrate progress towards the long term outcome of protecting the Nation's transportation system by measuring key activities employed by TSA to achieve its strategic and programmatic goals. For example, Rail Inspectors collect data from Freight Rail carriers to validate whether TIH rail cars are properly accounted for and monitored while in High Threat Urban Areas. This data is then factored into the formula used to calculate the percent reduction in risk from Toxic Inhalation Hazard bulk cargoes in rail transportation. In addition, Rail Inspectors also participate in Security Directive Reviews and assessments of Mass Transit systems, which then enables TSA to determine whether the Mass Transit Agencies are in compliance with security directives. Similarly, the Pipeline and Highway Corporate Security Reviews serve to evaluate and collect physical and operational preparedness information and other security data on key infrastructure systems and assets for their respective transportation modes. In turn, this data assists TSA in developing security policies, programs, and best practices which are then communicated to and shared with organizations including federal, state, local, and tribal governments and the private sector engaged in the pipeline and highway sectors. For Highway and Motor Carrier, TSA assesses the security posture of state Departments of Transportation (DOT) (and the District of Columbia) through the Highway and Motor Carrier Corporate Security Review Program (CSR). Corporate Security Reviews (CSRs) are also conducted with organizations in the private sector that are engaged in transportation by motor vehicle and those that maintain or operate key physical assets / infrastructure / networks / systems within the highway transportation community. TSA is assessing and elevating the security posture of the pipeline mode through the Pipeline Corporate Security Reviews (PCSRs). The focus of the PCSRs is on the high consequence corporate pipelines which carry approximately 84 percent of the nation's energy throughput. The objectives of an onsite security review are to develop first hand knowledge of security planning and execution at critical pipeline systems, establish communication with key pipeline security personnel, and identify and share smart practices. As industry wide security gaps are identified through the PCSR process, the TSA pipeline security division develops programs to address gaps throughout the pipeline industry.

Evidence: ??Measures and Program Improvement Plan can be found in PartWeb (expectmore.gov) ??Future Years Homeland Security Program ??Internal management review documents ??Measure change form for Highway Motor Carrier ??Measure change form for Pipeline

Does the program have baselines and ambitious targets for its annual measures?

Explanation: Partnering with modal Government Coordinating Councils and Sector Coordinating Councils, TSA's Surface Transportation Security program conducted risk assessments in 2006 and 2007 to determine compliance with existing security-related standards. Based upon these assessments, TSA's Surface Transportation Security program assigned risk, vulnerability and consequence scores and used them, along with program goals and objectives, to determine ambitious targets for each of its long-term measures.

Evidence: ??Measures and Program Improvement Plan can be found in PartWeb (expectmore.gov)

Do all partners (including grantees, sub-grantees, contractors, cost-sharing partners, and other government partners) commit to and work toward the annual and/or long-term goals of the program?

Explanation: Through the Government Coordinating Councils (GCC), TSA is working with its government stakeholder partners to jointly implement strategies and plans. In addition to TSA representation, membership on the overarching Transportation Sector GCC includes representatives from Infrastructure Protection and Preparedness Programs divisions of DHS, US Coast Guard, Custom and Border Patrol, Department of Energy, Department of Defense, Department of Transportation, American Association of State Highway and Transportation, and State Local Tribal Territorial GCC. There are corresponding modal GCCs for each of the six modes of surface transportation. Sector Coordinating Councils (SCC), which will formalize partnerships with the non-Federal security partners that account for more than 80 percent of the surface transportation assets, have been established in all five modes of the Transportation Sector.

Evidence: ??Transportation Systems Sector-Specific Plan (TSSSP) ??National Strategy for Transportation Security (NSTS) ??Annual Inspection Plan FY06 ??DHS/DOT MOU, September 2004 ??Government Coordinating Councils' Charter and member list ??Sector Coordinating Councils' member lists ??FY 2007 Transit Security Grant Program Guidance document.

Are independent evaluations of sufficient scope and quality conducted on a regular basis or as needed to support program improvements and evaluate effectiveness and relevance to the problem, interest, or need?

Explanation: The independent Government Accountability Office (GAO) and TSA's internal Office of Inspector General (OIG) have initiated 17 unbiased, independent evaluations of TSA's Surface Programs; over 75% are of these audits are currently in progress with no final findings reported. The 2007 Homeland Security Progress Report included evaluations of the effectiveness and relevance of our programs for surface programs. The audits that have completed a program review include the Passenger Rail Security audit (GAO 2005). In this report, GAO identified the actions taken by the Department of Homeland Security (DHS) agencies to assess risks posed by terrorism in the context of prevailing risk management principles. To accomplish this, GAO interviewed officials from, TSA's Office of Intermodal Security Programs, Office of Transportation Security Policy, Transportation Security, Intelligence Service, and the Chief Operating Officer. They also interviewed officials from the Office of State and Local Government Coordination and Preparedness (SLGCP), the Information Analysis and Infrastructure Protection Directorate, the Border and Transportation Security Directorate, the Office of Inspector General, the Department of Transportation and Amtrak. GAO also reviewed federal agency plans such as the DHS Interim National Infrastructure Protection Plan, and obtained and reviewed various risk-related assessments conducted by federal agencies, including the vulnerability assessments of rail transit systems conducted by FTA, TSA threat assessments of mass transit and rail and criticality assessments of passenger rail assets, and a passenger rail risk assessment tool kit developed by SLGCP. Further, they conducted a site visit to the Port Authority of New York and New Jersey and interviewed officials to discuss the results of an SLGCP risk assessment conducted at that location. This audit addressed 1) DHS actions to assess the risks to the U.S. passenger rail system in the context of prevailing risk management principles, 2) federal actions taken to enhance the security of the U.S. passenger rail system, and 3) security practices that domestic and selected foreign passenger rail operators have implemented. GAO issued recommendations including: develop security standards that reflect industry best practices; set timelines for completing the modal memoranda of understanding for rail, mass transit, and research and development. To date TSA has taken action on these recommendations by developing security standards and setting timelines. DHS Efforts to Eliminate Redundant Background Check Investigations (2007) - As required by the Security and Accountability for Every Port Act (2006), GAO conducted a study of those DHS background check programs similar to the one required of truck drivers to obtain a hazardous material endorsement (HME). For this study GAO examined DHS background check programs to identify potential redundancies, and inconsistencies, if any, connected with these programs, and actions, if any, DHS is taking or planning to coordinate its background check programs. Homeland Security Progress Report, GAO (2007) - This report evaluates DHS's progress, over the past 4 years, across 14 mission and management areas and key themes that have affected DHS's implementation efforts.

Evidence: ??The TSNM GAO/ DHS IG reports spreadsheet ??GAO Report 05-851 - "Passenger Rail Security"

Are Budget requests explicitly tied to accomplishment of the annual and long-term performance goals, and are the resource needs presented in a complete and transparent manner in the program's budget?

Explanation: The TSA Surface Transportation Security Program's annual and long-term performance goals are integrated in budget requests and demonstrate how program performance would be impacted if funding levels changed. The TSA Surface Transportation Security Program has developed an organization business plan that links its multi-year Strategic Plan and Annual Performance Plan goals with budget formulation and resource allocation, performance management and management and operational decisions. This approach provides maximum individual and organizational responsibility and accountability, and ultimately ensures annual performance goals are met. The program's Congressional Justification also includes all direct and indirect costs needed to meet performance targets.

Evidence: ??TSA Annual Budget Requests ??TSNM's organization business plan ??TSNM's Annual Executive Performance Plans ??FY09 Congressional Justification ??TSNM's spend plan example - Maritime Division ??DHS Integrated Planning Document

Has the program taken meaningful steps to correct its strategic planning deficiencies?

Explanation: The National Strategy for Transportation Security (NSTS) and the Transportation Systems Sector-Specific Plan (TSSSP) contain security plans for the five surface transportation modes. TSA Surface Transportation Security Program has developed a comprehensive strategic plan for surface transportation that includes specific actions and milestones, quantitatively defines the cost and benefits of securing the surface transportation system, and outlines the specific roles and responsibilities of each security partner in the TSSSP and modal annexes. As part of the PART program improvement plan, TSA's Surface Transportation Security program created two measures for Mass Transit and Freight Rail. Mass Transit's long-term measure assesses security posture in comprehensive Security and Emergency Management Action Items, including security plans, training, exercises, random/unpredictable deterrence, protection of high risk assets and systems, public awareness, and other specific security areas. Freight Rail's long-term measure demonstrates progress toward the goal of reducing the TIH risk by reducing the number of hours that Toxic Inhalation Hazard (TIH) railcars spend in High Threat Urban Areas. TSA's Surface Transportation Security Program is developing two long-term performance measures for pipeline and highway. By the end of FY 2008, TSA Surface Transportation Security Program will create a timeline and project plan for developing a long-term risk reduction outcome measure for the pipeline mode. Pipelines will provide a completed pipeline infrastructure study to identify the highest risk systems of the nation and outline the security mitigation initiatives TSA will undertake to address these risks. The Highway mode is developing multiple long-term measures addressing the areas of highest risk, including: security threat assessments of commercial driver's license holders by looking at the percentage of who has a CDL license divided by who has not had a CDL license; over-the-road bus security measures including mandatory security plans; vulnerability assessments and training and exercise programs; and the percentage of security sensitive materials (SSM) shipments transported by motor carriers that have adopted the voluntary security action items and that are included in the SSM shipment tracking program.

Evidence: ??Government Coordinating Council Charter, member lists and meeting minutes ??Sector Coordinating Council Member Lists ??FY 2008 TSA Congressional Justification ??Measures and Program Improvement Plan can be found in PartWeb (expectmore.gov) ??Secretary Priorities Tracker

Does the agency regularly collect timely and credible performance information, including information from key program partners, and use it to manage the program and improve performance?

Explanation: TSA collects timely and credible data from a number of sources. Mode specific examples : ??TSNM's Highway and Motor Carrier Division initiated the Commercial Driver's License (CDL) Hazardous Materials Endorsement (HME) Security Threat Assessment program. Additional security program and resource focus is the development of an assessment program on the non-HME CDL holders against the terrorist watch lists. ??Mass Transit - TSA collects security data through BASE assessments in Transit and Passenger Rail to evaluate the development and implementation of security and emergency management plans, protective measures, and supporting programs. BASE reviews have been completed for 46 of the 50 largest transit agencies in the nation. The reviews provide TSA with essential data to develop and implement effective programs and resource allocations for security enhancement. ??Freight Rail measure directly measures the risk posed by the highest risk railcars in the freight rail system - unattended, loaded, Toxic Inhalation Hazard (TIH) railcars. This measurement directly benefits freight railroad carriers by identifying specific areas with the highest risk scores within their systems, allowing the carrier to efficiently target resources at the greatest risk. Additionally, TSNM's Freight Rail Division uses field inspectors to collect, validate and assess performance based information in support of program development and implementation. Through inspections, Surface Transportation Security Inspectors (STSI) collect information showing the attended status (whether cars transporting TIH materials are attended or left unattended) and the population density factor near these shipments. This information enables the program office to objectively measure the reduction in the risk associated with the rail transportation of TIH materials. Based on the input from the STSIs, the program office recommends carriers implement certain security measures to reduce the risk posed by the transportation of TIH materials. ??The Pipeline mode has completed a pipeline infrastructure study and identified the Nation's highest risk pipeline systems and outlined the security mitigation initiatives that will address these risks.

Evidence: ??National Infrastructure Protection Plan ??Transportation Systems Sector Specific Plan ??Security and Emergency Management Action Items for Mass Transit and Passenger Rail ??Recommended Protective Measure for HSAS Threat Levels for Mass Transit and Passenger Rail ??Freight Rail Security Action Items

Are Federal managers and program partners (including grantees, sub-grantees, contractors, cost-sharing partners, and other government partners) held accountable for cost, schedule and performance results?

Explanation: TSA Project Managers are given the authority to make decisions on scope of work, capital investment and performance acceptability decisions, and are responsible for documenting and reporting on the accomplishment of program objectives or production requirements through the acquisition of in-house, contract or reimbursable support resources. TSA Acquisition Program Status Report (TAPSR) is an electronic system which captures this information on a quarterly basis. The information captured includes contract information relating to key decision points (KDP), deployment dates, as well as the Program Manager's Assessment of six areas: financial; schedule; technical performance; documentation; contract status and overall assessment. The Program Manager must select a red, yellow, or green tag for each field and provide an explanation and planned resolution for any yellow or red areas. Following the Program Manager's report the Assistant Administrator (responsible for managing the program) and Acquisitions view the TAPSR. An option to comment is available, and then the AA and Acquisitions initial and date the TAPSR. TSA's executives are given performance evaluations whereby criteria are clearly defined with quanitifiable targets. Each executive has a performance plan with at least five employee specific performance objectives that represent the key measureable expectations to be met by the executive.

Evidence: ??TSA Management Directive No. 300.8 ??TSNM Annual Executive performance plans ??TSA Acquisition Program Status Reporting (TAPSR) report

Are funds (Federal and partners') obligated in a timely manner, spent for the intended purpose and accurately reported?

Explanation: The Surface programs within TSA's Transportation Sector Network Management Division develop annual fiscal year spend plans that are used to obligate funding in a timely manner. Program funding may be monitored daily, weekly, and/or monthly by program and budget analyst by accessing TSA's financial reports. The reports are analyzed and compared to program's internal cuff records for accuracy and status of the programs funding to ensure funds are being obligated in a timely manner and to assure funds are being spent for the intended purposes. The financial reports also include expenditure data that is compared to actual invoices for accuracy and analyzed to assist with cost projections for the budget formulation process. The Surface programs obligated 95% of the funds within the first year of appropriation in FY07.

Evidence: ??TSNM's spend plan example - Maritime Division 2007 ??TSNM Weekly State of Funds Report

Does the program have procedures (e.g. competitive sourcing/cost comparisons, IT improvements, appropriate incentives) to measure and achieve efficiencies and cost effectiveness in program execution?

Explanation: The Surface program has an efficiency measure with baselines and targets, which measures the number of inspections conducted per 1,000 inspector hours. The number of inspections is generated by weighting the number of completed Station Profiles, Baseline Assessment for Security Enhancement (BASE) reviews (transit), and Security Action Item (SAI) reviews (freight). The weights assigned to these assessment types are based on their general scope. For example, one Baseline Assessment and Security Enhancement (BASE) inspection is very in-depth and time consuming compared to a Station Profile, which takes much less time to complete. Having a greater number of inspections completed within a certain timeframe allows TSA to more quickly gather the necessary field data that is required to inform TSA policy decisions and to support and inform national level agency programs including the Toxic Inhalation Hazard (TIH) risk reduction measure in freight rail and the BASE measure in passenger and transit rail. Additionally, completing inspections more efficiently allows for a greater number of inspections to be completed, thus increasing the amount of information available to policy makers, allowing for more targeted and informed decisions. Use of this measure allows program managers to monitor cost effectiveness by measuring the efficiency of inspection activities. Because surface transportation inspection processes and requirements are continually evolving and maturing, this measure allows program managers to determine how these changes affect the efficiencies of the program. Because increasing the number of inspections performed gives TSA a better understanding of the security posture of the freight and passenger rail systems, OSO's rail inspectors' annual efficiency measure measures the amount of inspections done per 1000 inspector hours. In FY06, the Surface Inspector Program completed 10.6 inspections per 1,000 hours. In FY 07, the Surface Inspector Program reached its 2007 program goal of 53.4 inspections per 1000 inspector hour. The Surface Inspector Program was able to achieve this improvement because FY06 was a baseline year during which the assessment/inspection processes was developed. Contracting Officers currently facilitate Integrated Product Team (IPT) development and integration to ensure TSA requirements are accurate and complete, that they are communicated to industry in a way that maximizes performance and value. Acquisition personnel work with program offices/program managers to build competition through competitive sourcing, and to build socioeconomic considerations into TSA acquisition strategies to provide a fair opportunity for all types of businesses and to ensure the Government receives the best value.

Evidence: ??TSNM Annual Executive performance plans ??TSA Acquisition Program Status Reporting report

Does the program collaborate and coordinate effectively with related programs?

Explanation: The Surface Transportation Security Program actively collaborates and coordinates with Federal, state, local government stakeholders and private security partners. Many of the projects are planned and executed jointly and result in lessons learned for future planning efforts and decisions on how to allocate resources. For example, TSA is procuring radiation detection devices and supplying them to the Charleston Harbor coalition for deployment and use by state, local and private sector entities in conjunction with the U.S. Coast Guard (USCG). This project is led by the Department of Justice and partially funded by the Office of Domestic Preparedness at DHS, and supported by the Domestic Nuclear Detection Office. Another example is the high threat urban area rail corridor assessments where TSA works closely with the Department of Transportation, DHS and state and local entities as well as private railroads to mitigate risk from the transportation of toxic inhalation hazard shipments through densely populated areas. To advance development of the national exercise program for the mass transit and passenger rail mode required by the 9/11 Act, Transportation Security Network Management (TSNM) is working with the four major mass transit and passenger rail agencies in the National Capital Region. The objective is to produce a model readily adaptable to the operating circumstances of mass transit and passenger rail agencies across the nation. Another prime example is the routine coordination between TSNM Maritime and USCG to conduct passenger screening pilot with the major ferry systems, to organize transportation security exercises, and to analyze and monitor risk assessments of the port structure.

Evidence: ??TIH Vulnerability Assessments ??Implementation Surveys for TIH Risk Reduction Program ??PortSTEP/I-STEP Document ??SEACAP Document

Does the program use strong financial management practices?

Explanation: TSA has significantly improved its financial management practices through a number of initiatives in recent years. TSA has delegated funds certification directly to the Assistant Administrator of each organization for increased accountability; fund allocations are provided at the management unit levels versus the Program/Project/Activity level; eliminated old accounting codes to decrease likelihood of miscoding; institutionalized funds control to provide warnings of low account balances; reduced carryover funds by 50% in 2007 vs. 2006; and TSA had issued annual spend plans for fiscal year (FY) 2008 in August 2007 -- four months earlier than the previous FY. Changes to TSA's financial and management control program have strengthened its ability to provide decision makers with reliable information that complies with federal accounting standards In 2007, TSA received a "qualified opinion" on its 2007 Financial Management Audit indicating that no material weaknesses exist.

Evidence: ??TSA FY 2007 Financial Management Audit ??TSA Management Control Policy Statement ??TSA MD 3100.3 Management Control Program ??TSA MD 3100.3.1 Management Control Council

Has the program taken meaningful steps to address its management deficiencies?

Explanation: TSA has developed and implemented a Mission Action Plan to correct material weaknesses, and anticipates that remediation will be reflected in the FY 2008 financial audit. As part of TSA's effort to properly account for funds and improve financial record accuracy, programs are conducting quarterly reviews and validation of past obligations.

Evidence: ??Monthly Management Reviews ??Management Controls Documents (by mode)

Has the program demonstrated adequate progress in achieving its long-term performance goals?

Explanation: TSA's Surface Transportation Security Program has implemented two new long-term performance measures. In FY 2007, both measures were in their baseline year and data collection efforts were in the beginning stages. Results from the baseline effort were used to establish targets for both measures in FY 2008. Quarterly results and progress for FY 08 for each measure is presented below ??The Surface Transportation Security Program is on target to meet the end of calendar year 2008 performance goal of 50% for the long-term measure "percent reduction in risk from Toxic Inhalation Hazard bulk cargoes in rail transportation." Objectively measured risk reduction by rail carriers at end of calendar year 2007 is 44.4%. ??The Surface Transportation Security Program is on target to meet and possibly exceed the 2008 performance goal for the long-term measure "percent of Mass Transit agencies that are in full compliance with industry agreed upon standards to improve security." The percent of mass transit agencies that are in full compliance with industry agreed upon standards to improve security for the 1st quarter of FY08 is 11%, with a 2008 goal of 30%.

Evidence: ??Measures and Program Improvement Plan can be found in PartWeb (expectmore.gov) ??Future Years Homeland Security Program ??Internal management review documents

Does the program (including program partners) achieve its annual performance goals?

Explanation: TSA's Surface Transportation Security program has annual performance measures to support the long-term goal to reduce the risk to the surface transportation system. The Part annual measures are: ?? The Surface Transportation Security Program met its 2007 performance goal of 72 percent for the annual measure "percentage of applicable passenger and mass transit rail systems having undergone a Security Directive Review." ?? The Surface Transportation Security Program exceeded its 2006 annual performance goal of 20 percent for the annual measure "percentage of high risk corporate systems on which Corporate Security Reviews have been conducted." In 2007, the annual target for this measure was to complete Corporate Security Reviews on 100 percent of high risk corporate systems. In numerical terms, the target was 16 combined Corporate Security Reviews (CSR) for high risk corporate transportation systems. This target is allocated between the Pipeline Division (target of 12) and the Highway Motor Carrier (HMC) Division (target of 4 at the state level). For 2007, a total of 14 CSRs were completed (13 by Pipeline Division and 1 by HMC) or 87.5% of high risk corporate systems had a CSR completed. The HMC also completed a CSR for the District of Columbia but that CSR is not included in the reported results because of the data source definition for this measure only included CSRs for state level DOTs. As a result, the target for this performance measure was missed by only one CSR.

Evidence: ??Measures and Program Improvement Plan can be found in PartWeb (expectmore.gov) ??Future Year Homeland Security Program

Does the program demonstrate improved efficiencies or cost effectiveness in achieving program goals each year?

Explanation: The Surface program has an efficiency measure with baselines and targets, which measures the number of inspections conducted per 1,000 inspector hours. In FY06, the Surface Inspector Program completed 10.6 inspections per 1,000 hours. In FY 07, the Surface Inspector Program reached its 2007 program goal of 53.4 inspections per 1000 inspector hour The Surface Inspector Program was able to achieve this improvement because FY06 was a baseline year during which the assessment/inspection processes was developed. Having a greater number of inspections completed within a certain timeframe allows TSA to more quickly gather the necessary field data that is required to inform TSA policy decisions and to support and inform national level agency programs including the Toxic Inhalation Hazard (TIH) risk reduction measure in freight rail and the BASE measure in passenger and transit rail. Additionally, completing inspections more efficiently allows for a greater number of inspections to be completed, thus increasing the amount of information available to policy makers, allowing for more targeted and informed decisions.

Evidence: ??Measures and Program Improvement Plan can be found in PartWeb (expectmore.gov)

Does the performance of this program compare favorably to other programs, including government, private, etc., with similar purpose and goals?

Explanation: TSA performs a unique function of coordinating the security of a complex, dynamic heterogeneous transportation network comprised of U.S. federal, state, local, quasi-governmental, tribal and private entities. Because only the Surface Transportation Security Program develops national security policies and programs for the identification, prioritization and protection of critical infrastructure and key resources across all surface modes in the Transportation Sector, the performance of this program cannot be compared to other domestic government or private programs. No comparative evaluations to other international programs have been conducted or planned. However, through participation in various international forums TSA has learned that although international agencies employ similar types of security enhancement activities, TSA's surface transportation security effort advances a much more integrated approach across all surface transportation modes, through expanded operational activities (random, unpredictable deterrence), creating stakeholder partnerships, building security force multipliers (training, exercises, public awareness activities), and developing security technologies.

Evidence: ??The frequent visits and inquiries from our foreign counterparts

Do independent evaluations of sufficient scope and quality indicate that the program is effective and achieving results?

Explanation: : The Government Accountability Office (GAO) and TSA's Office of Inspector General (OIG) have initiated 17 independent evaluations of the TSA's Surface Programs; over 75% are currently in process with no final findings reported. GAO's 2007 Homeland Security Progress Report audit rated the progress TSA has made in the area of surface transportation security as moderate. Specifically, GAO found that TSA has placed additional focus on securing surface modes of transportation, including establishing security standards and conducting assessments and inspections of surface transportation modes such as passenger and freight rail. In its mission areas, the GAO found that TSA made progress in: ??Establishing security standards and conducting assessments and inspections of surface transportation modes; ??Developing programs for collecting information on incoming ships and working with the private sector to improve and validate supply chain security; ??Identifying and assessing critical infrastructure threats and vulnerabilities; ??Performing Corporate Security Reviews in various modes; ??Issuing "Pipeline Security Smart Practices" to the pipeline industry in an effort to assist them in their security planning and implementation. GAO also found that TSA has begun to assess risks to the passenger rail system and has completed an overall threat assessment for both mass transit and passenger and freight rail modes. GAO found that until all three assessments of passenger rail systems??threat, criticality, and vulnerability??have been completed, and until TSA determines how to use the results of these assessments to analyze and characterize the level of risk (high, medium, or low), it will be difficult to prioritize passenger rail assets and guide investment decisions about protecting them. GAO commended the steps TSA has taken to develop a strategic approach for securing mass transit, passenger and freight rail, commercial vehicles, and highways and conduct threat, criticality, and vulnerability assessments of surface transportation assets, particularly passenger and freight rail.

Evidence: ??The TSNM GAO/DHS IG reports spreadsheet ??TSA letter to Bennie Thompson