Audit: TSA has security æholeÆ
The Transportation Security Administration has a hole in its air cargo security regime when it comes to ground transport and handling of shipments before and after they fly on passenger aircraft, according to a November report by the Department of Homeland Security's Inspector General.
But the TSA addressed most of the issues raised between the time the audit was conducted and when it was publicly released, according to an agency official.
'The agency's inspection process has not been effective in ensuring that requirements for securing air cargo during ground transportation are understood or followed,' the report said. 'The inspection process has focused on quantity rather than outcomes and ensuring corrective actions. Automated tools to assist inspectors in analyzing results and focusing their oversight efforts on high-risk areas in air cargo security were not adequate. As a result, air cargo is vulnerable to the introduction of explosives and other destructive items before it is loaded onto planes, potentially creating risks for the traveling public.'
TSA's 435-strong cargo inspection force is familiar with the ground handling vulnerabilities, but has not improved compliance or industry awareness of the requirements, the audit said. During the first nine months of fiscal year 2008, 30 percent of 7,767 cargo inspections unearthed air cargo security violations, including 254 related to lack of access controls for cargo storage areas, 731 cases of airline or freight forwarder employees with unescorted access to cargo who do not have required background checks, and 1,655 cases of workers who did not take or pass an initial or annual security exam.
Investigators found that regulated industry personnel, such as truck drivers, sometimes accessed, handled or transported air cargo without required background checks or training. Nearly a quarter of the 104 drivers reviewed did not meet the required training and testing requirements.
Investigators said they observed similar problems. On several occasions they were able to wander into airline or indirect air carrier facilities through unlocked doors without being challenged. They also identified a truck driver who had never applied for a security threat assessment but had handled air cargo for a year and a half. He displayed an employee identification card that had his photo but a co-worker's name on it in lieu of the required approval document or ID card from another security program with equivalent status.
TSA programs do not make sure regulated companies verify the identification of personnel seeking a background check, the IG's Office said. The security training and testing violations occurred in part because companies were unaware of the requirements to have supporting documentation available upon TSA request, but TSA inspectors said they had limited time for educating regulated entities.
The IG faulted TSA's inspection process for repeatedly not ensuring compliance and awareness of air cargo security requirements during the past three years. And it said inspections are not targeted at high-risk entities. Instead, all entities receive a comprehensive annual inspection, and inspectors must complete a minimum of 29 inspections per quarter. The effectiveness of inspections was also compromised by a poor database that lacks functionality and reliability to track previous inspections, pull up company addresses, produce analytical reports or perform other tasks, the IG said. TSA also does not provide more than cursory training for inspectors on how to use the database. Inspectors are not able to use handheld devices in the field to access the database, crosscheck regulations and complete reports because the agency discarded $259,000 worth of handhelds because of data security concerns.
Among the IG's recommendations are that TSA:
' Focus more on alerting regulated entities to breaches in their controls for restricting unauthorized persons on their property or cargo security areas.
' Require entities to maintain copies of documents reviewed to verify the identity of an applicant for a security threat assessment, and require TSA's Office of Transportation Threat Assessment and Credentialing to vet applicants.
' Provide more specific guidance to companies about training and testing requirements.
' Change inspection protocols to emphasize reviews of companies with a track record of problems or that pose higher risk of violations.
' Provide better training to inspectors on how to use the inspection database.
' Provide inspectors with automated tools to make inspections more efficient.
The TSA in its response said it planned to increase checks of access controls during site visits, develop standardized training and testing, develop a risk-based approach to inspection decisions and take other corrective actions.
The findings have special significance for TSA's year-old Certified Cargo Screening Program because the premise underlying the ability of trusted manufacturers, distributors and logistics providers to screen their own cargo in advance of airport arrival is that the pre-screened cargo moves through a secure chain of custody, including the use of trucking companies that follow the secure handling requirements of forwarders and airlines.
A TSA official said most of the issues raised in the report were addressed early last year with several program updates, and that procedures have been elevated even more with the launch of the CCSP.
The agency also is testing an electronically serialized locking mechanism to be used as a tamper-evident seal by Certified Cargo Screening Facilities to help ensure security of screened cargo during ground transport, according to the report. The device is equipped with programmable serial numbers and tracking capability.
The Airforwarders Association said in a statement that its members have often complained about the lack of information and clarity from inspectors during site visits and that it was pleased TSA is taking steps to improve communication with the industry.
Executive Director Brandon Fried told Americans the concerns about some instances of porous access in the report are legitimate, but that the industry should also be recognized for coming a long way over the years when it comes to security.
'Security is not only something that we abide by every day, it's cultural. It's now inbred in the fabric of virtually every IAC out there. But, obviously, it (the report) keeps us on our toes.'
Fried said the key is to increase educational awareness.
'What we would appreciate from TSA is a determination as to what are the most common infractions and then focus educational efforts to alleviate them,' he said.