Summary: In 2004, an estimated 23 billion pounds of air cargo was transported within the United States, about a quarter of which was transported on passenger aircraft. Within the Department of Homeland Security (DHS), the Transportation Security Administration (TSA) is responsible for ensuring the security of commercial aviation, including the transportation of cargo by air. To evaluate the status of TSA's efforts to secure domestic air cargo, GAO examined (1) the extent to which TSA used a risk management approach to guide decisions on securing air cargo, (2) the actions TSA has taken to ensure the security of air cargo and the factors that may limit their effectiveness, and (3) TSA's plans for enhancing air cargo security and the challenges TSA and industry stakeholders face in implementing these plans.
TSA has taken initial steps toward applying a risk-based management approach to address air cargo security. A risk-based management approach entails a continuous process of managing risk through a series of actions, including setting strategic goals and objectives and assessing risk through the identification and evaluation of threats, vulnerabilities, and critical assets. In November 2003, TSA completed an air cargo strategic plan that outlined a threat-based, risk management approach to secure the air cargo system by, among other things, targeting elevated risk cargo for inspection. TSA also completed an updated threat assessment in April 2005. However, TSA has not yet established a methodology and schedule for completing assessments of air cargo vulnerabilities and critical assets--two crucial elements of a risk-based management approach without which TSA may not be able to appropriately focus its resources on the most critical security needs. TSA has taken a number of actions intended to strengthen air cargo security, but factors exist that may limit their effectiveness. For example, TSA established a centralized database on people and businesses that routinely ship air cargo to improve information on known shippers. However, we identified problems with the reliability of the information in the database, and how TSA is using the information to identify shippers who may pose a risk. TSA has also established requirements for air carriers to randomly inspect air cargo, but has exempted some cargo from inspection, potentially creating security weaknesses. Further, TSA conducts audits of air carriers and indirect air carriers to ensure that they are complying with existing air cargo security requirements. However, TSA has not developed measures to assess the adequacy of air carrier and indirect air carrier compliance, systematically analyzed these audit results to target future inspections, or assessed the effectiveness of its enforcement actions to ensure compliance with air cargo security requirements. TSA's plans for enhancing air cargo security focus on implementing a system for targeting and inspecting elevated risk cargo, and requiring air carriers to conduct security threat assessments on thousands of cargo workers, among other efforts. However, these plans may pose financial, operational, and technological challenges to the agency and air cargo industry stakeholders. For example, stakeholders are concerned, and our analysis identified, that TSA may have underestimated the cost of its proposed measures.