Not Safe Enough: Fixing Transportation Security

In August 2006, British authorities announced that they had uncovered a plot in which liquid explosives would be used to destroy airliners en route from England to the United States. When the U.S. Transportation Security Administration (TSA) responded by banning all liquids and gels from passenger aircraft cabins, it was widely reported that such action was necessary because existing screening equipment could not detect the kind of explosives involved in the plot. This is perhaps understandable, given the daunting technological challenge of developing detectors that are not only sensitive enough to identify explosives from among the wide array of liquids routinely carried on aircraft, but also compact and affordable enough to be widely deployed and quick enough to not unduly impede passenger flow.

But this response comes 11 years after the similar Bojinka plot (a plan to bomb 12 U.S.-registered aircraft flying across the Pacific) was foiled in 1995, five years after the 9/11 hijackings that produced unprecedented attention and funding for aviation security, and two years after the 2004 law that sought to implement the National Commission on Terrorist Attacks Upon the United States’ (9/11 Commission’s) recommendation to prioritize the development and deployment of effective checkpoint explosives detectors. By itself, this is sobering, but when taken together with widespread evidence that such limited progress is the rule rather than the exception across all transportation security programs, a fundamental reassessment is in order about how the United States is approaching this issue.

Although customs agents or checkpoint screeners are often the focus of published reports on security lapses, the shortcomings in the current system do not rest primarily with the front-line personnel charged with implementing transportation security. Rather, the problem is that the Bush administration and Congress have failed to adequately address the key, big-picture questions about the management, funding, accountability, and, above all, priorities for the emerging transportation security system. Although progress in bolstering transportation security has been made since 9/11, additional action is needed to remedy continuing deficiencies.

Before September 11, 2001, U.S. transportation security was limited in extent and purpose. Transit police and subway surveillance cameras sought to deter or detect criminal activity. Customs agents at ports looked for smugglers. In aviation, the only sector that had received significant security policy attention and resources from the federal government, the emphasis was overwhelmingly directed overseas. The events of 9/11 altered all of that. The federal government responded with a flurry of initiatives, including:

• The Aviation and Transportation Security Act of 2001, which created TSA to be responsible for the security of all transportation modes and established deadlines for the implementation of specific aviation security measures.
• The Maritime Transportation Security Act of 2002, which set security guidelines for ports and ships.
• The Homeland Security Act of 2002, which established the Department of Homeland Security (DHS) by combining 22 federal agencies, including TSA, the Coast Guard, the Customs Service, and the Federal Emergency Management Agency (FEMA).
• The Intelligence Reform and Terrorism Prevention Act of 2004, which turned many of the 9/11 Commission’s recommendations, including those relating to transportation security, into statutory mandates.

The expanded policy attention was accompanied by a substantial rise in federal funding for transportation security, which increased from well under $200 million in fiscal year (FY) 2001 (almost all of which went for aviation security) to more than $8.5 billion in FY 2006, with 70% devoted to aviation.

As a result, improvements have been made in many areas of transportation security during the past five years. Passenger aircraft are much less vulnerable to another 9/11-style of attack. More air and sea cargo is being scrutinized in some fashion. More attention has been given to vulnerability assessments of the nation’s transportation infrastructure and to security training for law enforcement and transportation workers. Above all, there is greater awareness of the terrorist threat. But major questions remain about the effectiveness of all elements of the new system.

The Heritage Foundation and the Center for Strategic and International Studies jointly reported that DHS “is weighed down with bureaucratic layers, is rife with turf warfare, and lacks a structure for strategic thinking and policymaking.” According to a 2005 survey of homeland security officials and independent experts, “the department remains under financed and understaffed, and suffers from weak leadership.” The 9/11 Commission found that “The current efforts do not yet reflect a forward-looking strategic plan systematically analyzing assets, risks, costs, and benefits.” The successor to the 9/11 Commission, the 9/11 Public Discourse Project (PDP), reported that, as of December 2005, progress in implementing the commission’s transportation security recommendations rated a “C” for airport checkpoint screening for explosives; a “C–” for the National Strategy for Transportation Security, a “D” for checked bag and cargo screening, and an “F” for airline passenger prescreening.

Aviation security

Among the layers of aviation security, TSA’s intelligence division is now more relevant to its agency leadership and decisionmaking process than was its predecessor within the Federation Aviation Administration, but although it is twice as large as its predecessor, it remains significantly understaffed, and its agents are now spread much more thinly, with responsibilities for all transportation modes, not just aviation.

Progress has been reported in airport perimeter security through a reduction in airport access points, an increase in surveillance of individuals and vehicles entering airports, and some improvement in airport-employee background checks. However, little has changed in the old system’s divided responsibilities for access control, with the federal government, airport authorities, and to a lesser extent the airlines all having a role.

The number of names currently on the “no-fly” list used to prevent known or suspected terrorists from boarding commercial aircraft and the “automatic selectee” list that subjects them to additional security scrutiny is now much larger than before 9/11. However, administrative problems and the intelligence community’s concern about sharing sometimes highly classified names with the private airlines that still implement these programs have resulted in many of those identified in the government’s consolidated terrorist watch list still not appearing on either aviation security list.

The pre-screening system in use today is largely the same as the one that selected 10 of the hijackers on 9/11, with the added consequence of subjecting the selectee to a search of their person and carry-on bags. Testing of the follow-on program, called Secure Flight, has progressed very slowly. Privacy groups remain concerned about the program’s potential, describing it at a hearing of a DHS advisory panel on privacy rights as “an unprecedented government role, designating citizens as suspect” and criticizing TSA for being “incredibly resistant” to providing the public with necessary information. In September 2006, Congress reported that passenger names were still not being checked against the full terrorist watch list and cut funding for Secure Flight by more than 50%.

Problems have persisted in screening of passengers and checked bags, which have received by far the most post9/11 policy attention and funding. The current federalized checkpoint screening workforce is more numerous, better paid, more experienced, and better trained than its pre9/11 private-contractor counterpart. But a series of reports by the DHS inspector general have documented continuing poor performance.

By the latter part of 2003, all checked bags were being screened for explosives, compared to just 5% before 9/11; but because of shortages of equipment and screener personnel, some of the screening is being done with canine bomb-sniffing teams and manual bag searches rather than explosive-detection equipment. There are continuing concerns about the capabilities of existing explosives-detection equipment and about placing the machines in airport lobbies rather than integrating them with baggage conveyor systems, which offers both operational and security benefits. TSA has indicated that under current funding levels, this “optimal” baggage screening system will not be fully deployed until 2024.

The onboard security layers underwent the most immediate transformation after 9/11. U.S. airlines and international airlines flying to the United States were required to install reinforced cockpit doors. The “Common Strategy” training program for flight crews (which as of 9/11 had called for accommodation with hijackers) was revised to take into account the 9/11 tactics. The number of federal air marshals was increased dramatically, and agents are now assigned to domestic as well as international flights.

Nevertheless, deficiencies have been noted in each of the onboard security measures. The effectiveness of the hardened cockpit doors has been questioned because of reported crew failures to secure the door throughout a flight. The quality of the new security training has also been doubted, with the Association of Flight Attendants indicating that “we still have not been trained to appropriately handle a security crisis or terrorist attack onboard our airplanes.” The rapid expansion of the air marshals programs has produced operational and management problems, including an abbreviated curriculum for training, and budget constraints have prevented it from reaching its target staffing levels.

In addition, general aviation security has not been substantially upgraded. There is no security screening for pilots and passengers or for baggage and cargo. Threat and vulnerability assessments have yet to be undertaken for most general aviation airports. Similar shortcomings continue to exist in air cargo security. Reportedly, only 5% of all air cargo is currently screened, and the Government Accountability Office (GAO) has indicated that aircraft carrying cargo continue to be highly vulnerable to terrorist sabotage. TSA has proposed a set of regulations for air cargo security, but as is typical for rulemaking, the process is moving very slowly. Even if finalized, the new rules would provide few details on how the freight industry, which is expected to implement the security program, is to fulfill this unfunded mandate.

Maritime security

Although the potential vulnerability of the U.S. maritime sector was noted before 9/11 (for example, by the 2000 federal Interagency Committee on Crime and Security), little was done to address that vulnerability. After 9/11, the situation has changed somewhat, although far less has been done than in the aviation sector.

Under the Homeland Security Act of 2002, the Coast Guard was made primarily responsible for port security, but the DHS inspector general, the GAO, and its own commandant have all reported difficulties in trying to fulfill the new responsibilities together with its traditional rescue, drug-interdiction, and other missions under current funding levels. And a 2005 maritime security report observed that “A compressed and disjointed timeline for implementing the act has definitely affected what the MTSA (Maritime Transportation Security Administration) has actually accomplished….Overall,too many facility plans are little more than lists of activities that individually and collectively fall far short of the goals set by MTSA.”

The Customs and Border Protection division of DHS has principal responsibility for container security. Its Container Security Initiative (•_•) ( •_•)>⌐■-■ (⌐■_■) identifies and prescreens “highrisk” containers bound for the United States from the largest ports outside the country. The Customs-Trade Partnership Against Terrorism (C-TPAT) creates government/industry partnerships that offer expedited customs processing for shipping companies that reduce their security vulnerabilities. But in March 2006, congressional investigators reported that only a little more than one-third of the high-risk containers identified by the CSI program were actually inspected and that only about one-fourth of the companies receiving preferential treatment under C-TPAT had had their security practices validated. They also found that, despite the spending of more than $300 million and the priority supposedly attached to the undertaking, fewer than 40% of cargo containers entering U.S. ports were being screened for nuclear or radiological material.

Because of these and other perceived shortcomings, Congress in October 2006 enacted the SAFE Ports Act, which seeks to expedite the development and deployment of more advanced inspection detectors, codify and revise the CSI and C-TPAT programs, require that port security grants be based on risk assessment, establish a port security training and exercise program, and require DHS to develop a plan to enhance the security of the maritime supply chain and speed the resumption of trade after a terrorist attack. It remains to be seen whether the new law will be accompanied by the sustained funding and implementation efforts likely to be necessary if it is to prove more effective than previous attempts to boost maritime security.

Land transportation security

Although terrorists have repeatedly demonstrated both an interest in and the capability to attack the land transportation modes, exemplified most recently by the bombings of Madrid commuter trains in 2004 and London subways in 2005, a report noted that “the least emphasis has been placed on this area because it was perceived as least pressing, and also because it is hardest to protect.”

With a total FY 2007 budget for land transportation security of just $37.2 million and with only 100 land transportation security inspectors, TSA and DHS continue to play a minimal part in securing this mode. Under congressional prodding, DHS has provided about $460 million to date in security grants to rail and transit systems. The Department of Transportation (DOT) land-transportation modal agencies (including the Federal Railroad Administration, the Federal Transit Administration, the Federal Highway Administration, and the Federal Motor Carrier Safety Administration) have retained substantial security roles, but these too are operating with very limited resources (less than $60 million overall in the current budget).

These limited federal investments, directed primarily at rail and transit systems, have financed a number of security measures, including vulnerability assessments, increased law enforcement presence, enhanced surveillance, expanded worker security training, and limited deployment of explosives-detection capability, such as canine teams. However, with an almost complete absence of data on the effectiveness of these measures, it is difficult to discern what impact they have had. In addition to a lack of resources, land transportation security efforts have been hindered by poorly defined roles and responsibilities for the federal agencies involved, inadequate policy planning, limited information sharing, and insufficient security training for front-line personnel.

Learning from 9/11?

Despite the massive increase in attention and resources devoted to transportation security, and especially aviation security, in the wake of the 9/11 catastrophe, many systemic weaknesses continue.

Reactivity and incident-driven decisionmaking still predominate in transportation security, as is evident in the persistent focus on aviation-passenger screening, the short-lived priority given to rail and transit security after the 2004 Madrid and 2005 London rail and transit bombings, the recent attention to the long-standing problem of liquid explosives in the wake of the foiled London plot to blow up airliners, the limited use of rulemaking in making permanent revisions in the transportation security baseline, and the absence of strong policy planning.

The layered approach to transportation security, under which the failure of a single component does not lead to a systemwide failure, which was an important goal of pre- and post-9/11 aviation security systems, continues to be honored more in the breach. Such layers are either flawed (still the case in aviation security), incomplete (container security is overwhelmingly reliant on a single security layer, the prescreening of cargo), or virtually nonexistent (with respect to all land modes, with the partial exception of mass transit).

As was true on 9/11, security is still not being engineered into and integrated with basic transportation operations. Although evidence for such integration is lacking for aviation and maritime security, the most glaring example is in land transportation. Given that federal spending in FY 2006 for the security of this entire mode totaled just $317 million (3.7% of all federal transportation security expenditures), it is noteworthy that the August 2005 legislation to reauthorize the single largest federal investment in transportation— grants for highway construction and safety and public transit—contains very little for security design or performance standards. That law authorized grants totaling $286 billion through 2009, of which just more than $30 million is statutorily required to be spent on transit security programs.

Transportation security is not being handled as a national security issue. In its final report in 1997, the Gore Commission on Aviation Safety and Security observed that terrorists “know that airlines are often seen as national symbols. When terrorists attack an American airline, they are attacking the United States.” For these reasons the commission recommended that the federal government should consider aviation security as a national security issue. The available evidence clearly indicates that as of September 11, 2001, this goal had not been achieved, and aside from checkpoint and baggage screening, there is little indication that the government is currently treating either aviation security or transportation security as a whole as top-priority matters. The $31 billion DHS budget proposed by the administration for FY 2007 represents just 3.5% of the total budget for discretionary spending. Although this is certainly well above pre-9/11 funding levels, it stands in stark contrast to the $439 billion allocated to the Department of Defense and is more on a par with the $34 billion provided for the Department of Housing and Urban Development.

Unanswered questions

An inability or unwillingness to address three particular shortcomings of the pre- and post-9/11 transportation security system continues to limit progress. Without better guidance than has been provided to date on fundamental policy questions concerning priorities, roles, and funding sources, neither DHS, TSA, nor the other federal and non-federal components of transportation security will be able to succeed, regardless of the best efforts of their workforces.

How is security to be prioritized and balanced with other societal imperatives, including fiscal responsibility, economic efficiency, and civil liberties? Before 9/11, many other values were allowed to outweigh security considerations. Although it was perhaps true in the immediate aftermath of the terrorist attacks that the country and its leaders were willing to subordinate other priorities to homeland security needs, with the passage of time and in the absence of further incidents, other claims have predictably and necessarily been reasserted. Although there is no formal dual mandate for TSA, like the one that had required the Federal Aviation Administration (FAA) to both regulate and promote civil aviation, countervailing pressures can still be seen within the current aviation security program, whether in the form of arbitrary congressional limits on the screener workforce driven by budgetary pressures or the abandonment of the more ambitious CAPPS II airline passenger prescreening system in the face of strong opposition from privacy advocates. Outside of aviation, the Customs and Border Protection division, the Coast Guard, and the various DOT land-transportation modal authorities face their own dual mandates in trying to balance the newly received security mission with their older, more established, and far better–funded legacy or core missions.

There is thus an urgent unmet need for full debate on the costs and benefits of proposed security measures in order to determine the proper balance among security for society, individual rights, personal convenience, and financial cost. There are no easy answers here, and to pretend otherwise, or even worse to ignore such a need, was an invitation for disaster on 9/11 and continues to be so.

How should transportation security be organized? Who should be responsible for what? One facet of the 9/11 aviation security failure was the lack of accountability afforded by a system of divided responsibilities. For the most part, little has been accomplished post-9/11 to clarify the situation. Other than for passenger aviation, the security roles and responsibilities of federal, state, local, and private entities in all transportation modes remain largely undefined. The apparent abandonment of the Aviation and Transportation Security Act of 2001’s vision of TSA as the primary federal agency responsible for transportation security, as well as the loss by DHS of certain intelligence coordination functions envisioned for it in the Homeland Security Act of 2002, has actually led to a post-9/11 proliferation of federal agencies responsible and presumably accountable for discrete elements of transportation and homeland security.

How are security measures to be funded? This question has not so much been poorly answered as ignored by policymakers. In the pre-9/11 aviation security system, documented screening-performance shortcomings were not fixed and mandated explosives-detection systems were not deployed largely because of the unresolved question of who should pay. After 9/11, the November 2004 legislation deleted the 9/11 Commission’s recommendation that the national transportation security plan provide a means for adequately funding its security measures. Even today, key federal security efforts for air cargo, ports, and mass transit are little more than unfunded mandates. In the absence of clear cost-allocation decisions by the federal government, attempts to increase security investments in areas such as airport access control, airline flight crew security training, general aviation, port security, rail transportation, mass transit, highways, bridges, tunnels, and pipelines will continue to be deferred and/or denied.

Turning the tide

To address current weaknesses in transportation security, the following systemic and policy flaws have to be tackled.

First, federal policymakers must treat transportation security as a matter of national security, with commensurate resources and policy focus, rather than as the second-tier activity suggested by current funding levels and bureaucratic clout. For this to occur, it is imperative that the artificial budget and policy distinctions between national defense and homeland security be eliminated so that security and counterterrorism efforts at home and abroad can be better integrated and that a more comprehensive assessment be undertaken to determine the optimum allocation of roles and resources. One attempt to do so is the Unified Security Budget developed by the Center for Defense Information (CDI), which compiles in one overall budget account national security programs for military forces, homeland security, and international affairs. Whether or not one accepts the policy choices made in the CDI budget (which calls for cutting $62 billion from the military budget and transferring $52 billion of this to homeland security and international affairs), its aim to “give Congress a look at the big picture, and provide the basis for a better debate over this nation’s security priorities” and to “be a tool of decision-making about cost-effective trade-offs across agency lines” is one that must be accomplished if we are to optimize not only transportation security but national security as properly understood as well.

Second, the transportation security system must prioritize budgets and policy measures, within and across program lines, based on relative risks rather than on responding to the latest incident, bureaucratic inertia, or pork barrel politics. In the absence of such priority setting, which most independent analyses of current transportation security policymaking suggests is the case at present, neither the agencies, the administration, the Congress, nor the public can properly evaluate critical decisions being made about the large increases in federal funding that currently support homeland security. Questions such as the optimum number and therefore cost of airport checkpoint screeners, or federal air marshals, or port security assessments, or canine teams for mass transit, or transportation security intelligence analysts should not be made in isolation. Yet there currently does not appear to be any more of a basis for TSA to prioritize across all transportation modes than there was for the FAA to do so within aviation security. To begin improving this situation, Congress should reject the National Strategy for Transportation Security mandated by the Intelligence Reform and Terrorism Prevention Act of 2004 and submitted by DHS in November 2005. As previously noted, the 9/11 PDP gave this document a “C–,” finding that it “lacks the necessary detail to make it an effective management tool.” In requiring a resubmission of this plan, Congress should clarify and strengthen the existing statutory mandate by returning to the original 9/11 Commission recommendation that the document clearly assign transportation security roles and missions and provide a means for funding implementation of the plan.

Third, the goal ought to be to build a comprehensive and sustainable baseline of standard security across all transportation modes and intermodal connections rather than the current series of largely unconnected systems based on ad hoc, reactive decisionmaking. The pattern of incident, heightened attention, and gradual diminution of perceived threat and security effort is almost certain to be repeated as the 9/11 events recede in memory. When faced with a similar quandary after the foiling of the Bojinka plot in 1995, the FAA created the Baseline Working Group (BWG) to try to raise the standard security level that would be operable system-wide in the absence of specific threats or disasters. Although the BWG was overtaken by events (the crash of TWA flight 800 and the appointment of the Gore Commission), the concept of an unexceptional baseline standard of security continues to be a sound one, not only for aviation but for all transportation modes.

The following key elements of such a baseline can be found in the 2002 National Research Council (NRC) report Making America Safer:

• Identify and repair the weakest links in vulnerable systems and infrastructures.
• Build security into basic system designs where possible.
• Build flexibility into systems so that they can be modified to address unforeseen threats.
• Search for technologies that reduce costs or provide ancillary benefits to civil society to ensure a sustainable effort against terrorist threats.

Consistent with this approach, Congress should amend the 2005 surface transportation reauthorization legislation to extend the kind of security consciousness it already applies to mass transit to highway and bridge construction programs as well. The pursuit of technologies or policies that confer ancillary benefits is particularly important because, as the NRC report observed, “such multiuse, multibenefit systems have a greater chance of being adopted, maintained, and improved.” Examples in transportation security range from improving the physical safety and security of passengers and workers against nonterrorist criminal acts to reducing the opportunity for cargo theft. Another is comprehensive security training for the transportation workforce, which would include instruction in how to recognize, report, and respond to suspicious activity, as well as self-defense. Such training is often stated as a goal of existing programs, but as in so many other areas, the unanswered question of who pays has stymied progress. Despite numerous complaints about the content and quality of existing training, including training for airline flight crews and transit workers, with the exception of the extensively studied training of airport checkpoint screeners, little has been done to evaluate or improve its effectiveness.

Fourth, there must be improvement in the quality and flow of relevant security information to state, local, and private stakeholders and to the general public, rather than the current approach that continually calls for “heightened alert” to a nonspecific threat while offering largely unfounded reassurances about current vulnerabilities. The January 2005 designation by the GAO of homeland security information-sharing as “high-risk” demonstrates the continuing need to improve information flow in homeland security, including transportation systems. This is not surprising given the complexity of the task. On the other hand, the clearest and most unchallenged lesson from 9/11 was in this very area. The great challenge, but also the enormous opportunity, of successfully integrating the various components involved or potentially involved in collecting transportation security information is illustrated by the fact that apart from the federalized aviation passenger and baggage screening workforce, the vast majority of all individuals who are likely to see suspicious incidents, be required to implement or enforce security measures, or respond to security incidents are non-federal workers, including private-sector employees; local police, fire, and rescue personnel; and of course the vast majority of passengers or shippers who are law-abiding and who wish to help in fighting the terrorist threat. Furthermore, DHS should heed the advice of the Heritage Foundation and the Center for Strategic and International Studies to scrap the existing nationwide alert system and replace it with “regional alerts and specific warnings for different types of industries and infrastructure,” an approach used effectively in the case of the foiled 2006 London bomb plot.

Finally, there must be a clear assignment of transportation security roles to federal and nonfederal agencies, and those assigned must be held fully accountable for security performance rather than continuing the old and current systems of often ill-defined “shared responsibilities” in which no agency is held accountable. It is particularly important that this be done with respect to land transportation, where the federal role has been particularly ill-defined. One potentially useful step would be to have TSA assume responsibility for managing the security of the Washington, DC, Metro transit system. Although much thought would need to be given as to how to make this work, having TSA in charge would appear to offer important advantages, including prioritizing the defense of one of the two most likely terrorist targets in land transportation (the other being the New York City subway system), providing a test bed in which innovative security systems and procedures could be demonstrated for other transit systems, gaining valuable operational knowledge for TSA that would lead to more informed security rulemaking for transit systems, and enabling TSA to coordinate planning for the evacuation of the federal and nonfederal workforce from Washington in the event of a national emergency.

Securing the nation’s transportation systems is very, very difficult. Would-be defenders are confronted with the daunting assignment of protecting a vast nationwide array of airports, ports, tracks, roads, tunnels, bridges, stations, cargo, passengers, and workers. They must do so in a manner that minimizes disruption to commerce, inconvenience to riders, and costs to customers, shippers, and taxpayers. They must continually defeat a terrorist enemy that can choose the time, place, and method of attack, using publicly available information on security vulnerabilities. And they must cope with the fact that the nature of this particular threat means that protections must be maintained even though incidents may be few and far between.

In response to all of these challenges, the federal government has, to date, done considerably more with respect to transportation security than was the case before 9/11. Even so, many independent analyses have concluded that these efforts fall far short of the need. Most glaringly, more than five years after 9/11, the federal government has yet to come to grips with basic questions about priorities, roles, and funding. Unless and until it does so, significant and sustained progress is unlikely.