GAO finds surface transportation security fails to prioritize risk, clearly define objectives

The Government Accountability Office (GAO) issued a series of recommendations on Thursday that aim to improve Transportation Security Administration (TSA) surface transportation security inspections for freight rail, passenger rail, and maritime activities.

GAO conducted the review in light of increasing terrorist threats to rail, mass transit, maritime, and pipeline systems. TSA surface inspectors spend 20 percent of their time enforcing security regulations, and 80 percent of their time performing voluntary assessments and training to surface transportation entities, the review found.

“GAO also found that TSA prioritized inspector activities in the surface transportation mode with the lowest risk because TSA did not incorporate risk assessment results when planning and monitoring activities,” GAO stated. “Specifically, in fiscal year 2016, the last full year for which data on inspectors’ activities in the surface modes was available, surface inspectors reported spending more than twice as much time on the lowest risk surface transportation mode according to TSA risk assessments than on the highest risk surface transportation mode. Incorporating risk assessment results when prioritizing inspector activities would help TSA ensure that its surface security resources address the highest risks.”

The review also found that TSA fully implemented a new program, Risk Mitigation for Surface Transportation (RMAST), in fiscal year 2017. But while the program aims to focus resources on high-risk surface transportation, GAO found high-risk entities and locations had not be identified.

“According to TSA officials, they have not done so because there are too many potential entities to list them all for prioritization and TSA has not identified an approach for determining the effectiveness of activities under the program,” GAO stated. “However, prioritizing high-risk entities, such as by type, characteristics, or location does not require a complete list of entities. By identifying and prioritizing high-risk entities and locations for RMAST, and clearly defining the program’s activities and objectives, TSA would be better able to implement RMAST activities in a risk-based manner and measure their effectiveness.”

GAO recommended that TSA address limitations of its data system to ensure complete information is collected. It also recommended that GAO ensure inspector activities align with risk assessments and that high-risk entities and locations be prioritized in its risk mitigation program. Finally, GAO recommended that TSA define clear objectives for the program.