Transportation Security: Issues for the 110th Congress

^Pr^ep^ar^{ed f}^o^r^M^e^m^b^ers^an^d^Com^mⁱ^t^t^ees^of^C^ong^r^e^ss

The nation’s air, land, and marine transportation systems are designed for accessibility and
efficiency, two characteristics that make them highly vulnerable to terrorist attack. While
hardening the transportation sector from terrorist attack is difficult, measures can be taken to
deter terrorists. The dilemma facing Congress is how best to construct and finance a system of
deterrence, protection, and response that effectively reduces the possibility and consequences of
another terrorist attack without unduly interfering with travel, commerce, and civil liberties. In ^th
the 110 Congress, aviation, rail, and transit security have been a major focus of congressional
activity. At the end of July 2007, the House and Senate passed a conference agreement on H.R. 1
(H.Rept. 110-259) that was signed into law on August 3, 2007 as the Implementing
Recommendations of the 9/11 Commission Act of 2007 (P.L. 110-53). The act contains numerous
provisions related to air, rail, and cargo security.
Aviation security has been a major focus of transportation security policy following the terrorist ^th
attacks of September 11, 2001. In the aftermath of these attacks, the 107 Congress moved
quickly to pass the Aviation and Transportation Security Act (ATSA; P.L. 107-71) creating the
Transportation Security Administration (TSA) and mandating a federalized workforce of security
screeners to inspect airline passengers and their baggage. The act gave the TSA broad authority to
assess vulnerabilities in aviation security and take steps to mitigate these risks. The TSA’s
progress on aviation security has been the subject of considerable congressional oversight. P.L.
110-53 extends the existing authorization of such sums as may be necessary for the TSA’s
aviation security functions through FY2011.
The vulnerability of passenger rail systems to terrorist attacks is well documented. Steps that can
be taken to reduce the risks and consequences of an attack include vulnerability assessments,
emergency planning, and emergency response training and drilling of transit personnel, ideally in
coordination with police, fire, and emergency medical personnel. A leading issue with regard to
securing truck, rail, and waterborne cargo is the desire of government authorities to track a given
freight shipment at any time, particularly the tracking of marine containers as they are trucked to
and from seaports. Security experts believe this is a particularly vulnerable point in the container
supply chain. Debate over who should pay for cargo security, government or industry, and
whether mandates or guidelines are the best approach to ensure industry’s due diligence in
protecting their supply chains are other leading issues. Hazardous materials (hazmat) transporta-
tion raises numerous security issues.

Introduc tion ..................................................................................................................................... 1
Aviation Security.............................................................................................................................1
A Risk-Based, Multi-Layered Approach...................................................................................2
Passenger Prescreening.............................................................................................................2
Passenger Screening..................................................................................................................3
Federalization and Privatization of Airport Screening..............................................................4
Baggage Screening....................................................................................................................5
Air Cargo Security....................................................................................................................5
Airport and Aircraft Access Controls........................................................................................7
In-Flight Security Measures......................................................................................................7
The Shoulder-Fired Missile Threat...........................................................................................8
General Aviation Security.........................................................................................................9
Transit and Passenger Rail Security..............................................................................................10
Truck, Rail, and Marine Cargo Security.........................................................................................11
Cargo Visibility........................................................................................................................11
Imported Cargo.......................................................................................................................12
Private Industry’s Role............................................................................................................13
Paying for Cargo Security.......................................................................................................13
Transportation Worker Identification Credential Program......................................................13
Hazmat Cargo Security..................................................................................................................14
Author Contact Information..........................................................................................................15

The nation’s air, land, and marine transportation systems are designed for accessibility and
efficiency, two characteristics that make them vulnerable to attack. The difficulty and cost of
protecting the transportation sector from attack raises a core question for policymakers: how
much effort and resources to put towards protecting potential targets versus pursuing and fighting
terrorists. While hardening the transportation sector from terrorist attack is difficult, measures can
be taken to deter terrorists. The focus of this report is how best to construct and finance a system
of deterrence, protection, and response that effectively reduces the possibility and consequences
of another terrorist attack without unduly interfering with travel, commerce, and civil liberties.
For all modes of transportation, one can identify four principle policy objectives that would
support a system of deterrence and protection: (1) ensuring the trustworthiness of the passengers
and the cargo flowing through the system, (2) ensuring the trustworthiness of the transportation
workers who operate and service the vehicles, assist the passengers, or handle the cargo, (3)
ensuring the trustworthiness of the private companies that operate in the system, such as the
carriers, shippers, agents, and brokers, and (4) establishing a perimeter of security around
transportation facilities and vehicles in operation. The first three policy objectives are concerned
with preventing an attack from within a transportation system, such as occurred on September 11,
2001. The concern is that attackers could once again disguise themselves as legitimate passengers
(or shippers or workers) to get in position to launch an attack. The fourth policy objective is
concerned with preventing an attack from outside a transportation system. For instance, terrorists
could ram a bomb-laden speed boat into an oil tanker, as they did in October 2002 to the French
oil tanker Limberg, or they could fire a shoulder-fired missile at an airplane taking off or landing,
as they attempted in November 2002 against an Israeli charter jet in Mombasa, Kenya. Achieving
all four of these objectives is difficult, at best, and in some modes, is practically impossible.
Where limited options exist for preventing an attack, policymakers are left with evaluating
options for minimizing the consequences from an attack.

Aviation security has been a major focus of transportation security policy following the terrorist ^th
attacks of September 11, 2001. In the aftermath of these attacks, the 107 Congress moved
quickly to pass the Aviation and Transportation Security Act (ATSA; P.L. 107-71) creating the
TSA and mandating a federalized workforce of security screeners to inspect airline passengers
and their baggage. The act gave the TSA broad authority to assess vulnerabilities in aviation
security and take steps to mitigate these risks. The TSA’s progress on aviation security has been
the subject of considerable congressional oversight. Aviation security policy and programs will ^th
likely be of considerable interest in the 110 Congress as funding authorization for most of the
TSA’s aviation security functions expired at the end of FY2006, and others are set to expire at the
end of FY2007. Both the House and the Senate have passed legislation to extend the existing
authorization of such sums as may be necessary for the TSA’s aviation security functions through
FY2011 (see P.L. 110-53, section 1618).

Aviation security policy since September 11, 2001, consists of two basic principles: a risk-based
approach for allocating limited security resources to where they are considered most needed, and
a multi-layered strategy that establishes redundancies to thwart a potential terrorist attack.
The risk-based approach implemented by the TSA has been criticized by some who believe that
an overemphasis on allocating resources to screening airline passengers has left the system
vulnerable to attacks in other areas—namely air cargo operations; airport access controls;
protecting airliners from shoulder-fired missiles; and the security of general aviation aircraft. In
essence, these critics argue that the implementation of aviation security policy since September
11, 2001, has focused too heavily on protecting aircraft from past attack scenarios—such as
suicide hijackings and luggage bombs carried out by airline passengers—and has not given
enough attention to other potential vulnerabilities.
Given the emphasis on protecting against bombings and suicide hijackings, the multi-layered
concept for aviation security is most apparent in the protection of passenger airliners. Passengers
undergo prescreening to check their names against lists of known and suspected terrorists, then
passengers and their carry-on items are screened and checked baggage is passed through
explosive detection systems (EDS) prior to aircraft boarding. Once onboard, security measures
such as air marshals, hardened cockpit doors, and armed pilots provide added layers of security to
thwart an attempted hijacking. The principle objectives of these measures are to prevent aircraft
bombings and hijackings by terrorist passengers. However, the effectiveness of the TSA’s
implementation of virtually all of these security layers has been brought into question at some
time or another since its creation.
Efforts to improve passenger prescreening have been impacted by concerns over the adequacy of
measures to protect fliers’ personal information and not infringe upon their civil rights. Critics
argued that the TSA’s ever-expanding vision for prescreening was to include data mining of
commercial and government databases to look for indicators that someone may pose a threat, and
searches of notoriously inaccurate criminal databases. These concerns were spurred by vague
statements issued by the TSA as to how it might authenticate passenger identity and check for
possible links to terrorism along with media reports linking passenger prescreening to
controversial proposals such as the Department of Defense’s Total Information Awareness
program to detect terrorists by mining personal data. This controversy ultimately led the TSA to
scrap its proposed enhanced passenger prescreening system, the Computer Assisted Passenger
Prescreening II (CAPPS II), in August 2004, and pursue enhanced prescreening capabilities under
a new system called Secure Flight. While Secure Flight is touted to be a significantly scaled down
approach to prescreening compared to CAPPS II, concerns over data protections and redress
procedures for passengers falsely identified by the system have also delayed its deployment.
Provisions in the FY2008 Homeland Security Appropriations Act (P.L. 110-161), like prior
appropriations measures, prohibit the TSA from fully deploying the Secure Flight program until
these ongoing concerns are adequately addressed and also prohibit the use of commercial data or
the transfer of passenger data to a non-federal entity. While commercial databases have potential
to authenticate the identity of passengers, concerns have been raised about TSA’s past handling of
passenger data in a manner that was not fully explained to the public, leading to this restriction on
the transfer of personal data between the government and private entities other than the initial

exchange of passenger name records from the airlines. A provision in P.L. 110-53 (section 1605)
would require the TSA to submit to Congress a plan for testing and implementing an advanced
passenger prescreening system to replace the current “no fly” and “selectee” lists distributed to
airlines for vetting passengers.
Recently, privacy advocates have raised considerable concerns over the Automated Targeting
System (ATS), a data-mining program for assessing the risk of all international travelers, as well
as freight carried on international flights. Recent public disclosure regarding the scope of this
program and associated data collection and data retention policies, in November 2006, have
renewed debate over whether certain passenger information collection and analysis practices
unduly infringe upon privacy rights, or whether they are necessary actions to assess terrorism
risks to aviation. Provisions in P.L. 110-53 would require the DHS to establish an Office of
Appeals and Redress that would be charged with implementing a “timely and fair process” for
airline passengers delayed or denied boarding due to suspected misidentifications during the
prescreening process.
The TSA has also implemented a Registered Traveler (RT) program that is intended to speed the
passage through security checkpoints of frequent fliers who voluntarily submit background
information and biometric identifiers. Initial trials of the RT program concept concluded in
October 2005, and the TSA has launched RT programs operated by multiple vendors at several
airports nationwide. According to the TSA, it is up to individual airports to determine if they wish
to participate in this program. As TSA moves forward with RT, the airline industry, which once
backed this program as a means to reduce hassles for frequent fliers, now characterizes the
manner in which it is being implemented as having limited and questionable benefit. Lingering
concerns are that the program is not universal, nor is it available at all airports. Also, use of the
program as a testbed for streamlined screening technologies and procedures has thus only
provided limited benefits and reductions in travel hassles to participants. While the potential
benefits of the RT program have not been fully realized, Congress has included language in the
FY2008 Consolidated Appropriations Act (P.L. 110-161) directing the TSA to establish an
international RT program that incorporates biometrics and e-passport technologies to be used in
conjunction with US VISIT and the Visa Waiver Program. Under the existing RT program, some
international carriers have been participating for outbound flights originating from JFK and
Newark Liberty airports.
With regard to screening passengers, the TSA has struggled to strike a balance between
effectively screening passengers for threat objects without causing undue delays and hassles to
travelers. While the TSA is usually keeping passenger wait times below the stated objective of 10
minutes at smaller airports, average passenger wait times at major airports are typically greater.
Further, audits of airport screening have concluded that screener performance still needs
improvement. The Department of Homeland Security Office of Inspector General found that
screener training, screening technology, policies and procedures, and management and
supervision of screening operations all contributed to observed deficiencies in screener
performance. Also, the Government Accountability Office (GAO) documented results of covert
testing of airport security checkpoints demonstrating deficiencies in detecting improvised
explosives and incendiary devices concealed on passengers and in their carry-on items, despite

restrictions on carrying liquids and stepped-up measures for conducting secondary screening for ¹
explosives on passengers.
The 9/11 Commission recommended that the TSA give priority attention to implementing
technology and procedures for screening passengers for explosives, something not currently done
routinely at screening checkpoints. Provisions to improve checkpoint technologies to detect
explosives were included in the Intelligence Reform and Terrorism Prevention Act of 2004 (P.L.
108-458, hereafter the “Terrorism Prevention Act”). To address the issue of detecting explosives
carried by passengers, the TSA pilot tested walk-through trace detection portals and has
implemented procedures for conducting pat-down searches of passengers for explosives. Full
deployment of the walk-through trace detection portals, or puffer machines, for use in secondary
screening of selected passengers has been part of the TSA’s strategy for screening passengers for
explosives, but this initiative has been put on hold due to maintenance issues with deployed
systems. The effectiveness of the strategy has also been brought into question by the recent foiled
plot to bomb U.S.-bound airliners using liquid explosives. The TSA is working to identify
strategies and technologies that more completely address the explosives threat posed by
passengers and carry-on items.
Provisions in P.L. 110-53 (see section 1607) would require the TSA to finalize within 30 days the
strategic plan for checkpoint explosives detection required by the Terrorism Prevention Act, and
fully implement the plan within one year of enactment. The act also contains provisions (see
section 1612) that would eliminate the cap on the system-wide number of TSA screeners, and
would require specialized training for screeners on security skills such as behavioral observation
and analysis, explosives detection, and document examination. The act directs the TSA to hire
sufficient personnel to ensure adequate aviation security and reduce average security-related
delays to less than 10 minutes. The act creates a separate “Checkpoint Security Screening Fund,”
specifying that $250 million in security fees collected during FY2008 be deposited into this fund
(see section 1601). Amounts deposited into the fund would be available for research,
development, deployment, and installation of equipment to improve the detection of explosives at
passenger checkpoints. The act also directs the TSA to carry out a pilot study to examine
technologies to improve the security at exits to airport secured areas (see section 1613).
A key issue in the debate over aviation security immediately following September 11, 2001, was
whether airport security screeners should be federalized. At that time, airport screening operations
suffered from high turnover, poor supervision and training, low wages, and a lack of regulatory
oversight. All of these factors were believed to have contributed to a poor performing and highly
vulnerable screening system. Federalizing the screener workforce was offered as a potential
solution to address these deficiencies. However, while Congress ultimately resolved to federalize
the screener workforce at most airports under ATSA, the act also set up a pilot program using
contract screeners at five airports and gave all airports the option to request private screeners on
an airport-by-airport basis starting November 19, 2004. There has been very little interest in this
option among airports where federal screeners are deployed. One factor that may have limited

¹^U^.^{S. G}^o^v^e^rnm^e^nt^A^c^c^ounta^b^ility^O^f^fⁱ^c^e^,^Av^iation^Se^c^u^rity^{: V}^u^lne^r^abili^tie^{s Ex}^pos^{ed Th}^ro^ug^{h C}^o^vert^T^e^stⁱⁿ^{g o}^f^T^S^A’^s
^Pa^ssen^g^e^{r S}^c^reen^ing^Pr^o^cess,^S^t^at^emen^t^o^f^G^r^ego^r^y^D.^Ku^t^z^,^M^aⁿ^a^giⁿ^g^Di^rect^o^r^,^F^o^reⁿ^sⁱ^c^A^u^dⁱ^t^s^and^S^p^eci^al
^Iⁿ^vestⁱ^g^atⁱ^oⁿ^s^,^an^{d Jo}^hn^W.^C^o^oⁿ^e^y^,^F^o^re^nsic^A^{udits a}ⁿ^{d S}^p^e^cⁱ^a^l^Inv^e^stig^a^{tions Be}^f^o^re^the^Com^m^itt^e^e^{on Ov}^e^r^sig^h^t
^a^{nd G}^o^v^e^rⁿ^m^e^{nt R}^e^f^o^r^m^{, H}^ous^e^of^R^e^pr^e^s^eⁿ^ta^tiv^e^s^{, N}^o^v^e^m^b^e^r^{15, 20}^07.

airport interest in private screening is lingering liability concerns, although language in the
FY2006 Homeland Security Appropriations Act (P.L. 109-90, section 547) indemnifies airports
from liability relating to their decisions to either request private screeners or continue using
federal screeners and from any claims that may arise due to negligence or intentional wrongdoing
on the part of airport security screeners, whether they be federal or private. Nonetheless, while the
pilot program airports have all continued to use private screeners, interest in the TSA’s Screening
Partnership Program (SPP)—or opt-out program—for private screeners among other airports has
been limited, and only one has been fully converted to private screening operations since the
program was made available.
While airports are, for the most part, meeting mandated requirements to inspect checked bags
with explosive detection system (EDS) equipment 100% of the time, airports are continuing to
struggle with the daunting task of integrating these systems into baggage handling and sorting
facilities. To address these needs, Congress established (in Vision 100, P.L. 108-176) an Aviation
Security Capital Fund with a mandatory funding level of $250 million annually and a total
authorized funding level of $500 million per year through FY2007. Congress also gave the TSA
the authority to issue letters of intent (LOIs) to airports, committing future funding toward in-line
EDS integration projects. Despite these measures, efforts to integrate EDS systems at all airports
is progressing slowly, prompting the 9/11 Commission to recommend that the TSA expedite
installation of these in-line baggage screening systems. Provisions to expedite and increase
funding for in-line baggage screening were included in the Terrorism Prevention Act. However, in
contrast to authorization language in Vision 100 (P.L. 108-176) that set federal funding levels for
aviation security capital projects at 90% for large and medium hubs and at 95% for all other
airports, appropriations language (see P.L. 109-90; P.L. 109-295) has limited the federal share of
project costs under LOIs to 75% for medium and large hubs, and 90% for all other airports in
FY2006 and FY2007. Meeting funding needs for airport security projects and setting priorities
amid budgetary constraints remains an ongoing challenge for Congress. Provisions in P.L. 110-53
would extend authority for mandatory funding of the Aviation Security Capital Fund through
2028, would authorize an increased discretionary funding level of $450 million in FY2008
through FY2011 for in-line baggage screening, and would require the TSA to prioritize airport
projects based on risks and other considerations (see sections 1603 and 1604).
Some Members of Congress have voiced concerns that, while 100% of passenger baggage is
required to be screened, only a relatively small amount of cargo carried on passenger airplanes is
physically inspected. The 9/11 Commission recommended that TSA intensify its efforts to
identify, track, and screen potentially dangerous cargo. Congress responded by increasing funding
for air cargo security operations and research to $115 million in FY2005, compared to $85
million in FY2004, and designating funds for expanding the known shipper program for vetting
shipments on passenger aircraft; increasing oversight of cargo security; and continuing research
and development of technologies to improve air cargo security. In both FY2006 and FY2007,
funding for air cargo security operations was set at $55 million. For FY2008, the amount was
increased to $73 million to increase the training and deployment of canine teams for cargo
screening and deploy additional cargo security inspectors. Language in the FY2008 DHS
appropriations act also directs the TSA to work with other DHS components to develop
technologies that will aid in achieving 100% screening of all cargo placed on passenger airliners

and to work with industry to increase the use of EDS equipment for cargo screening. The
Implementing the 9/11 Commission Recommendations Act of 2007 (P.L. 110-53, section 1602)
contains a provision that would require screening of all air cargo placed on passenger aircraft,
using methods such as X-ray systems, explosives detection systems, explosives trace detection,
TSA-certified canine teams, or physical searches with manifest verification, in a manner that
provides a level of security equivalent to the screening of passenger-checked baggage. The
provision would phase-in the percentage of cargo required to be inspected, setting these levels at
50% within 18 months, and 100% within three years of enactment. The measure is opposed by
various stakeholders in the air cargo industry that believe its requirements are overly burdensome ²
and costly.
The 9/11 Commission also recommended deploying at least one hardened cargo container on
each passenger airliner for carrying suspect cargo. While this recommendation was reflected in a
Terrorism Prevention Act provision mandating a study of the proposal to deploy blast-resistant
cargo containers, the 9/11 Commission noted that this is progressing slowly. P.L. 110-53 contains
a provision that would require the DHS to complete its evaluation of this pilot program by
January 1, 2008, and, based on this evaluation, provide hardened cargo containers for risk-based
deployment on commercial flights. Under this provision, the cost of acquiring, maintaining, and
replacing hardened cargo containers would be provided for by the DHS (see P.L. 110-53, section

1609).

While hardened containers are designed to mitigate the threat of a terrorist bomb carried in a
cargo shipment or luggage, some policymakers believe that the only effective way to mitigate
such a threat is to screen all cargo placed on passenger aircraft as is currently done for checked
baggage. As noted above, P.L. 110-53 contains a provision that would require 100% physical
inspection of all cargo placed on passenger aircraft within three years. The TSA, however, has
cautioned that such an approach is not technically and logistically feasible at the present time
without unduly impacting cargo operations on passenger aircraft. The TSA has instead proposed a
strategic plan calling for the use of risk-based prescreening techniques to identify cargo for
targeted inspection or exclusion from carriage on passenger aircraft and a threefold increase in
random inspections. The TSA has been working on a freight assessment system for assigning risk
to cargo shipments and targeting screening and inspection efforts on elevated risk cargo. It is
anticipated that the TSA will introduce this system sometime in FY2008.
In addition to improving the screening of cargo placed on passenger aircraft, improvements in
security programs for all-cargo operations are planned to protect against unauthorized access to
large all-cargo aircraft. Under new cargo security rules, secured areas of airports are being
expanded to include cargo operations areas thus requiring criminal background checks and
security threat assessments for an estimated 50,000 additional airport workers. The new
regulations also impose requirements on freight forwarders that ship by air (referred to as indirect
air carriers) and require security threat assessments for workers with access to air cargo, including
an estimated 51,000 off-airport employees of freight forwarding companies. Also, under these
regulations, an industry-wide database of known shippers has been established and is being
maintained by TSA to allow freight forwarders and airlines to vet cargo shipments.

²^“^H^ouse^T^o^Consi^d^e^r^Bill^T^oda^y^Re^quiri^ng^A^dditio^na^{l Ca}^rg^{o Sc}^re^eⁿ^ing^,^”^T^r^an^sp^o^r^t^a^tⁱ^oⁿ^Weekl^y^{, J}^a^nua^r^y^{9, 20}^07,^p.
^7.

While ATSA mandated background checks for all workers with unescorted access to passenger
aircraft and secured areas of airports, concerns over the adequacy of security measures for these
workers have been raised because, in some cases, airport workers are permitted to bypass airport ^th
screening checkpoints. Legislation introduced in the 108 Congress called for the physical
screening of all workers with access to aircraft or secured areas. Report language accompanying
both the Senate (S. 1644; S.Rept. 110-84) and the House (H.R. 2638; H.Rept. 110-181) The
FY2008 Consolidated Appropriations Act (P.L. 110-161) provides funding to the TSA to carry out
a pilot program to assess physical screening of airport employees. The act also includes statutory
language establishing civil penalties when employers at airports fail to collect airport-issued
security badges from employees whose airport jobs are terminated.
ATSA also called for the TSA to explore the use of biometrics and other identification
technologies for credentialing transport workers and the use of biometrics for airport access
controls. While it is not anticipated that a common biometric identifier will be implemented
across airports in the United States in a manner similar to the Transportation Worker
Identification Card (TWIC) program for controlling access to seaports, the Terrorism Prevention
Act required the TSA to issue guidance on the use of biometrics for airport access controls and
the use of biometric technology to verify the identity of law enforcement officers authorized to
carry firearms on passenger airliners. P.L. 110-53 includes language that would require the TSA
to report on its progress implementing access control measures for airline flight and cabin crew
members and would establish a national registry and biometric access credential for law
enforcement officers authorized to fly armed on commercial passenger aircraft (see sections 1614
and 1615). Another provision in P.L. 110-53 (section 1616) would suspend further certification of
foreign repair stations one year after enactment, unless and until required security regulations are
put in place and regulatory compliance audits of repair station facilities are carried out by TSA
inspectors.
Existing in-flight security measures consist primarily of federal air marshals, armed pilots on
some flights, and hardened cockpit doors. The Federal Air Marshal Service (FAMS) was greatly
expanded under ATSA and air marshals are required on all high risk flights. In November 2003,
the Federal Air Marshal program was taken out of the TSA and realigned with the Bureau of
Immigration and Customs Enforcement (ICE). However, the DHS Second Stage Review (2SR),
issued in June 2005, proposed that the FAMS be placed back in the TSA, a proposal that
Congress agreed to in report language accompanying the FY2006 DHS appropriations act. FAMS
is once again part of the TSA. Recently, FAMS has been criticized by some current and former air
marshals for procedures—such as dress codes and check-in procedures—that, they assert,
compromise the covert mission of FAMS and place marshals and the traveling public at risk.
Despite the administration’s initial reservations over allowing airline pilots to be armed, airline
pilots may receive training allowing them to serve as armed Federal Flight Deck Officers
(FFDOs) under provisions set forth in the Homeland Security Act of 2002 (P.L. 107-296). Vision
100 (P.L. 108-176) expanded the program to include all-cargo pilots and other flight crew
members such as flight engineers. Congress has maintained funding levels for both the Federal
Flight Deck Officer (FFDO) program and cabin crew self-defense training at about $25 million
annually. While the program has quietly added many armed pilots as an added layer to protect

against hijackings, there are lingering concerns that the procedures to apply for the FFDO
program are too cumbersome and the training site is too remote to accommodate many pilots
interested in participating in the program. Some participants and observers have also voiced
concerns that restrictive policies over carrying guns outside the cockpit potentially limit the
program’s effectiveness.
ATSA also mandated the implementation of hardened cockpit doors and stringent controls
regarding access to the flight deck. The Terrorism Prevention Act contains a provision to study
the use of secondary flight deck barriers—a concept United Airlines had been moving forward
with on its own initiative—to mitigate the vulnerability introduced when a hardened cockpit door
is opened in flight for meal service or when a pilot needs to access the aircraft lavatory. H.R.
3925 seeks to require the installation of secondary flight deck barriers for both air carrier aircraft
that are equipped with hardened cockpit doors and also for air carrier aircraft without a hardened
cockpit door, which includes many large cargo aircraft that are exempt from the requirements to
install such doors.
Options for improving aircraft survivability from possible bombings have also been raised in
public policy debate regarding airline security. P.L. 110-53 (section 1610) includes a provision
directing the DHS to expedite research and development of technologies to mitigate the
introduction of an explosive device on a passenger airplane or reduce the damage such a device
could cause on the ground or in flight. The provision calls for pilot projects to test such
technologies and also explore the use of deployable flight recorder devices and remote flight data-
recording capabilities for security purposes. Along similar lines, the FAA has issued proposed
rulemaking for security considerations in the design of large jet airliners, including improving
systems survivability, cockpit and cabin fire suppression, improving flight deck barriers, and
creating areas onboard where explosives discovered during flight can be contained to mitigate ³
damage caused by a detonation.
Concerns have also been raised over the potential threat to civil aircraft posed by shoulder-fired
missiles (also known as Man-Portable Air Defense Systems, or MANPADS). Appropriations
language in FY2003 directed the DHS to establish a program evaluating the feasibility of
adopting military aircraft anti-missile systems for use on passenger jets. This program is still
ongoing. Two contract teams, led by Northrop-Grumman and BAE Systems, are developing
prototype anti-missile systems. Language in the Terrorism Prevention Act calls for the FAA to
implement an expedited process to certify the safety of aircraft-based counter-MANPADS
systems and also includes language directing the administration to urgently pursue international
arms-control agreements to limit the proliferation of MANPADS. FY2007 DHS appropriations
(P.L. 109-295) provided $40 million for counter-MANPADS research and development. Of this,
$35 million is designated for evaluating the suitability of aircraft-based systems in the airline
industry. This appropriation is down from the FY2006 level of $110 million, reflecting a shift
from a technology development effort to a technology evaluation phase during FY2007. In
addition to the funding of aircraft-based counter-MANPADS systems, a smaller amount of
funding has been allocated for research on ground-based protection systems. In April 2006, the
DHS issued a solicitation seeking alternative counter-MANPADS technologies for a

³^Fe^de^r^a^{l A}^v^ia^{tion A}^d^mⁱ^nis^t^r^a^tion,^“^S^e^c^u^r^ity^R^e^la^te^{d C}^ons^ide^r^a^tio^ns^{in t}^h^e^D^e^sⁱ^gⁿ^a^{nd O}^p^e^r^a^tio^{n of}^T^r^aⁿ^s^por^t
^C^a^te^g^o^r^y^Aⁱ^r^p^la^ne^s^;^P^r^op^os^e^d^R^u^le^,”^Fe^de^r^a^{l Re}^gis^t^e^r^,⁷²⁽³⁾^,^pp^{. 6}^29-⁶³^{9, J}^aⁿ^u^a^r^y^{5, 200}^7.

demonstration project and recently awarded contracts for research and development efforts that
will assess ground-based MANPADS countermeasures and other alternative mitigation options, in
addition to the ongoing aircraft-based counter-MANPADS system development and evaluation
initiatives. It is expected that operational testing of aircraft based counter-MANPADS systems
will conclude in FY2008, and the TSA will provide an evaluation of the performance of these
systems. While there is still some interest in funding alternative counter-MANPADS options,
including ground-based systems, funding for research and development activities related to these
technologies has so far been comparatively limited.
While some policymakers have expressed concern that security measures for general aviation
aircraft are, in their estimation, weak and practically non-existent, general aviation operators have
countered that they have been overburdened by unnecessary airspace and airport restrictions.
General aviation restrictions are most prevalent in the Washington, DC area, where the city is
encircled by a 15-mile radius flight restricted zone (FRZ) in which general aviation operations are
significantly limited, and a larger air defense identification zone (ADIZ) where pilots must
strictly adhere to special air traffic control procedures. In August 2005, the DHS implemented a
security plan permitting certain general aviation flights—mostly large charter and corporate
operations—to resume at Washington Reagan National Airport (DCA) which is located at the
center of the flight restricted area.
At various times, flight restrictions have also been put in place over New York City, Chicago, and
elsewhere. General aviation pilots have been restricted from flying over Disney theme parks and
over stadiums during major sporting events, leading some general aviation advocates to question
whether special interests were using the umbrella of security concerns to curtail unwanted
advertising overflights. General aviation advocates also point to a large number of restricted
airspace violations—more than 1,000 per year since the terrorist attacks of 2001—as evidence
that security-related restrictions are overly complex and too broad in scope. Almost one-half of
these violations occurred in the airspace around Washington, DC, where complex
communications procedures have been put in place over a wide area. The FAA reduced the size of
the Washington ADIZ to a 30-mile ring in August 2007, but imposed speed restrictions within
that ring, as well as inside a larger 60-mile ring below 18,000 feet. Most small general aviation
aircraft are not affected by this new speed restriction, which exceeds the capability of most small,
light piston-powered aircraft, and is largely designed to aid in early detection of fast-moving
aircraft that may pose a threat to critical sites in the Washington, DC, area.
Also, about one-quarter of airspace violations have occurred in airspace temporarily restricted
around sites during presidential visits. The scope of restricted airspace around sites visited by the
President has been of particular concern to general aviation operators because the size of these
areas has grown significantly, identifying the boundaries of these temporary restrictions is often
difficult for pilots, and systems for disseminating information regarding the location and effective
times of restrictions are imperfect.
Securing general aviation operations continues to be a significant challenge because of the
diversity of operations, aircraft, and airports. Measures put in place thus far, such as the Airport
Watch program and TSA’s general aviation security guidelines, rely heavily on the vigilance of
the pilot community to detect and report suspicious activity. In the area of flight training, flight
training providers are engaged in verifying citizenship or confirming that background checks
have been properly completed by the TSA before providing training to foreign nationals, as

mandated under P.L. 109-176. A provision in the Terrorism Prevention Act would allow aircraft
leasing and charter companies to voluntarily provide the TSA with names of prospective
customers for prescreening against the consolidated terrorist watchlist. Also, the FY2006 DHS
appropriations act (P.L. 109-90) requires the DHS to assess security vulnerabilities from general
aviation aircraft and identify steps that can be taken to enhance the security of general aviation
aircraft and airports. A provision in P.L. 110-53 requires the TSA to develop and implement a
standardized risk assessment program at GA airports and implement it on a risk-managed basis
Provisions in the bill also call for establishing a grant program to enhance security at GA airports,
if such a program is deemed feasible, and requires inbound international flights using GA aircraft
to submit passenger information and advance flight notification to CBP prior to entering U.S.
airspace for vetting against appropriate databases. (CRS contact: Bart Elias)

Bombings of passenger train in Europe and Asia in the past few years illustrate the vulnerability
of passenger rail systems to terrorist attacks. Passenger rail systems—primarily subway
systems—in the United States carry about five times as many passengers each day as do airlines,
over many thousands of miles of track, serving stations that are designed primarily for easy
access. The increased security efforts around air travel have led to concerns that terrorists may
turn their attention to ‘softer’ targets, such as transit or passenger rail. A key challenge Congress
faces is balancing the desire for increased rail passenger security with the efficient functioning of
transit systems, with the potential costs of an attack, and with other federal priorities.
The volume of ridership and number of access points make it impractical to subject all rail
passengers to the type of screening all airline passengers undergo. Consequently, transit security
measures tend to emphasize managing the consequences of an attack. Nevertheless, there are
steps that can be taken to reduce the risks, as well as the consequences, of an attack. These
include conducting vulnerability assessments; emergency planning; and emergency response
training and drilling of transit personnel, ideally in coordination with police, fire, and emergency
medical personnel. Additional options include increasing the number of transit security personnel,
installing video surveillance equipment in vehicles and stations, and conducting random
inspections of passengers’ bags, platforms, and trains visually and with the aid of bomb-sniffing
dogs.
The challenges of securing rail passengers are dwarfed by the challenge of securing bus
passengers. There are some 76,000 buses carrying 19 million passengers each weekday in the
United States. Some transit systems have installed video cameras on their buses, and Congress
has provided grants for security improvements to intercity buses. But the number and operation
characteristics of transit buses make them all but impossible to secure.
DHS announced that a transportation sector-specific plan (along with the other sector plans) and
transportation mode-specific annexes, identifying critical assets, evaluating the risk to them, and
developing measures to protect them, were completed on May 21, 2007. GAO noted that “these
plans are only a first step ... [they] are not required to address how the sector is actually assessing ⁴
risk and protecting its most critical assets.”

⁴^G^o^v^e^rn^m^e^nt^A^c^c^ounta^b^ility^O^f^fⁱ^c^e^,^Critic^{al Infr}^astruc^ture^{: C}^hal^le^nge^s^Re^maiⁿⁱⁿ^Prote^c^tⁱ^{ng Ke}^y^Se^c^t^ors^,^GA^O-0⁷^-
^626T^{, Ma}^r^c^h²⁰^,²⁰^07,^p.^5.

The Department of Homeland Security provides grants for transit, passenger rail, and freight rail
security under the Urbanized Areas Security Initiative program. Congress provided $150 million
for these grants for FY2005 and again for FY2006, and $275 million for FY2007; for FY2008,
Congress provided $400 million, plus $11.5 million for Over-the-Road Bus security grants and
$16 million for trucking industry security grants.
The Implementing Recommendations of the 9/11 Commission Act of 2007 (P.L. 110-53), passed
by Congress on July 27, 2007, includes provisions on passenger rail and transit security. These
include authorizing $3.5 billion over the period FY2008-FY2011 for grants for public
transportation security, of which $840 million can be used for security-related operating expenses
and $100 million for research and development (sections 1406 and 1409); $2 billion for grants for
railroad security (section 1513), of which $200 million is for safety improvements to rail tunnels
in New York, Baltimore, and Washington, DC (section 1515); and $132 million is for research
and development (section 1518), and $95 million for grants for over-the-road bus security
(sections 1532 and 1535). Public transportation agencies and railroads considered to be high-risk
targets by DHS would be required to have security plans approved by DHS (sections 1405 and

1512).

Other provisions include funding for TSA to hire up to 100 more surface transportation security
inspectors (section 1304); currently TSA has 100 such inspectors, requiring DHS to conduct a
name-based security background check and an immigration status check on all public
transportation and railroad frontline employees (sections 1414 and 1522), and giving DHS the
authority to regulate rail and transit employee security training standards (sections 1408 and

1517). (CRS contact: David Randall Peterman)

A leading issue with regard to securing truck, rail, and waterborne cargo is to what extent
government authorities need the capability to track a given shipment at a particular time. Much of
the attention with regard to cargo visibility concerns the tracking of marine shipping containers.
Marine containers are not currently outfitted with tracking devices, but it is common practice to
seal container doors with tamper-evident fixtures. Security officials are concerned that a
particularly vulnerable stage in the container shipping process occurs when containers are trucked
to the overseas port of loading or when they are trucked from the U.S. port of unloading to their
final U.S. destination. At this stage, the integrity of the shipment rests solely with the
trustworthiness or due diligence of the truck driver. A sensor or tracking device could help ensure
the integrity of container shipments during these vulnerable stages. Since the September 11, 2001
attack, there has been rapid development of palm-sized tracking devices and sensors that could be
inserted on an interior wall of a container. However, while this so-called “smart-box” technology
is being tested in selected routes, it has not been resolved whether and how best to deploy it on a
widespread basis. In the near term, shippers and carriers favor using the best container seals
currently in use rather than moving to the more costly sensor and tracking devices. Congress is
likely to continue its oversight of the technological development of container security devices and
debate whether these devices can be effectively deployed to improve cargo security.

Of particular concern is ensuring the integrity of imported cargo. More than 11 million marine
containers from all corners of the globe arrive at U.S. seaports annually, while 11 million
truckloads and more than 2 million railcars arrive at U.S. land border crossings. Since the
September 11, 2001 attack, Customs and Border Protection (CBP) has issued new requirements
requiring freight carriers to report cargo manifests (shipment information) before they reach U.S.
borders. Container ships must report shipment details on each container 24 hours before it is
loaded at a foreign port. Truckers from Canada and Mexico must report their trailers’ contents
from 30 minutes to an hour prior to border arrival and railroads must report this information two
hours prior to border arrival. CBP analyzes the cargo manifests and other intelligence to select
which cargo units to physically inspect. CBP’s selection process is thus critical in keeping
terrorists and their weapons from being smuggled into the country.
In its oversight role, Congress is scrutinizing CBP’s cargo inspection process. In the Port Security
Improvement Act (P.L. 109-347), Congress required DHS to evaluate whether additional cargo
information is needed to evaluate shipment risk and required DHS to reexamine its targeting ⁵
system to determine where improvements to the system could be made. Congress also required
DHS to set up a pilot program at three overseas ports to test the feasibility of scanning all U.S.-
bound containers at those ports, a program DHS refers to as “The Secure Freight Initiative.” The
Implementing Recommendations of the 9/11 Commission Act of 2007 (P.L. 110-53, section
1701), requires that all imported containers be scanned by nonintrusive imaging equipment and
radiation detection equipment at a foreign loading port by July 1, 2012, but the Secretary of DHS
may extend the deadline at a port or ports by two-year increments if two of the following six
conditions are met:
• scanning systems are not available for purchase and installation;
• scanning systems do not have a sufficiently low false alarm rate for use in the
supply chain;
• a port does not have the physical characteristics to install a scanning system;
• scanning systems cannot be integrated with existing systems;
• scanning systems will significantly affect trade capacity and the flow of cargo;
and
• scanning systems do not adequately provide an automated notification of
questionable or high-risk cargo as a trigger for further inspection by trained
personnel.
Proponents of 100% scanning argue that the manifest information CBP relies on to flag which
containers to scan is simply not an adequate basis for determining risk and thus requiring all
containers to be scanned is necessary. Container shippers and carriers have argued that 100%
scanning will severely bottleneck port operations, not only because of the time required to scan a
container but more significantly, the time required for a customs official to analyze the results of a
container scan. Opponents of 100% scanning also assert that current scanning equipment is not
accurate enough and could be relatively easily circumvented by terrorists.

⁵^{DHS ha}^{s pr}^op^ose^d^t^h^a^t^aⁿ^a^d^diti^ona^l¹²^da^ta^ite^m^s^be^s^ubm^itte^{d b}^y^m^a^riti^m^eⁱ^m^porte^{rs a}^{nd v}^e^sse^{l c}^a^rrie^r^{s, se}^e^{73 FR}
^90.

Because most surface and marine freight transportation assets are owned by private industry, and
because there are too many shipments for government to monitor on its own, government
officials have to rely extensively on private industry to tighten control over their supply chains.
Industry has taken steps to protect their operations from terrorist infiltration. The Association of
American Railroads has conducted a security risk assessment that prioritizes the industry’s assets
and lists countermeasures to be taken at different alert levels. Railroads have also created a
“Railway Alert Network” that is designed to make sure individual railroads receive timely threat
information. Barge operators have created a “Model Vessel Security Plan” through their industry
association, the American Waterways Operators. The American Trucking Associations has
expanded a “Highway Watch” program to include training for drivers on how to spot suspicious
activity. Intermodal (container) shippers have created a “Smart and Secure Trade Lanes” program
to evaluate anti-tampering and tracking devices for marine containers. An issue for policymakers
is determining the best approach for ensuring private industry’s cooperation and due diligence
over the long term. For example, policymakers are evaluating which security measures should be
mandated versus which ones should be issued as guidelines or “best practices.” How to validate
that the agreed upon security measures are in fact being carried out by industry is also an issue.
With regard to CBP’s Customs Trade Partnership Against Terrorism Program, Congress requested
DHS to conduct a pilot program to test whether third party entities could be used to validate ⁶
shippers’ compliance with the program.
Freight carriers and shippers are private, for-profit corporations, which raises the issue of whether
they or general taxpayers should pay for security improvements. Advocates for public funding
argue that homeland security is a national concern and therefore a federal government
responsibility that should be paid for from the general Treasury. Others argue that carriers and
shippers are the direct beneficiaries of improved cargo security. They argue that it is in their own
economic interest to protect their assets from terrorist attack, that additional security measures
also deter cargo theft which is costly to the freight industry, and that therefore they should bear
the cost of security improvements. Several legislative efforts to establish a security fee paid by
industry to generate funds for a federal port security grant program have failed in Congress.
Meanwhile, some ports and freight carriers are beginning to add security surcharges to their
freight invoices while other carriers are presumably incorporating extra security-related costs in
their freight rates. The Implementing Recommendations of the 9/11 Commission Act of 2007
(P.L. 110-53, section 1308) requires DHS to conduct a study of the need for and feasibility of
creating a user fee in the maritime and surface modes for funding transportation security
improvements.
On January 25, 2007, the TSA and Coast Guard issued a final rule for implementing the ⁷
Transportation Worker Identification Credential (TWIC) at U.S. ports. Longshoremen, port truck

⁶^Se^e^s^e^c^{tion 2}¹⁸^of^P^.^L^.¹^09-³⁴^7.
⁷^Fe^de^{ral Re}^gⁱ^ste^r^{, v}^.⁷²^,^no.¹⁶^{, J}^a^nua^r^y^{25, 2}⁰⁰⁷^,^pp.³⁴⁹²^-³⁶^04.

drivers, merchant mariners, and other maritime workers must apply for a TWIC card to obtain
unescorted access to port facilities or vessels. The card uses biometric technology for positive
identification and TSA conducts a security threat assessment on each worker before issuing a
card. The security threat assessment uses the same procedures and standards established by TSA
for truck drivers carrying hazardous materials. These standards examine criminal history,
immigration status, mental capacity, and terrorist activity to determine whether a worker poses a
security threat. A worker pays a fee of about $137 that is intended to cover the cost of
administering the cards. Port facility operators will be responsible for deploying card readers at
the gates to their facilities. TSA is considering whether to incorporate the TWIC system into all
modes of transportation. As TWIC is being implemented, issues for Congress include what affect
it could have on the near-term supply of port workers.
The Implementing Recommendations of the 9/11 Commission Act of 2007 (P.L. 110-53, section
1309) codifies in statute a list of criminal offenses that would disqualify a worker from obtaining
a TWIC card, but allows the Secretary of DHS, by rulemaking, to add to or modify the list of
disqualifying offenses. These offenses were included in the final regulation issued by DHS on
January 25, 2007. (CRS contact: John Frittelli)

Hundreds of thousands of trucks and railroad tank cars transport tons of hazardous materials
(hazmat) daily. These shipments can be used as instruments or targets of terror. There is a
virtually unlimited number of ways that the hazmat transportation system is at risk from terrorists.
For example, tank trucks can be attacked, drivers can be killed, and loads can be hijacked and
released during shipment. Simply put, there are too many points of vulnerability to ensure
security during hazmat transportation. A major challenge is to cost effectively increase the
security of these shipments, especially those that pose the most danger to the public, while still
meeting, to the extent possible, the transportation requirements of commerce.
Industry and government are gradually implementing a “layered” system of measures affecting
shippers, carriers, and drivers to reduce associated security risks. This system involves incident
prevention, preparedness, and response. The Departments of Transportation (DOT) and
Homeland Security (DHS) have taken actions to enhance the security of hazmat transportation.
For example, DOT requires shippers and carriers to implement security plans regarding specified
hazmat transportation. DOT grants encourage state and some local governmental personnel to
conduct hazmat inspections and to plan and train for spills of these materials. Also, this
Department has contacted thousands of companies that are seeking to improve their security
programs, and has established communication links with industry.
DHS conveys threat information to law enforcement and industry, and conducts vulnerability
assessments. DHS administers a grant that provides for the training and communications
infrastructure which truck drivers, highway workers, and others use to report potential security
threats and safety concerns on the Nation’s roads. DHS screens commercial drivers applying for
an endorsement to carry hazardous materials to determine whether a driver poses a security threat
necessitating denial of the hazmat endorsement. DHS has also deployed radiation detection
equipment at interstate truck inspection stations. Whether the pace of these actions is adequate or
not is subject to debate. It is widely recognized that more could be done to promote hazmat
transportation security, but additional costs would be incurred and tradeoffs would need to be
considered.

There remain many issues associated with hazmat transportation security. Many Members of
Congress want to know whether current federal policies, regulations, and grants could more
effectively promote hazmat transportation security at reasonable costs. There are issues regarding
routing of hazmat through urban centers and debate persists over the pros and cons of rerouting
high hazard shipments. Requiring tracking devices for hazmat shipments and limiting security
requirements to just those hazardous commodities that are potentially the most dangerous are also
topics of debate. Other options include increased security awareness training for state truck
inspectors and certain employees of truck leasing companies, and requiring enhanced security
plans and communication systems for carriers of high hazard materials shipments beyond those
now required. Each of these options poses costs that need to be evaluated within the context of
other investments.
The Implementing Recommendations of the 9/11 Commission Act of 2007 (P.L. 110-53) requires
DHS, in consultation with the DOT, to develop a program to encourage railroads to equip their
railcars carrying “security-sensitive” materials with tracking devices indicating their location and
condition (see section 1552). The act requires railroads to annually compile data on certain
hazardous materials shipments, provide a written analysis of the safety and security risks
associated with those shipments, and identify any practical alternative routes that may be more
safe and secure, including routes that involve interchange agreements with other railroads (see
section 1551). Regarding the trucking of hazardous materials (hazmat), the act requires DOT, in
consultation with DHS, to review existing hazmat routes and develop criteria based on safety and
security concerns to assist states in designating routes for hazmat transportation (see section
1553(a)). The act requires DOT to assess whether route plans currently required for trucks
carrying radioactive or explosive materials should also be required for trucks carrying other types
of hazmat (see section 1553(b)). The act requires DHS, in consultation with DOT, to develop a
program to facilitate the tracking of “security-sensitive” material shipments (see section 1554).
(CRS contact: John Frittelli)
^Davⁱ^d^Raⁿ^d^{all P}^e^ter^m^an ^J^o^hⁿ^Fr^ittelli
^An^al^y^s^{t i}ⁿ^T^r^an^sp^o^r^tatioⁿ^P^o^lic^y^Sp^{ecialist i}ⁿ^T^r^an^sp^o^r^tatioⁿ^Po^lic^y
^dpet^e^rm^aⁿ^@^c^r^s^.l^oc.g^ov^{, 7-}³²⁶⁷^j^f^r^ittelli@cr^s.lo^c.g^o^v^{, 7-}⁷⁰³³
^B^a^r^t^Elias
^Sp^{ecialist i}ⁿ^A^v^iatioⁿ^P^o^lic^y
^belⁱ^a^s^@^crs^.^l^o^c.g^o^v^,^7-⁷⁷⁷¹