[Senate Hearing 110-1185]
[From the U.S. Government Publishing Office]



                                                       S. Hrg. 110-1185

                   THE SECURITY OF OUR NATION'S PORTS

=======================================================================

                                HEARING

                               before the

                         COMMITTEE ON COMMERCE,
                      SCIENCE, AND TRANSPORTATION
                          UNITED STATES SENATE

                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                               __________

                            OCTOBER 4, 2007

                               __________

    Printed for the use of the Committee on Commerce, Science, and 
                             Transportation




[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]










                  U.S. GOVERNMENT PRINTING OFFICE

77-233 PDF                WASHINGTON : 2012
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC 
area (202) 512-1800 Fax: (202) 512-2104  Mail: Stop IDCC, Washington, DC 
20402-0001







       SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION

                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                   DANIEL K. INOUYE, Hawaii, Chairman
JOHN D. ROCKEFELLER IV, West         TED STEVENS, Alaska, Vice Chairman
    Virginia                         JOHN McCAIN, Arizona
JOHN F. KERRY, Massachusetts         TRENT LOTT, Mississippi
BYRON L. DORGAN, North Dakota        KAY BAILEY HUTCHISON, Texas
BARBARA BOXER, California            OLYMPIA J. SNOWE, Maine
BILL NELSON, Florida                 GORDON H. SMITH, Oregon
MARIA CANTWELL, Washington           JOHN ENSIGN, Nevada
FRANK R. LAUTENBERG, New Jersey      JOHN E. SUNUNU, New Hampshire
MARK PRYOR, Arkansas                 JIM DeMINT, South Carolina
THOMAS R. CARPER, Delaware           DAVID VITTER, Louisiana
CLAIRE McCASKILL, Missouri           JOHN THUNE, South Dakota
AMY KLOBUCHAR, Minnesota
   Margaret L. Cummisky, Democratic Staff Director and Chief Counsel
Lila Harper Helms, Democratic Deputy Staff Director and Policy Director
   Christine D. Kurth, Republican Staff Director and General Counsel
                  Paul Nagle, Republican Chief Counsel


















                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on October 4, 2007..................................     1
Statement of Senator Cantwell....................................     3
Statement of Senator Carper......................................    68
Statement of Senator Lautenberg..................................     1
Statement of Senator Smith.......................................     4
Statement of Senator Snowe.......................................    71
Statement of Senator Stevens.....................................     2
    Prepared statement...........................................     3

                               Witnesses

Caldwell, Stephen L., Director, Homeland Security and Justice 
  Issues, U.S. Government Accountability Office..................    26
    Prepared statement...........................................    28
Coscia, Anthony, Chairman, Board of Commissioners, The Port 
  Authority of New York and New Jersey...........................    51
    Prepared statement...........................................    53
Fanguy, Maurine Shields, Program Director, Transportation 
  Security Administration, Department of Homeland Security.......    15
    Prepared statement...........................................    16
Pekoske, Rear Admiral David P., Assistant Commandant for 
  Operations, U.S. Coast Guard, Department of Homeland Security..     5
    Prepared statement...........................................     6
Winkowski, Hon. Thomas S., Assistant Commissioner, Office of 
  Field Operations, U.S. Customs and Border Protection...........    19
    Prepared statement...........................................    21

                                Appendix

Koch, Christopher, President and CEO, World Shipping Council, 
  prepared statement.............................................    80
Letter, dated October 3, 2007 from Josh Green, Chief Executive 
  Officer and James Psota, Chief Technology Officer of Panjiva to 
  the Senate Committee on Commerce, Science, and Transportation..    90
Oxford, Vayl S., Director, Domestic Nuclear Detection Office, 
  Department of Homeland Security, prepared statement............    77
Response to written questions submitted by Hon. Maria Cantwell 
  to:
    Maurine Shields Fanguy.......................................   101
    Rear Admiral David P. Pekoske................................    93
    Hon. Thomas S. Winkowski.....................................   107
Response to written questions submitted by Hon. Daniel K. Inouye 
  to:
    Stephen L. Caldwell..........................................   115
    Anthony Coscia...............................................   118
    Maurine Shields Fanguy.......................................    99
    Rear Admiral David P. Pekoske................................    92
    Hon. Thomas S. Winkowski.....................................   103
Response to written question submitted by Hon. Frank R. 
  Lautenberg to:
    Anthony Coscia...............................................   118
    Maurine Shields Fanguy.......................................   101
    Rear Admiral David P. Pekoske................................    98
    Hon. Thomas S. Winkowski.....................................   108

 
                   THE SECURITY OF OUR NATION'S PORTS

                              ----------                              


                       THURSDAY, OCTOBER 4, 2007

                                       U.S. Senate,
        Committee on Commerce, Science, and Transportation,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 10:05 a.m., in 
room SR-253, Russell Senate Office Building, Hon. Frank R. 
Lautenberg, presiding.

        OPENING STATEMENT OF HON. FRANK R. LAUTENBERG, 
                  U.S. SENATOR FROM NEW JERSEY

    Senator Lautenberg. Good morning. Oh, the junior member of 
the twosome here is a little late arriving. I just got up and 
something reminded me that being on time is critical. I can't 
blame it on traffic because it would only have been foot 
traffic. But we welcome all of you here. Thank you very much 
for being here.
    Today's hearing is going to be on the security of our ports 
and their impact on the safety of our country. Our ports serve 
as a doorway to America. The New Jersey/New York port is the 
second biggest container port in the country and it lies along 
a two-mile stretch. It has been identified by the FBI as the 
two most dangerous miles in the country for a terrorist attack. 
It's the area between Newark Liberty Airport and the Port of 
New York and New Jersey. Thousands of people work there and 12 
million others, residents and commuters, are present in the 
nearby communities, 12 million people.
    So I'm particularly pleased to have the person who oversees 
this port, Chairman Tony Coscia, someone I know very well while 
I was a member of the Port Authority Board, for several years. 
That experience helped guide me into the portfolio that I focus 
so actively on; that is, transportation.
    One year ago, Congress passed a comprehensive port security 
bill and the GAO recently declared that maritime security is 
one of the few areas where the Department of Homeland Security 
has improved. For instance, Port Security Grants are awarded 
almost exclusively on risk and I've worked hard to get all of 
our security grants based on risk. And after years of under-
funding, the Port Security Grant Program is starting to get the 
money that it needs, $320 million in Fiscal Year 2007 and we're 
working to get even more necessary funding in 2008, even though 
the Department of Homeland Security appropriations bill is 
operating under a veto threat.
    But even with this progress, there are still holes that 
riddle our port security network. We held our last hearing on 
the Transportation Worker Identification Credential (TWIC) 
Program six months ago and it's almost incomprehensible to 
report that the program and worker security is stuck in 
neutral. Six years after 9/11 and nearly $100 million later, 
only 1,700 workers have working TWIC cards and that's with more 
than a million and a half people working in the port areas. 
That cost, by the way, is nearly $60,000 a card and we still 
don't even have a deployment schedule for when the rest of the 
cards will get into workers' hands.
    Also, the SAFE Port Act calls for a system to scan every 
U.S.-bound shipping container for deadly weapons before they 
arrive on our shores. These containers, obviously, can carry 
anything imaginable--nuclear, radiological, chemical or 
biological weapons. Today, they have a 95 percent chance of not 
being physically inspected and that's why we need to be 
scanning these containers.
    Now, I'm anxious to hear what progress the Bush 
Administration has made toward achieving 100 percent scanning 
of the containers. Until we get there, the U.S. Customs and 
Border Protection's automated targeting system is our front 
line against cargo security risks. If the data we use to target 
shipments is not reliable, robust or valid, the system fails 
and the risk for the American people increases. I want to know 
when Customs will upgrade this system to track suspicious 
shipments with more accuracy by requiring additional data on 
each shipment.
    Finally, securing our seaports will take greater investment 
to prevent a tragedy potentially even larger than the deadly 
and devastating attack that took place on 9/11. The Port of New 
York and New Jersey has suggested that Congress collect a 
security fee on each container entering the United States to 
provide this greater funding. So I look forward to hearing from 
today's witnesses on their suggestions as well as their views 
on our overall port security and now I would call on Senator 
Stevens for his statement.

                STATEMENT OF HON. TED STEVENS, 
                    U.S. SENATOR FROM ALASKA

    Senator Stevens. Thank you, Mr. Chairman. I'll be brief. 
It's almost a month ago that we marked the sixth year since 9/
11, and we continue to face monumental challenges in securing 
our ports and the territorial waters and the total 
transportation system. Maritime commerce is the lifeblood of 
international trade and we are the world's leading maritime 
trading nation. And Mr. Chairman, let me put my whole statement 
in the record, if I may.
    I'll just briefly summarize it. As far as I'm concerned, we 
live in an area that is totally dependent upon this industry 
and there's no question that at our port, about 90 percent of 
the goods that we depend on come in through the Port of 
Anchorage. And now we have a dream that we'll be able to extend 
the Alaska Railroad up to the Canadian border and tie into the 
Canadian National Railway System and be able to bring the 
products of the Pacific to the people in northwestern Canada.
    I do believe that the whole concept of security is the 
important concept we have to work on. I think we should 
continue to improve our security plans, our interagency 
cooperation, the methods of implementing the Transportation 
Workers Identification Credential system and the other 
innovative technologies that will provide us greater security 
for our ports. So I look forward to hearing your statements 
today and Mr. Chairman, I thank you very much for the privilege 
of making my comments.
    [The prepared statement of Senator Stevens follows:]

    Prepared Statement of Hon. Ted Stevens, U.S. Senator from Alaska
    Almost 1 month ago we marked 6 years since 9/11 and as a Nation we 
continue to face the monumental challenges in securing our ports, 
territorial waters and transportation systems.
    Maritime commerce is the lifeblood of international trade, and the 
United States is the world's leading maritime trading nation. The U.S. 
maritime transportation system contributes more than $740 billion to 
our gross domestic product and employs more than 13 million citizens.
    Alaskans have long since realized our economy is dependent on our 
seaports. Ninety percent of Alaska's consumer goods travel through the 
port of Anchorage. Additionally thousands of ships transit Alaska's 
waters to and from Asia along the great circle route. It is essential 
that we have the ability to track these ships.
    We must remain steadfast in our resolve to protect the Nation's 
seaports and supply chains. I recognize the progress made by the U.S. 
Coast Guard, Customs and Border Protection, and the Transportation 
Security Administration over the last several years.
    But we have much more work to do. We must continue to focus on 
honing our security plans, improving interagency cooperation, 
implementing the Transportation Workers Identification Card system, and 
using the most innovative technologies to secure our supply chains.
    I welcome our witnesses, and look forward to hearing from them on 
how we can continue to strengthen our maritime security systems.

    Senator Lautenberg. Thank you, Senator Stevens. Keeping 
with party to party, I call on Senator Cantwell.

               STATEMENT OF HON. MARIA CANTWELL, 
                  U.S. SENATOR FROM WASHINGTON

    Senator Cantwell. Thank you, Mr. Chairman and thank you for 
holding this important hearing. Our Nation's ports are an 
integral part of the fabric of our Nation's economy and 
certainly now, improvement in its security is of utmost 
importance. The U.S. ports handle more than 95 percent of our 
national overseas trade and the total volume of goods shipped 
from the U.S. is expected to double over the next 20 years. So 
ensuring security and safety of our ports, as I said, is of 
utmost importance.
    We know this well in Washington State because Puget Sound 
is one of the most busy and complex waterways in the world. The 
ports of Seattle and Tacoma are the Nation's third largest port 
center and move more than 11,000 cargo containers daily. Cruise 
ship traffic has increased tenfold in 8 years, from five vessel 
calls in 1990 to 200 vessel calls last year and oil tankers and 
tank barges made more than 4,000 trips across Puget Sound last 
year and our ferry system covers more than 25 million 
passengers each year. That's more than the Amtrak system. So 
let's just say we have a very busy waterway in the Northwest. 
We're also home to a lot of other smaller ports but very 
important ports in Washington State that carry everything from 
our agriculture products to various markets in Asia overseas 
and we certainly have quite a few pleasure boats traffic coming 
between U.S. and Canadian waters that also demand Custom's 
import inspection.
    All of these activities make the security of our waterway 
system one of our most complex challenges and we depend on the 
Coast Guard and Border Protection to make sure that security is 
implemented. Our laws, such as the Marine Transportation 
Security Act and SAFE Port Act have established a strong 
framework for improving our national port security but these 
important programs and their implementation are challenging us, 
I believe, to look further beyond--to get that system 
deployment done and done effectively, but also to look beyond 
our U.S. shores to make sure that the implementation of these 
overseas inspections are also happening. I firmly believe that 
waiting until cargo gets to the United States is a little late 
and making sure that we actually have the resources, so Admiral 
Pekoske, I plan on asking you about whether we have sufficient 
funds to do those international inspections that are so 
important for our port security.
    Since 9/11, the Coast Guard's maritime and security mission 
has grown significantly, making sure that we have the resources 
to carry out that and also making sure that the acquisition of 
those resources are done in an effective manner that doesn't 
delay but delivers and is done cost effectively for the 
taxpayers is something that we are going to continue to 
explore. So I look forward to hearing the testimony, Mr. 
Chairman and again, thank you for this important hearing.
    Senator Lautenberg. Thank you, Senator Cantwell. Senator 
Smith?

              STATEMENT OF HON. GORDON H. SMITH, 
                    U.S. SENATOR FROM OREGON

    Senator Smith. Thank you, Mr. Chairman. I thank you for 
this hearing and I thank our witnesses. I'm anxious to hear 
them because like Senator Cantwell, trade is absolutely central 
to my state's economy and our ports are connections to other 
markets around the world. The secure and efficient movement of 
goods is absolutely critical to maintaining a vibrant economy 
in my state and in the Northwest and around the country. So as 
we approach the 1-year anniversary of the enactment of the SAFE 
Port Act, I'm anxious to learn how we can make it even better. 
Thank you.
    Senator Lautenberg. Thanks very much, Senator Smith. And 
now, in the order of the seating, Rear Admiral David Pekoske, 
we welcome you, Admiral, as Assistant Commandant for Operations 
for the Coast Guard and after Rear Admiral Pekoske, we'll hear 
from Ms. Fanguy, the TWIC Program Director for Transportation 
Security Administration and as you can imagine, Ms. Fanguy, 
we'll have a few questions and the Honorable Thomas Winkowski, 
Assistant Commissioner of Field Operations for the United 
States Customs and Border Protection. Mr. Stephen Caldwell, the 
Director for Homeland Security and Justice Issues for GAO and 
finally, a friend and colleague from New Jersey, Mr. Anthony 
Coscia, once again, Chairman of the Board of the Commissioners 
of the--I'll call it the Regional Port Authority because we 
always have a problem about which comes first, whether it's New 
York or New Jersey Port Authority but it's a wonderful agency 
and Mr. Coscia, we're pleased to have you here with us. You all 
have a lot of responsibility overseeing the largest port on the 
East Coast and we appreciate the perspective you provide. Thank 
you all again for being here. We have a 5 minute time limit for 
your presentation and once again, Admiral Pekoske, welcome.

          STATEMENT OF REAR ADMIRAL DAVID P. PEKOSKE,

    ASSISTANT COMMANDANT FOR OPERATIONS, U.S. COAST GUARD, 
                DEPARTMENT OF HOMELAND SECURITY

    Admiral Pekoske. Thank you, Mr. Chairman. Good morning, Mr. 
Chairman and Mr. Vice-Chairman and distinguished Members of the 
Committee. It is a distinct pleasure to appear before you this 
morning to talk about our efforts in implementing the SAFE Port 
Act of 2006.
    We have worked very closely with our partners in 
implementing this Act and many of our partners are represented 
here this morning. I would tell you from the Coast Guard's 
perspective, just in the year that this Act has been in place, 
we have already raised the level of port security in our Nation 
and I feel that increase in port security will continue over 
the next many years as we bring other elements of the Act into 
force.
    Safety and security are two sides of the same coin and I'd 
just like to emphasize the point from a Coast Guard perspective 
that whatever investment we make in security has----
    Senator Lautenberg. Can you bring the mike a little closer, 
Admiral, please?
    Admiral Pekoske.--has a corollary benefit to safety in this 
Nation. So as we raise our security profile, we've also 
improved our safety elements and our ability to respond to 
environmental issues. So safety, security and stewardship are 
key elements of our efforts in the Coast Guard.
    With regard to partnership, I would just like to highlight 
a couple things and basically reinforce some of the comments 
that you have already made this morning. My previous assignment 
was Commander of the First Coast Guard District based in 
Boston, which had oversight from a flag level of the Port of 
New York and New Jersey and the partnerships that we have in 
the Port of New York and New Jersey, like the partnerships we 
have across the Nation are not only very strong but are 
absolutely fundamental to our success. We work very closely 
with Tony Coscia and The Port Authority of New York and New 
Jersey, the New York City Police Department and the States of 
New York and New Jersey, plus our industry partners, to improve 
safety and security in that port.
    Assistant Commissioner Winkowski and I have the privilege 
of jointly chairing inside the Department of Homeland Security, 
a senior guidance team and the purpose of this team is to bring 
together Coast Guard operations and Customs and Border 
Protection operations so that we truly present one face of DHS 
as we interact with the maritime industry. We have worked very 
closely on small vessel security. We just had a National Small 
Vessel Security Summit in June, where we brought together our 
Federal partners, our State and Local partners and our industry 
partners to talk about how it is we would raise security with 
respect to small vessels and where they fit within the entire 
security profile of our country.
    We've also worked very closely on a National Recovery 
Symposium, which is very critical for us in terms of security 
and being able to resume commerce in our ports. When you think 
of the 95 percent of our trade that travels by sea, when there 
is a transportation security incident, we collectively, between 
the Federal Government, the State and Local governments and the 
industry, need to be able to recover those ports as quickly as 
possible.
    We have, from our perspective, have had a very good 
relationship with the Transportation Security Administration in 
implementing TWIC. We appreciate Ms. Fanguy's work in that and 
we just jointly released a press announcement yesterday that 
announced that beginning on the 16th of October, we will begin 
enrollment for TWIC in the Port of Wilmington and then 11 more 
ports over the course of the next month. So that process is now 
ongoing. And we do appreciate the work of the Government 
Accountability Office in looking at our efforts to implement 
this important Act.
    A couple of things I'd like to highlight for you is, we've 
improved already our maritime domain awareness but we have a 
very significant improvement to that coming up on the first of 
January 2008, where we will implement long range tracking, 
which will give the United States visibility of any ships that 
have declared they're entering the United States or they are 
within a 1,000 miles of our coastline. So this will be a 
significant improvement in maritime domain awareness.
    We have also worked very hard at the Interagency Command 
Center issue. We have some very successful Interagency Command 
Centers. But Senator Cantwell, as you mentioned, this is a very 
significant resource challenge for us. We sent a report up to 
the Congress, consistent with the SAFE Port Act requirements 
that detailed a cost of about $260 million to stand up 
integrated command centers in the most important ports in our 
country. That resource challenge is significant for us. We've 
had some very good successes in the Integrated or Joint Command 
Centers that we have throughout the country. We've learned a 
lot about that and once we get the funding for these command 
centers, I'll look forward to being able to provide that all-
hazard, all threat response capability in our ports in this 
country.
    Mr. Chairman, that concludes my opening statement and I 
would be most pleased to answer any questions the Committee 
has. Thank you, sir.
    [The prepared statement of Rear Admiral Pekoske follows:]

    Prepared Statement of Rear Admiral David P. Pekoske, Assistant 
  Commandant for Operations, U.S. Coast Guard, Department of Homeland 
                                Security
    Good morning, Mr. Chairman and distinguished Members of the 
Committee. I am Rear Admiral David Pekoske, Assistant Commandant for 
Operations, U.S. Coast Guard. It is a pleasure to appear before you 
today to discuss the Coast Guard's efforts in implementing the Safety 
and Accountability for Every Port (SAFE Port) Act requirements 1 year 
after its implementation.
    The objective of the SAFE Port Act is ``to improve maritime and 
cargo security through enhanced layered defenses.'' The Coast Guard is 
cited as one of the primary organizations identified with specific 
responsibilities for implementing this overall objective. Several 
components within our organization have been involved in achieving the 
requirements since October 13, 2006 and I will address the SAFE Port 
Act requirements section-by-section.
    We have had many successes to date in meeting the requirements of 
the SAFE Port Act, including requirements involving the inclusion of 
Salvage Response Plans in Area Maritime Transportation Security Plans 
(Section 101); Unannounced Inspections of Maritime Facilities (Section 
103); the Port Security Training Program (Section 113); the Port 
Security Exercise Program (Section 114); and Foreign Port Assessments 
(Section 234).
    We recognize, however, that there is still work to be done. There 
are some timeline requirements in the SAFE Port Act that we have not 
met, including those related to Notice of Arrival for Foreign Vessels 
on the Outer Continental Shelf (Section 109) and Enhanced Crewmember 
Identification (Section 110). We are committed to working closely and 
diligently with our DHS partners to meet these and other requirements 
of the SAFE Port Act.
Section 101 Area Maritime Transportation Security Plan to Include 
        Salvage Response Plan
    Development of Salvage Response Plans within each Area Maritime 
Security Plan (AMSP) has been integrated into the five-year plan update 
cycle established by the Maritime Transportation Security Act (MTSA) of 
2002. The AMSP update will be performed by Federal Maritime Security 
Coordinators in consultation with their respective Area Maritime 
Security Committees and is planned for completion during early summer 
2009.
    A Salvage Response Plan will be a major element of the U.S. Marine 
Transportation System (MTS) recovery section of each AMSP and will 
provide the coordination and procedural foundation to support 
development of unified command incident action plans under the Incident 
Command System (ICS) construct when salvage response becomes necessary 
to facilitate resumption of trade. Authorities, capabilities, and other 
salvage issues are currently being coordinated with government and 
other partners. Consultation with national-level salvage industry 
representatives is continuing with the development of a Memorandum of 
Understanding (MOU) between the Coast Guard and the American Salvage 
Association. The MOU will establish a partnership with the goal of 
strengthening the communication and working relationship between the 
Coast Guard and the marine salvage and fire fighting industries to 
improve vessel and personnel safety; enhance national security 
preparedness and response; promote timely and professional salvage 
response to marine casualties; and enhance the protection of the 
environment along our Nation's waterways.
    Resumption of commerce and recovery of the marine transportation 
system (MTS) following a significant disruption is a significant 
national issue of concern. The Maritime Transportation Security Act 
(MTSA) 2002 required that the National Maritime Transportation Security 
Plan include a plan to restore cargo flow following a National 
Transportation Security Incident (NTSI). The Coast Guard held a 
National Recovery Symposium at the National Maritime Institute of 
Technology and Graduate Studies on August 1 and 2, 2006. The symposium 
was attended by over 150 executive level participants from numerous 
branches of state and Federal Government, as well as the private 
sector.
    The Coast Guard is currently developing a concept of operations and 
specific planning requirements and organizational structures to ensure 
a focus on MTS recovery following a significant disruptive incident. 
MTS recovery guidance will be harmonized with, and support 
implementation of, the Strategy to Enhance International Supply Chain 
Security recently completed by the Department of Homeland Security with 
Coast Guard and interagency input. Implementation guidance will also 
harmonize with MTS recovery principles gleaned from Hurricane Katrina 
lessons-learned that have already been published in the U.S. Coast 
Guard Incident Management Handbook.
    Review of maritime security developments since the implementation 
of MTSA, MTS recovery lessons from Hurricane Katrina, best Area 
Maritime Security practices from the field, and an update of MTSA 
implementation guidance are in progress. Review results to date have 
formed the basis for revising Navigation Vessel Inspection Circular 09-
02 which is used to guide the five-year AMSP update.
    Consistent with the overriding requirement to deter, and when 
necessary, mitigate the effects of Transportation Security Incidents 
(TSIs), the Coast Guard is working to make AMSP coordination and 
procedures ``all-hazard and transportation disruption'' compatible as 
much as practicable. This, in conjunction with oil and hazardous 
materials response coverage provided through Area Contingency Plans 
(ACP), application of Incident Command System (ICS) principles and 
structures per the National Incident Management System (NIMS), is 
intended to support an integrated and coherent preparedness approach 
across all transportation disruptions without requiring additional 
port-level plans.
Section 102 Requirements Relating to Maritime Facility Security Plans
    The Coast Guard recognizes that information on ownership of 
maritime facilities and the companies that operate them is vitally 
important to the management of the security posture and the clear 
delineation of security responsibilities within the port. Currently, in 
33 CFR 104.415(b)(2), 105.415(b)(2), and 106.415(b)(2), the Coast Guard 
requires a security plan audit whenever the owner or operator of a 
vessel, facility or Outer Continental Shelf (OCS) facility changes. 
Should the audit reveal that an amendment to the security plan is 
necessary, the security officer of the vessel, facility or OCS facility 
will submit the amendment to the cognizant Captain of the Port or 
District Commander for approval. Consistent with the requirement in 
Section 102 of the SAFE Port Act, the DHS Appropriations Act of 2007 
requires the Coast Guard to gather ownership information on vessel and 
facility security plans.
    In order to meet the requirements in these statutes, the Coast 
Guard has initiated a regulatory project to update 33 CFR Subchapter H 
regulations and will incorporate these new ownership reporting 
requirements.
    Implementation of the Transportation Worker Identification 
Credential (TWIC) regulations published in January 2007 will meet the 
requirement in Section 102 for a qualified individual having full 
authority to implement security actions for a facility to be a citizen 
of the United States, unless the Secretary waives the requirement after 
a determination based on a complete background check of the individual. 
These regulations, found in 33 CFR 105.205(a)(4), require facility 
security officers (the qualified individuals in the statute) to possess 
and maintain a TWIC. The security threat assessment conducted as part 
of the TWIC program involves a complete background check, including a 
criminal history records check, a legal status check, and an 
intelligence and terrorist watch list check, to satisfy the relevant 
mandate within this section. In addition, the Coast Guard is addressing 
the requirement for Facility Security Officers to be U.S. citizens in 
the regulatory project to update Subchapter H. A final fee was 
published on September 28, along with some modifications to the earlier 
rule.
Section 103 Unannounced Inspections of Maritime Facilities
    Currently, Coast Guard policy calls for an annual inspection of 
each facility, supplemented by periodic spot checks. The FY07 Homeland 
Security Appropriations Act provided $15M to, among other efforts, fund 
additional port security inspections. With this funding, the Coast 
Guard has created 39 new field billets to add to the current 350 
facility inspectors. Thirty-seven of these new billets were filled 
during the 2007 transfer season, and the remaining two are in the 
process of being filled. The Coast Guard conducted more than 7,500 
annual inspections and spot checks of 3,200 facilities in calendar year 
2006. We have also applied additional reserve billets this year to 
increase facility visits and ensure each facility is inspected not less 
than two times this year. At least one of those inspections will be 
unannounced.
Section 104 Transportation Security Card
    Section 104 of the SAFE Port Act includes a number of statutory 
requirements relating to the implementation of the TWIC program. The 
effort to promulgate TWIC requirements through the rulemaking process 
met its SAFE Port Act deadline of January 1, 2007, with the posting of 
the TWIC Final Rule. This rule, together with the Merchant Mariner 
Credential Supplemental Notice of Proposed Rulemaking published on 
January 25, 2007, will allow mariners to apply for or renew merchant 
mariner credentials through the mail concurrently with the TWIC 
enrollment process, eliminating travel to Coast Guard Regional Exam 
Centers and removing duplicative background checks and other 
application redundancies which exist under each program. Also, the TWIC 
final rule incorporates a background check process to enable newly 
hired workers to begin working while awaiting issuance of their TWIC, 
in accordance with the Act.
    The Coast Guard continues to support the Transportation Security 
Administration's (TSA's) efforts to implement the TWIC program by 
providing field and industry guidance to assist with compliance and 
enforcement activities. In addition, the Coast Guard is working closely 
with DHS and TSA on the pilot program to test the implementation of 
card readers to provide critical information and lessons to inform a 
second rulemaking to address TWIC readers. As part of our support for 
this effort, the Coast Guard, jointly with TSA, charged the National 
Maritime Security Advisory Committee (NMSAC) to form a working group of 
maritime industry and biometric technology representatives to propose 
specifications for TWIC cards and card readers using a contactless (or 
proximity) interface. The NMSAC presented recommended specifications on 
February 28, 2007. A notice of availability of the specifications was 
published in the Federal Register for public comment on March 16, 2007 
and the notice of availability of the final contactless specification 
was published in the Federal Register on September 20, 2007.
    Work continues on several aspects of the TWIC program. The Coast 
Guard intends to purchase handheld card readers in FY 2008 for use 
during vessel and facility inspections and spot checks. After the 
compliance date passes in a given port, the Coast Guard will use the 
card readers to randomly check the validity of an individual's TWIC. 
Also, the provision for newly hired employees to work while they await 
issuance of a TWIC is in development and on track. The Coast Guard has 
received stakeholder comments on policy and included them in the form 
of a Navigation and Vessel Inspection Circular (NVIC) which provides 
guidance and instruction on how to implement TWIC regulatory 
requirements for access control on facilities and vessels. This NVIC 
was published in July 2007.
Section 107 Long-Range Vessel Tracking
    The Coast Guard currently meets the intent and requirements of the 
Act, using the full range of classified and unclassified vessel 
tracking information available. While the Long Range Identification and 
Tracking (LRIT) NPRM did not meet the April 1, 2007 deadline, it was 
published in the Federal Register on October 3, 2007. The Act requires 
the DHS Secretary to establish a long range automated vessel tracking 
system that meets the following:

   Tracking: Provided for all vessels in U.S. waters equipped 
        with Global Maritime Distress and Safety System (GMDSS) or 
        equivalent satellite technology; and

   International: Consistent with international treaties, 
        conventions and agreements.
Tracking
    The SAFE Port Act requirement demands a multi-faceted approach. 
Using the full range of classified and unclassified vessel tracking 
info available, including some information purchased from vendors where 
appropriate, the Coast Guard currently meets and exceeds the tracking 
requirement of the Act. Currently, sufficient tracking information 
exists; however more work is needed in processing, display, and 
training in the use of this information.
International
    Our work to establish a system through the International Maritime 
Organization (IMO) will provide an unclassified global tracking 
capability in 2008 as a part of an existing IMO convention and give the 
United States a system that is compatible and interoperable with the 
global maritime community. The Coast Guard has been working with the 
IMO since shortly after 9/11 to implement a global tracking system for 
the types of vessels described in the Act. Following considerable 
diplomatic efforts, the international agreement to implement such a 
system was reached last year, and the global tracking system will be in 
effect at the end of 2008. In the long run, this approach has more 
advantages to the United States because it applies globally to all the 
world's ships of the kind described by the Act instead of just those in 
U.S. waters or vessels intending to make ports call in the United 
States. Under this system, the U.S. will have access to information for 
U.S. Flag vessels regardless of their current location, and vessels 
bound for U.S. ports when they declare intent to arrive. Information on 
all other vessels will be available whenever a ship is within 1,000 
nautical miles of the U.S. coast. The Coast Guard is examining funding 
strategies for this important international system.
    To complement the above activities, the Coast Guard also initiated 
a rulemaking to implement in Title 33 of the Code of Federal 
Regulations rules that require ships to report identifying and position 
data electronically. These rules provide guidance to U.S. and foreign 
ships on how to comply with this new reporting requirement, as well as 
an additional enforcement mechanism for ships that fail to comply.
Section 108 Establishment of Interagency Operational Centers for Port 
        Security
    Section 108 requires a budget and cost-sharing analysis for 
implementing interagency operations centers. The report required by 
this Section was submitted in July. It identified the estimated total 
acquisition cost of upgrading the 24 Coast Guard Sector Command Centers 
(SCCs), which encompass the Nation's high priority ports, as 
approximately $260 million. The major cost elements of this five-year 
project plan include an information management software suite, a sensor 
package and facility recapitalization.
    The establishment of interagency operations centers is currently 
not funded. In cooperation with the Department of Justice (DOJ), the 
U.S. Navy, and the DHS Office of Science and Technology, five prototype 
centers have been established to date. These centers are each 
configured differently as test beds for concepts, tactics, procedures 
and equipment. Cost sharing arrangements exist among the various 
participants.

------------------------------------------------------------------------
       Designator              Location          Cost-Sharing Agencies
------------------------------------------------------------------------
Seahawk Joint Task       Charleston, SC        Dept. of Justice/U.S.
 Force                                          Coast Guard
SCC*--Joint              Hampton Roads, VA     U.S. Coast Guard/U.S.
                                                Navy
SCC--Joint               San Diego, CA         U.S. Coast Guard/U.S.
                                                Navy
SCC--Joint               Jacksonville, FL      U.S. Coast Guard/U.S.
                                                Navy
SCC--Joint               Seattle, WA           U.S. Coast Guard/U.S.
                                                Navy
------------------------------------------------------------------------
*Sector Command Center.

    Additionally, seven ports have been identified for short and medium 
term pilot projects to evaluate joint operations design models between 
the Coast Guard and Customs and Border Protection (CBP). These pilots 
will include examination of methods for implementation of a virtual 
command center construct using various collaboration tools for daily 
coordination and vessel inspection planning.
    USCG is developing Command 21 to field the capabilities necessary 
to create interagency operations centers as required by Section 108. 
This initiative would establish interagency operational centers for 
port security tailored to each port and designed to close gaps in port 
and coastal maritime security. Command 21 would accomplish this by 
fielding a sensor network and an information system that allows the 
centers to monitor maritime activities in critical areas. The system 
would link vital data on vessel history, crew, and cargo to the 
activities observed.
    Command 21 will be designed to:

   Enhance the effectiveness of maritime security and response 
        operations in mitigating risk, including risks associated with 
        small vessels operating in close proximity to critical 
        infrastructure and key resources in port and coastal areas. 
        This enhanced effectiveness will be accomplished through pro-
        active tactical surveillance and data fusion;

   Improve maritime port and coastal security systems to 
        complement Secure Border Initiative (SBI) Net;

   Improve unity of effort in a multi-agency operations center 
        environment; and

   Accelerate deployment of a net-centric tactical system that 
        implements government-wide enterprise standards for the sharing 
        of situation data and services across multiple interagency 
        domains and Coast Guard systems.

    The Coast Guard's experience with interagency operations centers 
demonstrates that many tangible benefits to improve maritime safety, 
security, and stewardship can be achieved. Some of these include:

   Cooperative targeting and coordination of intelligence 
        facilitates information sharing;

   Daily field-level coordination breaks down barriers between 
        agencies;

   Collective use of tactical sensors (radars/cameras) saves 
        time, money and effort;

   Cooperative planning improves readiness and efficiency; and

   Sharing of law enforcement information helps reduce criminal 
        activity in the port and cuts off potential funding to 
        terrorist groups.

    Future interagency operations could be greatly improved as all 
partners will be able to:

   See maritime activities using port surveillance sensors;

   Understand the scene by automatically bringing tactical and 
        intelligence information together; and

   Share this tactical data with each other as they work side 
        by side in improved facilities.

    Command 21 is designed to publish tactical data in an open standard 
that allows other systems across multiple DHS and applicable Federal 
Government domains to subscribe to the information and use according to 
the individual needs of each agency. It provides the maritime component 
of the Department of Homeland Security's Secure Border Initiative 
(SBI). Moving ahead on both fronts will provide collaborative 
opportunities to leverage critical resources to broaden the impact of 
both programs toward securing our borders.
Section 109 Notice of Arrival for Foreign Vessels on the Outer 
        Continental Shelf
    The regulations for Notice of Arrival for foreign vessels on the 
Outer Continental Shelf (OCS) have been developed and incorporated into 
an existing Coast Guard rulemaking project related to OCS activities. 
This rulemaking, the updating of 33 CFR Subchapter N, ``Outer 
Continental Shelf Activities,'' already includes Notice of Arrival 
requirements for foreign vessels operating on the OCS. The Coast Guard 
has completed evaluation of the proposed regulations and public 
comments, and is working to expeditiously publish this rule.
Section 110 Enhanced Crewmember Identification
    Historically, the Coast Guard advanced the effort to negotiate the 
international seafarer's identification initiative at the International 
Labor Organization (ILO), resulting in the ILO-185 Seafarer's 
Identification Document (SID). However, a requirement within ILO-185 
prohibiting implementing nations from requiring a visa for seafarers 
holding a SID to be eligible for shore leave has prevented the U.S. 
from ratifying ILO-185.
    In accordance with the Act, the Coast Guard has prepared a draft 
NPRM defining the identification documents necessary for all foreign 
mariners calling on U.S. ports. The proposed identification 
requirements would also apply to U.S. mariners arriving at U.S. ports 
from a foreign port of place of departure.
Section 111 Risk Assessment Tool
    The Maritime Security Risk Analysis Model (MSRAM) is being used by 
Captains of the Ports/Federal Maritime Security Coordinators (FMSCs) 
and Area Maritime Security Committees (AMSC) to analyze and prioritize 
scenario-based risks within their areas of responsibility, and to 
measure risk reduction potential in the evaluation of port security 
grant program proposals. FMSC and AMSCs are required to validate the 
MSRAM data on an annual basis. This was last completed in the summer of 
2007 using MSRAM version 2.
Section 112 Port Security Grants
    The Coast Guard worked with the DHS Office of Grants and Training, 
who has fiduciary responsibility for the Port Security Grant Program, 
to complete the report to Congress required by this Section. The report 
was submitted to Congress on April 27, 2007.
    The Port Security Grant Program (PSGP) provides grant funding to 
port areas for the protection of critical port infrastructure from 
terrorism. FY07 PSGP funds are primarily intended to assist ports in 
enhancing risk management capabilities; domain awareness; capabilities 
to prevent, detect, respond to and recover from attacks involving 
improvised explosive devices (IEDs) and other non-conventional weapons; 
as well as training and exercises.
    $201,670,000 was available for Port Security Grants in FY07. These 
funds were divided amongst four tiers of ports. Within Tier I, eight of 
the highest risk port regions were allocated a fixed amount of funding 
based on risk. In many cases, multiple port areas were grouped together 
to reflect geographic proximity, shared risk, and a common waterway. 
Port areas submitting applications within Tier II and III were eligible 
to compete for the FY07 PSGP but were not guaranteed funding. Section 
112 of the SAFE Port Act also required that any entity addressed in an 
Area Maritime Security Plan also be eligible to apply. Tier IV was 
established for those new entities not within the port areas in Tiers 
I-III. This added approximately 259 ports to the 102 highest risk ports 
for a total of 361 that were eligible to compete, but were not 
guaranteed funding.
    Funds were awarded based on analysis of risk and effectiveness of 
proposed investments by the applicants. Risk to port Infrastructure 
Protection Program Detail areas was assessed using a methodology 
consisting of threat, vulnerability, and consequence factors. The 
majority of port security grant funds--$120.6 million--was allocated to 
eight Tier I ports or port areas that we consider to be the highest 
risk.
    Grant applicants had 60 days from January 6, 2007 to complete this 
process for the remaining $81M. Applications were required to be 
submitted electronically via the grants.gov website no later than March 
6, 2007. The initial reviews were completed by the local Captain of the 
Port in conjunction with the Maritime Administration's (MARAD's) 
regions. These results were forwarded to a national review panel 
comprised of representatives from the Coast Guard, the Transportation 
Security Administration (TSA), DHS Infrastructure Protection (IP), 
Grants and Training (G&T), the Domestic Nuclear Detection Office 
(DNDO), and MARAD that convened on April 9, 2007. The results were 
announced on May 30, 2007.
    The $110 million was provided by Congress in supplemental Port 
Security Grant Funding (P.L. 110-28, the U.S. Troop Readiness, 
Veterans' Care, Katrina Recovery, and Iraq Accountability 
Appropriations Act, 2007). Using the same risk-based analysis utilized 
during the initial FY07 Port Security Grants, funds were allocated to 
Tier I and II ports to develop a Port-Wide Risk Management/Mitigation 
and Business Continuity/Resumption of Trade Plan which will identify a 
prioritized listing of items to be addressed within future grant 
applications. Tier III ports that previously submitted projects under 
the initial FY07 PSG Program which were validated but unfunded, are to 
be funded with the Supplemental Grant. Tier IV ports also applied for 
TWIC and Training under the Supplemental Grant funding. The application 
period has closed. Both field and national review of the Supplemental 
applications have been completed, and announcement of awards were made 
by September 30, 2007.
Section 113 Port Security Training Program
    The Coast Guard is supporting the FEMA National Preparedness 
Directorate's National Integration Center through Training and 
Exercises Integration (formerly known as the DHS Preparedness 
Directorate, Office of Grants and Training Division). Collectively, we 
are making progress in establishing the program delineated in the Act. 
There are a number of existing initiatives and new initiatives that 
will address the requirements in this section.
    In response to Congressional mandate, the Coast Guard and MARAD 
developed model courses for the training of facility and other 
personnel to meet the requirements of the Maritime Transportation 
Security Act of 2002. These model courses establish a competence based 
standard and contain most of the requirements under this Section of the 
Act. The model courses were developed in support of the facility 
security plan requirements, and apply to all personnel working in a 
port facility or required to enter a port facility in response to an 
emergency. These model courses are available via website to Federal, 
state and local personnel from the public and private sector and they 
are undergoing a review to include lessons learned and the additional 
topics required under the Act. To ensure quality training, Coast Guard 
and MARAD developed and implemented a voluntary course acceptance and 
certification process using the model courses as the guidelines for 
acceptance. The Coast Guard is currently revising the regulations for 
security training for facility personnel to ensure all training is 
measured against a standard of competence, including the topics 
required under the SAFE Port Act.
    The FEMA National Preparedness Directorate's National Integration 
Center, through Training and Exercises Integration, has awarded a $6.18 
million Cooperative Grant to the Florida State University to develop 
courses meeting the Maritime Transportation Security Act of 2002 
requirements (model courses), and covering the eight port security-
related topics required under the Act. MARAD and the Coast Guard are 
actively assisting DHS to ensure this training will be consistent with 
existing standards and will provide the maximum possible return on 
investment. It is envisioned that these courses will be available for 
in-classroom and on-line training; and will be available both to 
Federal, state and local personnel as well as members of the private 
sector who work in the port security realm.
    In addition, the FEMA National Preparedness Directorate's National 
Integration Center, through Training and Exercises Integration, has 
made available other training courses that address individual port 
security topics required under the Act. These courses are provided to 
State and local emergency responders and other identified audiences by 
Training and Exercises Integration, and are coordinated by each State's 
Governor-designated Training Point of Contact.
Section 114 Port Security Exercise Program
    Current port security exercise programs conduct live, risk-based 
exercises that are realistic and evaluate total capability by focusing 
on the port community, in order to evaluate the entire capability. 
These exercises involve State and local governments, as well as 
facilities and vessels, to ensure that consistent methodology is 
applied and that all requirements are met as a result. Although current 
programs do not mandate facility participation in these annual 
exercises, participation has been strong and continues to increase. 
Facilities, as well as vessels, are encouraged to observe and/or 
participate in these port security exercises. When they choose to 
participate, they are offered the opportunity to put forth exercise 
objectives tailored to meet their specific needs.
    Since January 2005, the Coast Guard has assisted TSA in 
implementing their Port Security Training and Exercise Program 
(PortSTEP). Similarly, since October 2005, the Coast Guard has 
sponsored its own Area Maritime Security Training and Exercise Program 
(AMStep) that exercises the port stakeholder's ability to implement the 
provisions of the Area Maritime Security Plan. The Coast Guard and TSA 
have synchronized AMStep and PortSTEP to maximize coverage across the 
U.S. and minimize duplication of effort. In FY07, these two programs 
collectively sponsored 41 port security exercises. Exercise types have 
included basic and advanced table-top, discussion-based exercises to 
full-scale, operations-based exercises. The type of exercise and 
scenario selected are collectively decided upon by Area Maritime 
Security Committee (AMSC) members, through application of their most 
current risk-based port assessment and assessment of preparedness 
needs. The results of both these exercise programs and all lessons 
learned, best practices, and corrective actions are documented in a 
semi-annual report to Congress.
    The ``Training'' aspect of current port security exercise programs 
focuses on the National Incident Management System (NIMS) Incident 
Command System (ICS). Training, such as I-200 (Basic), I-300 
(Intermediate) and I-320 (Team training), is offered to the entire port 
community prior to each annual exercise. Security-specific training is 
provided from within the port community.
    Initial performance measures for port security exercises were 
established under Coast Guard NVIC 09-02, Change 2. These measures, 
outlined as objectives, are currently being revised by the Coast Guard 
to align with MTSA requirements to test the AMSPs and with the Homeland 
Security Exercise and Evaluation Program. All Lessons Learned, Best 
Practices, and Remedial Action Items are captured in the Coast Guard's 
Contingency Preparedness System (CPS), which can be accessed by the 
entire Coast Guard. Additionally, through the use of Homeport, the 
Coast Guard's communications and collaborations Information Technology 
application, Lessons Learned and Best Practices, can be made available 
to the entire port community (Federal, state, local, tribal and 
industry).
    Although AMStep is currently being carried out under contract 
support, the Coast Guard has begun the hiring of personnel to staff 
National-level and Regional-level exercise support teams. These teams 
will assist Coast Guard Sector Commands (port-level) and Districts with 
the following contingency exercise programs: port security, oil/
hazardous substance response, natural disaster, mass rescue, alien 
migration interdiction, civil disturbance, counterterrorism, military 
outload, combatant commander support, and physical security/force 
protection. This is an ``All Threats/All Hazards'' approach.
Section 115 Facility Exercise Requirements
    Current regulations in 33 CFR 105.220(c) require facilities to 
conduct an annual exercise. These exercises may include either live, 
tabletop, or participation in a non-site-specific exercise. In order to 
meet the requirement in Section 115, the Coast Guard has initiated a 
regulatory project to update 33 CFR Subchapter H regulations and will 
incorporate definition of ``high risk facility'' and the requirement 
for high risk facilities to conduct bi-annual full-scale exercises.
Section 128 Center of Excellence for Maritime, Island and Extreme/
        Remote Environment Security
    The Coast Guard is assisting the DHS Science and Technology (S&T) 
Directorate to meet the requirements of Section 108. The Broad Area 
Announcement (BAA) for a Center of Excellence (COE) for Maritime, 
Island and Extreme/Remote Environment Security was announced at the 
beginning of February 2007. This BAA incorporated Maritime Domain 
Awareness (MDA) study as a central component of a broader system of 
research into maritime security. This solicitation is still open, and 
there has been good response from the academic community. DHS S&T 
expects to award the COE by the end of 2007. The Coast Guard looks 
forward to this important new research component that will support DHS.
Section 201 Strategic Plan to Enhance the Security of the International 
        Supply Chain
    The Coast Guard assisted the Department of Homeland Security's 
authoring team in drafting the required Strategy to Enhance 
International Supply Chain Security, providing lead authors for 
sections on response and recovery. Looking forward, the Coast Guard is 
working to structure the first required five-year update to Area 
Maritime Security Plans (AMSPs) to position them to support field-level 
implementation of the strategy as it pertains to Transportation 
Security Incidents (TSIs). A planning objective is to make these 
community-based coordination arrangements and procedures compatible for 
application during other forms of transportation disruption, insofar as 
practicable. We assigned the same Coast Guard subject matter experts to 
support each initiative, thereby facilitating content alignment for 
this purpose.
Section 233 International Cooperation and Coordination
    The Coast Guard has been working with a variety of international 
organizations including the Asia Pacific Economic Cooperation (APEC) 
Forum, the Group of Eight (G8), and the Organization of American States 
(OAS) to conduct capacity building activities to improve the port 
security regimes of developing countries. Coast Guard representatives 
serve on maritime security expert groups of these organizations and 
have been intimately involved in identifying and executing projects. 
Furthermore, the Coast Guard had been working cooperatively with the 
Departments of State and Defense in various security assistance 
activities.
    Of particular note is our work with the OAS, an organization that 
is specifically mentioned in the SAFE Port Act for close coordination. 
Through the Inter-American Committee on Counter-Terrorism (an OAS 
body), and in conjunction with Canada, the Coast Guard is developing a 
series of exercises and best practice conferences. The first port 
security exercise was completed in Argentina in September 2007.
    Modeled after the North Pacific Coast Guard Forum, which has had 
some notable successes in the area of joint operations recently, the 
new North Atlantic Coast Guard Forum will leverage bilateral 
relationships and encourage partner-based activities in the Atlantic 
theater. Its first meeting is scheduled for 22-25 October in Stockholm, 
Sweden.
Section 234 Foreign Port Assessments
    The Coast Guard has increased the pace of assessments and is on 
track to complete an initial assessment of all of our trading partners 
by March 2008. The Coast Guard intends to conduct assessments on a 2-
year cycle thereafter.
    This 2-year cycle is consistent with the guidance contained in the 
FY07 DHS Appropriations Act, which called on the Coast Guard to double 
the rate of assessments (basically from three per month to six per 
month). This reassessment cycle actually exceeds the requirement of the 
SAFE Port Act which call for reassessments to be conducted on a 3-year 
cycle. Additional resources (approx. $6.7M and 32 FTE) provided in the 
FY07 DHS Appropriations Act support this increase in activity.
Section 303 Research, Development, Test, and Evaluation Efforts in 
        Furtherance of Maritime and Cargo Security
    DHS and the Coast Guard have current and planned efforts to support 
the furtherance of maritime and cargo security. The Coast Guard RDT&E 
efforts for FY07 include:


------------------------------------------------------------------------
          Mission Areas                      Programs/Projects
------------------------------------------------------------------------
Boarding Team Support and          1. Maritime Biometrics, ID at Sea
Communications                     2. Boarding Team Connectivity
                                   3. Next Generation Underway
                                    Connectivity
                                   4. Boarding Officer Tools and
                                    Equipment Support
Compel Compliance                  1. Anti-Personnel
                                   2. Stopping Mid-Sized Vessels
Platforms and Sensors              1. Acoustic Buoy
                                   2. Multi-Sensor Performance
                                    Prediction
                                   3. Global Observer
                                   4. Small UAS Evaluations
Sector and Port Security           1. Maritime Domain Awareness
 Operations                         Community of
                                     Interest
                                   2. National Automatic Identification
                                    System
Miscellaneous                      1. Net-Centricity
                                   2. Weapons of Mass Destruction
------------------------------------------------------------------------

    The Coast Guard projects funded by DHS Office of Science and 
Technology (S&T) FY07 funds include:

------------------------------------------------------------------------
          Mission Areas                      Programs/Projects
------------------------------------------------------------------------
Boarding Team Support and          1. Boarding Team Communications
Communications
Sensor, Data Fusion, and Decision  1. Visualization Tools
 Aids (Maritime)                   2. Hawkeye Watch keeper Prototype
                                   3. Offshore Buoys for Vessel
                                    Detection
                                   4. Emergence Response Blue Force
                                    Tracking
                                   5. Swimmer/Diver Detection
                                   6. Global Observer
------------------------------------------------------------------------

    DHS S&T FY08 funding has yet to be defined. The Coast Guard is 
planning a comparable dollar figure to support the furtherance of 
maritime and cargo security in FY08.
Conclusion
    In conclusion, the Coast Guard is committed to implementing the 
Security and Accountability for Every Port Act. We continue to make 
headway on all fronts and look forward to future progress and 
partnerships with international, Federal, state, and local port 
organizations. Thank you for the opportunity to testify before you 
today. I will be happy to answer any questions you may have.

    Senator Lautenberg. Thank you. Ms. Fanguy?

          STATEMENT OF MAURINE SHIELDS FANGUY, PROGRAM

       DIRECTOR, TRANSPORTATION SECURITY ADMINISTRATION,

                DEPARTMENT OF HOMELAND SECURITY

    Ms. Fanguy. Thank you. Good morning, Mr. Chairman, Vice-
Chairman Stevens and distinguished Members of the Committee. My 
name is Maurine Fanguy and I'm the Program Director for the 
Transportation Worker Identification Credential Program, also 
known as TWIC. Today, I'm here to show you the results of our 
efforts, the TWIC Credential.
    In all of our previous meetings, we have talked to you 
about what we needed to do and what we were going to do. Now I 
would like to tell you what we have done. This is my TWIC card. 
Last week, I went to Wilmington and I enrolled. On October 16, 
less than 2 weeks from today, Wilmington's port workers will 
begin enrolling for their TWICs. This card represents the 
completion of TWIC's flight-testing.
    Just like I did, Wilmington's port workers will come to our 
enrollment center and give their personal information and 
fingerprints to a trusted agent for vetting. Their cards, just 
like mine, will be printed and sent back to Wilmington for 
activation.
    TWIC is one of the world's most advanced interoperable, 
biometric credentialing programs, powered by state-of-the-art 
technologies. Once TWIC is up and running, TSA will vet as many 
workers in 1 day as we did in 1 year of the prototype. That's 
over 5,000 workers a day. This program will impact the 
livelihoods of the hundreds of thousands of American workers 
who represent the backbone of global commerce.
    While the start of enrollment represents a significant 
milestone in the program, more importantly, it is a critical 
step in our multi-layered approach to securing our Nation's 
ports. Since Assistant Secretary Holley testified in April, we 
have completed testing and have made advances in all aspects of 
the program. First, we added 17 new TWIC enrollment sites, 
based on stakeholder input. We understand the importance of 
making enrollment as convenient and accessible as possible. The 
additional sites bring the total number of fixed enrollment 
centers to 147 nationwide. We have also added a mobile 
enrollment capability to take TWIC to the workers. Second, we 
reduced the price of a standard TWIC card to $132.50. It's very 
important to us to limit the cost to workers as much as 
possible. Third, we published technical specifications for TWIC 
biometric card readers. This allows industry to enhance access 
control technologies used at 3,200 facilities and on 10,000 
vessels. And fourth, we held kick-off meetings with five card 
reader pilot participants, the Port Authorities of New York and 
New Jersey or New Jersey and New York, Mr. Lautenberg, Los 
Angeles, Long Beach and Brownsville as well as Watermark 
Cruises in Annapolis, were selected to represent a broad range 
of operating environments. We are continuing to meet with 
interested stakeholders to identify additional participants.
    After successful startup in Wilmington, we will proceed to 
Corpus Christi in early November. By mid-November, enrollment 
will start in Baton Rouge, Beaumont, Honolulu, Oakland and 
Tacoma. This group will be followed in late November by Chicago 
Calumet, Houston, Port Arthur, Providence and Savannah. As we 
begin enrollment at these ports, we will continue to release 
more information about the rest of the 147 ports where we will 
begin enrollment.
    We look forward to the start of enrollment on October 16. 
For the first time, thousands of ports and vessels will have 
one interoperable security network with workers holding a 
common credential that can be used across that entire network. 
We will continue to work with our partners, the Coast Guard, 
maritime stakeholders and this Committee to ensure the ongoing 
success of the TWIC program.
    Thank you for the opportunity to appear today and I would 
be happy to answer any questions.
    [The prepared statement of Ms. Fanguy follows:]

    Prepared Statement of Maurine Shields Fanguy, Program Director, 
Transportation Security Administration, Department of Homeland Security
    Good morning, Chairman Inouye, Vice Chairman Stevens and 
distinguished Members of the Committee. Thank you for this opportunity 
to share with you the significant progress we have made on the 
Transportation Worker Identification Credential (TWIC) program. I would 
like to acknowledge the leadership this Committee has provided in 
defining the vision for TWIC.
    The TWIC program is moving aggressively toward its objectives while 
making sound programmatic decisions focused on enhancing port security. 
I am happy to inform the Committee that enrollment will begin in 
Wilmington, Delaware later this month.
    There have been a number of critical advances in the program since 
last spring:

   Completing test milestones on the enrollment system

   Adding TWIC enrollment sites based on stakeholder input

   Reducing the price of a TWIC card

   Establishing reader technical specifications

   Identifying card reader pilot participants and holding kick-
        off meetings
Completing Test Milestones on the Enrollment System
    TWIC will impact the livelihoods of hundreds of thousands of 
American workers essential to the smooth flow of global commerce. Once 
TWIC is up and running, TSA will vet as many workers in one day as we 
did during the entire year-long prototype. The importance and enormity 
of this task within the maritime environment, with a dynamic and mobile 
workforce, has demanded a methodical approach with rigorous testing.
    TWIC will be one of the world's most advanced, interoperable 
biometric credentialing programs and is powered by state-of-the-art 
technologies. We are nearly complete on our ``flight test'' of the full 
TWIC system, which has five main components:

   Pre-Enrollment Web Site: allows workers to schedule 
        appointments and provide information ahead of time to make 
        enrollment easier.

   Enrollment Center: captures a worker's biometric and 
        biographic information and submits the information for security 
        processing.

   TWIC Core System: routes applicant information for 
        processing, conducts data integrity checks, and manages the 
        status of TWIC cards.

   Screening Gateway: aggregates security threat assessment 
        data from the FBI, Citizenship and Immigration Services, and 
        watchlists. It is important to note that the Screening Gateway 
        is used across all of TSA's vetting programs.

   Card Production: electronically loads an applicant's 
        information onto a TWIC smart card and then physically produces 
        the card.

    All five of these parts were first tested individually. Next, these 
pieces were integrated to ensure the functionality of the end-to-end 
process of conducting accurate and timely security threat assessments 
and producing high quality credentials. In addition, security and 
privacy requirements were validated throughout the process. After our 
contractor verified system readiness, TSA completed independent 
verification before beginning final test enrollments in the field using 
live vetting on government and trusted contractor personnel.
    Today we are in the final stages of field testing. The switch has 
been turned on and once field testing is completed, we will open the 
doors and begin enrollment in Wilmington, Delaware. After we verify 
successful enrollment operations in Wilmington, we will move forward 
aggressively to expand TWIC across the Nation.
Adding TWIC Enrollment Sites
    The TWIC final rule established a network of 130 enrollment sites 
located across the Nation. Through collaboration with maritime 
stakeholders, we understand the importance of making enrollment as 
convenient and accessible as possible. We also have worked with the 
Department and our partners in the United States Coast Guard to reach 
out to stakeholders in the field and have identified additional 
locations for TWIC enrollment centers. At this time, we will field 146 
fixed enrollment centers. In addition, we have worked with our 
contractor to add a mobile enrollment capability to take TWIC to the 
workers.
Reducing the Price of a TWIC Card
    TWIC is a fee-based program paid for by applicants. We fully 
realize that these costs are significant and we are mindful of the need 
to identify areas for cost reduction. Recently, we announced that the 
fee for a standard TWIC will now be $132.50, a decrease from the price 
anticipated in the Final Rule. Workers with current, comparable threat 
assessments including HAZMAT, Merchant Mariner Document (MMD) or Free 
and Secure Trade (FAST)) will receive a discounted fee of $105.25. The 
cost of a lost, damaged or stolen credential is $60.
Establishing Reader Technical Specifications
    The TWIC technical architecture is compatible with the 
credentialing standards established in Federal Information Processing 
Standard (FIPS) 201-1. This alignment is critical to support card and 
reader interoperability within the maritime mode. In response to 
comments received on the initial TWIC Notice of Proposed Rulemaking, 
TSA and the Coast Guard decided to remove the requirement for biometric 
readers from the TWIC final rule to allow time to establish technology 
specifications to support maritime operations.
    TSA and the Coast Guard sought the advice of the National Maritime 
Security Advisory Committee (NMSAC) which established a working group 
to collaboratively develop new technical specifications that complement 
FIPS 201-1 and add features that will support high-volume physical 
access in the harsh maritime environment. The working group included 
representatives from both the maritime and technology industries.
    TSA recently published the TWIC reader hardware and card 
application working technical specification. The working specification 
establishes the requirements for biometric card readers for the pilot 
projects required by the SAFE Port Act. These readers will be tested 
during the pilot program. As the card and readers are envisioned to 
operate when TWIC is fully implemented, use of a PIN will not be 
necessary to release the biometric, unless the owner/operator chooses 
to use contact readers and the contact side of the credential.
Identifying Card Reader Pilot Participants and Holding Kick-Off 
        Meetings
    As required by the SAFE Port Act, we have initiated pilot programs 
with five partners across the country to test card readers. The pilots 
will test access control technologies in real world marine 
environments. Our current list of participants includes the Port 
Authorities of Los Angeles, Long Beach, Brownsville, and New York/New 
Jersey, in addition to Watermark Cruises in Annapolis, Maryland. As 
part of the outreach efforts for the TWIC program and the Department's 
Port Security Grant Program, we continue to seek additional 
participants. Our objective is to include pilot test participants that 
are representative of a variety of facility vessels which operate in a 
variety of geographic locations and environmental conditions. There 
appears to be sufficient interest from the maritime community to 
achieve this objective.
    We are in the process of finalizing the test approach for the 
pilots. We are working with DHS Science and Technology and the National 
Institute of Standards and Technology (NIST) to establish a test plan 
that will evaluate the card-reader interface under a variety of 
conditions and assess its impact on operations. Through the pilot 
tests, we will investigate the impacts of requiring biometric identity 
verification on business processes, technology, and operational impacts 
on facilities and vessels of various size, type, and location. As the 
program proceeds, the pilots will inform the TWIC reader rulemaking 
process and ultimately result in final regulations that require the 
deployment of transportation security card readers consistent with the 
findings of the pilot program.
Lessons Learned and Future Efforts
    We are proud of the significant progress we have made in the past 6 
months and are mindful of the challenges ahead. As we move forward in 
the TWIC program, we are committed to incorporating our lessons learned 
to drive sound management decisions geared at improving all aspects of 
the program, including:

   Look for efficiencies by eliminating duplicative regulatory 
        processes. TSA and Coast Guard are developing procedures for 
        the sharing of fingerprints, identity verification, criminal 
        history, and photographs for TWIC which is expected to save not 
        only money but time. In addition, merchant mariners will no 
        longer be required to visit a Regional Exam Center to obtain 
        and renew their credentials, resulting in substantial time and 
        travel savings.

   Place the highest value in stakeholder input; it is time 
        well spent. The public hearings, comments to the NPRM, meeting 
        with operators and associations, and contributions of advisory 
        councils all added great value. We came away from each and 
        every one of these efforts better informed about the 
        challenges, the unacceptable impacts, and the practicable 
        options for protecting our ports.

   Address the impact on small businesses. TSA and the Coast 
        Guard worked closely with the Small Business Administration to 
        minimize the financial and operational impact on small 
        businesses wherever possible. The rule includes provisions that 
        allow MTSA-regulated passenger vessels (excluding cruise ships) 
        to establish employee access areas for crewmembers that do not 
        require unescorted access to secure areas such as the pilot 
        house and engine room. This provision reduces the impact on 
        those employees who rarely need to use spaces beyond those 
        designated for support of passengers while maintaining the 
        integrity of vessels' secure areas. We are also producing and 
        distributing a Small Business Compliance Guide to assist small 
        businesses in their implementation of the program.

   When practical, preserve state regulatory flexibility. 
        Mariner regulations and port security plans preempt state 
        regulations. However, the TWIC regulations do not preempt 
        states from requiring background checks and badging systems for 
        non-security purposes in addition to TWIC. States may need to 
        set standards for important purposes other than terrorism 
        threats, such as theft or organized crime.

   Plan for privacy. All data collected at an enrollment center 
        will be completely deleted from the enrollment center work 
        stations after transmission to TSA. The entire enrollment 
        record (including all fingerprints collected) is stored in the 
        TSA system, which is protected through role-based entry, 
        encryption, and segmentation to prevent unauthorized use. No 
        paper records with personal identification information are 
        created in the enrollment process.

   Technical innovation requires adaptive contract management. 
        TWIC is attempting to develop a 21st century technology that 
        accommodates evolving IT standards suited to emerging needs 
        that span local, international, public, and private interests. 
        This requires continual reevaluation of the scope and methods 
        of contracting. The recent Lockheed Martin performance-based 
        contract award is a culmination of our efforts to date. We will 
        continue to look for and implement adaptive program planning, 
        contractor oversight, and metrics to ensure the success of the 
        program.

   Plan to address what issues may arise during testing. 
        Evolving technology, such as card readers, create a changing 
        environment and program control constraints. This is especially 
        the case when the technology must be deployed to a vast 
        multitude of entities with remote connectivity challenges 
        (e.g., vessels) and varying degrees of access control system 
        capabilities.
Conclusion
    The steps we are taking will be an extremely important aspect to 
the security of our port facilities and vessels. TSA will continue to 
work with our partners, the U.S. Coast Guard and maritime stakeholders, 
to ensure that for the first time in history thousands of independent 
businesses will have one, interoperable, security network and workers 
will hold a common credential that can be used across that entire 
network.
    I appreciate the keen interest that this Committee has in an 
effective implementation of TWIC, and I thank you for your support. Mr. 
Chairman, this concludes my testimony and I am pleased to answer any 
questions that you may have.



    Senator Lautenberg. Thank you. Mr. Winkowski?

             STATEMENT OF HON. THOMAS S. WINKOWSKI,

      ASSISTANT COMMISSIONER, OFFICE OF FIELD OPERATIONS,

               U.S. CUSTOMS AND BORDER PROTECTION

    Mr. Winkowski. Thank you, Mr. Chairman and good morning to 
everybody and the distinguished Members of the Committee and 
Mr. Vice Chairman. Thank you for this opportunity to discuss 
with you today the status of U.S. Customs and Border 
Protection's efforts since the passage of the SAFE Port Act 
nearly 1 year ago. As the Assistant Commissioner for almost 3 
months now, I can report the CBP has taken strong actions in 
order to be responsive to this piece of significant 
legislation.
    I would first like to thank the Congress for your continued 
interest in the important subject of maritime and supply chain 
security. In many ways, I look at Congressional passage of the 
SAFE Port Act as an endorsement of CBP's approach to cargo 
security begun after the events of 9/11. As you know, CBP has 
developed and implemented unprecedented initiatives to achieve 
our twin goals of strengthening the security of cargo entering 
our borders and facilitating the flow of legitimate trade and 
travel.
    CBP uses a multi-layered approach to ensure the integrity 
of the supply chain from the point of container stuffing 
through vessel arrival at a U.S. port of entry. This multi-
level approach includes the use of trained CBP officers, 
technology, automation, electronic information and partnerships 
with the trade agencies in foreign governments.
    I'm sure you are already familiar with many of our 
initiatives and programs as they have been critical components 
of our strategy for a number of years. However, I wanted to 
highlight some important accomplishments that demonstrate how 
far we have come since September 11 and provide insight on some 
of the efforts the CBP has made over the last 12 months to meet 
the requirements of the SAFE Port Act. CBP, through the 
Container Security Initiative and in coordination with the 
Department of Energy's Mega-Port Program has partnered with 
other countries to deploy personnel and technology in an effort 
to prevent terrorists and terrorist weapons from entering the 
United States.
    Today, CSI is operational in 58 ports covering 85 percent 
of the maritime containers as cargo shipped to the United 
States. At these 58 locations worldwide, CBP officers and ICE 
agents, working along side their host government counterparts, 
identify the highest risk cargo and perform examinations before 
the cargo is laid onboard a vessel destined to the United 
States. This is significant progress.
    CBP continues to enhance and improve upon this program, as 
the Secretary of Homeland Security announced, the Secure 
Freight Initiative on December 7, 2006. This first phase of the 
Secure Freight Initiative creates an unprecedented partnership 
with Pakistan, Honduras and the United Kingdom, Oman, 
Singapore, Korea and Hong Kong and will provide these 
governments with a greater window into potentially dangerous 
shipments moving through their seaports. In Port Qasim, Port 
Cortes and Southhampton, the deployed scanning equipment will 
capture data on all containers bound to the United States, and 
filling the pilot requirements set up by Congress in the SAFE 
Port Act.
    Surpassing these Congressional requirements, DHS has also 
partnering with some of the world's largest container ports. 
The size and complexity of larger ports, such as Singapore, 
Hassan and Hong Kong required initial limited deployment. This 
first phase will provide lessons learned and evidence of how 
this new integrated technology can meld smoothly into the 
logistics operations and risk management process while 
complimenting the flow of commerce at each different port.
    DHS will submit reports to Congress in February and April 
2008, detailing the progress made under SFI. This report will 
also outline the successes and challenges associated with 
implementation of 100 percent scanning in foreign locations, 
including issues related to the availability, the capabilities 
and efficiency of technology and equipment, the process of 
negotiations and discussions with host nation counterparts as 
well as foreign input and feedback, the impact on the movement 
of cargo through ports and across the global supply chain, the 
staffing and human capital requirements that will be necessary, 
both abroad and domestic and numerous additional 
considerations. The data, experience and lessons learned from 
the initial phase of SFI will provide necessary insight into 
the practicality and benefits of 100 percent scanning and will 
certainly guide in decisions regarding the possible expansion 
of SFI.
    On one of the key components of CBP's layered defense is 
the advance electronic cargo information required on all modes 
of transportation by the Trade Act of 2002, including a 24-hour 
rule for maritime cargo. The SAFE Port Act mandated a provision 
of additional data elements for improved high-risk targeting 
and the overall enhancement of the Automated Targeting System, 
working actively with the trade through the COAC CBP developed 
and processed a new secure security filing, better known as 
``10 plus 2'' in an effort to obtain additional advance cargo 
information and enhance our ability to perform risk-based 
targeting. Under this initiative, the importer or its designee 
agent will file 10 new unique data elements, not currently 
provided to C-TPAT while carriers will provide stow plan data 
and container status messages. On the C-TPAT, another premiere 
program that we have, we're on target from the standpoint of 
the mandates of the SAFE Port Act and our RPM and NII 
technology, we continue to make tremendous inroads in ensuring 
that large pieces of--large freight is brought through our RPM. 
So with that, Mr. Chairman, I conclude and look forward to your 
questions.
    [The prepared statement of Mr. Winkowski follows:]

Prepared Statement of Hon. Thomas S. Winkowski, Assistant Commissioner, 

     Office of Field Operations, U.S. Customs and Border Protection
Introduction
    U.S. Customs and Border Protection (CBP) appreciates this 
opportunity to discuss with you today the Security and Accountability 
For Every Port Act (SAFE Port Act) and the efforts of CBP nearly one 
year after its passage.
    It is noteworthy that CBP worked quite closely with the House and 
Senate in the development of the SAFE Port Act and applaud the high 
level of Congressional interest in securing United States ports and the 
global supply chain. Much of what is in the SAFE Port Act codified 
initiatives that the U.S. Customs Service, now CBP, undertook 
immediately after 9/11 and has been implementing successfully ever 
since.
    Below are updates on the primary areas of activity being undertaken 
by CBP to fully implement the Act.
Container Security Initiative (CSI)
    To meet the priority mission of preventing terrorists and terrorist 
weapons from entering the United States, CBP has partnered with other 
countries through the Container Security Initiative (CSI) to deploy 
multi-disciplined teams to selected foreign seaports to identify cargo 
containers that pose a potential risk for terrorism and inspect those 
containers at the foreign ports before they are shipped to the United 
States. CSI is an example where the SAFE Port Act codified existing DHS 
programs, and CBP is in compliance with the Act's mandates.
    Almost 32,000 seagoing containers arrive and are off loaded at 
United States seaports each day. In Fiscal Year 2006, that equated to 
11.6 million cargo containers annually. Because of the sheer volume of 
sea container traffic and the opportunities it presents for terrorists, 
containerized shipping is uniquely vulnerable to terrorist 
exploitation. CSI's effectiveness and successes can be measured by 
several factors. At its core is the cooperation and information sharing 
between the CBP officers in the foreign seaports and the host 
government personnel. Additionally, CSI has been instrumental in 
enhancing port security. Through CSI, many foreign ports that 
previously did not utilize or possess non-intrusive inspection (NII) 
equipment now have either purchased their own or have access to NII 
equipment. Additionally, CSI has partnered with Department of Energy's 
Megaports Initiative at several CSI ports to further enhance the host 
nation's capability to screen cargo for nuclear and other radioactive 
materials that could be used by terrorists against the United States or 
a host country. This fiscal year CSI expanded to 8 additional ports, 
and reached a milestone of 58 ports worldwide covering 85 percent of 
the container traffic destined to the United States. This is 
significant progress.
Secure Freight Initiative (SFI) and 100 Percent Scanning
    Building upon the success of the Container Security Initiative 
(CSI), on December 6, 2006, the Secretary of Homeland Security, in 
cooperation with the Department of Energy (DOE), Department of State 
(DOS) and with the maritime industry and foreign government partners, 
announced Phase One of the Secure Freight Initiative (SFI). SFI is an 
unprecedented effort to build upon existing port security measures by 
enhancing the United States Government's ability to scan containers for 
nuclear and radiological materials in seaports worldwide and to better 
assess the risk of inbound containers.
    The initial phase of the SFI involves the deployment of a 
combination of existing technology and nuclear detection devices to 
three ports as per the requirements of the SAFE Port Act, but will also 
extend, in limited operation, to four additional foreign ports. This 
will provide a more complete analysis for SFI by including different 
operational and geographic settings at each port and will provide 
exposure of different models for future 100 percent scanning. SFI Phase 
I Ports include: Port Qasim, Pakistan; Port Cortes, Honduras; 
Southampton, United Kingdom; Port Salalah, Oman; Brani Terminal at Port 
of Singapore; Gamman Terminal at Port Busan, Korea; and the Modern 
Terminal in Hong Kong. SFI Phase I is currently on schedule to begin 
operations at the three ports required by the SAFE Port Act.
    This first phase will provide lessons learned on how this new, 
integrated technology can meld smoothly into the logistics, operations, 
and risk management process while complementing the flow of commerce at 
each different port. Additionally, this first phase of SFI will provide 
the partnering governments with a greater window into potentially 
dangerous shipments moving through their seaports. Secure Freight will 
provide carriers of maritime containerized cargo with greater 
confidence in the security of the shipment they are transporting, and 
it will increase the likelihood for shippers and terminal operators 
that the flow of commerce will be both uninterrupted and secure. SFI 
will use the latest scanning technology, however data analysis, using 
the Automated Targeting System, will continue to be our primary method 
in screening containers.
    The lessons learned and experience gained from Phase One represent 
critical steps in the process of determining whether the concept of 100 
percent overseas scanning is technologically and economically feasible 
and the degree to which it increases the security of the international 
supply chain.
    DHS will submit reports to Congress in February and April 2008 
detailing the progress made under SFI. These reports will also outline 
the successes and challenges associated with the implementation of 100 
percent scanning in foreign locations, including issues related to the 
availability, capabilities and efficiency of technology and equipment; 
the process of negotiations/discussions with host nation counterparts 
as well as foreign input and feedback; the impact on the movement of 
cargo through ports and across the global supply chain; the staffing 
and human capital requirements that will be necessary both abroad and 
domestically and numerous additional considerations.
Domestic Radiation Detection and Imaging
    The SAFE Port Act requires that a deployment strategy plan be 
developed for the placement of radiation portal monitors (RPMs) 
throughout the Nation's ports of entry. That plan has been submitted to 
Congress by the Department.
    CBP began deploying RPMs in October 2002, with the first deployment 
at the Ambassador Bridge in Detroit. Since that time, CBP and the 
Domestic Nuclear Detection Office (DNDO) have deployed over 1,000 RPMs 
at mail facilities, seaports, and land border crossings and will deploy 
the first RPM in the air cargo environment by the end of calendar year 
2007. Specifically, the SAFE Port Act mandates that all containers 
entering through the top 22 seaports be scanned for radiation. 
Currently, the Department has deployed radiation detection equipment to 
each of these 22 ports. Due to unique operational considerations at 
some of these ports, not every terminal within a port is currently 
equipped with such equipment. However, to satisfy the requirements of 
the SAFE Port Act and to further enhance port security, CBP and DNDO 
continue to work with these considerations, and by the end of this 
calendar year will scan approximately 98 percent of all containerized 
cargo at these 22 seaports.
    With the additional deployment of radiation scanning equipment, CBP 
currently scans 91 percent of the cargo and 81 percent of the passenger 
vehicles arriving from Canada; 97 percent of the cargo and 92 percent 
of the passenger vehicles arriving from Mexico, as well as 93 percent 
of arriving sea-borne cargo containers. To put this in perspective, 
just 18 months ago CBP was scanning 37 percent of arriving sea 
containers.
    Additionally, CBP has deployed over 1,000 Radiation Isotope 
Identifier Devices (RIID) and over 16,000 Personal Radiation Detectors 
(PRD). These devices allow CBP to inspect 100 percent of all identified 
high-risk cargo.
    Since CBP began scanning conveyances for radiation, over 195 
million conveyances have been scanned, and over 1.1 million alarms have 
been resolved. This is a tremendous workload, and the SAFE Port Act 
authorized 200 new CBP Officers in each of the next 5 years to help 
accomplish this mission. Furthermore, the Department is currently 
testing the next generation of radiation detection equipment known as 
Advanced Spectroscopic Portals at eight locations nationwide--at Piers 
A and J in Long Beach, at the APM and PNCT Terminals in Newark, at the 
Colombia and World Trade bridges in Laredo, at the Blue Water Bridge in 
Port Huron, and at the Fort Street crossing in Detroit. Future 
deployments of ASPs, pending Secretarial certification, will allow CBP 
to quickly differentiate between benign materials such as kitty litter 
or granite, while determining which shipments pose a true risk. This 
perfectly supports CBP's twin goals of increasing security while 
facilitating the flow of legitimate trade and people.
    In addition to the deployment of radiation detection equipment, CBP 
continues to deploy large scale imaging systems and has deployed 195 
large-scale gamma ray or x-ray imaging systems nationwide. NII 
technology serves as a force multiplier that allows officers to detect 
possible anomalies between the contents of the container and the 
manifest. In fact, well over 5.5 million scans using NII systems were 
conducted in FY07.
Automated Targeting System (ATS)
    CBP requires advanced electronic cargo information as mandated in 
the Trade Act of 2002 (including the 24-hour rule for maritime cargo). 
Advanced cargo information on all inbound shipments for all modes of 
transportation is effectively evaluated using the Automated Targeting 
System (ATS) before arrival in the United States. The SAFE Port Act 
requires CBP to seek additional data elements for ATS as well as to 
evaluate the entire system. CBP is complying with both these mandates.
    As a matter of background, ATS provides decision-support 
functionality for CBP officers working in Advanced Targeting Units 
(ATUs) at United States ports of entry and CSI foreign ports. The 
system provides uniform review of cargo shipments for identification of 
the highest risk shipments, and presents data in a comprehensive, 
flexible format to address specific intelligence threats and trends. 
ATS uses a rules-based program to highlight potential risk, patterns, 
and targets. Through rules, the ATS alerts the user to data that meets 
or exceeds certain predefined criteria. National targeting rule sets 
have been implemented in ATS to provide threshold targeting for 
national security risks for all modes: sea, truck, rail, and air.
    Working actively with the trade through the Departmental Advisory 
Committee on Commercial Operations (COAC), CBP has developed a new 
Security Filing in an effort to obtain additional advanced cargo 
information and enhance their ability to perform risk-based assessments 
prior to cargo being laden on a vessel overseas. The CBP proposal, 
better known as ``10 plus 2'' covers the following key areas:

   Ten unique data elements from importers not currently 
        provided to CBP 24 hours prior to the foreign loading of cargo;

   Two additional data elements provided by the carriers 
        including the Vessel Stow Plan, which is currently utilized by 
        the vessel industry to load and discharge containers, and the 
        Container Status Messaging, which is currently utilized by the 
        vessel industry to track the location of containers and provide 
        status notifications to shippers, consignees, and other related 
        parties.

    A Notice of Proposed Rulemaking (NPRM) is currently being 
developed. Obtaining additional information earlier in the process will 
increase the transparency of the global supply chain enabling the 
refinement of CBP's targeting processes and will provide additional 
information to make a more fully informed decision with respect to the 
risk of individual shipments.
    In addition to Security Filing, CBP continually monitors the 
performance of weight sets and uses data analysis to modify rules and 
weight sets in ATS. Since 2004, ATS has undergone independent audits 
from the GAO and the IG. Furthermore, CBP regularly reevaluates to 
improve the data sets in ATS. The Office of Field Operations National 
Targeting and Security (NTS) office and the Office of Information 
Technology Targeting and Analysis Systems Program Office (TASPO) have 
been working together to enhance the ATS Maritime rule set capabilities 
for ocean cargo targeting. Under the direction of the office of field 
operations (OFO), TASPO placed the updated rule sets into production on 
March 21, 2007, to conduct initial assessments. Since that time, OFO 
subject matter experts and members of the Maritime Targeting Working 
Group have provided feedback to NTS, which resulted in further 
refinements and enhancements to the maritime rule set. Currently NTS is 
modeling several versions of the new Country of Interest list to 
include iterations of different scores and scenarios to include entity 
concepts such as first time, unknown, and high volume. OFO is currently 
using the updated rule set for maritime threshold targeting.
Customs-Trade Partnership Against Terrorism (C-TPAT)
    Customs-Trade Partnership Against Terrorism (C-TPAT) is an integral 
part of the CBP multi-layered strategy. CBP works in partnership with 
the trade community to better secure goods moving through the 
international supply chain. C-TPAT has enabled CBP to leverage supply 
chain security overseas where CBP has no regulatory reach. Throughout 
2007, CBP has continued to expand and strengthen the C-TPAT program and 
ensure that certified member companies are fulfilling their commitment 
to the program by securing their goods moving across the international 
supply chain to the United States. To carry-out this critical tenet of 
C-TPAT, teams of Supply Chain Security Specialists (SCSS) will conduct 
validations and begin revalidations of C-TPAT members' supply chains to 
ensure security protocols are reliable, accurate, and effective.
    The SAFE Port Act not only legislatively recognized C-TPAT, but the 
Act also added greater accountability by mandating that certain program 
activities be completed within specific time-frames, and that greater 
program oversight be developed for the program. CBP began implementing 
such changes, which were first outlined in GAO reports from 2003 and 
2004, eighteen months prior to the passage of the Act and continues to 
make progress in this regard.
    Specifically, clearly defined minimum security criteria have been 
developed and implemented for the major enrollment sectors and will be 
completed for all current enrollment sectors by this fall. The SAFE 
Port Act requires CBP to work with the COAC to review and modify as 
appropriate these criteria on an annual basis, and they have done so. 
This program enhancement will be completed each year as part of the 
development of the C-TPAT annual plan, another SAFE Port Act 
requirement. CBP is finalizing revisions to the C-TPAT Strategic Plan, 
which was first published in December 2004.
    The SAFE Port Act also required CBP to review their certification 
processes for new members and make adjustments to strengthen this 
initial review if necessary. CBP has done so, and all new applications 
are being reviewed within 90 days.
    Additionally, the Act requires that all new certified members 
undergo their initial validation within 1 year of acceptance into the 
program and be revalidated every 4 years. In 2007, CBP's goal is to 
complete 3,000 validations. As a point of reference, CBP completed 133 
validations in 2003; 287 in 2004; 1,080 in 2005; and 2,398 in 2006. 
This is real progress, and it has been made possible by adding Supply 
Chain Security Specialists to the program.
    With current staffing levels, the C-TPAT program should fulfill its 
operational goals for both the 2007 and 2008 calendar years. With the 
projected level of validations and revalidations needed to be in 
compliance with the Act set at just less than 3,000 per year, the 
current staff of 150 SCSS's should be able to manage this workload. The 
SAFE Port Act mandates that all revalidations must occur within 4 years 
of the initial validation, while the FY07 DHS Appropriations Act called 
for revalidations to occur within 3 years of the initial validation. 
Thus, the C-TPAT program is moving forward on a 3 year revalidation 
model to ensure compliance.
    Projected revalidations alone will reach over 2,300 in 2009. The 
addition of Mexican Highway Carrier validations (done annually due to 
higher risk models) will add approximately 400. Further, required 
initial validations within 1 year of certification are being projected 
at 1,800. As a result, the final validation/revalidation totals needed 
would well exceed 4,000 for 2009 creating compliance issues with the 
current staffing numbers.
    However, an additional staffing of 50 SCSS's will be brought on 
board with the creation of two new offices, one in Buffalo, NY, to 
focus principally on Canadian membership, and an office in Houston, TX, 
to focus on Mexican enrollment. With the addition of this staff, 
expected by early calendar year 2008, the C-TPAT would again see 
compliance with SAFE Port Act mandated timelines.
    Working with COAC, CBP has also developed and implemented a pilot 
program using third parties to validate supply chains where CBP 
currently lacks full access. In May 2007, CBP selected 11 firms to act 
as validators in China as the Chinese government continues to deny 
access to CBP personnel wishing to conduct supply chain security 
validations. The Chinese Government has officially indicated that the 
matter is under review within their government, noting initially that 
the private sector in China may be reluctant to have C-TPAT validations 
conducted in-country. In an effort to show there was trade support for 
the process, CBP identified a certified C-TPAT partner that has 
significant business in China to demonstrate their willingness to 
participate in the validation process. Additionally, the CBP 
Commissioner and senior managers have traveled to China to discuss this 
matter with their counterparts in an effort to clarify the validation 
process as well as to offer a joint validation pilot involving five 
currently certified C-TPAT companies willing to participate. We have 
received no official response to this proposed project as of this date.
    Interest in the pilot program has thus far been minimal. Of the 
more than three hundred (300) C-TPAT importers that were invited to 
participate in this voluntary pilot in June, less than a dozen 
importers have opted to do so to date. The primary concerns expressed 
by C-TPAT members for not participating lie in the sharing of 
proprietary business and security data with a third party and with the 
costs associated with the validation, which, as outlined in the SAFE 
Port Act, must be incurred by the C-TPAT member.
Container Security Standards and Procedures
    CBP strongly supports and continues to seek opportunities to 
enhance supply chain security efforts, including enhancements to the 
security of the container. Indeed, securing the container is a critical 
part of a multi-layered approach to supply chain security. However, in 
order to establish minimum standards for container security, it is 
first necessary to ensure that there are available solutions that would 
significantly improve container security without significantly 
disrupting the flow of legitimate commerce. It should be noted that 
minimum security criteria for participants in the C-TPAT program do 
include a requirement that all C-TPAT importers must affix a high 
security seal to all loaded containers bound for the United States. 
These seals must meet or exceed the current ISO/PAS 17712 
specifications for high security seals. C-TPAT membership currently 
accounts for 46 percent of total importations into the U.S.
    Any technological solution would also need to be adopted as part of 
a broader supply chain security program. While CBP does not believe 
that, at the present time, the necessary technology exists for such 
solutions, CBP is working closely with the Department and is actively 
working with industry to test different technologies and methodologies 
that would provide economically and operationally viable enhancements 
to container security.
In-Bonds
    The SAFE Port Act also required CBP to submit a report on in-bond 
cargo no later than June 30, 2007. CBP apologizes for the lateness of 
this report, which is still undergoing review, and expects to have the 
report issued shortly.
    The final report includes a plan for closing in-bond entries at the 
port of arrival; an assessment of the personnel required to ensure 100 
percent reconciliation of in-bond entries between the port of arrival 
and the port of destination or exportation; an assessment of the status 
of investigations of overdue in-bond shipments and an evaluation of the 
resources required to ensure adequate investigation of overdue in-bond 
shipments; a plan for tracking in-bond cargo within the Automated 
Commercial Environment (ACE); an assessment of whether any particular 
technologies should be required in the transport of in-bond cargo; an 
assessment of whether ports of arrival should require any additional 
information regarding shipments of in-bond cargo; an evaluation of the 
criteria for targeting and examining in-bond cargo; and an assessment 
of the feasibility of reducing the transit time for in-bond shipments, 
including an assessment of the impact of such a change on domestic and 
international trade. In addition, CBP is in the process of utilizing 
the evaluation of in-bond criteria to assist in the creation of a 
weight set for use in ATS to further assist in the identification of 
potential in-bond diversion cargo shipments.
    CBP believes that the report is responsive to the concerns 
expressed by Congress, and a dedicated working group of experts has 
just concluded an in-depth review of the in-bond process and their 
recommendations will also address the report topics.
Office of International Trade
    The mandates of the SAFE Port Act and the actions of CBP 
intersected again when CBP formed the Office of International Trade in 
October 2006. The establishment of this office serves to strengthen 
CBP's ability to carry out our mission of facilitating the flow of 
legitimate trade across U.S. borders while securing the borders and 
protecting the American economy from unfair trade practices and illicit 
commercial enterprises. The Office of International Trade consolidates 
trade policy, program development, and compliance measurement functions 
into a single office, providing greater consistency within CBP with 
respect to its international trade programs and operations. In 
addition, CBP's close working relationship with the trade community, a 
hallmark of CBP's operations and programs, has been further enhanced. 
The new Office of International Trade is providing CBP and the Trade 
community with an organization that can effectively address the growing 
volume and complexities of international trade and is enabling us to 
successfully meet the challenges inherent in managing the balance of 
trade and security.
    In June 2007, to meet the Congressional requirements of the SAFE 
Port Act, CBP provided to Congress a resource optimization model (the 
``model'') for the commercial operations and revenue function. The 
objectives of the model are to: (1) optimally align the workforce to 
achieve management performance outcomes and goals; (2) adequately 
address risks inherent in the priority trade issues; and (3) comply 
with statutory requirements. The model has been designed to determine 
the right number and right mix of resources to facilitate legitimate 
trade while enforcing the trade laws.
    Additionally, in preparation of submitting a report on the 
reorganization into the Office of International Trade, CBP has been 
meeting regularly with the COAC subcommittee on the Office of 
International Trade. During this first year, the subcommittee has been 
working together to find mutually beneficially process improvements to 
facilitate legitimate trade, which in turn will assist CBP in its trade 
enforcement efforts.
Conclusion
    The steps that CBP is taking to implement the SAFE Port Act are and 
will be an extremely important aspect to the security of the Nation. 
Through the SAFE Port Act, Congress has recognized and bolstered many 
of our aggressive programs to enhance security while assuring the 
facilitation of legitimate trade. We appreciate the close cooperative 
relationship the Department of Homeland Security and CBP had with the 
House and Senate in the development of the Act, and we look forward to 
the continued interaction to promote our mission and ensure the safety 
of American citizens and commerce.

    Senator Lautenberg. Thank you very much. And now, Mr. 
Caldwell?

          STATEMENT OF STEPHEN L. CALDWELL, DIRECTOR,

             HOMELAND SECURITY AND JUSTICE ISSUES,

             U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Caldwell. Good morning, Senator Lautenberg, Senator 
Stevens and Senator Lott. Thank you very much for inviting me 
here today to talk about port security. By passing the SAFE 
Port Act one year ago, Congress basically approved the things 
agencies were doing but just wanted the things done better and 
faster. Given the wide scope of the SAFE Port Act and the 
details already provided in my statement and by the other 
witnesses, I'm going to focus my oral comments on the five 
areas where GAO is doing evaluations for this Committee.
    This work can be divided into two broad areas: Coast Guard 
work and Customs work. Let me start out with the Coast Guard 
work.
    Regarding port security operations, the Coast Guard, to its 
credit, has developed measurable requirements for its 
activities at the ports. These are activities such as boarding 
suspicious ships, escorting selected vessels, enforcing 
security zones and patrolling harbors. These requirements, part 
of the Coast Guard's Operation Neptune Shield, are scalable and 
can be increased as the MARSEC level increases.
    To meet these requirements with the limited resources the 
Coast Guard has, they have developed a strategy to selectively 
adjust some of their requirements, partner with State and local 
agencies, and analyze their resource needs constantly. 
Unfortunately, even with these strategies, some Coast Guard 
sectors are still having difficulties meeting their security 
requirements over a prolonged period of time.
    Regarding facilities--thousands of MTSA-regulated 
facilities have developed security plans. The Coast Guard has 
generally approved these plans and inspected these facilities 
once a year to ensure their compliance. However, the SAFE Port 
Act requires the Coast Guard to complete such inspections twice 
a year and to include at least one unannounced inspection.
    The Coast Guard faces three challenges as they ramp up 
inspections to meet this new requirement. First, the current 
method of conducting unannounced inspections varies 
considerably by sector so the Coast Guard is currently in the 
process to issue clear guidance on what constitutes an 
unannounced or spot check. Second, while the Coast Guard has 
trained hundreds of inspectors, many of these inspectors have 
now rotated to other positions and with the increased 
requirements, the Coast Guard is going to have to figure out 
exactly how many inspectors they're going to need, how to get 
them trained and get them in the right sectors. And then third, 
the Coast Guard needs to improve the current data that it keeps 
on inspections (that data is currently flawed) and then conduct 
some analysis of that data to better manage the program.
    Regarding inspection of foreign ports, the Coast Guard has 
a program in place to visit them and to evaluate their 
compliance with international security standards. The Coast 
Guard has currently visited about 109 of the 140 ports. The 
SAFE Port Act went on to require that each country be revisited 
within 3 years, creating a challenge for the Coast Guard to 
replace its current cadre of experienced inspectors with new 
ones needed to meet these new timelines.
    The Coast Guard faces other challenges in this program as 
well. The visits are set up through the sovereign host nation, 
which places some limitations on the Coast Guard in terms of 
where to visit and the scope of their visits. And even if this 
was not an issue, it's hard to assess maritime security for an 
entire country by relatively short visits to a select number of 
ports. In addition, some of the countries that are visited and 
have security problems are poor countries in Africa or the 
Caribbean, which lack the resources to fund and/or sustain 
needed improvements to port security.
    Now, I'll turn to the Customs programs to improve container 
security. We've reported twice on the CSI program and CBP has 
made continued progress in better managing that program. 
Similarly, we've reviewed the C-TPAT program twice and again, 
we've seen several improvements in the management of the 
program. We'll have full reports on both of those programs to 
the Committee later this year.
    One indication of the success for both CSI and C-TPAT, is 
that international organizations and other countries are 
currently in the process of adopting security regimes very 
similar to these two CBP programs.
    The biggest challenge ahead for CBP has to do with the 100 
percent scanning requirement that was in the 9/11 Act. While we 
have not done a detailed review of the 100 percent scanning 
requirement, the topic has come up repeatedly when we meet with 
various foreign officials and international organizations and 
we have visited two of the SFI pilot ports. Based on this 
preliminary work, we have identified a number of challenges, 
which are detailed in my written statement.
    Looking ahead, we will continue working with the agencies 
and with the Congress and this Committee to help you with 
oversight to keep our ports as secure as practical. Thank you 
very much.
    [The prepared statement of Mr. Caldwell follows:]

Prepared Statement of Stephen L. Caldwell, Director, Homeland Security 
       and Justice Issues, U.S. Government Accountability Office
    Mr. Chairman and Members of the Committee:
    I am pleased to be here today to discuss port and cargo security 
functions related to provisions of the Security and Accountability for 
Every Port Act (SAFE Port Act).\1\ The Nation's 361 seaports are the 
gateway for more than 80 percent of our foreign trade. Worldwide, some 
30 large ports, spread across North America, Asia, and Europe 
constitute the world's primary, interdependent trading web. Much of 
this trade--particularly high-value cargo--enters and leaves in cargo 
containers.
    In our post-9/11 environment, however, the potential security 
weaknesses presented by these economic gateways have become apparent. 
Sprawling, easily accessible by water and land, often close to urban 
areas, and containing facilities that represent opportunities for 
inflicting significant damage as well as causing economic mayhem, ports 
present potential terrorist targets. Further, they are potential 
conduits for weapons prepared elsewhere and concealed in cargo designed 
to move quickly to many locations beyond the ports themselves.
    Since the 9/11 attacks, Congress has established a new port 
security framework--much of which was set in place by the Maritime 
Transportation Security Act (MTSA) \2\. Enacted in November 2002, MTSA 
was designed, in part, to help protect the Nation's ports and waterways 
from terrorist attacks by requiring a wide range of security 
improvements. Among the major requirements included in MTSA were (1) 
conducting vulnerability assessments for port facilities and vessels; 
(2) developing security plans to mitigate identified risks for the 
national maritime system, ports, port facilities, and vessels; (3) 
developing the Transportation Worker Identification Credential (TWIC), 
a biometric identification card to help restrict access to secure areas 
to only authorized personnel; and (4) establishing of a process to 
assess foreign ports, from which vessels depart on voyages to the 
United States. The Department of Homeland Security (DHS)--itself a 
creation of the new security environment brought on by the 9/11 
attacks--administers much of this framework, which also attempts to 
balance security priorities with the need to facilitate legitimate 
trade.
    The SAFE Port Act, which was enacted in October 2006, is one of the 
latest additions to this port security framework. The Act made a number 
of adjustments to programs within this framework, creating additional 
programs or lines of effort and altering others. The SAFE Port Act 
created and codified new programs and initiatives, and amended some of 
the original provisions of MTSA. The SAFE Port Act included provisions 
that: (1) codified the Container Security Initiative (CSI) and the 
Customs-Trade Partnership Against Terrorism (C-TPAT), two programs 
administered by Customs and Border Protection (CBP) to help reduce 
threats associated with cargo shipped in containers; (2) required 
interagency operational centers where agencies organize to fit the 
security needs of the port area at selected ports; (3) set an 
implementation schedule and fee restrictions for TWIC; (4) required 
that all containers entering high volume U.S. ports be scanned for 
radiation sources by December 31, 2007; and (5) required additional 
data be made available to CBP for targeting cargo containers for 
inspection.\3\ This statement summarizes our recently completed and 
ongoing work for this Committee on these areas.
    Over the past several years, we have examined and reported on many 
of the programs in this new port security framework. This statement is 
designed both to provide an overview of what we have earlier reported 
about these programs and to describe, with the preliminary information 
available, what DHS is doing as a result of the SAFE Port Act 
requirements and the challenges the agency faces in doing so. This 
statement discusses three key areas and 18 programs, as shown in Table 
1.

  Table 1: Summary of Three Key Areas and 18 Programs in This Statement
------------------------------------------------------------------------
             Program                            Description
------------------------------------------------------------------------
Overall Port Security
Area Maritime Security            Committees consisting of key port
 Committees                        stakeholders who share information
                                   and develop port security plans.
Interagency Operational Centers   Command centers where agencies share
                                   information, coordinate their
                                   activities, and coordinate joint
                                   efforts.
Port security operations          Activities to maintain security and
                                   deter attacks, such as boat patrols
                                   and vessel escorts.
Area Maritime Security Plans      Plan laying out local port
                                   vulnerabilities, responsibilities,
                                   and some response actions.
Port security exercises           Exercises among various port
                                   stakeholders to test the
                                   effectiveness of port security plans.
Evaluations of security at        Coast Guard program where officers
 foreign ports                     visit and assess security conditions
                                   at foreign ports.
Port Facility Security
Port facility security plans      Plans that include, among other
                                   things, operational and physical
                                   security measures and procedures for
                                   responding to security threats.
Port facility security            Coast Guard reviews of port facility
 compliance monitoring             security plans and their compliance
                                   with such plans.
Transportation Worker             Biometric identification cards to be
 Identification Credential         issued to port workers to help secure
                                   access to areas of ports.
Background checks                 DHS requirements for persons who enter
                                   secure or restricted areas or
                                   transport hazardous cargo.
Container Security
Automated Targeting System        Risk-based decision system to
                                   determine cargo shipped in containers
                                   requiring inspection.
Customs In-Bond System            The in-bond system allows goods to
                                   transit the United States without
                                   officially entering U.S. commerce.
Container Security Initiative     Stationing CBP officers at foreign
                                   ports to help identify and inspect
                                   high-risk cargo to be shipped in
                                   containers destined for the United
                                   States.
Customs-Trade Partnership         Partnership between private companies
 Against Terrorism                 and CBP to improve international
                                   supply chain security.
Promoting Global Standards        Efforts to work with members of the
                                   customs and trade community on
                                   approaches to standardizing supply
                                   chain security.
Megaports Initiative              Radiation detection technology at
                                   foreign ports to stop the
                                   proliferation of weapons of mass
                                   destruction.
Secure Freight Initiative         Combines Container Security Initiative
                                   scanning with Megaports Initiative
                                   radiation detection at foreign ports.
100 Percent Container Scanning    Scanning by nonintrusive imaging and
 at Foreign Ports                  radiation detection equipment of all
                                   cargo containers at foreign ports
                                   inbound to the United States by 2012,
                                   with possible exceptions.
------------------------------------------------------------------------
Source: GAO.

    This statement is organized into three main areas, as follows:

   programs related to overall port security, such as those for 
        coordinating among stakeholders, conducting security 
        operations, developing security plans, and conducting exercises 
        to test security procedures;

   programs related specifically to security at individual 
        facilities, such as examining security measures and ensuring 
        that only properly cleared individuals have access to port 
        areas; and,

   programs related specifically to the international supply 
        chain and to cargo container security, such as screening 
        containers at ports both here and abroad and forming 
        partnerships with the private sector.

    This statement is based primarily on a body of work we completed in 
response to Congressional requests and mandates for analysis of 
maritime, port, and cargo security efforts of the Federal 
Government.\4\ In some cases, we provide preliminary observations from 
our ongoing work. Thus, the timeliness of the data that were the basis 
for our prior reporting varies depending on when our products were 
issued and the preliminary observations are subject to change as we 
complete our work.
    We conducted all of our work in accordance with generally accepted 
government auditing standards. To perform both our completed and 
ongoing work we visited several domestic and overseas ports; reviewed 
agency program documents, port security plans, and post-exercise 
reports, and other documents; and interviewed officials from the 
Federal, state, local, private, and international sectors. The 
officials were from a wide variety of port stakeholders to include 
Coast Guard, CBP, TSA, port authorities, terminal operators, vessel 
operators, foreign governments, and international organizations. While 
this body of work does not cover all the provisions of the SAFE Port 
Act, it does cover a wide range of these provisions as shown in Table 
1.
    We provided a draft of this testimony to DHS agencies and 
incorporated technical comments as appropriate.
Summary
    Regarding overall security at U.S. ports, Federal agencies have 
taken a number of steps to improve maritime security and implement many 
aspects of MTSA. The Coast Guard has established Area Maritime Security 
Committees (AMSCs) to coordinate activities and share information among 
the various stakeholders at specific ports. The Coast Guard also has 
local operations centers where it coordinates its activities. The SAFE 
Port Act requires that all high-priority ports have interagency 
operational centers.\5\ Given the capabilities and organization of its 
existing centers, the Coast Guard estimates it will cost $260 million 
to meet this requirement. The Coast Guard also conducts a number of 
operations at U.S. ports to deter and prevent terrorist attacks, such 
as harbor patrols or vessel escorts. While the Coast Guard has set 
specific requirements for the level of these activities, they are not 
always able to complete them at some ports due to resource constraints. 
The Coast Guard, in collaboration with the MTSA-required AMSCs, has 
written port-specific security plans to deter and respond to terrorist 
attacks--but these plans do not fully address recovery issues (e.g., 
how to reopen a port after an attack) and natural disasters (e.g., 
hurricanes or earthquakes). The Coast Guard, again in collaboration 
with the AMSCs, has sponsored exercises to test the port security 
plans. But the Coast Guard will face challenges expanding the program 
in line with SAFE Port Act requirements to include new scenarios and 
improve the communication of lessons learned during exercises. Finally, 
security in our own ports is dependent on security in foreign ports 
where vessels depart for the United States. The Coast Guard has 
implemented a MTSA-required program to work with foreign countries to 
inspect and strengthen security at their ports, but will likely face 
challenges in hiring and training sufficient staff to meet SAFE Port 
Act requirements to increase the frequency of such inspections. A 
related challenge is that many of the foreign countries that the Coast 
Guard has visited--to include several countries in the Caribbean 
Basin--are poor and lack the resources to make major improvements on 
their own.
    Regarding security at approximately 3,000 individual facilities, 
again Federal agencies and the facilities themselves have taken 
positive steps. In line with MTSA, facilities have written and 
implemented security plans and the Coast Guard has generally inspected 
such facilities to verify compliance and take enforcement actions where 
necessary. The SAFE Port Act increased the scope and frequency of these 
activities, doubling the frequency of Coast Guard inspections of 
facilities and requiring unannounced inspections. The Coast Guard told 
us that it is likely to face challenges in putting enough trained 
inspectors in place to meet the additional workload, especially since 
many experienced inspectors are scheduled to rotate to other duties. To 
control access to individual facilities at ports, MTSA required a 
program to develop secure and biometric Transportation Worker 
Identification Credentials (TWIC). Under the program, transportation 
workers would have to undergo background checks to receive TWIC cards. 
The SAFE Port Act established a July 1, 2007 milestone for the 
implementation of the TWIC program at the 10 highest risk ports. The 
Transportation Security Administration (TSA), the agency responsible 
for implementing TWIC, did not meet the July deadline, citing the need 
to conduct additional testing of the systems and technologies that will 
be used to enroll the estimated 770,000 workers that are required to 
obtain a TWIC card. Finally, while DHS has created the Screening 
Coordination Office (SCO) to better coordinate TWIC with other programs 
that require background checks, it will be challenged to fully 
coordinate all the DHS screening programs, ensuring that the cost and 
benefits of potentially eliminating or keeping different screening 
programs are properly considered, and coordinating with other Federal 
screening programs outside DHS.
    Regarding the security of cargo containers--which carry a large 
volume of the world's commerce through our ports--CBP has developed a 
layered security strategy to identify and inspect containers that may 
contain terrorist weapons of mass destruction. CBP has refined its 
Automated Targeting System (ATS) to better analyze shipping information 
and identify suspicious containers, though it does not have the most up 
to date information for certain containers--that transit beyond the 
ports as part of the in-bond system, which allows goods to transit the 
United States without officially entering U.S. commerce. CBP has 
expanded and improved the management of its Container Security 
Initiative (CSI) where the agency places U.S. customs officials in 
foreign ports to help target and inspect suspicious containers. 
Similarly, CBP has expanded and improved the management of its Customs-
Trade Partnership Against Terrorism (C-TPAT) where private companies 
agree to improve the security of their supply chains in exchange for 
reduced scrutiny over their shipments. The SAFE Port Act codified these 
two programs into law and required enhanced management and oversight of 
these programs. CBP is working to meet these new requirements, but our 
prior and ongoing work suggest that it may face challenges setting 
equipment standards and conducting validations of company practices. 
The Department of Energy (DOE) is expanding its Megaports program that 
complements CSI by providing foreign nations with radiation detection 
equipment to scan containers moving through their ports. The SAFE Port 
Act also required pilot programs to test new technologies or combine 
existing technologies to test the feasibility of scanning all U.S.-
bound containers overseas. More recent legislation required that all 
containers bound for the United States be scanned overseas by 2012 with 
possible extensions for individual ports. Our preliminary observations 
suggest this requirement potentially creates new challenges for CBP in 
terms of integrating this with existing programs, working with foreign 
governments, overcoming logistical barriers, testing new technology, 
determining resource requirements and responsibilities, and other 
issues.
    We have reviewed many of the MTSA and SAFE Port Act related 
programs and made prior recommendations to the appropriate agencies to 
develop strategic plans, better plan their use of human capital, 
establish performance measures, and otherwise improve the operations of 
these programs. In general, these agencies have concurred with our 
recommendations and are making progress implementing them.
Prior Actions Have Improved Port Security, but Issues Remain
    Port security overall has improved because of the development of 
organizations and programs such as AMSCs, Area Maritime Security Plans 
(area plans), maritime security exercises, and the International Port 
Security Program, but challenges to successful implementation of these 
efforts remain. Additionally, agencies may face challenges addressing 
the additional requirements directed by the SAFE Port Act, such as a 
provision that DHS establish interagency operational centers at all 
high-risk priority ports. AMSCs and the Coast Guard's sector command 
centers have improved information sharing, but the types and ways 
information is shared varies.\6\ Area plans, limited to security 
incidents, could benefit from unified planning to include an all-
hazards approach. Maritime security exercises would benefit from timely 
and complete after action reports, increased collaboration across 
Federal agencies, and broader port level coordination. The Coast 
Guard's International Port Security Program is currently evaluating the 
antiterrorism measures maintained at foreign seaports.
Area Maritime Security Committees Share Information and Coast Guard 
        Expands Interagency Operational Centers
    Two main types of forums have developed for agencies to coordinate 
and share information about port security: area committees and Coast 
Guard sector command centers. AMSCs serve as a forum for port 
stakeholders, facilitating the dissemination of information through 
regularly scheduled meetings, issuance of electronic bulletins, and 
sharing key documents. MTSA provided the Coast Guard with the authority 
to create AMSCs--composed of Federal, state, local, and industry 
members--that help to develop the area plan for the port. As of August 
2007, the Coast Guard had organized 46 AMSCs. As part of an ongoing 
effort to improve its awareness of the maritime domain, the Coast Guard 
developed 35 sector command centers, four of which operate in 
partnership with the U.S. Navy.\7\ Each has flexibility to assemble and 
operate in a way that reflects the needs of its port area, resulting in 
variations in the number of participants, the types of state and local 
organizations involved, and the way in which information is shared. 
Some examples of information shared includes assessments of 
vulnerabilities at specific port locations, information about potential 
threats or suspicious activities, and Coast Guard strategies intended 
for use in protecting key infrastructure.
    We have previously reported that both of these types of forums have 
helped foster cooperation and information-sharing.\8\ We further 
reported that AMSCs provided a structure to improve the timeliness, 
completeness, and usefulness of information sharing between Federal and 
nonFederal stakeholders. These committees improved upon previous 
information-sharing efforts because they established a formal structure 
and new procedures for sharing information. In contrast to AMSCs, the 
Coast Guard's sector command centers can provide continuous information 
about maritime activities and involve various agencies directly in 
operational decisions using this information. We have reported that 
these centers have improved information sharing, and the types of 
information and the way information is shared varies at these centers 
depending on their purpose and mission, leadership and organization, 
membership, technology, and resources.
    The SAFE Port Act called for establishment of interagency 
operational centers, directing the Secretary of DHS to establish such 
centers at all high-priority ports no later than 3 years after the 
Act's enactment. The Act required that the centers include a wide range 
of agencies and stakeholders and carry out specified maritime security 
functions. In addition to authorizing the appropriation of funds and 
requiring DHS to provide the Congress a proposed budget and cost-
sharing analysis for establishing the centers, the Act directed the new 
interagency operational centers to utilize the same compositional and 
operational characteristics of existing sector command centers. 
According to the Coast Guard, none of the 35 centers meets the 
requirements set forth in the SAFE Port Act. Nevertheless, the four 
centers the Coast Guard operates in partnership with the Navy are a 
significant step in meeting these requirements, according to a senior 
Coast Guard official. The Coast Guard is currently piloting various 
aspects of future interagency operational centers at existing centers 
and is also working with multiple interagency partners to further 
develop this project.\9\ DHS has submitted the required budget and 
cost-sharing analysis proposal, which outlines a 5-year plan for 
upgrading its centers into future interagency operations centers to 
continue to foster information sharing and coordination in the maritime 
domain. The Coast Guard estimates the total acquisition cost of 
upgrading 24 sectors that encompass the Nation's high priority ports 
into interagency operations centers will be approximately $260 million, 
to include investments in information system, sensor network, 
facilities upgrades and expansions. According to the Coast Guard, 
future interagency operations centers will allow the Coast Guard and 
its partners to use port surveillance with joined tactical and 
intelligence information, and share this data with port partners 
working side by side in expanded facilities.
    In our April 2007 testimony, we reported on various challenges the 
Coast Guard faces in its information sharing efforts.\10\ These 
challenges include obtaining security clearances for port security 
stakeholders and creating effective working relationships with clearly 
defined roles and responsibilities. In our past work, we found the lack 
of Federal security clearances among area committee members had been 
routinely cited as a barrier to information sharing.\11\ In turn, this 
inability to share classified information may limit the ability to 
deter, prevent, and respond to a potential terrorist attack. The Coast 
Guard, having lead responsibility in coordinating maritime information, 
has made improvements to its program for granting clearances to area 
committee members and additional clearances have been granted to 
members with a need to know as a result.\12\ In addition, the SAFE Port 
Act includes a specific provision requiring DHS to sponsor and expedite 
security clearances for participants in interagency operational 
centers. However, the extent to which these efforts will ultimately 
improve information sharing is not yet known. As the Coast Guard 
expands its relationships with multiple interagency partners, 
collaborating and sharing information effectively under new structures 
and procedures will be important. While some of the existing centers 
achieved results with existing interagency relationships, other high-
priority ports might face challenges establishing new working 
relationships among port stakeholders and implementing their own 
interagency operational centers. Finally, addressing potential 
overlapping responsibilities--such as leadership roles for the Coast 
Guard and its interagency partners--will be important to ensure that 
actions across the various agencies are clear and coordinated.
Operations to Provide Overall Port Security Face Resource Constraints
    As part of its operations, the Coast Guard has also imposed 
additional activities to provide overall port security. The Coast 
Guard's operations order, Operation Neptune Shield, first released in 
2003, specifies the level of security activities to be conducted. The 
order sets specific activities for each port; however, the amount of 
each activity is established based on the port's specific security 
concerns. Some examples of security activities include conducting 
waterborne security patrols, boarding high-interest vessels, escorting 
vessels into ports, and enforcing fixed security zones. When a port 
security level increases, the amount of activity the Coast Guard must 
conduct also increases.\13\ The Coast Guard uses monthly field unit 
reports to indicate how many of its security activities it is able to 
perform. Our review of these field unit reports indicates that many 
ports are having difficulty meeting their port security 
responsibilities, with resource constraints being a major factor. In an 
effort to meet more of its security requirements, the Coast Guard uses 
a strategy that includes partnering with other government agencies, 
adjusting its activity requirements, and acquiring resources. Despite 
these efforts, many ports are still having difficulty meeting their 
port security requirements. The Coast Guard is currently studying what 
resources are needed to meet certain aspects of its port security 
program, but to enhance the effectiveness of its port security 
operations, a more comprehensive study to determine all additional 
resources and changes to strategy to meet minimum security requirements 
may be needed. We will be issuing a report on this issue in the near 
future.
Area Plans Are in Place but Need to Address Recovery and Natural 
        Disasters
    Area plans--another MTSA requirement--and their specific provisions 
have been specified by regulation and Coast Guard directive. 
Implementing regulations for MTSA specified that area plans include, 
among other things, operational and physical security measures in place 
at the port under different security levels, details of the security 
incident command and response structure, procedures for responding to 
security threats including provisions for maintaining operations in the 
port, and procedures to facilitate the recovery of the marine 
transportation system after a security incident. A Coast Guard 
Navigation and Vessel Inspection Circular (NVIC) provided a common 
template for area plans and specified the responsibilities of port 
stakeholders under them.\14\ As of September 2007, 46 area plans are in 
place at ports around the country. The Coast Guard approved the plans 
by June 1, 2004, and MTSA requires that they be updated at least every 
5 years.
    The SAFE Port Act added a requirement to area plans, which 
specified that they include recovery issues by identifying salvage 
equipment able to restore operational trade capacity. This requirement 
was established to ensure that the waterways are cleared and the flow 
of commerce through United States ports is reestablished as efficiently 
and quickly as possible after a security incident. While the Coast 
Guard sets out the general priorities for recovery operations in its 
guidelines for the development of area plans, we have found that this 
guidance offers limited instruction and assistance for developing 
procedures to address recovery situations.
    The Maritime Infrastructure Recovery Plan (MIRP) recognizes the 
limited nature of the Coast Guard's guidance and notes the need to 
further develop recovery aspects of the area plans.\15\ The MIRP 
provides specific recommendations for developing the recovery sections 
of the area plans. The area plans that we reviewed often lacked 
recovery specifics and none had been updated to reflect the 
recommendations made in the MIRP. The Coast Guard is currently updating 
the guidance for the area plans and aims to complete the updates by the 
end of calendar year 2007 so that the guidance will be ready for the 
mandatory 5-year re-approval of the area plans in 2009. Coast Guard 
officials commented that any changes to the recovery section would need 
to be consistent with the national protocols developed for the SAFE 
Port Act.\16\ Additionally, related to recovery planning, the Coast 
Guard and CBP have developed specific interagency actions focused on 
response and recovery. This should provide the Coast Guard and CBP with 
immediate security options for the recovery of ports and commerce.
    Further, area plans generally do not address natural disasters 
(i.e., they do not have an all-hazards approach).\17\ In a March 2007 
report examining how ports are dealing with planning for natural 
disasters such as hurricanes and earthquakes, we noted that area plans 
cover security issues but not other issues that could have a major 
impact on a port's ability to support maritime commerce.\18\ As 
currently written, area plans are concerned with deterring and, to a 
lesser extent, responding to security incidents. We found, however, 
that unified consideration of all risks--natural and man-made--faced by 
a port may be beneficial. Because of the similarities between the 
consequences of terrorist attacks and natural or accidental disasters, 
much of the planning for protection, response, and recovery 
capabilities is similar across all emergency events. Combining 
terrorism and other threats can thus enhance the efficiency of port 
planning efforts. This approach also allows port stakeholders to 
estimate the relative value of different mitigation alternatives. The 
exclusion of certain risks from consideration, or the separate 
consideration of a particular type of risk, raises the possibility that 
risks will not be accurately assessed or compared, and that too many or 
too few resources will be allocated toward mitigation of a particular 
risk.
    As ports continue to revise and improve their planning efforts, 
available evidence indicates that by taking a systemwide approach and 
thinking strategically about using resources to mitigate and recover 
from all forms of disaster, ports will be able to achieve the most 
effective results. Area plans provide a useful foundation for 
establishing an all-hazards approach. While the SAFE Port Act does not 
call for expanding area plans in this manner, it does contain a 
requirement that natural disasters and other emergencies be included in 
the scenarios to be tested in the Port Security Exercise Program. On 
the basis of our prior work, we found there are challenges in using 
area committees and plans as the basis for broader all-hazards 
planning. These challenges include determining the extent that security 
plans can serve all-hazards purposes. We recommended that DHS encourage 
port stakeholders to use the existing security-oriented area committees 
and MTSA-required area plans to discuss all-hazards planning. DHS 
concurred with this recommendation.
Maritime Security Exercises Require a Broader Scope and Participation
    The Coast Guard Captain of the Port and the area committee are 
required by MTSA regulations to conduct or participate in exercises to 
test the effectiveness of area plans annually, with no more than 18 
months between exercises. These exercises--which have been conducted 
for the past several years--are designed to continuously improve 
preparedness by validating information and procedures in the area plan, 
identifying weaknesses and strengths, and practicing command and 
control within an incident command/unified command framework. In August 
2005, the Coast Guard and the TSA initiated the Port Security Training 
Exercise Program (PortSTEP)--an exercise program designed to involve 
the entire port community, including public governmental agencies and 
private industry, and intended to improve connectivity of various 
surface transportation modes and enhance area plans. Between August 
2005 and October 2007, the Coast Guard expected to conduct PortSTEP 
exercises for 40 area committees and other port stakeholders. 
Additionally, the Coast Guard initiated its own Area Maritime Security 
Training and Exercise Program (AMStep) in October 2005. This program 
was also designed to involve the entire port community in the 
implementation of the Area Maritime Security Plan (AMSP). Between the 
two programs, PortSTEP and AMStep, all Area Maritime Security 
Committees (AMSCs) have received a port security exercise each year 
since inception.
    The SAFE Port Act included several new requirements related to 
security exercises, such as establishing a Port Security Exercise 
Program to test and evaluate the capabilities of governments and port 
stakeholders to prevent, prepare for, mitigate against, respond to, and 
recover from acts of terrorism, natural disasters, and other 
emergencies at facilities that MTSA regulates. The Act also required 
the establishment of a port security exercise improvement plan process 
that would identify, disseminate, and monitor the implementation of 
lessons learned and best practices from port security exercises.
    Though we have not specifically examined compliance with these new 
requirements, our work in examining past exercises suggests that 
implementing a successful exercise program faces several 
challenges.\19\ These challenges include setting the scope of the 
program to determine how exercise requirements in the SAFE Port Act 
differ from area committee exercises that are currently performed. This 
is especially true for incorporating recovery scenarios into exercises. 
In this past work, we also found that Coast Guard terrorism exercises 
frequently focused on prevention and awareness, but often did not 
include recovery activities. According to the Coast Guard, with the 
recent emphasis on planning for recovery operations, it has held 
several exercises over the past year that have included in part, or 
solely, recovery activities. It will be important that future exercises 
also focus on recovery operations so public and private stakeholders 
can cover gaps that might hinder commerce after a port incident. Other 
long-standing challenges include completing after-action reports in a 
timely and thorough manner and ensuring that all relevant agencies 
participate. According to the Coast Guard, as the primary sponsor of 
these programs, it faces a continuing challenge in getting 
comprehensive participation in these exercises.
The Coast Guard Is Evaluating the Security of Foreign Ports, but Faces 
        Resource Challenges
    The security of domestic ports also depends upon security at 
foreign ports where cargoes bound for the United States originate. To 
help secure the overseas supply chain, MTSA required the Coast Guard to 
develop a program to assess security measures in foreign ports and, 
among other things, recommend steps necessary to improve security 
measures in those ports. The Coast Guard established this program, 
called the International Port Security Program, in April 2004. Under 
this program, the Coast Guard and host nations review the 
implementation of security measures in the host nations' ports against 
established security standards, such as the International Maritime 
Organization's International Ship and Port Facility Security (ISPS) 
Code.\20\ Coast Guard teams have been established to conduct country 
visits, discuss security measures implemented, and collect and share 
best practices to help ensure a comprehensive and consistent approach 
to maritime security in ports worldwide. The conditions of these 
visits, such as timing and locations, are negotiated between the Coast 
Guard and the host nation. Coast Guard officials also make annual 
visits to the countries to obtain additional observations on the 
implementation of security measures and ensure deficiencies found 
during the country visits are addressed.\21\
    Both the SAFE Port Act and other Congressional directions have 
called for the Coast Guard to increase the pace of its visits to 
foreign countries. Although MTSA did not set a time-frame for 
completion of these visits, the Coast Guard initially set a goal to 
visit the approximately 140 countries that conduct maritime trade with 
the United States by December 2008. In September 2006, the conference 
report accompanying the Fiscal Year 2007 DHS Appropriations Act 
directed the Coast Guard to ``double the amount'' at which it was 
conducting its visits.\22\ Subsequently, in October 2006, the SAFE Port 
Act required the Coast Guard to reassess security measures at the 
foreign ports every 3 years. Coast Guard officials said they will 
comply with the more stringent requirements and will reassess countries 
on a 2-year cycle. With the expedited pace, the Coast Guard now expects 
to assess all countries by March 2008, after which reassessments will 
begin.
    We are currently conducting a review of the Coast Guard's 
International Port Security Program that evaluates the Coast Guard's 
implementation of international enforcement programs. The report, 
expected to be issued in early 2008, will cover issues related to the 
program, such as the extent to which the program is using a risk-based 
approach in carrying out its work, what challenges the program faces as 
it moves forward, and the extent to which the observations collected 
during the country visits are used by other programs such as the Coast 
Guard's port state control inspections and high interest vessel 
boarding programs.
    As of September 2007, the Coast Guard reported that it has visited 
109 countries under this program and plans to visit another 29 more by 
March 2008.\23\ For the countries for which the Coast Guard has issued 
a final report, the Coast Guard reported that most had ``substantially 
implemented the security code,'' while a few countries were found to 
have not yet implemented the ISPS Code and will be subject to a 
reassessment or other sanctions. The Coast Guard also found several 
facilities needing improvements in areas such as access controls, 
communication devices, fencing, and lighting.
    While our review is still preliminary, Coast Guard officials told 
us that to plan and prepare for the next cycle of reassessments that 
are to begin next year, they are considering modifying their current 
visit methodology to incorporate a risk-based approach to prioritize 
the order and intensity of the next round of country visits. To do 
this, they have consulted with a contractor to develop an updated 
country risk prioritization model. Under the previous model, the 
priority assigned to a country for a visit was weighted heavily toward 
the volume of U.S. trade with that country. The new model being 
considered is to incorporate other factors, such as corruption and 
terrorist activity levels within the countries. Program officials told 
us that the details of this revised approach have yet to be finalized.
    Coast Guard officials told us that as they complete the first round 
of visits and move into the next phase of revisits, challenges still 
exist in implementing the program. One challenge identified was that 
the faster rate at which foreign ports will now be reassessed will 
require hiring and training new staff--a challenge the officials expect 
will be made more difficult because experienced personnel who have been 
with the program since its inception are being transferred to other 
positions as part of the Coast Guard's rotational policy. These 
officials will need to be replaced with newly assigned personnel.
    Reluctance by some countries to allow the Coast Guard to visit 
their ports due to concerns over sovereignty was another challenge 
cited by program officials in completing the first round of visits. 
According to these officials, before permitting Coast Guard officials 
to visit their ports, some countries insisted on visiting and assessing 
a sample of U.S. ports. The Coast Guard was able to accommodate their 
request through the program's reciprocal visit feature in which the 
Coast Guard hosts foreign delegations to visit U.S. ports and observe 
ISPS Code implementation in the United States. This subsequently helped 
gain the cooperation of the countries in hosting a Coast Guard visit to 
their own ports. However, as they begin to revisit countries as part of 
the program's next phase, program officials stated that sovereignty 
concerns may still be an issue. Some countries may be reluctant to host 
a comprehensive country visit on a recurring basis because they believe 
the frequency--once every 2 to 3 years--too high. Sovereignty also 
affects the conditions of the visits, such as timing and locations, 
because such visits are negotiated between the Coast Guard and the host 
nation. Thus the Coast Guard team making the visit could be precluded 
from seeing locations that are not in compliance.
    Another challenge program officials cite is having limited ability 
to help countries build on or enhance their capacity to implement the 
ISPS Code requirements. For example, the SAFE Port Act required that 
GAO report on various aspects of port security in the Caribbean Basin. 
We earlier reported that although the Coast Guard found that most of 
the countries had substantially implemented the ISPS Code, some 
facilities needed to make improvements or take additional measures.\24\ 
In addition, our discussions with facility operators and government 
officials in the region indicated that assistance--such as additional 
training--would help enhance their port security. Program officials 
stated that while their visits provide opportunities for them to 
identify potential areas to improve or help sustain the security 
measures put in place, other than sharing best practices or providing 
presentations on security practices, the program does not currently 
have the resources to directly assist countries with more in-depth 
training or technical assistance. To overcome this, program officials 
have worked with other agencies (e.g., the Departments of Defense and 
State) and international organizations (e.g., the Organization of 
American States) to secure funding for training and assistance to 
countries where port security conferences have been held (e.g., the 
Dominican Republic and the Bahamas). Program officials indicated that 
as part of reexamining the approach for the program's next phase, they 
will also consider possibilities to improve the program's ability to 
provide training and capacity building to countries when a need is 
identified.
Port Facility Security Efforts Continue, but Additional Evaluation 
        Is Needed
    To improve the security at individual facilities at ports, many 
long-standing programs are underway. However, new challenges to their 
successful implementation have emerged. The Coast Guard is required to 
conduct assessments of security plans and facility compliance 
inspections, but faces challenges in staffing and training to meet the 
SAFE Port Act's additional requirements such as the sufficiency of 
trained personnel and guidance to conduct facility inspections. TSA's 
TWIC program has addressed some of its initial program challenges, but 
will continue to face additional challenges as the program rollout 
continues. Many steps have been taken to ensure that transportation 
workers are properly screened, but redundancies in various background 
checks have decreased efficiency and highlighted the need for increased 
coordination.
The Coast Guard's Compliance Monitoring of Maritime Facilities 
        Identifies 
        Deficiencies, but Program Effectiveness Overall Has Not Been 
        Evaluated
    MTSA and its implementing regulations required owners and operators 
of certain maritime facilities (e.g., power stations, chemical 
manufacturing facilities, and refineries that are located on waterways 
and receive foreign vessels) to conduct assessments of their security 
vulnerabilities, develop security plans to mitigate these 
vulnerabilities, and implement measures called for in the security 
plans by July 1, 2004. Under the Coast Guard regulations, these plans 
are to include items such as measures for access control, responses to 
security threats, and drills and exercises to train staff and test the 
plan.\25\ The plans are ``performance-based,'' meaning that the Coast 
Guard has specified the outcomes it is seeking to achieve and has given 
facilities responsibility for identifying and delivering the measures 
needed to achieve these outcomes.
    Under MTSA, Coast Guard guidance calls for the Coast Guard to 
conduct one on-site facility inspection annually to verify continued 
compliance with the plan. The SAFE Port Act, enacted in 2006, required 
the Coast Guard to conduct at least two inspections--one of which was 
to be unannounced--of each facility annually. We currently have ongoing 
work that reviews the Coast Guard's oversight strategy under MTSA and 
SAFE Port Act requirements. The report, expected later this year, will 
cover, among other things, the extent to which the Coast Guard has met 
its inspection requirements and found facilities to be in compliance 
with its security plans, the sufficiency of trained inspectors and 
guidance to conduct facility inspections, and aspects of the Coast 
Guard's overall management of its MTSA facility oversight program, 
particularly documenting compliance activities.
    Our work is preliminary. However, according to our analysis of 
Coast Guard records and statements from officials, the Coast Guard 
seems to have conducted facility compliance exams annually at most--but 
not all--facilities. Redirection of staff to a higher-priority mission, 
such as Hurricane Katrina emergency operations, may have accounted for 
some facilities not having received an annual exam. The Coast Guard 
also conducted a number of unannounced inspections--about 4,500 in 
2006, concentrated in around 1,200 facilities--prior to the SAFE Port 
Act's passage. According to officials we spoke with, the Coast Guard 
selected facilities for unannounced inspection based on perceived risk 
and inspection convenience (e.g., if inspectors were already at the 
facility for another purpose). The Coast Guard has identified facility 
plan compliance deficiencies in about one-third of facilities inspected 
each year, and the deficiencies identified are concentrated in a small 
number of categories (e.g., failure to follow the approved plan for 
ensuring facility access control, recordkeeping, or meeting facility 
security officer requirements). We are still in the process of 
reviewing the data Coast Guard uses to document compliance activities 
and will have additional information in our forthcoming report.
    Sectors we visited reported having adequate guidance and staff for 
conducting consistent compliance exams, but until recently, little 
guidance on conducting unannounced inspections, which are often 
incorporated into work while performing other mission tasks. Lacking 
guidance on unannounced inspections, the process for conducting one 
varied considerably in the sectors we visited. For example, inspectors 
in one sector found the use of a telescope effective in remotely 
observing facility control measures (such as security guard 
activities), but these inspectors primarily conduct unannounced 
inspections as part of vehicle patrols. Inspectors in another sector 
conduct unannounced inspections at night, going up to the security gate 
and querying personnel about their security knowledge (e.g., knowledge 
of high-security level procedures). As we completed our fieldwork, the 
Coast Guard issued a Commandant message with guidance on conducting 
unannounced inspections. This message may provide more consistency, but 
how the guidance will be applied and its impact on resource needs 
remain uncertain. Coast Guard officials said they plan to revise their 
primary circular on facility oversight by February 2008. They are also 
planning to revise MTSA regulations to conform to SAFE Port Act 
requirements in 2009 (in time for the reapproval of facility security 
plans) but are behind schedule.
    We recommended in June 2004 that the Coast Guard evaluate its 
compliance inspection efforts taken during the initial 6-month period 
after July 1, 2004, and use the results to strengthen its long-term 
strategy for ensuring compliance.\26\ The Coast Guard agreed with this 
recommendation. Nevertheless, based on our ongoing work, it appears 
that the Coast Guard has not conducted a comprehensive evaluation of 
its oversight program to identify strengths or target areas for 
improvement after 3 years of program implementation. Our prior work 
across a wide range of public and private-sector organizations shows 
that high-performing organizations continuously assess their 
performance with information about results based on their 
activities.\27\ For decisionmakers to assess program strategies, 
guidance, and resources, they need accurate and complete data 
reflecting program activities. We are currently reviewing the accuracy 
and completeness of Coast Guard compliance data and will report on this 
issue later this year.
TSA Has Made Progress in Implementing the TWIC Program, but Key 
        Deadline Has Been Missed as TSA Evaluates Test Program
    The Secretary of DHS was required by MTSA to, among other things, 
issue a Transportation Worker Identification Card that uses biometrics, 
such as fingerprints, to control access to secure areas of seaports and 
vessels. TSA had already initiated a program to create an 
identification credential that could be used by workers in all modes of 
transportation when MTSA was enacted. This program, called the TWIC 
program, is designed to collect personal and biometric information to 
validate workers' identities, conduct background checks on 
transportation workers to ensure they do not pose a threat to security, 
issue tamper-resistant biometric credentials that cannot be 
counterfeited, verify these credentials using biometric access control 
systems before a worker is granted unescorted access to a secure area, 
and revoke credentials if disqualifying information is discovered, or 
if a card is lost, damaged, or stolen. TSA, in partnership with the 
Coast Guard, is focusing initial implementation on the maritime sector.
    We have previously reported on the status of this program and the 
challenges that it faces.\28\ Most recently, we reported that TSA has 
made progress in implementing the TWIC program and addressing problems 
we previously identified regarding contract planning and oversight and 
coordination with stakeholders.\29\ For example, TSA reported that it 
added staff with program and contract management expertise to help 
oversee the contract and developed plans for conducting public outreach 
and education efforts.
    The SAFE Port Act required TSA to implement TWIC at the 10 highest-
risk ports by July 1, 2007, conduct a pilot program to test TWIC access 
control technologies in the maritime environment; issue regulations 
requiring TWIC card readers based on the findings of the pilot; and 
periodically report to Congress on the status of the program. However, 
TSA did not meet the July 1 deadline, citing the need to conduct 
additional testing of the systems and technologies that will be used to 
enroll the estimated 770,000 workers that will be required to obtain a 
TWIC card. According to TSA officials, the agency plans to complete 
this testing and begin enrolling workers at the Port of Wilmington in 
October 2007, and begin enrolling workers at additional ports soon 
thereafter. TSA is also in the process of conducting a pilot program to 
test TWIC access control technologies in the maritime environment that 
will include a variety of maritime facilities and vessels in multiple 
geographic locations. According to TSA, the results of the pilot 
program will help the agency issue future regulations that will require 
the installation of access control systems necessary to read the TWIC 
cards.
    It is important that TSA establish clear and reasonable time-frames 
for implementing TWIC as the agency begins enrolling workers and 
issuing TWIC cards in October. TSA could face additional challenges as 
the TWIC implementation progresses; these include monitoring the 
effectiveness of contract planning and oversight. TSA has developed a 
quality assurance surveillance plan with performance metrics that the 
enrollment contractor must meet to receive payment. The agency has also 
taken steps to strengthen government oversight of the TWIC contract by 
adding staff with program and contract management expertise. However, 
the effectiveness of these steps will not be clear until implementation 
of the TWIC program begins. Ensuring a successful enrollment process 
for the program presents another challenge. According to TSA, the 
agency has made communication and coordination top priorities by taking 
actions such as establishing a TWIC stakeholder communication committee 
and requiring the enrollment contractor to establish a plan for 
coordinating and communicating with all stakeholders who will be 
involved in the program. Finally, TSA will have to address access 
control technologies to ensure that the program is implemented 
effectively. It will be important that TSA's TWIC access control 
technology pilot ensure that these technologies work effectively in the 
maritime environment before facilities and vessels will be required to 
implement them.
DHS Working to Coordinate Multiple Background Check Programs for 
        Transportation Workers
    Since the terrorist attacks on September 11, the Federal Government 
has taken steps to ensure that transportation workers, many of whom 
transport hazardous materials or have access to secure areas in 
locations such as ports, are properly screened to ensure they do not 
pose a security risk. Concerns have been raised, however, that 
transportation workers may face a variety of background checks, each 
with different standards. In July 2004, the 9/11 Commission reported 
that having too many different biometric standards, travel facilitation 
systems, credentialing systems, and screening requirements hampers the 
development of information crucial for stopping terrorists from 
entering the country, is expensive, and is inefficient.\30\ The 
Commission recommended that a coordinating body raise standards, 
facilitate information-sharing, and survey systems for potential 
problems. In August 2004, Homeland Security Presidential Directive 11 
announced a new U.S. policy to ``implement a coordinated and 
comprehensive approach to terrorist-related screening--in immigration, 
law enforcement, intelligence, counterintelligence, and protection of 
the border, transportation systems, and critical infrastructure--that 
supports homeland security, at home and abroad.''
    DHS components have begun a number of their own background check 
initiatives. For example, in January 2007, TSA determined that the 
background checks required for three other DHS programs satisfied the 
background check requirement for the TWIC program.\31\ That is, an 
applicant who has already undergone a background check in association 
with any of these three programs does not have to undergo an additional 
background check and pays a reduced fee to obtain a TWIC card. 
Similarly, the Coast Guard plans to consolidate four credentials and 
require that all pertinent information previously submitted by an 
applicant at a Coast Guard Regional Examination Center will be 
forwarded by the center to TSA through the TWIC enrollment process.
    In April 2007, we completed a study of DHS background check 
programs as part of a SAFE Port Act requirement to do so.\32\ We found 
that the six programs we reviewed were conducted independently of one 
another, collected similar information, and used similar background 
check processes. Further, each program operated separate enrollment 
facilities to collect background information and did not share it with 
the other programs. We also found that DHS did not track the number of 
workers who, needing multiple credentials, were subjected to multiple 
background check programs. Because DHS is responsible for a large 
number of background check programs, we recommended that DHS ensure 
that its coordination plan includes implementation steps, time-frames, 
and budget requirements; discusses potential costs/benefits of program 
standardization; and explores options for coordinating and aligning 
background checks within DHS and other Federal agencies.
    DHS concurred with our recommendations and continues to take 
steps--both at the department level and within its various agencies--to 
consolidate, coordinate, and harmonize such background check 
programs.\33\ At the department level, DHS created SCO in July 2006 to 
coordinate DHS background check programs. SCO is in the early stages of 
developing its plans for this coordination. In December 2006, SCO 
issued a report identifying common problems, challenges, and needed 
improvements in the credentialing programs and processes across the 
department. The office awarded a contract in April 2007 that will 
provide the methodology and support for developing an implementation 
plan to include common design and comparability standards and related 
milestones to coordinate DHS screening and credentialing programs. 
Since April 2007, DHS and SCO signed a contract to produce three 
deliverables to align its screening and credentialing activities, set a 
method and time-frame for applying a common set of design and 
comparability standards, and eliminate redundancy through 
harmonization. These three deliverables are as follows:

   Credentialing framework: A framework completed in July 2007 
        that describes a credentialing life-cycle of registration and 
        enrollment, eligibility vetting and risk assessment, issuance, 
        expiration and revocation, and redress. This framework was to 
        incorporate risk-based levels or criteria, and an assessment of 
        the legal, privacy, policy, operational, and technical 
        challenges.

   Technical review: An assessment scheduled for completion in 
        October 2007 is to be completed by the contractor in 
        conjunction with the DHS Office of the Chief Information 
        Officer. This is to include a review of the issues present in 
        the current technical environment and the proposed future 
        technical environment needed to address those issues, and 
        provide recommendations for targeted investment reuse and key 
        target technologies.

   Transition plan: A plan scheduled to be completed in 
        November 2007 is to outline the projects needed to actualize 
        the framework, including identification of major activities, 
        milestones, and associated timeline and costs.

    Stakeholders in this effort include multiple components of DHS and 
the Departments of State and Justice.
    In addition, the DHS Office of the Chief Information Officer (CIO) 
and the Director of SCO issued a memo in May 2007 to promote 
standardization across screening and credentialing programs. In this 
memo, DHS indicated that: (1) programs requiring the collection and use 
of fingerprints to vet individuals will use the Automated Biometric 
Identification System (IDENT); (2) these programs are to reuse existing 
or currently planned and funded infrastructure for the intake of 
identity information to the greatest extent possible; (3) its CIO is to 
establish a procurement plan to ensure that the department can handle a 
large volume of automated vetting from programs currently in the 
planning phase; and (4) to support the sharing of databases and 
potential consolidation of duplicative applications, the Enterprise 
Data Management Office is currently developing an inventory of 
biographic data assets that DHS maintains to support identity 
management and screening processes.
    While continuing to consolidate, coordinate, and harmonize 
background check programs, DHS will likely face additional challenges, 
such as ensuring that its plans are sufficiently complete without being 
overly restrictive, and lack of information regarding the potential 
costs and benefits associated with the number of redundant background 
checks. SCO will be challenged to coordinate DHS's background check 
programs in such a way that any common set of standards developed to 
eliminate redundant checks meets the varied needs of all the programs 
without being so strict that it unduly limits the applicant pool or so 
intrusive that potential applicants are unwilling to take part. Without 
knowing the potential costs and benefits associated with the number of 
redundant background checks that harmonization would eliminate, DHS 
lacks the performance information that would allow its program managers 
to compare their program results with goals. Thus, DHS cannot be 
certain where to target program resources to improve performance. As we 
recommended, DHS could benefit from a plan that includes, at a minimum, 
a discussion of the potential costs and benefits associated with the 
number of redundant background checks that would be eliminated through 
harmonization.
Container Security Programs Continue to Expand and Mature, but New 
        Challenges Emerge
    Through the development of strategic plans, human capital 
strategies, and performance measures, several container security 
programs have been established and matured. However, these programs 
continue to face technical and management challenges in implementation. 
As part of its layered security strategy, CBP developed the Automated 
Targeting System as a decision-support tool to assess the risks of 
individual cargo containers. ATS is a complex mathematical model that 
uses weighted rules that assign a risk score to each arriving shipment 
based on shipping information (e.g., manifests, bills of lading, and 
entry data). Although the program has faced quality assurance 
challenges from its inception, CBP has made significant progress in 
addressing these challenges. CBP's in-bond program does not collect 
detailed information at the U.S. port of arrival that could aid in 
identifying cargo posing a security risk and promote the effective use 
of inspection resources. In the past, CSI has lacked sufficient staff 
to meet program requirements. C-TPAT has faced challenges with 
validation quality and management in the past, in part due to its rapid 
growth. The Department of Energy's (DOE) Megaports Initiative faces 
ongoing operational and technical challenges in the installation and 
maintenance of radiation detection equipment at ports. In addition, 
implementing the Secure Freight Initiative and the 9/11 Commission Act 
of 2007 presents additional challenges for the scanning of cargo 
containers inbound to the United States.
Management of the Automated Targeting System Has Improved
    CBP is responsible for preventing terrorists and weapons of mass 
destruction from entering the United States. As part of this 
responsibility, CBP addresses the potential threat posed by the 
movement of oceangoing cargo containers. To perform this mission, CBP 
officers at seaports utilize officer knowledge and CBP automated 
systems to assist in determining which containers entering the country 
will undergo inspections, and then perform the necessary level of 
inspection of each container based upon risk. To assist in determining 
which containers are to be subjected to inspection, CBP uses a layered 
security strategy that attempts to focus resources on potentially risky 
cargo shipped in containers while allowing other ocean going containers 
to proceed without disrupting commerce. ATS is one key element of this 
strategy. CBP uses ATS as a decision-support tool to review 
documentation, including electronic manifest information submitted by 
the ocean carriers on all arriving shipments, and entry data submitted 
by brokers to develop risk scores that help identify containers for 
additional inspection.\34\ CBP requires the carriers to submit manifest 
information 24 hours prior to a United States-bound sea container being 
loaded onto a vessel in a foreign port. CBP officers use these scores 
to help them make decisions on the extent of documentary review or 
additional inspection as required.
    We have conducted several reviews of ATS and made recommendations 
for its improvement.\35\ Consistent with these recommendations, CBP has 
implemented a number of important internal controls for the 
administration and implementation of ATS.\36\ For example, CBP (1) has 
established performance metrics for ATS, (2) is manually comparing the 
results of randomly conducted inspections with the results of 
inspections resulting from ATS analysis of the shipment data, and (3) 
has developed and implemented a testing and simulation environment to 
conduct computer-generated tests of ATS. Since our last report on ATS, 
the SAFE Port Act required that the CBP Commissioner take additional 
actions to further improve ATS. These requirements included steps such 
as (1) having an independent panel review the effectiveness and 
capabilities of ATS; (2) considering future iterations of ATS that 
would incorporate smart features; \37\ (3) ensuring that ATS has the 
capability to electronically compare manifest and other available data 
to detect any significant anomalies and facilitate their resolution; 
(4) ensuring that ATS has the capability to electronically identify, 
compile, and compare select data elements following a maritime 
transportation security incident; and (5) developing a schedule to 
address recommendations made by GAO and the Inspectors General of the 
Department of the Treasury and DHS.
CBP's Management of the In-Bond Cargo System Impedes Efforts to Manage 
        Security Risks
    CBP's in-bond system--which allows goods to transit the United 
States without officially entering U.S. commerce--must balance the 
competing goals of providing port security, facilitating trade, and 
collecting trade revenues. However, we have earlier reported that CBP's 
management of the system has impeded efforts to manage security risks. 
Specifically, CBP does not collect detailed information on in-bond 
cargo at the U.S. port of arrival that could aid in identifying cargo 
posing a security risk and promote effective use of inspection 
resources.\38\
    The in-bond system is designed to facilitate the flow of trade 
throughout the United States and is estimated to be widely used. The 
U.S. customs system allows cargo to move from the U.S. arrival port, 
without appraisal or payment of duties to another U.S. port for 
official entry into U.S. commerce or for exportation.\39\ In-bond 
regulations currently permit bonded carriers from 15 to 60 days, 
depending on the mode of shipment, to reach their final destination and 
allow them to change a shipment's final destination without notifying 
CBP. The in-bond system allows the trade community to avoid congestion 
and delays at U.S. seaports whose infrastructure has not kept pace with 
the dramatic growth in trade volume. In-bond facilitates trade by 
allowing importers and shipping agents the flexibility to move cargo 
more efficiently. Using the number of in-bond transactions reported by 
CBP for the 6-month period of October 2004 to March 2005, we found over 
6.5 million in-bond transactions were initiated nationwide. Some CBP 
port officials have estimated that in-bond shipments represent from 30 
percent to 60 percent of goods received at their ports.\40\
    As discussed earlier in this testimony, CBP uses manifest 
information it receives on all cargo arriving at U.S. ports (including 
in-bond cargo) as input for ATS scoring to aid in identifying security 
risks and setting inspection priorities. For regular cargo, the ATS 
score is updated with more detailed information as the cargo makes 
official entry at the arrival port. For in-bond cargo, the ATS scores 
generally are not updated until these goods move from the port of 
arrival to the destination port for official entry into United States 
commerce, or not updated at all for cargo that is intended to be 
exported.\41\ As a result, in-bond goods might transit the United 
States without having the most accurate ATS risk score.
    Entry information frequently changes the ATS score for in-bond 
goods.\42\ For example, CBP provided data for four major ports 
comparing the ATS score assigned to in-bond cargo at the port of 
arrival based on the manifest to the ATS score given after goods made 
official entry at the destination port.\43\ These data show that for 
the four ports, the ATS score based on the manifest information stayed 
the same an average of 30 percent of the time after being updated with 
entry information, ATS scores increased an average of 23 percent of the 
time and decreased an average of 47 percent of the time. A higher ATS 
score can result in higher priority being given to cargo for inspection 
than otherwise would be given based solely on the manifest information. 
A lower ATS score can result in cargo being given a lower priority for 
inspection and potentially shift inspection resources to cargo deemed a 
higher security risk. Without having the most accurate ATS score, in-
bond goods transiting the United States pose a potential security 
threat because higher-risk cargo may not be identified for inspection 
at the port of arrival. In addition, scarce inspection resources may be 
misdirected to in-bond goods that a security score based on better 
information might have shown did not warrant inspection.
    We earlier recommended that the Commissioner of CBP take action in 
three areas to improve the management of the in-bond program, which 
included collecting and using improved information on in-bond shipments 
to update the ATS score for in-bond movements at the arrival port and 
enable better informed decisions affecting security, trade and revenue 
collection.\44\ DHS agreed with most of our recommendations.\45\ 
According to CBP, they are in the process of developing an in-bond 
weight set to be utilized to further identify cargo posing a security 
risk. The weight set is being developed based on expert knowledge, 
analysis of previous in-bond seizures, and creation of rules based on 
in-bond concepts.
    The SAFE Port Act of 2006 contains provisions related to securing 
the international cargo supply chain, including provisions related to 
the movement of in-bond cargo. Specifically, it requires that CBP 
submit a report to several Congressional committees on the in-bond 
system that includes an assessment of whether ports of arrival should 
require additional information for in-bond cargo, a plan for tracking 
in-bond cargo in CBP's Automated Commercial Environment information 
system, and assessment of the personnel required to ensure 
reconciliation of in-bond cargo between arrival port and destination 
port. The report must also contain an assessment of the feasibility of 
reducing transit time while traveling in-bond, and an evaluation of the 
criteria for targeting and examining in-bond cargo. Although the report 
was due June 30, 2007, CBP has not yet finalized the report and 
released it to Congress.
The CSI Program Continues to Mature, but Addressing SAFE Port Act 
        Requirements Adds New Challenges
    CPB initiated its CSI program to detect and deter terrorists from 
smuggling weapons of mass destruction (WMD) via cargo containers before 
they reach domestic seaports in January 2002. The SAFE Port Act 
formalized the CSI program into law. Under CSI, foreign governments 
sign a bilateral agreement with CBP to allow teams of U.S. customs 
officials to be stationed at foreign seaports to identify cargo 
container shipments at risk of containing WMD. CBP personnel use 
automated risk assessment information and intelligence to target and 
identify those at risk containing WMD. When a shipment is determined to 
be high risk, CBP officials refer it to host government officials who 
determine whether to examine the shipment before it leaves their 
seaport for the United States. In most cases, host government officials 
honor the U.S. request by examining the referred shipments with 
nonintrusive inspection equipment and, if they deem necessary, by 
opening the cargo containers to physically search the contents 
inside.\46\ CBP planned to have a total of 58 seaports by the end of 
Fiscal Year 2007.
    Our 2003 and 2005 reports on the CSI program found both successes 
and challenges faced by CBP in implementing the program.\47\ Since our 
last CSI report in 2005, CBP has addressed some of the challenges we 
identified and has taken steps to improve the CSI program. 
Specifically, CBP contributed to the Strategy to Enhance International 
Supply Chain Security that DHS issued in July 2007, which addressed a 
SAFE Port Act requirement and filled an important gap--between broad 
national strategies and program-specific strategies, such as for CSI--
in the strategic framework for maritime security that has evolved since 
9/11. In addition, in 2006 CBP issued a revised CSI strategic plan for 
2006 to 2011, which added three critical elements that we had 
identified in our April 2005 report as missing from the plan's previous 
iteration. In the revised plan, CBP described how performance goals and 
measures are related to CSI objectives, how CBP evaluates CSI program 
operations, and what external factors beyond CBP's control could affect 
program operations and outcomes. Also, by expanding CSI operations to 
58 seaports by the end of September 2007, CBP would have met its 
objective of expanding CSI locations and program activities. CBP 
projected that at the end of Fiscal Year 2007 between 85 and 87 percent 
of all U.S.-bound shipments in containers will pass through CSI ports 
where the risk level of the container cargo is assessed and the 
contents are examined as deemed necessary.
    Although CBP's goal is to review information about all U.S.-bound 
containers at CSI seaports for high-risk contents before the containers 
depart for the United States, we reported in 2005 that the agency has 
not been able to place enough staff at some CSI ports to do so.\48\ 
Also, the SAFE Port Act required DHS to develop a human capital 
management plan to determine adequate staffing levels in U.S. and CSI 
ports. CBP has developed a human capital plan, increased the number of 
staff at CSI ports, and provided additional support to the deployed CSI 
staff by using staff in the United States to screen containers for 
various risk factors and potential inspection. With these additional 
resources, CBP reports that manifest data for all U.S.-bound container 
cargo are reviewed using ATS to determine whether the container is at 
high risk of containing WMD. However, the agency faces challenges in 
ensuring that optimal numbers of staff are assigned to CSI ports due in 
part to its reliance on placing staff overseas at CSI ports without 
systematically determining which functions could be performed overseas 
and which could be performed domestically.
    Also, in 2006 CBP improved its methods for conducting onsite 
evaluations of CSI ports, in part by requiring CSI teams at the 
seaports to demonstrate their proficiency at conducting program 
activities and by employing electronic tools designed to assist in the 
efficient and systematic collection and analysis of data to help in 
evaluating the CSI team's proficiency. In addition, CBP continued to 
refine the performance measures it uses to track the effectiveness of 
the CSI program by streamlining the number of measures it uses to six, 
modifying how one measure is calculated to address an issue we 
identified in our April 2005 report; and developing performance targets 
for the measures. We are continuing to review these assessment 
practices as part of our ongoing review of the CSI program, and expect 
to report on the results of this effort shortly.
    Similar to our recommendation in a previous CSI report, the SAFE 
Port Act called upon DHS to establish minimum technical criteria for 
the use of nonintrusive inspection equipment in conjunction with CSI. 
The Act also directs DHS to require that seaports receiving CSI 
designation operate such equipment in accordance with these criteria 
and with standard operating procedures developed by DHS. CBP officials 
stated that their agency faces challenges in implementing this 
requirement due to sovereignty issues and the fact that the agency is 
not a standard setting organization, either for equipment or for 
inspections processes or practices. However, CBP has developed minimum 
technical standards for equipment used at domestic ports and the World 
Customs Organization (WCO) \49\ had described issues--not standards--to 
consider when procuring inspection equipment. Our work suggests that 
CBP may face continued challenges establishing equipment standards and 
monitoring host government operations, which we are also examining in 
our ongoing review of the CSI program.
C-TPAT Continues to Expand and Mature, but Management Challenges Remain
    CBP initiated C-TPAT in November 2001 to complement other maritime 
security programs as part of the agency's layered security strategy. In 
October 2006, the SAFE Port Act formalized C-TPAT into law. C-TPAT is a 
voluntary program that enables CBP officials to work in partnership 
with private companies to review the security of their international 
supply chains and improve the security of their shipments to the United 
States. In return for committing to improve the security of their 
shipments by joining the program, C-TPAT members receive benefits that 
result in the likelihood of reduced scrutiny of their shipments, such 
as a reduced number of inspections or shorter wait times for their 
shipments. CBP uses information about C-TPAT membership to adjust risk-
based targeting of these members shipments in ATS. As of July 2007, CBP 
had certified more than 7,000 companies that import goods via cargo 
containers through U.S. seaports--which accounted for approximately 45 
percent of all U.S. imports--and validated the security practices of 78 
percent of these certified participants.
    We reported on the progress of the C-TPAT program in 2003 and 2005 
and recommended that CBP develop a strategic plan and performance 
measures to track the program's status in meeting its strategic 
goals.\50\ DHS concurred with these recommendations. The SAFE Port Act 
also mandated that CBP develop and implement a 5-year strategic plan 
with outcome-based goals and performance measures for C-TPAT. CBP 
officials stated that they are in the process of updating their 
strategic plan for C-TPAT, which was issued in November 2004, for 2007 
to 2012. This updated plan is being reviewed within CBP, but a time-
frame for issuing the plan has not been established. We recommended in 
our March 2005 report that CBP establish performance measures to track 
its progress in meeting the goals and objectives established as part of 
the strategic planning process.\51\ Although CBP has since put 
additional performance measures in place, CBP's efforts have focused on 
measures regarding program participation and facilitating trade and 
travel. CBP has not yet developed performance measures for C-TPAT's 
efforts aimed at ensuring improved supply chain security, which is the 
program's purpose.
    In our previous work, we acknowledged that the C-TPAT program holds 
promise as part of a layered maritime security strategy. However, we 
also raised a number of concerns about the overall management of the 
program. Since our past reports, the C-TPAT program has continued to 
mature. The SAFE Port Act mandated that actions--similar to ones we had 
recommended in our March 2005 report--be taken to strengthen the 
management of the program. For example, the Act included a new goal 
that CBP make a certification determination within 90 days of CBP's 
receipt of a C-TPAT application, validate C-TPAT members' security 
measures and supply chain security practices within 1 year of their 
certification, and revalidate those members no less than once in every 
4 years. As we recommended in our March 2005 report, CBP has developed 
a human capital plan and implemented a records management system for 
documenting key program decisions. CBP has addressed C-TPAT staffing 
challenges by increasing the number of supply chain security 
specialists from 41 in 2005 to 156 in 2007.
    In February 2007, CBP updated its resource needs to reflect SAFE 
Port Act requirements, including that certification, validation, and 
revalidation processes be conducted within specified time-frames. CBP 
believes that C-TPAT's current staff of 156 supply chain security 
specialists will allow it to meet the Act's initial validation and 
revalidation goals for 2007 and 2008. If an additional 50 specialists 
authorized by the Act are made available by late 2008, CBP expects to 
be able to stay within compliance of the Act's time-frame requirements 
through 2009. In addition, CBP developed and implemented a centralized 
electronic records management system to facilitate information storage 
and sharing and communication with C-TPAT partners. This system--known 
as the C-TPAT Portal--enables CBP to track and ascertain the status of 
C-TPAT applicants and partners to ensure that they are certified, 
validated, and revalidated within required time-frames. As part of our 
ongoing work, we are reviewing the data captured in Portal, including 
data needed by CBP management to assess the efficiency of C-TPAT 
operations and to determine compliance with its program requirements. 
These actions--dedicating resources to carry out certification and 
validation reviews and putting a system in place to track the 
timeliness of these reviews--should help CBP meet several of the 
mandates of the SAFE Port Act. We expect to issue a final report 
documenting results of this work shortly.
    Our 2005 report raised concerns about CBP granting benefits 
prematurely--before CBP had validated company practices. Related to 
this, the SAFE Port Act codified CBP's policy of granting graduated 
benefits to C-TPAT members. Instead of granting new members full 
benefits without actual verification of their supply chain security, 
CBP implemented three tiers to grant companies graduated benefits based 
on CBP's certification and validation of their security practices. Tier 
1 benefits--a limited reduction in the score assigned in ATS--are 
granted to companies upon certification that their written description 
of their security profile meets minimum security criteria. Companies 
whose security practices CBP validates in an on-site assessment receive 
Tier 2 benefits that may include reduced scores in ATS, reduced cargo 
examinations, and priority searches of cargo. If CBP's validation shows 
sustained commitment by a company to security practices beyond what is 
expected, the company receives Tier 3 benefits. Tier 3 benefits may 
include expedited cargo release at U.S. ports at all threat levels, 
further reduction in cargo examinations, priority examinations, and 
participation in joint incident management exercises.
    Our 2005 report also raised concerns about whether the validation 
process was rigorous enough. Similarly, the SAFE Port Act mandates that 
the validation process be strengthened, including setting a year time-
frame for completing validations. CBP initially set a goal of 
validating all companies within their first 3 years as C-TPAT members, 
but the program's rapid growth in membership made the goal 
unachievable. CBP then moved to a risk-based approach to selecting 
members for validation, considering factors such as a company's having 
foreign supply chain operations in a known terrorist area or involving 
multiple foreign suppliers. CBP further modified its approach to 
selecting companies for validation to achieve greater efficiency by 
conducting ``blitz'' operations to validate foreign elements of 
multiple members' supply chains in a single trip. Blitz operations 
focus on factors such as C-TPAT members within a certain industry, 
supply chains within a certain geographic area, or foreign suppliers to 
multiple C-TPAT members. Risks remain a consideration, according to 
CBP, but the blitz strategy drives the decision of when a member 
company will be validated. In addition to taking these actions to 
efficiently conduct validations, CBP has periodically updated the 
minimum security requirements that companies must meet to be validated 
and is conducting a pilot program of using third-party contractors to 
conduct validation assessments. As part of our ongoing work, we are 
reviewing these actions, which are required as part of the SAFE Port 
Act, and other CBP efforts to enhance its C-TPAT validation process.
CBP Has Played a Key Role in Promoting Global Customs Security 
        Standards and Initiatives, but Progress with These Efforts 
        Presents New Challenges for CSI and C-TPAT
    The CSI and C-TPAT programs have provided a model for global 
customs security standards, but as other countries adopt the core 
principles of CSI and programs similar to C-TPAT, CBP may face new 
challenges. Foreign officials within the World Customs Organization and 
elsewhere have observed the CSI and C-TPAT programs as potential models 
for enhancing supply chain security. Also, CBP has taken a lead role in 
working with members of the domestic and international customs and 
trade community on approaches to standardizing supply chain security 
worldwide. As CBP has recognized, and we have previously reported, in 
security matters the United States is not self-contained, in either its 
problems or its solutions. The growing interdependence of nations 
requires policymakers to recognize the need to work in partnerships 
across international boundaries to achieve vital national goals.
    For this reason, CBP has committed through its strategic planning 
process to develop and promote an international framework of standards 
governing customs-to-customs relationships and customs-to-business 
relationships in a manner similar to CSI and C-TPAT, respectively. To 
achieve this, CBP has worked with foreign customs administrations 
through the WCO to establish a framework creating international 
standards that provide increased security of the global supply chain 
while facilitating international trade. The member countries of the 
WCO, including the United States, adopted such a framework, known as 
the WCO Framework of Standards to Secure and Facilitate Global Trade 
and commonly referred to as the SAFE Framework, in June 2005. The SAFE 
Framework internationalizes the core principles of CSI in creating 
global standards for customs security practices and promotes 
international customs-to-business partnership programs, such as C-TPAT. 
As of September 11, 2007, 148 WCO member countries had signed Letters 
of Intent to implement the SAFE Framework. CBP, along with the customs 
administrations of other countries and through the WCO, provides 
technical assistance and training to those countries that want to 
implement the SAFE Framework, but do not yet have the capacity to do 
so.
    The SAFE Framework enhances the CSI program by promoting the 
implementation of CSI-like customs security practices, including the 
use of electronic advance information requirements and risk-based 
targeting, in both CSI and non-CSI ports worldwide. The framework also 
lays the foundation for mutual recognition, an arrangement whereby one 
country can attain a certain level of assurance about the customs 
security standards and practices and business partnership programs of 
another country. In June 2007, CBP entered into the first mutual 
recognition arrangement of a business-to-customs partnership program 
with the New Zealand Customs Service. This arrangement stipulates that 
members of one country's business-to-customs program be recognized and 
receive similar benefits from the customs service of the other country. 
CBP is pursuing similar arrangements with Jordan and Japan, and is 
conducting a pilot program with the European Commission to test 
approaches to achieving mutual recognition and address differences in 
their respective programs. However, the specific details of how the 
participating counties' customs officials will implement the mutual 
recognition arrangement--such as what benefits, if any, should be 
allotted to members of other countries' C-TPAT like programs--have yet 
to be determined. As CBP goes forward, it may face challenges in 
defining the future of its CSI and C-TPAT programs and, more 
specifically, in managing the implementation of mutual recognition 
arrangements, including articulating and agreeing to the criteria for 
accepting another country's program; the specific arrangements for 
implementation, including the sharing of information; and the actions 
for verification, enforcement; and, if necessary, termination of the 
arrangement.
DOE Continues to Expand Its Megaports Program
    The Megaports Initiative, initiated by DOE's National Nuclear 
Security Administration in 2003, represents another component in the 
efforts to prevent terrorists from smuggling WMD in cargo containers 
from overseas locations. The goal of this initiative is to enable 
foreign government personnel at key foreign seaports to use radiation 
detection equipment to screen shipping containers entering and leaving 
these ports, regardless of the containers' destination, for nuclear and 
other radioactive material that could be used against the United States 
or its allies. DOE installs radiation detection equipment, such as 
radiation portal monitors and handheld radioactive isotope 
identification devices, at foreign seaports that is then operated by 
foreign government officials and port personnel working at these ports.
    Through August 2007, DOE had completed installation of radiation 
detection equipment at eight ports: Rotterdam, the Netherlands; 
Piraeus, Greece; Colombo, Sri Lanka; Algeciras, Spain; Singapore; 
Freeport, Bahamas; Manila, Philippines; and Antwerp, Belgium (Phase I). 
Operational testing is under way at four additional ports: Antwerp, 
Belgium (Phase II); Puerto Cortes, Honduras; Qasim, Pakistan; and Laem 
Chabang, Thailand. Additionally, DOE has signed agreements to begin 
work and is in various stages of implementation at ports in 12 other 
countries, including the United Kingdom, United Arab Emirates/Dubai, 
Oman, Israel, South Korea, China, Egypt, Jamaica, the Dominican 
Republic, Colombia, Panama, and Mexico, as well as Taiwan and Hong 
Kong. Several of these ports are also part of the Secure Freight 
Initiative, discussed in the next section. Further, in an effort to 
expand cooperation, DOE is engaged in negotiations with approximately 
20 additional countries in Europe, Asia, the Middle East, and Latin 
America.
    DOE had made limited progress in gaining agreements to install 
radiation detection equipment at the highest priority seaports when we 
reported on this program in March 2005.\52\ Then, the agency had 
completed work at only two ports and signed agreements to initiate work 
at five others. We also noted that DOE's cost projections for the 
program were uncertain, in part because they were based on DOE's $15 
million estimate for the average cost per port. This per port cost 
estimate may not be accurate because it was based primarily on DOE's 
radiation detection assistance work at Russian land borders, airports, 
and seaports and did not account for the fact that the costs of 
installing equipment at individual ports vary and are influenced by 
factors such as a port's size, physical layout, and existing 
infrastructure. Since our review, DOE has developed a strategic plan 
for the Megaports Initiative and revised it's per port estimates to 
reflect port size, with per port estimates ranging from $2.6 million to 
$30.4 million.
    As we earlier reported, DOE faces several operational and technical 
challenges specific to installing and maintaining radiation detection 
equipment at foreign ports as the agency continues to implement its 
Megaports Initiative. These challenges include ensuring the ability to 
detect radioactive material, overcoming the physical layout of ports 
and cargo-stacking configurations, and sustaining equipment in port 
environments with high winds and sea spray.
Secure Freight Initiative Testing Feasibility of Combining Scanning 
        Technologies
    The SAFE Port Act required that a pilot program--known as the 
Secure Freight Initiative (SFI)--be conducted to determine the 
feasibility of 100 percent scanning of U.S.-bound containers. To 
fulfill this requirement, CBP and DOE jointly announced the formation 
of SFI in December 2006, as an effort to build upon existing port 
security measures by enhancing the U.S. Government's ability to scan 
containers for nuclear and radiological materials overseas and better 
assess the risk of inbound containers. In essence, SFI builds upon the 
CSI and Megaports programs. The SAFE Port Act specified that new 
integrated scanning systems that couple nonintrusive imaging equipment 
and radiation detection equipment must be pilot-tested. It also 
required that, once fully implemented, the pilot integrated scanning 
system scan 100 percent of containers destined for the United States 
that are loaded at pilot program ports.
    According to agency officials, the initial phase of the initiative 
will involve the deployment of a combination of existing container 
scanning technology--such as X-ray and gamma ray scanners used by host 
nations at CSI ports to locate high-density objects that could be used 
to shield nuclear materials, inside containers--and radiation detection 
equipment. The ports chosen to receive this integrated technology are: 
Port Qasim in Pakistan, Puerto Cortes in Honduras, and Southampton in 
the United Kingdom. Four other ports located in Hong Kong, Singapore, 
the Republic of Korea, and Oman will receive more limited deployment of 
these technologies as part of the pilot program. According to CBP, 
containers from these ports will be scanned for radiation and other 
risk factors before they are allowed to depart for the United States. 
If the scanning systems indicate that there is a concern, both CSI 
personnel and host country officials will simultaneously receive an 
alert and the specific container will be inspected before that 
container continues to the United States. CBP officials will determine 
which containers are inspected, either on the scene locally or at CBP's 
National Targeting Center.
    Per the SAFE Port Act, CBP is to report by April 2008 on, among 
other things, the lessons learned from the SFI pilot ports and the need 
for and the feasibility of expanding the system to other CSI ports. 
Every 6 months thereafter, CBP is to report on the status of full-scale 
deployment of the integrated scanning systems to scan all containers 
bound for the United States before their arrival.
New Requirement for 100 Percent Scanning Introduces New Challenges
    Recent legislative actions have updated U.S. maritime security 
requirements and may affect overall international maritime security 
strategy. In particular, the recently enacted Implementing 
Recommendations of the 9/11 Commission Act (9/11 Act) requires, by 
2012, 100 percent scanning of U.S.-bound cargo containers using 
nonintrusive imaging equipment and radiation detection equipment at 
foreign seaports. The Act also specifies conditions for potential 
extensions beyond 2012 if a seaport cannot meet that deadline. 
Additionally, it requires the Secretary of DHS to develop technological 
and operational standards for scanning systems used to conduct 100 
percent scanning at foreign seaports. The Secretary also is required to 
ensure that actions taken under the Act do not violate international 
trade obligations and are consistent with the WCO SAFE Framework. The 
9/11 Act provision replaces the requirement of the SAFE Port Act that 
called for 100 percent scanning of cargo containers before their 
arrival in the United States, but required implementation as soon as 
possible rather than specifying a deadline. While we have not yet 
reviewed the implementation of the 100 percent scanning requirement, we 
have a number of preliminary observations based on field visits of 
foreign ports regarding potential challenges CBP may face in 
implementing this requirement:

   CBP may face challenges balancing new requirement with 
        current international risk management approach. CBP may have 
        difficulty requiring 100 percent scanning while also 
        maintaining a risk-based security approach that has been 
        developed with many of its international partners. Currently, 
        under the CSI program, CBP uses automated targeting tools to 
        identify containers that pose a risk for terrorism for further 
        inspection before being placed on vessels bound for the United 
        States. As we have previously reported, using risk management 
        allows for reduction of risk against possible terrorist attack 
        to the Nation given resources allocated and is an approach that 
        has been accepted government-wide. Furthermore, many U.S. and 
        international customs officials we have spoken to, including 
        officials from the World Customs Organization, have stated that 
        the 100 percent scanning requirement is contrary to the SAFE 
        Framework developed and implemented by the international 
        customs community, including CBP. The SAFE Framework, based on 
        CSI and C-TPAT, calls for a risk management approach, whereas 
        the 9/11 Act calls for the scanning of all containers 
        regardless of risk.

   United States may not be able to reciprocate if other 
        countries request it. The CSI program, whereby CBP officers are 
        placed at foreign seaports to target cargo bound for the United 
        States, is based on a series of bilateral, reciprocal 
        agreements with foreign governments. These reciprocal 
        agreements also allow foreign governments the opportunity to 
        place customs officials at U.S. seaports and request inspection 
        of cargo containers departing from the United States and bound 
        for their home country. Currently, customs officials from 
        certain countries are stationed at domestic seaports and agency 
        officials have told us that CBP has inspected 100 percent of 
        containers that these officials have requested for inspection. 
        According to CBP officials, the SFI pilot, as an extension of 
        the CSI program, allows foreign officials to ask the United 
        States to reciprocate and scan 100 percent of cargo containers 
        bound for those countries. Although the Act establishing the 
        100 percent scanning requirement does not mention reciprocity, 
        CBP officials have told us that the agency does not have the 
        capacity to reciprocate should it be requested to do so, as 
        other government officials have indicated they might when this 
        provision of the 9/11 Act is in place.

   Logistical feasibility is unknown and may vary by port. Many 
        ports may lack the space necessary to install additional 
        equipment needed to comply with the requirement to scan 100 
        percent of U.S.-bound containers. Additionally, we observed 
        that scanning equipment at some seaports is located several 
        miles away from where cargo containers are stored, which may 
        make it time consuming and costly to transport these containers 
        for scanning. Similarly, some seaports are configured in such a 
        way that there are no natural bottlenecks that would allow for 
        equipment to be placed such that all outgoing containers can be 
        scanned and the potential to allow containers to slip by 
        without scanning may be possible. Transshipment cargo 
        containers--containers moved from one vessel to another--are 
        only available for scanning for a short period of time and may 
        be difficult to access. Similarly, it may be difficult to scan 
        cargo containers that remain on board a vessel as it passes 
        through a foreign seaport. CBP officials told us that currently 
        containers such as these that are designated as high-risk at 
        CSI ports are not scanned unless specific threat information is 
        available regarding the cargo in that particular container.

   Technological maturity is unknown. Integrated scanning 
        technologies to test the feasibility of scanning 100 percent of 
        U.S.-bound cargo containers are not yet operational at all 
        seaports participating in the pilot program, known as SFI. The 
        SAFE Port Act requires CBP to produce a report regarding the 
        program, which will include an evaluation of the effectiveness 
        of scanning equipment at the SFI ports. However, this report 
        will not be due until April 2008. Moreover, agency officials 
        have stated that the amount of bandwidth necessary to transmit 
        scanning equipment outputs to CBP officers for review exceeds 
        what is currently feasible and that the electronic 
        infrastructure necessary to transmit these outputs may be 
        limited at some foreign seaports. Additionally, there are 
        currently no international standards for the technical 
        capabilities of inspection equipment. Agency officials have 
        stated that CBP is not a standard setting organization and has 
        limited authority to implement standards for sovereign foreign 
        governments.

   Resource responsibilities have not been determined. The 9/11 
        Act does not specify who would pay for additional scanning 
        equipment, personnel, computer systems, or infrastructure 
        necessary to establish 100 percent scanning of U.S.-bound cargo 
        containers at foreign ports. According to the Congressional 
        Budget Office (CBO) in its analysis of estimates for 
        implementing this requirement, this provision would neither 
        require nor prohibit the U.S. Federal Government from bearing 
        the cost of conducting scans. For the purposes of its analysis, 
        CBO assumed that the cost of acquiring, installing, and 
        maintaining systems necessary to comply with the 100 percent 
        scanning requirement would be borne by foreign ports to 
        maintain trade with the United States. However, foreign 
        government officials we have spoken to expressed concerns 
        regarding the cost of equipment. They also stated that the 
        process for procuring scanning equipment may take years and can 
        be difficult when trying to comply with changing U.S. 
        requirements. These officials also expressed concern regarding 
        the cost of additional personnel necessary to: (1) operate new 
        scanning equipment; (2) view scanned images and transmit them 
        to the United States; and (3) resolve false alarms. An official 
        from one country with whom we met told us that, while his 
        country does not scan 100 percent of exports, modernizing its 
        customs service to focus more on exports required a 50 percent 
        increase in personnel, and other countries trying to implement 
        the 100 percent scanning requirement would likely have to 
        increase the size of their customs administrations by at least 
        as much.

   Use and ownership of data have not been determined. The 9/11 
        Act does not specify who will be responsible for managing the 
        data collected through 100 percent scanning of U.S.-bound 
        containers at foreign seaports. However, the SAFE Port Act 
        specifies that scanning equipment outputs from SFI will be 
        available for review by U.S. Government officials either at the 
        foreign seaport or in the United States. It is not clear who 
        would be responsible for collecting, maintaining, 
        disseminating, viewing or analyzing scanning equipment outputs 
        under the new requirement. Other questions to be resolved 
        include ownership of data, how proprietary information would be 
        treated, and how privacy concerns would be addressed.

    CBP officials have indicated they are aware that challenges exist. 
They also stated that the SFI will allow the agency to determine 
whether these challenges can be overcome. According to senior officials 
from CBP and international organizations we contacted, 100 percent 
scanning of containers may divert resources, causing containers that 
are truly high risk to not receive adequate scrutiny due to the sheer 
volume of scanning outputs that must be analyzed. These officials also 
expressed concerns that 100 percent scanning of U.S.-bound containers 
could hinder trade, leading to long lines and burdens on staff 
responsible for viewing images. However, given that the SFI pilot 
program has only recently begun, it is too soon to determine how the 
100 percent scanning requirement will be implemented and its overall 
impact on security.
Agency Comments
    We provided a draft of this testimony to DHS agencies and 
incorporated technical comments as appropriate.
    Mr. Chairman and Members of the Committee, this completes my 
prepared statement. I will be happy to respond to any questions that 
you or other Members of the Committee have at this time.
Endnotes
    \1\ Pub. L. 109-347, 120 Stat. 1884 (2006).
    \2\ Pub. L. 107-295, 116 Stat. 2064 (2002).
    \3\ The Implementing Recommendations of the 9/11 Commission Act of 
2007 amended a SAFE Port Act provision on scanning all United States 
bound containers at foreign ports. See Pub. L. 110-53,  1701(a), 121 
Stat. 266, 489-90. This amendment is discussed later in this testimony.
    \4\ A list of related GAO products may be found at the end of this 
testimony.
    \5\ The SAFE Port Act did not define ``high-priority ports,'' but 
the Coast Guard identified a number of factors that it used in 
determining which ports are high-priority, including risk assessment 
data, port criticality ratings, and existing investments in facilities.
    \6\ The Coast Guard has implemented a new field command structure 
that is designed to unify previously disparate Coast Guard units, such 
as air stations and marine safety offices, into 35 different integrated 
commands, called sector command centers. At each of these sectors, the 
Coast Guard has placed management and operational control of these 
units and their associated resources under the same commanding officer.
    \7\ The Coast Guard shares some responsibilities with the U.S. Navy 
at four of these locations. These centers are located in Hampton Roads, 
Virginia; Jacksonville, Florida; San Diego, California; and Seattle, 
Washington.
    \8\ See GAO, Maritime Security: New Structures Have Improved 
Information Sharing, but Security Clearance Processing Requires Further 
Attention, GAO-05-394 (Washington, D.C.: Apr. 15, 2005); Maritime 
Security: Enhancements Made, but Implementation and Sustainability 
Remain Key Challenges, GAO-05-448T (Washington, D.C.: May 17, 2005); 
Maritime Security: Information-Sharing Efforts Are Improving, GAO-06-
933T (Washington, D.C.: July 10, 2006).
    \9\ According to the Coast Guard, these multiple interagency 
partners include Customs and Border Protection, Immigration and Customs 
Enforcement, Department of Defense, the Secure Border Initiative 
Network (SBInet) Program Office, and State and local partners. A center 
located in Charleston, South Carolina is managed by the Department of 
Justice. It was created through an appropriation in the Fiscal Year 
2003 Consolidated Appropriations Resolution (Pub. L. 108-7, 117 Stat. 
11,53 (2003.)).
    \10\ Maritime Security: Observations on Selected Aspects of the 
SAFE Port Act. GAO-07-754T. April 26, 2007.
    \11\ See GAO, Maritime Security: Information-Sharing Efforts Are 
Improving, GAO-06-933T (Washington, D.C.: July 10, 2006); Maritime 
Security: New Structures Have Improved Information Sharing, but 
Security Clearance Processing Requires Further Attention, GAO-05-394 
(Washington, D.C.: Apr. 15, 2005).
    \12\ In July 2007, the Coast Guard reported having granted security 
clearances to 212 area committee members with a need to know, which is 
an improvement from July 2006, when we reported 188 out of 467 members 
had received a security clearance to date.
    \13\ The Coast Guard uses a three-tiered system of Maritime 
Security (MARSEC) levels consistent with DHS's Homeland Security 
Advisory System (HSAS). MARSEC levels are designed to provide a means 
to easily communicate pre-planned scalable responses to increased 
threat levels.
    \14\ NVICs provide detailed guidance about enforcement or 
compliance with certain Coast Guard safety regulations and programs. 
NVIC 9-02, most recently revised on October 27, 2005, detailed 
requirements for area plans.
    \15\ The MIRP, one of the eight supporting plans of the National 
Strategy for Maritime Security, is intended to facilitate the 
restoration of maritime commerce after a terrorist attack or natural 
disaster.
    \16\ DHS released the Strategy to Enhance the International Supply 
Chain in July 2007. This strategy contains a plan to speed the 
resumption of trade in the event of a terrorist attack on our ports or 
waterways as required in the SAFE Port Act.
    \17\ All hazards emergency preparedness efforts seek to prepare all 
sectors of American society--business, industry and nonprofit; 
territorial, local, and tribal governments, and the general public--for 
all hazards the Nation may face, i.e., any large-scale emergency event, 
including terrorist attacks and natural or accidental disasters.
    \18\ GAO, Port Risk Management: Additional Federal Guidance Would 
Aid Ports in Disaster Planning and Recovery, GAO-07-412 (Washington, 
D.C.: Mar. 28, 2007).
    \19\ GAO, Homeland Security: Process for Reporting Lessons Learned 
from Seaport Exercises Needs Further Attention, GAO-05-170 (Washington, 
D.C.: Jan. 14, 2005); and GAO-07-412.
    \20\ The International Port Security Program uses the ISPS Code as 
the benchmark by which it measures the effectiveness of a country's 
anti-terrorism measures in a port. The code was developed after the 
September 11 attacks and established measures to enhance the security 
of ships and port facilities with a standardized and consistent 
security framework. The ISPS code requires facilities to conduct an 
assessment to identify threats and vulnerabilities and then develop 
security plans based on the assessment. The requirements of this code 
are performance-based; therefore compliance can be achieved through a 
variety of security measures.
    \21\ In addition to the Coast Guard visiting the ports of foreign 
countries under this program, countries can also make reciprocal visits 
to U.S. ports to observe U.S. implementation of the ISPS Code, 
obtaining ideas for implementation of the code in their ports and 
sharing best practices for security.
    \22\ See H.R. Conf. Rep. No. 109-699, at 142 (2006).
    \23\ There are approximately 140 countries that are maritime 
trading partners with the United States.
    \24\ GAO, Information on Port Security in the Caribbean Basin, GAO-
07-804R, (Washington, D.C.: June 29, 2007).
    \25\ Requirements for security plans for facilities are found in 33 
CFR Part 105, Subpart D.
    \26\ See GAO, Maritime Security: Substantial Work Remains to 
Translate New Planning Requirements into Effective Port Security, GAO-
04-838 (Washington, D.C.: June 2004).
    \27\ See GAO, Managing for Results: Enhancing Agency Use of 
Performance Information for Management Decision Making, GAO-05-97 
(Washington, D.C.: September 2005).
    \28\ See GAO, Port Security: Better Planning Needed to Develop and 
Operate Maritime Worker Identification Card Program, GAO-05-106 
(Washington, D.C.: December 2004); and Transportation Security: DHS 
Should Address Key Challenges before Implementing the Transportation 
Worker Identification Credential Program, GAO-06-982 (Washington, D.C.: 
September 2006).
    \29\ GAO, Transportation Security: TSA Has Made Progress in 
Implementing the Transportation Worker Identification Credential 
Program, but Challenges Remain, GAO-07-681T (Washington, D.C.: Apr. 12, 
2007).
    \30\ The National Commission on Terrorist Attacks Upon the United 
States, Final Report of the National Commission On Terrorist Attacks 
Upon the United States, Washington, D.C.: Jul. 22, 2004).
    \31\ TSA determined that the background checks required for the 
hazardous materials endorsement (an endorsement that authorizes an 
individual to transport hazardous materials for commerce) and the Free 
and Secure Trade card (a voluntary CBP program that allows commercial 
drivers to receive expedited border processing) satisfy the background 
check requirements for TWIC. TSA also determined that an individual 
issued a Merchant Mariner Document (issued between February 3, 2003, 
and March 26, 2007) was not subject to an additional background check 
for TWIC.
    \32\ The SAFE Port Act required that GAO conduct a study of the 
background records checks carried out for DHS that are similar to the 
one required of truck drivers to obtain a hazardous material 
endorsement. Pub. L. 109-347,  105 120 Stat. 1884, 1891 (2006). See 
GAO, Transportation Security: Efforts to Eliminate Redundant Background 
Check Investigations, GAO-07-756 (Washington, D.C.: Apr. 26, 2007).
    \33\ The term ``harmonize'' is used to describe efforts to increase 
efficiency and reduce redundancies by aligning the background check 
requirements to make the programs more consistent.
    \34\ Cargo manifests are prepared by the ocean carrier to describe 
the contents of a container.
    \35\ The Comptroller General's internal control standards state 
that internal control activities help ensure that management's 
directives are carried out. Further, they state that the control 
objectives should be effective and efficient in accomplishing the 
agency's control objectives. GAO, Standards for Internal Control in the 
Federal Government, GAO/AIMD-00-21.3.1, 11 (Washington, D.C.: November 
1999).
    \36\ The Comptroller General's internal control standards state 
that internal control activities help ensure that management's 
directives are carried out. Further, they state that the control 
objectives should be effective and efficient in accomplishing the 
agency's control objectives. GAO, Standards for Internal Control in the 
Federal Government, GAO/AIMD-00-21.3.1, 11 (Washington, D.C.: November 
1999).
    \37\ Smart features include more complex algorithms and real-time 
intelligence.
    \38\ GAO, International Trade: Persistent Weaknesses in the In-Bond 
Cargo System Impede Customs and Border Protection's Ability to Address 
Revenue, Trade, and Security Concerns, GAO-07-561, (Washington, D.C.: 
April 17, 2007).
    \39\ In-bond goods must be transported by a carrier covered by a 
CBP-approved bond that allows goods that have not yet entered U.S. 
commerce to move through the United States. The bond is a contract 
given to ensure performance of obligations imposed by law or regulation 
and guarantees payment to CBP if these obligations are not performed.
    \40\ CBP cannot assess the extent of the program because it does 
not collect accurate information on the value and volume of in-bond 
cargo, and its analysis of existing data is limited to the number of 
in-bond transactions.
    \41\ Although an in-bond form is required for in-bond movement, it 
does not have the same level of detail contained in entry documents, 
and data from the form are not used to update ATS scores.
    \42\ Entry information is documentation to declare items arriving 
in the United States. Entry information allows CBP to determine what is 
included in a shipment, and provides more detail on a container's 
contents than manifest information.
    \43\ Los Angeles, Long Beach, Newark, and New York.
    \44\ GAO-07-561.
    \45\ We made eleven recommendations to improve the management of 
the in-bond system in three general areas: (1) improving the level of 
information available on in-bond carge, (2) improving monitoring of in-
bond cargo, and (3) improving the efficiency of in-bond compliance 
measurement programs. DHS agreed with seven of our recommendations, 
disagreed with three, and stated that one had already been implemented.
    \46\ A core element of CSI is the use of technology to scan--to 
capture data including images of cargo container contents--high-risk 
containers to ensure that examinations can be done rapidly without 
slowing down the movement of trade. This technology can include 
equipment such as large scale X-ray and gamma ray machines and 
radiation detection devices.
    \47\ See GAO, Container Security: A Flexible Staffing Model and 
Minimum Equipment Requirements Would Improve Overseas Targeting and 
Inspection Efforts, GAO-05-557 (Washington, D.C.: Apr. 26, 2005) and 
Container Security: Expansion of Key Customs Programs Will Require 
Greater Attention to Critical Success Factors, GAO-03-770 (Washington, 
D.C.: July 2003).
    \48\ GAO-05-557.
    \49\ The World Customs Organization is an international 
organization aimed at enhancing the effectiveness and efficiency of 
customs administrations.
    \50\ See GAO, Cargo Security: Partnership Program Grants Importers 
Reduced Scrutiny with Limited Assurance of Improved Security, GAO-05-
404 (Washington, D.C.: March 2005); and Container Security: Expansion 
of Key Customs Programs Will Require Greater Attention to Critical 
Success Factors, GAO-03-770 (Washington, D.C.: July 2003).
    \51\ GAO-05-405.
    \52\ For additional information, see GAO, Preventing Nuclear 
Smuggling: DOE Has Made Limited Progress in Installing Radiation 
Detection Equipment at Highest Priority Foreign Seaports, GAO-05-375 
(Washington, D.C.: Mar. 31, 2005).
GAO Related Products
    Combating Nuclear Smuggling: Additional Actions Needed to Ensure 
Adequate Testing of Next Generation of Radiation Detection Equipment. 
GAO-07-1247T. Washington, D.C.: September 18, 2007.
    Department of Homeland Security: Progress Report on Implementation 
of Mission and Management Functions. GAO-07-1240T. Washington, D.C.: 
September 18, 2007.
    Department of Homeland Security: Progress Report on Implementation 
of Mission and Management Functions. GAO-07-1081T. Washington, D.C.: 
September 6, 2007.
    Department of Homeland Security: Progress Report on Implementation 
of Mission and Management Functions. GAO-07-454. Washington, D.C.: 
August 17, 2007.
    Homeland Security: Observations on DHS and FEMA Efforts to Prepare 
for and Respond to Major and Catastrophic Disasters and Address Related 
Recommendations and Legislation. GAO-07-1142T. Washington, D.C.: July 
31, 2007.
    Information on Port Security in the Caribbean Basin. GAO-07-804R. 
Washington, D.C.: June 29, 2007.
    Department of Homeland Security: Science and Technology 
Directorate's Expenditure Plan. GAO-07-868. Washington, D.C.: June 22, 
2007.
    Homeland Security: Guidance from Operations Directorate Will 
Enhance Collaboration among Departmental Operations Centers. GAO-07-
683T. Washington, D.C.: June 20, 2007.
    Department of Homeland Security: Progress and Challenges in 
Implementing the Department's Acquisition Oversight Plan. GAO-07-900. 
Washington, D.C.: June 13, 2007.
    Department of Homeland Security: Ongoing Challenges in Creating an 
Effective Acquisition Organization. GAO-07-948T. Washington, D.C.: June 
7, 2007.
    Homeland Security: Observations on DHS and FEMA Efforts to Prepare 
for and Respond to Major and Catastrophic Disasters and Address Related 
Recommendations and Legislation. GAO-07-835T. Washington, D.C.: May 15, 
2007.
    Homeland Security: Management and Programmatic Challenges Facing 
the Department of Homeland Security. GAO-07-833T. Washington, D.C.: May 
10, 2007.
    Maritime Security: Observations on Selected Aspects of the SAFE 
Port Act. GAO-07-754T. April 26, 2007.
    Transportation Security: DHS Efforts to Eliminate Redundant 
Background Check Investigations. GAO-07-756. Washington, D.C.: April 
26, 2007.
    International Trade: Persistent Weaknesses in the In-Bond Cargo 
System Impede Customs and Border Protection's Ability to Address 
Revenue, Trade, and Security Concerns. GAO-07-561. Washington, D.C.: 
April 17, 2007.
    Transportation Security: TSA Has Made Progress in Implementing the 
Transportation Worker Identification Credential Program, but Challenges 
Remain. GAO-07-681T. Washington, D.C.: April 12, 2007.
    Customs Revenue: Customs and Border Protection Needs to Improve 
Workforce Planning and Accountability. GAO-07-529. Washington, D.C.: 
April 12, 2007.
    Port Risk Management: Additional Federal Guidance Would Aid Ports 
in Disaster Planning and Recovery. GAO-07-412. Washington, D.C.: March 
28, 2007.
    Transportation Security: DHS Should Address Key Challenges before 
Implementing the Transportation Worker Identification Credential 
Program. GAO-06-982. Washington, D.C.: September 29, 2006.
    Maritime Security: Information-Sharing Efforts Are Improving. GAO-
06-933T. Washington, D.C.: July 10, 2006.
    Cargo Container Inspections: Preliminary Observations on the Status 
of Efforts to Improve the Automated Targeting System. GAO-06-591T. 
Washington, D.C.: March 30, 2006.
    Managing for Results: Enhancing Agency Use of Performance 
Information for Management Decision Making. GAO-05-927. Washington, 
D.C.: September 9, 2005.
    Combating Nuclear Smuggling: Efforts to Deploy Radiation Detection 
Equipment in the United States and in Other Countries. GAO-05-840T. 
Washington, D.C.: June 21, 2005.
    Container Security: A Flexible Staffing Model and Minimum Equipment 
Requirements Would Improve Overseas Targeting and Inspection Efforts. 
GAO-05-557. Washington, D.C.: April 26, 2005.
    Homeland Security: Key Cargo Security Programs Can Be Improved. 
GAO-05-466T. Washington, D.C.: May 26, 2005.
    Maritime Security: Enhancements Made, But Implementation and 
Sustainability Remain Key Challenges. GAO-05-448T. Washington, D.C.: 
May 17, 2005.
    Cargo Security: Partnership Program Grants Importers Reduced 
Scrutiny with Limited Assurance of Improved Security. GAO-05-404. 
Washington, D.C.: March 11, 2005.
    Maritime Security: New Structures Have Improved Information 
Sharing, but Security Clearance Processing Requires Further Attention. 
GAO-05-394. Washington, D.C.: April 15, 2005.
    Preventing Nuclear Smuggling: DOE Has Made Limited Progress in 
Installing Radiation Detection Equipment at Highest Priority Foreign 
Seaports. GAO-05-375. Washington, D.C.: March 30, 2005.
    Protection of Chemical and Water Infrastructure: Federal 
Requirements, Actions of Selected Facilities, and Remaining Challenges. 
GAO-05-327. Washington, D.C.: March 2005.
    Homeland Security: Process for Reporting Lessons Learned from 
Seaport Exercises Needs Further Attention. GAO-05-170. Washington, 
D.C.: January 14, 2005.
    Port Security: Better Planning Needed to Develop and Operate 
Maritime Worker Identification Card Program. GAO-05-106. Washington, 
D.C.: December 2004.
    Maritime Security: Substantial Work Remains to Translate New 
Planning Requirements into Effective Port Security. GAO-04-838. 
Washington, D.C.: June 2004.
    Homeland Security: Summary of Challenges Faced in Targeting 
Oceangoing Cargo Containers for Inspection. GAO-04-557T. Washington, 
D.C.: March 31, 2004.
    Container Security: Expansion of Key Customs Programs Will Require 
Greater Attention to Critical Success Factors. GAO-03-770. Washington, 
D.C.: July 25, 2003.

    Senator Lautenberg. Thank you, Mr. Caldwell. Mr. Coscia?

STATEMENT OF ANTHONY COSCIA, CHAIRMAN, BOARD OF COMMISSIONERS, 
         THE PORT AUTHORITY OF NEW YORK AND NEW JERSEY

    Mr. Coscia. Mr. Chairman, thank you. Good morning, Vice 
Chairman Stevens, Senator Lott. Thank you for the opportunity 
to testify before this Committee on maritime security and the 
SAFE Port Act in particular, for many reasons, not the least of 
which is that we have, for quite a period of time, looked for 
the leadership to add the level of attention to this issue that 
we believe it deserves and your efforts here today are very 
much appreciated by those of us in the field each day.
    I'd like to today, talk about briefly several topics 
related to this issue: cargo security, credentialing, response 
and recovery and funding and resources. These, as well as other 
points, were covered in a task force report that was compiled 
by the Port Authority, assembling a number of key business 
leaders and government officials in the New Jersey/New York 
metropolitan area who would be directly impacted by any 
incident that were to occur and recognizing just how critical 
this issue is.
    First, let me talk a bit about cargo security. When we talk 
about cargo security, of course, we're talking about securing 
cargo entering U.S. ports and it is critical to recognize that 
first and foremost that the ports themselves are not the lone 
point of vulnerability. The potential for terrorist activity 
stretches from the cargo's overseas point of origin to where 
the cargo is placed into a container, to points along the 
cargo's route to its ultimate destination. Our goal should be 
to increase our level of confidence that we know the contents 
of containers before they're even loaded onto a ship destined 
for a U.S. port. The security process must also include an 
ability to verify along the route that the container and the 
cargo have not been tampered with, that the container is 
transported under the control of responsible parties and that 
the integrity of the data associated with the movement of the 
cargo has not been compromised.
    We support Section 204 of the SAFE Port Act, which requires 
minimum standards and procedures for securing containers in 
transit to the United States. In implementing this section, 
however, our understanding is that the Department of Homeland 
Security plans to impose these standards only on importers who 
enroll in the C-TPAT program. Voluntary cargo security measures 
are certainly helpful, but Senators, I would submit that 
they're not clearly sufficient. We must go one step further and 
make those container security standards, both minimum and 
mandatory. Importers that choose to go above and beyond the 
minimum standards should reap the benefits of security and 
commercial benefits commensurate with their investment in and 
the effectiveness of their security measures. Those who don't 
meet minimum standards should be faced with some form of a red 
lane.
    Next, I want to talk briefly about credentialing. I know 
this is very much the focus of this Committee and I'd like to 
focus only on several relatively minor but frankly, very 
critical aspects to the Port Authority and to operators in the 
field. The current process requires a local match of 25 percent 
for the implementation of this program, although we clearly 
recognize that funding and resources are critical at so many 
levels, we've asked Secretary Chertoff to reconsider this. We 
have an enormous expense associated with port security at our 
level. Our agency, since 9/11 has spent over $100 million on 
port security and this pilot program will require additional 
expenditures on our side. We're hopeful that this Committee 
will support our request to eliminate a 25 percent local 
matching requirement because there are so many other 
investments we'll have to make in this program in order for it 
to be successful, investments which will not be recoverable if 
the program has to be retooled or is not successful.
    Third, I'd like to go on to the issue of response and 
recovery. We need to develop response and recovery plans but we 
need to do that in a way that fully incorporates all those who 
are affected by it. The SAFE Port Act creates an appropriate 
prioritization scheme for how to develop these plans. We 
believe more should be done to integrate the way private 
industry, as well as government levels at varying degrees, work 
together on developing a comprehensive plan. Any response and 
recovery plan is relatively ineffective to the extent that 90 
or 95 percent of those who are affected by it are not fully 
integrated into its implementation. Therefore, public and 
private sectors must collaborate on the development of port-
specific plans and procedures in each U.S. port to ensure a 
timely recovery and effective communication in the aftermath of 
an incident. These response and recovery plans must be 
supported by individual business continuity plans and robust 
training and exercise programs.
    Finally and I'm sure it's of no surprise, I would like to 
make two points regarding security funding. The first is that 
although there is an effort now to implement 5-year rolling 
plans with respect to Tier I and Tier II ports, we think that 
should be extended to all ports to include Tier III and Tier IV 
ports, therefore we can fully understand on a risk basis, where 
additional grants should go.
    And then finally, our agency feels strongly that there 
should be some uniform port security fee that should be adopted 
on a national level. We're not necessarily advocating any 
particular fee but at present, we're faced with a circumstance 
where each port is individually making decisions on port 
security fees. We believe that puts all of us in a position of 
having to do a balancing act between our competitiveness and 
providing the adequate level of security. We think on a 
national level, a uniform fee should be adopted that allows us 
to comprehensively collect resources and then re-deploy those 
in the most intelligent way possible to provide the adequate 
level of security.
    Again, thank you for your dedicated attention to this 
issue. This issue, with leadership, we believe can be addressed 
very effectively and we applaud yours in that area, Senator.
    [The prepared statement of Mr. Coscia follows:]

Prepared Statement of Anthony Coscia, Chairman, Board of Commissioners, 
             The Port Authority of New York and New Jersey
    Chairman Inouye, Vice Chairman Stevens, Senator Lautenberg, Members 
of the Committee, thank you for the opportunity to testify on the 
importance of maritime and port security and the implementation of the 
SAFE Port Act. My name is Anthony Coscia. I am the Chairman of The Port 
Authority of New York and New Jersey.
    The tragic events of September 11 have focused our collective 
attention on the need to protect our borders at major international 
gateways like the Port of New York and New Jersey and small ports 
alike. The Maritime Transportation Security Act of 2002 and the SAFE 
Port Act are two pieces of landmark legislation that have had a 
positive impact on our homeland security. However, as we all know, more 
remains to be done. We commend the entire Senate, and this Committee in 
particular, for its work on the SAFE Port Act in devising a layered 
approach to enhance maritime security.
    At the Port Authority we feel that maritime and port security is 
such an essential matter that we assembled a Task Force of independent 
non-partisan business and government leaders interested in identifying 
critical port and supply chain security concerns and promoting ways to 
resolve or mitigate these concerns. The Task Force issued a report in 
November 2006 containing our recommendations.
    I would like to briefly discuss seven key points relevant to the 
SAFE Port Act and our Port Security Task Force: (1) the vital nature of 
our ports; (2) cargo security; (3) credentialing; (4) command and 
control; (5) response and recovery; (6) research and development; and 
finally, (7) funding and resources.
The Vital Nature of Ports
    Ninety-five percent of the international goods that come into the 
country come in through our Nation's 361 ports; approximately 13 
percent of that volume is handled in the Port of New York and New 
Jersey alone, the third largest port in the country. The Port generates 
over 230,000 jobs and $12.6 billion in wages throughout the region. 
Additionally, the Port contributes $2.1 billion in state and local tax 
revenues and more than $3.8 billion in Federal tax revenues. Cargo that 
is handled in the Port is valued at over $150 billion and serves 80 
million people, or 35 percent of the entire U.S. population. In 2005, 
the Port handled over 5,500 ship calls, 86 million tons of general 
cargo, 852,297 autos, and 2.9 million containers, approximately 8,200 
containers each day. Today, international trade accounts for 
approximately thirty percent of the U.S. economy. Considering all this, 
it is easy to understand how a terrorist incident in one of our ports 
would have a devastating effect on our Nation and its economy.
Cargo Security
Standards and Procedures
    America's consumer-driven market depends upon a very efficient 
logistics chain, of which the Nation's ports are a single link. U.S. 
ports provide the platform for the transfer of imported goods from 
ships to our national transportation system--primarily trucks and 
trains--that ultimately deliver those products to local retail outlets 
or raw goods to manufacturing plants. Historically, that goods movement 
system has had one overall objective: to move cargo from Point A to 
Point B as quickly, reliably and cheaply as possible. Today, a new 
imperative--national security--has been introduced into that system. 
The ports themselves are not the lone point of vulnerability. Rather, 
the potential for terrorist activity stretches from the cargo's 
overseas point of origin or place of manufacture to where the cargo is 
placed into a container to any point along the cargo's route to its 
ultimate destination.
    Our goal should be to increase our level of confidence that we know 
exactly what is in each container before it is loaded on a ship 
destined for a U.S. port. It is simply not possible to physically 
examine the contents of each of the 8,200 containers that arrive each 
day in the Port of New York and New Jersey alone without seriously 
impacting the efficiency of the logistics chain. And we remain 
concerned about a requirement that 100 percent of all containers 
entering the country be scanned, before the technology, business 
processes and sovereignty issues have been addressed. The key, rather, 
is to identify a way to separate high-risk cargo from the vast majority 
of legitimate containers and then deal with the exceptions. This 
approach requires a thorough understanding of the existing logistics 
chain that moves containers from any place in the world to our Nation's 
distribution system.
    A typical container movement includes 14 different nodes, involves 
30 organizations, and generates as many as 30-40 different documents 
with over 200 data elements. This is a complex process in which the 
physical movement of a container is only one dimension of the system. 
There are three other important components that must also be 
understood: the flow of money, the flow of information concerning that 
shipment, and, finally, the transfer of accountability for the 
shipment, all of which must occur seamlessly in order for the cargo to 
be delivered to its final destination.
    Today, no mandatory security standards apply when loading a 
container at the manufacturer or when it is consolidated in a 
warehouse, often well inland of a seaport. No security standards exist 
for the seals placed on containers. Cargo is transferred from one mode 
of conveyance to another and there are neither standards governing how 
that conveyance occurs, nor accountability for the integrity of the 
container as it changes hands.
    We believe that efforts must be taken to verify the contents of 
containers before they are even loaded on a ship destined for a U.S. 
port. The process must include certification that the container is free 
of false compartments, and was packed in a secure environment and 
sealed so that its contents cannot be tampered with; that there be an 
ability to verify along the route that neither the container nor cargo 
has been tampered with; that the container is transported under the 
control of responsible parties; and that the integrity of the 
information and information systems associated with the movement of the 
cargo has not been compromised.
    We support Section 204 of SAFE Port, which requires ``minimum 
standards and procedures for securing containers in transit to the 
United States.'' However, we also believe that we need to go one step 
further and make those container security standards minimum and 
mandatory. Voluntary cargo security measures such as those established 
under the Customs-Trade Partnership Against Terrorism (C-TPAT) program 
are helpful but are not sufficient by themselves in order to protect 
our homeland. Rather, all containers destined to the United States 
should be subject to a new and higher security standard. Then and only 
then, should importers that choose to go above and beyond the minimum 
standards reap tiered benefits such as those currently available 
through C-TPAT participation. The incentives to go above and beyond the 
minimum standards would be commensurate with the level of investment in 
and effectiveness of security measures and should include a number of 
security and commercial benefits including a reduction in cargo loss, 
fewer Customs exams, an adjustment to insurance premiums and bonding 
requirements and greater cargo visibility to support just-in-time 
inventory pressures. Those that don't meet the minimum standards would 
receive a ``red lane.''
    The Department of Homeland Security is working on the development 
of functional requirements for Container Security Devices (CSD). Based 
on comments that Customs and Border Protection (CBP) Commissioner Ralph 
Basham made before the Center for Strategic and International Studies 
in July, it appears that the CSDs will be required only of Tier III C-
TPAT participants. We are concerned that this approach only makes the 
secure shippers more secure and fails to address the vast majority of 
shippers that have chosen not to participate in the voluntary C-TPAT 
program.
    The SAFE Port Act also required DHS to collect more data on cargo 
shipments before lading in order to improve their risk targeting. We 
support this advanced information effort, which is affectionately known 
as ``10+2'', and applaud CBP for collaborating with trade in the 
identification of the appropriate data elements and reporting methods. 
We join with our industry partners in eagerly anticipating the release 
of the Notice of Proposed Rule Making later this year. We are very 
concerned, however, about plans to develop a third party data warehouse 
or what is referred to as the ``Global Trade Exchange'' without 
appropriate consultation with industry and before the effectiveness of 
``10+2'' can be evaluated. We respectfully request that through the 
Commercial Operators Advisory Committee (COAC) on which the Port 
Authority has a seat, that DHS involve industry in the development of 
the Global Trade Exchange concept, before any segment of it is 
developed outside the established consultative process.
Weapons of Mass Destruction--Radiation Detection
    Radiation detection is yet another line of defense but radiation 
detection in the United States after cargo has arrived on our shores 
should be our last line of defense, not our first. We fully support the 
deployment of radiation detection equipment at the 22 highest volume 
ports in the country to scan all containers for radiation. However, as 
the technology is improved and resources allow, this program should be 
expanded beyond the highest volume ports. Not doing so would allow 
exploitation of the path of least resistance. In the Port of New York 
and New Jersey 98 percent of our import containers are currently 
scanned for radiation by CBP. Those that are not scanned today 
represent only the lowest risk containers that move inland by rail. We 
are monitoring the progress of the rail pilot project in the Port of 
Tacoma, which, if successful, will help us devise a solution for 
capturing that remaining 2 percent of rail cargo.
    Starting in 2003, the Port Authority has worked closely with the 
Department of Homeland Security (DHS) on a Counter Measures Test Bed 
(CMTB) program at the New York Container Terminal to test and evaluate 
the performance of commercially available and advanced radiation 
detection equipment in real world situations. These efforts have led to 
the further development and selection of manufacturers for the Advanced 
Spectroscopic Portal (ASP) program. To date CBP has installed ASPs at 
two of our seven container terminals. Those ASPs are currently 
undergoing field-testing and have not been fully commissioned yet. 
CBP's cooperation in accommodating local operational constraints and 
schedules has been outstanding.
    We recognize that concerns that have been raised by the Government 
Accountability Office, the National Resources Defense Council and 
others about the ability of the ASPs to detect shielded nuclear 
material and support the additional testing, evaluation and 
certification that is underway. If requested, the Port Authority will 
continue to make its facilities and personnel available for any 
additional testing that may be necessary. Further, because of the 
limited ability of the ASPs to detect shielded material, we strongly 
support the Secure Freight Initiative, which integrates radiation 
detection and container imaging. We must continue urgently to pursue a 
solution that is easy to administer by the supply chain workforce; that 
is fast, accurate and reliable; and that is affordable.
Credentialing
    In 2002, Congress mandated that all transportation system workers 
who are permitted ``unescorted access'' to restricted areas carry a 
Transportation Worker Identification Credential, or TWIC. TWIC is a 
tamper-resistant identification card with biometric capabilities that 
can be issued only after a successful criminal history background 
check. TWIC provides the operators of critical infrastructure with the 
ability to positively identify an individual seeking to gain access to 
a secure area. We fully support the need for positive access control at 
port facilities and the creation of a national identification program.
    Since TWIC has been and will be the subject of several other 
hearings, I will limit my comments to just two issues relating to the 
SAFE Port Act.
    The first is the provision requiring DHS to establish a pilot 
program to test TWIC card readers at five geographic locations in order 
to evaluate business processes, technology and operational impacts. 
While the SAFE Port Act mandated these pilot projects, the Department 
has not funded them. We and other port authorities and vessel operators 
are committed to assisting the Department in achieving its goals 
relative to the implementation and deployment of TWIC in the maritime 
industry. Accordingly, we have agreed to work with TSA to use our 
facilities and vessels, as well as use a portion of our Federal grant 
monies (FY 2006 and FY 2007), to test the equipment that will be used 
to read the TWIC cards. The Federal grant moneys, however, require a 25 
percent cash match.
    In order to devise a meaningful pilot project, considerable initial 
disruption will occur at each participating facility and vessel and 
both capital and operating funds will be expended that will not be 
recoverable at the end of the pilot, whether or not it is successful. 
We would suggest that the cost to the participants to plan, manage and 
implement this program already represents a significant contribution, 
even without an obligation for a cash match. Therefore, mandating a 25 
percent cash match for purchase of infrastructure and equipment 
required for participation in the pilot project will place an undue 
burden on us, and will only serve to reduce the amount of resources we 
will have at our disposal to ensure that a complete implementation of 
TWIC is a success. We have therefore requested that Secretary Chertoff 
recognize the in-kind contribution that our organizations will be 
making and waive the cash match requirement pursuant to his authority 
under 46 U.S.C. 70107, section (c)(2)(b). We would appreciate the 
Committee's support of this request as well. All previous TWIC pilot 
projects were fully funded by the TSA, and the pilot project required 
under the SAFE Port Act should receive the same level of support.
    The second issue is the prescreening of port truck drivers. Under 
Section 125, DHS was required to implement a threat assessment 
screening for all port truck drivers with access to secure areas of a 
port and who possess a commercial drivers license but not a hazardous 
materials endorsement. This program would be very similar to the 
interim screening program in which all facility owners and operators 
were required to participate in early 2006. Although this program 
hasn't been rolled out yet, we feel strongly that DHS comply with this 
requirement so that industry has a better understanding of what the 
impact of TWIC might be on the truck driver community. Current 
estimates indicate that anywhere from 10-40 percent of truck drivers 
may not be eligible for a TWIC, which could seriously impact port 
productivity and ultimately security.
Command and Control
    In the President's National Strategy for Maritime Security, 
Maritime Domain Awareness (MDA) is defined as ``an effective 
understanding of anything in the maritime environment that can affect 
the safety, security, economy, or environment of the United States.'' 
MDA is heavily dependent upon information fusion.
    Additionally, one of the principal outcomes of the work of the 9/11 
Commission was its determination that information sharing and 
collaboration at all levels of government are less than adequate. As 
such, we support the SAFE Port Act requirement for the development of 
interagency port security operations centers in key U.S. ports to 
facilitate operational coordination, information sharing, incident 
management and effective response. We would caution, however, that 
since the maritime industry does not operate in a vacuum but rather is 
largely dependent on surface transportation (road and rail) and 
requires the involvement of multiple levels of government and public 
safety agencies, these operations centers should not be limited to 
maritime and cargo security alone but be a single focal point and 
provide for the integration of all Homeland Security related functions 
among local, state and Federal agencies in a given region. It must also 
not just be a single operations center but one of multiple coordinating 
nodes in a regional and national information-sharing and collaboration 
network.
    One of the cornerstones of effective maritime domain awareness and 
command and control is the Coast Guard's Command 21 program, which 
regrettably hasn't received sufficient funding and resources yet. 
Therefore in the Port of New York and New Jersey we applied for and 
received Federal funding to develop the concept of operations and 
functional requirements for what might become the Joint Port Operations 
Center in our Port. It is our hope that our work locally will help 
inform the development of national functional requirements under 
Command 21.
    The basis for the local con ops and functional requirements will be 
the Port Authority's Joint Situational Awareness System (JSAS), 
formerly known as the Regional Information Joint Awareness Network or 
RIJAN. JSAS is a DHS-funded, DOD managed and Port Authority-led multi-
agency project to build an information sharing and collaboration 
network among key operations centers in the New York and New Jersey 
port region. Regional partners include the States of New York and New 
Jersey and the City of New York. DHS sponsorship is via the Domestic 
Nuclear Detection Office (DNDO). Our DOD program manager and developer 
is the U.S. Army's Armament, Research, Development and Engineering 
Center from Fort Monmouth New Jersey.
Response and Recovery
    While most of our focus since 9/11 has rightly been on preventing 
another terrorist attack, we must develop comprehensive programs to 
address response and recovery as well.
Recovery and Economic Impact
    A large-scale terrorist attack at a Port such as ours would not 
only cause local death and destruction, but could paralyze maritime 
commerce and economies nationally and globally. Before such an event 
occurs, we must have plans in place to ensure an efficient and 
effective response in order to avoid critical delays in recovery and 
expedite business resumption. Agencies in the Port of New York and New 
Jersey know better than anywhere else in the country how to respond to 
suspected terrorist activities and catastrophic events. What is not 
entirely clear is how private sector resources could be leveraged to 
strengthen the response, what the economic impact of a protracted port 
closure would be, and how the private sector would be kept informed to 
facilitate critical business decisions as an event unfolds. We must 
collaborate today on developing localized plans and procedures to 
ensure a timely and effective recovery from an incident at our Ports 
and to inform the private sector as an incident develops and response 
and recovery takes place.
    The Strategy to Enhance International Supply Chain Security, 
released by DHS in July, does a credible job of outlining the plan and 
considerations for resumption of trade. However, those considerations 
still need to be translated into port specific recovery and trade 
resumption plans.
    Through the Area Maritime Security Committee, the Port of New York 
and New Jersey has developed a draft port recovery plan. We have also 
established a Recovery Advisory Unit to counsel the Captain of the Port 
and Unified Command on the priorities, requirements and limitations for 
an effective and efficient recovery. We await the release of a 
Navigation and Vessel Inspection Circular later this year, which will 
provide the necessary guidance to local Coast Guard Sectors for the 
development of port specific recovery plans. A crucial element however, 
before we can finalize our port recovery plan is the release of both 
CBP and USCG's tactical plans for recovery and resumption of trade, 
which hasn't been done yet.
    The SAFE Port Act creates a prioritization for reestablishing the 
flow of commerce in the aftermath of an incident. We applaud the 
Department for recognizing that a port's ability to re-establish the 
flow of commerce will be incident-dependent and be dictated by ongoing 
response or clean up activities, current threat information and the 
availability of transportation infrastructure and resources (pilots, 
tugs, rail cars, barges, labor, cranes, tankage, container storage, 
etc.). Local port officials must have maximum flexibility to respond to 
their specific circumstances according to the dictates of the immediate 
situation. The recovery plan for New York and New Jersey makes life 
safety and public health, such as home heating oil in the winter, a 
priority; thereafter, vessels will move on a first-in, first-out basis 
depending on the availability of infrastructure and resources.
Research and Development
    Today, cargo security projects are being managed by various 
agencies within DHS as well as DOT, DOD and DOE. There are also a 
number of private-sector cargo security initiatives. From our vantage 
point, little coordination and collaboration takes place among these 
various initiatives. As a result, we may be expending scarce research 
resources in duplicative efforts or pursuing technologies or devices in 
one program that have already been shown to be ineffectual in others. 
We risk reinventing the wheel in developing solutions already addressed 
and solved in other efforts. Erecting administrative barriers between 
these programs impedes the free exchange of information that could 
otherwise promote efficiency and effectiveness in improving security.
    For these reasons, we believe it is absolutely critical to 
coordinate all cargo security research and development efforts through 
a single office. We believe that office should be the Director of Cargo 
Security Policy, created under the SAFE Port Act.
    There is an old saying that ignorance is bliss. In the current 
context, however, ignorance is an obstacle. Improving our national 
security is not a competition between government contestants seeking to 
conceal information in order to gain an advantage over other 
contestants. Rather, individuals involved in these efforts should be 
players on the same team working for the common good. In addition to 
project coordination through the Director of Cargo Security Policy, we 
would encourage the development of a Joint Program Office and a cargo 
security working group that includes private sector participation.
    We also support the development of a DHS Center of Excellence (COE) 
for maritime security and domain awareness by the Science and 
Technology Directorate. This COE's research will help DHS facilitate 
and defend maritime commerce and global supply chains, minimize damage 
and expedite recovery from attacks or catastrophic events impacting 
maritime interests, and protect coastal population centers and critical 
infrastructure through the COE. DHS also seeks maritime security 
research that will integrate public and private resources and expertise 
into a coordinated effort to address maritime threats systematically; 
align Federal, state, local, foreign government, and private sector 
security efforts and activities; and support global maritime awareness 
and security. The Port Authority is a member of Government and Industry 
Advisory Committee for a proposal that has been submitted for the COE 
on Maritime Security. A field visit is scheduled for next week and we 
expect to learn about an award before the end of the year.
Funding and Resources
Port Security Costs
    Before September 11, 2001, port security was primarily focused on 
cargo theft and smuggling; it has since taken on new meaning and 
urgency. However, there is an ongoing debate over whether port security 
is primarily a Federal Government or private sector responsibility. 
While that debate continues, the Port Authority and private terminal 
operators throughout the country have voluntarily taken significant 
steps to protect our seaports from the terrorism threat, because the 
consequences of not doing so are grave. Since the September 11 
terrorist attacks, ports such as ours have instituted heightened 
security measures and spent substantial resources to increase security, 
both with capital improvements and additional security and law 
enforcement personnel. However, for every dollar that is spent on 
security, there is one fewer dollar available for the capital 
infrastructure necessary to accommodate the increasing volume of cargo 
our ports are expected to handle.
    By the end of this year, the Port Authority will have spent over 
$100 million on port security costs since the September 11 terrorist 
attacks. While 30 percent of the total--about $30 million--has been 
spent on infrastructure improvements and security systems, the vast 
majority of our expenses are the result of a significant increase in 
the operational costs associated with maritime security. It is 
estimated that the annual operations and maintenance costs associated 
with the new security systems is on the order of magnitude of fifteen 
to twenty percent of the purchase price. Additionally, ports and 
terminals have spent significant sums of money on personnel costs, 
including the hiring of new security officers, overtime, upgrading 
security forces to use more professional services, and providing extra 
training. The Port Authority's port security operating costs have 
doubled since 9/11. This does not include the extra police required at 
all Port Authority facilities every time the threat level increases, 
which amounts to approximately $500,000 per week.
Port Security Grants
    Since June 2002, approximately $1.3 billion has been made available 
under the Port Security Grant Program to port and terminal operators 
and state and local law enforcement and emergency responders. About 12 
percent or $104 million of the total has been awarded to entities in 
the Port of New York and New Jersey, arguably the highest risk port in 
the country. The Port Authority has received $25 million of that share.
    The vast majority of the $1.3 billion in port security grants has 
been allocated to critical security projects for individual terminals 
and vessels. Since all U.S. port terminals and vessels are now 
compliant with the Maritime Transportation Security Act, we must shift 
our attention from ``my'' security needs to ``our'' security needs. We 
therefore support the provision to make grants available to address 
port-wide vulnerabilities identified in the Area Maritime Security 
Plans. Under the Fiscal Year 2007 Supplemental Port Security Grant 
Program, FEMA is requiring all Tier I and II ports to develop a 5-Year 
Port Wide Strategic Risk Management Plan, which will form the basis for 
future grant funding requests. We would like to see this requirement 
extended to Tier III and IV ports, to ensure that all Federal port 
security funding is distributed based on risk and in a coordinated 
fashion. The Port of New York and New Jersey has already developed a 
Port-Wide Strategic Risk Management Plan and is prepared to help other 
ports create theirs.
Port Security User Fee
    Physical, technological, personnel and law enforcement enhancements 
at port facilities, many of which were mandated by new Federal 
regulations, have created a financial drain on the operators that run 
them. During its initial rulemaking process for the port security 
grants, it appears that the Federal Government grossly underestimated 
the operating costs for security. These security operating costs have 
not been eligible for port security grants and, as a result, have 
become unfunded mandates that industry has had to bear. Thus, while the 
Federal Government has provided $1.3 billion in port security grants 
over the past 5 years, this represents only a small fraction of the 
security costs that the industry has incurred over that same period.
    In the absence of a consistent stream of Federal funding for port 
and cargo security, many ports around the Nation have been forced to 
impose customer fees to cover federally mandated port security 
expenses. While the Federal Government has implemented standard 
regulations, there is no uniformity or consistency of user fees. The 
general concern reverberating throughout the maritime industry is that 
this haphazard approach to fee implementation could put U.S. seaports 
at a serious disadvantage in relation to ports in Canada and Mexico.
    Together with a shift in supply chain security measures from our 
Nation's ports to those abroad, we believe the expenses associated with 
the implementation of a more secure goods movement delivery system 
should be offset by the reallocation of revenue from the various user 
fees already collected from the maritime industry. We eagerly await the 
report on user fees that was required under the 9/11 Commission Bill. 
To supplement any shortfalls, the Federal Government should adopt 
legislation establishing a uniform, nationwide Port Security User Fee 
to help offset growing port security costs and resources for our 
Federal partners. In all cases, the revenues generated through such a 
fee should be dispersed according to a risk-based formula.
Federal Staffing and Resources
    Clearly the responsibilities of both the Coast Guard and Customs 
and Border Protection (CBP) staff have increased exponentially in the 
wake of 9/11. Unfortunately, the level of resources and personnel 
needed to support this awesome responsibility has not grown at a 
commensurate rate. It is widely believed that the advent of technology 
reduces our reliance on personnel. To the contrary, technology does not 
eliminate the need for personnel but rather requires additional 
personnel for intervention and resolution of alarms or concerns 
generated by the technology. In the Port of New York and New Jersey 
alone, CBP needs approximately 10 percent more staff to conduct its 
port security missions. In FY08 our local CBP staffing levels are 
actually being reduced. The problem is even more acute on the aviation 
side, which I am also concerned about. One area of the Coast Guard's 
mission is operating at a 1996 staffing level despite a 139 percent 
increase in volume of activity. Left unaddressed, these staffing 
limitations will adversely impact the free flow of commerce, safety and 
security.
Conclusion
    Addressing the issue of port and maritime security is an enormous 
challenge given the complexity of the international transportation 
network. Devising a system that enhances our national security while 
allowing the continued free flow of legitimate cargo through our ports 
cannot be accomplished through a single piece of legislation, or by a 
single nation. It requires a comprehensive approach with coordination 
across state and national lines and among agencies at all levels of 
government as well as the cooperation of the private and public sectors 
and the international community. It also requires that we periodically 
step back, measure our performance and identify areas requiring 
improvement, be it through new legislation, executive regulations or 
programmatic changes.
    I hope my comments today have provided you with some helpful 
insight into this complex matter. The Port Authority of New York and 
New Jersey is prepared to offer any additional assistance that you may 
require. Thank you.

    Senator Lautenberg. Thank you, Mr. Coscia. Ms. Fanguy, it 
was interesting to see your card display. Has it been tested in 
any kind of a reader?
    Ms. Fanguy. Yes. In fact, we've done testing on multiple 
levels. We have contracted--contractors review their testing. 
We've done independent testing and we've also tested some of 
our cards with the National Institute of Standards and 
Technology to ensure the cards work as expected.
    Senator Lautenberg. All right. Well, I note with interest 
your announcement yesterday that TSA intends to begin TWIC 
enrollment in Wilmington, Delaware on October 16 or October 15, 
I wasn't sure and the next 11 locations soon thereafter. Why is 
TSA skipping over the Port of New York and New Jersey, the 
largest port on the East Coast and which the FBI has identified 
as the most dangerous two miles for terrorism in the country? 
Doesn't that get attention that says maybe we ought to be 
looking there, to do as good a job as we can?
    Ms. Fanguy. We absolutely plan on doing a very good job 
with the Port Authority of New York and New Jersey. They are 
part of our overall plan and when we look at it, every port is 
extremely crucial to national security. In our overall 
deployment plan, we've developed a risk-based approach that 
balances security risk with program risk. So we've laid out the 
first 12 ports but as we get started at those ports, we will be 
announcing plans and I can tell you that the Port Authority of 
New York and New Jersey is coming shortly after these first 12 
but we want to get it right at those first 12 before we move 
on.
    Senator Lautenberg. Well, we hope you get it right at all 
of them but the magnitude of exposure in the Port of New York 
and New Jersey is one that we think deserves particular 
attention and if there is a fire burning, the fire is biggest 
right now in that area, identified by the FBI. So it doesn't 
really ring a good note for me when I hear that after the first 
11 are done. How many TWIC cards have been issued and activated 
as of today?
    Ms. Fanguy. In terms of Phase IV, which is the phase that 
we're in now, for the national deployment, we've begun 
enrolling our trusted agents and government personnel. So we're 
in the initial phases of rolling out those cards. But once we 
get to Wilmington, there will be 5,000 people approximately but 
we certainly anticipate in the next year that we'll be 
enrolling probably close to a million workers.
    Senator Lautenberg. How many card readers are in place?
    Ms. Fanguy. The card readers are the responsibility of 
local port facilities.
    Senator Lautenberg. No, how many are in place, Ms. Fanguy?
    Ms. Fanguy. I would need to get back to you on what current 
port facility owners and operators have within their own 
physical infrastructure.
    Senator Lautenberg. It's my understanding that ports that 
are testing the new TWIC card readers as part of the TSA pilot 
program and they are being required to use their port security 
grant funds to do so and must pay, as we heard, 25 percent of 
the cost. Now, TSA could eventually decide that the technology 
is unacceptable and the port then, would be stuck with useless 
equipment and so, why shouldn't TSA pay for the entire amount 
of testing?
    Ms. Fanguy. We received the letter that was addressed to 
Secretary Chertoff and we are analyzing the letter as we speak. 
The current approach is to leverage the port security grant 
program and to implement technology that would be used for the 
long-term, once the Coast Guard puts out the rule that would 
require readers.
    Senator Lautenberg. Would you recommend that TSA--that the 
various ports are relieved of a 25 percent commitment to the 
program for the reasons I stated?
    Ms. Fanguy. I think it warrants further analysis and that's 
what we're doing right now.
    Senator Lautenberg. Mr. Coscia, from an industry 
perspective, what--you talked about response and recovery after 
a security incident. Obviously then, you're challenging whether 
or not current plans for resumption of trade are adequate.
    Mr. Coscia. Senator, I think we've all come to recognize 
that in the event of any incident, there is a high degree of 
likelihood that even greater damage would occur by our 
inability to recover from whatever occurred and when you look 
at the criticality of the Port of New York and New Jersey, not 
just to the regional economy in New York City but frankly, to 
the national economy, its inability to operate efficiently or 
reactivate itself quickly would have an enormous national 
economic impact. We think people have come to understand that 
and as they develop plans to respond to an incident, we believe 
that there is a separation between the plans being developed at 
the Federal level, at the local level and more importantly, 
industry, which comprises around 90 percent of that supply 
chain apparatus, is not necessarily being integrated and 
required to provide the same kind of post-incident recovery 
planning and that we believe, Senator, is fundamental to it 
being effective. It will do us no good to have government 
agencies know exactly how to respond after an incident if we're 
highly dependent on private sector parties who have developed 
independent plans in which we are not fully integrated.
    Senator Lautenberg. Well, your AMSC had a task force that 
recommended the Federal Government collect a per container fee 
to be used for port security. Now I assume that this is only 
effective if it's collected at every port so that there is not 
a competitive advantage if one port doesn't comply.
    Mr. Coscia. Senator, in preparing for today's testimony, 
our staff compiled a listing of port security fees that are 
imposed by ports around the United States and without getting 
into that in any great detail, although we certainly can make 
that information available if your staff has not already 
compiled it, it shows you what the problem is, which is that 
each port is making an individual decision about how much they 
are looking to assess on traffic coming through their facility. 
They are making that judgment by trying to balance their 
various cost issues and provide security that they think is 
adequate and in doing that, they have to worry about whether or 
not in so doing, they've made their port uncompetitive and 
simply going to divert port cargo to another U.S. port. We 
think that a national policy on a port user fee, at a minimum, 
would provide a certain amount of uniformity to it so that 
these decisions can be based on security risk and not some 
balancing of competition among U.S. ports, which we think is 
totally inappropriate.
    Senator Lautenberg. Thanks, Mr. Coscia. Senator Stevens?
    Senator Stevens. Thank you very much, Mr. Chairman. 
Admiral, the basic law of the SAFE Port Act requires the Coast 
Guard to reassess security measures at foreign ports every 3 
years. How many ports do you assess?
    Admiral Pekoske. Senator, we assess 138 ports. We have 
completed 109 already, roughly 80 percent and we're resourced 
to----
    Senator Stevens. How long did that take?
    Admiral Pekoske. That took about a year, sir and we're 
resourced to revisit those ports at least every 2 years, which 
is in excess of the requirements of the SAFE Port Act. There's 
another element of this, sir, that I'd like to mention and that 
is that as we visit ports and as we engage internationally, 
there is a very big training component of this because as was 
mentioned before, some of these countries don't have the 
resources that we have here to develop a security system.
    Senator Stevens. Well, I'm interested, Admiral, in the 
allocation of cost to that compared to the allocation of cost 
of protecting our shores, our fisheries. There seems to me that 
a lot of the money that the Coast Guard has is being siphoned 
off now on the overall security process. Would you agree with 
that?
    Admiral Pekoske. Sir, fisheries enforcement is also a 
security mission. Our presence in the fishery grounds provides 
a security presence for the United States.
    Senator Stevens. Well how then, do you have one-third of 
the boats you used to have before 9/11, in Alaska waters?
    Admiral Pekoske. One-third the boats we had before?
    Senator Stevens. We have one third of the boats we had 
before 9/11.
    Admiral Pekoske. Yes, sir. Well, as you know, we're in the 
beginning stages of our Deepwater Project and our patrol boat 
fleet is reduced from what it was before. We're working very 
hard to close those gaps as quickly as we can but it is part of 
an acquisition process that is taking us some time.
    Senator Stevens. We have, as I said, our Port of Anchorage 
has 90 percent of the goods that comes in through that one 
port. It doesn't seem to be very high on the pecking order as 
far as the Coast Guard is concerned. Why is that?
    Admiral Pekoske. Sir, it is high on the pecking order. In 
fact, we have one of our Maritime Safety and Security teams in 
Anchorage.
    Senator Stevens. You do have a team there, yes. They are a 
small team. I've visited it and it's very nice.
    Admiral Pekoske. Yes, sir.
    Senator Stevens. But in terms of inspection services, how 
often do you inspect U.S. ports?
    Admiral Pekoske. We inspect U.S. facilities twice a year, 
sir. We have a scheduled inspection and an unannounced 
inspection and that has--that meets the requirements of the 
SAFE Port Act. I would also note that we have the ability, if 
there is an incident, to flow resources to whatever port needs 
that response and that's part of our Deployable Operations 
Group Operation, which we just began on the 20th of July.
    Senator Stevens. I don't know of any other state that 
depends on one port as much as we do. Our state is one-fifth 
the size of the United States, and all the goods that come in 
by water come into one port.
    Admiral Pekoske. Yes, sir.
    Senator Stevens. I really do not think we have the 
protection that's needed and on the other hand, I think that 
we're losing protection for other resources, such as fisheries. 
Mr. Winkowski, what do you think about this mandating 100 
percent screening? I've always believed that 100 percent is 
almost impossible in any situation but we are now looking at a 
100 percent screening requirement. What's your approach on 
that?
    Mr. Winkowski. Well, it's certainly, Senator, going to be a 
challenge. I think the good news here, though, is that we have 
a lot of experience in pushing our borders out. Customs and 
Border Protection developed that program. It started--our first 
port was in Vancouver in February 2002. So under the CSI 
program, we have learned a lot. Now we're in 58 locations, 
accounting for 85 percent of the cargo that's coming into the 
United States. To add to that, Senator, the upcoming test that 
I talked about----
    Senator Stevens. Well, let me ask you this. What about this 
voluntary Customs-Trade Partnership Against Terrorism Program? 
Is that working?
    Mr. Winkowski. Yes, it is. It is working very well.
    Senator Stevens. Has the industry invested much into it?
    Mr. Winkowski. Oh, yes. The industry has invested a 
tremendous amount.
    Senator Stevens. Could you give us a little statement for 
the record on that?
    Mr. Winkowski. Yes. The----
    Senator Stevens. Not now. I mean, just provide one for the 
record.
    Mr. Winkowski. Sure, OK.
    Senator Stevens. I'm almost out of my time, as a matter of 
fact. I would like to ask Ms. Fanguy about these cards. You say 
that you think the people involved will pay how much?
    Ms. Fanguy. Each card is $132.50--$132.50.
    Senator Stevens. Is that for a permanent card?
    Ms. Fanguy. That's for a five-year card for someone who has 
not had a comparable security threat assessment conducted.
    Senator Stevens. What about those who have been involved 
before?
    Ms. Fanguy. For people who have a comparable security--a 
re-issuance would be again, the same, $132.50 because we re-run 
all of the same----
    Senator Stevens. Every 5 years?
    Ms. Fanguy. That's correct.
    Senator Stevens. Does that repay the cost of those cards?
    Ms. Fanguy. Yes. The program is fully fee-funded and so 
once we begin collecting fees, we will not require any more 
appropriation.
    Senator Stevens. You said you estimated there would be a 
million people who will have them within the next year?
    Ms. Fanguy. Approximately.
    Senator Stevens. What percentage is that of the total 
required?
    Ms. Fanguy. We would plan in the next year to enroll 
everyone who requires unescorted access to the Nation's ports 
and vessels. However, there is a lot of turnover in this 
industry. We're very aware of that and so we know that after 
this initial enrollment, that we need to be able to sustain 
ongoing enrollment for new workers or for people who perhaps 
changed jobs within the maritime industry and then would 
require unescorted access in the future. So we see this as a 
long-term operation and we need to make sure that we have 
things right in this initial enrollment but also for the long-
term.
    Senator Stevens. One more question. How close are we to 100 
percent inspection? Mr. Winkowski?
    Mr. Winkowski. We are testing this month, three locations 
in Pakistan, the United Kingdom and in Honduras, 100 percent 
scanning.
    Senator Stevens. That's overseas.
    Mr. Winkowski. That's overseas, yes. We have a report due 
up here in February and April and we will take those best 
practices----
    Senator Stevens. Doesn't that 100 percent apply to domestic 
ports, too?
    Mr. Winkowski. Well, this is under the Secure Freight 
Initiative, taking on three ports for 100 percent scanning of 
cargo that's coming to the United States. So all the scanning 
would be done overseas prior to it coming into the United 
States.
    Senator Stevens. You won't be doing any inspection in U.S. 
ports?
    Mr. Winkowski. Oh, no. We still can--that can still be 
subject to inspection.
    Senator Stevens. Well, I've been to the major ports on the 
West Coast. They're not near 100 percent. How soon will they be 
100 percent?
    Mr. Winkowski. Well----
    Senator Stevens. Is that obtainable, is what I'm saying.
    Mr. Winkowski. When you look at seaports, we're going to be 
at 98 percent screening of our RPMs--Radiation Portal Monitors 
at the end of this calendar year.
    Senator Stevens. That's actual screening or selective 
screening?
    Mr. Winkowski. It's actual screening where every container 
will go through a radiation portal monitor, 98 percent of the 
containers will have gone through it.
    Senator Stevens. This year?
    Mr. Winkowski. At the end of this year, yes sir.
    Senator Stevens. 2007?
    Mr. Winkowski. Yes.
    Senator Stevens. Thank you.
    Senator Lautenberg. Senator Cantwell, your questions, 
please.
    Senator Cantwell. Thank you, Mr. Chairman. I just wondered, 
from a broad perspective, if you could give us a grade as a 
Nation on where we are with port security? I'm not asking where 
we are with the resources we have or the implementation of SAFE 
Port or C-TPAT or any of the TWIC--I'm just asking where we are 
versus the goal of making sure that we have a redundant 
security system. What grade would you give us, the United 
States in where we need to be? Each of you could just----
    Admiral Pekoske. Senator, I would give us a grade of a B. I 
think we have some of the fundamentals securely in place. We 
know the direction we need to go in. The challenge is just 
getting to the end point but I think we're at a B right now. I 
would say we were probably at a C last year. So just in the 
past year, we've made some progress.
    Senator Cantwell. Why do you think we've gone from a C to a 
B?
    Admiral Pekoske. Because we have done a much better job on 
our International Port Security Liaison Officer Program, where 
we inspect and assess international ports. We have continued to 
gain knowledge as to how to integrate operations at the port 
level. That has been very successful. We've done a lot of work 
at looking at the small vessel threat and how we would close 
that threat gap. So there has been a lot of progress, just 
fundamental to providing good port security overall.
    Senator Cantwell. Can the rest of the panel answer that?
    Ms. Fanguy. I would agree and I feel like we're turning 
upward. We're working closely with our partners within DHS and 
trying to continue to look for areas of improvement.
    Mr. Winkowski. I'm going to step out here a little bit, 
Senator and give us a B+. I really think that we have come a 
long way since 9/11 in Customs and Border Protection as a 
department in this whole area of screening and scanning cargo, 
advance information, pushing our borders out.
    Mr. Caldwell. I'm going to give an incomplete. One of the 
frustrations for us as well as Congress, is the lack of 
performance metrics to measure a lot of these programs. In a 
lot of cases, the lack of metrics is one of the main weaknesses 
that we have. It's very difficult. How do you measure security? 
It's easy to talk about but measuring it is pretty hard.
    Mr. Coscia. Senator, from the industry's perspective, I 
would say if the first day of school was September 12, for some 
reason, we didn't show up at school at all for some period of 
time. And then we finally woke up and realized we needed to. I 
think since then, a lot of progress has been made. The agencies 
represented by the others who are here today, I've seen some 
real promise for encouragement. But I do think we have a long 
way to go at recognizing just how comprehensive this issue is. 
So I'm afraid I can't do much better than a C but I hold us all 
essentially responsible for that grade.
    Senator Cantwell. I thank you for that answer and I think I 
agree with you and Mr. Caldwell. I wasn't asking about 
necessary performance although I do think there have been some 
issues about implementation and performance and measurements, 
as Mr. Caldwell said. But I'd find it hard to give us better 
than a C, given the threat and the challenge that we face and I 
think we're always going to be short on resources. Our 
resources are going to be dear so making sure they're deployed 
in a cost-effective manner is going to be of importance. I want 
to get back to Admiral Pekoske about this. Well, Mr. Coscia, 
you mentioned--well, I think most of you mentioned this 
international issue and where we are and the challenge. Mr. 
Caldwell, you mentioned the smaller ports not having regimes on 
an international basis. So how do we feel secure if you're 
thinking about an entire worldwide infrastructure and as I 
said, when we have thousands of cargo containers coming in 
every day to our ports, this is a real concern, the fact that 
there might--so you're saying we have--I can't remember what 
percentage you said--of how many ports on an international 
basis had been protected but we still have this web and you're 
saying, well, let's do every 2 years checking the system.
    To me, we should be much more aggressive on the IMO--
International Maritime Organization, of getting everybody to 
agree to a security regime and then having the security regime 
checked on a consistent basis. So why can't we move toward that 
so that we're upping our numbers of cargo containers checked? 
Because obviously, we already are well aware that terrorists go 
at the weakest point in a link. That's their assessment. They 
don't say, ``oh well, we know that Asia's got its act together 
on safe ports so we're going to go over here instead.'' I mean, 
how do we get this regime into better shape?
    Admiral Pekoske. Senator, we have an international regime, 
a global regime right now called the International Port and 
Facility Security Code and when we make foreign port 
assessments, we're basically assessing a country's performance 
against that global code.
    Senator Cantwell. But we were just hearing from panelists 
about that voluntary system. So what I'm saying is, if we want 
to get better than a C or incomplete, which I think we want to, 
don't we have to come up with a better system?
    Admiral Pekoske. The system is not entirely voluntary. If 
countries agree to the code and if they don't comply with the 
code, then there are conditions of entry that we place on them 
that has an economic impact on their ability to conduct 
business in this country. And we've already seen countries 
improve their security profile as a result of that incentive. 
And Senator, we're over at IMO right now, the Maritime Safety 
Committee is meeting in Copenhagen over the next 2 weeks.
    One of the things they're talking about is the 
implementation of the long-range tracking system, which is a 
global tracking system. It will give us, for the very first 
time, visibility--as soon as a ship declares, no matter where 
it is on the globe that is heading to the United States, we'll 
be able to track that ship on its voyage over. We'll also be 
able to see every ship that's 1,000 miles off our coast and 
that's a very significant improvement in capability. And if I 
could, I would like to make just one other point. It's been 
raised a couple of times this morning. We are revising our port 
security assessment model to go to a risk assessment model. We 
want to base our decisions, our funding allocations, our 
activity levels, on risk and we've got a very good maritime 
security risk assessment model in place. We've deployed it to 
each one of our Captains of the Port and that's how they're 
designing not just their response plans but also their recovery 
plans and those recovery plans, I couldn't agree with Mr. 
Coscia more, the key part of these recovery plans has to be the 
private sector and we fully agree with that and that will be 
part of the process that as we develop these individual, port-
specific plans, the private sector will be a key part of it.
    Senator Cantwell. I appreciate that but I would say, I 
don't think someone wanting to do harm to the United States 
cares whether a cargo container sits in the red lane or not, as 
long as it makes it here, right? So the question is how do you 
get these other countries to participate in a security regime 
and I think--I personally believe we need to up this effort. 
But I want to turn to Ms. Fanguy because we're in the 
implementation stages of TWIC, I believe, at the Port of 
Tacoma, is that correct?
    Ms. Fanguy. That is correct. It will be coming in November.
    Senator Cantwell. And we're a very integrated port system 
so we have workers from both the Port of Seattle and the Port 
of Tacoma. So they don't always work at the same spot. They 
don't always work at the same place so how are--I mean, I'm 
concerned that the--how the TWIC cards are being implemented if 
they're not being implemented on a regional basis. How is that 
security regime going to work when you have people working all 
around--maybe not even just the Port of Seattle and Port of 
Tacoma. We have the Port of Everett, the Port of Vancouver, 
because obviously people are employed where they're needed.
    Ms. Fanguy. Compliance will be enforced at the regional 
level by the Captain of Port sector and so what we're really 
announcing now is opening the doors of a service center where 
you can go and get your TWIC. The center in Tacoma will be one 
of many in your area. But before we actually begin to work with 
the Coast Guard to determine when compliance will be enforced, 
all of the centers will be open and we're trying to make it as 
convenient as possible by opening 147 fixed enrollment centers 
so that people can go get their card at a place that's most 
convenient to them. In addition, we're also working with local 
stakeholders to identify opportunities to take TWIC to them. So 
as an example, by taking a mobile enrollment station to a union 
hall or to a major employer, again, so that we can make sure 
that we get full coverage in this initial enrollment period. So 
Tacoma is really just the first of many in your area and all 
across the Nation.
    Senator Cantwell. So you're saying they're going to be 
deployed but not implemented until the rest of the region is 
implemented?
    Ms. Fanguy. Before we can actually enforce having the TWIC, 
we need to make sure that everybody has an opportunity to get a 
TWIC. So this is where we're trying to make it convenient to 
workers so that they have plenty of opportunity to apply but 
then when enforcement is brought in, everyone in the region 
would have had an opportunity to apply.
    Senator Cantwell. I know I'm over my time, Mr. Chairman but 
I wanted to say we want to continue to work very aggressively 
on this because I think there are--I think the contractor has 
failed to realize that there are multiple shifts, that there 
are workers that are needed--that need access to the secure 
areas. There are a variety of different people who read power 
meters, who collect garbage, work at the various--work in a 
variety of entities and so I think all of this integration and 
as I said, we have truckers who make deliveries to different 
ports.
    So, they're not necessarily just at the Port of Tacoma so 
how all that integration system works and obviously the TWIC 
Program in and of itself and its challenges. So we want to make 
sure that those concerns at the local level are being heard and 
that we're having a dialogue about them because we do want an 
implementation that works thoroughly. Thank you, Mr. Chairman.
    Senator Lautenberg. Senator Carper?

              STATEMENT OF HON. THOMAS R. CARPER, 
                   U.S. SENATOR FROM DELAWARE

    Senator Carper. Thank you, sir. To our panelists, welcome 
and thank you for joining us today. I want to make sure I 
pronounce everyone's name right. Ms. Fanguy?
    Ms. Fanguy. Yes.
    Senator Carper. Has your name ever been mispronounced?
    [Laughter.]
    Ms. Fanguy. I'd say nearly 100 percent of the time.
    Senator Carper. But not by me. Huh? All right. Thanks, 
that's good staff work, keep me out of trouble. Welcome all of 
you and let me just ask a question of two of you, if I can. I'm 
from Delaware and in our state is the Port of Wilmington, the 
top banana port on the East Coast, we're proud to say. We've 
got a lot of people who work there and a lot of, particularly, 
produce is handled there as well as cars, inbound and outbound, 
auto exports. We've been focused a fair amount on the TWIC 
program in our state and at our port, as a lot of places have 
and I'm pleased to hear that the TWIC program is finally 
beginning at the Port of Wilmington and that the workers there 
can start enrolling in the program, I think, next week. October 
16, whenever that is. Let me just ask how long you expect this 
first enrollment period to last before you begin enforcement at 
the port? How much notice do you expect to be able to provide 
to workers and to us, before you start enforcement? And a third 
part is how long will you test your initial operation before 
expanding it to other ports? So there are three questions and 
if somebody else wants to take a shot at this, you're welcome 
to as well. But again, three questions. How long do you expect 
this first enrollment period to last before you begin 
enforcement at the port? The second question, how much notice 
will you provide to workers and to us before you begin that 
enforcement and finally, how long will you test for initial 
operation before expanding to other ports? Including someone 
across the river in New Jersey?
    Ms. Fanguy. Sure, absolutely. So again, going back to the 
concept that compliance and enforcement comes in by Captain of 
the Port zone, Sector Delaware Bay has quite a broad span and 
we're going to have quite a number of enrollment centers there, 
so the Wilmington, Delaware facility will be the first in that 
area as well as in the Nation.
    Senator Carper. Yes, but we have a motto in our state. We 
were the first state to ratify the constitution and our state 
motto is, ``it's good to be first.'' I'm quick to point out 
there are some things you don't want to be first at.
    Ms. Fanguy. In terms of enrollment, we will be there for a 
significant period of time. I would say for the initial 
enrollment, months. But again, we like to think about this as a 
long-term activity so there will be a presence in all of the 
ports for the long-term, not just in this initial enrollment 
period. So when we talk about how long enrollment takes, what 
we're really trying to develop is a sustainable model to be 
able to have the right hours of operation, the right number of 
workers there to be able to take the people's information. In 
some places, we have 24/7 ports and in those places, we may do 
24/7 enrollment. We want to work really closely with the local 
stakeholders to determine what makes the most sense. So we were 
actually in Wilmington, Delaware last week, meeting with the 
Port Director and his staff and starting to work more closely 
about what's going to make the most sense. We've already been 
working with them but we need to continue to monitor how things 
go.
    Senator Carper. Let me interrupt. Let's just go back to my 
three questions.
    Ms. Fanguy. It's going to be several months for the initial 
surge period of enrollment. With the resources that we're going 
to deploy, we could do everybody, if they all came in exactly 
evenly, in 5 weeks but we don't think that's going to happen. 
So we're going to be there for months.
    Senator Carper. For several months?
    Ms. Fanguy. For several months. The Coast Guard, as it's 
stated in our regulation, must give 90 days notice before we 
begin to enforce the use of TWIC.
    Senator Carper. OK. Ninety days notice beyond what? October 
16?
    Ms. Fanguy. Prior to the start of compliance. So a notice 
would be published at some date in the future and that would 
be----
    Senator Carper. That starts a 90-day clock?
    Ms. Fanguy. That starts a clock.
    Senator Carper. OK. All right, thank you.
    Ms. Fanguy. And then the third part of your question is on 
expansion. Based on the test results that we've had today, we 
would expect that we're going to start in Wilmington, October 
16. We're then going to proceed through the rest of October, 
see how things go and early November is when we would go on to 
Corpus Christi and again, so we're moving on to a second single 
port, monitoring how the progress goes there and then beginning 
to expand nationwide. So we've listed the first 12 ports today 
but after we see the results of operations there, we do have an 
aggressive plan to be able to roll out nationwide to cover all 
of the other ports in some order.
    Senator Carper. All right, thank you. A related question, 
if I could, just to follow up. And you may want to answer this 
for the record but any idea how many people have been assigned 
to take applications at the Port of Wilmington, to help workers 
through the process?
    Ms. Fanguy. Again, the model that we're using is to use a 
number of part-time casual laborers but we look at it in terms 
of our overall--across all of the people, the shifts and the 
equipment, how many weeks will it take to do enrollment? So in 
Wilmington, Delaware, again, if people came in exactly evenly 
and they were all lined up and had pre-enrolled, we could do 
the entire operation in 5 weeks with the current equipment. 
We're going to also send a extra surge and again, if everybody 
came in exactly smoothly--another 3 weeks.
    Senator Carper. You're calling this a surge?
    Ms. Fanguy. A surge. Yes.
    Senator Carper. Part 2?
    Ms. Fanguy. Yes.
    Senator Carper. Any idea how many workers you expect to 
enroll during this initial enrollment period?
    Ms. Fanguy. Enrollments in Delaware, we expect it to be 
approximately 5,000 but if it's more, we're ready to handle the 
volume.
    Senator Carper. OK, good. That sort of answers my next 
question. If it turns out you need additional workers to get 
through this initial surge of applications, do you have the 
funding and capacity to hire and train additional people 
quickly?
    Ms. Fanguy. Absolutely. We have a contract structure in 
place that is extremely flexible. We pay a flat rate per 
worker. There's no additional cost to workers or to the 
government if we need to bring on additional resources.
    Senator Carper. OK, thanks. But, Mr. Chairman, could I ask 
one last question, if I may, please? Thanks very much. I don't 
mean to be picking on you, Ms. Fanguy, but I'm glad you're here 
and able to answer these questions. As you know, many of the 
longshoremen have criminal records because that line of work is 
one of the only good paying jobs that are open to some people 
with criminal records. But we're not trying to weed out those 
kinds that rehabilitate themselves and earn an honest living, 
of people who have made a mistake in their lives and seeking to 
atone for their sins and we want to make sure they have a 
chance. Can you explain how you plan to differentiate between 
those say with terrorist ties and those with a criminal record 
who are trying to earn a living now?
    And the second part is, can you also explain any waiver or 
appeals process that is open to those people that are denied a 
card? So there are two questions. Can you explain how they plan 
to differentiate between those with terrorist ties and those 
with criminal records who are trying to earn a living now and 
making a honest living now and second, can you explain to us 
any waiver or appeals process that is open to those folks who 
are going to be denied cards?
    Ms. Fanguy. Absolutely. So the disqualifying crimes that 
we've listed in our final rule are based on the aviation model 
for identifying potential ties to terrorism but every case is 
weighed on its own merits. We have a series of multiple reviews 
to look at a person's individual case and their particular 
background. We're basing our model for doing those reviews on 
other successful programs at TSA, such as the Hazardous 
Materials Endorsement Program, where we vetted close to 700,000 
people to date. We do anticipate that we will have some people 
who do fall within the parameters of those disqualifiers and 
that's where we work very closely with them to give them two 
opportunities.
    One is an appeal because in some cases, we may have 
incorrect information and if that's the case, we want to be 
able to disposition those as quickly as possible and make sure 
that the person gets their card and on the HazMat Program, we 
have processed over 10,000 appeals and 99 percent of them have 
been--we've discovered that we had incorrect information and we 
gave the person their endorsement.
    In terms of a waiver, that's where a person may truly have 
a disqualifier in their past but we work with the person. We 
send them a waiver packet that provides them with some 
instructions on how to provide us with information and we ask 
that the person take advantage of the waiver process and let us 
know how they may not be a--have any ties to terrorism and 
don't pose a security threat. So there are people who may have 
something in their past but it's absolutely not our intent to 
keep people from going to work. We're trying to keep people 
with ties to terrorism out of the ports so we want to work 
closely with workers.
    Senator Carper. I understand. It's a difficult balancing 
act. Mr. Chairman, you've been terrific. Thank you and Ms. 
Fanguy, so have you. Thanks so much.
    Senator Lautenberg. Now, we like our neighbors--as a matter 
of fact, we're very fond of the state but it's smaller than 
ours.
    [Laughter.]
    Senator Carper. We're only the 49th largest state. But we 
were the first.
    Senator Lautenberg. And I remind everybody that New Jersey 
was the state where the Bill of Rights was first signed. And 
we're pleased to have the distinguished Senator from Maine 
here, Senator Snowe.

              STATEMENT OF HON. OLYMPIA J. SNOWE, 
                    U.S. SENATOR FROM MAINE

    Senator Snowe. Thank you, thank you, Mr. Chairman, thank 
you for conducting this hearing today, which is obviously a 
critical issue to our Nation because port security remains our 
greatest terrorist vulnerability and I know that this Committee 
has held numerous hearings over the years to follow up and to 
explore the gaps in port security and measuring the progress 
that we've made and trying to identify ways in which we can 
build upon the effectiveness of those programs that are working 
but also to make sure that we do everything we can to 
aggressively pursue closing the remaining gaps and I know we've 
made progress. I know it's an identified mission and I 
appreciated the GAO's report because I think it does give us, I 
think, a snapshot of where we stand today and obviously, I'm 
deeply concerned that we haven't been able to implement the 
Transportation Worker Identification Credential program--I 
mean, that's certainly lagging and second, the implementation 
of standardized inspections and scanning of containers, which 
has also been very--is critical to port security. So I want to 
begin with you, Admiral Pekoske, on several of these issues.
    Obviously, the GAO has said that the Coast Guard remains 
resource challenged in a number of areas, one of which, of 
course, is on inspections as well and I would like to follow up 
with you to ask you exactly what is the status of the number of 
inspectors that you're currently training? I know in 2006, you 
had 82 inspectors. We provided an additional $15 million to 
help expedite the training. I gather that's lagging at this 
point and we had the double inspection requirement both for 
domestic inspections and international facilities. I understand 
that has really not been implemented to the extent that it 
should be in meeting our commitment for inspections, both 
domestically as well as with international ports. So can you 
tell us today exactly where the Coast Guard stands and the 
number of inspectors, too. How many are being trained? And 
three, on the inspections, how many inspections have been 
conducted and how many need to be conducted and how are you 
going to meet the commitment with the new requirements in the 
law?
    Admiral Pekoske. Senator, thanks for the question and I'll 
answer it in two ways. I'll talk about our domestic inspections 
first, if that's OK and then I'll talk about our international 
inspections. Domestically, the SAFE Port Act requires us to do 
one regularly scheduled inspection of every facility. There are 
roughly 3,200 facilities and then one unannounced inspection. 
So the Act requires two inspections per year. We have roughly 
almost 400 inspectors to be able to do that. We appreciate the 
Congress's support of additional inspectors to bring us up to a 
higher level, an addition of about 90 inspectors over the past 
year. That inspection level is adequate to conduct the one 
announced, one unannounced inspection of all the MTSA 
facilities that the SAFE Port Act has. As an example, in 2007, 
with 3,200 facilities domestically, we've done over 7,200 
inspections so we are well on pace to actually exceed the 
requirement in 2007, domestically. Internationally, we have a 
smaller cadre of international inspectors, under 100 people, 
roughly 80 people that travel to the foreign ports, the 140 
foreign ports. Senator, they've already inspected 108 of those 
140, so roughly 80 percent and they will have all 140 complete 
by March of 2008.
    So I consider that to be good progress and they've come 
back with some very, very good results. We intend to actually 
exceed the requirements of the SAFE Port Act. The SAFE Port Act 
requires that we visit every country every 3 years. Senator, we 
plan to visit them every 2 years because particularly at the 
early stages, this is a global system and providing that 
presence and that recurring training and plus that assessment 
is very important for us. So inspection-wise, we're in 
reasonably good shape.
    One of the things we're doing as well, Senator, is the 
Commandant had an opportunity to speak before the Propeller 
Club a couple weeks ago and he talked about our overall 
inspection program within the Coast Guard and he made a couple 
of important points. One is that we need to stabilize, 
internally for the Coast Guard, our inspection workforce, more 
so than we have in the past, so that the expertise that is 
developed stays in the inspection program. And we also need to 
increase the number of civilian employees we have in that 
inspection program so that the military rotation system doesn't 
cause the level of churn that it currently does. So we'll have 
more civilians, predominantly still military but--and even with 
the military, we're going to try to manage the rotation process 
so that expertise stays resident.
    Senator Snowe. So you're comfortable with the number of 
inspectors that you currently have to meet the requirements, 
both domestically and internationally? You're saying 300 that 
are fully trained at this point?
    Admiral Pekoske. Yes, ma'am.
    Senator Snowe. It would be interesting, Mr. Caldwell. I'd 
like to have you address this question as well because I know 
in GAO, you address that particular question in saying at GAO 
that the Coast Guard was resource challenged in meeting the 
requirement of training these inspectors. Are you comfortable 
with what Admiral Pekoske is now saying?
    Mr. Caldwell. Well, let me try to address both, the 
overseas first and the domestic second. In terms of the 
overseas, the Coast Guard's big problem is that this is a new 
program. So they trained these people to be inspectors to do 
this program and now they're all toward the end of their 
rotation. But once the program has been in place for a number 
of years, you'll have more people rotating in and out and 
people in place to share that expertise. It's not just an issue 
of training with overseas inspectors. You have to have the 
right kind of person. They have to be diplomatic and be able to 
deal in a foreign environment. Obviously language skills are 
very important there. I think the toughest nut to crack for the 
Coast Guard is getting over this hump of replacing almost their 
entire first class cadre of overseas inspectors.
    In terms of the domestic program, they've trained a lot of 
people but a lot of them are no longer assigned to do 
inspections and sometimes people that are currently assigned as 
inspectors aren't doing inspections. They have other duties as 
assigned. These are legitimate duties in terms of looking at 
safety or environmental issues as opposed to security 
inspections. Regarding Admiral Pekoske's comment about hiring 
some civilian inspectors, I think that could go a long way by 
providing more stability within an office. Within an individual 
Coast Guard sector, it's good to have somebody who has been 
there a number of years to know that a particular facility has 
always been a problem. That inspector might know that 
unannounced is better than announced inspections. That 
inspector knows to show up on a Friday night because he went by 
there on a Friday night 2 years ago and the gate was wide open.
    I think that the Coast Guard is pretty receptive to the 
recommendations we're about to make about its inspection 
program. We actually have an exit conference tomorrow with the 
Coast Guard where we'll talk about our potential 
recommendations and I think we're satisfied that progress is 
being made. The bigger issue we have is the MISLE data, which 
is how they track these inspections, hasn't been kept 
consistently by the inspectors. Without cleaning up the data, 
it's pretty hard for the Coast Guard to make an evaluation of 
how well the program is working. For example, they could 
compare the results of unannounced inspections to announced 
inspections. Currently, the Coast Guard just doesn't have the 
data to do that type of analysis right now.
    Admiral Pekoske. Senator, if I could add to that, Mr. 
Caldwell makes some very good points and we have taken a look 
at following up on the data that we collect from these 
inspections and to be able to do with it just what he stated. 
If I could make two other points. We just had all of our 
international port security liaison officers--those that do the 
international inspections, here in Washington for a week 
conference and we talked to them about consistency in their 
program, the approaches they make to countries, how to conduct 
the inspections and so this is a new program and it is getting 
off the ground. We're going to be very careful that we don't 
have everybody reporting in and then 2 years or 3 years later, 
everybody reporting out. We're going to manage that transition 
very carefully. If I could make one other point with respect to 
inspections, we've taken a very close look, as you know, over 
the past four or 5 months, with our marine safety--not the 
security but the safety inspections and we know that we do not 
have enough resources for those safety inspections. And that 
inspection capability, when you're looking at safety and 
security issues, goes hand in glove. So, to conduct the safety 
inspections we need, plus with the advancement of industry, we 
do need more resources for that.
    Senator Snowe. I appreciate that. Thank you, Mr. Chairman. 
I do have just one other question? On interagency operational 
centers, I understand that the Coast Guard does not yet have a 
single comprehensive plan. Can you address that because I think 
that is also very critical to get the coordination that is, I 
think, so essential across this country with respect to the 
various ports and how they are integrated.
    Admiral Pekoske. Yes, Senator and you're exactly correct. 
What we have done since 9/11 is we have prototyped across the 
country in five different locations, how you would develop an 
integrated command and we've learned an awful lot of lessons 
from that. We have a project called Command 21, about a $260 
million project that will begin that process of integrated 
command centers. It kind of does it from a couple of 
perspectives. It's additional sensors, additional information 
systems to integrate the sensors and then the facilities so 
that when we have an integrated command center, we have a 
command center where all of our port partners can be with us in 
the same location, if that's possible and if that makes 
operational sense in the port. In some ports, that doesn't make 
operational sense. An example would be the Port of New York and 
New Jersey, where we do need to have some redundancy of command 
centers, due to complexity and size of that port. But you're 
exactly right. This is a concern of ours and as we look at our 
sectors, this is a number one priority for us, is to get those 
integrated command centers.
    Senator Snowe. And do you need additional money for that? I 
mean, is it--I understand there has been $260 million applied.
    Admiral Pekoske. No, Senator, we need $260 million. We have 
not had the money for that yet.
    Senator Snowe. You have not had money yet? So that is 
essential?
    Admiral Pekoske. Yes, ma'am.
    Senator Snowe. OK. Thank you. Thank you, Mr. Chairman.
    Senator Lautenberg. Thank you very much, Senator Snowe. I 
just want to check something with Mr. Winkowski that was in 
your statement, where you talk about this fiscal year CSI 
expanded to eight additional ports, reached a milestone of 58 
ports worldwide, 85 percent of the container traffic destined 
to the United States. Now, how is that screening done? Is it a 
paperwork screening, Mr. Winkowski?
    Mr. Winkowski. We have Automated Targeting Systems that are 
employed. That's targeting the cargo overseas as part of our 
redundancy systems. We have Radiation Portal Monitors overseas.
    Senator Lautenberg. Have all of these containers been 
reviewed by a technological device that says what's in there?
    Mr. Winkowski. They have all been screened through our 
Automated Targeting System, yes.
    Senator Lautenberg. But just to be sure. Now, how much of 
that has been screened by a device and how much of it has been 
screened as a result of paper inspections?
    Mr. Winkowski. You have several scenarios. You have the 
automated targeting system I just talked about. On those 
containers that present a high risk for us, they are then put 
through a Radiation Portal Monitor for scanning purposes.
    Senator Lautenberg. So in order to get to that stage, so 
it's a paperwork review. How about intelligence help from other 
places? The Inspector General report of 2006, ``Automated 
Targeting Systems,'' that talks about the sources of 
intelligence information, are you dependent on others supplying 
data to you in order to get to the radiation screening?
    Mr. Winkowski. We have very close working relationships 
with many of the agencies that are in that business, the Coast 
Guard and we have a system in place to review that.
    Senator Lautenberg. So it's not 100 percent radioactive 
screening or whatever the process is?
    Mr. Winkowski. Not at all. Not at all the CSI ports, no.
    Senator Lautenberg. No. OK. Mr. Coscia, I was interested in 
the statement about the cost of Federal--cost of equipment. 
TWIC cost was estimated to be between $575 million and $831 
million. The cost for facility owners, this is Ms. Fanguy's--
it's your statement, I believe and I'm reading from it, so the 
cost for facility owners is estimated to be between $580 
million and $1.6 billion and I'm rounding off here. Now, Mr. 
Coscia, do we have any idea what it might cost in the Port of 
New York and New Jersey to pick up their share of the 
screening, the screening equipment that is necessary?
    Mr. Coscia. Senator, I don't know that we know that number 
with great precision but our best estimate is that would be 
somewhere in the neighborhood of $10 million.
    Senator Lautenberg. Ten million dollars?
    Mr. Coscia. That's correct.
    Senator Lautenberg. And that would be borne by the Port 
Authority?
    Mr. Coscia. By the Port Authority but let me be clear. That 
number and the accuracy of that number is impossible to 
determine at this stage precisely. That number is our allocated 
cost sharing on the implementation of the program from a 
technology standpoint, from infrastructure.
    Senator Lautenberg. Is that the 25 percent?
    Mr. Coscia. That's the 25 percent, roughly, I believe, yes. 
Beyond that, we have significant costs associated with 
different operational changes that we need to do in order to 
implement the system. So that's in essence, our contribution to 
the TWIC implementation from a mechanical standpoint.
    Senator Lautenberg. As all of you have seen, we've been 
generous in our time allocation so, in a kind of schizophrenic 
thing, I'm going to say the Chairman--Mr. Chairman, you've out-
questioned your time. So we'll keep the record open and we'll 
submit questions to you or permit members of the Committee to 
submit questions and would ask for your prompt response and I 
thank each one of you for your excellent presentations today.
    [Whereupon, at 11:33 a.m., the hearing was adjourned.]
                            A P P E N D I X

   Prepared Statement of Vayl S. Oxford, Director, Domestic Nuclear 
           Detection Office, Department of Homeland Security
Introduction
    Chairman Inouye, Vice Chairman Stevens, and distinguished Members 
of the Committee, as Director of the Domestic Nuclear Detection Office 
(DNDO), I would like to thank you for the opportunity to share the 
progress we have made in improving port and cargo security. Keeping our 
Nation's ports secure is a critical layer in protecting our citizens 
against nuclear terrorism.
    One year ago, the President signed the SAFE Port Act, which 
formally authorized the establishment of the DNDO. This important piece 
of legislation also identified a number of goals and reporting 
requirements for our Department. It helped ensure that we have the 
right security strategies in place and that we maintain our momentum as 
we implement protective measures.
    I am happy to share that DNDO is meeting the requirements outlined 
in the SAFE Port Act. We have submitted a number of reports to Congress 
due earlier this year (including our comprehensive strategy for the 
deployment of radiological and nuclear detection equipment) and we 
expect to meet the deadlines for those that remain. We also have made 
excellent progress in deploying radiation detection technology at our 
busiest ports resulting in the screening of 93 percent of all incoming 
seaborne cargo into the United States.
Port Security Strategy
    Before I go into more detail about the progress we have made in 
regards to the SAFE Port Act, I would like to explain our strategy at 
DNDO for deploying detection technologies to our Ports of Entry (POEs). 
Eighteen months ago, only 37 percent of incoming seaborne containerized 
cargo was being scanned for radiological and nuclear threats. DNDO 
worked in partnership with our colleagues at Customs and Border 
Protection (CBP) to develop a joint radiation portal monitor (RPM) 
deployment strategy that incorporates an optimized mix of current- and 
next-generation technologies, balancing our need for better capability 
with a desire for increased coverage against the associated costs of 
each. This joint strategy is predicated on placing next-generation 
systems, like the Advanced Spectroscopic Portal (ASP), at the highest 
throughput ports, where reductions to secondary inspection rates will 
have the greatest benefit. Deployment of ASP systems will be dependent 
upon the Secretarial certification of the systems as required by the FY 
2007 Homeland Security Appropriations Act (Pub. L. 109-295).
    Our strategy up to now has prioritized deployment activities based 
on risk, vulnerability, or consequence, as influenced by major 
populations, industries, importance to the economy and supply chain, or 
military bases located nearby. We also consider prior records of 
illicit activities. Finally, we consider whether locations had upcoming 
port reconfiguration.
    We have taken steps to prepare for additional deployments and are 
conducting site surveys, developing site designs, and starting 
negotiations to award construction contracts for each of the crossings. 
As a general practice, DNDO works with the port authority to 
proactively schedule construction to coincide with any other activities 
at the port. This helps prevent scheduling delays and expedites the 
deployment process overall.
    Our priority remains to finish deploying RPMs to high volume 
seaports and land border crossings. However, our future plans are 
addressing the hundreds of smaller crossings that dot the Northern and 
Southern borders, including rail crossings. We will also begin scanning 
of international air cargo.
Status of Deployments
    RPMs have been deployed to all of the Nation's 22 busiest seaports. 
We are currently scanning 93 percent of cargo coming through our 
seaports using 358 RPMs. Moreover, at select major seaports, exit 
scanning now covers 100 percent of all containers and vehicles. By the 
end of this calendar year, 98 percent of all containerized sea cargo 
entering into the United States at the 22 busiest ports will be scanned 
for radiological and nuclear threats.
    It is also important to mention deployments to our land borders. 
There are 241 RPMs operating on the Northern border and 343 RPMs 
operating on the Southern border. This results in scanning 91 percent 
of containerized cargo coming across the Northern Border and 97 percent 
coming across the Southern. In addition, a total of 60 RPMs are 
deployed to sites such as mail and express courier consignment 
facilities. By focusing on major ports of entry first, we have been 
able to dramatically boost the scanning levels of incoming cargo. We 
are also conducting scanning of privately owned vehicles (POVs). Our 
detection equipment currently scans 81 percent of POV traffic coming 
across the Northern border and 92 percent across the Southern.
Meeting the Requirements of the SAFE Port Act
    Based on the progress we have made with RPM deployments at POEs, we 
are meeting the mandates set forth in the SAFE Port Act that require 
that all containers entering high-volume ports by vessel be scanned for 
radiation. In addition, we have developed the required strategy for the 
deployment of radiation detection capabilities, and that strategy has 
been submitted for the record as an amendment to this testimony. 
However, there are a number of other requirements outlined in the Act 
that we have been asked to fulfill and I would like to give you an 
update on each.
    In total, the SAFE Port Act outlines five reporting requirements 
for DNDO. Our deployment strategy was submitted first to Congress in 
March 2007 and included information on a risk-based prioritization of 
ports, a proposed timeline for deployment, the types of equipment that 
we are proposing for each port, documentation of standard operating 
procedures for examining containers, operator training plans, and the 
Department's policy of using non-intrusive imaging equipment. As I 
mentioned earlier, one aspect of our joint deployment plan with CBP is 
how we plan on introducing next-generation technologies like ASP into 
the field. Right now, ASP is pending Secretarial certification and will 
not be fully deployed until that certification process is complete. If 
the outcome of the certification process is positive, we will submit an 
amendment to our strategy to identify the locations at which we will 
deploy ASP. The report also included a classified annex that details 
plans for covert testing of the top 22 seaports, as required by Section 
121 of the SAFE Port Act. The DNDO Red Team is working with CBP to 
build and maintain documentation of these activities.
    Second, in April 2007, we submitted a joint report with the Science 
and Technology Directorate, CBP, and DHS Office of Policy Development 
that outlined the feasibility of and strategy for development of 
chemical, biological, radiological and nuclear (CBRN) detection 
equipment. DNDO submitted content that clearly documented both near- 
and long-term research and development efforts that will provide 
improved nuclear detection capabilities.
    The third report required that DNDO, along with CBP, complete an 
evaluation of health and safety issues related to the use of non-
intrusive imaging (NII) technology to scan containers. DHS fully 
understands the environmental health and safety impacts of NII 
technology. DHS has a comprehensive radiation risk reduction plan, and 
will continue to work closely with the Nuclear Regulatory Commission, 
Occupational Safety and Health Administration, and the National 
Institute for Occupational Safety and Health to minimize radiation 
exposure of workers and the public to levels as low as reasonably 
achievable. Additionally, DHS will continue to monitor environmental 
health and safety impacts associated with NII technology by constantly 
addressing these impacts with systems currently deployed and systems 
under development. As next-generation NII systems are developed, DNDO 
will make a constant effort to address environmental health and safety 
issues by consulting with the National Council on Radiation Protection 
and Measurements, and conducting modeling and benchmarking. This report 
was submitted in July 2007 and received no comments from Congress 
except for a request to make our findings open for distribution to the 
private sector. We complied with this request and modified the document 
so that it was no longer For Official Use Only (FOUO).
    The two remaining reports, an overall investment strategy for 
radiological and nuclear detection across the U.S. Government, and a 
report on how DNDO authorization language impacted the Homeland 
Security Act of 2002 and DHS research and development efforts to 
detect, prevent, protect, and respond to chemical, biological, 
radiological, and nuclear terrorist attacks, are scheduled to be 
delivered in October. We are working with other DHS components and 
across the interagency to ensure that these reports are comprehensive 
in nature and delivered to Congress in a timely manner.
    The SAFE Port Act also required DNDO to establish an Intermodal 
Rail Radiation Detection Test Center. This was a very forward thinking 
requirement and one that DNDO strongly supports. There are several 
seaports that load cargo directly from ships to rail cars, therefore 
bypassing typical exit gate scanning operations. Right now, we do not 
have a detector that can address this challenge. An intermodal rail 
radiation detection test center will help develop additional passive 
detection design variants that meet unique port requirements, thereby 
enabling DNDO to provide solutions that enable us to scan 100 percent 
of cargo containers entering the United States. The test center was 
announced in May of this year and was awarded to the Port of Tacoma, 
Washington. The Port of Tacoma was chosen as the location of the Rail 
Test Center because more than 70 percent of its total import cargo 
volume is handled by rail at its multiple intermodal rail terminals. We 
are working diligently with the Port of Tacoma and CBP to begin testing 
the operational needs associated with intermodal rail, as well as 
evaluating innovative technical solutions to fit the unique 
radiological and nuclear detection requirements of intermodal 
terminals.
Additional Port Security Efforts
    I wanted to take the opportunity today to also discuss additional 
port security efforts in which DNDO is involved. These are not outlined 
in the SAFE Port Act, but contribute to security in the maritime 
environment and for our country overall.
    DNDO has an excellent working relationship with our Coast Guard 
operators. We have a joint acquisition plan in place that will allow 
DNDO to both develop and acquire systems for USCG use. DNDO provided 
handheld and backpack radiation detection devices to fulfill imminent 
operational needs in Fiscal Year 2007. We will deploy radiation 
detection capabilities to every Coast Guard inspection and boarding 
team by the end of 2007. The Secretary stated that this is one major 
goal for this Department, and we are going to meet that goal. We are 
also developing next-generation technologies that have the 
identification capabilities, connectivity, and ruggedness required in 
the maritime environment.
    We also recently announced the West Coast Maritime pilot program 
that is beginning in the Puget Sound region of Washington State and 
will expand into San Diego, California. The three-year pilot will 
provide maritime radiation detection capabilities for State and local 
authorities with the goal of reducing the risk of radiological and 
nuclear threats that could be illicitly transported on recreational or 
small commercial vessels. We will be conducting this pilot program in 
close coordination with the U.S. Coast Guard and Customs and Border 
Protection. DNDO expects to deploy non-intrusive, passive detection 
sensors, such as human-portable radiation detection equipment, mobile 
sensors, and fixed-position detectors. We will also be working with 
maritime partners and local authorities in both areas to assess the 
geographic configurations of the ports to maximize detection and 
interdiction opportunities. Additional analyses for local partners will 
include a baseline survey of the existing radiological and nuclear 
detection architecture, a gap and risk assessment, and associated 
recommended actions to be developed in conjunction with maritime 
stakeholders. Maritime stakeholders will also receive guidance from 
DNDO on operational protocols, training, and exercises that support 
small vessel radiation detection capabilities.
Conclusion
    The mission of the DNDO reaches far beyond port security. However, 
port security is a critical component in protecting the U.S. from 
nuclear terrorism. The SAFE Port Act codified many of the requirements 
and strategies that will ensure a robust defense against threats to our 
Nation. The DNDO and its partners have made significant progress over 
the last 2 years, and will continue to make progress in keeping this 
Nation safe. I look forward to working with all of our partners within 
DHS, other departments, State and local agencies, and the members of 
this subcommittee and Congress in continuing to pursue this goal.
    This concludes my prepared statement. Chairman Inouye, Vice 
Chairman Stevens, and Members of the Committee, I thank you for this 
opportunity and request that this statement be submitted for the 
record.
                                 ______
                                 
      Prepared Statement of Christopher Koch, President and CEO, 
                         World Shipping Council
I. Introduction
    The World Shipping Council is pleased to have the opportunity to 
submit the following comments to the Committee as it undertakes 
oversight of the various maritime programs and issues.
    My name is Christopher Koch. I am President and CEO of the World 
Shipping Council (WSC or the Council), a trade association that 
represents the international liner shipping industry. I also serve as 
the Chairman of the National Maritime Security Advisory Committee 
(NMSAC), a Federal Advisory Committee Act committee providing advice to 
the Coast Guard and the Department of Homeland Security (DHS) on 
maritime security issues, and as a member of the Commercial Operations 
Advisory Committee (COAC) that advises the Departments of the Treasury 
and Homeland Security on commercial and Customs matters.
    Liner shipping is the sector of the maritime shipping industry that 
offers service based on fixed schedules and itineraries. The World 
Shipping Council's liner shipping member companies provide an extensive 
network of services that connect American businesses and households to 
the rest of the world. WSC member lines carry roughly 95 percent of 
America's containerized international cargo.\1\
---------------------------------------------------------------------------
    \1\ A listing of the Council's member companies and additional 
information about the Council can be found at www.worldshipping.org.
---------------------------------------------------------------------------
    Approximately 1,000 ocean-going liner vessels, mostly 
containerships, make more than 22,000 U.S. port calls each year. More 
than 50,000 container loads of imports and exports are handled at U.S. 
ports each day, providing American importers and exporters with 
efficient transportation services to and from roughly 175 countries. 
Today, U.S. commerce is served by more than 125 weekly container 
services, an increase of over 60 percent since 1999.
    In addition to containerships, liner shipping offers services 
operated by roll-on/roll-off or ``ro-ro'' vessels that are especially 
designed to handle a wide variety of vehicles, including everything 
from passenger cars to construction equipment. In 2006, these ro-ro 
ships brought almost four million passenger vehicles and light trucks 
valued at $83.6 billion into the U.S. and transported nearly one 
million of these units valued at $18 billion to U.S. trading partners 
in other countries.
    Liner shipping is the heart of a global transportation system that 
connects American companies and consumers with the world. More than 70 
percent of the $700 billion in U.S. ocean-borne commerce is transported 
via liner shipping companies.
    The liner shipping industry has been determined by the Department 
of Homeland Security to be one of the elements of the Nation's 
``critical infrastructure''.
    Liner shipping generates more than one million American jobs and 
$38 billion in annual wages. This combined with other industry 
expenditures in the U.S. results in an industry contribution to U.S. 
GDP that exceeds $100 billion per year.
II. The Focus on Maritime Security
    For the past 6 years, the WSC and its member companies have 
strongly supported the various efforts of the U.S. Coast Guard and U.S. 
Customs and Border Protection (CBP) to enhance maritime and cargo 
security. The multi-faceted and risk-based strategies and programs of 
the government have been able to make substantial progress toward 
meeting this challenge, and they continue to evolve. At the same time, 
the Coast Guard and CBP recognize the fact that the industry is 
transporting on average roughly 50,000 containers, holding roughly $1.3 
billion worth of cargo owned by U.S. importers and exporters, each day 
through U.S. ports. Significant delays to this flow of legitimate 
commerce could have substantial adverse effects on the American 
economy.
    The multi-layered maritime security strategy has a number of parts 
on which I will briefly comment today. The basic architecture of U.S. 
maritime security is well known and understandable. First, there is 
vessel and port security, overseen by the Coast Guard and guided in 
large measure by the International Ship and Port Facility Security Code 
(ISPS). Second, there is personnel security, overseen by various 
Department of Homeland Security agencies and the State Department. 
Third, is cargo security, which with regard to containerized cargo, is 
addressed through Customs and Border Protection's advance cargo 
screening initiative, C-TPAT, and the Container Security Initiative--
all of which are reinforced and made more effective by the increased 
deployment of container inspection technology at U.S. and foreign 
ports.
A. Vessel and Port Security Plans
    Every commercial vessel arriving at a U.S. port and every port 
facility needs to have an approved security plan overseen by the Coast 
Guard. Each arriving vessel must provide the Coast Guard with an 
advance notice of arrival 96 hours prior to arriving at a U.S. port, 
including a list of all crew members aboard--each of whom must have a 
U.S. visa in order to get off the ship in a U.S. port.
    The liner shipping industry's operations are consistent and 
repetitive--its vessel services and crews call at the same ports every 
week. So long as there is consistent and professional implementation of 
the security rules, which is usually a hallmark of the Coast Guard, 
liner shipping has found no problem in operating in the new vessel or 
port security environment.
    We also appreciate the Coast Guard Commandant's admonition that the 
``concept of maritime security cannot be reduced to a single threat 
vector''. There are numerous potential vectors for terrorists attack on 
the maritime environment that don't involve cargo containers. For 
example, merchant vessels are in fact defenseless against small boat 
attacks. We fully support the Coast Guard in its efforts to secure an 
enormous Maritime Domain against a variety of risks.
    Long Range Information and Tracking (LRIT) of Vessels: On October 
3, the Coast Guard published a Notice of Proposed Rulemaking (NPRM) on 
Long Range Information and Tracking (LRIT) in the Federal Register. The 
Council supports the LRIT objective and the enhanced visibility of 
vessels offshore that it will give to the Coast Guard and other 
governments.
    The Coast Guard expects existing maritime satellite communications 
equipment to be able to meet these tracking requirements. Assuming this 
is correct, the Council does not foresee major problems complying with 
these regulations.
    There may be concern, however, regarding how the Coast Guard 
intends to implement LRIT if the International Data Center (IDC) is not 
in place. The IDC is where a vessel whose country of registration has 
not established its own data center is to send its position reports. 
Many smaller nations were expected to use the IDC and how their vessels 
will comply with the LRIT requirements is in question. An agreement has 
been reached to allow the Coast Guard to host the International Data 
Exchange (IDE) on an interim basis until January 1, 2010. It is unclear 
what happens with the IDE after that date. A uniform, global operating 
system is the desired objective. The Coast Guard has invited comments 
on these issues in its recent NPRM, and we expect that the industry and 
other governments will be considering these issues closely.
    Small Vessels: The attacks on the U.S.S. COLE and M/V LINDBERGH 
demonstrated that large vessels can be the objects of terrorist attack 
from small boats. The U.S. Coast Guard Commandant, Admiral Allen, has 
on numerous occasions noted this and other small boat vulnerabilities 
and the difficulty in devising effective ways to address the threat 
without significantly inconveniencing recreational and small boat 
movements. The Council notes that DHS has recently undertaken some 
pilot efforts on the West Coast to test technologies that may 
contribute to addressing this issue, and while we recognize the 
difficulty of the challenge, we believe that such DHS efforts are 
focusing on a legitimate concern. We also appreciate that the U.S. 
Coast Guard is playing a lead role in having put this on the 
International Maritime Organization's agenda in order to develop 
international principles and criteria for addressing this issue.
B. Transport Worker Identification Credential
    The Council supports the credentialing of maritime workers 
requiring unescorted access to secure maritime facilities. The National 
Maritime Security Advisory Committee (NMSAC), with the advice and input 
of a wide range of U.S. maritime interests, has spent considerable 
effort to provide comments to the Coast Guard and the Transportation 
Security Administration on the development of the TWIC regime. The 
industry's primary concern is that the security enhancement envisioned 
in this new system not have undue impacts on those personnel who work 
in port terminals servicing vessels or on port operations.
    The SAFE Port Act requires TWIC reader pilot projects to be run in 
at least five locations. NMSAC has recommended that the final TWIC 
regulations should not be published until the results of these pilot 
projects are known.
    The Coast Guard has indicated its intention to issue two sets of 
proposed rules on the TWIC regulations: the initial set to give some 
shape to the pilots and the second, supplemental proposal which is 
intended to finalize the proposed regulations when the pilots' results 
are known. We support this measured approach.
    The Coast Guard also recently announced the biometric standard to 
be placed on the TWIC card. This standard contains two items that were 
not supported by the industry: encryption and a Personal Identification 
Number (PIN). The industry's concern has been that encryption will 
create operational complexities which have the potential to severely 
impede the flow of maritime commerce. Further, the NMSAC does not 
believe the significant additional costs associated with encrypting the 
fingerprint template are warranted given the minimal risk involved 
without such encryption. How these two items will work with readers 
remains to be seen, but the industry is hopeful that the good 
consultative process that the Coast Guard has established with NMSAC 
will allow for these issues to be addressed satisfactorily.
    Lastly, DHS has begun to enroll workers in Wilmington, Delaware, 
starting on October 16, and has also listed the next eleven follow-on 
locations for enrollment. The industry strongly supports a measured 
implementation of this challenging new regime so that any unanticipated 
issues that may arise can be addressed as the system is rolled out in 
stages.
C. Containerized Cargo Security
    The WSC fully supports the U.S. Government's strategy in addressing 
containerized cargo security. Specifically, the Council supports CBP's 
risk assessment and screening of 100 percent of all containers prior to 
their being loaded onto vessels destined for the U.S., and the pre-
vessel loading inspection of 100 percent of those containers that CBP's 
cargo risk assessment system determines to present a significant 
security risk or question. The Council does not support recent 
legislation's call for inspection of 100 percent of all import 
containers before vessel loading, because the concept has not been 
clearly considered and remains presently impractical.
1. Container Security Initiative (CSI)
    The network of bilateral Customs-to-Customs agreements forming the 
``Container Security Initiative'' (CSI) continues to grow. There are 
now 58 foreign ports participating with the U.S. in this initiative, 
covering 85 percent of U.S. containerized import trade. CSI is a 
keystone to the effective international implementation of the advanced 
screening and inspection of U.S. containerized cargo that presents 
security questions. It is only through these cooperative CSI Customs-
to-Customs data sharing and container inspection cooperative efforts 
that overseas container inspection can occur.
    The Council recently wrote to CBP to recommend that the agency plan 
for how to expand its CSI Customs-to-Customs cooperative partnerships 
with European customs authorities to prepare for the planned 2009 
implementation of the European 24 Hour Rule under Commission Regulation 
1875. The purpose of such planning would be to ensure that American 
export containers receives the same kind of cooperative and expedited 
consideration when European authorities raise security questions, as 
European export containers receive today when CBP raises such a 
question.
2. Containerized Cargo Screening and Risk Assessment
    CBP employs a multi-faceted containerized cargo risk assessment and 
screening system, so that it can identify those cargo shipments that 
warrant further review, rather than those that are low risk and should 
be allowed to be transported without delay.
    C-TPAT: One element of that system is the Customs-Trade Partnership 
Against Terrorism (C-TPAT) pursuant to which various entities in the 
supply chain voluntarily undertake security enhancing measures. CBP 
then validates participants' compliance, and compliant supply chains 
are accordingly afforded lower risk assessments.
    24-Hour Rule: Another important element of the risk assessment 
system is CBP's receipt and analysis of pertinent advance information 
about cargo shipments before vessel loading. This program began soon 
after September 11, under which carriers provide CBP with the advance 
shipment information they possess 24 hours before vessel loading in a 
foreign port for risk screening (the ``24-Hour Rule''). The Council has 
fully supported this regulation and this strategy, which allows the CSI 
program to perform advance container risk assessment.
    Better Security Screening Data: ``10 plus 2'' Initiative: While the 
24 Hour Rule has been in the Council's view a logical and sound effort, 
the Council has for several years noted that more effective advance 
cargo security screening will require more data than the information 
provided by carriers via the 24 Hour Rule.
    Recognizing both this need for enhanced container security 
targeting and the existing limits of information provided in carriers' 
bills of lading, the SAFE Port Act sets forth the following requirement 
to enhance the capability of CBP's Automated Targeting System:

        ``Section 203(b): Requirement. The Secretary, acting through 
        the Commissioner, shall require the electronic transmission to 
        the Department of additional data elements for improved high-
        risk targeting, including appropriate elements of entry data . 
        . . to be provided as advanced information with respect to 
        cargo destined for importation into the United States prior to 
        loading of such cargo on vessels at foreign ports.''

    Customs and Border Protection (CBP) is developing a regulatory 
proposal that would require U.S. importers or cargo owners to file ten 
additional data elements \2\ with CBP 24 hours prior to vessel loading, 
and to require ocean carriers to provide two additional sources of 
data--vessel stowage plans prior to arrival in the U.S., as well copies 
of electronic container status messages. This is referred to as the 
``10 plus 2'' initiative.
---------------------------------------------------------------------------
    \2\ The ten cargo data elements of the new Security Filing have 
been identified by CBP as: (1) Manufacturer (or Supplier) Name and 
Address, (2) Seller (or Owner) Name and Address, (3) Buyer (or Owner) 
Name and Address, (4) Ship To Name and Address, (5) Container Stuffing 
Location(s), (6) Consolidator (or Stuffer) Name and Address, (7) 
Importer of Record Number, (8) Consignee Number, (9) Country of Origin, 
and (10) Commodity 6-Digit HTS Code.
---------------------------------------------------------------------------
    CBP has undertaken extensive, transparent, and open consultation 
with the trade and carrier community in developing this proposal. It is 
our understanding that the proposed regulation to implement this new 
requirement should be published in the Federal Register for public 
comment in the near future, with implementation beginning sometime in 
2008.
    While the private sector obviously needs to await the actual 
proposed regulation before providing comments in the expected 
rulemaking, we would note that CBP's efforts in developing this 
initiative have been transparent, professional and cooperative, and are 
in pursuit of a strategic objective that is not only mandated by the 
SAFE Port Act, but is highly logical in order to enhance containerized 
cargo risk screening.
    Global Trade Exchange (GTX): Other pending efforts within DHS 
regarding the acquisition of additional cargo shipment information for 
enhanced risk screening are less understood by the trade. 
Notwithstanding the fact that CBP has not yet published, let alone 
implemented, its proposed ``10 plus 2'' regulations requiring 
additional information for cargo risk assessment, DHS officials have 
indicated that the Department will be proceeding with efforts to 
commence an additional trade data gathering and analysis effort under 
the name of the ``Global Trade Exchange'' or GTX.
    This initiative has not yet been clearly explained to the industry, 
and there has not yet been any public transparency or opportunity to 
comment on the initiative.
    What we understand at the present time is that DHS is considering 
awarding funding for an initial phase of this initiative. It is our 
understanding that participation by members of the trade providing such 
additional data is expected to be voluntary, that the party to collect 
the data would be drawn from a restricted number of commercial entities 
acting as a third party data clearinghouse, and that secure and 
confidential treatment of any data provided is recognized to be needed.
    What services, analysis or risk assessment competence would be 
required of such vendors is unclear. What the specific data to be 
gathered would be has not been explained. The extent to which such 
shipment data would be shared with other governments is not clear. How 
this system would be integrated into CBP's existing Automated Targeting 
System is unclear. How such a commercial third party data manager would 
make money off this program is unclear, and who would bear what costs 
for participating in such a system is unclear. How the data in the 
system would be protected is unclear. Whether ocean carriers would be 
expected or invited to participate in the provision of information is 
unclear. What benefit would result from participating in such an effort 
is unclear.
    DHS has indicated that the intent is to proceed under a ``request 
for quotation'' solicitation process, which is restricted to a limited 
number of vendors now established in the DHS ``EAGLE'' procurement 
program.
    In short, the GTX effort has not yet been explained by the 
government and is not yet understood by the trade. U.S. importers with 
whom the Council has discussed this initiative are confused by this 
process. There is concern within the trade community over the apparent 
development of such an initiative without the government's usual 
transparency and process of consultation. That concern would likely be 
exacerbated if public review and comment were not requested, allowed or 
considered prior to the restricted procurement solicitation that is 
expected.
3. Container Inspection
    DHS has a well established strategy to undertake radiation scanning 
of all containers entering the U.S. before they leave a U.S. port. CBP 
recently deployed its 1000th container radiation portal monitor as it 
gets closer to its objective of performing radiation scanning on 100 
percent of all inbound containers at U.S. ports of discharge.
    CBP also undertakes non-intrusive inspection technology (NII) or 
physical inspection of 100 percent of all arriving containers that are 
determined to pose a significant security question. CBP has no plans 
and no capability, however, to inspect every arriving container. 
Because that is not practical, the agency is utilizing, and soon will 
be enhancing, its cargo risk assessment system and the CSI program to 
identify which containers do warrant inspection.
    In order to further consider the issues involved in the application 
of additional container inspection at overseas ports of loading, DHS 
has undertaken the ``Secure Freight Initiative'', under which pilot 
projects are being established at several foreign ports testing more 
complete pre-vessel loading scanning, generating possible lessons to be 
learned for broader application of pre-vessel loading container 
inspection efforts.\3\
---------------------------------------------------------------------------
    \3\ DHS has established three full scale container scanning pilots 
in co-operation with host governments at Southampton, U.K.; Puerto 
Cortes, Honduras and Port Qasim, Pakistan. Three other smaller scale 
pilots are under development at port facilities in Busan, South Korea 
(Gamman Terminal); Salalah, Oman, and Singapore.
---------------------------------------------------------------------------
    The ``Implementing the 9/11 Commission Recommendations Act'', which 
was signed into law in August, includes the well known provision 
requiring that by 2012 100 percent of the containers imported into the 
United States be ``scanned'' before being loaded aboard vessels 
destined for the United States, meaning that the container would have 
be run through radiation detection equipment and non-intrusive imaging 
equipment before vessel loading. What, if anything, would be done with 
the images or data produced by those scannings was not addressed by the 
law, nor were a host of other highly relevant questions, including who 
was to perform this task, and whether the U.S. would perform such 
scanning of its own export containerized cargo. The WSC issued a six 
page statement on this legislation on July 30, which is attached to 
this testimony as Attachment A.
    A number of other governments are obviously and justifiably 
concerned about the implications and meaning of this new U.S. law. We 
expect that they will continue to inform the U.S. Government of their 
concerns, including their view that this statutory provision expects 
foreign governments to undertake measures for their exports that the 
U.S. Government has no intention to undertake for its exports. The 
shipping industry's customers--the hundreds of thousands of U.S. 
importers and exporters who use containers to transport their cargo--
are also concerned about the potential effects of this law.
    Several things seem clear. First, implementation of this law's 
stated objective would require addressing many serious issues that the 
statute does not address, including the fact that implementation of 
overseas container inspection requires the cooperation of foreign 
governments. Second, the U.S. Government has no current plans to scan 
100 percent of its outbound export cargo containers, and thus foreign 
governments' predictable inquiries about reciprocity will likely be 
unanswerable. And, if the United States' trading partners do not 
implement 100 percent container scanning, there is nothing that the 
U.S. Government can realistically do about it other than cease trading 
with the rest of the world. We therefore see the obvious need for 
further international dialogue on this matter.
4. Seals and Container Security Devices
    The SAFE Port Act included the following directive: ``Not later 
than 90 days after the date of enactment of this Act, the Secretary 
shall initiate a rulemaking proceeding to establish minimum standards 
and procedures for securing containers in transit to the United 
States.'' (Section 204(a)) It was not evident what this provision meant 
or how it might be interpreted, and the section's time deadlines were 
not going to be met.
    Accordingly, the ``9/11 Commission Recommendations Act'', Congress 
amended this section by providing that: ``(B) Interim Requirement.--If 
the interim final rule described . . . is not issued by April 1, 2008, 
then . . . effective not later than October 15, 2008, all containers in 
transit to the United States shall be required to meet the requirements 
of International Organization for Standardization Publicly Available 
Specification 17712 standard for sealing containers. . . .'' Thus by 
next October, all U.S. inbound containers will be required at a minimum 
to have ISO standard security seals.
    As to the Government's view of ``container security devices'' 
(CSDs), things are less clear. The Council has understood that DHS was 
planning to issue proposed draft technical requirements for container 
security devices and the operating protocols associated with such 
devices by the end of this year for public review and comment. We 
understand that the DHS Science and Technology directorate prepared a 
draft of such requirements that is undergoing further review and 
amendment within the Department.
    The Council and other members of the trade have requested that CBP/
DHS allow for full transparency into the development of this effort and 
solicit public comments on the draft requirements, after they have 
completed internal government review.
    There are at present many unanswered questions about CSD 
requirements, including what specifically the device would be required 
to do and its security value, what acceptable false positive and false 
negative reading rates would be, what radio frequency would be used, 
the requirements for the installation and operation of the necessary 
device reader infrastructure, the requirements applicable to the 
necessary communications interface and protocols with CBP, the security 
vulnerabilities of such devices, the necessity of interoperability of 
various vendors' devices and systems, the data to be captured and 
transmitted by the device, identification of who will have access to 
the data in the device, survivability and vulnerability of the device, 
power or battery life requirements, the probability that the device can 
be detected or removed without detection, required data messaging 
formats, event logs, and data encryption.
    There has been little light or transparency provided on these 
issues, although in fairness, they are not simple issues. The Council 
believes it is essential, if an interest in CSDs is to be pursued, for 
the government to undertake a fully transparent and very clear 
articulation of its draft views on the requirements for such technology 
and the related operating systems and protocols, and to provide the 
public with a meaningful opportunity to comment upon such draft 
requirements, before they are advanced as an element of the 
government's container security strategy.
D. Port of New York's Recommendation for New Container Taxes
    At the Committee's hearing on October 4, the witness for the Port 
Authority of New York and New Jersey expressed support for new 
``legislation establishing a uniform, nationwide Port Security User Fee 
to help offset growing port security costs.''
    This is a bad idea for many reasons.
    First, it is relevant to note that the view of the Port of New 
York's witness at the hearing is not the position of the American 
Association of Port Authorities.
    Second, when the Coast Guard promulgated its maritime security 
regulations in 2003 implementing the Maritime Transportation Security 
Act of 2002, it projected that the cost of compliance for the industry 
would be $7.331 billion over 10 years.\4\ The New York Port Authority 
witness stated that the Federal Government has provided $1.3 billion in 
port security grants over the past 5 years, which is only a ``fraction 
of the security costs that the industry has incurred over the same 
period'' and that the regulations are an ``unfunded mandate that 
industry has to bear''.
---------------------------------------------------------------------------
    \4\ First year estimated cost of implementation was approximately 
$1.5 billion, with an annual cost of approximately $884 million. 
Implementation of National Maritime Security Initiatives, 68 Fed.Reg. 
60448, 60464 (Oct. 22, 2003).
---------------------------------------------------------------------------
    The Coast Guard's cost estimates were of what the industry was 
going to have to spend to comply with its regulations, not the amount 
of money the government needed to provide the Nation's ports. Further, 
most of these expenses are already being incurred by the private sector 
carriers, terminal operators and cargo owners, without any Federal 
assistance.
    Under the rationale of the Port of New York, it would appear that 
every regulation the government produces that has compliance costs is 
an ``unfunded mandate''. It seems a novel proposition indeed that the 
Federal Government should be responsible for all the costs that 
industry incurs in complying with government regulatory requirements. 
It is frankly illogical to argue that because the industry's regulatory 
compliance costs are X, and the government has provided grants in an 
amount which less than X, that we need a new Federal tax to make up the 
difference. We believe that the port industry should be appreciative 
for the grants that have been provided, particularly considering that 
there has never been a very precise delineation of what port security 
grants should be used for.
    Shippers, forwarders, brokers, carriers and marine terminal 
operators have all incurred substantial costs to comply with applicable 
security regulations and programs. They have not asked the government 
to pay for those compliance costs, What they do want is for the 
requirements to be well designed to improve security in a cost-
effective manner.
    Third, the Port of New York witness did not identify with any 
specificity what such Federal port security grant money is needed for, 
or why it is the responsibility of all cargo containers across the 
Nation to provide it. We appreciate that the Port of New York witness 
notes that entities in the Port of New York and New Jersey have 
received 12 percent of total port security grant funding and that the 
Port apparently believes that it should receive a higher share; 
however, as explained below, there is an existing mechanism for the 
port to increase its revenue collection to cover higher costs if it is 
important to do so.
    Fourth, and perhaps most importantly, ports currently have and use 
the authority and capability to collect additional funds they need for 
security at their facilities from their commercial customers. Today, as 
the Port of New York witness noted, ports throughout the U.S. and 
abroad are assessing and collecting port security charges from their 
commercial customers. They also have antitrust immunity under the 
Shipping Act to collectively establish such charges if the wish to do 
so. There is no need for a new Federal tax. Though questions of equity 
and appropriateness of such fees obviously should be addressed on a 
case-by-case basis, the very fact that the ports' customers, including 
the members of the World Shipping Council, are presently paying these 
port security fees belies the notion that extensive new Federal taxes 
or ``user fees'' are warranted.
    Finally, the Port of New York witness noted concern that U.S. 
seaports should not be put at a ``serious disadvantage in relation to 
ports in Canada and Mexico.'' We question whether ports such as Seattle 
and Tacoma would see a new national tax on commerce going through their 
ports to pay for more grants to the Port of New York as doing anything 
other than disadvantaging them in relation to ports in Canada.
III. Conclusion
    Vigilance against terrorist risks requires the development and 
implementation of prudent security measures, and the continuing 
enhancement of such measures as the risks change and take new forms. 
The international trading system is too valuable and important to be 
left unattended.
    The liner shipping industry fully understands this and has 
cooperated with national governments and international organizations 
trying to construct meaningful security regimes. The industry will 
always be concerned that these measures not unduly delay or restrict 
commerce or impose costs that produce little added security; however, 
it has supported and will continue to support measures that are well 
designed and provide real security value with as little impact as 
possible on legitimate trade.
    This is clearly difficult work, but there are clearly some success 
stories. The International Maritime Organization's development of the 
International Ship and Port Facility Security (ISPS) Code, the 
Proliferation Security Initiative, the Container Security Initiative, 
the ``24 Hour Rule'' advance cargo screening strategy and its imminent 
enhancement, the C-TPAT program--all have enhanced supply chain and 
maritime security. The government's expanded use of container 
inspection technologies is another example of sound strategy and 
implementation.
    If we are to continue to make progress in enhancing maritime and 
supply chain security, progress is more likely to occur if:

        1. There is a clear and specific definition and agreement on 
        what should be done to improve security.

        2. There is a clear and thoughtful prioritization of 
        initiatives.

        3. There is sufficient certainty and clarity in purpose to do 
        it right. In the absence of that, time and resources are poorly 
        used and the efforts are less likely to improve security.

    We appreciate the Committee's continued interest and oversight of 
these issues, and would be pleased to provide additional information 
that may be of assistance to the government in addressing these issues.
                                 ______
                                 
                              Attachment A
World Shipping Council--Statement Regarding Legislation to Require 100% 
                   Container Scanning--July 30, 2007
    The first session of the 110th Congress has enacted H.R. 1, the 
``9/11 Commission Recommendations'' legislation, which the President 
has said he will sign. Included in that legislation is a provision, 
which was not a recommendation of the 9/11 Commission, that requires, 
effective July 2012, that all maritime cargo containers being imported 
into the United States must be ``scanned'' at foreign ports of loading 
or they will be denied entry into the country.
    This so-called ``100 percent scanning'', or ``100 percent container 
inspection'' requirement as it is sometimes called, was opposed by the 
Department of Homeland Security (DHS), Customs and Border Protection, 
present and former government security experts, the U.S. Chamber of 
Commerce, all major cargo shipper organizations, the ocean carriers 
transporting the cargo, as well as the European Commission and the 
governments of America's trading partners, including Belgium, Canada, 
Denmark, Finland, France, Germany, Greece, Italy, Japan, the 
Netherlands, Norway, Poland, Portugal, Singapore, Spain, Sweden, and 
the United Kingdom.
    Why was such a proposal opposed by virtually all elements of the 
global trading system? Was it because of cost? No. Was it because of a 
lack of commitment to enhancing cargo security? No. It was in the words 
of the Washington Post ``a bad idea'' and ``a slogan not a solution''. 
It was because the legislation is not only unworkable, but that the 
Congress failed to even try to address fundamentally critical questions 
about how such a system would actually operate.
The New Law
    The legislation provides:

          ``(1) In General.--A container that was loaded on a vessel in 
        a foreign port shall not enter the United States (either 
        directly or via a foreign port) unless the container was 
        scanned by nonintrusive imaging equipment and radiation 
        detection equipment at a foreign port before it was loaded on a 
        vessel.
          ``(2) Application.--Paragraph (1) shall apply with respect to 
        containers loaded on a vessel in a foreign country on or after 
        the earlier of--
                ``(A) July 1, 2012; or
                ``(B) such other date as may be established by the 
                Secretary under paragraph (3).''

The Problems
    The House passed H.R. 1 without having Committee hearings or 
allowing floor amendments on this issue. The Senate did not have a 
hearing on these issues.
    Nevertheless, every one of the following issues was repeatedly 
brought to the attention of the Congress by numerous parties, but 
without effect.
    1. Pilot Programs Ignored: Pursuant to the SAFE Port Act passed by 
the Congress just last year, the Department of Homeland Security has 
established pilot programs under the ``Secure Freight Initiative'' in a 
number of ports around the world to test the concept of scanning 
containers loaded onto ships destined for the U.S. Those pilots are 
still underway, and their lessons have not been examined or considered.
    2. Failure to Define Who is To Perform the Container Scanning: It 
would seem elementary that U.S. legislation requiring every container 
to be scanned before being loaded onto a vessel in a foreign port would 
address the issue of who is to perform this activity. This legislation 
fails to do so. It does not require U.S. Customs to do this, as it is 
clearly impossible for the Congress to require U.S. Customs to 
undertake such activities within the jurisdiction of other sovereign 
nations. It does not require foreign governments to do so, as it has no 
such authority. The legislation simply says that containers shall be 
scanned. By whom? By governments? By foreign port facility operators? 
The Members of Congress sponsoring this legislation took the position 
only last Congress that one of the largest port facility operators in 
the world, Dubai Ports World, was an unacceptable security risk to buy 
a U.S. marine terminal operating company and hire U.S. workers to 
service vessels in U.S. ports. Is that company, and other private 
terminal operating companies, now who Congress looks to scan U.S.-bound 
containers in foreign ports? Does Congress care who performs this 
activity? If Dubai Ports World now undertook this role, would the 
Congress approve such a role? One would think such a basic question 
would have been subject to some examination by the Congress and some 
answers.
    3. Failure to Define Who is to Purchase, Operate and Maintain the 
Technology: Related to the above question, is the failure of the 
legislation to define who is expected to undertake the substantial 
capital commitments and operational responsibilities to implement such 
a system.
    4. Failure to Address Health and Safety Issues: The legislation 
fails to recognize the need to address the health and safety issues 
relating to the use of this equipment. Even if the equipment performs 
to the U.S. Government's health and safety regulatory requirements, 
other governments have different standards. Furthermore, labor and 
workforce acceptance of driving through non-intrusive imaging (NII) 
equipment remains a significant issue. U.S. port labor will not do so. 
As a practical matter, this legislation requires the rest of the world 
to do what cannot be done today in U.S. ports.
    5. Failure to Seek or Obtain the Necessary Cooperation of Other 
Governments: No expansion of overseas container inspection will occur 
without the cooperation and consent of foreign governments. This law 
fails to even acknowledge the need for their cooperation. Customs and 
Border Protection has spent considerable effort since 9/11 to build 
cooperative bilateral Customs-to-Customs working agreements at seaports 
around the world through its Container Security Initiative (CSI). The 
success of CSI is based on mutual respect, recognition of other 
nations' sovereignty, cost sharing, and targeted priorities. This 
legislative mandate is devoid of those qualities.
    6. Failure to ``Practice What You Preach''--No Reciprocity: 
Congress was repeatedly advised of the difficulty of this legislation's 
requiring 600 ports around the world to approve, implement and utilize 
such technology, systems and processes for all cargo destined for the 
U.S. or effectively face an embargo on their exports, when the U.S. 
Government does not even try to perform this function on its export 
cargo, scans virtually zero U.S. export containers, and has no plans to 
do so. If implementation of this law is actually pursued, it is 
entirely possible, if not highly likely, that foreign governments would 
establish ``mirror image'' requirements on the U.S., forcing all 
American export containers to undergo radiation and NII scanning before 
vessel loading at U.S. ports--requirements which the U.S. Government 
and U.S. port facility operators are presently and for the foreseeable 
future incapable of meeting.
    7. Failure to Define the Scanning Requirement: Congress recognized 
that 100 percent container ``inspection'' is impractical and therefore 
requires instead that every container be ``scanned by nonintrusive 
imaging equipment and radiation detection equipment at a foreign port 
before it was loaded on a vessel.'' This by itself would be pointless. 
The law fails to address what is to be done with the scanning data 
generated, whether or when the data from the scanning equipment is 
transmitted to the U.S. Government, or who is to analyze the data 
generated.
    8. Failure to Address Scanning Analysis Responsibility: The law 
fails to address whether the scanning data actually has to be reviewed 
and analyzed, and if so, under what circumstance, when and by whom? In 
essence, it fails to identify how the technology is to be used. Will 
the images of every scanned container have to be reviewed? If not, when 
are the images to be reviewed and by whom? Are they simply to be filed 
in an electronic library somewhere? If so, is it reasonable to ask 
other nations to invest hundreds of millions of dollars in such 
equipment, plus labor, maintenance and operating costs, if these images 
will only be used on an exception basis or for ``forensics''? This 
cost/benefit question is even more relevant in light of Members of 
Congress' criticisms of the efficacy of the equipment currently being 
used for these purposes by DHS, especially after questions about such 
equipment were recently raised by the Government Accountability Office. 
Further, the law fails to try to address what is done if one of the 
scans identifies an anomaly that requires secondary inspection--a 
common occurrence with the use of these technologies. These are 
fundamentally important issues with difficult operating protocols and 
significant costs associated with them--all of which the legislation 
does not address.
``Extension'' Authority
    Recognizing that this legislation has fundamental problems, some 
have noted that the law grants the Department of Homeland Security 
discretion to extend the effective date of the requirement. Before 
examining that part of the legislation, it is important to note that 
the law does not allow DHS to amend or adjust the law's requirement, 
only to extend the effective date of the 100 percent container scanning 
requirement.
    The law provides:

          ``Extensions.--The Secretary may extend the date specified in 
        paragraph (2)(A) or (2)(B) for 2 years, and may renew the 
        extension in additional 2-year increments, for containers 
        loaded in a port or ports, if the Secretary certifies to 
        Congress that at least two of the following conditions exist:

                  ``(A) Systems to scan containers in accordance with 
                paragraph (1) are not available for purchase and 
                installation.
                  ``(B) Systems to scan containers in accordance with 
                paragraph (1) do not have a sufficiently low false 
                alarm rate for use in the supply chain.
                  ``(C) Systems to scan containers in accordance with 
                paragraph (1) cannot be purchased, deployed or operated 
                at ports overseas, including, if applicable, because a 
                port does not have the physical characteristics to 
                install such a system.
                  ``(D) Systems to scan containers in accordance with 
                paragraph (1) cannot be integrated, as necessary, with 
                existing systems.
                  ``(E) Use of systems that are available to scan 
                containers in accordance with paragraph (1) will 
                significantly impact trade capacity and the flow of 
                cargo.
                  ``(F) Systems to scan containers in accordance with 
                paragraph (1) do not adequately provide an automated 
                notification of questionable or high-risk cargo as a 
                trigger for further inspection by appropriately trained 
                personnel.''

    It is presumably the ambiguity and flexibility of this language 
that has allowed the President to sign this legislation, as it might be 
used to extend these requirements, perhaps indefinitely, although that 
is not clear and could be arguable.
    Criteria (A) would seem meaningless as a justification for 
extension, as radiation and NII scanning systems are ``available''. 
Criteria (C) is of limited application because ports' ``physical 
characteristics'' are not generally among the principal issues involved 
with implementing such a concept. Criteria (D) does not define what 
``existing systems'' means. Criteria (B) and (F) are confusing because 
NII scanning equipment, unlike radiation scanning equipment, neither 
produces ``alarms'' nor ``automatic notification of questionable or 
higher risk cargo''. So what does this mean?
    Without belaboring the point, the ``extension'' authority portion 
of the legislation is unclear, but the Administration would seem to 
have some ability to avoid application of the implementation date of 
the law.
    It is therefore odd, disconcerting, yet entirely predictable that 
this legislation produces both statements from Members of Congress that 
the law will require 100 percent container scanning at foreign ports by 
2012, and statements from other observers that the law is wholly 
impractical and thus it is unlikely to be applied because the U.S. 
Government will not cut off its own commerce with countries that do not 
implement 100 percent container scanning before vessel loading.
    This provides little comfort or certainty to governments and ports 
around the world that are trying to understand what this legislation 
passed by the Congress of the United States actually means and what its 
implications are.
The Path Forward
    Roughly $500 billion of annual American commerce is affected by 
this law.
    What is clear is that this issue deserved a more open process of 
analysis and debate, that other governments resent the unilateral 
dictates and hypocrisy in the law, and that there are over 600 ports 
around the world trying to figure out what this legislation means.
    The issue of how to continuously improve containerized cargo 
security is important to the American public, to American commerce, and 
to the shippers and carriers and ports involved.
    There are a range of existing efforts to address this challenge, 
including:

   the ``24-Hour Rule'' and the advance screening and risk 
        assessment of cargo shipment information before vessel loading 
        for 100 percent of all containers coming to the U.S.;

   the Container Security Initiative noted earlier;

   the Customs-Trade Partnership Against Terrorism initiative;

   the radiation screening of virtually every container 
        arriving at a U.S. port;

   the inspection of every container that Customs and Border 
        Protection believes presents a significant security question;

   security plans overseen by the Coast Guard for every vessel 
        entering a U.S. port and every port facility;

   the Department of Energy's ``Megaports Initiative'', which 
        provides radiation detection equipment and trains personnel 
        abroad to check for nuclear materials. In exchange, DOE 
        requires that data be shared on detections and seizures that 
        resulted from the use of the equipment. This initiative and the 
        CSI initiative are collaborative efforts by two different U.S. 
        agencies, DOE and DHS, working with host countries to reduce 
        the risk of terrorism;

   the International Port and Security Program (IPSP) 
        initiative, under which the U.S. Coast Guard and host countries 
        work together to evaluate compliance with the International 
        Ship and Port Facility Security (ISPS) Code. This information 
        improves U.S. and foreign security practices, and helps assess 
        if additional security precautions will be required for vessels 
        arriving in the U.S. from other countries;

   as well as two major emerging DHS initiatives--the ``10 plus 
        2'' program, under which Customs and Border Protection will 
        require importers to provide 10 additional data elements before 
        vessel loading for enhanced security targeting and 2 additional 
        streams of operating data from ocean carriers to assist in the 
        tracking of container movements, and the Transportation Worker 
        Identification Credential that will provide DHS security 
        screening of transportation workers.

    Neither the government nor the industry is ignoring the enhancement 
of maritime security.
    To the extent a vision for 100 percent container scanning of 
containers on a global basis is to be moved forward, it will require a 
more open, consultative examination of the real world issues involved 
than what transpired in the debate and enactment of H.R. 1.
                                 ______
                                 
                                                    Panjiva
                                      New York, NY, October 3, 2007
Senate Committee on Commerce, Science, and Transportation,
Washington, DC.

To Whom It May Concern:

    Panjiva gives businesses the tools to secure their supply chains. 
We do this by helping companies find reliable overseas suppliers. Given 
our expertise we are writing to recommend actions that we believe will 
secure our ports by securing America's supply chain.
    We welcome this opportunity to submit testimony to the Committee on 
Commerce, Science, and Transportation. Fundamentally, we have two 
recommendations to secure our ports, not only from terrorism but also 
from tainted imports. They are (1) focus on the supplier, and (2) 
promote existing private sector resources. For each recommendation, we 
outline our rationale and then offer an explanation of the actions that 
we would like to see taken.
    Panjiva was founded on the principle that information is a powerful 
tool to direct global trade. We have spent the last few years 
developing technology to clean, integrate and analyze data from various 
sources to evaluate overseas suppliers. We could not have foreseen the 
coming storm of high-profile recalls and the heightened concern about 
import safety. However, we were not surprised either. With an ever-
increasing volume of imports and very little quality information 
available, America's supply chain was susceptible. Panjiva exists 
because we saw the need for a revolutionary, objective data source to 
inform global trade.
    The challenges of improving import safety and port security can 
only be met by the government and private sector working together. We 
wish to thank the Members of the Senate Commerce Committee for their 
initiative on this important issue. If Panjiva can be helpful in any 
way, please do not hesitate to contact us.
    Thank you for your consideration.
            Sincerely,
                                                 Josh Green
                                            Chief Executive Officer
                                                James Psota
                                           Chief Technology Officer
Recommendation #1: Focus on the Supplier
Overview:
   Government agencies should maintain a database of profiles 
        for all suppliers to U.S. markets

   Each supplier should be assigned a unique PIN# to link 
        customs data to supplier profiles

   Each supplier should be assessed as high, medium or low risk 
        based on its track record
Rationale:
   The inability to inspect our way to safety necessitates a 
        risk-based approach.

   An ever-increasing volume of imports requires targeting 
        inspections at high-risk shipments.

   There is a limitation to current thinking that only assesses 
        risk by looking at the imported product itself or its country 
        of origin:

    Country of Origin: Despite a recent focus on China, it 
            is impossible and undesirable to inspect all Chinese 
            imports, the vast majority of which are from reliable 
            sources.

    The Life-Cycle of the Import: Although awareness of 
            ``risks over the life cycle of an imported product'' is an 
            improvement over simply screening imports at the border, 
            tracking particular imports still provides an incomplete 
            picture.

   The International Trade Data System (ITDS) is a valuable 
        tool but government agencies must seek new data sources to 
        enable the targeting of resources to areas of greatest risk.

   A supplier's track record is an indicator of risk associated 
        with shipments from that supplier.

   A database of supplier profiles to supplement the ITDS will 
        allow government agencies to assess the risk of shipments based 
        on the prior track record of the supplier and in doing so 
        encourage suppliers to build a track record of reliability.

   Panjiva's success in providing objective information to the 
        private sector about overseas suppliers demonstrates that this 
        is an attainable goal for government as well.
Explanation of the Recommendation:
    Government agencies need the means to assess the risk associated 
with suppliers of imported products because some suppliers are riskier 
than others. All else being equal, suppliers that have served U.S. 
markets for years without incident are less risky than suppliers that 
are serving U.S. markets for the first time. All else being equal, 
suppliers that have been independently certified as living up to 
international standards of public safety are less risky than suppliers 
that have never been certified. Suppliers should be encouraged to build 
a track record of reliability, and heightened attention should be paid 
to shipments from suppliers that have been unreliable in the past.
    A database of supplier profiles is an important tool to enable the 
targeting of resources to areas of greatest risk. Every profile would 
record the supplier's history of importing goods into the United 
States. Based on their track record, each supplier will be assessed as 
high risk, medium risk or low risk. Government agencies can focus their 
limited resources on shipments that are coming from suppliers that have 
been deemed high risk. Each supplier should also be assigned a 
numerical identifier or PIN# to facilitate linking customs data to 
supplier profiles. As Customs and Border Protection tracks imports 
entering the United States, they will be able to quickly identify the 
supplier and determine whether the supplier's history warrants 
increased scrutiny.
Recommendation #2: Promote Existing Private Sector Resources
Overview:
   Government should promote existing resources within the 
        private sector that help companies adhere to high standards of 
        reliability and secure their own supply chains.

   Government should seek to continually foster awareness of 
        private sector resources and to reward companies that use 
        private sector means to secure their supply chains.
Rationale:
   The challenges of improving import safety can only be met 
        with a culture of collaboration between the government and the 
        private sector.

   Just as important as developing new resources is the need to 
        utilize existing resources.

   There is presently significant innovation in the private 
        sector that aims to ensure adherence to high standards of 
        reliability and to enable self-monitoring of the supply chain.

   Private sector efforts are as varied as certification 
        agencies with over a century and a half of experience to 
        revolutionary technologies that use data to inform trade 
        decisions.

   Companies are not aware of all of the private sector options 
        available and are not always attentive to the benefits that are 
        associated with these options.

   A very small minority of overseas companies have sought any 
        third-party certifications.

   The Federal Government has the opportunity to promote 
        awareness of private sector options to every company that 
        imports goods into the United States.

   If companies are aware of available options and are publicly 
        recognized for self-monitoring efforts, they are more likely to 
        take transparent steps to secure their own supply chains.
Explanation of the Recommendation:
    The private sector already provides various means for companies to 
ensure adherence to high standards of reliability and to self-monitor 
their supply chains. Government must continually promote private sector 
innovation that helps companies achieve the goal of securing their 
supply chains. Private sector options should be publicized to companies 
already serving U.S. markets and made available to new companies 
seeking to import into the United States.
    Resources made available to companies in the private sector include 
certification agencies, vendor compliance software, and information 
databases. SGS Group and Bureau Veritas have each provided more than a 
century of certification and inspection services to ensure a company's 
processes are compliant with standards of quality, health, safety, 
environment, as well as social responsibility. Underwriters 
Laboratories (UL) and Intertek conduct product testing and are trusted 
sources of product compliance certifications. Vendormate's technology 
allows for monitoring of vendor credentials and compliance. Panjiva 
provides an objective source of information to help companies find 
reliable overseas suppliers.
    The Federal Government can support private sector innovation not 
only by promoting awareness of existing resources, but also by 
recognizing companies for their self-monitoring efforts. Currently, the 
Department of Homeland Security acknowledges and rewards companies with 
high standards of supply chain monitoring through the Customs-Trade 
Partnership Against Terrorism (C-TPAT). However, companies should be 
rewarded not only for prohibiting terrorist threats, but also for 
preventing the importation of tainted goods.
                                 ______
                                 
  Response to Written Questions Submitted by Hon. Daniel K. Inouye to 
                     Rear Admiral David P. Pekoske
    Question 1. The GAO believes you will have difficulty meeting the 
domestic and international inspection requirements. Do you agree with 
GAO's assessment? Is the Coast Guard sufficiently staffed to conduct 
the domestic and foreign port inspections required under the SAFE Port 
Act? How many inspectors do you have trained and tasked to perform this 
requirement?
    Answer. The Coast Guard is sufficiently staffed to conduct both 
foreign and domestic port inspections required by the SAFE Port Act. 
The Coast Guard received $15 million in FY 2007 specifically to 
support, among other initiatives, additional domestic and international 
inspection activities. This additional funding allowed the Coast Guard 
to hire additional personnel to meet the new SAFE Port Act 
requirements.
    The domestic inspection program has 389 inspectors assigned and 
trained to conduct Maritime Transportation Security Act (MTSA) 
inspections at approximately 3,200 regulated facilities. As of 22 
November 2007, the Coast Guard has conducted 8,100 inspections and spot 
checks of these facilities, which exceeds the requirements of the SAFE 
Port Act.
    The international inspection program has 60 personnel assigned to 
coordinate, conduct and manage the foreign port inspections. The 
training process is dynamic and the number of trained assessment 
personnel fluctuates. However, there are sufficient trained personnel 
to conduct the program, and the Coast Guard is meeting associated SAFE 
Port Act requirements.

    Question 2. In multiple reports and in testimony today, the GAO 
recently cites that the Coast Guard had a fundamental lack of resources 
to successfully perform its security missions on a wide range of 
activities including vessel escorts, harbor patrols, vessel boardings, 
domestic and international inspections, and the development of 
Interagency Operation Command Centers. Do you agree with their 
assessment?
    Answer. Regarding domestic and international inspections, 
additional funds received in the Coast Guard's 2007 appropriation 
allowed the Coast Guard to hire additional staff in these areas, and 
the Coast Guard is meeting or exceeding the requirements of Sections 
103 and 234 of the SAFE Port Act.
    Regarding the development of Interagency Operation Command Centers, 
the Coast Guard submitted a cost-sharing analysis as required by 
Section 108 of the SAFE Port Act which estimated the Coast Guard will 
need $260M over 5 years to meet the requirements of that section of the 
Act.
    Regarding general security activities (escorts, patrols and 
boardings), the Coast Guard's guidance to field commanders, Operation 
Neptune Shield, prioritizes these activities based on risk and the 
availability of resources. Higher risk, higher consequence activities 
are provided with more attention and consideration than lower risk and 
consequence activities.

    Question 3. What has the Coast Guard done to develop and implement 
the port security training and exercise programs required in the SAFE 
Port Act? How many workers do you expect will receive training in the 
next calendar year? What barriers, if any, do you foresee in 
implementing the training mandate?
    Answer. The Coast Guard is meeting the requirements of Section 114 
of the Act through its Area Maritime Security exercise program, which 
was implemented in October 2005 and funded with $10M from the Coast 
Guard's FY06 appropriation. This program exercises the Area Maritime 
Security Plan and/or Committee annually in accordance with 33 CFR 
Subchapter H. Over 45 exercises are conducted each year. The training 
is specific to the National Incident Management System. While the 
exercise program does not involve training of security workers, the 
Coast Guard and DHS are working with DOT on development of related 
courses. DOT can provide additional information if interested.
    DHS has the lead on developing a program to meet Section 113 of the 
SAFE Port Act (Port Security Training Program). FEMA's National 
Preparedness Directorate's National Integration Center is developing a 
security training program for port facilities to fulfill SAFE Port Act 
requirements.
    In addition, the Coast Guard has worked with MARAD to develop model 
courses for facility personnel to meet the requirements in Section 109 
of the Maritime Transportation Security Act. These courses are 
currently being revised to include both SAFE Port Act and TWIC 
requirements.
    We are also currently revising the regulations for security 
training for facility personnel to ensure all training is measured 
against a standard of competence, including the topics required under 
the SAFE Port Act.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Maria Cantwell to 
                     Rear Admiral David P. Pekoske
    Question 1. Since 9/11, the Coast Guard has rapidly expanded the 
level of resources dedicated toward port security. According to a 2004 
GAO report, the Coast Guard dedicated an average of 19,000 resource 
hours per year to port, waterway, and coastal security before 9/11. By 
2003, the number of hours increased by over one thousand percent to 
over a quarter-million resource hours. What challenges and growing 
pains has the Coast Guard experienced during this massive shift in 
emphasis to port security?
    Answer. Following the events of September 11th, the Coast Guard 
faced the challenge of rapidly expanding its role to include new 
activities designed to further safeguard national maritime interests 
from terrorist threats. The Coast Guard's approach addressing this 
challenge is comprised of maritime regimes, domain awareness and 
operational capabilities.
    The broad challenge included a need to expand regulatory 
authorities to require better security measures from maritime 
stakeholders. The Coast Guard reviewed existing maritime regimes to 
identify gaps in our Nation's maritime security requirements. The 
service worked aggressively to lead the development of new 
international standards (the International Ship and Port Facility 
Security (ISPS) Code) and national regulations (Maritime Transportation 
Security Act of 2002) that apply to both foreign and U.S. flag 
commercial vessels entering our Nation's waters, as well as the port 
facilities used by those vessels.
    Another part of the broad challenge after September 11th was the 
need to develop a better understanding and awareness of the maritime 
domain. The Coast Guard also led the way in identifying our Nation's 
broad information needs for maritime situational awareness which 
involved expanding Command, Control, Communications, Computers, 
Intelligence and Surveillance, and Reconnaissance (C4ISR) capabilities 
to provide a ``picture'' of conditions and activities across the 
maritime domain. Additionally, the current state of domain awareness 
has involved developing new and refining existing methods to collect, 
fuse, analyze and disseminate information to a wide range of users. 
Unprecedented levels of information sharing and intelligence 
integration have taken root and continue to be improved.
    Finally, another major part of the challenge was for the Coast 
Guard to expand its own capabilities to address the new security 
paradigm. The Coast Guard worked quickly to stand up new operational 
capabilities such as the Maritime Safety and Security Teams (MSSTs), 
develop protocols and procedures to protect our Nation's maritime 
infrastructure from terrorist threats and respond to terrorist 
incidents, and train CG boarding teams, vessel inspectors, and facility 
inspectors to conduct specialized security operations. Each of these 
efforts involved careful planning and integration of lessons-learned. 
As with all new activities, our processes and protocols are maturing 
with continued implementation and will inform future efforts as we 
strive to continually improve.

    Question 2. Admiral Pekoske, as you know, the SAFE Port Act 
required the Coast Guard to establish Interagency Operations Command 
Centers at all high priority ports within 3 years from the date of 
enactment. The idea is if Federal, state, and local agencies with a 
role in port security are co-located, there will be greater sharing of 
intelligence and overall improved coordination. Seattle is now home to 
one of these Centers. Was the construction of these Centers completely 
dependent on Coast Guard funds? Where do the operational funds come 
from? How are the Centers staffed? Will they be dependent on 
individuals borrowed from other Federal agencies?
    Answer. In an effort to fulfill Section 108 of the SAFE Port Act, 
which requires the Secretary to establish Interagency Operations 
Centers (IOC), the Coast Guard is planning increased coordination 
capabilities at all 35 Sector Command Centers and facility expansions 
at many. The actual degree of expansion and capability increase is yet 
to be determined, but will be coordinated with other Department 
initiatives such as SBINet and the USN's MDA Program.
    Construction of the Seattle IOC was included in the rebuilding of 
the entire Sector complex, which was funded through Coast Guard 
appropriations. The Coast Guard funds the operation and maintenance of 
the Seattle facility. The U.S. Navy contributed to the center's sensor 
network and tracking systems. The Coast Guard and Navy have cost-
sharing arrangements in place for the equipment maintenance.
    The Seattle IOC is staffed by Coast Guard Sector Seattle Command 
Center personnel and representatives from approximately 16 Federal, 
State and local agencies. Some agencies provide full-time personnel, 
and other agencies may only provide one or two people as needed. The 
level and variety of Federal, State and local participation at IOCs 
will vary depending on the unique characteristics of the port. As in 
Sector Seattle, it is anticipated that participating agencies will 
provide personnel at agency expense.

    Question 3. We all recognize that programs requiring participation 
from multiple Federal agencies and multiple levels of government 
present unique challenges with respect to the issue of mixing funds. 
Does the construction of these Centers face any jurisdictional or 
fiscal hurdles due to their interagency nature?
    Answer. The Coast Guard is examining the legal authority to 
construct facilities that directly support personnel from other 
government agencies. Coast Guard's legal authority does not extend to 
funding for salaries for personnel working for other departments, 
agencies or organizations. Therefore, participating Federal, State and 
local agencies will have to commit financial and/or human resources to 
staff the Interagency Operations Centers.

    Question 4. According to the Bush Administration's National 
Strategy for Maritime Security, ``The maritime domain is the likely 
venue by which a weapon of mass destruction will be brought into the 
United States.'' If a terrorist group attempted to smuggle such a 
weapon into the U.S. using a container ship today, how confident are 
you that you will be able to detect and intercept the different types 
of WMDs?
    Answer. The stated policy of the Coast Guard Maritime Radiation 
Detection Program is to detect and intercept radiological threats as 
far from U.S. ports as possible. The operational goal is to use Coast 
Guard boardings and inspections as a means to detect and intercept 
illicit radioactive material before it enters the United States.
    If there is actionable intelligence concerning illicit radioactive 
material, the detection confidence level is relatively high. Such 
intelligence would be a trigger for initiating/activating the 
``Critical Incident Communications Network'' and Maritime Operational 
Threat Response (MOTR) Plan Protocols, wherein appropriate intra-/
interagency resources would be brought to bear to resolve the 
situation.
    In boarding cases where no actionable intelligence is involved (the 
majority of boardings), all Coast Guard boarding teams are outfitted 
with and required to carry personal radiation detectors (PRDs). If 
radiation is detected, these boarding teams are trained to locate and 
determine if the source is legitimate. If they are unable to do so, a 
specialized Coast Guard team (equipped with wide-area radiation search 
devices and hand-held gamma spectrometers) would be called-in to locate 
the source and identify the radioisotope. The specialized team has the 
capability to ``reach back'' and transmit their data to the DHS CBP 
Laboratory Scientific Services Teleforensics Center for further 
analysis and verification. If the radioactive source is determined to 
be illicit in nature, existing interagency agreements and initiation of 
MOTR Plan protocols would be used to bring in the necessary resources 
(e.g., Department of Energy, Federal Bureau of Investigations, etc.) to 
resolve the situation.
    A limiting factor in determining the detection confidence level is 
whether or not the radiological material is shielded or unshielded. 
With currently fielded, state-of-the-art equipment, a shielded source 
is much more difficult to detect. As a result, the Coast Guard is 
working very closely with the Department's Domestic Nuclear Detection 
Office (DNDO) in the development of next-generation detection/
identification equipment (suited to the maritime environment) to 
increase detection and identification of shielded sources.
    Chemical and biological agents are very difficult to detect when 
properly contained. Presently, the Coast Guard boarding crews use a 
four-gas monitor that will test for acceptable Oxygen (O2) 
levels, presence of Hydrogen Sulfide (H2S), Carbon Monoxide 
(CO), and combustible atmospheres Lower Explosive Limits (LEL). 
Additionally, crews have the ``HazMat Smart Strip'' that changes color 
when exposed to dangerous chemicals. A change in color in any of eight 
categories alerts personnel to the potential presence of chemical 
agents. If there is actionable intelligence about a potential/actual 
smuggled agent, the Coast Guard would deploy the Maritime Security 
Response Team (MSRT) or National Strike Force (NSF), which have 
advanced Chemical Warfare Agent (CWA) and Toxic Industrial Chemical 
(TIC) detection capabilities. The Coast Guard does not use biological 
detection devices during boardings at this time. We recommend CBP add 
their screenings and targeting efforts to this DHS response.
    In addition, Customs and Border Protection (CBP) implements a 
layered approach to container security, utilizing of a number of 
different programs designed to detect and interdict weapons of mass 
destruction or weapons of mass effect.
    These programs include the Container Security Initiative (CSI), the 
Automated Targeting System (ATS), the Customs-Trade Partnership Against 
Terrorism program (C-TPAT), and the Non-Intrusive Inspection (NII) 
program.
    CSI is the only multinational program in the world actually 
protecting the primary system of global trade--containerized shipping--
from being exploited or disrupted by international terrorists. Its core 
elements are: identifying high-risk containers-through the use of 
automated targeting tools to identify containers that pose a potential 
risk of terrorism, based on advance shipping information and strategic 
intelligence; screening and evaluating containers before they are 
shipped--containers are screened as early in the supply chain as 
possible, generally at the last port of lading; and the use of 
technology to scan high-risk containers to ensure that scanning can be 
done rapidly without impeding the movement of trade--this technology 
includes large-scale X-ray, gamma ray machines and/or radiation 
detection devices.
    The C-TPAT program is CBP's premier trade security program. C-TPAT 
partners CBP with the trade community for the purpose of securing the 
U.S. and international supply chains from possible intrusion by 
terrorist organizations. C-TPAT requires the trade community 
participant to document and validate their supply chain security 
procedures in relation to existing CBP C-TPAT criteria or guidelines as 
applicable. CBP requires that C-TPAT company participants develop an 
internal validation process to ensure the existence of security 
measures documented in their Supply Chain Security Profile and in any 
supplemental information provided to CBP. As a part of the C-TPAT 
process, CBP C-TPAT Supply Chain Security Specialists and the C-TPAT 
participants will jointly conduct a validation of the company's supply 
chain security procedures. The validation process is essential to 
verifying the company's commitment to C-TPAT.
    As trade increases, CBP's reliance on NII technology, the 
cornerstone of CBP's multi-layered strategy to secure the borders, 
becomes more and more critical. Since an adversary can defeat any 
single sensor or device, CBP does not rely on any single technology or 
inspection process. Instead, CBP uses various technologies in different 
combinations to substantially increase the likelihood that a nuclear or 
radiological weapon or weapons grade material will be detected. 
Technologies deployed to our Nation's land, sea, and airports of entry 
include large-scale X-ray and gamma-ray imaging systems, as well as a 
variety of portable and handheld technologies, and radiation detection 
technology.
    At the core of CBP's ability to achieve its critical border 
security objectives and maintain the flow of lawful commerce is the 
ability to identify high-risk travelers and goods for inspection while 
allowing the vast majority of law-abiding travelers and commerce to 
move without unnecessary delay. Recent legislation and regulatory 
action, such as the Trade Act of 2002, the 24-hour rule, and the SAFE 
Port Act, have made it mandatory to provide advance information about 
passengers and goods arriving in the United States. CBP uses computer 
technology and rule-based software to analyze the data provided on 
passengers and shipments arriving in the United States. CBP applies its 
targeting methods against the data to determine which passengers or 
shipments need to be segregated for a closer look and possible 
intensive inspection.
    The main platform used to perform this analysis is the Automated 
Targeting System (ATS). The ATS and associated databases provide CBP 
Officers (including those stationed overseas at Container Security 
Initiative ports) with advanced notice of travelers and goods arriving 
at U.S. ports of entry, allowing them to cross-check the passenger and 
cargo manifests against databases such as the Traveler Enforcement 
Compliance System (TECS), the Interagency Border Inspection System 
(IBIS), and National Crime Information Center (NCIC) for ``lookouts'' 
for unlawful activity. CBP also uses ATS to analyze data in the 
Automated Export System (AES) on shipments leaving the U.S.
    CBP recently implemented an added security layer with the Secure 
Freight Initiative (SFI). On December 7, 2006, the Department of 
Homeland Security (DHS) and the Department of Energy (DOE), in 
cooperation with the maritime industry and foreign government partners, 
announced Phase I of SFI.
    The SFI program is an unprecedented effort to build upon existing 
port security measures, like CSI and DOE's Megaports Initiative (MI), 
by enhancing the United States Government's ability to scan containers 
for nuclear and radiological materials in seaports worldwide and to 
better assess the risk of inbound containers.
    The initial phase of the Secure Freight Initiative involves the 
deployment of a combination of existing technology and proven nuclear 
detection devices to seven foreign ports: Port Qasim in Pakistan; Port 
Cortes in Honduras; Southampton in the United Kingdom; Port Salalah in 
Oman; Brani Terminal at the Port of Singapore; the Gamman Terminal at 
Port Busan in Korea and the Modern Terminal at the Port of Hong Kong.
    Southampton, Cortes, and Qasim meet the mandate of the SAFE Port 
Act, Sec. 232(b), to scan 100 percent of all U.S.-bound containers in 
three foreign ports. These three ports became fully operational on 
October 12, 2007. The additional four ports exceed the mandate of the 
SAFE Port Act and help to facilitate the compliance of the 9/11 Act, 
Sec. 1701(a), which demands that by 2012, all U.S.-bound containers 
must be scanned in a foreign port. By analyzing and reviewing SFI 
operations in these ports, DHS can better understand the unique 
challenges with 100 percent scanning at high-volume and transshipment 
ports.
    In Phase I, DHS will provide the radiography equipment and DOE will 
install radiation portal monitors. DOE will also integrate the systems 
and provide the data to the foreign government at a Central Alarm 
System (CAS) where CBP will extract data on U.S.-bound containers and 
send to the National Targeting Center for analysis.
    SFI sensor and image data gathered on containers bound for the 
United States will be encrypted and transmitted in near real-time to 
the U.S. Customs and Border Protection (CBP) officers working in 
overseas ports and to the DHS National Targeting Center. This data will 
be combined with other available risk assessment information to improve 
risk analysis, targeting and security of high-risk containers overseas.

    Question 5. Under the SAFE Port Act, the DHS, working with the 
Commerce Department, is required to develop minimum performance 
standards for radiation scanning and non-intrusive imaging equipment 
capable of detecting WMDs within high-risk containers. What assurances 
does our Nation have that this equipment is capable of detecting 
weapons of mass destruction within high-risk containers? What actions 
has the agency taken to develop technological performance standards for 
scanning equipment, both domestically and at CSI ports? When do you 
anticipate finalizing the technological performance standards?
    Answer. The Department of Homeland Security has taken great strides 
to ensure that all high risk containers entering our borders are 
screened. In addition, Customs and Border Protection (CBP) and the 
Domestic Nuclear Detection Office (DNDO) have devised a joint 
deployment strategy that seeks to deploy Radiation Portal Monitors 
(RPM) to all of our official ports entry. As of December 6, 2007, 100 
percent of all incoming cargo on the Southern border is being scanned 
for the presence of radiological or nuclear material, nearly 98 percent 
at our seaports, and 91 percent on the Northern border. CBP and DNDO 
have confidence in the ability of the RPMs deployed to detect rad/nuc 
material and are working to develop and deploy a next-generation RPM, 
the Advanced Spectroscopic Portal (ASP) that will have the ability to 
not only detect the presence of material, but also identify the 
material.
    In accordance with Section 121(f) of the SAFE Port Act, DNDO, in 
collaboration with the National Institute of Standards and Technology 
(NIST), shall publish technical capability standards for the use of NII 
and radiation detection equipment in the United States. Since Section 
121(f) requires such standards to take into account relevant standards 
and procedures utilized by other Federal department or agencies as well 
as those developed by international bodies, NIST is presently 
conducting a study of the detection capabilities required by existing 
national and international consensus standards for radiological and 
nuclear detection.
    Prior to deploying NII or radiation detection equipment, a complete 
site survey is conducted at the proposed site. During this survey port/
terminal operators are encouraged to participate and provide input. All 
stakeholders are given the opportunity to provide input into final 
designs. Deployment activities do not commence until all stakeholder 
concerns and input have been addressed and satisfied.

    Question 6. For good reason, much of our attention is focused on 
threats to maritime security posed by cargo container ships. But the 
possibility exists that terrorists may attempt to use oil tankers to 
stage an attack. Detecting a bomb in a tanker could be extremely 
difficult, if not nearly impossible. Most of these tankers are foreign 
flagged vessels filled up at foreign ports. How does the Administration 
view the potential for terrorists to use an oil tanker for a terrorist 
attack? To what extent have we considered this threat in planning for 
port security?
    What agency has lead responsibility for examining or addressing 
this threat? Is it the Coast Guard? Is it the Navy? Overall, what 
efforts are being made to improve our security on this front?
    Answer. Per the National Strategy for Maritime Security, the 
Department of Homeland Security, with the U.S. Coast Guard as its 
executive agency, has the primary responsibility for maritime homeland 
security. Additionally, per the Transportation System Sector-Specific 
Plan, the U.S. Coast Guard is the Sector Specific Agency (SSA) for the 
Maritime transportation mode. In these capacities, the Coast Guard has 
considered the potential for terrorists to attack oil tankers or other 
large vessels carrying high-consequence cargoes--either through 
external means (i.e., waterborne IED attack) or an internal attack, 
such as a bomb on board. Port security planning does account for such 
scenarios. However, absent cueing intelligence, preventing such attacks 
presents significant challenges.
    The Maritime Operational Threat Response (MOTR) process is 
significantly improving our national port security by integrating 
efforts among Federal, state and local partners. If cueing intelligence 
becomes available, the Coast Guard would exercise the MOTR process to 
engage other agencies as needed to ensure the vessel was located, 
intercepted, and boarded prior to approaching U.S. ports. If the threat 
were external, an armed escort would also be employed.
    Absent cueing, the Coast Guard uses a risk-based methodology to 
identify which vessels to board prior to entry into a U.S. port. Many 
risk factors, including vessel characteristics, compliance history with 
domestic and international security regulations, information provided 
in the advance Notice of Arrival (NOA) report which lists the cargo 
carried, and intelligence information, are considered in selecting 
boarding candidates. Part of that security boarding process includes 
ensuring the vessel is under the control of the legitimate operators, 
and determining whether or not it is safe to allow entry into port. The 
boarding officer also makes recommendations to the Coast Guard Captain 
of the Port as to whether or not additional security measures are 
warranted. Such precautions might include armed vessel escorts (to 
protect against an external attack) and/or Positive Control Measures 
(retaining armed Coast Guard members aboard during the transit, to 
detect internal threats).
    Beyond the above measures, the Maritime Transportation Security Act 
(MTSA) requires such vessels to have and maintain a Vessel Security 
Plan (including designation of a Security Officer), to have measures to 
address access control to critical spaces aboard the vessel and to 
regularly exercise the Plan. Such vessels are subject to both announced 
and unannounced Coast Guard spot checks and inspections to ensure 
compliance.

    Question 7. As you know, to help secure the overseas supply chain, 
the Maritime Transportation Security Act required the Coast Guard to 
develop a program to assess security measures in foreign ports and, 
among other things, recommend steps necessary to improve security 
measures in those ports. Subsequently, the SAFE Port Act required the 
Coast Guard to reassess security measures at the foreign ports every 3 
years. If foreign ports or facilities fail to maintain effective 
antiterrorism measures, the Coast Guard may deny entry to vessels 
arriving from that port or prescribe conditions of vessel entry into 
the United States. The Fiscal Year 2007 DHS Appropriations Act provided 
sufficient funding to increase the rate of foreign inspections from a 
5-year cycle to the required 3 year cycle. Is the Coast Guard 
sufficiently staffed to conduct these international inspections 
required under the SAFE Port Act? Do you have the resources you need to 
fulfill this requirement, or are additional resources needed?
    Answer. The Coast Guard is sufficiently staffed to conduct 
international assessments required under the SAFE Port Act. 
Additionally, the Coast Guard will be assessing security measures of 
U.S. trading partners every 2 years as required by the 2007 Department 
of Homeland Security Appropriations Act instead of every 3 years as 
required by the SAFE Port Act.

    Question 8. Does the Coast Guard's rotation of personnel from 
position to position prevent the development of an experienced 
workforce for this inspection program? Does that policy serve as a 
possible hindrance for the success of the international inspections?
    Answer. No. A training and qualification program exists to ensure 
personnel conducting the assessments can perform their duties. 
Furthermore, a cadre of civilian personnel provides experience and 
continuity for the program. Therefore, the rotation policy improves the 
Coast Guard's ability to perform the assessments as officers with fresh 
perspectives and a wide range of safety, security, and environmental 
protection backgrounds are constantly entering the program. Ultimately, 
this enhances the Coast Guard's ability to share best practices with 
the countries visited.

    Question 9. It seems that this inspection program might make some 
countries feel like their sovereignty is threatened--particularly if 
the inspections are fairly frequent. Has the Coast Guard encountered 
resistance from foreign governments on this inspection program? If so, 
how have you dealt with this challenge?
    Answer. The Coast Guard has encountered some reluctance, but no 
country has flatly refused to allow the Coast Guard to visit. The Coast 
Guard deals with this challenge in a variety of ways. First, we do not 
characterize visits as ``assessments'' but rather as country visits to 
exchange information and share best practices. The Coast Guard 
emphasizes to the host nation that sharing information can improve 
their security as well as that of the United States. Moreover, the 
Coast Guard has a cadre of International Port Security Liaison Officers 
stationed overseas who engage with the host country representatives to 
build relationships and trust. We also offer reciprocal visits with the 
host country partners to observe our security practices. Finally, the 
Coast Guard partners with the U.S. State Department's consular team to 
negotiate access, when necessary.

    Question 10. Does the Coast Guard have a management plan for TWIC 
enforcement in place? What are going to be the additional resource 
requirements for TWIC enforcement? What do you see as the challenges in 
carrying out the mission? Does the Coast Guard intend to have FTEs 
dedicated to TWIC enforcement or are these individuals going to be 
tasked with multiple missions?
    Answer. The Coast Guard has taken multiple steps to ensure TWIC 
enforcement, including producing a Concept of Operations governing 
Coast Guard enforcement of TWIC provisions, and updating the Coast 
Guard Law Enforcement Manual to incorporate TWIC. The Coast Guard is 
also in the process of producing TWIC enforcement policy guidance in 
the form of a Commandant Instruction. The Coast Guard intends to apply 
existing facility and vessel inspection personnel and leverage the 
capabilities of its law enforcement partners toward TWIC enforcement 
and does not currently expect to need additional resources for this 
specific enforcement mission.
    As with all enforcement responsibilities, protocols and procedures 
on scope and enforcement discretion must continually be validated. In 
addition, the Coast Guard faces challenges with implementation of TWIC 
readers, including acquisition of readers that meet the newly developed 
specification. The TWIC readers will incorporate new technology which 
requires appropriate testing for operation in all environments to 
ensure performance does not delay commerce, vehicles, or workers.
                                 ______
                                 
 Response to Written Question Submitted by Hon. Frank R. Lautenberg to 
                     Rear Admiral David P. Pekoske
    Question. How does this Administration intend to meet the 
requirements for getting top priority ``interagency operations command 
centers'' up and running by 2009? And how will this be done when the 
President had requested no funding for these projects next year?
    Answer. In the last 3 years the Coast Guard has established four 
Sector Command Center-Joint (SCC-J) facilities which host interagency 
representation from other agencies such as Customs and Border 
Protection (CBP) and the U.S. Navy (USN). In the Coast Guard's FY 2008 
budget both Rescue 21 (R21) and Nationwide Automated Information System 
(NAIS) projects will provide critical capability to select Coast Guard 
Command Centers.
    The Coast Guard and CBP established a senior guidance team in 2006. 
One of the work groups established evaluated joint Coast Guard/CBP 
operations center requirements and identified eight ``best practices'' 
being used in various ports. These were promulgated as guidelines for 
consideration by other local Coast Guard/CBP Sectors and Port 
Directors.
    In cooperation with DHS S&T, the Coast Guard has conducted test 
programs in two ports (Miami and Norfolk) evaluating software 
applications to automate situational awareness of port activity for the 
Coast Guard and associated port partners. Both of these tests are on-
going. The Coast Guard is also cooperating with the Department's SBINet 
program to ensure synergy whenever possible.
                                 ______
                                 
  Response to Written Questions Submitted by Hon. Daniel K. Inouye to 
                         Maurine Shields Fanguy
    Question 1. I understand TWIC enrollment began in Wilmington, 
Delaware on October 16, and you have finally announced the next eleven 
locations. When can we expect to see the deployment schedule for the 
TWIC program at the other 134 enrollment locations?
    Answer. On October 31, 2007, the Transportation Security 
Administration (TSA) released a general schedule for all 147 enrollment 
locations. TSA and the U.S. Coast Guard expanded the original list of 
134 to 147 based on stakeholder input. This listing provides monthly or 
quarterly deployment time-frames. The TWIC table shown is available to 
the public on TSA's website at www.tsa.gov/twic.

                                                             TWIC Quarterly Deployment Plan
                                                                [As of November 20, 2007]
--------------------------------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------------------------------
               October-December 2007      January-March 2008                   April-June 2008            July-September 2008
--------------------------------------------------------------------------------------------------------------------------------------------------------
October 16, 2007        Wilmington, DE              American Samoa             Palm Beach, FL             Alpena, MI               Bridgeport, CT
November 1, 2007        Corpus Christi, TX          Anacortes, WA              Panama City, FL            Anchorage, AK            Burlington, VT
November 7, 2007        Baton Rouge, LA             Ashtabula, OH              Pittsburgh, PA             Bangor, ME               Chester, PA
                        Tacoma, WA                  Bay City, MI               Port Canaveral, FL         Benicia, CA              Eureka, CA
                        Honolulu, HI                Bourne, MA                 Port Everglades, FL        Camden, NJ               Evansville, IN
November 8, 2007        Oakland, CA                 Buffalo, NY                Portland, OR               Chattanooga, TN          Houma, LA
                        Beaumont, TX                Calcite, MI                Richmond, CA               Coos Bay, OR             Lafayette, LA
November 14, 2007       Houston,TX                  Cincinnati, OH             S. Louisiana (La Place,    Coram, NY                Lindenhurst, NY
                                                                                LA)
                        Providence, RI              Duluth-Superior, MN        Salisbury, MD              Freeport, TX             Longview, WA
November 15, 2007       Chicago, IL                 Escanaba, MI               Sandusky, OH               Galveston, TX            New Castle, DE
                        Port Arthur, TX             Everett, WA                Sault Ste. Marie, MI       Greenville, MS           Pasco, WA
                        Savannah, GA                Green Bay, WI              St. Ignace, MI             Gulfport, MS             Pennsbury Manor, PA
November 21, 2007       Baltimore/Dundalk, MD       Guam                       St. Louis, MO              Guntersville, AL         Perth Amboy, NJ
                        Minneapolis, MN             Hilo, HI                   Tampa, FL                  Juneau, AK               Port Manatee, FL
                        St. Paul, MN                Huntington, WV             Texas City, TX             LaPorte, TX              Riverhead, NY
                        Lake Charles, LA            International Falls, MN    Toledo, OH                 Little Rock, AR          Sacramento, CA
November 28, 2007       Charleston, SC              Jacksonville, FL           Traverse City, MI          Marcus Hook, PA          St. Croix, USVI
November 29, 2007       Cleveland, OH               Kahului, Maui, HI          Vicksburg, MS              New Haven, CT            St. Thomas, USVI
                        Detroit, MI                 Key West, FL               Victoria, TX               New London, CT           Stockton, CA
                        Port Fourchon, LA           La Plata, MD               Wilmington, NC             Nikiski, AK              Vancouver, WA
November 30, 2007       Boston, MA                  Lorain, OH                                            Paducah, KY
December 5, 2007        Brownsville, TX             Louisville, KY                                        Paulsboro, NJ
                        Mobile, AL                  Marine City, MI                                       Point Comfort, TX
December 12, 2007       Brunswick, GA               Marquette, MI                                         Ponce, PR
                        Milwaukee, WI               Memphis, TN                                           Port Hueneme, CA
December 13, 2007       Philadelphia, PA            Miami, FL                                             Portland, ME
Mid December            Albany, NY                  Morehead City, NC                                     Portsmouth, NH
                        Indiana Harbor, IN          Morgan City, LA                                       Rochester, NY
                        Long Beach, CA              Muskegon, MI                                          Saipan
                        Los Angeles, CA             Nashville, TN                                         San Diego, CA
                        Seattle, WA                 New Orleans, LA                                       San Francisco, CA
                        Tulsa, OK                   New York/New Jersey #2                                San Juan, PR
Late December           Joliet, IL                  New York/New Jersey #3                                Valdez, AK
                        Kansas City, MO             Newport News, VA
                        Kauai, HI                   Norfolk, VA
                        New York/New Jersey #1      Ontonagon, MI
                        Peoria, IL                  Oswego, NY
--------------------------------------------------------------------------------------------------------------------------------------------------------

    As the start of the enrollment period for each grouping of ports 
nears, TSA will post a specific enrollment start date in the Federal 
Register. To date, TSA has announced the start of enrollment for 22 
locations in the Federal Register.

    Question 2. How many mobile enrollment stations has the TSA 
contracted to use in addition to the fixed enrollment stations? How are 
they being distributed throughout the country? How would an employer go 
about arranging for a trusted agent to enroll employees at their 
facility?
    Answer. Currently there are approximately 100 mobile centers 
identified. Additionally, Lockheed has the ability to deploy additional 
resources based on enrollment surges and owner/operator demands. We 
will continue to evaluate the need for mobile centers throughout the 
program's deployment. Employers interested in arranging for a mobile 
enrollment center, should contact the Lockheed Martin Operations 
Manager, Stacy Bonnah-DeMoss at 703-310-9157, or the Field Coordinator 
to discuss arrangements at the requestor's facility.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Maria Cantwell to 
                         Maurine Shields Fanguy
    Question 1. My understanding is that when the TWIC card reader 
becomes available and is deployed at ports, workers wanting to gain 
access to secure areas will have to present their finger to the card 
reader only when there is an elevated threat level--MARSEC LEVEL 2 and 
above. Is that the case? Since 9/11, how many occasions have ports been 
at MARSEC LEVEL 2 and above?
    Answer. Currently there are no regulatory requirements pertaining 
to use of TWIC readers. However, initial testing and evaluation of TWIC 
readers is expected to begin during calendar year 2008 as part of pilot 
testing. Data from pilot tests will be used to inform the second 
rulemaking which will address use of readers aboard MTSA-regulated 
vessels and facilities.
    Including 9/11, there have been 10 occasions of the Coast Guard 
setting MARSEC Level 2 or above.

    Question 2. On a day-to-day basis, when a port is at MARSEC LEVEL 
1, would a port only be validating that the TWIC card being presented 
is authentic but not that the TWIC card being presented actually 
belongs to the individual presenting it? Isn't the purpose of TWIC to 
authenticate the identity of the worker?
    Answer. The purpose of the TWIC card is to authenticate the 
identity of the workers. Currently, there are no regulatory 
requirements pertaining to the use of TWIC readers. However, initial 
testing and evaluation of TWIC readers is expected to begin in calendar 
year 2008 as part of our pilot phase. Data from the pilot tests will be 
used to inform the second rulemaking which will propose regulations 
related to the use of readers aboard MTSA-regulated vessels and 
facilities.

    Question 3. I am concerned that the deployment of a durable, 
reliable, cost effective contactless card reader that can work in a 
maritime environment is years away. In the meanwhile, if allowed to, I 
believe that some ports may choose to purchase card readers that do not 
have finger template matching capability, deploy these readers at most 
its gates, and only purchase one or two more expensive card readers 
with finger template matching capability. In the event of a MARSEC 
LEVEL 2, there would likely be a couple of chokepoints at a port, at a 
time it least can afford it. What can you do to ensure that ports will 
purchase and deploy card readers at all gates that can operate at 
MARSEC LEVEL 2?
    Answer. Currently, there are no regulatory requirements pertaining 
to the use of TWIC readers. However, initial testing and evaluation of 
TWIC readers is expected to begin in calendar year 2008 as part of our 
pilot phase. Data from the pilot tests will be used to inform the 
second rulemaking which will propose regulations related to the use of 
readers aboard MTSA-regulated vessels and facilities. We are committed 
to striking an optimal balance between commerce and security and will 
strive to minimize disruption to seaport activities during periods of 
heightened alert.
                                 ______
                                 
Response to Written Questions Submitted by Hon. Frank R. Lautenberg to 
                         Maurine Shields Fanguy
    Question 1. How many TWIC cards have been issued and activated as 
of today?
    Answer. As of Friday, November 16, 2007, there have been 4,574 
enrollments and 1,061 credentials activated.
    Question 2. How many TWIC card readers are in place as part of the 
pilot program?
    Answer. One of the main purposes of the pilot is to configure 
readers for contactless reading of a Transportation Worker 
Identification Credential card. We anticipate having these in place in 
the early 2008 time-frame.

    Question 3. I understand that ports which are testing new TWIC card 
readers as part of a TSA pilot program are being required to use their 
port security grant funds to do so, and must pay for 25 percent of the 
cost. Why doesn't TSA pay for the entire amount of testing? I 
understand TSA has authority to waive the cost share requirement under 
the port security program. Do you intend to do this?
    Answer. The Security and Accountability For Every Port Act of 2006 
(SAFE Port Act) instructed the Department of Homeland Security to 
conduct a pilot program to test the business processes, technology, and 
operational impacts required to deploy transportation security card 
readers at secure areas of the marine transportation system. The 
overall Transportation Worker Identification Credential (TWIC) program 
and this TWIC Pilot Program are managed by TSA. However, the Pilot 
Program is funded through the Port Security Grant Program (PSGP); 
therefore all of the requirements of PSGP must be met, including the 
25-percent match. TSA does not have the authority to waive the cost 
share requirement under PSGP. Pursuant to 46 U.S.C. 70107(c)(2)(b), 
only the Secretary of Homeland Security has the authority to waive this 
requirement. Waiver requests for these projects have been submitted to 
the Secretary and are being reviewed.

    Question 4. What progress has your agency made in establishing a 
system to ensure that 100 percent of all incoming containers are 
scanned for radiation before being shipped to our shores?
    Answer. Lessons learned from the initial deployment of the Secure 
Freight Initiative (SFI) will assist CBP in meeting this requirement in 
a practical and measured manner, and in a way that does not adversely 
affect global trade. On October 12, 2007, Southampton, United Kingdom; 
Port Qasim, Pakistan; and Puerto Cortez, Honduras became the first 
fully operational seaports to implement SFI. These ports fulfill the 
requirements set out in the Security and Accountability For Every Port 
Act of 2006, (SAFE Port Act) which establishes a program that couples 
Non-Intrusive Inspection (NII) and radiation detection technology. At 
these three ports, all maritime containers destined for the United 
States are scanned using radiation detection and imaging equipment. 
Data from these systems is then provided to U.S. officials at U.S. 
Customs and Border Protection's National Targeting Center for analysis.
    Four additional ports will become operational for Phase I of the 
project and will provide scanning on a limited capacity basis: 
Singapore's Brani terminal; Busan, Korea's Gamman terminal; Hong Kong's 
Modern Terminal; and Salalah, Oman. DHS, Department of Energy's 
National Nuclear Security Administration (NNSA) and Department of 
State, partnered with these ports because they pose different 
challenges and provide diverse environments in which to evaluate 
various options. Specifically, these ports will help to elucidate how 
effective and efficient 100 percent scanning can be in high-volume and 
transshipment ports.
    A report is due to Congress in April 2008 on the status of 100 
percent scanning abroad. DHS continues to develop and refine the 
metrics used to define the success and challenges of the SFI program in 
the selected ports. As the recently passed 9/11 Act requires 100 
percent scanning by 2012, the information contained in this report will 
be critical in determining an appropriate and responsible path forward 
for SFI.

    Question 5. When will TSA complete threat assessments for port 
truck drivers, as required by Section 125 of the SAFE Port Act of 2006?
    Answer. The Transportation Security Administration (TSA) 
anticipates completion of the threat assessments for port truck drivers 
by summer 2008. Collection of driver information from all state motor 
vehicle licensing agencies is underway at this time. There is 
substantial variation in the technological capabilities of the states, 
leading some to respond to TSA's request earlier than others. Also, as 
the Transportation Worker Identification Credential is deployed across 
the country we will enroll these drivers and they will go through a 
much more thorough check than the name-based check, which will be done 
perpetually.
                                 ______
                                 
  Response to Written Questions Submitted by Hon. Daniel K. Inouye to 
                        Hon. Thomas S. Winkowski
    Question 1. Based upon your experience to date with the development 
of the pilot program to test integrated scanning systems in three 
foreign ports, what have you found to be your major obstacles? What 
costs has the Federal Government incurred to implement this pilot 
program?
    Answer. The success of the Secure Freight Initiative (SFI) pilots 
in Qasim (Pakistan), Cortes (Honduras), and Southampton (UK) 
illustrates that scanning all U.S.-bound maritime containers in a 
foreign port is feasible on a relatively contained scale. However, 
successfully deploying container scanning equipment in these three 
ports and establishing SFI in the four limited capacity ports (Hong 
Kong; Singapore; Busan, Korea; and Salalah, Oman) has presented certain 
technological, logistical and diplomatic challenges, such as the 
following:

   Re-configuring port layouts to accommodate the equipment 
        without affecting port efficiency;

   Addressing health and safety concerns of host governments 
        and respective trucking and labor unions;

   Ensuring the sustainability of the scanning equipment in 
        extreme weather conditions and certain port environments in 
        third-world countries;

   Determining who will incur the costs for operating and 
        maintaining the scanning equipment;

   Developing local response protocols for adjudicating alarms;

   Varying costs of transferring the data back to the United 
        States (National Targeting Center) in real-time, etc.;

   Addressing data privacy concerns in regards to the scanning 
        data;

   Concluding arrangements with partnering nations and terminal 
        operators that may own and operate the scanning equipment;

   Staffing implications for both the foreign customs service 
        and terminal operator;

   Licensing requirements for the scanning technology; and

   The potential requests for reciprocal scanning of U.S. 
        exports as a condition for a country's cooperation in SFI.

    Thus far, becoming fully operational and negotiating SFI 
implementation has cost the Department of Homeland Security (DHS) 
$30,445,126.83. The breakdown of costs is as follows:

------------------------------------------------------------------------
                   CBP Cost Element
------------------------------------------------------------------------
Analytical Study                                             $200,000.00
Communications                                             $2,709,878.76
Equipment                                                 $10,155,000.00
Hardware                                                   $2,996,193.51
Hardware (server license)                                     $82,131.68
Port Deployment Support                                      $463,923.00
Program Office Support                                     $1,657,500.00
Software Development                                      $10,080,883.71
Software License                                             $628,485.93
Software Support                                             $140,535.29
Training                                                     $231,502.36
Travel                                                     $1,099,092.59
------------------------------------------------------------------------
    Total                                                 $30,445,126.83
------------------------------------------------------------------------

    Through FY 2007, the National Nuclear Security Administration has 
spent a total of $29.3 million to implement SFI. The breakdown is as 
follows:


------------------------------------------------------------------------

------------------------------------------------------------------------
Equipment
  RPMs                                                        $1,468,289
  ASPs                                                          $368,194
  RIIDs                                                         $862,220
  MRDIS                                                       $1,863,750
  OCR                                                           $350,000
  Handhelds                                                     $134,304
    Total Equipment                                           $5,046,757
------------------------------------------------------------------------
    Installation Total                                       $17,278,581
------------------------------------------------------------------------
    Communication Total                                       $5,935,582
------------------------------------------------------------------------
    Testing Total                                               $465,000
------------------------------------------------------------------------
    Maintenance Total                                           $550,000
------------------------------------------------------------------------
    Grand Total Expenditures                                 $29,275,920
------------------------------------------------------------------------


    Question 2. What actions have you taken to satisfy the 100 percent 
domestic scanning requirement in the SAFE Port Act for the top 22 U.S. 
ports? Are you currently in a position to meet the deadline of December 
2007? What complications have you experienced to date and what steps 
are you taking to address these complications?
    Answer. RPMs were commissioned at San Diego and Tioga during 
December of 2007, completing all planned RPM deployments for the top 22 
U.S. ports by the end of Calendar Year 2007. With these deployments, 
U.S. Customs and Border Protection (CBP) now scans greater than 97.3 
percent of all seaport containerized cargo.
    Complications experienced were associated with intermodal terminals 
which use straddle carriers to transport containers to rail. These 
terminals (Maher in Elizabeth, New Jersey; PCT, T-4 and T-7 in Tacoma, 
Washington; and West Palm Beach in Florida) account for approximately 
2.1 percent of all container volume entering the United States. The 
current technology solutions cannot screen cargo transported by 
straddle carriers. Hence they have been deferred pending a new 
solution. CBP is working with the Domestic Nuclear Detection Office on 
this solution.

    Question 3. Although recommended by the GAO and required by the 
SAFE Port Act, minimum technical operating standards for non-intrusive 
inspection equipment at CSI ports have yet to be established. What 
assurances does our Nation have that this equipment is capable of 
detecting weapons of mass destruction within high-risk containers?
    What actions has the agency taken to develop technological 
performance standards for scanning equipment, both domestically and at 
CSI ports? When do you anticipate finalizing the technological 
performance standards? What assurances does our Nation have that this 
equipment is capable of detecting weapons of mass destruction within 
high-risk containers?
    Answer. Through the Container Security Initiative (CSI), U.S. 
officers work with host customs administrations to establish security 
criteria for identifying high-risk containers. With the establishment 
of security criteria, CBP has benefited in our ability to identify 
high-risk containers for terrorism and also by the information received 
when the host government conducts examinations. Prior to CSI, many of 
these customs administrations were not using non-intrusive imaging 
(NII) technology to inspect the high-risk containers before they were 
shipped to U.S. ports. With the establishment of CSI, the host 
government administrations of the 58 CSI operational ports have 
invested millions of dollars on NII equipment and have also purchased 
their own radiation detection devices to include Radiation Portal 
Monitors to use as part of their examination process. Consequently, the 
level of examinations conducted at CSI locations increased by 93 
percent from 70,902 in Fiscal Year (FY) 2006 to 136,815 in the FY 2007. 
These increased levels of workload resulted in an array of enforcement 
actions and investigative cases. This level of success could not have 
been accomplished without the host government continued cooperation and 
the resulting effective examination process.
    Host government officials have not hesitated in providing CBP with 
all the information derived from equipment used for the inspection of 
containers. This equipment is equal to or better than the equipment 
used by CBP at its domestic ports. CBP officers are fully trained in 
the equipment being used by the host government, and in the cases where 
CBP has provided NII equipment, those host government customs officers 
have also been trained in the use of that equipment.
    In addition to this, CBP, through its Capacity Building Branch 
within the Office of International Affairs and Trade Relations, is 
providing training and technical assistance to the customs 
administrations of a number of countries that currently participate in 
CSI, including Brazil, Honduras, the Dominican Republic and South 
Africa. This training and technical assistance forms a long-term 
capacity building program to support implementation of the World 
Customs Organization Framework of Standards to Secure and Facilitate 
Global Trade. The standards incorporated into the Framework incorporate 
many of the key elements which support CSI including: the advance 
electronic presentation of cargo information; the screening of cargo 
containers using non-intrusive inspection equipment; the use of 
automated risk management systems; the standardization of targeting 
criteria to identify high-risk cargo and containers; an emphasis on 
employee integrity programs; and the inspection of cargo in the country 
of origin, transit and destination.
    CBP's Training and Assistance Division of the Office of 
International Affairs and Trade Relations currently provides a number 
of assistance and training programs to foreign customs and border 
security agencies to facilitate implementation of port security 
antiterrorism measures. Through its Capacity Building program in 
support of the World Customs Organization Framework of Standards to 
Secure and Facilitate Global Trade, CBP provides a long-term training 
and technical assistance program to partner customs administrations 
that includes an in-depth assessment of its seaport security practices.

    Question 3a. What actions has the agency taken to develop 
technological performance standards for scanning equipment, both 
domestically and at CSI ports?
    Answer. Domestically for imaging systems, CBP uses American 
National Standards Institute (ANSI) and the Occupational Safety and 
Health Administration (OSHA) radiation standards and other Federal 
standards, such as the National Fire Protection Association's (NFPA 
79), Electrical Standards for Industrial Machinery to procure NII 
equipment. CBP is presently using the Draft Standard for Determination 
of the Imaging Performance of X-Ray and Gamma-Ray Systems for Cargo and 
Vehicle Security Screening, IEEE PN42.46/D1 dated July 2007, prepared 
by the Cargo/Vehicle Working Group of the National Committee on 
Radiation Instrumentation N42 Committee. Draft Standard is in final 
stages of approval.
    For radiation portal monitors (RPM), CBP uses the technological 
performance standard ANSI N42.35 standard for the Polyvinyltoluene 
(PVT) radiation detection technology and the N.42.38 standard for the 
Advanced Spectroscopic Portal technology.
    CBP worked with a number of agencies to define and specify the 
performance requirements for radiation scanning, resulting in the 
Department of Energy threat guidance for radiological materials 
document. The development of this standard used a number of CBP inputs:

        1. Types of conveyances to be scanned (automobiles, commercial 
        vehicles, containers, etc.) for radiation.

        2. Types of cargo that are imported that may provide shielding 
        of the radiation.

    CBP then used the performance requirement to identify, procure, and 
validate the detection capability of systems to deploy.

        1. Used Request for Information (RFI) to determine the 
        capability of existing equipment to meet the CBP requirements.

        2. Purchased and evaluated several manufacturers of radiation 
        detection equipment.

        3. Used the RFI and evaluation information to develop 
        procurement specifications that pushed the limits of commercial 
        off the shelf (COTS) equipment.

        4. Issued Request for Proposals (RFPs) to viable manufacturers 
        of radiation portal monitor type equipment.

        5. Awarded a single competitive contract (based on pricing) for 
        the first generation (PVT-based) radiation portal monitors.

        6. Verified the systems meet the CBP requirements through a 
        series of factory and government acceptance tests, supplemental 
        testing at a national laboratory, and field validation in a CBP 
        port.

    CBP also developed a process for establishing NII technological 
performance standards that are based on current industry capabilities 
and will accommodate future technology advances. To develop these 
technological performance standards CBP has taken the following 
actions:

   Identified the types of containers (e.g., automobiles, 
        trucks, railcars, sea containers) that must be penetrated to 
        scan the commodities within the containers.

   Used CBP's commodities list that contains the type, volume 
        and density of commodities entering the United States to 
        determine the penetration, contrast sensitivity and resolution 
        needed to detect illicit materials.

   Used Research and Development (R&D) capabilities as input to 
        develop the initial baseline for operational requirements.

   Issued RFIs to determine latest industry capabilities to 
        meet or exceed CBP requirements.

   Used RFI responses to update initial technology performance 
        requirements.

   Issued RFPs to vendors that could meet or exceed CBP 
        performance requirements for penetration, contrast sensitivity, 
        resolution and environmental needs.

   Included provisions for vendors to provide the government 
        with the most current technology and the ability to offer 
        technology refreshments in the future.

   Awarded an Indefinite Delivery/Indefinite Quantity (IDIQ) 
        contract to five vendors to compete and provide NII equipment 
        that satisfied performance specifications for penetration, 
        contrast sensitivity, resolution and throughput; and other 
        requirements such as the North American Train Bridge Envelope 
        for height and width requirements, image quality, controlled 
        operating area footprint, and environmental requirements for 
        operating in -20 +F 120 +F.

   Under a DHS approved Test and Evaluation Master Plan (TEMP), 
        CBP performs government acceptance testing on all domestic and 
        CSI NII equipment procured under the CBP IDIQ contract to 
        include Government Factory Tests and Site Acceptance Tests to 
        insure all performance standards and requirements are met.

    For CSI ports, CBP has submitted the United States' ``Declaration 
of Intent'' to adopt the World Customs Organization ``Framework of 
Standards to Secure and Facilitate Global Trade.'' This international 
strategy will combat terrorism and protect trade and the global 
economy.
    The framework incorporates key elements of the U.S. strategy for 
securing trade and harmonizes certain customs standards and procedures 
among World Customs Organization members that implement the framework. 
These key elements are based in large measure on initiatives, systems 
and processes designed and implemented by CBP--including the CSI 
program, the ``24-Hour Rule'', the Automated Targeting System and the 
Customs-Trade Partnership Against Terrorism (C-TPAT).
    Core elements of the framework are: harmonization of advance 
electronic manifest requirements on inbound shipments; outbound transit 
shipments; a standard approach to risk management; inspection of 
outbound cargo using non-intrusive detection equipment; and providing 
tangible benefits to businesses that meet minimum supply chain security 
standards and implement best practices. CBP has further recommended 
that its counterparts in host nations purchase NII systems that follow 
the guidelines on page 10 of the World Customs Organization, Customs 
Compendium, Container Scanning Equipment, Guidelines to members on 
administrative consideration of purchase operation.

    Question 3b. When do you anticipate finalizing the technological 
performance standards?
    Answer. As stated above, CBP has continued to recommend that its 
counterparts in host nations purchase NII systems that follow the World 
Customs Organization Compendium and has incorporated this language in 
all Declarations of Principles that were signed by all new participants 
to the CSI Program, beginning with Portugal (July 2005).

    Question 4. Section 204 of the SAFE Port Act required that CBP 
establish standards for cargo locks and seals. When can we expect these 
standards to be finalized?
    Answer. On May 18, 2007, the DHS notified Congress of its decision 
not to initiate a rulemaking proceeding to establish minimum standards 
for securing containers in transit to the United States within the 
mandated timeline. DHS readily acknowledges that the process of 
securing the container is a critical component of a multi-layered 
strategy to secure the entire supply chain. However, DHS does not 
believe, at the present time, the necessary technology exists for such 
a solution.
    The CBP-developed Conveyance Security Device system and component 
technical requirements were published in a RFI on December 12, 2007.
    DHS policy concerning applicability and use will be determined when 
an acceptable device(s) is approved.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Maria Cantwell to 
                        Hon. Thomas S. Winkowski
    Question 1. In my state there are both public and private ferries 
that operate between cities in Washington and points in Canada. 
Immigration clearances are performed in Canada prior to the passenger 
departing, but the customs declaration and clearance is performed in 
the U.S. The SAFE Port Act gave DHS 120 days to develop a plan for the 
inspection of passengers and vehicles in ferries bound for the U.S. 
before the vehicles and passengers are loaded onto the vessel. It makes 
sense to co-locate the immigration and customs declarations function 
and perform them prior to when the ferry departs for the U.S. When 
should the committee expect to receive the Department's plan?
    Answer. CBP advised that they have completed the review and 
currently pursuing developing a plan as required by section 122 of the 
SAFE Port Act. Additionally, CBP reached out to ferry owners and 
operators to gauge their interest in a ferry pre-clearance process. 
Those owner/operators that provided comments at this early stage were 
very adamant that any procedures developed by CBP should not include 
cost to be borne by the ferry owners/operators.
    In order to move to ``full preclearance'' in Victoria whereby 
immigration, customs, and agricultural missions are conducted at one 
site, the infrastructure in Victoria must be upgraded. Each of the 
three facilities in Victoria are dated, lack adequate space for 
efficient inspections and vehicle queuing, and offer limited 
administrative workspace to CBP officers. The Province of British 
Columbia and the Sea Ferry Operators themselves have been reluctant to 
fund the improvements necessary to move to ``full preclearance.'' It is 
CBP's position that the Province and/or the Sea Ferry operators are 
responsible for adequate facilities.
    CBP has similar concerns about implementing such a process in other 
ferry locations as well. Foreign governments and the private sector 
have indicated a reluctance to fund security enhancements that they 
view as solely beneficial to the U.S. Government. In addition, there 
are sovereignty concerns that arise when negotiating with Canada and 
other countries on such issues. The countries--Canada, Mexico, 
Dominican Republic, and the UK (British Virgin Islands)--are concerned 
about the resource implications as well as whether their officials 
would be granted similar authorities within the United States. There is 
also a concern that further pursuit of this initiative could make 
future attempts at cooperation on other homeland security matters more 
difficult and undermine our ability to provide the types of services 
currently underway.

    Question 2. A number of my constituents living in Whatcom, Skagit, 
and Snohomish counties own or rent boats, and take weekend or in some 
cases daily trips to Canada. Until the beginning of 2006, the state had 
seven customs points of entry. Subsequently, the ports of entry in the 
Cities of Bellingham and Everett were dropped. Unless you live out 
there or visit these communities it may be hard to understand why this 
is such a big deal. Do you know why the two custom ports of entry were 
closed? How was this decision disseminated to the affected communities? 
Are the closures the result of lack of available staffing resources?
    Answer. As of January 1, 2006, pleasure boaters in Puget Sound have 
been restricted to reporting for face-to-face inspections at five (5) 
designated Puget Sound locations. The five (5) locations are 
strategically located at the north and east entryways into the Sound: 
Point Roberts, Friday Harbor, Roche Harbor, and Anacortes to the north, 
and Port Angeles to the east.
    Historical records support the restriction to the above locations, 
with the majority of boaters arriving at Friday and Roche Harbors. The 
strategy provides CBP with an improved enforcement posture in the 
pleasure boat arena. Boaters arriving from foreign locations may still 
call on other ports within the Sound for clearance. However, they must 
make appointments in advance. Boaters who have not stopped at a 
designated location and do not have an appointment for clearance at 
another port may be subject to penalty.
    The boating community was notified via press release and flyers of 
the change to designated ports for processing. Flyers were distributed 
at boat shows and outreach was conducted to include boat clubs, marinas 
and a northwest boater magazine to maximize notification.
    To reduce the number of potential face-to-face inspections that are 
required for pleasure boaters within this area, the Seattle Field 
Office implemented a strong campaign during FY 2005 to register boaters 
into the Canadian Border Boat Landing Permit Program (I-68). Approved 
participants must pass enforcement checks and an interview process. 
Once approved, participants are allowed to phone-in arrivals in lieu of 
meeting with a CBP officer, unless otherwise directed. Participation in 
NEXUS, a bilateral program with Canada, also provides boaters the 
privilege of phoning in arrivals by boat. This program also requires an 
applicant to go through enforcement checks and interviews by both 
Canada and U.S. officers prior to acceptance into the program.

    Question 3. I have heard from several ports in my state that when 
considering proposals to submit to the Port Security Grant program, 
port personnel focus on the proposed project's total life cycle costs 
in addition to the up front acquisition costs. They tell me that 
sometimes the best ideas do not go forward because the Port Security 
Grant program does not cover the operation and maintenance of systems 
obtained under the grant. Is it the case that the Port Security grant 
program does not cover operation and maintenance costs? Have any ports 
discussed with the agency concerns over the lifecycle costs for systems 
acquired with Port Security grant funds?
    Answer. Since FY 2006, the cost of acquisition, operation, and 
maintenance of security equipment or facilities to be used for security 
monitoring and recording, security gates and fencing, marine barriers 
for designated security zones, security-related lighting systems remote 
surveillance, concealed video systems, security vessels, and other 
security-related infrastructure or equipment that contributes to the 
overall security of passengers, cargo, or crewmembers are allowable. In 
addition, routine maintenance costs for security monitoring, such as 
the cost of tapes for recording, have been allowable. However, these 
O&M costs are only allowable during the award period and business 
operations and maintenance costs, such as personnel costs and items 
generally characterized as indirect or ``overhead'' costs, are 
unallowable.
                                 ______
                                 
Response to Written Questions Submitted by Hon. Frank R. Lautenberg to 
                        Hon. Thomas S. Winkowski
    Question 1. Since the 2006 Inspector General report on the 
Automated Targeting System, what has your agency done to take advantage 
of other sources of intelligence information, or even commercially-
available data to better screen potentially dangerous cargo?
    Answer. CBP integrates intelligence information into ATS for the 
targeting and identification of high risk cargo utilizing a variety of 
methods. This information is vetted and integrated into ATS as a system 
rule or as part of a weight set to include national lookouts.
    The CBP Office of Intelligence and Operations Coordination (OIOC) 
reviewed and updated the ATS National Security weight sets for ocean, 
air and truck (Northern and Southern) cargo during 2007. These weight 
sets are utilized by CBP to provide threshold targeting for national 
security risks utilizing ATS. OIOC worked with the Office of Field 
Operations (OFO) to implement the Auto Hold Event program in the ocean 
environment. Shipments scoring above the ATS National Security 
threshold in the ocean environment are automatically placed on hold by 
ATS for further review, vetting, and possible examination by CBP field 
personnel.
    In 2007 OIOC developed, analyzed and implemented an updated 
``Country of Interest'' list for security cargo targeting in ATS based 
on the analysis of intelligence reports and external data sources. OIOC 
continually utilizes information from the intelligence stream to create 
and update Weapons of Mass Destruction (WMD), Weapons of Mass Effect 
(WME), and conventional weapons rules in ATS. OIOC personnel monitor 
updates to Entity list designations made by the Office of Foreign Asset 
Control (OFAC) for extraction and upload into ATS.
    OIOC has worked with personnel from Other Government Agencies (OGA) 
to create and update ATS Weight sets utilized by OGA responsible for 
targeting and intercepting cargo for security and terrorism threats. 
OIOC created a weight set for the U.S. Department of Agriculture's 
(USDA) Animal and Plant Health Inspection Service (APHIS) personnel 
responsible for targeting shipments in ATS posing a threat for agro-
terrorism risk. This included the integration of an APHIS identified 
``Country of Interest'' list and plant and animal disease tables. OIOC 
also created an ATS weight set for Food Safety and Inspection Service 
(FSIS) personnel in order to target importations (i.e., ensuring that 
the Nation's commercial supply of meat, poultry, and egg products is 
safe, wholesome, and correctly labeled and packaged).
    CBP is testing the capability for field users to create independent 
rules and rule sets (User Defined Rules). User Defined Rules (UDR) 
functionality for the creation of National Lookouts has been 
incorporated into ATS to ensure information received in intelligence 
stream and through operations conducted by CBP can proactively be 
added. CBP utilizes real time information gathered from CBP 
Intelligence, Law Enforcement Entities, OGA and other foreign 
governments for incorporation in ATS rules, weight sets and specific 
entity lookouts on a continuous basis to ensure threat assessments are 
properly communicated for incorporation in national security targeting. 
Following a maritime transportation security incident, CBP currently 
has the ability to modify or create rules and incorporate specific 
``Look Outs'' for identified national or local targeting threats. CBP 
has implemented functional and performance testing of ATS system rules, 
weight sets, and targeting elements employing these transactions in 
order to monitor and evaluate overall strategic targeting performance.
Commercial Available Data
    CBP has initiated several efforts to acquire additional data 
sources to enhance the targeting of high risk cargo. CBP has two 
commercial databases: ChoicePoint (AutoTrack) and Accurint (Lexis-
Nexis). In 2006, OFO revaluated the utilization of the ChoicePoint 
application, obligated funding and established a National ChoicePoint 
account for appropriate field personnel. In November 2005, the Accurint 
Commercial Database account was established. The Accurint account is 
maintained by DHS/CBP/OFO.
    ChoicePoint is a commercial database that allows approved users to 
search over seventeen billion current and historical records for 
comprehensive research on individuals and businesses. Users can cross-
reference public and proprietary records, including identity 
verification, information on relatives and associates, corporate 
information, real property records and deed transfers utilized to 
identify and manage risk and to detect anomalies.
    Accurint is a commercial database that provides a full site of 
investigative tools that enable approved users to locate people, detect 
fraud, uncover assets and verify identity by providing instant 
electronic access to a comprehensive catalog of public records and non-
public information. Accurint provides up to date information linking 
more than one hundred thirty-two million individuals, businesses, 
addresses and phone numbers.
    CBP has initiated several efforts to acquire additional data 
sources to enhance the detection and resolution of significant manifest 
anomalies, including Dunn and Bradstreet, outbound U.S. Post Office 
data and Electronic Notice of Arrival (eNOA) data from the U.S. Coast 
Guard.
Importer Security Filing and Additional Carrier Requirements
    CBP's `Importer Security Filing and Additional Carrier 
Requirements' notice of proposed rulemaking (NPRM) was published in the 
Federal Register on January 2, 2008. The NPRM will be available for 
public comment until March 18, 2008. At the conclusion of the comment 
period, CBP will carefully study and consider the recommendations it 
receives before drafting a final rule. After the final rule is 
published, CBP will provide the trade ample opportunity to reconfigure 
their automated systems, normally 90 days, after which, the final rule 
will go into effect. Once the final rule is in effect, CBP plans to 
work with the trade during a 1-year informed compliance implementation 
period.
    The onus of the new ``10+2'' data requirements rests upon the 
importers and vessel carriers, and not the overseas shippers. The 
importer or his agent will be responsible for filing the complete, 
accurate, and timely importer elements of the Security Filing. For the 
purposes of the proposed regulations, importer means the party causing 
goods to arrive within the limits of a port in the United States.
    Under the proposed ``10+2'' regulations, carriers would be required 
to submit a vessel stow plan and container status messages regarding 
certain events relating to containers loaded on vessels destined to the 
United States.
    OIOC is currently working with OFO to further develop the ATS 
Graphical User Interface (GUI) for display of the Security Filing data 
elements in ATS and the development and creation of additional 
targeting rules to identify high risk cargo shipments in the ocean 
environment based on these elements.

    Question 2. How has DHS implemented Section 203 of the SAFE Port 
Act of 2006?
    Answer. The requirements of section 203 of the SAFE Port Act are as 
follows:
Section 203
In General
    Section 203 of the SAFE Port Act requires the Secretary, DHS, 
acting through the Commissioner of U.S. Customs and Border Protection, 
to identify and seek the submission of data related to the movement of 
a shipment of cargo through the international supply chain and to 
analyze the data received to identify high risk cargo for inspection. 
The Commissioner shall require the electronic transmission of advanced 
information in the form of additional data elements that he determines 
are necessary to improve the high risk targeting of U.S.-destined 
commercial cargo prior to its lading at a foreign seaport.
Additional Data Elements for Improved Targeting of High-Risk Cargo
    Consideration shall be given to the cost, benefit and feasibility 
of: (A) requiring additional non-manifest documentation; (B) reducing 
the time period allowed by law for revisions to a container cargo 
manifest; (C) reducing the time period allowed by law for submission of 
certain elements of entry data, for vessel or cargo; and, (D) such 
other actions that the Secretary considers beneficial for improving the 
Automated Targeting System or any other targeting system in furthering 
the security and integrity of the international supply chain. In 
addition, the Commissioner shall consult with stakeholders, including 
the Commercial Operations Advisory Committee (COAC), and identify to 
them the need for such information, and the appropriate timing of its 
submission and the Secretary shall promulgate regulations to implement 
any changes made under Section 203.
Improvement of the Automated Targeting System
    With regards to the Automated Targeting System (ATS), the 
Secretary, acting through the Commissioner, shall: (1) conduct an 
independent review of the ATS that evaluates the effectiveness and 
capabilities of the systems; (2) consider future iterations of the 
system that would incorporate smart features, complex algorithms and 
real time intelligence; (3) ensure that the system has the capability 
to electronically compare manifests and detect and resolve anomalies in 
the data; (4) ensure that the ATS has the capability to electronically, 
identify, compile and compare select data elements for cargo entering 
or bound for the U.S. following a maritime transportation security 
incident in order to identify cargo for increased inspection or 
expeditious release; and (5) address a schedule to address the 
recommendations of the Comptroller General of the United States, the 
Inspector General of the Department of the Treasury, and the Inspector 
General of the Department with respect to the operation of the 
Automated Targeting System. Finally, all submission of information 
under these requirements are to be transmitted in secure fashion.
Section 203 Implementation
Acquiring Additional Data Elements for Improving the Targeting of High-
        Risk Cargo
    To improve its ability to target high-risk, ocean-borne 
containerized and break-bulk cargo, CBP published a notice of proposed 
rulemaking (NPRM) on January 2, 2008, which would require importers and 
carriers to submit additional data. As proposed, this data would 
include:

   The Importer's 10 (I-10): Ten new pieces of information 
        (four of which currently appear on the Entry) filed by the 
        Importer 24 hours prior to the container being laden on a U.S.-
        bound vessel.

   The Carrier's 5 (C-5): Five new pieces of information based 
        on the I-10 where there is no U.S. importer of record (e.g., 
        cargo that is for Immediate Export or Transportation and 
        Export, and Foreign Cargo Remaining on Board filed by the 
        Carrier, acting as the constructive Importer) prior to the 
        container being laden on a U.S.-bound vessel.

   The Stow Plan: The vessel stow plan showing the vessel cargo 
        configuration (as well as identifying and listing the actual 
        containers aboard a vessel) after leaving the last foreign port 
        bound for the United States, filed by the Vessel Operating 
        Carrier 48 hours after departure (or prior to arrival for short 
        haul legs). The stow plan and container list will be vetted 
        against the manifested container list to identify any 
        unmanifested containers electronically prior to vessel arrival.

   Container Status Messages: Messages in regard to lifecycle 
        container events (i.e., actual physical container movements), 
        filed daily by the responsible carrier for all of its 
        containers en route to the United States.

    CBP proposed the additional data elements after a thorough 
consultation with the COAC and Trade Support Network. During this 
consultation, CBP communicated the need to have access to additional 
data elements for targeting purposes, and the trade community had an 
opportunity to express its concerns, such as the security of the data. 
The consultation was conducted in conjunction with an independent 
internal review which included targeting and field representatives as 
well as trade experts. This process resulted in the selection and, in 
the case of the I-10 and C-5, refined definition of the additional 
data, which CBP determined would add the most critical value to its 
targeting operations without impeding the flow of legitimate commerce. 
The security of the data is not an issue as the proposed submission 
methods for the I-10 and the C-5 are based on current secure 
transmission methods (Automated Broker Interface and Automated Manifest 
System). Further, the carriers have requested the ability to use Secure 
File Transfer Protocol (SFTP) or e-mail for submitting stow plans and 
sFTP for Container Status Messages.
    Complying with SAFE Port Act Section 203(e), in August 2006, the 
DHS Office of Inspector General (DHS OIG) conducted a review of CBP 
Automated Commercial Screening and Targeting Release (OIG Report OIG-
06-56). In November 2006, Sentinel HS conducted an independent review 
of the effectiveness and capabilities of CBP Automated Targeting System 
maritime targeting. In November 2006, the DHS OIG conducted a second 
review of Targeting for Oceangoing Cargo Containers (OIG Report OIG-07-
09). Additionally, in September 2007, DHS OIG conducted a third review 
of Targeting Oceangoing Cargo Containers (OIG Report OIG-07-72).
    In February 2006, CBP entered into a partnership with the S&T 
Directorate's Homeland Security Advanced Research Projects Agency 
(HSARPA) to explore the application of advanced analytical tools in the 
cargo-targeting environment to assess the incorporation of additional 
smart features into ATS. Three projects are underway to help CBP to 
develop predictive modeling, anomaly detection, and visualization tools 
that are customized to specifically analyze CBP cargo data. In addition 
to this effort, the CBP Deputy Commissioner established several work 
groups--comprised of CBP/OFO staff, Office of Information and 
Technology (OIT) personnel, Office of Anti-Terrorism staff, statistical 
analysts, and intelligence analysts--charged with using the historical 
findings, transactional data, and intelligence to investigate the 
feasibility of statistically calibrating the maritime security rules in 
December 2006. Other foci of the groups were to identify the creation 
of new optimized groups of rules and discovery of new rules. This group 
produced a presentation to the Deputy Commissioner and Assistant 
Commissioner of OFO, outlining the findings of the study and 
recommending potential changes to rules and weight sets. CBP OIT and 
HSARPA are exploring the applicability of the following advanced 
analytical tools in cargo targeting: Signature Analyst Automated 
Screening and Targeting Tool, Predictive Visual Analytics for 
Significant Encounters, and Shipping Container Anomaly Detection and 
Classification.
    ATS currently has the capability to electronically compare manifest 
and other available data to detect any significant anomalies and 
facilitate their resolution. ATS has the capability to filter on all 
manifest, entry, and entry summary data elements. Through this 
mechanism, shipments can be identified as meeting particular risk 
criteria and can be targeted for increased scrutiny or for expeditious 
release. This capability includes manifest and entry data matching to 
Treasury Enforcement Communications System (TECS) records, D&B records, 
and to data provided by other government agencies (Food and Drug 
Administration, U.S. District Attorney, U.S. Coast Guard, Department Of 
Energy).
    Following a maritime transportation security incident, CBP 
currently has the ability to modify or create rules and incorporate 
specific ``Look Outs'' for national or local targeting. CBP has also 
recently tested a capability for users to create independent rules and 
rule sets (User Defined Rules). This functionality provides the ability 
for users to more easily implement future anomaly rules. Additionally, 
CBP has initiated several efforts to acquire additional data sources to 
enhance the detection and resolution of significant manifest anomalies: 
Outbound Post Office data and eNOA data from the U.S. Coast Guard. As 
of FY 2007, CBP has incorporated the creation of mock shipments in the 
CBP Mock Shipment Environment in order to review the overall 
performance of automated targeting system rules for risk management 
validations. To date, over 25,000 mock shipments that include bill of 
lading and entry transactions have been created for performance 
evaluation of rules in the ocean environment. The process includes the 
formalization of weight set performance evaluation criteria, processes, 
and reporting. CBP has implemented functional and performance testing 
of ATS system rules, weight sets, and targeting elements employing 
these transactions in order to monitor and evaluate overall strategic 
targeting performance.
    The OFO Audit Program Liaisons (APL) has established a uniform 
policy and procedures for the Government Accountability Office (GAO), 
OIG, and Internal Affairs Management Inspection Division (MID) audit 
process within OFO. OFO APL responsibilities include audit activities, 
reports, and corrective action plans. In addition, the CBP Office of 
Executive Secretariat (OES) inputs OFO recommendations in CBP's 
electronic project management system, to track and monitor entries and 
notify OES of any changes.

    Question 3. During your testimony before the Committee, you 
indicated DHS/CBP obtains various data and content from sources for 
targeting of oceangoing cargo destined to the United States via the 
Automated Targeting System. Which data sources do you utilize? Which, 
if any, of these sources are not owned or controlled by the Federal 
Government? How do you envision the so-called ``10+2'' advance data 
rule integrating into the current targeting environment?
    Answer. CBP obtains various data and content about oceangoing cargo 
destined for the United States from numerous sources throughout the 
supply chain life-cycle. The two most common sets of information are 
the cargo manifest and the entry documentation. Both of these sets of 
information are provided to CBP electronically through CBP's Automated 
Commercial System (ACS). ACS is owned and controlled by CBP.
    Currently, the data that CBP relies upon to do its advance 
targeting prior to vessel loading is, for the most part, the carrier's 
manifest information. While this was a sound initial approach to take 
after the tragic events of September 11th, internal and external 
reviews have concluded that more complete advance shipment data would 
produce more accurate, and therefore more effective cargo risk 
assessments.
    The `Importer Security Filing and Additional Carrier Requirements', 
also known as the ``10+2 Security Filing'' for which the NPRM was 
published in the Federal Register on January 2, 2008, would 
significantly enhance our targeting and risk analysis capabilities by 
increasing the transparency of key supply chain participants, 
identifying actual cargo movements, and improving the accuracy of cargo 
descriptions.
    In addition, ``10+2'' would vastly improve the facilitation of 
lawful international trade by identifying low-risk shipments much 
earlier in the supply chain, thus reducing the need for a more thorough 
physical screening.
    The NPRM is specifically intended to fulfill the requirements of 
section 203 of the SAFE Port Act of 2006 and section 343(a) of the 
Trade Act of 2002, as amended by the Maritime Transportation Security 
Act of 2002. The SAFE Port Act requires the Secretary of Homeland 
Security, acting through the Commissioner of CBP, to promulgate 
regulations to require the electronic transmission of additional data 
elements for improved high-risk targeting, including appropriate 
security elements of entry data for cargo destined to the United States 
by vessels prior to loading at foreign seaports.
Current Data
    1. All cargo shipments heading into the United States must be 
properly manifested. A shipment is a movement of cargo that is covered 
by a bill of lading, which is a contract between a shipper and a 
carrier. Cargo manifests are provided electronically to CBP 24 hours 
prior to lading by the carriers and non-vessel operating common 
carriers (NVOCC).

   Bill of Lading Number

   Foreign Port before vessel departs for United States

   Standard Carrier Alpha Code

   Carrier Assigned Voyage Number

   Date of Arrival at First U.S. Port

   U.S. Port of Unlading

   Quantity

   Unit of measure of Quantity

   First Foreign Place of Receipt

   Commodity Description (description/HTS-6)

   Commodity Weight

   Shipper Name

   Shipper Address

   Consignee Name

   Consignee Address

   Vessel Name

   Vessel Country

   Vessel Number

   Foreign Port of Lading

   Hazmat Code

   Container numbers

   Seal Numbers

   Date of departure from Foreign Port

   Time of Departure from Foreign Port

    2. CBP also receives entry and entry summary data provided 
electronically by customs brokers or self-filing importers. This data 
is not required by law until after cargo arrival in the US. This data 
contains details about importations. An importation is merchandise that 
is being entered into the commerce of the United States by an importer 
of record on behalf of an ultimate consignee. The importer of record is 
the party responsible for payment of any duties and fees. In most 
cases, the importer of record and ultimate consignee are the same 
party.

   Entry Number & Type

   Entry--Dist & Entry--Port

   Filer Code

   Importer of Record

   Ultimate Consignee

   Surety Number

   Filing Date & Time

   Importing Carrier

   Vessel Name

   Country of Origin

   Exporting Country

   Exporting Date

   Foreign Port of Arrival

   Estimated Arrival Date

   Entry Value

   Harmonized Tariff Schedule of the USA (HSUSA) (10)

   Manufacturer ID
Proposed New ``10+2'' Data
    The Importer Security Filing and Additional Carrier Requirements 
NPRM published on January 2, 2008 generally would require 10 additional 
data elements from U.S. importers prior to vessel loading at foreign 
ports, and 2 data set items from carriers. The additional information 
would enhance CBP's ability to identify high-risk cargo shipments.
    CBP's close partnership with the trade community is the key reason 
why the ``10+2'' NPRM was developed in a smooth and timely fashion. The 
trade's input during the consultative process as well as its 
participation in the Advance Trade Data Initiative (ATDI) has been 
instrumental in the successful crafting of the NPRM. Through the 
collaborative ATDI process, CBP was able to identify data that commonly 
exists, is currently used by the trade, and, if obtained in a timely 
fashion, would greatly benefit CBP's targeting and analysis of 
potentially high-risk cargo prior to U.S. arrival.
    Additionally, CBP has been engaged with the Department's Advisory 
Committee on Commercial Operations, (COAC), which is comprised of 
government and industry representatives. In February 2007, COAC made 
almost 40 recommendations to CBP on how to implement the security 
filing or ``10+2 initiative''. CBP carefully studied and considered the 
COAC recommendations and agreed in full and/or in part to a majority of 
the recommendations.
    1. Under the ``10+2'' NPRM, carriers would be required to submit a 
vessel stow plan and container status messages regarding certain events 
relating to containers loaded on vessels destined to the United States. 
The vessel stow plan is used to transmit information about the physical 
location of cargo loaded aboard a vessel. In general, if a container is 
listed on a vessel stow plan it is considered physically present on the 
vessel. CBP would receive the vessel stow plans prior to U.S. arrival 
and will compare the vessel stow plan to the containers listed on the 
manifest in an effort to identify unmanifested containers. Unmanifested 
containers are inherently dangerous since CBP has no way of performing 
risk analysis on the origins, contents, destination or actual intention 
of these rogue containers.
    Container status messages are used within the shipping industry to 
report terminal container movements (e.g., loading and discharging the 
vessel) and to report the change in status of containers (e.g., empty 
or full).
    2. Under the NPRM, 10 elements would be required for shipments 
other than those consisting entirely of foreign cargo remaining on 
board (FROB) and goods intended to be ``transported'' in-bond as an 
immediate exportation (IE) or transportation and exportation (T&E). The 
10 required elements are:

   Manufacturer (or supplier) name and address

   Seller (or owner) name and address

   Buyer (or owner) name and address

   Ship to name and address

   Container stuffing location

   Consolidator (stuffer) name and address

   Importer of record number/foreign trade zone applicant 
        identification number

   Consignee number(s)

   Country of origin

   Commodity Harmonized Tariff Schedule of the United States 
        number

    Under the NPRM regulations, five elements would be required for 
shipments consisting entirely of FROB and shipments consisting entirely 
of goods intended to be ``transported'' in-bond as an IE or IIE.
    CBP is currently developing the process for complete integration of 
the ``10+2'' data elements into the ATS GUI. In addition OIOC and OFO 
are reviewing the data and creating new targeting rule concepts based 
on the SF elements that will be available. The data elements will be 
used to create new entity tables and allow link analysis capability to 
the end-user when fully developed. The new data elements will further 
refine the existing targeting platform and allow for further 
transparency in the overall maritime supply chain for national security 
targeting.

    Question 4. When does the Customs and Border Protection plan to 
implement new ``10+2'' filing requirements to increase the amount of 
data it receives from shippers?
    Answer. CBP's `Importer Security Filing and Additional Carrier 
Requirements' or ``10+2'' NPRM was published in the Federal Register on 
January 2, 2008. The NPRM is available for public comment until March 
18, 2008. At the conclusion of the comment period, CBP will carefully 
study and consider the comments it receives before drafting a final 
rule.
    After the final rule is published in the Federal Register, a 
transitional or ``interim'' period will begin. During this interim 
period, CBP would give the trade ample opportunity to reconfigure their 
automated systems. The interim period is expected to last approximately 
90 days. At the conclusion of the interim period, the final rule will 
go into effect and a 1-year ``informed compliance'' period would 
officially begin. During the informed compliance period, CBP would work 
closely with the trade to ensure that the required data is being filed 
correctly and that the impact on the trade is minimal in terms of data 
processing and data delivery.
    It should be noted that the onus of the proposed ``10+2'' data 
requirements rests upon the importers and vessel carriers, and not the 
overseas shippers. The importer or his agent would be responsible for 
filing the complete, accurate, and timely importer elements of the 
Security Filing. For the purposes of the NPRM, importer means the party 
causing goods to arrive within the limits of a port in the United 
States.
    Under the ``10+2'' NPRM, carriers would be required to submit a 
vessel stow plan and container status messages regarding certain events 
relating to containers loaded on vessels destined to the United States.

    Question 5. Has DHS been approached with proposals from the private 
sector which would integrate maritime transportation data and content, 
business information, and open-source content? If so, what has the 
Department's reaction been to the concept?
    Answer. CBP has attended and received presentations from the 
private sector regarding global data integration as part of our ongoing 
efforts to maintain and improve our cargo targeting strategy and 
systems. CBP fully supports and recognizes the efficacy of integrating 
a wide-range of open-source content and business information with 
maritime transportation data and will continue to explore our options 
with regards to both private sector and government-developed solutions.

    Question 6. What is the status of DHS staffing plans that were 
required by the SAFE Port Act?
    Answer. Sections 222 and 403 of the SAFE Port Act authorize 
additional positions for CBP. In FY 2008, Section 222 authorizes ``not 
less'' that 50 additional Supply Chain Security Specialists and Section 
403 authorizes a ``minimum'' of 200 additional Customs and Border 
Protection officers (CBPOs). Observing Congressional direction, CBP has 
determined the locations to which the agency will deploy all the 
positions under the SAFE Port Act and has begun the process of hiring 
for these positions.

    Question 7. What progress has your agency made in establishing a 
system to ensure that 100 percent of all incoming containers are 
scanned for radiation before being shipped to our shores?
    Answer. The SAFE Port Act requires that three foreign ports pilot 
100 percent scanning of U.S.-bound maritime containers using both 
radiation detection and imaging equipment. SFI fulfilled this mandate 
on October 12, 2007, when the ports of Southampton, U.K., Qasim, 
Pakistan; and Cortes, Honduras became fully operational and now scan 
100 percent of containerized cargo destined for the United States. In 
order to gather more data on 100 percent scanning in high-volume and 
transshipment ports, DHS and Energy (DOE) will also test, although in a 
more limited capacity, scanning systems in four additional ports: Hong 
Kong (now operationally testing); Busan, Korea; Salalah, Oman; and 
Singapore.
    SFI sensor and image data gathered on containers bound for the 
United States are encrypted and transmitted in near real-time to CBP 
officers working in overseas ports and to the DHS National Targeting 
Center. This data is combined with other available risk assessment 
information to improve risk analysis, targeting and security of high-
risk containers overseas. All alarms from the radiation detection 
equipment are resolved locally as is the current procedure under DOE's 
Megaports Initiative. For containers bound for the United States, SFI 
works with the host governments to establish protocols that ensure a 
swift resolution by the host government, which may include instructing 
carriers not to load the container until the risk is resolved, as per 
the interagency MOU on the ``Interagency Nuclear and Radiological 
Technical Adjudication and Resolution Processes'', signed on October 5, 
2006.

    Question 8. Standards for container locks and seals were required 
to be developed by the Department of Homeland Security by 2004. It is 
now 2007. The SAFE Port Act gave you additional time, but you have 
missed those deadlines as well. When will these standards be issued to 
reduce the risk of terrorists tampering with containers in transit?
    Answer. On May 18, 2007, DHS notified ranking members of the U.S. 
Senate and U.S. House of Representatives of its decision not to 
initiate a rulemaking proceeding to establish minimum standards for 
securing containers in transit to the United States within the mandated 
timeline. DHS readily acknowledges that the process of securing the 
container is a critical component of a multi-layered strategy to secure 
the entire supply chain. However, the Department does not believe, at 
the present time, that the necessary technology exists for such a 
solution.
    CBP has developed ``Conveyance Security Device system and component 
technical requirements'' which were published in a RFI on December 12, 
2007.
    DHS policy concerning applicability and use will be determined when 
an acceptable device(s) is approved.
                                 ______
                                 
  Response to Written Questions Submitted by Hon. Daniel K. Inouye to 
                          Stephen L. Caldwell
    Question 1. Why do you believe the Coast Guard will face challenges 
in expanding the exercise program in accordance with the SAFE Port Act?
    Answer. The Coast Guard is currently involved in a variety of 
exercise programs that are designed to improve preparedness and 
response to a variety of security and maritime incidents. These 
exercise programs include the following:

   Maritime Transportation Security Act (MTSA): MTSA 
        regulations require that the Coast Guard Captain of the Port 
        and the area committee conduct or participate in exercises to 
        test the effectiveness of area plans annually, with no more 
        than 18 months between exercises. These exercises can test any 
        portion of the area plans such as raising security levels, 
        ensuring access control, or communicating threat information to 
        the public.

   Area Maritime Security Training and Exercise Program 
        (AMStep): The Coast Guard initiated the Area Maritime Security 
        Training and Exercise Program in October 2005. This program was 
        designed to involve the entire port community in the 
        implementation and improvement of the Area Maritime Security 
        Plan. This program supports the required MTSA exercises.

   Port Security Training Exercise Program (PortSTEP): The 
        Coast Guard and TSA initiated the PortSTEP program in August 
        2005. PortSTEP is an exercise program designed to involve the 
        entire port community, including public governmental agencies 
        and private industry, and is intended to improve connectivity 
        of various transportation modes and enhance area plans. Between 
        August 2005 and October 2007, the Coast Guard expected to 
        conduct PortSTEP exercises for 40 area committees and other 
        port stakeholders.

   Spill of National Significance (SONS): The Coast Guard 
        developed the SONS exercise program for response to oil and 
        hazardous substance spills. This program focuses on exercising 
        the entire National Response System at the local, regional and 
        national levels for oil and hazardous material incidents that 
        result from unintentional causes, such as maritime casualties 
        and natural disasters. For example, the SONS exercise in June 
        2007 tested the response and recovery to an oil and hazardous 
        materials release in the wake of a large scale earthquake in 
        the Mississippi and Ohio river valleys.

    The SAFE Port Act included several new requirements related to 
security exercises, including the establishment of a Port Security 
Exercise Program to test and evaluate the capabilities of governments 
and port stakeholders to prevent, prepare for, mitigate against, 
respond to, and recover from acts of terrorism, natural disasters, and 
other emergencies at facilities that MTSA regulates. Additionally, the 
Act also required the establishment of a port security exercise 
improvement plan process that would identify, disseminate, and monitor 
the implementation of lessons learned and best practices from port 
security exercises. Given these existing programs, these new exercise 
requirements could be a challenge for the Coast Guard due to issues of 
scope, structure and participation, for example:

   Scope: The Coast Guard is currently conducting a variety of 
        port security exercises with numerous different stakeholders 
        (see exercise programs listed above). Given the similarities 
        among these exercises it is unclear how the new program would 
        differ or overlap from what is in place. The challenge for the 
        Coast Guard will include setting the scope of the program to 
        determine how the exercise requirements in the SAFE Port Act 
        differ from area committee exercises that are currently 
        performed. Also, in Coast Guard exercises conducted to date, 
        recovery has not been substantially tested. In our past work, 
        we found that Coast Guard terrorism exercises frequently 
        focused on prevention and awareness, but often did not include 
        recovery activities. With the SAFE Port Act requiring that 
        exercises focus on preventing, preparing for, mitigating 
        against, responding to, and recovering from acts of terrorism, 
        natural disasters, and other emergencies, an expansion of the 
        Coast Guard exercise program may be necessary to meet each of 
        these new exercise requirements. Additionally, the Coast Guard 
        currently has a process in place for gathering and 
        disseminating lessons learned from exercises. While the SAFE 
        Port Act requires a port security exercise improvement plan 
        process that would identify, disseminate, and monitor the 
        implementation of lessons learned, it is not clear how this 
        would differ from the process the Coast Guard is currently 
        using.

   Structure: Many of Coast Guard's security efforts and 
        exercises have been focused on the area security plans in place 
        at each port. While these plans are used to identify and reduce 
        vulnerabilities to security threats throughout the port area, 
        they do not focus on natural disasters. While the SAFE Port Act 
        does not call for revising area plans to include all-hazard 
        planning, it does contain a requirement that the Port Security 
        Exercise Program test all hazards. On the basis of our prior 
        work, we found there are challenges in using area committees 
        and plans as the basis for broader all-hazards planning. The 
        challenges for the Coast Guard includes determining the extent 
        that security plans can serve all-hazards purposes as well as 
        the ability to conduct natural disaster exercises when area 
        security plans do not provide natural disaster guidance.

   Participation: According to the Coast Guard, as the primary 
        sponsor of many of the exercise programs, it faces a continuing 
        challenge in getting comprehensive participation in exercises. 
        With the new exercise program requirements contained in the 
        SAFE Port Act, the Coast Guard could be facing additional or 
        expanded exercises. This may add to the exercise burden that 
        port stakeholders already face, and the Coast Guard could 
        continue to face the challenge of ensuring adequate 
        participation.

    Question 2. Your testimony states that your preliminary 
observations on the requirement of 100 percent scanning for all 
containers entering into the United States ``potentially creates new 
challenges for CBP in terms of integrating this with existing programs, 
working with foreign governments, overcoming logistical barriers, 
testing new technology, and determining resource requirements and 
responsibilities, and other issues.'' Can you discuss these potential 
challenges in further detail?
    Answer. While my oral comments provided limited information on 
challenges, our written statement contains more details. The following 
is a summary of challenges we have already identified:

   CBP may face challenges in balancing the 100 percent 
        scanning requirement with current international risk-based 
        security practices and there is no assurance that it will 
        provide a greater level of security than these practices. CBP 
        may have difficulty requiring 100 percent scanning while also 
        maintaining a risk-based security approach that has been 
        developed with many of its international partners. Currently, 
        under the CSI program, CBP uses automated targeting tools to 
        identify containers that pose a risk for terrorism for further 
        inspection before being placed on vessels bound for the United 
        States. As we have previously reported, using risk management 
        allows for reduction of risk against possible terrorist attack 
        to the Nation given resources allocated and is an approach that 
        has been accepted government-wide. According to CBP and foreign 
        customs officials we spoke with, 100 percent scanning may 
        actually provide a lower level of security than the current 
        method of targeting and examination using risk-based methods. 
        CBP officials stated that simply getting more scanning images 
        does not necessarily imply that customs is doing a better job 
        in providing more security. Similarly, international officials 
        we spoke to stated that the risk management approach directs 
        resources to where they are most needed, whereas scanning 100 
        percent of containers is inefficient because it directs too 
        many resources in one activity--scanning--and diverts the focus 
        away from those container shipments that pose the highest risk. 
        According to these officials, under the current risk management 
        system, customs officers tend to review the scanned images of 
        high-risk containers in a very thorough and detailed manner. 
        However, if the officers must review scanned images of all 
        containers, the review may not be as thorough, as the officers 
        could lose focus due to the sheer volume of work. If images are 
        not properly or thoroughly analyzed, this could lead to a 
        degradation of security.

   The United States may not be able to reciprocate if other 
        countries request 100 percent scanning and logistical 
        feasibility and technological maturity are unknown. The CSI 
        program is based on a series of bilateral, reciprocal 
        agreements with foreign governments that allow the foreign 
        governments the opportunity to place their customs officials at 
        U.S. seaports and request inspection of cargo containers 
        departing from the United States and bound for their home 
        country. According to CBP officials, the SFI pilot, as an 
        extension of the CSI program, allows foreign officials to ask 
        the United States to reciprocate and scan 100 percent of cargo 
        containers bound for those countries. Although the Act 
        establishing the 100 percent scanning requirement does not 
        mention reciprocity, CBP officials have told us that the agency 
        does not have the capacity to reciprocate should it be 
        requested to do so, as other government officials have 
        indicated they might when this provision of the 9/11 Act is in 
        place. Just as the United States does not have the capacity to 
        scan 100 percent of exports, logistical feasibility and 
        technological maturity problems may make it difficult for 
        foreign seaports to scan 100 percent of U.S.-bound cargo 
        containers. For example, many ports may lack the space 
        necessary to install additional equipment needed to comply with 
        this requirement. Additionally, we observed that scanning 
        equipment at some seaports is located several miles away from 
        where cargo containers are stored, which may make it time 
        consuming and costly to transport these containers for 
        scanning. Similarly, some seaports are configured in such a way 
        that there are no natural bottlenecks that would allow for 
        equipment to be placed such that all outgoing containers can be 
        scanned, and the potential to allow containers to slip by 
        without scanning may be possible. Further, it may be difficult 
        to scan transshipment cargo containers--containers at a seaport 
        for a very short period of time--as well as container that 
        remains on board a vessel as it passes through a foreign 
        seaport. In addition to logistical issues, integrated scanning 
        technologies utilized to test the feasibility of scanning 100 
        percent of U.S.-bound cargo containers are not yet operational 
        at all seaports participating in the SFI pilot. Moreover, 
        agency officials have stated that the amount of bandwidth 
        necessary to transmit scanning equipment outputs to CBP 
        officers for review exceeds what is currently feasible and that 
        the electronic infrastructure necessary to transmit these 
        outputs may be limited at some foreign seaports.

   Resource responsibilities and ownership issues have not been 
        determined. The 
        9/11 Act does not specify who would pay for additional scanning 
        equipment, personnel, computer systems, or infrastructure 
        necessary to establish 100 percent scanning of U.S.-bound cargo 
        containers at foreign seaports. However, foreign government 
        officials we have spoken to expressed concerns regarding the 
        cost of equipment. They also stated that the process for 
        procuring scanning equipment may take years and can be 
        difficult when trying to comply with changing U.S. 
        requirements. These officials also expressed concern regarding 
        the cost of additional personnel necessary to: (1) operate new 
        scanning equipment; (2) view scanned images and transmit them 
        to the United States; and (3) resolve false alarms. An official 
        from one country with whom we met told us that, while his 
        country does not scan 100 percent of exports, modernizing its 
        customs service to focus more on exports required a 50 percent 
        increase in personnel, and other countries trying to implement 
        the 100 percent scanning requirement would likely have to 
        increase the size of their customs administrations by at least 
        as much. The 9/11 Act also does not specify who will be 
        responsible for managing the data collected through 100 percent 
        scanning of U.S.-bound containers at foreign seaports. However, 
        the SAFE Port Act specifies that scanning equipment outputs 
        from SFI will be available for review by U.S. Government 
        officials either at the foreign seaport or in the United 
        States. It is not clear who would be responsible for 
        collecting, maintaining, disseminating, viewing or analyzing 
        scanning equipment outputs under the new requirement. Other 
        questions to be resolved include ownership of data, how 
        proprietary information would be treated, and how privacy 
        concerns would be addressed.

    Question 3. Given your experience with the GAO's Container 
Technology Assessment Report of 2006 and the CSI program, when do you 
anticipate the technological performance standards for radiation 
scanning and nonintrusive imaging equipment, required under the SAFE 
Port Act will be finalized both domestically and internationally?
    Answer. In April 2005, we recommended that CBP establish minimum 
technical criteria for the capabilities of nonintrusive inspection 
equipment at CSI seaports. Similarly, in 2006, the SAFE Port Act 
required CBP to establish minimum technical capability criteria and 
standard operating procedures for the use of nonintrusive inspection 
equipment and nuclear and radiological detection systems in conjunction 
with CSI. While CBP has developed minimum technical standards for 
equipment used at domestic seaports, CBP officials stated that their 
agency faces challenges in implementing this requirement overseas due 
to sovereignty issues and the fact that the agency is not a standard 
setting organization for equipment. Given the agency's reluctance to 
set such standards, we cannot predict when it will do so.
                                 ______
                                 
  Response to Written Question Submitted by Hon. Daniel K. Inouye to 
                             Anthony Coscia
    Question. The SAFE Port Act required that all containers entering 
high volume ports must be scanned domestically for radiation before 
December 31, 2007. Where does the Port of New York and New Jersey stand 
in terms of meeting this deadline? What barriers would prevent you from 
meeting this deadline?
    Answer. At the Port of New York and New Jersey, Customs and Border 
Protection (CBP) currently scans 98 percent of all import cargo for 
radiation. The remaining 2 percent which CBP deems to be low risk is 
intermodal rail cargo originating in just one of our container 
terminals. Therefore we are eagerly anticipating the results of the 
rail pilot project in the Port of Tacoma to help us devise a meaningful 
way to scan the remaining 2 percent of our import containers for 
radiation.
                                 ______
                                 
 Response to Written Question Submitted by Hon. Frank R. Lautenberg to 
                             Anthony Coscia
    Question 1. From an industry perspective, what is needed from the 
government in terms of planning for response and recovery after a 
security incident or other disruption in trade? Are current plans for 
resumption of trade adequate?
    Answer. The Strategy to Enhance International Supply Chain 
Security, which the Department of Homeland Security submitted to 
Congress earlier this year, provides a high level overview of national 
plans for response and recovery. However, these national plans need to 
be translated into port-specific plans in order to be effective. While 
some U.S. ports, including the Port of New York and New Jersey, have 
port recovery plans already in place, it is our understanding that the 
U.S. Coast Guard will be releasing guidance on and requirements for the 
development of port-specific recovery plans in the coming months. 
Existing plans will need to be updated to conform to the new guidance, 
which hopefully will include tactical information required for 
effective planning. Short of knowing what the Federal Governments plans 
and capabilities are for instance with regards to salvage and 
redeployment of personnel, it is difficult for us to fully determine if 
the current plans are sufficient to support the resumption of trade. 
Once these port-specific recovery plans are written or updated, it is 
essential that they be tested and exercised on a large scale including 
the participation of headquarters staff from various DHS agencies and 
neighboring ports.

    Question 2. A task force led by your agency has recommended that 
the Federal Government collect a per-container fee to be used for port 
security. I assume the only way to do this is to collect it at every 
port, so as to not give any individual port a competitive advantage. 
How do you envision this to work?
    Answer. The Port Security Task Force (PSTF) understands that the 
proposed security fee must be administered and collected so as to not 
give an advantage to one port over any other. As a result, the PSTF has 
advocated that before the fee is assessed, the Department of Homeland 
Security, in cooperation with the Department of the Treasury, should 
conduct a study to evaluate different methods for fee administration, 
formulation and disbursement, together with an evaluation of current 
maritime industry methods. Consideration should also be given to the 
reallocation of Federal fees that are already collected from the 
maritime industry, to be used to cover port security costs.

    Question 3. I understand the lack of Federal personnel is a major 
problem at some ports. What is the consequence of this understaffing at 
the Port of New York and New Jersey?
    In the Port of New York and New Jersey, both the Coast Guard and 
Customs and Border Protection are plagued with staffing shortages. CBP 
estimates that they need approximately 10 percent more staff to conduct 
their port security missions. These staff shortages result in the 
inspection of certain high-risk containers being delayed beyond the 
national goal of 72 hours. Although these high-risk containers are 
eventually inspected, they (and any other containers on the same Bill 
of Lading) are unable to be moved pending the inspection, resulting in 
additional costs to the shipper. Locally, the Coast Guard is currently 
operating at 1996 staffing levels for one of their mission areas 
despite a 139 percent increase in volume of activity. Left unaddressed, 
these staffing limitations will adversely impact the free flow of 
commerce, safety and security.