The Transportation Security Administration (TSA) has made progress on establishing a systematic process for regularly conducting trend analysis of the rail security incident data it receives and is systematically documenting and incorporating stakeholder feedback to improve security-related information sharing, according to a new Government Accountability Office (GAO) audit report.
The US surface transportation system’s size and importance to the country’s safety, security and economic well-being has made it an attractive target for terrorists. TSA is the the primary federal agency responsible for overseeing and enhancing the security of the surface transportation system. “A key component of this responsibility,” GAO pointed out, “is ensuring that security-related information is collected, analyzed and shared effectively across all modes, including rail.”
In 2008, TSA issued a regulation requiring US passenger rail agencies to report all potential threats and significant security concerns to TSA, among other things.
In June 2014, however, GAO reported it found TSA did not have a systematic process for incorporating stakeholder feedback to improve security-related information sharing and recommended that TSA systematically document and incorporate stakeholder feedback.
GAO said, “TSA concurred with this recommendation and, in April 2015, TSA developed a standard operating procedure to help ensure proper evaluation and consideration of all feedback TSA receives.”
Earlier, in December 2012, GAO had “found TSA had made limited use of the rail security incident information it had collected from rail agencies, in part because it did not have a systematic process for conducting trend analysis. TSA’s purpose for collecting this information was to allow TSA to ‘connect the dots’ through trend analysis.”
“However,” GAO reported at the time, “the incident information provided to rail agencies by TSA was generally limited to descriptions of specific incidents. As a result, officials from passenger rail agencies GAO spoke with reported that they generally found little value in TSA’s incident reporting requirement. On the basis of these findings, GAO recommended that TSA establish a systematic process for regularly conducting trend analysis of the rail security incident data. Although GAO has not assessed the effectiveness of TSA’s efforts, by August 2013, TSA had developed a new analysis capability that, among other things, produces Trend Analysis Reports from the incident data.”
Also during its December 2012 audit, GAO “found that TSA had not provided consistent oversight of its rail security reporting requirement,which led to variation in the types and number of passenger rail security incidents reported. Specifically, GAO found that TSA headquarters had not provided guidance to local TSA inspection officials, the primary TSA points of contact for rail agencies, about the types of rail security incidents that must be reported, which contributed to inconsistent interpretation of the regulation.”
GAO said, “The variation in reporting was compounded by inconsistencies in compliance inspections and enforcement actions, in part because of limited utilization of oversight mechanisms at the headquarters level. GAO also found that TSA’s incident management data system, WebEOC, had incomplete information, was prone to data entry errors, and had other limitations that inhibited TSA’s ability to search and extract basic information.”
On the basis of these findings, GAO recommended that TSA develop and disseminate written guidance on the types of incidents that should be reported; enhance existing oversight mechanisms for compliance inspections and enforcement actions; establish a process for updating WebEOC with previously unreported incidents; and develop guidance to reduce data entry errors.”
TSA concurred with GAO’s recommendations “and has taken actions to implement them,” GAO stated in its latest audit report.
“Specifically,” GAO said, “in September 2013, TSA disseminated written guidance to local TSA inspection officials and passenger and freight rail agencies that provides clarification about the rail security incident reporting requirement. In August 2013, TSA enhanced existing oversight mechanisms by creating an inspection review mechanism, among other things. TSA also established a process for updating WebEOC in March 2013, and in October 2014, officials reported that they have updated the guidance used by officials responsible for entering incident data to reduce data entry errors associated with incident types.”
Although GAO said it “has not assessed the effectiveness of these efforts,” they nevertheless address the intent of GAO’s recommendations, and thus GAO made no new recommendations in its current audit report.