Review of the Terrorist Screening Center
(Redacted for Public Release)

Audit Report 05-27
June 2005
Office of the Inspector General


Appendix V
Office of the Inspector General Analysis and
Summary of Actions Necessary to Close Report


The TSC provided comments on our draft audit report, which can be found in Appendix IV. In addition to its response in excess of 40 pages, the TSC provided numerous attachments, which are referenced throughout its response. Due to their volume, these attachments were not included in our final report. Our analysis of the TSCís comments on each recommendation is found below.

Recommendation Number:

  1. Resolved.
  2. In response to this recommendation to create a plan for the maturation of its information technology efforts, the TSC stated that it agreed with the OIG, but that it has operated in accordance with this recommendation since its inception. In its support for this statement, the TSC referred to the creation of an initial formal staffing plan in January 2004, supported by an Electronic Communication to the FBI Counterterrorism Division entitled "Request to Establish Funded Staffing Level for the Terrorist Screening Center," as well as to a draft TSC organizational chart dated November 18, 2003. Additionally, the TSC stated that it had become apparent that the TSCís requirements would exceed its proposed staff, and as a result in August 2004 the TSC created a Master Staffing Plan. The TSC also supported its response by describing future enhancements to the TSDB, including three separate software products that it expects will have a significant impact on its ability to add audit trails within the database. Further, the TSC stated that "[i]n its Strategic Plan, the TSC has, from its inception, planned to increase connectivity, search capabilities, and development of new capability derived from constant review of the TSC mission, function, and requirements."

    While we acknowledge that some of the essential components of an IT strategic plan exist in some form, as of May 2005 no formal, integrated, and comprehensive strategic plan existed for the TSCís IT environment. Throughout our audit work, the TSC verbally communicated its vision for the current consolidated watch list database and for future databases. However, until the assignment of a Chief Information Officer (CIO) in August 2004, the vision for specific aspects of the database and the TSCís IT environment was in a constant state of flux, with many of the critical decisions made on an ad hoc basis and without strong IT oversight. Since the CIO came on board, the TSCís plans for its IT environment have begun to solidify and become clearer. However, we believe that the TSC would benefit from establishing a formal, written document that addresses systematically IT organizational and resource planning, management, and performance measurement.

    In conjunction with the TSCís strategic plan, the IT strategic plan should provide for the evolution of the IT environment and combine in one document the TSCís plans regarding its current and future IT environment. It should account for factors such as changing regulations, evolving technology, and emerging customers and uses. This plan should include an evaluation of the impact of each factor, TSCís specific IT strategies and timelines for adapting and accomplishing its overall mission, and specific methods for measuring achievement and performance. Included in these considerations are systems engineering and architecture planning, application development, project management, and resource planning (such as budget, staffing, and facilities).

    This recommendation can be closed when the TSC provides a written, comprehensive plan for its IT environment that addresses: a) IT staffing needs on a project-by-project basis; b) controls to ensure data integrity; c) adequate oversight of IT contracts and contractors; and d) future improvements in the areas of TSDB connectivity, name search capabilities, acceptance of biometric data, and other IT planning issues.

  3. Resolved.
  4. This recommendation is resolved based on the TSCís agreement and resulting efforts to develop requirements and software for the application of audit trails to track activity within the TSDB. According to the information provided by the TSC, these enhancements will be implemented beginning in May 2005. This recommendation can be closed when the TSC provides evidence that it has fully implemented audit trails in the TSDB.

  5. Resolved.
  6. In response to this recommendation to develop staffing protocols, the TSC stated that it agreed with the OIG, but that it has operated according to the recommendation since its inception. To support this statement, similar to its response to recommendation 1, the TSC referred to the creation of an initial staffing plan in January 2004, supported by an electronic communication to the FBI Counterterrorism Division. Additionally, the TSC stated that in August 2004 the TSC began to work on a Master Staffing Plan to reflect the current and anticipated needs of the TSC. According to the TSC, this Master Staffing Plan was published via electronic communication to the Director of the FBI and other entities as of October 29, 2004. The TSC further stated that this Master Staffing Plan is "the staffing protocol that governs the staffing of the TSC to include the levels of participation from other agencies."

    While we are aware of the TSCís efforts to maintain this Master Staffing Plan and ensure that vacant positions are filled with individuals from all participating agencies, we do not believe that this plan suffices as protocol to mandate that the TSC be staffed with personnel from all participating agencies. The plan reveals the TSCís calculated total number of personnel necessary from each participating agency and the resulting branch and work area at the TSC to which each position is currently assigned. However, the plan does not direct the TSC to fill future vacant positions with individuals from the participating agencies. In addition, the plan is strictly an internal document and does not reflect agreement from the leadership of the participating agencies. As a result, the TSC is vulnerable to future staffing plan modifications that may not reflect an adequate representation of each participating agency.

    Additionally, the TSC provided correspondence from the Department of Homeland Security (DHS) dated April 22, 2005, which stated that the DHS has only fulfilled half of its staffing obligation to the TSC, or 21 detailees. This correspondence further stated that to fill the necessary 21 additional DHS positions at the TSC, the DHS would assign detailees to the TSC no later than May 9, 2005, and would do so for a period of 1 year, when possible.

    As a result, this recommendation can be closed when the TSC provides evidence that the DHS has filled the 21 positions identified as vacant. In addition, the TSC should formalize its staffing agreements with all participating agencies.

  7. Resolved.
  8. The TSC agreed with this recommendation, stating that it had taken steps to increase the number of permanent and long term loaned personnel and reduce the need for orientation and training of new staff. Upon our review of the supporting documentation provided by the TSC, it appears that the TSC is making important efforts to hire qualified, permanent staff to fill vacancies at the TSC.

    For example, the TSC reported that since November 2004 it has increased its permanent FBI staff by five, with an additional four individuals awaiting completion of their background investigations to complete the hiring process. Further, as noted in Recommendation 3, 21 additional DHS detailees were to be assigned to the TSC by May 9, 2005, for details of 1 year (when possible). Also, the Marine Forces North was requested to send an individual to the TSC for a 1-year tour of duty. According to the TSC, it has recently mandated that all temporary duty (TDY) employees serve for a minimum of 90 days to minimize the need for constant orientation and training.

    This recommendation can be closed when we receive a copy of the new policy that all TDY employees be assigned to the TSC for at least 90 days.

  9. Resolved.
  10. The TSC agreed with this recommendation, stating that it had begun to take appropriate corrective action. The TSC provided documentation that addresses the need for ensuring that the TSDB accurately represents the data that was submitted by the nominating agency and that the TSC can trace the origin of a record back to the nominating agency. This recommendation can be closed when we receive evidence that the project for automating the FBI nomination process and the TSDB 1.4 as a whole have been implemented, enabling an automated nomination process with a built in audit capability that can track system transactions between the TSC and the FBIís National Crime Information Center (NCIC). Additionally, for this recommendation to be closed the TSC must provide evidence that the TSDB 1.5 has been implemented. According to the TSC, this will provide a transactional audit history of the information flow from the National Counterterrorism Center (NCTC) to the TSDB, and will enforce over 35 business rules in the receipt of data between NCTC and the TSDB.

  11. Resolved.
  12. The TSC agreed with this recommendation and stated that it has begun taking corrective action. The TSC stated that the TSDB 1.5 (scheduled to be implemented as part of the TIDE project) will facilitate the reduction of human review and intervention because the software will enforce enhanced automated controls. Currently, a TSC employee must physically review, for accuracy and consistency, each record nominated for inclusion in the TSDB. The TSCís new business rules, contained in the "TSDB 1.5 Business Rule and Cartesian Product Formatting" document, are designed to validate that the data received from NCTC complies with legal and negotiated restrictions on data relationships.

    Further, the TSC asserted that a significant obstacle to fully automating the information-sharing process resulted from the technological and organizational impediments experienced by the Intelligence Community in establishing "trusted network connections" capable of moving data from Top Secret to the Sensitive But Unclassified level.

    Based on our review of the TSDB 1.5 support provided by the TSC, this recommendation can be closed when we receive evidence to support that the TSDB 1.5 has been implemented and has automated the daily upload of records nominated for inclusion in the TSDB.

  13. Resolved.
  14. The TSC agreed with this recommendation and provided a summary of its outreach efforts. We recognize that the TSC has conducted outreach since its inception and has enhanced its outreach efforts in the last year, including the creation of a TSC video and brochure. However, the TSC has not developed a formal, vigorous outreach plan that defines the target organizations, timelines for the completion of outreach goals, staffing levels needed to conduct outreach, and funding needed to perform outreach activities now and in the future. For example, in its response the TSC stated that it has a plan for ensuring that TSC presentations are made in all 50 states, that it will be training all FBI Legal Attaches, and that a website will be created. However, no documentation of these plans was referenced or provided to us. This recommendation can be closed when the TSC provides documentation to support that a formal outreach plan has been developed.

  15. Resolved.
  16. The TSC agreed with this recommendation and noted that it had initiated meetings related to the DHSís responsibility for establishing guidelines for private sector screening. While we recognize the TSCís complementary role to the DHS in this effort, we noted that the TSC stated it had taken action in this area in the last 6 months, but the documentation provided to us with the response was dated in August 2004. Therefore, to close the recommendation, please provide an up-to-date account of the TSCís efforts to encourage the DHS to finalize private sector screening guidelines.

  17. Closed.
  18. The TSC agreed with this recommendation and stated that, on March 16, 2005, the TSC sent 1,183 TSDB 1A records to NCTC for analysis and, if appropriate, nomination into the TSDB. The TSC reported that 1,131 of these records were transferred back to the TSDB, while 52 duplicate records were identified and therefore not transferred. In addition, the TSC provided support that 1,131 records were received into the TSDB on the April 18, 2005. Therefore, this recommendation is closed.

  19. Resolved.
  20. The TSC agreed with this recommendation and stated that it is taking steps to review every record within the TSDB to identify and correct the duplicate record issue. This recommendation can be closed when we receive evidence from the TSC that this records review has been completed and all 31 duplicate records identified during our audit have been removed from the TSDB.

  21. Resolved.
  22. The TSC agreed with this recommendation and stated that it is taking steps to review every record within the TSDB to identify and correct the duplicate record issue, including records with duplicate TIPOFF identification numbers. This recommendation can be closed when we receive evidence from the TSC that this records review has been completed and all four records identified to have duplicate TIPOFF identification numbers have been corrected in the TSDB.

  23. Resolved.
  24. The TSC agreed with this recommendation and noted that it has taken steps to complete it, including the creation of a new Data Management Office that will develop tools to help increase the quality of TSC data. According to the TSCís response, the Data Management Office is currently creating structured query language (SQL) and small-scale database tools to improve data quality.

    The TSC stated that it is also modifying the TSDB 1.5 software to accept the entire TSDB as a batch file, so that all of the TSC business rules envisioned for the future receipt of data files from the TIDE system will be applied to the existing TIPOFF records within the TSDB. This recommendation can be closed when we receive documentation showing that these tools have been implemented and SQLs have been run to ensure that the TSDB data is complete, accurate, and non duplicative.

  25. Resolved.
  26. The TSC agreed with this recommendation and stated that it has taken appropriate steps to implement it. Specifically, the TSCís response stated that NCTC will provide to the TSC the source of each international terrorist record within the TSDB and that this information will be captured in the upcoming TSDB 1.5. The TSC stated that because it is responsible for inputting all domestic terrorism records into the TSDB, the TSC Nominations Unit will track the source of the domestic terrorist information. This recommendation can be closed when we receive evidence from the TSC that all records within the TSDB can be traced to either the FBI or the NCTC database.

  27. Resolved.
  28. The TSC agreed with this recommendation and stated in its response that it has taken steps to implement it. Specifically, the TSC stated that in October 2004 it requested that three new Immigration and Nationality Act (INA) codes be established for the sole purpose of describing domestic terrorist activity. However, the TSCís response did not provide the INA code numbers that will be used for the three new codes. Also, the TSC did not provide a description of the distinctions between the new domestic terrorist codes or how the new INA codes will describe the domestic terrorist activity associated with the watch-listed individual.

    This recommendation can be closed when we receive evidence from the TSC that: 1) the INA codes have been established, 2) specific INA code numbers have been assigned, 3) the new codes describe the domestic terrorist activities of the watch listed individuals, and 4) the new codes support the distinctions between the new domestic terrorist INA codes.

  29. Resolved.
  30. The TSC agreed with this recommendation and stated that it has taken steps to implement it. Specifically, TSC stated that three new INA codes were requested in October 2004 to be established for the sole purpose of describing domestic terrorist activity. Additionally, the TSC stated that a review of the INA code applied to each domestic terrorist record will also be conducted during the previously mentioned record by record review of the TSDB. This recommendation can be closed when we receive evidence from the TSC that the three new domestic terrorist INA codes have been appropriately applied to all domestic terrorist records within the TSDB.

  31. Resolved.
  32. The TSC agreed with this recommendation and stated that it has taken steps to complete it. Specifically, the TSC stated that it addressed the 336 records without handling codes during the previously mentioned record-by-record review of the TSDB. However, it did not provide evidence to support that action has been taken on the 336 records noted in our report. This recommendation can be closed when we receive evidence from the TSC that the 336 records have each been assigned the proper handling code.

  33. Unresolved.
  34. The TSC stated that it did not agree with this recommendation. The TSCís response stated that none of the four existing handling codes are considered "low-threat." [SENSITIVE INFORMATION REDACTED]

    Therefore, while handling codes may not specifically equate to the level of threat posed by watch listed persons, we believe that the correlating instructions to responding law enforcement officials provide insight into the level of threat posed by the individuals.

    The TSCís response further stated that "there is no link with VGTOF handling codes used to inform state and local law enforcement officers with the TIPOFF INA Codes used to classify the type of known or suspected terrorists." During our audit, we obtained the TSCís Nomination/Handling Code Criteria and Nomination Review Process in which eight INA codes were marked as "armed and dangerous." We were informed by the TSC Nominations Unit and FBI personnel that [SENSITIVE INFORMATION REDACTED]. Further, as discussed on page 55 of our report, we determined that the TSC had requested that the FBIís programming language for preparing records for transfer from VGTOF to the TSDB electronically apply an INA code to each domestic record based on the handling code assigned. Specifically, the program applied an "armed and dangerous" INA code to a handling code 4 and a non-armed and dangerous INA code to handling codes 1, 2, and 3.67 Therefore, although there may not be a direct and absolute link between the INA and handling codes, there has been a relationship in the application of the codes and it is reasonable to conclude that in most instances the information in the two fields should not be inconsistent.

    We agree that the TSC should use all legacy information available in order to compile the most effective and comprehensive consolidated database, including the INA code with armed and dangerous designations. However, it seems inconceivable to us that 22,809 records of individuals with INA codes that identify the person as [SENSITIVE INFORMATION REDACTED] or describe the subject as likely to engage in terrorism if in the United States (INA code 7) would be assigned a handling code 4, which requires the lowest level of law enforcement response. [SENSITIVE INFORMATION REDACTED]

    Further, at our exit conference in April 2005, TSC officials reported that changes had been made to records within the TSDB and that handling code 3 now represented the largest portion of the database.68 The information provided at the exit conference suggested to us that the TSC recognized that too many individualsí records were applied a handling code 4. As a result, this recommendation can be resolved and closed when we receive data from the TSC that shows it has determined that the appropriate handling code has been assigned to all records in the database, especially those with "armed and dangerous" INA codes.

  35. Resolved.
  36. The TSC agreed with this recommendation and stated that in October 2004 the "Wedge Project," which was designed to address the fields in TIPOFF that could be exported from NCTC but were not displayed in the TSDB, was placed into production.

    The TSC further stated in its response that [SENSITIVE INFORMATION REDACTED] and [SENSITIVE INFORMATION REDACTED] were included in these fields. We reviewed the TSDB Wedge Release 1.1 System Requirements Specification provided as support for this statement and identified several software modifications. However, because we were not provided with field descriptions, we were unable to confirm that separate fields for [SENSITIVE INFORMATION REDACTED] and [SENSITIVE INFORMATION REDACTED] were included in this project. Upon receipt of evidence confirming that the [SENSITIVE INFORMATION REDACTED] and [SENSITIVE INFORMATION REDACTED] are separate fields as a result of the Wedge Project, this recommendation can be closed.

  37. Resolved.
  38. The TSC agreed with this recommendation and stated that the Wedge Project, placed into production in October 2004 (as noted in the preceding recommendation), activated and populated all fields of information, with the exception of those associated with the TIDE implementation which will be activated later in 2005. Because the referenced attachment to the TSC response (TSCRE #27B) did not exist, the supporting documentation provided for the Wedge Project in TSCRE #27 was used as evidence for this statement.

    We recognize that the TSC has taken measures through the completion of its Wedge Project to ensure that the additional record information can be received into the TSDB. However, the TSCís response did not address whether all information has been received or whether the information is displayed on the TSDB screen. This recommendation can be closed when the TSC provides us with evidence documenting that this additional information is available in the TSDB and is currently displayed on the TSDB screen.

  39. Resolved.
  40. The TSC agreed with this recommendation and stated in its response that it has taken steps to complete this action. Specifically, the TSC stated that the previously discussed record-by-record review being performed by the Quality Assurance staff will address the eight VGTOF records and the three TIPOFF records that were not in the TSDB at the time of our testing. The TSC further stated in its response that agencies nominating records for inclusion in the TSDB are responsible for sending accurate, consistent, and complete information to the TSC for receive into the consolidated database. Further, as part of the TSDB 1.5 project, TSC officials stated that built-in protections and buffers will serve as automated procedures to help ensure data integrity.

    As a result, this recommendation can be closed when the TSC provides us with evidence that the TSDB 1.5 project has been successfully implemented. However, because the record by record review is being performed on records that are in the TSDB database, this effort will not assist in ensuring that the omitted records are added to the database. Therefore, the TSC should also provide evidence that the eight VGTOF records and the three TIPOFF records that were omitted from the TSDB are now included in the database, if appropriate.69

  41. Resolved.
  42. The TSC agreed with this recommendation and stated that it has taken steps to implement standardization of the data field definitions. According to the TSC, the Intelligence Community Metadata Working Group adopted the Terrorist Watch Person Data Exchange Standard (TWPDES) and the TSC will be the only entity interacting with the Interface Control to use the new standard. Further, accounting for its two primary data sources, the TSC stated that it has integrated the TWPDES into its data flow from NCTC to the TSC, and the TWPDES is being integrated with the Justice Global Information Sharing XML 3.0 standard.

    TSC provided an unsigned copy of its agreement with NCTC entitled "Nominations Interface Control Document (ICD)." Our review of the Nominations ICD indicates that, once signed and implemented, the two organizations will have reached a comprehensive agreement regarding the definition and incorporation of a standardized protocol for terrorist watch list information and transmission. However, we have not received adequate documentation related to the incorporation of the TWPDES and the Justice Global Information Sharing XML 3.0 standard to determine the extent to which the TSC has standardized its protocol for terrorist watch list information and transmission with the FBI VGTOF database. Further, it remains unclear what relationship the incorporation of the standardized protocol with NCTC and FBI will have on databases such as CLASS and the TSA No-Fly list that receive information from the TSDB.

    This recommendation can be closed when we receive a version of the TWPDES signed by representatives of the TSC and NCTC, as well as evidence that the protocol has been fully implemented. In addition, please provide further evidence and clarification regarding the extent to which the TSC is standardizing its protocol for information and transmission with the FBIís VGTOF database, as well as recipient systems.

  43. Resolved.
  44. The TSC agreed with this recommendation and stated in its response that it has had procedures to identify and resolve missing and conflicting record information since its inception. While we recognize that the TSC has made efforts to resolve missing or conflicting record information on a reactive basis, during our audit we were not provided with evidence of regular, proactive procedures to identify missing or conflicting information. The TSC stated in its response that the previously mentioned record-by-record review that is being conducted by the TSC will identify and correct any missing or conflicting records. The TSC also stated that efforts are underway to modify the TSCís existing Encounter Management database, which will allow data quality issues that surface during actual encounters to be submitted electronically to Quality Assurance personnel.

    We have been provided evidence that this record-by-record review of the TSDB has been initiated. However, we are unclear as to whether the TSC will perform regular testing of TSDB records to identify and resolve missing and conflicting record information after the initial record-by-record review has been completed. As a result, this recommendation can be closed when we receive documentation supporting the TSCís plans to continue to perform regular testing of records within the TSDB after the initial review of all records has been completed.

  45. Resolved.
  46. The TSC agreed with this recommendation and stated that it has taken steps within its power to improve operations for proper data receipt from the TWWU. It also provided supporting documents, such as e-mail correspondence between the TWWU and the TSC, to document the TSCís efforts to address the matter. The TSC stated that it continues to receive international terrorism nominations that were incorrectly forwarded from the TWWU and continues to discover domestic terrorism nominations that were incorrectly forwarded to NCTC. However, the TSC stated that it believes the electronic nomination process, which was to be implemented as part of the TSDB 1.4 in May 2005, will correct/address the errors being made through the current process. This recommendation can be closed when we receive evidence that the TSDB 1.4 has been fully implemented, thereby launching the electronic nomination process and reducing the instances of improperly transferred information.

  47. Closed.
  48. The TSC agreed with this recommendation and reported that officials met with individuals in the Department of the Treasury regarding the Current List of Terrorists and Groups Under Executive Order 13224. The TSC stated that its executive management has confirmed that an updated version of this list of names is regularly provided to NCTC for analysis and possible inclusion of the identities into the NCTC database, the source of international terrorist information for the TSDB. As a result, this recommendation is closed.

  49. Resolved.
  50. The TSC agreed with this recommendation. In its response, the TSC acknowledged that since December 2003 and prior to the arrival of these newly hired, permanent supervisors, the Call Center had been supervised by FBI agents on loan who possessed a variety of backgrounds but minimal counterterrorism experience. The TSC stated that no formal training was provided to these agents upon their arrival at the TSC. Further, in many cases these agents had never screened a call/encounter before and had no experience in working with the various databases.

    According to the TSC, it has implemented procedures to correct this concern about call center supervision. Specifically, the TSC stated that it now responds to law enforcement encounters in an average of approximately 10 minutes. This is a reduction of 10 minutes from the previous average of 20 minutes per encounter the OIG was informed during our field work.70 The TSC stated that in October 2004, six permanent Call Center employees were brought on board as team leaders. They are responsible for ensuring that all of the documentation from a call is reviewed and is complete prior to disseminating the information to the CT Watch (now the Terrorist Screening Operations Unit, or TSOU), the DHS National Targeting Center, and other law enforcement agencies. In addition, the TSC stated that it brought on board five Watch Commanders in November 2004 and one permanent GS 15 FBI Unit Chief in January 2005.

    Based on the information provided, this recommendation can be closed when we receive evidence of the TSCís official protocol that requires the regular, supervisory review of the work of Call Center personnel for completeness, accuracy, and timeliness. Sufficient evidence may include formally established procedures for Call Center supervisory review, as well as correspondence between supervisors and Call Center staff as to what requirements exist for an encounter to be considered as having received supervisory review.

  51. Resolved.
  52. The TSC agreed with this recommendation and stated that it has established procedures to address it. Specifically, the TSC stated that over the past 8 months it has implemented a training program in which each Call Center employee will participate. From the documentation provided, we believe that the TSC is attempting to train employees on the proper procedures for obtaining and recording call information on the Call Intake Form. The TSCís training guide on the Encounter Management database appears to be thorough and shows that the Encounter Management database now has stronger controls for data field entry with establishment of drop down boxes to minimize the number of errors that can occur from standard data entry. Additionally, our review of the training guide identified that the disposition and the final resolution fields are reserved for Team Leader input only, potentially reducing the risk that information would be incorrectly entered by Call Center personnel into the Encounter Management database. However, it does not appear that there are any controls to identify instances in which personnel aside from Team Leaders enter information into these fields. Additionally, while there is a check box for Call Center personnel to mark when a record is ready for supervisory review, we are not aware of any controls in place to ensure that this box is checked, and we were provided no indication while on site as to whether records not checked for supervisory review would be found in the system and timely reviewed prior to the record being closed.

    This recommendation can be closed when we receive evidence that sufficient controls have been implemented to ensure that each record is reviewed by the appropriate personnel before it is closed.

  53. Resolved.
  54. The TSC agreed with this recommendation and stated that it has taken steps to address it. Specifically, the TSC stated that it has planned enhancements, discussed in Recommendation 22, to Version 2.0 of the Encounter Management database. This recommendation can be closed when we receive evidence that the Encounter Management database Version 2.0 has been fully implemented and has enhanced the tracking capability and timely follow-up measures for encounters.

  55. Resolved.
  56. The TSC agreed with this recommendation and stated that it has completed this item. Specifically, the TSC stated that on December 1, 2004, a retired FBI Special Agent with extensive teaching experience was hired to coordinate the TSC training program.

    Our review of the training materials provided to us during a recent visit to the TSC showed that the TSC is expending significantly more effort to ensure that personnel are trained in Call Center operations. In addition, we witnessed one of the informational presentations that are held approximately three times per month by subject matter experts designed to heighten the awareness of all employees in the topical areas related to the war on terrorism.

    This recommendation can be closed when we receive evidence that these new training practices have been formalized in official TSC protocol documentation.

  57. Resolved.
  58. The TSC agreed with this recommendation and stated that it recognizes the importance of tracking the timeliness of the encounter process in order to provide the best service to its customers. The TSC reported that it has begun to analyze the scope of work in order to provide these statistics as part of the Case Disposition and Tracking System, which is expected to be implemented within the next 6 months.

    As a result, this recommendation can be closed when we receive evidence that the TSC has fully implemented a system for tracking the amount of time that elapses between the key events of an encounter.

  59. Resolved.
  60. The TSC agreed with this recommendation and stated that it has taken steps to address it. Specifically, the TSC has placed its Encounter Management database on a local classified network, and has stated that it is prepared to place this database on the global FBI classified network. However, the TSC stated that it must wait to be migrated to the FBIís new computer network designed for universal use within the FBI. The TSC expects to be migrated in June 2005.

    This recommendation can be closed when we receive evidence that the TSC has placed the Encounter Management database on the global FBI network, enabling the electronic sharing of encounter information with CT Watch (now TSOU).

  61. Resolved.
  62. The TSC agreed with this recommendation for the assignment of a security officer and stated that it has operated to fulfill this recommendation since its inception. However, as indicated by its response, the TSC has not had stability or permanence in the Security Officer position since its inception. While the TSC has ensured that a complement of loaned, on-site, and other personnel have been assigned the tasks of Security Officer, no less than nine individuals have performed the functions in the 17 month period from December 2003 through April 2005. As noted in our report, we identified significant security concerns that could be mitigated through the assignment of staff to this function. Therefore, to close this recommendation, please provide evidence that, as of April 18, 2005, the TSC has a permanent Security Officer with a full compliment of staff to address all aspects of security for the TSC. This should include position descriptions and approved Notice of Personnel Action forms (SF 50) for each related individual/position.

  63. Resolved.
  64. The TSC disagreed with this recommendation, stating that the Encounter Management database was moved to a classified network on February 2, 2005. As a result, the TSC stated that a comprehensive review of all records in the Encounter Management database for classified data, as well as the development of a process to ensure that classified information is not entered into the unclassified database, is no longer necessary.

    We agree with TSCís argument regarding the movement and classification of the Encounter Management database and have resolved the recommendation as a result of this and the resulting protection of data in the database.71 However, during our review we identified significant weaknesses related to the TSCís handling of classified information. Given the unique mission of the TSC, the amount of information that is shared by other agencies, and the variety of media used to record information, we believe that TSC employees need to be more aware of the classification level of the information they are handling.

    Further, we noted that the CT Watch (now TSOU) identifies the classification level of each paragraph of information within its electronic log, which is similar in function to the Encounter Management database. Based on our observations, we consider the CT Watch procedure of marking the classification level of each paragraph within its electronic log to represent a best practice, and we strongly recommend that the TSC adopt this procedure for marking the classification level of each paragraph within its Encounter Management database.

    Additionally, the TSC included in its response language stating that the backups of various files, including the TSDB, have been marked Secret. While the backup of files was not included in our recommendation to the TSC, we request clarification from the TSC as to why backups for the TSDB, a database mandated by HPSD 6 to be unclassified, has been marked Secret.

    This recommendation can be closed when we receive clarification from the TSC regarding the classification level of the TSDB backup and a response to our suggestion regarding adopting paragraph markings in its database.

  65. Closed.
  66. The TSC agreed with this recommendation. The TSC has established a Standard Operating Procedure to provide operational guidance and limitations to all users at the TSC regarding the proper method for reporting and handling security incidents. The TSC has also developed procedures for recording the parties involved, events, and corrective actions regarding each incident that occurs. As a result, this recommendation is closed.

  67. Closed.
  68. The TSC agreed with this recommendation and stated that the TSC Watch Commanders arranged for monthly meetings with NTC and the CT Watch (now TSOU), the first of which was held on February 2, 2005, and included a representative from the TSAís Transportation Security Intelligence Section (TSIS). The TSC stated that these meetings include discussions regarding the integrity of the information contained within the TSDB and policies and protocols to enhance the effectiveness and efficiency of the screening process. Additionally, the TSC stated that it has increased coordination with the Federal Air Marshals and the Office of Transportation Vetting and Credentialing (OTVC) within the Department of Homeland Security. The TSCís response and the supporting documentation provided indicate that the TSC has implemented an ongoing effort to improve the efficiency of the screening process. Therefore, this recommendation is closed.

  69. Resolved.
  70. The TSC agreed with this recommendation, stating that it has taken steps to produce a formal, written document setting forth protocols for handling misidentifications. The TSC stated that in January 2005 it developed a high-level concept document for a redress process, an important component of which was a more sophisticated and efficient procedure to help misidentified persons. The TSC further stated that it has worked with screening agencies to develop program-specific solutions to the matter of misidentified persons. The TSC stated that it has recently established a formal, internal process for receipt and processing of redress inquiries it receives from screening agencies, and that it is currently working to finalize a Standard Operating Procedure to document such a process, which will include procedures for handling known misidentified persons. The TSC stated that once the Standard Operating Procedure is finalized, the TSC will provide internal training on how to manage misidentified persons.

    This recommendation can be closed when we receive evidence that the TSC has finalized its Standard Operating Procedure for the appropriate handling of known misidentifications and has provided training to staff on the proper way to manage misidentifications.

  71. Resolved.
  72. The TSC agreed with this recommendation, but stated that it has operated according to this recommendation since its inception. Specifically, the TSC stated that as early as January 2004, the organization was producing weekly reports to capture statistical accomplishments associated with the TSC Call Center, and further stated that statistical tracking dates back to December 1, 2003.

    However, the Director of the TSC told us during our audit that no process was in place to evaluate the effectiveness of having one consolidated database to track terrorism suspects. The weekly reports mentioned by the TSC capture summary statistics on calls received by the Call Center, but they are only one tool in a comprehensive analysis of performance measurement. Alone they do not measure the achievement of specific performance goals and the added value to having one consolidated terrorist watch list. As a result, this recommendation can be closed when we receive evidence that the TSC has established a formal plan for evaluating the effectiveness of the TSC.

  73. Resolved.
  74. The TSC agreed with this recommendation, but stated that it has had a formal strategic plan since its inception. In its response, the TSC stated that it initiated the development of a strategic plan concurrent to the development of its initial planning document and a manual of process flows. Further, the TSC provided a graphical representation of its in-process strategic plan. The TSC also stated that it anticipated a formal narrative strategic plan would be completed by May 2005. During the course of our audit, we obtained draft copies of the initial planning document and the manual of process flows, as well as the graphical representation of the strategic plan mentioned by the TSC.

    We acknowledge that these documents represent some of the essential components of a strategic plan and exist in varying degrees of finality and permanence, but as of May 2005 no formal, integrated, and comprehensive narrative strategic plan for the TSC had been provided to the OIG. In addition, while the TSC provided a graphical representation of the in-process strategic plan, we believe that the document, in its current state, is virtually unusable. In order to graphically depict many of the elements of a strategic plan, the document is either inordinately large so as to be unwieldy or the text reduced so as to be unreadable. Further, many essential components to an effective strategic plan such as timelines, strategies, and performance measures are omitted.

    We concluded that the TSC would benefit from establishing a formal, written document that addresses all aspects of organizational and resource planning, management, and performance measurement. The TSCís strategic plan should provide for the continued development of the TSC organization, and it should combine, in one location, TSCís vision regarding the current and future environment and account for factors such as changing regulations, evolving technology, and emerging customers and uses. This plan should also provide a broad framework for the organization and include a comprehensive evaluation of the impact of each factor, the TSCís specific strategies and timelines for adapting and accomplishing its overall mission, and specific methods for measuring achievement and performance. Included in these considerations are goals for each major operational unit within the TSC and strategies for administrative areas, such as resource planning, continuity of operations planning, and information security.

    This recommendation can be closed when the TSC demonstrates that it has developed a formal, comprehensive, narrative strategic plan that provides a framework for the accomplishment of the organizational mission, goals, and objectives, as well as specific timelines and performance measurements.

  75. Resolved.
  76. The TSC agreed with this recommendation and stated that it has taken steps to address it. Specifically, documentation that the TSC provided stated that the [SENSITIVE INFORMATION REDACTED] serves as the primary disaster recovery site for the TSC and now has a copy of the TSDB and the Encounter Management database for call screening purposes. The TSC stated that by May 2005 a second disaster recovery site should be operational at the [SENSITIVE INFORMATION REDACTED]. The TSC stated that it is updating its Emergency Action Plan to reflect the new protocol.

    Additionally, the TSC stated in its response that it is now storing back-up data disks at [SENSITIVE INFORMATION REDACTED] as its primary disaster recovery site. The TSC stated that once the secondary site is established at [SENSITIVE INFORMATION REDACTED], back-up disks will be stored there as well. Also, the TSC stated that as of April 16, 2005, the TSC has had the capability at [SENSITIVE INFORMATION REDACTED] to run all TSDB software as well as connect to end-user databases for data export. However, we were not provided any documentation to support the formalization of the protocol related to the back-up disk locations or to support the export capability at [SENSITIVE INFORMATION REDACTED].

    With respect to the basic security safeguards of the TSCís main facility, the TSC stated that it has recently made modifications to its facility in an effort to improve security. Further, the TSC stated that it [SENSITIVE INFORMATION REDACTED] has submitted requests to the Office of Management and Budget to move its personnel to a stand-alone secure facility. The TSC said it anticipates authorization for this move later in FY 2005, but must wait for additional funding.

    As a result, this recommendation can be closed when we receive evidence from the TSC to support: 1) the back-up data disk storage locations, 2) the data export capability at [SENSITIVE INFORMATION REDACTED], and 3) all facility modifications discussed in the TSCís response.

  77. Resolved.
  78. The TSC agreed with this recommendation and stated that it has taken steps to address it. Specifically, the TSC provided evidence that it performed a disaster recovery COOP exercise on April 16, 2005. According to the TSC, this test was the first instance of quarterly training that will be the normal course of business for the organization. The TSC further stated that it has been exploring the option of using one of two sites as a remote TSC COOP location, and will continue to coordinate the execution of a COOP site.72

    This recommendation can be closed when we receive evidence from the TSC that quarterly training will be its normal course of business. We also request that the TSC inform us of its progress in establishing a remote COOP location.

  79. Closed.
  80. The TSC agreed with this recommendation and reported that it transferred the Encounter Management database to a classified network on February 2, 2005. As a result, this recommendation is closed.



Footnotes

  1. According to a TSC official, the opposite instruction was intended. That is, the TSC wanted non-armed and dangerous codes to be applied to handling code 4 records.
  2. At the time of our audit, handling code 4 represented the largest portion of the database.
  3. As previously discussed, the TSDB 1A database is no longer in existence, and, as a result, the TIPOFF records missing solely from 1A are no longer of concern.
  4. While on site at the TSC, we became aware that neither the TSC nor CT Watch had established a formal method for tracking, recording, and analyzing the time it takes to respond to law enforcement regarding an encounter. An official at CT Watch had provided us with what the individual believed was the average time it took to respond to law enforcement inquiries, or 20 minutes. However, the individual stated that no method of tracking the exact times existed. As a result, we need to know the method the TSC used to calculate the approximate 10 minutes that it stated it takes for the TSC to respond to law enforcement officials who have potentially encountered an individual. This matter is further addressed in Recommendation 29.
  5. In Recommendation 40, we suggest that the TSC consider moving the database to a classified environment.
  6. The results of the COOP exercise indicated that the TSC should pursue a disaster recovery site [SENSITIVE INFORMATION REDACTED].



Previous Page Back to Table of Contents Next Page