Review of the Terrorist Screening Center's
Efforts to Support the Secure Flight Program
(Redacted for Public Release)
Audit Report 05-34
Office of the Inspector General
REVIEW OF THE TERRORIST SCREENING CENTER'S EFFORTS TO SUPPORT THE SECURE FLIGHT PROGRAM
Terrorist Screening Center Response
The United States (US) Department of Justice (DOJ) Office of the Inspector General (OIG) conducted a review of the Terrorist Screening Center (TSC) efforts to support the Transportation Security Administration's Secure Flight Program from April of 2005 through July of 2005. This review was called for in the "Emergency Supplemental Appropriations Act for Defense, the Global War on Terror, and Tsunami Relief Act, 2005." The purpose of that review was to evaluate the TSC's plan to support the Secure Flight program and to report the findings to the House and Senate Appropriations Committees by August 1, 2005.
On July 26, 2005, the TSC received the DOJ/OIG draft report. The response by the TSC was due to the DOJ/OIG by the close of business July 27, 2005.
The TSC was established September 16, 2003, and became operational on December 1, 2003. Since its inception, the TSC has become one of the most unique, innovative and forward thinking operations in the United States Government's (USG's) counterterrorism arsenal. Never before has the USG maintained a centralized list of all known or suspected terrorists that is available to federal, state, local, tribal and territorial law enforcement agencies, as well as a growing list of foreign governments for the purpose of twenty four hours a day, seven days a week terrorism screening. For the first time in US history, terrorist watchlist information is shared in a multi-agency environment that also connects the intelligence community to a vast network of state and local law enforcement officers. The TSC's novel approach to terrorism screening facilitates assistance to agencies at the front lines of terrorism screening, protection of the American public from terrorist attack, increasing the safety of the American people as well as the law enforcement officers who serve them. The TSC is a new concept and is a living and growing environment that is constantly evolving to meet emerging threats and requirements within the framework of its governing documents, Homeland Security Presidential Directive (HSPD) - 6, the Memorandum of Understanding (MOU), and Addendum A. Moreover, the watchlisting process is a new initiative that is Government-wide. Each agency has the responsibility to provide accurate information when nominating a name for the watchlist. Because this government wide system was never in existence, the quality of data provided for watchlists varies from agency to agency. However, as the process matures there will be greater consistency in the quality of data passed.
A central mandate to the TSC mission is to consolidate the Government's approach to terrorism screening. A significant area of terrorism screening that has gone unaddressed is the screening of domestic air passengers against the consolidated terrorist watchlist known as the Terrorist Screening Database (TSDB) maintained by the TSC. To close this gap in terrorism screening, the Transportation Security Administration (TSA) announced the establishment of the Secure Flight program in August of 2004 with a view to conduct passenger prescreening against the
TSC's TSDB in 2005. For this program to be successful, the TSC, in accordance with HSPD-6, must provide direct support to the TSA and its Secure Flight program. However, for the TSC to provide appropriate support, close coordination between the two agencies is necessary, and TSA is responsible for providing its program requirements.
In August 2004, when the Secure Flight program was announced, TSC immediately began to make budget plans based on information that TSA provided regarding their information technology, operational and administrative requirements related to Secure Flight. Secure Flight was only one of several new initiatives the TSC had to support; however, because of the volume of passengers flying on domestic flights, it will have a dramatic impact on TSC's operations.
The TSC prepared for the new initiatives by establishing an information technology infrastructure, personnel base, and long range planning processes. The Secure Flight program came while TSC was still a fledgling organization, and had no regular, routine, or predictable workload. In order to be able to accurately predict the Secure Flight workload, TSA was unable to provide to the TSC specific estimates such as volume of calls, volume of passengers traveling, information systems architecture, scope of projects, logistics and other resources. However, even without this information, the TSC continued to prepare for Secure Flight based on conservative estimates of these data elements. Due to the uniqueness of the TSC's inter-governmental participation, the TSC leveraged its capabilities across programs and activities. It used any available resource from any of the participating HSPD-6 partners to include personnel, licenses, databases, hardware, software and other materials. The TSC has also taken great care to leverage every conceivable opportunity available through its partners to increase resources, efficiency and effectiveness, particularly in those areas where the TSC's own budget or allocated personnel are not sufficient to address mission requirements.
TSC concurs with DOJ/OIG's assessment that the TSC "needs enhancement" of current base funding to accomplish its critical mission functions.
With this as a short summary background, the TSC offers the following in response to the DOJ-OIG preliminary draft review of the TSC's plans to support the TSA's Secure Flight program:
Work closer with the FBI budget staff or develop an in-house capacity to formulate and execute a TSC budget that captures cost information by project and tracks the total fiscal requirements of the organization.
The TSC agrees with this recommendation and acknowledges the need to work with the FBI's Finance Division to build the TSC in-house financial personnel capacity.
The TSC was created in an out of cycle budget environment. As a result, the TSC did not have the opportunity to participate in the budget process initially, nor did it have the background to give a true estimate of normal operating requirements (also known as base lining). Funding for the first fiscal year (FY) was reallocated to the Federal Bureau of Investigation (FBI) in support of the TSC from participating agencies' FY 2004 budgets. No personnel were granted to the TSC through the budget process to stand up or operate it. Because the budget formulation process leads the execution phase of the budget process by two and one half years, the TSC did not have sufficient input into a budget until January of 2005.
However, the TSC has been diligent in its fiscal responsibility to ensure expenditures create a maximum value to cover the array of projects requiring support and implementation since its inception. In support of this effort, the TSC established a Project Management Office (PMO) and supporting processes to develop project management and financial budget/accounting tools for the purpose of projecting and tracking actual expenses. This system allowed TSC to identify the development costs of the infrastructure that would be required to support TSC's maturation and identified initiatives. Due to the approach used by the TSC to develop its infrastructure to support multiple programs, many of the projects tracked also contribute to building the infrastructure that supports all of these programs, to include Secure Flight. Therefore, each project generally supports multiple programs. This approach was taken because the TSC had not received any funding related to specific programs. The supplemental funds, while subject to DOJ/OIG review, were not solely limited to the Secure Flight program.
The TSC was asked by the DOJ/OIG to provide specific dollar amounts associated with the costs of preparing for Secure Flight. The TSC provided that information based on its current methodology. Due to the fact that it did not have the TSA's requirements, the TSC made conservative estimates because there was no historic baseline for Secure Flight. When the baseline for Secure Flight is established, in conjunction with all other programs the TSC is supporting, the TSC will be able to implement an effective cost accounting system for the Secure Flight program that will not only provide actual direct and indirect costs, but also allow for more accurate estimates of future costs. In addition, the TSC's "improvements to its operations and information technology environment," are not specifically to address Secure Flight but also to address the other TSC supported programs.
Re-examine and regularly update the agency's resource estimates as soon as the Secure Flight Program is implemented and true work-load figures are established.
The TSC agrees with this recommendation and will continue to coordinate these efforts with TSA to ensure the most accurate and current data is available.
The TSC developed workload projection estimates for initial resource requirements to support the Initial Operating Capability (IOC) of Secure Flight. These estimates have focused on frontline call center personnel, supervision, and support. The estimate used for staffing is conservative, having used the low end volume estimate for actual hiring. TSC also has a plan to respond to a significantly increased volume of work associated with Secure Flight should that be required. Surge capability will be achieved with TDY's until a true baseline of volume can be determined. Systems will be in place to collect workload volume information, and the length of time required to work a Request for Action (RFA) will be monitored and analyzed. As the history is accumulated and trended by the day of the week and hour of the day, the TSC will develop a baseline for call center staffing and adjust appropriately. As soon as an air carrier rollout plan is developed by TSA, the TSC will plan to calculate revised resource estimates as there is an increase in carriers and volume. TSC will look to minimize additional costs as the program grows by implementing cross utilization with other TSC products and services. Initial training costs have been planned, and as growth is experienced TSC will continuously revise classroom training and on the job training costs.
With respect to IT, the development of baseline data will provide the needed information to make any adjustments to communications, hardware, and software requirements accurately. A number of enhancements to Secure Flight are already planned for 2006 development that will improve efficiency of the TSC Secure Flight process. As experience with the system develops, other best practices and modifications will be identified, and TSC will develop and implement improvements. Also, TSA and TSC have previously agreed to Quarterly Reviews of the Concept of Operations and Interface Control Documents as part of a structured review after standing up the Secure Flight program. This approach will also assist in the TSC financial methodology.
As a result of these operational and information technology evaluations taken from the Secure Flight baseline, the TSC will recalculate financial costs of Secure Flight not only on an immediate basis, but on a quarterly basis thereafter. This approach is already built into the TSC financial methodology.
Coordinate with the TSA to adopt the Terrorist Watch Person Data Exchange Standard protocols for data exchange.
The TSC agrees with this recommendation and has plans to implement this recommendation in the future.
The TSC notes that the TSC is using the Terrorist Watch Person Data Exchange Standard protocols, but that the TSA is not presently equipped to use this standard. However, once Secure Flight operational testing provides realistic figures on data quantities and processing times, TSC will work with TSA to bring their present simplified initial data exchange protocol into conformance with the national standard used by TSC elsewhere.
Develop an aggressive schedule for the completion of the record-by-record review of the TSDB and encourage participating agencies to improve overall data accuracy, completeness, and thoroughness.
The TSC agrees with this recommendation and has previously developed this schedule and methodology. The TSC will endeavor to expedite this review based on its current staffing.
On April 1, 2005, the TSC's Data Integrity Unit implemented a comprehensive record-by-record quality assurance (QA) review of the entire TSDB and will continue this effort. The TSC has identified priority records that will be reviewed first, since they have surfaced continually in ongoing QA projects. Some of these records were initiated from both the FBI and the National Counter Terrorism Center (NCTC). The NCTC is also conducting a record by record review. As previously mentioned, the watchlisting process is a new initiative that is Government-wide. Each agency has the responsibility to provide accurate information when nominating a name for the watch-list. Because this government wide system was never in existence, the quality of data provided for watch-lists varies from agency to agency. However, as the process matures there will be greater consistency in the quality of data passed.
Prioritize and implement projects that are currently on-hold while planning for Secure Flight because these projects have significant implications on data integrity, security, and system efficiency.
The TSC agrees with this recommendation and takes continuous action in this area.
The TSC has been using a project management tool to track its priorities of all TSC projects and will expand the use of this tool. From December 1, 2003, the TSC has had to continuously and aggressively reprioritize its projects based on emerging requirements, current events, and limited funding. This approach will continue to be used in the future.