This is the accessible text file for GAO report number GAO-03-502 entitled 'Transportation Security Research: Coordination Needed in Selecting and Implementing Infrastructure Vulnerability Assessments' which was released on May 01, 2003. This text file was formatted by the U.S. General Accounting Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. Report to the Committee on Appropriations, House of Representatives: United States General Accounting Office: GAO: May 2003: Transportation Security Research: Coordination Needed in Selecting and Implementing Infrastructure Vulnerability Assessments: GAO-03-502: GAO Highlights: Highlights of GAO-03-502, a report to the House Committee on Appropriations Why GAO Did This Study: The events of September 11, 2001, increased attention on efforts to assess the vulnerabilities of the nation’s transportation infrastructure and develop needed improvements in security. The Department of Transportation’s (DOT) Research and Special Programs Administration (RSPA) had already begun research in this area in June 2001. The goals of RSPA’s Transportation Infrastructure Assurance program are to identify, and develop ways to mitigate the impact of, threats to the nation’s transportation infrastructure. DOT’s Office of Intelligence and Security is responsible for defining the requirements for transportation infrastructure protection, ensuring that vulnerability assessments of transportation infrastructure are conducted, and taking action to mitigate those vulnerabilities. The House Committee on Appropriations asked GAO to determine (1) the status and anticipated results of the Transportation Infrastructure Assurance (TIA) program, and (2) the extent to which RSPA and the Office of Intelligence and Security have coordinated their activities in selecting the vulnerabilities to be assessed and implementing the vulnerability assessments for the program. DOT and RSPA officials reviewed a draft of the report, agreed with its contents, and provided technical clarifications that we incorporated. What GAO Found: The Transportation Infrastructure Assessment program is scheduled to end in December 2003 after the completion of four transportation vulnerability assessments. Congress appropriated $1 million in each of the fiscal years from 2001 through 2003 to RSPA for the program. RSPA plans to disseminate reports, conduct workshops, and post information on the Internet to inform decision-makers in the transportation community about the results. Program Vulnerability Assessments: [See PDF for image] [End of figure] Prior to March 2003, RSPA did not fully coordinate their activities with the Office of Intelligence and Security in selecting the vulnerabilities to be assessed, or in implementing the assessments for the program. We discussed this problem with officials from both offices who agreed that closer coordination would be beneficial, particularly to discuss options for addressing the challenges facing program researchers in conducting the program’s vulnerability assessments. In March 2003, officials from both offices began regular meetings to facilitate this coordination. www.gao.gov/cgi-bin/getrpt?GAO-03-502. To view the full report, including the scope and methodology, click on the link above. For more information, contact Katherine Siggerud at (202) 512-2834 or siggerudk@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: TIA Program Is Scheduled to End in December 2003 with Completion of Four Vulnerability Assessments: RSPA Has Not Fully Coordinated Their Activities with OIS in Selecting the Vulnerabilities to Be Assessed and in Implementing the Assessments for the TIA Program: Agency Comments and Our Evaluation: Appendix I: Volpe National Transportation System Center Studies Related to Transportation Infrastructure Assurance: Appendix II: Stakeholders Involved and Criteria Used in Selecting the Vulnerabilities Assessed Under the TIA Program: Appendix III: Entities Reported by RSPA Who Were Involved during the Implementation of the TIA Program: Table: Table 1: TIA Program Planned Products and Progress to Date: Figures: Figure 1: Beginning and Completion Dates of Vulnerability Assessments: Figure 2: An Air Traffic Controller Uses a Digital Radar Display and Workstation Computers Interconnected through Telecommunications Systems for Air Traffic Management: Figure 3: Emergency Response Teams Transported to the Site of the World Trade Center in New York City Work to Clear Debris After the Terrorist Attack on September 11, 2001: Figure 4: A Global Positioning Satellite: Figure 5: Air, Marine and Surface Modes of Transportation of Hazardous Materials Being Assessed by RSPA: Figure 6: TIA Program Funding by Vulnerability Assessment (Fiscal Years 2001 - 2003): Abbreviations: DOT: Department of Transportation FAA: Federal Aviation Administration OIS: Office of Intelligence and Security OMB: Office of Management and Budget PDD: Presidential Decision Directive RSPA: Research and Special Programs Administration TIA: Transportation Infrastructure Assurance TSA: Transportation Security Administration: This is a work of the U.S. Government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. It may contain copyrighted graphics, images or other materials. Permission from the copyright holder may be necessary should you wish to reproduce copyrighted materials separately from GAO's product. United States General Accounting Office: Washington, DC 20548: May 1, 2003: The Honorable C. W. Bill Young Chairman The Honorable David R. Obey Ranking Minority Member Committee on Appropriations House of Representatives: The terrorist attacks on the United States on September 11, 2001, increased attention on federal efforts to assess the vulnerabilities of the nation's transportation infrastructure and develop needed improvements in security. The Department of Transportation (DOT) formally began one such effort in June 2001--the Transportation Infrastructure Assurance program--within its Research and Special Programs Administration (RSPA). The Transportation Infrastructure Assurance program focuses on identifying and mitigating against threats, such as from acts of terrorism and sabotage, which could adversely affect the operation of the nation's transportation infrastructure and cause harm to humans. The program is crosscutting, defining "transportation infrastructure" to include highways, transit systems, railroads, airports, waterways, pipelines and ports, as well as the vehicles, aircraft, and vessels that operate on these networks. The program is also directly related to the mission of DOT's key transportation security stakeholder. DOT's Office of Intelligence and Security is responsible on behalf of the Secretary for defining the requirements for transportation infrastructure protection, ensuring that vulnerability assessments of transportation infrastructure are conducted, and taking action to mitigate those vulnerabilities. In House Report 107-722, accompanying DOT and Related Agencies Appropriations Bill for fiscal year 2003, the House Appropriations Committee asked us to examine the Transportation Infrastructure Assurance program. In subsequent discussions with Committee staff we agreed to address the following questions: (1) What is the status and what are the anticipated results of the Transportation Infrastructure Assurance program? and (2) To what extent has RSPA coordinated their activities with DOT's Office of Intelligence and Security in selecting the vulnerabilities to be assessed and implementing the assessments for the program? To answer these questions, we examined Transportation Infrastructure Assurance program documents, including budget data and project plans. We also interviewed officials from RSPA's Office of Innovation, Research and Education--which manages the program, and the Volpe National Transportation Systems Center--which is conducting the program research--regarding the status, management, and operation of the program, as well as plans for disseminating and evaluating program results. In addition, we interviewed officials from the Office of Intelligence and Security about the extent of their participation in the program. Although the Transportation Security Administration was formally part of DOT during the course of our review, it was not established until after the Transportation Infrastructure Assurance program began. Moreover, the Transportation Security Administration's initial efforts focused on safeguarding the nation's aviation industry; as a result, the Office of Intelligence and Security continued to lead DOT's efforts in fulfilling national critical infrastructure protection responsibilities. Consequently, our review focused on the Office of Intelligence and Security's involvement in the program. We did, however, talk with officials from the Transportation Security Administration regarding their role in identifying and undertaking future research activities necessary to enhance transportation security. We conducted our review from September 2002 through February 2003 in accordance with generally accepted government auditing standards. Results in Brief: The Transportation Infrastructure Assurance program is scheduled to end in December 2003 after completing four vulnerability assessments aimed at identifying and finding ways to mitigate threats against the nation's transportation infrastructure. RSPA's research center, the Volpe National Transportation System Center, in Cambridge, Massachusetts, is conducting the assessments to (1) examine the interdependency of the nation's transportation system with other critical infrastructures, such as energy and telecommunications; (2) identify the transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction; (3) examine the feasibility of alternative backup systems for the global positioning system, upon which aviation, maritime, and surface transportation industries rely; and (4) assess the options to transition from hazardous materials transportation security guidelines to security requirements. According to RSPA officials, RSPA plans to work with the Office of Intelligence and Security to disseminate program results to decision-makers in the transportation community through published reports, workshops, and the Internet. Congress appropriated $1 million in each of the fiscal years from 2001 through 2003 to RSPA for the Transportation Infrastructure Assurance program. Prior to March 2003, RSPA did not fully coordinate their activities with the Office of Intelligence and Security in selecting the vulnerabilities to assess, or in implementing the assessments for the Transportation Infrastructure Assurance program. RSPA coordinated with the Office of Intelligence and Security in selecting two vulnerability assessments in fiscal year 2001. However, RSPA selected two additional transportation vulnerabilities for assessment in fiscal year 2002 without coordinating with the Office of Intelligence and Security. According to officials from RSPA and the Office of Intelligence and Security, this lack of coordination resulted in part from disagreements and misunderstandings about each other's respective role in the program. RSPA's coordination with the Office of Intelligence and Security during the research program's implementation has been limited to only one of the four vulnerability assessments under review. Greater coordination might have enabled officials from the Office of Intelligence and Security to obtain industry-sensitive information for RSPA's assessments and possibly increased the program's value, according to the Office of Intelligence and Security's Associate Director. During the course of our review, officials from both offices agreed with us that closer coordination would be beneficial to the program and agreed to meet regularly. We verified that in March 2003 officials from RSPA and the Office of Intelligence and Security began to meet regularly to facilitate this coordination. As a result, this report is making no recommendations. We provided a copy of the draft report to DOT and RSPA officials who agreed with the contents of the report and provided technical clarifications that we incorporated into the report. Background: On May 22, 1998, President Clinton issued a pair of directives to guide federal efforts to address critical infrastructure vulnerabilities. Presidential Decision Directive 62 (PDD 62) highlighted the growing threat of unconventional attacks against the United States. It described a new and more systematic approach to fighting terrorism through interagency efforts to prepare for response to incidents involving weapons of mass destruction. Presidential Decision Directive 63 (PDD 63) further directed federal agencies to conduct risk assessments and planning efforts to reduce exposure to attack. Specifically, the assessments were to consider attacks that could significantly diminish the abilities of (1) the federal government to perform essential national security missions and ensure the general public health and safety; (2) state and local governments to maintain order and to deliver minimum essential public services; and (3) the private sector to ensure the orderly functioning of the economy and the delivery of essential telecommunications, energy, financial, and transportation services. PDD 63 called for the government to complete these assessment efforts no later than May 2003. According to the Office of Intelligence and Security's (OIS) Associate Director for National Security (hereafter referred to as the Associate Director), the Transportation Infrastructure Assurance (TIA) program is, in part, DOT's effort to meet these Presidential Decision Directive requirements. RSPA concentrates on multimodal issues (research that applies to more than one mode of transportation) that affect the entire U.S. transportation system rather than on a specific sector of the system. RSPA's Office of Innovation, Research and Education is responsible for managing the TIA program. The Volpe National Transportation Systems Center, located in Cambridge, Massachusetts, is the research arm of RSPA and is conducting the program's vulnerability assessments. OIS is the key transportation security stakeholder within DOT responsible for analyzing, developing, and coordinating departmental and national policies addressing national defense, border security, and transportation infrastructure assurance and protection issues. Other OIS responsibilities include: coordinating with the public and private sectors, international organizations, academia, and interest groups regarding issues of infrastructure protection; acting as the Secretary of Transportation's liaison with the intelligence, law enforcement, and national defense communities and assisting departmental organizations in establishing and maintaining direct ties with those communities; and serving as the Secretary of Transportation's primary advisor on significant intelligence issues affecting the traveling public, the transportation industry, and national security. According to OIS's Associate Director, OIS has historically been involved in the department's transportation security research efforts. He added that OIS's lead role in fulfilling the department's critical infrastructure responsibilities, including the implementation of Presidential Decision Directives addressing critical infrastructure vulnerabilities, is likely to change as the roles and responsibilities of the Transportation Security Administration (TSA) and the newly created Department of Homeland Security are defined. Congress established TSA in November 2001[Footnote 1] to be responsible for ensuring transportation security, including identifying and undertaking research and development activities necessary to enhance transportation security. For fiscal year 2003, TSA received $110 million to fund transportation security research activities for all modes of transportation. Further, on November 25, 2002, the President signed the Homeland Security Act of 2002,[Footnote 2] which established the Department of Homeland Security with the responsibility of, among other tasks, coordinating efforts in securing America's critical infrastructure. On March 1, 2003, TSA became part of the newly created Department of Homeland Security. TIA Program Is Scheduled to End in December 2003 with Completion of Four Vulnerability Assessments: The TIA program is scheduled to end in December 2003, resulting in the completion of four vulnerability assessments aimed at identifying and finding ways to mitigate threats against the nation's transportation infrastructure. RSPA officials said that two of these assessments (the interdependency of the transportation system with other critical infrastructures and transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction) were selected, in part, to meet DOT's PDD 62 and 63 requirements, and are scheduled for completion in mid-2003 to meet the deadlines outlined in the presidential directives. The other two assessments (the feasibility of alternative backup systems for the global positioning system, and an assessment of the options to transition from hazardous materials transportation security guidelines to security requirements) were selected based upon a perceived need for assessments in these areas as defined by officials from RSPA's Office of Hazardous Materials Safety and the Volpe National Transportation Systems Center, and are scheduled for completion in December 2003. RSPA's Volpe Center is conducting the TIA program's four assessments and has conducted research related to transportation infrastructure since 1996. (See app. I for a summary of the Volpe Center's Workshops and Studies related to transportation infrastructure assurance from fiscal years 1996 to 2000.): Figure 1 shows the TIA program's beginning and completion dates by specific vulnerability assessment. RSPA officials told us that it has no plans to include any additional or future assessments under the TIA program. Figure 1: Beginning and Completion Dates of Vulnerability Assessments: [See PDF for image] [End of figure] The TIA program is assessing four vulnerabilities: * Interdependency of the transportation system with other critical infrastructures: According to TIA program documentation, the development of alternative fuels, changes in telecommunication technologies, and the evolving financial role of the federal government in the security of privately operated transportation systems are affecting the relationship between the nation's transportation infrastructure and some of the nation's other critical infrastructures. The purpose of this assessment is to describe the current and evolving dependence between the nation's transportation infrastructure and some of the nation's other critical infrastructures including energy, electronic-commerce, banking and finance, and telecommunications. For example, the nation's air traffic control system relies on telecommunications to manage the safety and efficiency of air transportation, as shown in figure 2. Researchers plan to determine the costs, in terms of economic disruption and loss of lives, associated with terrorists exploiting transportation infrastructure vulnerabilities. Figure 2: An Air Traffic Controller Uses a Digital Radar Display and Workstation Computers Interconnected through Telecommunications Systems for Air Traffic Management: [See PDF for image] [End of figure] * Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction: The purpose of this assessment is to evaluate the transportation and logistics assets required in responding to terrorist activities. The assessment will include an analysis of transportation operations and procedures, personnel, supplies, and transportation assets such as vehicles, containers, and pallets. Specifically, researchers plan to analyze the institutional and economic implications of terrorist activities involving weapons of mass destruction in order to develop emergency transportation action plans and compile emergency transportation procedure best practices. Emergency teams were transported to respond to the terrorist attack on the World Trade Center on September 11, 2001, as shown in figure 3. Figure 3: Emergency Response Teams Transported to the Site of the World Trade Center in New York City Work to Clear Debris After the Terrorist Attack on September 11, 2001: [See PDF for image] [End of figure] * Feasibility of alternative backup systems for the global positioning system: The purpose of this assessment is to provide a continuation of the August 2001 report by the Volpe National Transportation Systems Center, Vulnerability of the Transportation Infrastructure Relying On The Global Positioning System. The report concluded that the global positioning system is vulnerable to both intentional and nonintentional disruption, and identified a need for a backup for the global positioning system. To follow-up on the August 2001 report, researchers plan to analyze and describe the performance, cost, and practicality of backup systems and procedures. Figure 4 shows a picture of a global positioning satellite. Figure 4: A Global Positioning Satellite: [See PDF for image] [End of figure] * Options to transition hazardous materials transportation security guidelines to security requirements: The purpose of this assessment is to evaluate the tradeoffs in the transportation of hazardous materials that exist between security, economic, proprietary, and delivery factors. RSPA plans to provide an analysis and description of these tradeoffs in different threat scenarios for different modes of transportation. Figure 5 provides an overview of the types of transportation being assessed. Figure 5: Air, Marine, and Surface Modes of Transportation of Hazardous Materials Being Assessed by RSPA: [See PDF for image] [End of figure] RSPA plans to work with OIS to disseminate the results of the program to private transportation system operators and to stakeholders in DOT and other federal agencies through 11 formal reports, presentations, workshops, and the Internet. Table 1 provides an overview of the program's planned products and progress to date. Table 1: TIA Program Planned Products and Progress to Date: Vulnerability assessments: Interdependency of the transportation system with other critical infrastructures; Planned products and progress to date: Energy: * TIA program researchers have drafted a report, "Security Risks Associated with Transportation-Energy Interdependencies," which will be reviewed by OIS. This draft report is intended to illustrate the complexities in defining interdependency vulnerabilities. As of February 2003, this report had not yet been issued.; * A second report studying the relationship between electrical distribution infrastructure and transportation is scheduled for completion in May 2003. Planned products and progress to date: E-Commerce: * TIA program managers are contracting with the Transportation Research Board to develop a report describing information technology in the freight industry, reviewing current freight security practices, and identifying potential vulnerabilities in the freight industry. The report is scheduled for completion in May 2003.; * TIA program researchers have completed a background paper, "E-Commerce Vulnerabilities: Impacts on the Transportation System," (March 2002), which presents information on identifying and protecting critical information technology infrastructure, ranking vulnerabilities, and estimating potential impacts (costs) if the vulnerabilities are exploited. TIA researchers have also conducted a briefing on the impact of electronic systems in shaping the future transportation system. An accompanying slide presentation, "Transportation in 2050," has been drafted and is under review. Planned products and progress to date: Banking & Finance: * TIA program researchers are working on a report, "Economic Effects of the September 11 Terrorist Attacks: A Survey of Current Studies and an Overview of the Implications for Transportation," examining the impact of the events of September 11 on the banking and finance systems and their associated effects on the nation's transportation system. While originally scheduled for release in September 2002, RSPA officials told us that this report is not yet complete and may be discontinued due to its limited value in light of numerous studies conducted on this issue.; * A report reviewing the results of other research involving the interdependency of the nation's transportation infrastructure with the nation's banking and finance system is scheduled for completion in spring 2003. Planned products and progress to date: Telecommunication: * TIA program researchers are finalizing a report on the interdependency between the nation's aviation industry and telecommunications industry.; * Additional research is intended to address the interdependence of the nation's telecommunications industry with other nonaviation sectors of the nation's transportation system. According to Volpe Center researchers, this final report is likely to consist of several volumes, each with a specific modal focus. This report is scheduled for completion in May 2003. Vulnerability assessments: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction; Planned products and progress to date: * TIA program researchers presented a set of data tables describing the various emergency response teams transportation requirements, including personnel and equipment. According to program researchers, these tables were delivered to RSPA's Office of Emergency Transportation in July 2002.; * TIA program researchers have conducted a bio-terrorism conference to aid in identifying gaps in the emergency response system. The conference was held in Washington D.C., on November 19-20, 2002. Vulnerability assessments: Feasibility of alternative backup systems for the global positioning system; Planned products and progress to date: * TIA program researchers are working on a report designed to identify and provide cost benefit assessments of alternatives to use in backing up the global positioning system should it be disrupted by sabotage or terrorist attack. The report intends to assist DOT in determining the most appropriate alternative radio-navigation system to use in the nation's transportation system. This report is scheduled for completion in December 2003. Vulnerability assessments: Options to transition hazardous materials transportation security guidelines to security requirements; Planned products and progress to date: * TIA program researchers reviewed recent literature, workshops, and conferences on security options and implications related to the transportation of hazardous materials. The final report was released in December 2002.; * According to program managers, potential areas of work for the second phase of this project include an assessment of the implementation of security plans, and the development of better data on hazardous material shipments with high security concerns. This work is scheduled for completion in December 2003. Source: RSPA and Volpe Center data. [End of table] Congress appropriated $1 million each year to RSPA for the TIA program in fiscal years 2001, 2002, and 2003. Figure 6 provides an overview of the TIA program funding for fiscal years 2001 through 2003 for each of the four vulnerability assessments. Figure 6: TIA Program Funding by Vulnerability Assessment (Fiscal Years 2001 - 2003): [See PDF for image] [End of figure] RSPA Has Not Fully Coordinated Their Activities with OIS in Selecting the Vulnerabilities to Be Assessed and in Implementing the Assessments for the TIA Program: RSPA has not fully coordinated their activities with OIS--DOT's key transportation security stakeholder--in selecting the vulnerabilities to be assessed or in implementing the assessments for the TIA program. RSPA coordinated with OIS in selecting two vulnerability assessments in fiscal year 2001. Specifically, in fiscal year 2001, RSPA worked with OIS to select one vulnerability for assessment and notified OIS of its selection of a second vulnerability for assessment. RSPA, however, did not coordinate with OIS officials in the selection of two additional vulnerability assessments in fiscal year 2002. RSPA's coordination with OIS during the program's implementation has been limited to only one of the four vulnerability assessments under review. RSPA's Coordination with OIS in the Selection of the Vulnerabilities to Be Assessed in the TIA Program: RSPA coordinated with OIS and used various criteria, such as PDD 62 and 63, in selecting only two of the four vulnerabilities to be assessed in the TIA program. For example, RSPA consulted with OIS to select one of the two vulnerabilities for assessment in fiscal year 2001 and notified OIS of its selection of a second vulnerability. Specifically, in a memorandum dated March 6, 2001, OIS identified and proposed a list of critical infrastructure protection research requirements for assessment and requested that RSPA address them as a high priority.[Footnote 3] In this initial proposal, the Director of OIS said that significant OIS involvement would be required to effectively implement the program given its responsibilities for defining transportation security vulnerabilities, ensuring that vulnerability assessments are conducted, and implementing actions to mitigate those vulnerabilities. On April 9, 2001, RSPA issued a memorandum to OIS outlining its research agenda for fiscal year 2001 and stating that OIS's involvement in assuring the program's quality, credibility, and review was critical. This memorandum confirmed RSPA's plans to assess the interdependency of the transportation system with other critical infrastructures, as suggested by OIS's proposed list, and notified OIS of RSPA's intention to conduct a second assessment--the transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction--that was not included on OIS's list. In the aftermath of the terrorist attacks of September 11, 2001, RPSA issued a solicitation on behalf of all DOT modes for additional transportation security technology research and concepts to be included in the TIA program or related transportation security programs. OIS officials participated with RSPA in reviewing the proposals received in response to the solicitation. However, according to the Associate Administrator of RSPA's Office of Innovation, Research, and Education (hereafter referred to as the Associate Administrator), DOT did not receive the funds to pursue any of these proposals. During fiscal year 2002, RSPA did not coordinate with OIS to determine what additional assessments to select for inclusion in the program. Instead, RSPA selected two transportation vulnerabilities for assessment under the program after holding discussions with Volpe Center researchers and officials from RSPA's Office of Hazardous Materials Safety. While the Associate Director of OIS said he was unaware that additional vulnerabilities had been selected for assessment in fiscal year 2002 prior to our discussions with him regarding the status of the program, he noted that both of these assessments--on the feasibility of alternative backup systems for the global positioning system, and an assessment on options to transition hazardous materials transportation security guidelines to security requirements--were valid and of high priority. According to OIS and RSPA officials, this lack of coordination resulted, in part, from disagreements and misunderstandings about the other's respective role in the program. As indicated by a series of e-mail communications between OIS and RSPA officials during the period between October 2001 and January 2002, questions about the respective roles of OIS and RSPA in the program's management, specific research areas, and the logistics of this research were raised on numerous occasions with no apparent resolution. Neither RSPA nor OIS were able to provide us with documentation to show that these issues were resolved. (See app. II for specific stakeholders involved and criteria used to select the vulnerabilities chosen for assessment under the TIA program in fiscal years 2001 and 2002.): RSPA's Coordination with OIS in the Implementation of the Assessments in the TIA Program: RSPA's coordination with OIS, DOT's security stakeholder, during the implementation of the TIA program has been limited to one of the four vulnerability assessments. While OIS has participated in meetings regarding the assessment of the options to transition hazardous materials transportation security guidelines to security requirements, RSPA did not similarly involve OIS in the program's three other vulnerability assessments. OIS and RSPA officials said that this lack of coordination during the implementation of the program resulted, in part, from continued disagreements and misunderstandings about the other's respective role in the program. Further, OIS's Associate Director said that because of OIS's lack of involvement in the TIA program, he was not aware of the program's progress to date and therefore expressed uncertainty about whether the program's research is meeting the requirements of PDD 62 and 63. OIS's Associate Director also said that OIS's working relationships with private industry stakeholders might have helped RSPA obtain industry-sensitive information for the program's assessments. RSPA officials acknowledged that a primary challenge of the TIA program involves obtaining information on industry-specific, competition- sensitive issues. For example, RSPA officials said that private sector owners and operators, such as those from the oil industry, are cautious about releasing proprietary information because of the possibility that this information could be used by (1) business rivals to gain a competitive advantage, (2) terrorists to harm and destroy critical infrastructure, and (3) the federal government to pursue further regulations of the industry. As a result, TIA program researchers told us that they are limited in their ability to identify specific threats and weaknesses relating to some of the specific vulnerabilities under assessment. According to RSPA's Associate Administrator, because of these limitations, the TIA program is, in some instances, examining vulnerability issues on a conceptual level rather than through specific case studies of industry infrastructure. For example, instead of assessing the vulnerabilities of specific privately owned infrastructures, such as oil refineries, RSPA is addressing some critical details of crude oil transport using ports in Louisiana and Texas to illustrate the complexities in defining the interdependency vulnerabilities between the nation's transportation and energy infrastructures. (See app. III for a summary of OIS involvement in the implementation of the TIA program, as well as a listing of all of the significant stakeholders reported by RSPA who were consulted during the implementation of the TIA program.): We discussed our findings about the lack of coordination with RSPA's Associate Administrator and OIS's Associate Director and suggested they take steps to increase their coordination efforts. They agreed that increased coordination would be beneficial. Specifically, they agreed to hold bi-monthly updates on the progress of each of the vulnerability assessments, discuss program task methodologies and approaches, and identify options for addressing the challenges facing program researchers in conducting the program's vulnerability assessments. The first update was held in March 2003. Furthermore, RSPA's Associate Administrator agreed to provide TSA's Director for Threat Assessment and Risk Management[Footnote 4] with information on the TIA program's findings, challenges, and lessons learned. In our discussions with TSA's Director for Threat and Risk Assessment, she said that such information regarding the TIA program would be helpful in guiding TSA's future efforts in planning and conducting transportation security research. Because of actions taken by RSPA and OIS to improve coordination we are making no recommendations at this time. Agency Comments and Our Evaluation: We provided a copy of the draft report to DOT and RSPA officials who agreed with the contents of the report and provided technical clarifications that we incorporated into the report. They did not provide written comments on the report. We will send copies of this report to the Secretary of Transportation, appropriate congressional committees, and other interested parties. We will also make copies available to others upon request. In addition, the report will be available at no charge on the GAO Web site at http:/ /www.gao.gov. If you have questions about this report, please call me on (202) 512- 2834 or Chris Keisling on (404) 679-1917. Other key contributors included Colin Fallon, Bert Japikse, Steve Morris, and Jason Schwartz. Katherine Siggerud Acting Director, Physical Infrastructure Issues: Signed by Katherine Siggerud: [End of section] Appendix I: Volpe National Transportation System Center Studies Related to Transportation Infrastructure Assurance: Funding source: Presidential Commission on Critical Infrastructure Protection; Fiscal year: 1996; Funding amount: $380,000; [Empty]; Products: Reports: * Supervisory Control and Data Acquisition Vulnerabilities (1997); * National Air Space Vulnerabilities (1997); * Traffic (Surface) Central Systems Vulnerabilities (1997); White Papers: * Electromagnetic Threats to Rail/Transit Operations (1997). Funding source: Department of Defense 1996 Supplemental Appropriation for a Surface Transportation Vulnerability Assessment; Fiscal year: 1997; Funding amount: $2,400,000; [Empty]; Products: White Papers: * Criminal Use of Transportation Infrastructure (1997); * Railroad Bridges and Tunnels Vulnerability (1998); * Railroad Signaling and Control Vulnerability (1998); Reports: * Intermodal Cargo Security Best Practices (1999); * Transportation Infrastructure Assurance Research and Development Plan (1999 and 2000). Funding source: RSPA Research and Technology and Strategic Planning (Total Terminal Security/TIA Task); Fiscal year: 1996; Funding amount: $15,000; [Empty]; Products: Workshops: * Emerging Issues in Transportation Information Infrastructure Security (1996); * Global Positioning Study Interference and Mitigation (1998); * Chemical/ Biological Incidents (1998); * Marine Safety and Port Security (2000); ; Reports: * Intermodal Cargo Security Best Practices (1999); * Transportation Infrastructure Assurance Research and Development Plan (1999 and 2000). Fiscal year: 1997; Funding amount: $15,000; [Empty]. Fiscal year: 1998; Funding amount: $50,000; [Empty]. Fiscal year: 1999; Funding amount: $35,000; [Empty]. Fiscal year: 2000; Funding amount: $85,000; [Empty]. Fiscal year: 2001; Funding amount: $50,000; [Empty]. Funding source: DOT Office of Intelligence and Security; Fiscal year: 2000; Funding amount: $700,000; [Empty]; Products: Reports: * DOT Communications (Security) Reports (2001); * Updated Supervisory Control and Data Acquisition (SCADA) Study (2002); * Global Positioning System Vulnerability Study (2001). Source: GAO presentation of RSPA and Volpe Center data. [End of table] [End of section] Appendix II: Stakeholders Involved and Criteria Used in Selecting the Vulnerabilities Assessed Under the TIA Program: Stakeholders involved and criteria used: DOT's Office of Intelligence and Security; Selected in FY 2001: Interdependency of the transportation system with other critical infrastructures: Yes; Selected in FY 2001: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction: Yes; [Empty]; Selected in FY 2002: Feasibility of alternative backup systems for the global positioning system: [Empty]; Selected in FY 2002: Options to transition hazardous materials transportation security guidelines to security requirements: [Empty]. Stakeholders involved and criteria used: RSPA's Office of Emergency Transportation; Selected in FY 2001: Interdependency of the transportation system with other critical infrastructures: [Empty]; Selected in FY 2001: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction: Yes; [Empty]; Selected in FY 2002: Feasibility of alternative backup systems for the global positioning system: [Empty]; Selected in FY 2002: Options to transition hazardous materials transportation security guidelines to security requirements: [Empty]. Stakeholders involved and criteria used: RSPA's Office of Hazardous Materials Safety; Selected in FY 2001: Interdependency of the transportation system with other critical infrastructures: [Empty]; Selected in FY 2001: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction: [Empty]; Selected in FY 2002: Feasibility of alternative backup systems for the global positioning system: [Empty]; Selected in FY 2002: Options to transition hazardous materials transportation security guidelines to security requirements: Yes. Stakeholders involved and criteria used: Volpe National Transportation Systems Center; Selected in FY 2001: Interdependency of the transportation system with other critical infrastructures: [Empty]; Selected in FY 2001: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction: [Empty]; Selected in FY 2002: Feasibility of alternative backup systems for the global positioning system: Yes; Selected in FY 2002: Options to transition hazardous materials transportation security guidelines to security requirements: Yes. Stakeholders involved and criteria used: Criteria used: Selected in FY 2001: Interdependency of the transportation system with other critical infrastructures: [Empty]; Selected in FY 2001: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction: [Empty]; Selected in FY 2002: Feasibility of alternative backup systems for the global positioning system: [Empty]; Selected in FY 2002: Options to transition hazardous materials transportation security guidelines to security requirements: [Empty]. Stakeholders involved and criteria used: Presidential Decision Directive 62; Selected in FY 2001: Interdependency of the transportation system with other critical infrastructures: [Empty]; Selected in FY 2001: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction: Yes; [Empty]; Selected in FY 2002: Feasibility of alternative backup systems for the global positioning system: [Empty]; Selected in FY 2002: Options to transition hazardous materials transportation security guidelines to security requirements: [Empty]. Stakeholders involved and criteria used: Presidential Decision Directive 63; Selected in FY 2001: Interdependency of the transportation system with other critical infrastructures: Yes; Selected in FY 2001: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction: [Empty]; [Empty]; Selected in FY 2002: Feasibility of alternative backup systems for the global positioning system: [Empty]; Selected in FY 2002: Options to transition hazardous materials transportation security guidelines to security requirements: [Empty]. Stakeholders involved and criteria used: Critical Foundations, Presidential Commission on Critical Infrastructure Protection (Oct. 1997); Selected in FY 2001: Interdependency of the transportation system with other critical infrastructures: Yes; Selected in FY 2001: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction: [Empty]; Selected in FY 2002: Feasibility of alternative backup systems for the global positioning system: [Empty]; Selected in FY 2002: Options to transition hazardous materials transportation security guidelines to security requirements: [Empty]. Stakeholders involved and criteria used: Critical Infrastructure Research Plan, DOT; Selected in FY 2001: Interdependency of the transportation system with other critical infrastructures: Yes; Selected in FY 2001: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction: [Empty]; [Empty]; Selected in FY 2002: Feasibility of alternative backup systems for the global positioning system: [Empty]; Selected in FY 2002: Options to transition hazardous materials transportation security guidelines to security requirements: [Empty]. Stakeholders involved and criteria used: Interim Report on Computer Security, DOT Office of the Inspector General, (July 2000); Selected in FY 2001: Interdependency of the transportation system with other critical infrastructures: Yes; Selected in FY 2001: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction: [Empty]; Selected in FY 2002: Feasibility of alternative backup systems for the global positioning system: [Empty]; Selected in FY 2002: Options to transition hazardous materials transportation security guidelines to security requirements: [Empty]. Stakeholders involved and criteria used: Surface Transportation Vulnerability Assessment, DOT (1999); Selected in FY 2001: Interdependency of the transportation system with other critical infrastructures: Yes; Selected in FY 2001: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction: [Empty]; Selected in FY 2002: Feasibility of alternative backup systems for the global positioning system: [Empty]; Selected in FY 2002: Options to transition hazardous materials transportation security guidelines to security requirements: [Empty]. Stakeholders involved and criteria used: Combating Terrorism: Federal Response Teams Provide Varied Capabilities: Opportunities Remain to Improve Coordination, GAO Report (GAO/NSIAD-01-13); Selected in FY 2001: Interdependency of the transportation system with other critical infrastructures: [Empty]; Selected in FY 2001: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction: Yes; [Empty]; Selected in FY 2002: Feasibility of alternative backup systems for the global positioning system: [Empty]; Selected in FY 2002: Options to transition hazardous materials transportation security guidelines to security requirements: [Empty]. Stakeholders involved and criteria used: Ability to leverage ongoing research and development projects; Selected in FY 2001: Interdependency of the transportation system with other critical infrastructures: Yes; Selected in FY 2001: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction: Yes; [Empty]; Selected in FY 2002: Feasibility of alternative backup systems for the global positioning system: Yes; Selected in FY 2002: Options to transition hazardous materials transportation security guidelines to security requirements: Yes. Source: GAO presentation of RSPA information on TIA program stakeholders involved and selection criteria. [End of table] [End of section] Appendix III: Entities Reported by RSPA Who Were Involved during the Implementation of the TIA Program: Assessment: Interdependency of the transportation system with other critical infrastructures; Entity involved: Office of Intelligence and Security: Entity involved: Federal Aviation Administration; Type of involvement: To obtain information: [Empty]; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: Yes. Entity involved: Louisiana Offshore Oil Port; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: National Research Council Transportation Research Board; Type of involvement: To obtain information: [Empty]; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Transportation Security Administration; Type of involvement: To obtain information: [Empty]; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: Yes. Assessment: Transportation and logistical requirements for emergency response teams in dealing with weapons of mass destruction; Entity involved: Office of Intelligence and Security; Type of involvement: To obtain information: [Empty]; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: American Association of Railroads; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: American Association of State Highway and Transportation Officials; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: American Public Transportation Association; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: American Red Cross; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Army Corps of Engineers; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Association of State and Territorial Health Officials; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Battelle Memorial Institute; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: Yes. Entity involved: Centers for Disease Control and Prevention; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Department of Agriculture; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Department of Agriculture/Food and Nutrition Service; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Department of Agriculture/Animal Plant Health Inspection Service; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: Yes. Entity involved: Department of Defense; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Department of Energy; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Department of Health and Human Services; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Defense Intelligence Agency; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: Yes. Entity involved: Department of Justice; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: Yes. Entity involved: Department of State; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: DOT Maritime Academy; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: DOT Office of the General Counsel; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: DOT Regional Emergency Transportation Representative; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Environmental Protection Agency; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Federal Aviation Administration; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Federal Emergency Management Agency; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Federal Highway Administration; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Federal Motor Carrier Safety Administration; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Federal Railroad Administration; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Federal Transit Administration; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: General Services Administration; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Georgetown University Medical Center; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: Yes. Entity involved: International Association of Emergency Managers; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: International Association of Fire Chiefs; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: International City/County Management Association; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Maritime Administration; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: National Association of Counties; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: National Association of State Emergency Medical Service Directors; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: National Defense Transportation Association; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: National Emergency Managers Association; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: National Highway Traffic Safety Administration; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: National Public Transit Association; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: National Research Council Transportation Research Board; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Office of US Surgeon General; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: RSPA's Office of Emergency Transportation; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: Yes. Entity involved: Transportation Security Administration; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: University of California, School of Veterinary Medicine; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: Yes. Entity involved: University of Delaware, Disaster Research Center; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Urban Search and Rescue Teams; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: US Coast Guard & National Command Center; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: US Forest Service; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Veterans Administration; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Volpe National Transportation Systems Center; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: Yes. Entity involved: Washington DC Department of Health; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: White House Office of Homeland Security; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: White House Special Assistant to the Vice President; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Assessment: Feasibility of alternative backup systems for the global positioning system; Entity involved: Office of Intelligence and Security; Type of involvement: To obtain information: [Empty]; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Booz-Allen Hamilton; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: DOT Office of the Secretary; Type of involvement: To obtain information: [Empty]; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: Yes. Entity involved: Federal Aviation Administration; Type of involvement: To obtain information: [Empty]; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: Yes. Entity involved: Federal Railroad Administration; Type of involvement: To obtain information: [Empty]; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: Yes. Entity involved: Northrop-Grumman; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: United States Coast Guard; Type of involvement: To obtain information: [Empty]; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: Yes. Assessment: Options to transition hazardous materials transportation security guidelines to security requirements; Entity involved: Office of Intelligence and Security; Type of involvement: To obtain information: [Empty]; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: [Empty]. Entity involved: American Association of Railroads; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: American Chemistry Council; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: American Institute of Chemical Engineers; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Bureau of the Census; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Bureau of Transportation Statistics; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: DOT Office of the Secretary; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Federal Motor Carrier Safety Administration; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Federal Railroad Administration; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: General Accounting Office; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Inland Rivers, Ports and Waterways Association; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: National Transportation Safety Board; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: RSPA's Office of Hazardous Materials Safety; Type of involvement: To obtain information: [Empty]; Type of involvement: For discussion of task approach: Yes; Type of involvement: For discussion of interim results: Yes. Entity involved: RSPA's Office of Pipeline Safety; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Transportation Security Administration; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: US Army Corps of Engineers; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: United States Coast Guard; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Entity involved: Vanderbilt University; Type of involvement: To obtain information: Yes; Type of involvement: For discussion of task approach: [Empty]; Type of involvement: For discussion of interim results: [Empty]. Source: RSPA. Note: According to RSPA officials, this list includes significant stakeholders who had input in the TIA program as of March 12, 2003. [End of table] FOOTNOTES [1] Aviation and Transportation Security Act, Public Law 107-71, 115 Stat. 597, Nov. 19, 2001. [2] Homeland Security Act of 2002, Public Law 107-296, 116 Stat. 2135, Nov. 25, 2002. [3] In fiscal year 2000, OIS received funding for transportation infrastructure protection activities. In fiscal year 2001, funding in this area of research shifted from OIS to RSPA. [4] TSA's Threat Assessment and Risk Management Program was established in October 2002 to provide oversight and assistance regarding threat and vulnerability assessments conducted by TSA. The program also serves to coordinate with other federal agencies to ensure that complete assessments of the vulnerabilities facing the nation's transportation system are conducted. GAO's Mission: The General Accounting Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site ( www.gao.gov ) contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to www.gao.gov and select "Subscribe to daily E-mail alert for newly released products" under the GAO Reports heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. General Accounting Office 441 G Street NW, Room LM Washington, D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S. General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C. 20548: