>> up next on c span 3, a hearing on port security. after that, senator al franken

introduces legislation that taelts to prevent companies and government organizations from tracking a person's location on their smart phones wow their consent. later, a forum on cyber security from bloomberg government. discusses syria civil war. the look at the growing phenomenon of children illegally entering the u.s. without their parents. we'll talk to usa today reporter alan gomez. u.s. customs and transportation security administration officials testified about port security issues, including cargo

screening. the senate homeland security committee is chaired by senator tom carper of delaware. >> good morning, everyone. we're happy you to welcome you today and thank you for joining us. dr. coburn i've called this hearing, this is a hearing he has a whole lot of interest in, i have two, but it's a shared a shared interest. we want to take a look at the current state of port security, and these united states of america we want to find out if

we are headed in the right direction. i hope we can also focus on the work that needs to be done over the next few years to try to ensure that our port security efforts maintain the proper balance between security, safety, and trade facilitation. it's important because our focus as congress cannot solely be on security. but also on maintaining and enhancing our economic competitiveness. as we all know port security is no easy job. it involves maritime security provided by the united states coast guard, men and women patrol our coasts and our waterways. involves the physical security of port facilities like ferry terminal in lewis, delaware, or in energy refinery along the gulf of mexico, or delaware city, delaware, that is safeguarded by state and local authorities. it involves the causeway security provided by the u.s. customs and border protection which screens cargo to prevent dangerous goods from entering the united states while also facilitating the flow of trade

and transportation. the last part is a particularly important piece. and even as we build and maintain strong layers of port security we need to take care not to impede transportation or commerce. our ports and waterways are the life blood of our economy. i'm told that more than 95% of all u.s. trade is handled via sea ports, 95%. and these ports account for over 30% of u.s. gross domestic product, that's more than $5 trillion in trade each and every year. as the former governor of delaware and someone who is ultimately responsible for running a major port at the city of wilmington owned and ran that port for many years ran out of money and the state had some money and we took it over and when i was governor this is something i know a little bit about but care a whole lot about. the port of wilmington located along the delaware river in the northern part of my state is just south of philadelphia, number one sea port in north america for the importation of fresh fruit bananas, and juice, concentrate.

if you had a banana this morning for breakfast it probably came through the port of wilmington. our nickname is top banana. the top banana port. port of wilmington isn't just important for the state of delaware, it serves as a key economic engine in new castle county, it's also a key port for the entire united states. so protecting our ports, safeguarding our economic opportunity is responsibility that we take very seriously. as the government accountability office and other experts have noted, u.s. port security has come a long way. shortly after 9/11, the maritime transportation security act of 2002 became law and empowered the coast guard with new authorities to ensure commercial vessels and port facility meet minimum security standards. a few years later the safe port act of 2006 authorized key cargo and supply chains security programs enforced by u.s. customs and border protection. since that time cargo security programs have taken root.

not only that many of our international trading partners and international trade and security organizations have created similar security programs and emulating the department of homeland security's good work. but we shouldn't and we can't stop here. i want to use this hearing we want to use this hearing as an opportunity to explore how the threat to ports has evolved, and what the next steps for dhs should be. i also don't want to imply that there's no room for improvement, as i frequently say. everything i do i know i can do better. i think that's true for all of us. and i think that's true for the way we handle port security. in a recent letter to the congress, new secretary jay johnson i indicated we believe the 100% scanning mandate for inbound cargo shipping containers was impractical. not the best use of taxpayer resources. if that's the case, we must look for a better way to address security risks while preserving the necessary speed of moving containers through our ports. so i welcome the secretary's pledge to make good faith effort

to improve the department's capabilities. without getting in the way of legitimate flow of trade. i look forward to discussing this issue with some of our witnesses today. i also look forward to hearing how the department of homeland security plans to address emerging threats, how it can make programs more effective and efficient and how the agencies represented here today can work with international organizations and our foreign partners to raise the global standard for port security. as you can see from our lineup of witnesses, there's quite a lineup. port security is a key support. it's a perfect example of why bringing all these agencies together into the department of homeland security was the right thing to do. components present here today work seamlessly with one another to develop and implement the department's layered risk based strategy for port security. from the coast guard to customs and border protection, transportation security administration, federal emergency management administration, and dhs's office of policy, each of you play a

critical role and you've got to work to the. so do we. we're always happy to have you with us. you've done a whole lot of work in this area, we're grateful for that and be looking to you for further help. again thanks to everyone for coming. as dr. coburn knows we're going to start voting in a little bit. and we're going to do one of those deals that we perfected where voting starts, maybe he'll go vote the first time, and when he's voted he'll come back and i'll go vote and then we'll just swap back and forth. hopefully we'll be able to keep going and make it all work and be done in a punctual way. but it's important, we're happy that you here. let me just now turn to dr. coburn just to thank him for insisting that we have this hearing and make this a priority. >> thank you, mr. chairman. first of all, welcome to all of you. this is an interesting area for us to be talking about. sitting on the intelligence committee, our threats are

greater, not less, in terms of risk. and getting it right is important. one of the commitments i made to congresswoman janice hahn from l.a., she has the l.a. port, which is our busiest and biggest and probably greatest vulnerability in terms of port that we would have this hearing and do the oversight that's necessary to try to improve what we're doing. so, mr. chairman, i'd like unanimous consent to put her testimony in the record she -- the house is out this week, and we wouldn't have scheduled that this hearing at this time had we known that. but we did. and i'm happy that we're having the hearing so i'd ask unanimous consent to have her testimony included in the record. i'd also note that the house has passed the legislation that the senate hadn't even taken up or considered the gaps act, and what we need to do is address today to find out where our weaknesses are. what we need to improve and as

senator carper mentioned the 100% scanning obviously isn't viable, or may not be viable, but we need to have a better approach than 2% to 4% scanning that we're seeing today. we know that a successful attack on one of our ports would be devastating. rand corporation gave an example it could have a trillion dollar effect on our economy. that is a high possibility. we cannot stop every attack that's going to come to this country. but we can certainly make it much more difficult, and markedly decrease the likelihood. everybody knows the history. of how we came together after 9/11. we created port security grant program. we mandated 100% cargo screening. and 9/11 commission recommended that, as well. we also created the card which has had some significant difficulties, and is still not

implemented. so my goal for this hearing is to review all the initiatives that were initially set out, assess how well they're working. and whether or not they're working. and determine if our ports are as secure from the potential terrorist attack as we can make them feesbly and economically. i would say we spent $4.9 million on the port security program with no measures whether or not we improved our security. there's no records so we don't know. we've spent $2.1 billion on cpp cargo programs on a scanning mandate that we are told will never be met. there's $5 billion we spent we have no assessment of what we've gotten for that money. the program was intended to create an i.d. card for transportation workers to enter secure areas including ports

we'll talk about and some of my questions will relate to some of the problems associated with that. in general i think it's unclear and hopefully this hearing will help us, to know how much improvement we've actually made in securing our ports. so i number one want to thank each of you for being here, preparing the testimony which i've read, and being available and i apologize that we're going to have votes but we will be -- we'll keep this moving as fast as we can. we have four votes starting at 11:00 and with that mr. chairman, thank you, as well. mr. top banana. >> i've been called worse things. we'll make this work. we appreciate. let me briefly introduce our witnesses. colleen mclean deputy transportation secretary. also served as dhs assistant general council for enforcement she began here career with u.s.

customs service where she served i believe as deputy associate chief council is that right? rear admiral paul thomas joins us from the coast guard where he's assistant commandant for prevent -- prevention, policies specialist in marine safety security and environmental protection. graduate of the coast guard academy, and of the massachusetts institute of technology. where i'm proud to say that one of our boys attended. when i went to ohio state i could barely spell m.i.t. the idea of ever having a kid that goes there i could not imagine. congratulations on that. thanks for your service. i want to ask kevin to pronounce your last name for me, kevin. i just want to make sure sure i get it right. >> mcaleenan. >> with the emphasis on the leen? >> you put an "a" in front of the "c" it works better. >> there you go. and acting deputy commissioner at the u.s. customs and border

protection. served as acting assistant commissioner of the cdp office of field operations leading the agency's port security and trade facilitation operations. brian kamoi appointed as the assistant administrator for grant programs at fema in april of 2013. before that he served as senior director for preparedness policy on the white house national security staff, from 2009 to 2013. stephen sadler has been the assistant administrator for intelligence and analysis at the transportation security administration since october 2011. he's joined tsa in 2003 and held several leadership positions. prior to that he spent 25 years in the commercial maritime industry. and finally last but not least, steven caldwell, nice to see you. joins us from gao where he is the direct -- director of issues

issues on the homeland and security justice team. mr. caldwell has over 30 years of experience at gao and has worked on numerous reports on security and supply chain security. thank you all your entire statements will be made a part of the record and feel free to summarize as you go. try to stay within about what did we say five minutes? five minutes if you could, go way over that we'll have to rein you in. thank you for joining us. ellen why don't you go ahead. >> good morning, chairman carper, ranking member coburn. i am a career civil servant and testifying before congress for the first time. as this has long been on my career bucket list, i appreciate this opportunity along with my colleagues to testify on a matter of singular importance to the department. port security. since 2007 and the passage of the safe port act we now have several key strategic documents that shape and guide our efforts on port security. the national strategy on global supply chain security.

the global nuclear detection architecture. and the soon to be released 2014 dhs quadrennial homeland security review. dhs is focused on enhancing port security through prevention, protection, and resilience. pursuant to a risk based approach. while strengthening the global supply chain system, including the maritime transportation network, we are ever mindful that it is critical to do so by promoting the efficient and secure movement of legitimate goods. guided by the principles in these overarching documents, dhs's approach embraces five elements for a layered system of maritime port and cargo security. one, understanding the risk to better defend and protect against radiological and nuclear risks. two, obtaining advanced information and using advanced targeting techniques. three, increased collaboration with other federal agencies, foreign governments, and private stakeholders.

four, implementing strong, domestic security regimes. and five, promoting preparedness by sustaining grant programs. within this strategic context, dhs can point to several key developments in the past seven years. risk assessments to aid us in understanding the threat environment and prioritization of resources. significant progress with international and private partners to incorporate risk management principles, and leverage trusted trader programs. the assessment of more than 1500 foreign ports, 200 alone in 2013, under the international port security program. establishment of 360 comprehensive port security plans by port operators. and grant awards to achieve interoperable communications, installation of surveillance cameras, at port facilities, and funding for other similar fiscal

security equipment and projects. looking forward we face challenges of increased trade from the expansion of the panama canal, and increased activity in the arctic. with increasing trade, and shifting trade patterns, we must also confront aging infrastructure for a broad range of dhs assets. from coast guard cutters to x-ray and radiation and nuclear detection inspection systems. in forging the path for progress, dhs will concentrate on improving information collection targeting and des semination, expanding global capacity to secure the supply chain, and addressing risk across all modes of transportation. with a continued focus on enhancing the capabilities of our components, and our partners to address current and future challenges to securing our ports, dhs will continue to dedicate substantial attention and resources to implementing a layered risk management approach

to security across all transportation pathways in an efficient and cost effective way. and building essential partnerships at home and abroad. thank you again for the opportunity to testify about dhs's progress on enhancements to port security. i will be happy to entertain any questions. >> good. thanks and we're going to have some. so thank you. thanks for your testimony. admiral thomas, please proceed. >> thank you, chairman carper, dr. coburn, and thank you both for your continued support of our coast guard and the opportunity to discuss this really important topic with you this morning. the coast guard in coordination with the other department of homeland security components, interagency and the industry implements a layered maritime security system. our goal is simple, we want to detect, interdict and mitigate threats as far from our shores as possible. we accomplish this through the layered system that's depicted on the slide before you and displayed to the left -- to my left. as you can see on the slide, maritime security of u.s. ports

does not start and finish in the u.s. rather, the opposite is true. the security of our ports begins in foreign ports at foreign facilities and terminals. this is the first layer of our integrated system. the coast guard's international port security program conducts assessments of foreign ports, to ensure they meet international security standards, and to build the capacity of our trading partners.

other dhs components help ensure the safety of cargo and people before they depart foreign ports. this notice includes information about the vessel, the cargo, the crew and passengers, customs and border protection also requires advanced notice with information about the cargo, the shipper, the consolidator, the receiving information among other information. other federal agencies like the center for disease control may also require advanced notice under certain circumstances. all of this information is collected and shared at both the national and port level. it's screened and assessed so prior to arrival of any vessel, the coast guard report has a

consolidated of all risk associated with that ship. ferg related to safety, security, and the environment. crew members on a watch list, passengers exhibiting signs of illness, or damage to the ship that might compromise safety or the environment. the report is then able to coordinate a single interagency local, state, and federal risk mitigation plan for each ship that arrives. for the vast majority of these ships, local coordination is required. in some cases, the threat rises to the level that interagency coordination at the national level is required. and we activate the maritime operational threat response protocols. protocols. in some cases the risk will be mitigated by interdicting the ship in the offshore zone n other cases the ship enters the port but is subjected to oversight prior to passenger operations. these boardings are most often

led by the coast guard but may include personnel from other homeland security components or the agency who can bring special capabilities to bear on a given threat. in all cases, the vessel arrives at a port facility that complies with the requirements of maritime transportation safety act and the safe port act. these facilities by law have security staff trained to specific standards. they have an access control system that includes credentials for each employee. they have approved plans in place to prevent and respond to security incidents and they execute a declaration of security with the foreign ships when appropriate to ensure the security and communications protocol at that ship port interface are clear. beyond the individual port facilities, the port community as a whole is prepared and resilient. capable of port wide prevention, preparedness, response and recovery activities. due in large part to the combined impact through investment in our grant program, establishment of the area maritime security plans.

in summary, mr. chairman, we have used the authorities in the maritime transportation security act and the safe port act to implement a security system that begins in foreign ports, continues in the offshore area as a vessel transits to our waters and remains ever vigilant in our ports that have robust, interagency, local, state and federal coordination to mitigate threats, facilitate commerce and respond to all incidents. thank you. i look forward to your questions. >> you took one second too long. you're off your game today, huh? >> yes, sir. >> actually that's pretty good. that's very good. thanks for that testimony. kevin, you're up. please proceed. >> good morning, chairman carper, ranking member coburn. it's a privilege to appear before you again today. thanks to your continued support along with effective collaboration with federal, international and private sector partners, dhs and u.s. customs and border protection have made significant advancements in

maritime cargo security. cbp has secured security partnerships, enhanced targeting and risk assessment programs and invested in advance technology, all essential elements of the multi-laird approach to protecting the nation from the entry of dangerous or violative shipments while expediting legitimate and economically viable commerce. i'd like to highlight the progress of a few of these efforts for you today. in the first few years after 9/11, cbp created several key programs to enhance our ability to assess maritime cargo for risk, examine shipments at the earliest possible point and increase the security of the supply chain. the customs trade partnership against terrorism or ct-pat was established in 2001 in the wake of the 9/11 attacks. it provides facilitation benefits to members who adopt tighter security measures throughout their entire supply chain. it has grown from seven initial members to over 10,000 members today. the national targeting center also started in 2001 has developed world-leading

capabilities to assess cargo shipments, crew and travelers for risk before they are laden or board vessels destined for the united states. at the ntc, they utilize the automated targeting system, intelligence, commercial information and traveler data to identify and mitigate potential threats. dhs and cbp have strengthened detection capabilities at domestic sea ports. since 2001, cbp has acquired 1387 radiation portal monitors and increased its inspection systems from 64 to 314. these valuable systems help officers detect radiological materials, weapons and a list of substances. the support of congress, specifically through the safe port act, has been a key catalyst in advancing trade security and facilitation capabilities beyond these signature efforts. the act codified and made filings mandatory, building on the 24-hour rule. this program provides additional advanced insight into the supply

chain allowing us to identify potential risks earlier and more accurately. the act also codified the security initiative. cbp works with foreign authorities to identify and examine high-risk u.s.-bound maritime containers before they are laden on vessels. they prescreen 80% of all cargo imported into the united states. cbp will continue to build on our progress by exploring and expanding new rules, such as trusted trade or mutual agreements. we will confine our targeting to better identify high-risk cargo and work to increase the percentage of containers scanned abroad. we'll continue to help lead the effort in developing increasingly effective and sophisticated global standards for cargo security. by utilizing risk-based strategies and applying a multi-layered approach, we can focus our resources on the very small percentage of goods or services that are high risk. our use of advance information, technology and partnerships

improves goal supply chain integrity and reduces transaction costs for u.s. businesses. thank you for the opportunity to testify today. i'm happy to answer your questions. >> thank you for that testimony. brian. welcome. >> thank you, chairman carper, ranking member coburn. i appreciate the opportunity to be with you and to join my colleagues from the department to talk about the port security grant program which we believe is a critical part of the department's efforts to enhance the security and resilience of our nation's ports. senator coburn, as you mentioned, we invested $2.9 billion since 2002. while i agree with you that we certainly can continue to improve our measurement of both the effectiveness of those investments and our administrative management of the programs, we have clear evidence

of the value of these investments across the program's priorities, which include maritime domain awareness. we've invested in over 600 portwide projects that include portwide coordination and collaboration, interoperable communications, surveillance systems that assist in domain awareness. we've invested $161 million just in interoperable communications. we've also invested in improvised explosive device capabilities and chemical, biological, radiological and nuclear capabilities. cyber security capabilities, as that threat continues to evolve. planning at the port level, training and exercises and of course the implementation of the transportation worker identification card program. and so in addition to these programatic achievements and, for example, just in vessels that patrol our waterways, we've invested in over 500 vessels.

in new york city, for example, the port of new york used over 30 vessels the day hurricane sandy made landfall and rescued over 1,000 people. so we know these dollars are making a difference. and these investments also facilitate increased partnerships, not just at the federal level with my colleagues here, but at the state and local level and with port owners and operators. we've seen in a variety of instances, you can assure congresswoman hahn that we continue to make investments in the port of los angeles for information sharing and collaboration and, chairman carper, in the port of wilmington, the investments there not just in interoperable communications but in information sharing between the port and the fusion center in delaware that has allowed the building of relationships with state and local law enforcement

and the port. i thought i'd also tell you where we are in the fiscal year '14 grant cycle. $100 million was appropriated for the program this year. applications came in on may 23rd. the field reviews, as the admiral mentioned, we work very closely with the coast guard. we have a two-tiered review process. captains of the port work with the port area and the local and state government through area maritime security committees to prioritize projects. those applications are under that field review right now and will be referred for a national panel review here at the headquarters level later this month and then we expect to announce awards by the end of july. and so i'll close by saying that we look forward to the continuing dialogue about how we can continue to make these investments in the most effective and efficient way possible.

we think they have made a real difference and i look forward to answering any questions you may have. >> good, thanks. nice job. steve, please proceed. thank you, welcome. >> good morning, chairman carper, ranking member coburn, distinguished members of the committee. thank you for the opportunity to testify about the twic program. it provides a industry wide biometric credential to eligible workers requiring unescorted access to port facilities and vessels under the maritime security act of 2002. tsa administers the program jointly with the united states coast guard, tsa is responsible for enrollment, security threat assessments and technical systems. the coast guard is responsible for enforcement of card use. since the program was launched in 2007 in wilmington, delaware, we've conducted security threat assessments and issued cards to 2.9 million workers, including longshoremen, truckers and rail

and vessel crews. and merchant mariners. the twic program is the first and largest federal program to issue a biometric credential. working closely with industry and our dhs partners, the program has evolved over the years to address concerns over the applicability of federal smart card best practices to a working maritime environment, such as the requirement for two trips to an enrollment center for card enrollment and activation. tsa reformed the program by launching one visit in june of 2003 in alaska and michigan. this provides workers the option to receive their twic through the mail rather than requiring in-person pickup and activation. last month tsa moved from the pilot phase of the program to a phased implementation for all applicants. we have added call center capacity for applicants checking on their enrollment status. we've enabled web-based ordering for replacement cards. we've increased quality assurance at our enrollment centers.

we've opened multi-program enrollment centers across the country to allow individuals to apply for the twic, that has the hazardous material endorsement and tsa precheck. we will expand a number of enrollment centers to over 300 this year, adding to the convenience of workers. tsa continues to evolve and modernize their credentialing programs through these initiatives, strong collaboration at the department, partnership with industry and the support of this committee. thank you for the opportunity to testify today and i look forward to answering your questions. >> thank you, mr. sadler. and now stephen caldwell, please proceed. >> thank you for asking us to testify on port security. we've issued almost 100 reports on port security since 9/11. our most recent comprehensive report on port security was issued in the fall of 2012 to note the ten-year anniversary of the maritime transportation security act. let's start with planning. there is a national strategy for maritime security issued in

2005. we reviewed that strategy and its eight supporting plans and found much of the criteria that gao has laid out for a good national strategy. we also looked at some of the more detailed functional strategies and in some cases we have found those to be wanting, but at the port level we found that some of the plans specific to the ports have included the safe port act's requirement that they also cover recovery issues. again, going back to some of the functional plans, we found some deficiencies in those. for example, dhs after putting out the small vessel security strategy and laying out an implementation plan for that has not been tracking the progress of the components and actually meeting that, which leaves some opportunities, lack of disseminating any potential lessons learned or even being able to track their overall progress on that strategy. in terms of maritime domain awareness, there have been a number of improvements.

the coast guard through its common operating picture program has allowed additional data sources into the use of the users, allowed blue force tracking, which is the ability to track our own vessels, and also increased access across the coast guard to other users. however, many of the original systems used to increase maritime domain awareness have fallen short of the capabilities that were originally planned for those and mainly these are due to some of the acquisition problems that our reports have noted, such as not developing complete requirements at the beginning, not updating costs or schedule base lines and not monitoring their initial performance. regarding the security of our domestic ports, dhs components, especially the coast guard, have gone quite a ways in terms of implementing the maritime transportation security act. key provisions of that act call for security planning at the port facility and vessel level and it also calls for the coast

guard to then inspect those facilities to make sure that those security activities are indeed in place. gao has audited those programs. we found progress and most of our recommendations in those areas have been implemented, but some areas remain problematic. as noted, we have concerns about the port security grant program and the extent that they are monitoring the effectiveness of the actual projects. going back to 2005, gao found that the program lacked an adequate risk assessment process and lacked a mean to measure the effectiveness of the projects in the grants. more recent work did find that the grants are based on risk and it goes back to the process that was started to be described at both the port and national level. after more than a decade after the program's start there's really no performance measures in place to determine whether the program at the port or facility level has improved port security.

and it even lacks project level visibility to know whether the projects were indeed implemented as described. regarding the global supply chain security, there's also been a lot of progress, especially by cbp. we've reviewed these programs and noted their management and operations have matured over time. we concur with cbp that implementing 100% scanning as defined in the safe port act and 9/11 act is extremely challenging. however, we are less convinced that existing risk-based program does not have room for improvement. a recent report has found cbp has not been timely in terms of measuring the effectiveness of its targeting system or evaluating supply chain risks in foreign ports. including csi ports. we did see the may 5th letter from the secretary to you, mr. chairman, and note that both of those issues are discussed as potential improvements. in closing, gao will continue to

review port security programs for congress, this committee and others. for example, we have ongoing work on port cyber security as well as the disposition of high-risk containers. that concludes my remarks and i'm happy to answer any questions. thank you. >> thanks so much for that testimony. senator ayotte, nice to see you. why don't you lead us off. >> thank you, mr. chairman, appreciate it. i just wanted to get a follow-up, administrator sadler and certainly mr. caldwell about the twic program. so you testified about the one visit pilot and now it's going to a nationwide mailing system. so how do you assess it's going and are you able to do this without concerns about fraud? so just can you give us a quick update. you know, obviously i appreciate the steps you've taken on this but just in terms of substance. then i would like to hear from mr. caldwell about how effective you think overall the twic

program is in helping protect port security and what other -- gao has been quite critical in past reports about what we need to do to improve this program and its effectiveness. so that's really the issue i was hoping to get a little more insight on. >> we started the pilot for twic 1 visit last year in 2012-2013 in alaska and michigan. as we transitioned to our new technical system, we started the implementation nationwide, so we started implementing the one visit in may of this year, may 12th. so we planned to have a phased schedule to implement it across the nation and we should have it done by this summer. so we think it's going fairly well. we do mail the cards out. i believe we've got about 3,000 cards for twic 1 visit that have been mailed out of about 5,000

enrollments. what we do is send the card out separately and then we send the pin in a different letter. so we try to send them out in two different letters. >> so you haven't seen fraud yet on that program? >> on the mailing itself? >> yeah. >> not yet, senator, but we're still in the early stages. of the implementation. >> thank you. and mr. caldwell, i know we're sort of in the middle of a vote so i just wanted to get a quick thought on one of the things i think we've worried on overall about the twic program, is it making us more secure. are we improving this system so that we can have some reliability with it? >> well, two things. i'll talk about twic 1 and that's trade opportunity, security and convenience. definitely it's more convenient but you're losing one of your steps of internal controls of identifying the person's identity by having them come in. i think congress pretty much directed and took to going that direction.

>> they did. >> so it is what it is. >> but it's also good to follow up and make sure that we didn't -- that the choice we made there, that i was obviously a supporter of, that we made sure we're following up on it as well. >> yes. i do think it's a good idea to follow up on that to see if there is fraud and whether that happens. >> what i'm worried about overall is are we really doing anything with twic? i'm not trying to be funny about this. i get the goal of it, it makes sense, but we obviously -- the concern has been how are we enhancing port security overall? >> we have those concerns as well. we've had concerns with the program pretty much from day one in a lot of ways it was implemented. for example, the reader pilot that was done recently, we thought the valuation of that was done quite poorly and left out a lot of things that would be able to evaluate really what were the problems coming up. was it the card itself, was it the reader, was it the person

that was manning the security gate when they did their test at the reader pilot. they did not include the kind of detailed data you'd need to know to get that. obviously you know there's some concerns in terms of the shooting down in norfolk. >> yes, that was raised in the commerce committee. >> and the navy now is not accepting twic, at least by itself, as a card accepting to get on that base so obviously they have some concerns with it. there's been an assertion that twic has improved security and we've seen that in the latest report to congress but we haven't seen strong evidence supporting it. >> so you want better metrics. and you want -- >> gao always wants better metrics, but yes. i suspect we'll be asked to look at it again. >> are we doing better? that's a good question, are we doing better? >> well, compared to nothing, having a pass that is used in multiple places with the background check is useful. you can have felons and things

have things waived so they still have those cards, but you don't have people getting the cards that have either espionage against the u.s. or terrorism crimes. those kinds of things. that's a pretty high bar, but in one other way to look at it -- >> yes, that would be important. >> twic was put in as part of mtsa, which really the bar for mtsa is will they prevent a major transportation security incident and that's where this kind of a judgment call about whether someone getting and committing a crime, committing murder, would that rise to the level of a transportation security incident. not likely. >> if there's anything else you want to add, i know we've got to run to vote. >> just quickly. the first thing i want to say for twic 1 visit you have to go in and confirm your identity -- >> the first time, absolutely. >> you've got to do that. the other thing i'd say is that this is the first time that the maritime population has been defined.

prior to twic, there was no definition as far as i know and i spent 20 years going in and out of ports, so i'm not sure who knew nationally -- >> who was going in and out of the ports. >> we now know that example. >> we now have a population of 3 million people. i vetted people before twic with information that was submitted by ports. we vetted 900,000 people. we did that prior to the implementation of twic as a mitigation strategy. now we're up to 3 million people. the first thing is define the population, we recurrently vet them every single day. we have one common standard, put the biometric aside, one common standard, one common credential, one common background check n some places you had to buy a multiple credential within the same state so if you went to one port, you had to buy a credential and you went to another port, you had to buy another credential. and i can't tell you what the background check was. so we think there is improvement in security just by virtue of

the fact of those things that i just mentioned. >> thank you. thank you, mr. chairman. >> i'm going to slip out, run and vote and then come back and so dr. coburn can go back and forth. i want to telegraph my pitch, when i come back, i'll be interested in asking so you can be thinking about them are how do we measure success. i want to see if there's consensus on how we measure success. and if there's some consensus around common metrics, then how are we doing. what are we doing especially well, what are we not doing so well. and finally i always like to ask what can we do to help, all right? dr. coburn, thank you, all. >> thank you. have fun voting. let's keep talking about twic for a minute. we hit -- i'd just like your assessment on somebody with a twic card that gets into a port and shoots people. how's that happen? no system is perfect and i'm not laying blame. i'm just saying how did we miss that?

>> at the time that individual was vetted, senator, the standard for manslaughter included all manslaughter, voluntary and involuntary. so when the individual came through, the crime had been committed in 2005. the conviction occurred in 2008. i believe he served about 800 days on his conviction. so he served about two and a half years. he was released from incarceration in 2011. we encountered him in december of 2013. and based on the standards that we were using at the time, that voluntary manslaughter charge was not a disqualifier. so he got his card in january of 2014. as far as him using the card at the base, i would defer to d.o.d., but one point i have to make is the twic in and of itself does not give you access to a port.

you have to have the twic and you have to have a business need. so we've gone back, we're scrubbing all the cases we had for disqualifications that involve involuntary manslaughter and voluntary manslaughter and we've changed our policy now that if you come in with a voluntary manslaughter charge, that's an interim disqualifier. interim meaning that you are still eligible to appeal, you're still eligible to request a waiver, you're still eligible to request an administrative law judge review and you're eligible to go to court if you don't agree with the finding that we make. >> right. that's the kind of answer i was wanting. talk to me about twic readers. >> i'll defer to my colleague in the coast guard, but to senator carper's point about what we can do to increase security and how we can be more successful, that's one way to be more successful is by implementing the twic readers because we have a biometric credential. we believe that it works.

right now it's being used as a visual identification card. but it needs to be used as a biometric credential and on a risk-based basis as well. so we believe that it's critically important to install readers in ports. >> admiral? >> thank you, doctor. i really appreciate the opportunity to answer that question because as the agency responsible for implementing security at our port facilities and as a previous captain at port myself, i think it's important to recognize that twic and the twic reader are part of a greater access control system for a facility which has its own security system, which is in itself part of a greater system to secure our ports than the entire chain that i discussed. so when you're going to put an access control system in a facility, you're going to include fences, gates, guards, lights, cameras, a credential of some sort and in some cases a biometric reader for that credential so it's just a matter of layering the security.

as the chairman noted in his opening comments, if this was security at all costs, we'd have readers everywhere. because we are trying to balance, as we should, the risk with the benefit and facilitate commerce, we've done an exhaustive analysis, which i'm happy to explain to you, that has ensured that the readers go at the highest-risk facilities. and i think that the coast guard's proposed rule puts those readers where the cost benefit is currently the best. i think as we expand the use of twic and twic-like credentials beyond the maritime domain, because that's the only place we have transportation credentials, reader costs will come down, card costs will come down and the cost benefit will change in a way that it just makes sense to put readers at more facilities. will come don and the cost benefit may change in a way it makes sense to put readers at more facilities. >> do you have a proposed first round will be completed date and an assessment made?

zsh of twic readers? we are currently working on the rule we put out a notice proposed rule making. we received about 2600 comment. we are working through the comments. we are going to make some adjustments to the rules and go through the process and hopefully sometime next year. there is a two-year implementation date. >> we're 2 1/2 years from the present plan of the coast guard? >> two and a half years where readers will be required at certain port facilities. >> thank you. let me go back for a minute. miss mclean, one of your statements in your opening statement was spending money in a co effecti a cost effective way. if you have metrics on the effectiveness of grant money

spent, how do you know it's effective? >> senator, i think that the -- i appreciate the question. i think it's a little outside my lane. i would prefer to take the question back and get you an answer working with my colleague from fema on where we are in developing met tricks -- metrics or answering that particular question. i'm not saying that. i'm just saying. anybody can answer this. we have a port system where we tier risks, and the vast majority of money have gone tier one ports. and under the system you're utilizing today without any recognition of the money that is already spent, we continue to spend the same money on the same risk. there's no risk reduction

recognized in your tiering. if you don't have metrics, associated with the money being spent, the port security program, grant program when do we stop spending money at tier one ports. in other words, how much is enough? and how do we know when we've got the best cost-benefit analysis. the most cost effective program in based on the risk and mitigation and the other goal that we have. how do we know that? if we don't have a metric-based system? in other words, here is why we're spending the $2.9 million. here is what we're hoping to get. here is how we're going to measure if we've got it. there's all sorts of -- i won't in the hearing, i will privately, give you the list of money that you spent on stuff that a common-sense person would say it doesn't have anything to do with port security. we have two ports in oklahoma,

and we have two 27-foot boats on the river, and in terms of the risk associated with those ports, those are low priority compared to what the higher priority things are on the port. those two ports. so my question is, if we don't have metrics to measure. when we look at this in total. i think we have done a wonderful job in laying it out. how do we know? how do we know when to quit spending money that gives us a diminishing return on the port security grant program? >> senator, i'm happy to field that question. improved measurement is absolutely an area where we see a lot of opportunity. >> let me interrupt you. what is your measurement now? >> in fy 13, we -- for the first time, instituted measures related to sustainment of

existing capabilities versus building new ones. we took the gao and mr. caldwell's reports and recommendations quite seriously and are looking closely at what ports are doing with the funding. we -- for the first time in the fy 14 application cycle are requesting project level data going in. you are probably aware of the history of the program, and the flexibility that had been given at the local level against area of maritime security plans. there remains a lot of flexibility, but we are increasing the oversight to request project level data upfront so we can start to get that information to form even more effective measures of outcomes. on the grants management side, senator, we certainly have measures now, and even over fy

12 measures of our monitoring. mr. caldwell mentioned the level of monitoring. 100% the port security grants undergo some level of monitoring. we have a tiered monitoring system where our program staff on our routine basis look at every award, look at the history of the grantee, the history of the outcomes achieved, their financial measures from draw down, rate of expenditure, rate of obligation. that, then, is reviewed. we do prioritize based on the risk we see in their management of the grants all the way up to desk reviews where we request a lot of information from grantees and site visits. what i would tell you, senator, i look forward to continue working with you and continue to get the data we need to form more effective measures. i agree with you that everybody

can point to the examples, and they really are some stunning camp -- camexamples of how usef and effective it is. we will continue to refine our measures to get that data. >> yeah. as i noted, i think it's improved. i think we still, you know, my underlying concern somebody is going to be sitting up here ten years from now and the amount of money spent on the type of program isn't going to be there. so how we spend the money today is really important. because there's going to come a time, i mean, you know, i'll repeat for you. social security, disability runs out of money at the end of next year. medicare runs out of money in '26. social security runs out of money in '32. by 2030, the entire budget will be consumed to medicare, medicaid, social security, and

the interest on the federal debt. my question, based on the future, and if we spend money really well now, we won't spend -- we won't need to be spending money in the future. that's the basis of the question. it's not a criticism. it's just that we need the best cost-benefit value for every dollar you send out in a port security grant. >> we agree with you, and we are working with our partners on the vulnerable index, which is one of the things you mentioned. how do we understand what risk we have bought down, and we'll continue to look at that to make sure we're spending the money as effectively as possible. >> thank you. admiral, one of my concerns, and i can't go into detail, but let me give you a hypothetical. you give me the answer. let say somebody leaves one of our certified ports overseas, and arrives here.

in between there and now, something was added to that cargo. do we have the capability to know that? >> well, doctor, i'm not exactly sure. it if they leave a foreign port. >> one of our certified ports. meeting all the requirements that you all have. and someplace between when they left and when they arrive at the port of los angeles somebody has added a package. if that occurred -- >> so -- >> not in the port. just in transit. >> in transit. the only way -- a couple of things would need happen. probably the entire crew would have to be complacent with the individual securing it. it's difficult to access particularly a container in transit without a significant amount of effort, and that would require probably more than one

person. >> let's don't worry about the details of that. let's say it happens. >> if it happens the only way we would know, really, it's a better question for my colleague from customs and border protection would be because the container has been opened and we would be able to determine that. maybe you can -- >> sure. senator, we have two elements i think would be germane here. one the import security filing giving us the stow plan for the vessel. we know where each container is on the vessel. whether it's assessable during a voyage or not. we see drug smauggler attempt t break the custom seal, put a load inside the door of the container and lock it up. it's only doable around the deck area. we know which containers could be accessed and we do routine

seal checks s upon arrival. there are different steps in our -- >> somebody counterfeit your seal? can somebody counterfeit your seal? >> they can try to, yes. we have detected dozens of attempts to do that pretty effectively. >> so they not have been able to do that as of yet? >> i won't say, senator -- >> that you're aware of. >> successful counterfeit attempts. we train our personnel to detect what our seals are supposed to look like. whether they've been tampered with. there's a number of sequences and other kind of safe guards in this process. >> i'll just -- this is a long time ago, but i'll share an experience with you. i bought a company in puerto rico, put it into four containers, all the equipment. everything that was there. all four container arrived at one of my plants here. all the seals were there. when we opened the containers, everything of significant value that could have been marketed was gone.

but the seals were still there. so the fact is, and that was way before 9/11. that was in the '70s. but the fact is, that people will try to do it. so my question is, is -- i guess my question is really this, do we have the capability to track ships from the time they leave a port until the time arrive here and know whether or not they've been boarded or accessed between this embarkment and the embark here? >> that's the question that i probably can't answer. >> got you. all right. thank you. >> senator, did you want me to

touch upon the metrics issue? >> yes please. >> i think at the strategic level. a more detailed functional plan, we have not seen metrics laid out early as to what the end state is and how we're going to measure that. but we have seen problems particularly at the program level, most often, those are easier to look for and find. i think we have found an improvement of the metrics of how the programs are run. one of the first things we do when we look at the program, do you know how the program is being run and have those metric. a lot of times we'll find weaknesses in the internal controls. i think those are improved across the board. when i see some of the programs that have matured. a lot is better management of the program. where we have not seen large improvements is in the area of actually measuring results of the program and what they're trying to achieve. i would also agree with you the importance of cost-benefit analysis. a lot of times we'll get a

discussion from the agency that could be expensive and we don't have enough money to do it. in the end if you spend $3 billion on grants. it's an outstanding record for nine years they come up with performance measures on the port security grant. so maybe a couple of extra millions to do the analysis. in the hindsight it might be money well spent. one example of cost-benefit analysis that was done rigorously involves the advanced portals d.n.d.o. put in. the first ones they put in was light -- it was not very rigorous in terms of the testing. we pointed that out. when they did the rigorous testing, and then they looked at how much they would cost marginally compared to the additional they get. they cancelled the program after spending $280 million. eventually they were planning to

spend, like, $3 billion. it was the case where whatever the testing or analysis cost, i think in the end, lead to a good result. >> okay. let me ask mr. kamoie. you all plans to reinsert the f fiduciary agents to -- >> we do not, senator. >> why is that? >> when the fiduciary agent model was used, it was at time when the appropriations levels for the program were much

higher. after realms of stimulus funding, the agent model was absolutely necessary to assist the agency in distributing and monitoring the funds. over time, however, as the appropriations level has gone down, and our internal capability with staffing has increased to manage the program, the fiduciary agent model has become less necessary. and in terms of monitoring performance, there was a varying level of performance by fiduciary agents and monitoring. given our increased staffing, our increased capabilities, we think it's more appropriate that we monitor an oversight and grant funding and how it's spent. the other thing i'll say is that the allowability of management

and administrative costs from the grant program to fiduciary agents of 3 to 5%, would result, for example, just this year in 3 to $5 million in overhead costs that we think are better invested. >> do you have the flexibility to use some of the grant money for grant management? >> senator, i'll have to check the language and get back with you. >> would it help you. in other words, rather than spending 3 to $5 million. if we spend it on managing grants, especially cost effectiveness of grants. and looking at that, i'm pleased with the progress that is being made. i don't think we're there yet. i would love know what we need to do to help you to be able to get to the point. my model for grants, at the federal government is a vision of library and museum sciences. if you get a grant from them, you can guarantee they're going check on you. they're going do a metric,

they're going to know whether you followed your plan and the grant. if you're not, they pull it. you don't ever get another one again. so everybody has a different expectations. the fact that some grant money is going to things that aren't really for security. you know, if you had the reputation, i guarantee everybody would be put down the way you put down. even though you have flexibility. >> absolutely i'll take a look at that. we're willing to learn lessons. >> it's the best-run grant program in the federal government. >> i appreciate that. the other thing is the spend down. we're still, in terms of, we granted but we still a lot ways to go. where are we on that? is it because these are long-term programs? that's getting better as well. early on in the program when ports were doing larger capital project infrastructure building

with multiphase complicated projects, it took a long time to spend down a lot of projects have been completed. we've taken a number of steps to assist grantees in the spend down. one, we remind them quarterly. we're in touch. we've shotened the period of grants to two years. but your question was where are we? in august of '12, for -- and we follow up in writing with these numbers, but for the program years, '08 to '11, 80% of the available funds were not yet drawn down. a year later, for fy 8-12. of course every year one goes off the books. we move the needle down to 44% of funds not being drawn down, and we did a check at the end of april. right now we're at 39.3%. not yet drawn down from '08 to

'13. >> i'll have to recess. senator carper will be back in a moment. >> thank you, senator. let see if we can see if there's any consensus on the metrics that we're using. how do we measure success. let start with you, miss mclean.

what are the metrics we are using and ought to be using. how are we doing? >> mr. chairman -- i think there is several -- there are several indicators that evidence and success in securing the ports. i would note in the last seven years, our relationships are programs internationally, those global partnerships, the capacity building, the agreements, everything that is necessary to supply the whole global supply chain. i think there's been suggest advancements in that area. i also think that our improvements in the advanced data and targeting area make us more secure. coast guards, port assessments 1500 ports. we think there are a lot of indicators that there's a global recognition of the need to tackle this issue on a broader

basis. >> all right. >> same question to admiral paul. >> thank you, mr. chairman. i was in port in galveston, texas for 2001 and the three years we followed, we scrambled to figure out what it meant to secure our ports. from my perspective, it's clear we've achieved a lot. i think one the first things we did, mr. caldwell mentioned the strategies. we recognized in order to build a secure port we had to build regime locally, nationally, and internationally. we had to build awareness so we could figure out what was going on and pick anomalies. we need the capability to respond to the anomalies. if you look at the three building blocks and compare them to where they were in september 11, 2001. it's clear there are progresses. there are clear metrics with each of those. with regard to the regimes, thank you to the congress for

the maritime transportation security act and the safe port act. it was the impetus for the national regime as well as regimes that have now been implemented as far down as individual port authorities. i'm not just talking about regimes required by the law. i'm talking about they understand a security is part of the business product. i think in that regard there's clear measures. we're intangible from hear to sea. i can tell you there was no awareness or recognition that security really was parking lot of t -- part of the product in the port. we got the message across with safety and environment. they get it as part of the business as well. i think there's a metric there. certainly with regard to awareness and capability. we have built the capabilities federally, locally, internationally. all of which, i think, are clear evidence that we've been effective in terms of enhancing it. i'm with you. i think we need to do more. i'm concerned about emerging

threats like cyber. we need to develop some metrics there. >> we'll come back and finish. how are we doing, what are we doing, what metrics are we using, how do we demonstrate to what we're doing better. i want to come back and say what is on the to-do list, first. >> mr. chairman, i'll touch on five areas. broadly, our ability to identify and mitigate risk is the metric we seek to measure ourselves on. first, on the data front, as was alluded to. we're getting advanced information on cargo shipments. manifest information, entry information, and import security filing. in terms of targeting and assessing that risk, category two, we're analyzing it with the automated targeting system, we think it's a sophisticated cape thablt is constantly approved and currently working on responding to the ideas on identifying the effectiveness of those targets with more

granularity. three, examining the earliest possible point in the cycle. currently 85% of the shipments we identify as high risk are examined before they leave for the u.s. our examination in the 58 ports are accepted 99 percent of the time. we think those are very solid metrics. 100% of the containers identified as potentially high risk are examined before they are let into the u.s. stream of commerce. 85% prior of leading and the rest of the 15% before allowed to enter the u.s. on arrival. securing the supply chain, category four. over 50% of all cargo containers are part of the partnership with our 10,750 partners. we've increased the security supply chain through the partnership. we're recognizing other country systems including the european union and six other agreements to ensure broader visibility

globally as ellen alluded to, the international partnership. and five, our efforts to address the highest consequence threats. we're scanning 99.8% of all arriving containerized cargo. >> say that again. >> 99.8%. so just about everything in arriving in sea port is skeined through a radiation port monitor. the other part of this coin, sir, the facilitation piece you have referenced. vast majority of cargo arriving in the u.s. is released before it touches the dock. our ct partners are getting fewer examples because they secure the supply chain. we establish mobile technology for agricultural to clear shipments on the dock instead of waiting hours and having the bananas sit. the u.s. chamber of commerce and 71 others wrote to the secretary this week in an open letter saying the regime is working well and that the facilitation

piece in particular, we've achieved through the layered risk approach. those are the risks we look and happy to elaborate on any specifics. >> mr. chairman, i think while you were out we agreed in the port security grant programs we have measures and made progress. we agree question continue to make progress. on the program attic side of the effectiveness measures, we look very carefully at the six priorities of the grant program. enhancing maritime marine awareness, explosive device detection, chemical explosive pretext, response, and recovery capabilities, enhancing cybersecurity capabilities, maritime security risk, mitigation prompts, planning, training exercises, and the transportation worker identification credential implementation. right now we have a measure we're looking at building new capabilities across