welcome the secretary's pledge to make good faith effort to improve the department's capabilities. without getting in the way of legitimate flow of trade. i look forward to discussing this issue with some of our witnesses today. i also look forward to hearing how the department of homeland security plans to address emerging threats, how it can make programs more effective and efficient and how the agencies represented here today can work with international organizations and our foreign partners to raise the global standard for port security. as you can see from our lineup of witnesses, there's quite a lineup. port security is a key support. it's a perfect example of why bringing all these agencies together into the department of homeland security was the right thing to do. components present here today work seamlessly with one another to develop and implement the department's layered risk based strategy for port security. from the coast guard to customs and border protection, transportation security administration federal emergency management administration, and dhs's office

of policy each of you play a critical role and you've got to work to the. so do we. we're always happy to have you with us. you've done a whole lot of work in this area, we're grateful for that and be looking to you for further help. again thanks to everyone for coming. as dr. coburn knows we're going to start voting in a little bit. and we're going to do one of those deals that we perfected where voting starts, maybe he'll go vote the first time, and when he's voted he'll come back and i'll go vote and then we'll just swap back and forth. hopefully we'll be able to keep going and make it all work and be done in a punctual way. but it's important we're happy that you here. let me just now turn to dr. coburn just to thank him for insisting that we have this hearing and make this a priority. >> thank you, mr. chairman. first of all welcome to all of you. this is an interesting area for us to be talking about. sitting on the intelligence committee, our threats are greater, not less, in terms of risk. and getting it right is important.

one of the commitments i made to congresswoman janice hahn from l.a., she has the l.a. port, which is our busiest and biggest and probably greatest vulnerability in terms of port that we would have this hearing and do the oversight that's necessary to try to improve what we're doing. so, mr. chairman i'd like unanimous consent to put her testimony in the record she -- the house is out this week, and we wouldn't have scheduled that this hearing at this time had we known that. but we did. and i'm happy that we're having the hearing so i'd ask unanimous consent to have her testimony included in the record. i'd also note that the house has passed the legislation that the senate hadn't even taken up or considered the gaps act, and what we need to do is address today to find out where our weaknesses are. what we need to improve and as senator carper mentioned the 100% scanning obviously isn't

viable, or may not be viable, but we need to have a better approach than 2% to 4% scanning that we're seeing today. we know that a successful attack on one of our ports would be devastating. rand corporation gave an example it could have a trillion dollar effect on our economy. that is a high possibility. we cannot stop every attack that's going to come to this country. but we can certainly make it much more difficult and markedly decrease the likelihood. everybody knows the history. of how we came together after 9/11. we created port security grant program. we mandated 100% cargo screening. and 9/11 commission recommended that, as well. we also created the card which has had some significant

difficulties, and is still not implemented. so my goal for this hearing is to review all the initiatives that were initially set out assess how well they're working. and whether or not they're working. and determine if our ports are as secure from the potential terrorist attack as we can make them feesbly and economically. i would say we spent $4.9 million on the port security program with no measures whether or not we improved our security. there's no records so we don't know. we've spent $2.1 billion on cpp cargo programs on a scanning mandate that we are told will never be met. there's $5 billion we spent we have no assessment of what we've gotten for that money. the program was intended to create an i.d. card for

transportation workers to enter secure areas including ports we'll talk about and some of my questions will relate to some of the problems associated with that. in general i think it's unclear and hopefully this hearing will help us, to know how much improvement we've actually made in securing our ports. so i number one want to thank each of you for being here, preparing the testimony which i've read, and being available and i apologize that we're going to have votes but we will be -- we'll keep this moving as fast as we can. we have four votes starting at 11:00 and with that mr. chairman, thank you, as well. mr. top banana. >> i've been called worse things. we'll make this work. we appreciate. let me briefly introduce our witnesses. colleen mclean deputy transportation secretary. also served as dhs assistant general council for enforcement

she began here career with u.s. customs service where she served i believe as deputy associate chief council is that right? rear admiral paul thomas joins us from the coast guard where he's assistant commandant for policies specialist in marine safety security and environmental protection. graduate of the coast guard academy, and of the massachusetts institute of technology. where i'm proud to say that one of our boys attended. when i went to ohio state i could barely spell m.i.t. the idea of ever having a kid that goes there i could not imagine. congratulations on that. thanks for your service. i want to ask kevin to pronounce your last name for me, kevin. >> mcaleenan. >> with the emphasis on the leen? >> you put an "a" in front of the "c" it works better. >> there you go. and acting deputy commissioner

at the u.s. customs and border protection. served as acting assistant commissioner of the cdp office of fuel operations leading the agency's port security and trade facilitation operations. brian kamoi appointed as the assistant administrator for grant programs at fema in april of 2013. before that he served as senior director for preparedness policy on the white house national security staff, from 2009 to 2013. stephen sadler has been the assistant administrator for intelligence and analysis at the transportation security administration since october 2011. he's joined tsa in 2003 and held several leadership positions. breyer to that he spent 25 years in the commercial maritime industry. and finally last but not least, steven caldwell nice to see you. joins us from gao where he is the direct -- director of issues

issues on the homeland and security justice team. mr. caldwell has over 30 years of experience at gao and has worked on numerous reports on security and supply chain security. thank you all your entire statements will be made a part of the record and feel free to summarize as you go. try to stay within about what did we say five minutes? five minutes if you could, go way over that we'll have to rein you in. thank you for joining us. ellen why don't you go ahead. >> good morning, chairman carper, ranking member coburn. i am a career civil servant and testifying before congress for the first time. as this has long been on my career bucket list i appreciate this opportunity along with my colleagues to testify on a matter of singular importance to the department. port security. since 2007 and the passage of the safe port act we now have several key strategic documents that shape and guide our efforts on port security. the national strategy on global supply chain security.

the global nuclear detection architecture. and the soon to be released 2014 dhs quadrennial homeland security review. dhs is focused on enhancing port security through prevention, protection, and resilience. pursuant to a risk based approach. while strengthening the global supply chain system, including the maritime transportation network, we are ever mindful that it is critical to do so by promoting the efficient and secure movement of legitimate goods. guided by the principles in these overarching documents, dhs's approach embraces five elements for a layered system of maritime port and cargo security. one, understanding the risk to better defend and protect against radiological and nuclear risks. two, obtaining advanced information and using advanced targeting techniques. three, increased collaboration with other federal agencies foreign governments, and private

stakeholders. four implementing strong, domestic security regimes. and five promoting proposedness by sustaining grant programs. within this strategic context dhs can point to several key developments in the past seven years. risk assessments to aid us in understanding the threat environment and prioritization of resources. significant progress with international and private partners to incorporate risk management principles, and leverage trusted trader programs. the assessment of more than 1500 foreign ports 200 alone in 2013 under the international port security program. establishment of 360 comprehensive port security plans by port operators. and grant awards to achieve interoperable communications installation of surveillance cameras, at port facilities and funding for other similar fiscal

security equipment and projects. looking forward we face challenges of increased trade from the expansion of the panama canal, and increased activity in the arctic. with increasing trade, and shifting trade patterns we must also confront aging infrastructure for a broad range of dhs assets. from coast guard cutters to x-ray and radiation and nuclear detection inspection systems. in forging the path for progress, dhs will concentrate on improving information collection targeting and des semination expanding global capacity to secure the supply chain, and addressing risk across all modes of transportation. with a continued focus on enhancing the capabilities of our components, and our partners to address current and future challenges to securing our ports, dhs will continue to dedicate substantial attention and resources to implementing a layered risk management approach

to security across all transportation pathways in an efficient and cost effective way. and building essential partnerships at home and abroad. thank you again for the opportunity to testify about dhs's progress on enhancements to port security. i will be happy to entertain any questions. >> good. thanks and we're going to have some. so thank you. thanks for your testimony. admiral thomas, please proceed. >> thank you chairman carper, dr. coburn, and thank you both for your continued support of our coast guard and the opportunity to discuss this really important topic with you this morning. the coast guard in coordination with the other department of homeland security components interagency and the industry implements a layered maritime security system. our goal is simple we want to deteblgt interdict and mitigate threats as far from our shores as possible. we accomplish this through the layered system that's depicted on the slide before you and displayed to the left -- to my left. as you can see on the slide,

maritime security of u.s. ports does not start and finish in the u.s. rather, the opposite is true. the security of our ports begins in foreign ports at foreign facilities and terminals. this is the first layer of our integrated system. the coast guard's international port security program conducts assessments of foreign ports, to ensure ensure they meet international security standards and to build the capacity of our trading partners. so just as you cannot enter u.s. airspace unless the flight originated from an airport that meets minimum security standards, you cannot enter u.s. sea ports unless that voyage originated from a foreign port that meets the security standards as certified by the coast guard. additionally coast guard led foreign port threat assessments bring together information from law enforcement and intelligence communities to assess the level of governance, crime terrorist activities and other factors which may help us determine which threats emanate from those ports. finally, overseas activities by our colleagues from the customs,

border protection and other dhs components help ensure the safety and security of cargo an people before they depart foreign ports. if you look at the next several laser on the slide, the international waters, the u.s. exclusive economic zone and u.s. territorial seas our regulations require that each ship en route to a u.s. port provide the coast guard at least 96 hours' advance notice of arrival. this notice includes information about the vessel the cargo, the crew and passengers. customs and border protection also requires advance notice with information about the cargo, the shipper, the consolidator, the receiving agent among other information. other federal agencies like centers for disease control may also require advance notice of arrival under certain circumstances. all of this information is collected and shared at both a national and port level. it's screened and assessed so that prior to arrival of any vessel the coast guard captain at port has a consolidated

comprehensive assessment of all risks associated with that ship. when i say all risks, i mean all risks, everything related to safety, security and the environment. as diverse as invasive species and water or cargo, crew members on a watch list, passengers exhibiting signs of illness or damage to the ship that might compromise safety or the environment. the captain of port is able to coordinate a single interagency local, state and federal risk mitigation plan for each ship that arrives. for the vast majority of these ships, local coordination is required to plan necessary control, inspection or enforcement actions. in some cases the threat rises to the level that interagency coordination seat the national level is required and we activate the maritime threat protocols. in some cases the risk will be mitigated by interdicting the ship in the offshore zone n other cases the ship enters the port but is subjected to oversight prior to passenger

operations. these boardings are most often led by the coast guard but may include personnel from other homeland security components or the agency who can bring special capabilities to bear on a given threat. in all cases the vessel arrives at a port facility that complies with the requirements of maritime transportation safety act and the safe port act. these facilities by law have security staff trained to specific standards. they have an access control system that includes credentials for each employee. they have approved plans in place to prevent and respond to security incidents and they execute a declaration of security with the foreign ships when appropriate to ensure the security and communications protocol at that ship port interface are clear. beyond the individual port facilities, the port community as a whole is prepared and resilient. capable of port wide prevention preparedness, response activities. due in large part to the combined impact through investment in our grant program,

establishment of the area maritime security plans. in summary, mr. chairman, we have used the authorities in the maritime transportation security act and the safe port act to implement a security system that begins in foreign ports, continues in the offshore area as a vessel trits to our waters and remains ever vigilant in our ports that have robust, interagency, local, state and federal coordination to mitigate threats, facilitate commerce and respond to all incidents. thank you. i look forward to your questions. >> you took one second too long. you're off your game today, huh? >> yes, sir. >> actually that's pretty good. that's very good. thanks for that testimony. kevin, you're up. please proceed. >> good morning chairman carper, ranking member coburn. it's a privilege to appear before you again today. thanks to your continued support along with effective collaboration with federal, international and private sector partners, dhs and u.s. customs and border protection have made

significant advancements in maritime cargo security. cup has secured security partnerships enhanced targeting and risk assessment programs and invested in advance technology all essential elements of the multi-laird approach to protecting the nation from the entry of dangerous or vie lafb shipments while expediting legitimate and economically viable commerce. i'd like to highlight the progress of a few of these efforts for you today. in the first few years after 9/11, cup created several key programs to enhance our ability to assess maritime cargo for risk, examine shipments at the earliest possible point and increase the security of the supply chain. the customs trade partnership against terrorism or ct-pat was established in 2001 in the wake of the 9/11 attacks. it provides facilitation benefits to members who adopt tighter security measures throughout their entire supply chain. it has grown from seven initial members to over 10,000 members today. the national targeting center also started in 2001 has

developed world-leading capabilities to assess cargo shipments, crew and travelers for risk before they are laden or board vessels destined for the united states. at the ntc, they utilize the targeting system intelligence commercial information and traveler data to identify and mitigate potential threats. dhs and cvp have strengthened detection capabilities at domestic sea ports. since 2001, cup has acquired 1387 radiation portal monitors and increased its inspection systems from 64 to 314. these valuable systems help officers detect radiological materials, weapons and a list of substances. the support of congress specifically through the safe port act, has been a key catalyst in advancing trade security and facilitation capabilities beyond these signature efforts. the act codified and made filings mandatory, building on the 24-hour rule. this program provides additional

advanced insight into the supply chain allowing us to identify potential risks earlier and more accurately. the act also cod nied the security nifb afternoon. cup works with foreign authorities to identify and examine high-risk u.s.-bound maritime containers before they are laden on vessels. they prescreen 80% of all cargo imported into the united states. cvp will continue to build on our progress by exploring and expanding new rules, such as trusted trade or mutual agreements. we will confine our targeting to better identify high-risk cargo and work to increase the percentage of containers scanned abroad. we'll continue to help lead the effort in developing increasingly effective and sophisticated global standards for cargo security. by utilizing risk-based strategies and applying a multi-layered approach, we can focus our resources on the very small percentage of goods or seshsz that are high risk.

our use of advance information technology and partnerships improves goal supply chain integrity and reduces transaction costs for u.s. businesses. thank you for the opportunity to testify today. i'm happy to answer your questions. >> thank you for that testimony. brian. welcome. >> thank you, chairman carper, ranking member coburn. i appreciate the opportunity to be with you and to join my colleagues from the department to talk about the port security grant program which we believe is a critical part of the department's efforts to enhance the security and resilience of our nation's ports. senator coburn as you mentioned, we invested $2.9 billion since 2002. while i agree with you that we certainly can continue to improve our measurement of both the effectiveness of those investments and our administrative management of the programs we have clear evidence of the value of these investments across the program's priorities, which include maritime domain awareness.

we've invested in over 600 portwide projects that include portwide coordination and collaboration, interoperable communications, surveillance systems that assist in domain awareness. we've invested $161 million just in interoperable communications. we've also invested in improvised explosive device capabilities and chemical, biological radiological and nuclear capabilities. cyber security capabilities, as that threat continues to evolve. planning at the port level training and exercises and of course the implementation of the transportation worker identification card program. and so in addition to these programatic achievements and, for example, just in vessels that patrol our waterways, we've invested in over 500 vessels.

in new york city, for example the port of new york used over 30 vessels the day hurricane sandy made landfall and rescued over 1,000 people. so we know these dollars are making a difference. and these investments also facilitate increased partnerships, not just at the federal level with my colleagues here, but at the state and local level and with port owners and operators. we've seen in a variety of instances, you can assure congresswoman hahn that we continue to make investments in the port of los angeles for information sharing and collaboration and, chairman carper, in the port of wilmington, the investments there not just in interoperable communications but in information sharing between the port and the fusion center in delaware that has allowed the building of relationships with

state and local law enforcement and the port. i thought i'd also tell you where we are in the fiscal year '14 grant cycle. $100 million was appropriated for the program this year. applications came in on may 23rd. the field reviews as the admiral mentioned, we work very closely with the coast guard. we have a two-tiered review process. captains of the port work with the port area and the local and state government through area maritime security committees to prioritize projects. those applications are under that field review right now and will be referred for a national panel review here at the headquarters level later this month and then we expect to announce awards by the end of july. and so i'll close by saying that we look forward to the continuing dialogue about how we can continue to make these

investments in the most effective and efficient way possible. we think they have made a real difference and i look forward to answering any questions you may have. >> good, thanks. nice job. steve, please proceed. thank you, welcome. >> good morning, chairman carper ranking member coburn, distinguished members of the committee. thank you for the opportunity to testify about the twic program. it provides a industry wide biometric credential to eligible workers requiring unescorted access to port facilities and vessels under the maritime security act of 2002. tsa administers the program jointly with the united states coast guard, tsa is responsible for enrollment, security threat assessments and technical systems. the coast guard is responsible for enforcement of card use. since the program was launched in 2007 in wilmington, delaware, we've conducted security threat assessments and issued cards to

2.9 million workers, including longshoremen truckers and rail and vessel crews. the twic program is the first and largest federal program to issue a biometric credential. working closely with industry and our dhs partners, the program has evolved over the years to address concerns over the applicability of federal smart card best practices to a working maritime environment such as the requirement for two trips to an enrollment center for card enrollment and activation. tsa reformed the program by launching one visit in june of 2003 in alaska and michigan. this provides workers the option to receive their twic through the mail rather than requiring in-person pickup and activation. last month tsa moved from the pilot phase of the program to a phased implementation for all applicants. we have added call center capacity for applicants checking on their enrollment status. we've enabled web-based ordering for replacement cards. we've increased quality

assurance at our enrollment centers. we've opened multi-program enrollment centers across the country to allow individuals to apply for the twic, that has this material endorsement and tsa precheck. we will expand a number of enrollment centers to over 300 this year adding to the convenience of workers. tsa continues to evolve and modernize their credentialing programs through these initiatives, strong collaboration at the department, partnership with industry and the support of this committee. thank you for the opportunity to testify today and i look forward to answering your questions. >> thank you, mr. sadler. and now steven caldwell please proceed. >> thank you for asking us to testify on port security. we've issued almost 100 reports on port security since 9/11. our most recent comprehensive report on port security was issued in the fall of 2012 to note the ten-year anniversary of the maritime transportation security act. let's start with planning. there is a national strategy for

maritime security issued in 2005. we reviewed that strategy and its eight supporting plans and found much of the criteria that jao has laid out for a good national strat jeechlt we also looked at some of the more detailed functional strategies and in some cases we have found those to be wanting but at the port level we found that some of the plans specific to the ports have included the safe port act's requirement that they also cover recovery issues. again, going back to some of the functional plans we found some deficiencies in those. for example, dhs after putting out the small vessel security strategy and laying out an implementation plan for that has not been tracking the progress of the components and actually meeting that, which leaves some opportunities, lack of disseminating any potential lessons learned or even being able to track their overall progress on that strategy. in terms of maritime domain awareness, there have been a

number of improvements. the coast guard through its common operating picture program has allowed additional data sources into the use of the users, allowed blue force tracking, which is the ability to track our own vessels and also increased access across the coast guard to other users. however, many of the original systems used to increase maritime domain awareness have fallen short of the capabilities that were originally planned for those and mainly these are due to some of the acquisition problems that our reports have noted, such as not developing complete requirements at the beginning, not updating costs or schedule base lines and not monitoring their initial performance. regarding the security of our domestic ports dhs components, especially the coast guard, have gone quite a ways in terms of implementing the maritime transportation security act. key provisions of that act call for security planning at the port facility and vessel level and it also calls for the coast

guard to then inspect those facilities to make sure that those security activities are indeed in place. jao has audited those programs. we found progress and most of our recommendations in those areas have been implemented, but some areas remain problematic. as noted, we have concerns about the port security grant program and the extent that they are monitoring the effectiveness of the actual projects. going back to 2005, gao found that the program lacked an adequate risk assessment process and lacked a mean to measure the effectiveness of the projects in the grants. more recent work did find that the grants are based on risk and it goes back to the process that was started to be described at both the port and national level. after more than a decade after the program's start there's really no performance measures in place to determine whether the program at the port or facility level has improved port

security. and it even lacks project level visibility to know whether the projects were indeed implemented as described. regarding the global supply chain security, there's also been a lot of progress, especially by cvp. we've reviewed these programs and noted their management and operations have matured over time. we con cure with cbp that implementing 100% scanning as defined in the safe port act and 9/11 act is extremely challenging. however, we are less convinced that existing risk-based program does not have room for improvement. a recent report has found cbp has not been timely in terms of measuring the effectiveness of its targeting system or evaluating supply chain risks in foreign ports. we did see the may 5th letter from the secretary to you, mr. chairman, and note that both of those issues are discussed as potential improvements. in closing, gao will continue to

review port security programs for congress, this committee and others. for example, we have ongoing work on port cyber security as well as the disposition of high-risk containers. that concludes my remarks and i'm happy to answer any questions. thank you. >> thanks so much for that testimony. senator, nice to see you. why don't you lead us off. >> thank you mr. chairman appreciate it. i just wanted to get a follow-up, administrator sadler and certainly mr. caldwell about the twic program. so you testified about the one visit pilot and now it's going to a nationwide mailing system. so how do you assess it's going and are you able to do this without concerns about fraud? so just can you give us a quick update. you know obviously i appreciate the steps you've taken on this but just in terms of substance. then i would like to hear from mr. caldwell about how effective

you think overall the twic program is in helping protect port security and what other -- gao has been quite critical in past reports about what we need to do to improve this program and its effectiveness. so that's really the issue i was hoping to get a little more insight on. >> we started the pilot for twic 1 visit last year in 2012-2013 in alaska and michigan. as we transitioned to our new technical system we started the implementation nationwide so we started implementing the one visit in may of this year, may 12th. so we planned to have a phased schedule to implement it across the nation and we should have it done by this summer. so we think it's going fairly well. we do mail the cards out. i believe we've got about 3,000 cards for twic 1 visit that have been mailed out of about 5,000

enrollments. what we do is send the card out separately and then we send the pin in a different letter. so we try to send them out in two different letters. >> so you haven't seen fraud yet on that program? >> on the mailing itself? >> yeah. >> not yet senator but we're still in the early stages. implementation. >> thank you. and mr. caldwell i know we're sort of in the middle of a vote so i just wanted to get a quick thought on one of the things i think we've worried on overall about the twic program, is it making us more secure. are we improving this system so that we can have some reliability with it? >> well, two things. i'll talk about twic 1 and that's trade opportunity security and convenience. definitely it's more convenient but you're losing one of your steps of internal controls of identifying the person's identity by having them come in. i think congress pretty much

directed and took to going that direction. >> they did. >> so it is what it is. >> but it's also good to follow up and make sure that we didn't -- that the choice we made there, that i was obviously a supporter of that we made sure we're following up on it as well. >> yes. i do think it's a good idea to follow up on that to see if there is fraud and whether that happens. >> what i'm worried about overall is are we really doing anything with twic? i get the goal of it it makes sense, but we obviously -- the concern has been how are we enhancing port security overall? >> we have those concerns as well. we've had concerns with the program pretty much from day one in a lot of ways it was implemented. for example, the reader pilot that was done recently, we thought the valuation of that was done quite poorly and left out a lot of things that would be tiebl evaluate really what were the problems coming up. was it the card itself was it the reader, was it the person

that was manning the security gate when they did their test at the reader pilot. they did not include the kind of detailed data you'd need to know to get that. obviously you know there's some concerns in terms of the shooting down in norfolk. >> yes that was raised in the commerce committee. >> and the navy now is not accepting twic at least by itself, as a card accepting to get on that base so obviously they have some concerns with it. there's been an assertion that twic has improved security and we've seen that in the latest report to congress but we haven't seen strong evidence supporting it. >> so you want better metrics. >> gao always wants better metrics, but yes. i suspect we'll be asked to look at it again. >> are we doing better? that's a good question, are we doing better? >> well, compared to nothing, having a pass that is used in multiple places with the background check is useful.

you can have felons and things have things waived so they still have those cards but you don't have people getting the cards that have either espionage against the u.s. or terrorism crimes. that's a pretty high bar, but in one other way to look at it -- >> yes, that would be important. >> twic was put in as part of mitsa, which really the bar for mitsa is will they prevent a major transportation security incident and that's where this kind of a judgment call about whether someone getting and committing a crime, committing murder, would that rise to the level of a transportation security incident. not likely. >> if there's anything else you want to add, i know we've got to run to vote. >> just quickly. the first thing i want to say for twic 1 visit you have to confirm your identity -- >> the first time, absolutely. >> you've got to do that. the other thing i'd say is that this is the first time that the maritime population has been defined. prior to twic, there was no

definition as far as i know and i spent 20 years going in and out of ports, so i'm not sure who knew fanlnationally -- >> we now know that example. >> we now have a population of 3 million people. i vetted people before twic with information that was submitted by ports. we vetdted 900,000 people. we did that prior to the implementation of twic as a mitigation strategy. now we're up to 3 million people. the first thing is define the population, we recurrently vet them every single day. we have one common standard, put the biometric aside one common standard, one common credential one common background check n some places you had to buy a multiple credential within the same state so if you went to one port, you had to buy a credential and you went to another port you had to buy another credential. so we think there is improvement

in security just by virtue of the fact of those things that i just mentioned. >> thank you. thank you, mr. chairman. >> i'm going to slip out run and vote and then come back and so dr. coburn can go back and forth. when i come back, i'll be interested in asking so you can be thinking about them are how do we measure success. i want to see if there's consensus on how we measure success. and if there's some consensus around common metrics, then how are we doing. what are we doing especially well what are we not doing so well. and finally i always like to ask what can we do to help, all right? dr. coburn, thank you, all. >> thank you. have fun voting. let's keep talking about twic for a minute. we hit -- i'd just like your assessment on somebody with a twic card that gets into a port and shoots people. how's that happen? no system is perfect and i'm not laying blame.

i'm just saying how did we miss that? >> at the time that individual was vetted senator the standard for manslaughter included all manslaughter, voluntary and involuntary. so when the individual came through, the crime had been committed in 2005. the conviction occurred in 2008. i believe he served about 800 days on his conviction. so he served about two and a half years. he was released from incarceration in 2011. we encountered him in december of 2013. and based on the standards that we were using at the time, that voluntary manslaughter charge was not a disqualifier. so he got his card in january of 2014. as far as him using the card at the base i would defer to d.o.d. but one point i have to make is the twic in and of itself does not give you access

to a port. you have to have the twic and you have to have a business need. so we've gone back, we're scrubbing all the cases we had for disqualifications that involve involuntary manslaughter and voluntary manslaughter and we've changed our policy now that if you come in with a voluntary manslaughter charge, that's an interim disqualifier. interim meaning that you are still eligible to appeal, you're still eligible to request a waiver, you're still eligible to request an administrative law judge review and you're eligible to go to court if you don't agree with the finding that we make. >> right. that's the kind of answer i was wanting. talk to me about twic readers. >> i'll defer to my colleague in the coast guard but to senator carper's point about what we can do to increase security and how we can be more successful, that's one way to be more successful is by implementing the twic readers because we have a biometric credential. we believe that it works.

right now it's being used as a visual identification card. but it needs to be used as a biometric credential and on a risk-based basis as well. so we believe that it's critically important to install readers in ports. >> admiral? >> thank you, doctor. i really appreciate the opportunity to answer that question because as the agency responsible for implementing security at our port facilities and as a previous captain at port myself i think it's important to recognize that twic and the twic reader are part of a greater access control system for a facility which has its own security system, which is in itself part of a greater system to secure our ports than the entire chain that i discussed. so when you're going to put an access control system in a facility, you're going to include fences, gates guards lights, cameras a credential of some sort and in some cases a biometric reader for that

credential so it's just a matter of layering the security. as the chairman noted in his opening comments, if this was security at all costs we'd have readers everywhere. because we are trying to balance, as we should the risk with the benefit and facilitate commerce, we've done an exhaustive analysis which i'm happy to explain to you that has ensured that the readers go at the highest-risk facilities. and i think that the coast guard's proposed rule puts those readers where the cost benefit is currently the best. i think as we expand the use of twic and twic-like credentials beyond the maritime domain, because that's the only place we have transportation credentials reader costs will come down, card costs will come down and the cost benefit will change in a way that it just makes sense to put readers at more facilities. >> do you have a proposed date where your first round will be completed and then an assessment

made of twic readers? >> we are currently working on -- we put out a notice of proposed rule making and received about 2600 comments so we're currently working through those comments and will make some adjustments to the rules. it will go through the process and hopefully be published next year and a two-year implementation date before the readers have to be in place. >> so we're two and a half years away from the completion of what the present plans of the coast guard are? >> we're two and a half years or so away from the date that i anticipate readers will be required at certain port facilities. >> okay, thank you. let me go back for a minute. ms. mcclain, one of your statements in your opening statement was spending money in a cost effective way. if y'all don't have metrics on the effectiveness of grant money that's spent, how do you know

it's cost effective? >> senator i think that -- i appreciate the question. i think it's a little outside my lane. i'd prefer to take that question back and get you an answer working with my colleague from fema on where we are in developing metrics or answering that particular question. >> well let me -- i don't think anybody will dispute that we've done some good with the money we've spent, okay. i'm not saying that. i'm just saying -- and anybody can answer this that wants and i'd love for gao to comment on it as well. we have a port system where we tier risks and the vast majority of money has gone to tier one ports. and under the system you're utilizing today, without any recognition of the money that's already been spent, we continue to spend the same money on the same risks because there's no risk reduction recognized in

your tiering. so if you don't have metrics associated with the money that's being spent in the port security program, grant program when do we stop spending money at tier one ports? in other words how much is enough? and how do we know when we've got the best cost benefit analysis, the most cost effective program in, based on the risks and mitigation and the other goal that we have, how do we know that if we don't have a metric-based system? in other words here's why we're spending this $2.9 billion. here's what we're hoping to get and here's how we're going to measure whether we've got it. because there's all sorts of -- i won't in this hearing, i will privately give you all the list of money that you spent on stuff that a common sense person says that doesn't have anything to do with port security. i can think of -- we have two ports in oklahoma the port of

muskogee and port of pestuga. in terms of the risks associated with those ports those are low priority things to me. so my question is, if we don't have metrics to measure and when we look at this in total, and i think you all have done a wonderful job in terms of laying this out, but how do we know? how do we know when to quit spending money that gives us a diminishing return on the port security grant program? >> senator, i'm happy to field that question. improved measurement is absolutely an area where we see a lot of opportunity. >> let me interrupt you there. >> please. >> what's your measurement now? >> in fy-13 we for the first time instituted measures related to sustainment of existing

capabilities versus building new ones. we took the gao and mr. caldwell's reports and recommendations quite seriously and are looking very closely on what ports are doing with the funding. we for the first time in the fy-14 application cycle are requesting project level data going in. you probably are aware of the history of the program and the flexibility that had been given at the local level against area maritime security plans. there remains a lot of flexibility, but we are increasing the oversight to request project level data up front so that we can start to get that information to form even more effective measures of outcomes. on the grants management side, senator, we certainly have measures now and even over

fy-12, measures of our monitoring. mr. caldwell mentioned the level of monitoring. 100% of our port security grants now undergo some level of monitoring. we have a tiered monitoring system where our program staff on a routine basis look at every award, look at the history of the grantee, the history of the outcomes achieved, their financial measures from drawdown, rate of expenditure, rate of deobligation and that then is reviewed and we do prioritize based on the risks we see and their management of the grants all the way up to desk reviews where we request a lot of additional information from grantees and then site visits. so what i would tell you, senator, is i look forward to continuing to work with you, to continue to get the data we need to form more effective measures. i agree with you that everybody

can point to the examples and there are really some stunning examples of how useful and effective this funding has been, but i think you'd also agree with me the plural of anecdote is not data. we will continue to refine our measures to get that data. >> as i noted, i think it's improved, but i think we still -- you know my underlying concern, somebody is going to be sitting up here ten years from now and the amount of money to spend on this kind of program isn't going to be there. so how we spend the money today is really important because there's going to come a time. you know i'll repeat for you social security disability runs out of money at the end of next year. medicare runs out of money in '26. social security runs out of money in '32. by 2030 the entire budget will be consumed in medicare, medicaid, social security and

interest on the federal debt. so my questions are all based on the future. and if we spend money really well now, we won't spend money -- we won't need to be spending money in the future. so that's the basis of the question. it's not a criticism, it's just we need the best cost benefit value for every dollar that you send out in a port security grant. >> we agree with you and we are working with our partners on the vulnerability index, which is one of the things you mentioned how do we understand what risk we have bought down and we'll continue to look at that to make sure we're spending the money as effectively as possible. >> thank you. admiral, one of my concerns and i can't go into detail but let me give you a hypothetical and you give me the answer. let's say somebody leaves one of our certified ports overseas and

arrives here, but in between there and now something was added to that cargo. do we have the capability to know that? >> well, doctor i'm not exactly sure if they leave a foreign port -- >> they leave a foreign port that's one of our certified ports, one of our allies, meeting all the requirements that you all have. and someplace between when they left and when they arrive at the port of los angeles somebody has added a package. >> so if that occurred at another foreign port -- >> no not in the port. >> just in transit. >> in transit. >> the only way that we would be able to determine -- a couple of things would have to happen. probably the entire crew would have to be complacent with this individual that's carrying this out, because it's difficult to access particularly a container in transit without a significant amount of effort and that would require probably more than one

person. >> let's don't worry about the details of that. let's say it happens. >> if it happens, the way -- the only way we would know and really this is a better question for my colleague from customs and border protection, would be because the container has been opened and we would be able to determine that. maybe you can -- >> sure. senator, we have two elements that i think would be germane here. one, the import security filing gives us the stow plan for the vessel so we know where each container is on a vessel. whether that's going to be accessible during a voyage or not. we do see drug smugglers attempt to use what we call rip loads where they break the customs seal, put a load just inside the doors of the container and lock it back up. that's really only doable on a vessel in transit around the deck area so we know which containers could be accessed and then we do routine seal checks upon arrival to see whether or not those containers have been tampered with and whether those

doors have been opened. so there are different steps in our layered process -- >> can somebody counterfeit your seal? >> they can try to yes. and we've detected you know, dozens of attempts to do that you know pretty effectively. >> so they have not been able to do that as of yet? >> i won't say senator -- >> that you're aware of. >> we do train our personnel to detect what our seals are supposed to look like whether they have been tampered with and there's number sequences and other kind of safeguards in this process. >> this is a long time ago but i'll just share an experience with you. i bought a company in puerto rico, put it into four containers, all the equipment, everything that was there. all four containers arrived at one of my plants here. all the seals were there. and when we opened the containers, everything of significant value that could have been marketed was gone but

the seals were still there. so the fact is -- and that's way before 9/11. that was in the '70s. but the fact is, is people will try and do it. so my question is, i guess my question is really this. do we have the capability to track ships from the time they leave a port till the time they arrive here and know whether or not they have been boarded or accessed between disembarkment and embarkment here? >> that's a question i probably can't answer in this venue sir. >> got you. thank you. >> senator, did you want me to touch upon the metrics issue?

>> yes please. >> so i think we've seen a weak innocence metrics, at kind of a strategic level. whether it's the national strategy or the more detailed functional plans, we have not seen metrics laid out early as to what we're actually -- what the end state is and how we're going to measure that but we have problems particularly at the program level most often because those are easier to look for and find. i think we have found an improvement of the metrics of how the programs are run, and so one of the first things we do when we look at a program is do you know how the program is being run and have those metrics. a lot of times we'll find weaknesses in those internal controls and i think those have improved across the board. so when i say some of these programs have matured a lot of it is better management of the program. where we have not seen large improvements is in the area of measuring results of the program and what they're trying to achieve. i would also agree with you the importance of cost benefit analysis a lot of times will get a discussion from the agency,

well, that could be expensive and we don't have enough money to do it. in the end if you end up spending $3 billion on grants that's an outstanding record we've had for nine years that they come up with performance measures on the port security grants so maybe a couple of extra million dollars to do those analysis to develop those grants in hindsight looks like money well spent. maybe one example of cost benefit analysis that was done rigorously involves the advanced spec electroscopic portals drchlts d.o.d. put in. it was not very rigorous in terms of the testing and we pointed that out. then we looked at how much those would cost marginally compared to the additional capability they were going to get, they cancelled the whole program. they cancelled it after spending

$280 million but they were planning to spend $3 billion so that was the case that whatever the testing or analysis cost, i think in the end led to a good result. >> okay. let me ask, mr. kamoie, do you all have plans to reinsert fiduciary agents to the spg? >> we do not, senator. >> and why is that? >> when the fiduciary mallsodel was used, it was at a time when the appropriation levels for the program were much higher.

i think it was in '07 and after rounds of stimulus funding the agent model was absolutely necessary to assist the agency in distributing and monitoring the funds. over time however, as the appropriations level has gone down and our internal capability with staffing has increased to manage the program the fiduciary agent model has become less necessary. and in terms of monitoring performance, there was a varying level of performance by fiduciary agents in monitoring and so given our increased staffing, our increased capabilities, we think it's more appropriate that we monitor and oversight of the grant funding and how it's spent. the other thing i'll say is that the allowability of management and administration costs from the grant program to fiduciary

agents of 3% to 5% would result for example, just this year in $3 million to $5 million in overhead costs that we think are better invested in actual port security projects. >> do you have the flexibility under the appropriation rules to use some of that grant money for grant management? >> senator, i'll have to check the language and get back with you on that. >> but would that help you? in other words rather than spending $3 million to $5 million on a fiduciary, if we spent an extra $1 million to $2 million on managing grants, especially cost effectiveness of grants and looking at that -- i'm pleased with the progress that's being made i just don't think we're there yet, so i'd love to know what we need to do to help you to get to the point where -- you know my model for grants at the federal government is the division of library and museum sciences. if you get a grant from them you can guarantee that they're going to check on you they're going to do a metric they're

going to know whether you followed your plan in the grant. and if you're not, they pull the grant and you don't ever get another one again. so everybody has a different expectation. and so the fact that some grant money is going to thangzings that aren't really for security, if you had that reputation i guarantee you everything would be put down the way you want it put down, even though you have flexibility. >> i absolutely will take a look at that. we're willing to learn lessons from wherever we can. >> they're the best run grant program. >> appreciate that. >> the other thing is the spin out. you know, we're still in terms of we've granted but we've still got a long ways to go on spend down. where are we on that? >> sir that's getting better as well. early on the program when ports were doing larger capital project infrastructure building with multi-phase complicated

projects, it took a long time to spend down. a lot of those projects have been completed and we've taken a number of steps to assist grantees in the spenddown. one, we remind them quarterly. we are in touch asking them to draw down. two, we shortened the performance to two years. but your question is where are we. in august of '12 for -- and we can follow up in writing with these numbers but for the program years '08 to '11 80% of the available funds were not yet drawn down. a year later for fy-08 to 12 every year one goes off the books, but we moved the needle down to 44% of funds not being drawn down. and we did a check at the end of april and right now we're at 39.3% not yet drawn down from '08 to '13.

>> i'm going to have to recess this and go vote. senator carper will be back in a moment. >> thank you, senator. i'm glad you waited. okay. let's see -- let's just see if we can see if there's any consensus on the metrics that we're using. how do we measure success. let's start with you, ms. mcclain.

what are the metrics that we are using or ought to be using and using that metric or metrics, how are we doing? well or maybe not so well? >> mr. chairman i think there are several indicators that evidence success and progress in securing the ports. i would note that in the last seven years our relationships, our programs internationally, those global partnerships the capacity building the agreements everything that's necessary to supply the whole global supply chain, i think there's been significant advancements in that area. i also think that our improvements in the advanced data and targeting area make us more secure. the coast guard's port assessments, 1500 ports i think there are a lot of indicators that there's a global recognition of the need to tackle this issue on a broader

basis. >> same question, admiral paul? admiral paul thomas. >> thank you, mr. chairman. you know, i was in port in galveston, texas, in 2001 and for the three years that followed as we scrambled to figure out what it meant to secure our ports, so from my perspective, it's clear that we've achieved a lot. but i think one of the first things we did, and mr. caldwell mentioned the strategies that were out there. we recognized that in order to build a secure port, we first had to build regimes. we had to do it locally, nationally and internationally. then we had to build awareness so we could figure out what was going on and be able to pick out anomalies. then we needed the capability to respond to those anomalies. if you look at those three building blocks and compare to where we were on september 11th 2001 to where we are today it's clear there's been progress and there are clear metrics within each of those. with regard to regime, certainly the -- thank you to the congress

for the maritime transportation security act and the safe port act but that was the impetus for the international regime which is the international ship and port security code as well as regimes that have been implemented as far down as individual port authorities. and i'm not talking about regimes that are just required by the law, i'm talking about they understand that security is now part of their business product. so i think in that regard there's clear measures. really an intangible probably from here but as a captain in port, you can tell you there was no awareness or recognition that security really was part of the product in the port. we had gotten the message across with regard to safety and environment but now they get it, it's part of their business as well. so i think there's a metric there. certainly with regard to awareness and capability we've built the capabilities federally, locally, internationally, all of which i think are clear evidence that we've been effective in terms of enhancement. i'm with you i think we need to do more. i think we can never rest on our

laurels. i'm concerned about emerging threats like cyber. >> we'll come back and finish. first, how are we doing and what are we doing -- what metrics are we using? but i want to come back and say what's on the to do list for us. okay. kevin. >> mr. chairman, i'm touch on five areas. broadly our ability to identify and mitigate risk is the metric we seek to measure ourselves on. first on the data front, we're getting advance information on all cargo shipments for the u.s. manifest information entry information and import security filing which is another 12 data elements that are critical. in terms of targeting and assessing that risk, category two, we're analyzing all of it with our automated targeting system which is a very sophisticated capability that is constantly improved and we're working on responding to the gao's ideas on identifying the effectiveness of those targets with more granularity.

three, examining at the earliest possible point in the cycle. currently 85% of shipments that we identify as potentially high risk are examined before they are laden onto vessels destined for the u.s. our examination requests of our csi partners foreign in our 58 ports are accepted 99% of the time. we think those are very solid metrics. 100% of containers identified as potentially high risk are examined before they are let into the u.s. stream of commerce, so 85% prior to lading and the rest of the 15% before they're allowed to enter the u.s. on arrival. securing the supply chain category four. over 50% of all cargo containers by value are part of our ct-pat partnership with our 10,750 partners. we've increased the security of the supply chain through that partnership. we're also mutually recognizing other countries' systems, including the european union and six other agreements to ensure broader visibility

globally, as ellen alluded to, the international partnerships. five, our efforts to address the highest consequence threats, rad nuc, we're scanning 99.8% of all arriving -- >> 68 that again what percent? >> 99.8%. so just about everything arriving in a sea port is scanned through a radiation portal monitor, sophisticated sensitive technology for identifying radiological and nuclear materials. the other part of this coin, sir, the facilitation piece that you referenced, the vast majority of cargo arriving in the u.s. is released before it even touches the dock. our ct-pat partners are getting fewer exams. we've established mobile technology options to clear shipments right there on the dock instead of waiting hours and having those bananas sit in wilmington. the u.s. chamber of commerce and 71 others just wrote to the secretary this week in an open letter saying that this regime is working well and that the

facilitation piece in particular, we've achieved through this layered risk approach. so those are the metrics we look at. i'm happy to elaborate on any specifics. >> all right, fine. mr. kamoie. >> mr. chairman i think while you were out what we agreed is in the port security grant program that we have measures, we've made progress, but that we agree we can continue to make progress. on the programatic side of the effectiveness measures, we looked very carefully at the six priorities of the grant program. enhancing maritime domain awareness, enhancing improvised device radiological nuclear protection response and recovery capabilities, enhassing cyber security capabilities maritime security risk, mitigation projects, planning training exercises and the transportation worker identification credential implementation. right now we have a measure that we're looking at building new capabilities across those six areas and sustaining existing

capabilities. but again, that measure can be better. on the administrative management side we've made progress in measuring our ability to effectively and efficiently release the funding, monitor programatic use of these funds monitor grantee financial management of the funds, monitor the closing of awards and grantee drawdown we're making progress, mr. chairman, and have an opportunity to make even more. >> mr. sadler. >> yes, sir. for us i think it's about getting good quality information and data for us to make the right decisions on when we issue a card. it's about continuing to get that information after we issue the card so we can monitor the individual to ensure that they haven't done something to disqualify, whether it's on a terrorism watch list or through some type of criminal issue. i think the other thing that is going to make us better is

installing readers. we believe that the coast guard, who are very close partners with us, we are with everyone else on the panel, has made the right decision to take a risk-based approach and put readers where they need to be. and we think that's going to be a major improvement for our program, considering it's a biometric credential. the last thing we have to do is share information. which we do on a daily basis. so we need good, quality information to make good decisions with. we need the information to keep on coming so we can continue to make good decisions after we issue the credential. we need to install readers and we need to continue to share information, which we do on a daily basis with our partners. >> mr. caldwell. >> thank you very much. i mean the most difficult question is how do you measure security and risk. and i think we've actually looked at that quite a bit across a lot of these programs. i think one of the better program is a coast guard program

where they can actually at the facility level actually try to measure the risk based on vulnerabilities and threats and various scenarios like that. i think they did that. the coast guard also took a step trying to develop a more sophisticated measure of how much coast guard programs actually it was the percentage maritime security risk subject to coast guard influence in the programs. we're a little critical of this because in the end it was subject matter and the experts in the coast guard sitting down and thinking about what those reduction measures are and putting the single point of, you know percentage on that. we had a couple of criticisms in terms of ways maybe we try to make that better and maybe giving particularly when there's so much judgment. you want to give a range instead of ae point estimate like that.

they're looking at whether they want to keep that measure or not. it was a measure they were using within the coast guard or said they were using, but they weren't really using for that much. if you have a performance measure, but they're not use it to monitor things or prioritize resources, you have to question whether it's a useful metric in the end. thank you. >> okay. some of you fwan to answer the second part of my question but i want to take another shot at it. my staff -- my colleagues oftentimes hear me say and we can actually measure that we've not made nearly enough and are

there any of those -- think about how -- who can help make -- enable us to make progress that's needed. us? legislative branches committee? president? his budget? who needs to help out? you want to go first? >> i think that just to sort of set the scene here we certainly need an approach that's flexible innovative so that we can take on the adaptive adversary, and we need something that -- an approach that's risk-based so we can make the most cost-effective use of our resources. that said, we recognize not -- that we don't want to have negative impacts on global trade, on -- we need specific improvements in the area of the targeting algorhythms reducing

the alarms, the working with our partners at some of the csi ports to increase the percentage of scanning that's undertaken. across all pathways, focussing on a single pathway doesn't necessarily reduce overall risk so as we go forward we need to consider improving security across all transportation pathways, and, lastly i would note that we are continuing the dialogue, the stake holders, to see what additional or expanded roles they might take in improving security of our ports. >> okay. thanks. admiral. >> i think there's -- the first is complace ens where i as we get further from 9/11. i think the sense of urgency decreases. from the congress on down, we have to make sure we maintain the sense of urgency with regard

to port security because the threat is adaptive and as fwood as the physical security systems that we have in place are, there are emilitiainging threats like cyber that we have not yet addressed. we've begun to address. i believe the coast guard has the authority so that we need to do that and we're working on what the resources might be, so you may hear about that. the other wrar that would be of concern is the real high-end threat that needs to be intercepted off shore as possible. some identified threat that's on for our shores. it requires shipsz and helicopters and things that are not only capable and that's the time when you need them. those two things are areas where we need to make sure where we continue to build our capability and to build our plans for action.

identifying risk, about the we want to continue to get better. that's an area, and we do get congressional support to continue to improve in that area. with the raid wrags portal monitors we need to be able to dial the algorhythms. they're very sensitive for the threat materials we're worried about, but they reduce the naturally occurring radiological material alarms that we face on normal commoditiesing, like bananas, for instance, and granite and other things that do hit on our portal monitors. we don't want to waste time on those alarms. we want to focus on what could potentially be dangerous material. i think already continued opportunities globally. we're currently working with partners and broadening the scope of csi, security first, but also looking at other threats that a global supply chain, contra band, commercial

fraud that can support criminal activity and so forth. enhancing fwloebl supply chains security standards. we did that after 9/11 with the world customs organization and the framework of standards. there's always opportunities to take that to the next level. then, of course, the private seblgtor. continued opportunities there. not only on a supply chain side of the ct pat but looking at whether from a terminal operator perspective there might be a return on investment to do greater security work prior to leading from a private sector perspective that we could then share and benefit in. we're pursuing all of these angles as the secretary noteed in his letter. >> there's a great point. i really appreciate your responses. i'll come back and ask the same question of the last three witnesses. i'll be right back. >> you want them to answer those? >> okay. thank you. >> let's talk about the 100% and

the fact that we're at 2% to 4%. i think those numbers are right. please correct me if i'm wrong. i would love for you to get in on this. there's no question the 9/11 mission said somewhere between 2% and 4% and 100% what do we need to be? how do we need to decide where we need to be? how do we become more effective in terms of container inspection? >> i'll start, and i'm sure -- i'm sure the question is not the percentage itself but are we inspecting the right percentage? are we inspecting and identifying those containers that are high risk and mitigating that threat at the

earliest possible point. we talked about some of the metrics that we are following whether we're accomplishing that and just like to reiterate one of those elements for you, sir. on those containers that we identify as potentially high risk or automated targeting system. we are examining with our foreign partners under the container security initiative 85% of those containers before they're ever laid on a vessel destined for the u.s. within that -- >> at the first port of arrival in the united states so we are checking them before they enter the stream of commerce to the u.s. and getting 85% of them before they're even on a ship destined for the u.s. >> one of them has a nuclear weapon, and it's a little late, isn't it? >> yes. that's not the only layer that we have fired away. >> when you think about this,

we're saying 85% of those deemed high risk. what is our goal to get to 100% of those being high risk. >> my goal there, sir, is increasingly target with the right port foreign, how we can encourage them to examine anything we think is high risk. we have 58 csi ports. 80% of cargo destined for the u.s. we think we place those csi locations in the right places or currently, though, assessing how the threats have changed, are there certain strategically important ports that we can add capability and work with additional countries to encourage them to take measures before laying. as you mentioned working with term maloperators. is there a way we can encourage terminal operators to encourage the overall inspection if we think there's a return on the investment, working with customers to sell a security benefit that we can then benefit from and share in the

information also? >> the container inspection world really does belong to customs and border protection although i can certainly attest to the impractical kalt of looking at every container as it comes through our yards. i have seen the targeting that we do jointly on cargo, and the ought mated processes are very effective and very adaptable. if there's a new intel stream that comes in cbp can quickly change they are targeting and identify cargo that might be associated with a newly identified threat. >> all right. here's the question as a commonsense wrupt.

>> the european union has done the constituted where i. the private sector has done several studies. the challenge is sir, there's 800 or so leyden for if one sneaks in and you have the tragedy that they spoke about at the port of los angeles estimating $1 trillion affect on our gdp, $16 billion doesn't seem that great, so where do we go?

>> senator thank you. i've thought about this a lot. we've done several studies on it. as far as the one study you're asking for the only place i've seen it is in a recommendation we've made, and i think that cbp and the department would have been better off at that point if they said this is it this is the feasibility study this is the cost benefit analysis. we're going to do it and try to put this thing to -- there have been multiple studies. i feel bad because i think the department in all the study -- all the little pieces have almost gotten there. i just would like to stop talk about kind of when popular myth -- the 9/11 commission never called 100% scanning of maritime cargo. >> what did they call for? >> they called for 100% scanning of air cargo. they said almost nothing about ports and maritime. >> okay. that's great to know.

>> yeah. >> so -- >> but moving on, so the -- we do think that challenges are likely insurmountable. the safe port act was left a lot of things undefined and i think through the pilots cdp wanted to see what the undefined things would be. what's the cost? what's the point? there's a concern that it would create a false sense of security in a couple of ways. you could scan a container if it's kind of within a regime that we trust a port that we trust, then we know maybe that container we have some confidence that after it's scanned and gets on that ship, it's going to be monitored or something like that. a lot of times we won't have those cases. a lot of the places because of how ports are laid out where they do that scanning are off site. if that truck has to drive three to five miles, a lot can happen

in that period. one thing the coast guard commented on it's more likely that a weapon of mass destruction would come in and not do a highly regulated regime like containers, but through small vessels coming in and snuck in some other way. they've looked at millions of containers and used the risk based analysis and are still finding things. it's not when they find drugs and these things that there's a one to one match that we had rated that one high risk. there are cases where they find stuff in there that had gotten through the system. drugs or other contraban. i think our approach is to look at the programs that we have. we would have liked to see the

feasibility analyze. it's kind of water under the bridge but we would like to see us doing a little better with what we have recognizing that we're not going to have a perfect system. that's going to be optimizing your targeting system, which means that you're monitoring is it on a regular basis, you're testing it to see how it's doing. it's having the best csi footprint you can in terms of some of the ports. high risk ports. maybe they should pack up and, you know shake hands with those partners. those partners will keep helping us. move some of the operations to other ports. >> do you have specific recommendations on ports from the gao? >> yes, we do. we do have a recommendation that they use the port risk model they had used in 2009 to initially plan the 100% scan or are thinking about that, and use a similar type model to figure out what ports are they in? we actually tried to reproduce that, and found 12 of the ports they're in were low risk ports. more than half of the csi ports were in high risk ones but we

recognize that there is some ports that aren't going to let us in. you know? i mean, you've got some nasty players out there that aren't going to let a joint u.s. program into their -- we do have recommendations, and they are -- we understand -- >> let's go back to grants and the tiered port system for a minute. if we're not doing analysis on progress, do we re-evaluate the ports in terms of piers. here's tier one, tier two tier three, tier four. is that done routinely yearly,

biannually? how often do we reanalyze high risk ports one? number two is without the metrics, but they're getting better, how do we take what we have improved and measure it to show a decreased risk for tier one port so that the dollars that you have can go to where the risks are the greatest? >> thanks for the question senator. we reassess the risk of the nation's ports every year, and we use the risk formula that incorporates the most recent data we have available on threat vulnerability and consequence, and there have been times where changes in that risk data have resulted in the changes in the grouping of ports. for example, last year in fy13 there are eight tier one ports. san diego had change in its relative risk formula because

these are relative to one another, and so this year it is not tier one port. we are making those adjustments. we work very closely with the departments of intelligence and analysis unit to populate the risk formula with the most recent data, so, yes, we are looking at that continually. your second question as to what the measurement and what i would consider to be buying down of that risk and the vulnerability i fwrae we've got some progress to make there in terms of agreement on measurements and metrics to show that progress and show it in a way when the chairman comes back his question was about how can the congress help, and here i think my ask of the chairman and you, senator, is that we have a continue the dialogue about the types of data

that would enable you to have more confidence and american people have more confidence that we are making that progress and that we are being effective sturdz of the taxpayer dollars. i would agree with you that we certainly have made progress and we have plenty of good examples, but we would like to continue to work with you to get at the data and the measurement that would show that in a more compelling way? >> each port has a port security plan right? >> right. >> what a total cost would be to bring it up on a cost effective benefit, how much total and all the tier one ports that we need to spend to bring them where they need to be. do we have that? do we know that? >> i'm not aware of that analysis. >> that's an important we because if you don't know what

they need, we'll never get there. >> well, so, i mean, we certainly at the captain of the board -- >> i know you know where the weaknesses are, and i know that's where the grant money is going, but i'm saying in the big picture if we're going to spend $100 million this year on port security grants and the total bull for bringing our tier one ports is $2.5 billion, you know we're 12 1/2 years from bringing that, and by that time we're going to have replacement needs. so the question is don't we think it's important to really know by port here's the total cost to get us where we want you. which one have those top eight ports, which one has the greatest vulnerability and should we not be spending maybe $70 million at one point and $30 million at the other eight on the basis of what the total need is to bring them to that level where we feel confident?

>> well absolutely, we'll take a closer look at that. we have moved the entire suite of grant programs towards performance measurement against the core capabilities that are in the national preparedness goem following up implementing the president's directive presidential policy directive aid on marshall preparedness. we continue to find the performance measures for those. through the threat hazard identification and risk assessment process, we are asking grantees to do a lot of what you are talking about in terms of identifying capabilities and then using the investments to close the capability gaps, so we are moving in that direction. i'm not aware of a single analysis where we have put a price tag on what it would take to close the gap. we'll certainly take a look at that. >> i just think that the really

important thing to know because you're going to have limited funds from here on out. send in the tlarz where the greatest risk is. >> i would just recommend you look that the. i don't know what the gao has any comments on that or not. >> if i might, we'll take a close look at that. i think the threat has identification risk assessment process, and the area maritime security working groups at the local and port level i think they're getting at a lot of that, but i agree with you we could make it more progress. >> if i could just -- until your points, the first had to do with how do you account for a risk down with previous grant p money in determining the risk ranking for the next -- we wul do that as part of the coast guard's maritime security risk assessment model that gao mentioned. if we have invested in a system that reduces the vulnerability

or mitigates the consequences that gets reflected. that's part of the formula that we use for the tier of the next we're year. it is in there. the other piece that you ask about is have we defined what a secure port is. i watched the initial focus be on securing individual facilities. let's make sure we have fences and cameras and guards and rpm's and get facilities. then i saw evolve to we need to really secure this port as a system as well. how do we link these fences together? we invested in things like communication systems that would allow everyone and surveillance systems that were focused on the common infrastructure, not on the private sector. have we been able to address when we need to recover?

we invested in trade. it's been a naturalel use. i believe we're still in that evolution because we have emerging threats supper as cyber. i think the next round of grants is putting money towards cyber vulnerability assessments so we can then understand what it's going to take to secure the cyber infrastructure of the maritime. i don't know that we'll ever be able to say we're there but i do see a very logical progression on how we focus our planning and our investment. >> we have a diagnostic system for cyber within homeland security. is the twik system applicable to that system? >> let me take that one, sir. >> yeah. >> right now the way the twik system works is that the contractor provides to the system. it then gets back to the tsa.

the system whether it's on the enrollment side, the date wra center side, up to the tsa side has built the federal standards. they have to go through a certification and accreditation. they go through auditing. they go through testing. it's not monitored through the dhs system. it's monitored through the tsa operation center. everything from the contractor's date wra center. >> i would like to have you answer my wrerl question. the next question i'm going to ask of all of you is what is our to do list on this committee and in the congress? >> i ask you and the committee is for a continued dialogue, and i share this with ranking member

before he stepped out. a continued dialogue about the types of data and the types of measures that would give you the confidence, give the american people the confidence that we are investing the grant dollars in a way that is most efficient and most effective and that we're all good stewards of these resources. i agree with admiral thomas. this is -- threat is evolving. so too, have our measurement of where we're headed next so we appreciate a continued dialogue with you about how we define the measures of success that will give you the confidence that we're all looking for. >> okay. hanks. >> something for our trigger list to continue to make progress. >> i think it's just continued support and helping us get you know, from tsa's point of view, the readers on the coast guard's

point of view, understanding that the coast guard is prom you will gating the rule and when i say we need the readers, we need the readers that's not in any way, you know insin waiting that there's some delay on the rule side. there's a lot of work that went into we could put readers in place and use the full capability of the card. i think to the admiral's point before, it's critical that we maintain mission focus. it's also critical that we make risk-based decisions so we protect the right wrarz. >> thank you. >> senator i'll do kind of a combo answer to -- i'm still busy trying to answer the question you asked before and then the last one. i'll see what i can do here.

i have three things. two, kind of for the agencies to do and one for the committee to do. they make the infrastructure controls not predictable. you keep deter answer out there. i like what i see at cbp when they're doing -- they call their key side or dock side scanning where a ship will come in and they'll target a ship, and it won't be based on whether the containers are high risk or not. they'll be scanning every seventh one or tenth one. maybe there could be more flexible is csi and the food that they have and think about whether they need to ship that deckation bit to different countries if possible. i think cyber is the growing area. it's an area where dhs and coast guard had been monitoring the situation, and they're talking about taking action, but i think they do a report we're issuing

tomorrow for senate commerce that will have a lot more detail on our thoughts on that. then something for this committee, and i think it's starting to show up on the radar of the agencies as well is for what we have we do have to sustain it, and you have vessels, and you have scanners and you have aircraft that have -- that are pretty important in this regime, including some of the interdiction and deterence and just the daily things like scanning containers and some of these are reaching the end of their life. i know that cbp is trying to extend the range of their scanners from, say, ten years to 13 years, but at some point you're going to have a lot of -- you've built all these -- this regime and all the things that go with it. it takes -- it will take some sustainability, and it will translate into resources.

what is our to do list, and i don't know what i -- ms. maclean, you and admiral thomas and mr. maclean had a chance to do that. our to do list. >> chairman, i think i just echo some of the points that were made earlier and emphasize that in moving forward anything we do needs to take into consideration the dhs confronts a multitude of threats and so you know to be cost effective and efficient we need to always bare that in mind. i think the second point we made earlier is that big picture, security across all pathways to buy down risk don't want to encourage sort of a balloon effect where we put all our security assets over here and the adversary just circumstance upvents that. the picture has got to be across all pathways. then echoing mr. caldwell's point about the aging

infrastructure and funding dhs in accordance with the president's budget. >> thanks. admiral thomas. anything you have that we should be doing on the legislative side? >> thank you chairman. i don't have much to add to what's been said. there may be some very specific authorities and capabilities we identify as we continue to analyze the threat with the ports, but i think we have the right access through the staffs to get that information to you. i would say that this type of oversight and continued focus by this committee on this issue is really important to staif off that complace ensy that i'm concerned about. we do appreciate that. >> thank you. >> four quick things. echoing several things that mr. caldwell mentioned. continued support for the key programs we discussed today. the automated targeting system. we're actively working on the recommendations that mr. caldwell mentioned.

we'll be working with your team on those plans. three, what you are articulating at the beginning, mr. chairman understanding the critical economic expeditious and facilitated movement of cargo aspect of our mission. that continues to be critical and needs to be understood. then, four working with the secretary and the department on an agreed path forward on scanning. keeping us honest on a good faith effort. we discussed working together with the framework for the best future. >> i think dr. coburn when i was -- asked a question dealing with fiduciary agents, and i just want to come back and -- i just want to come back and say the second half of a question. maybe i'll take a shot at it. i need to be someplace else, literally, in eight minutes. whoever would -- i'm going to ask you to take a shot at this. here's my question though.

rather than ending the use of fiduciary interest for all ports, why not let ports decide for themselves if they would like to use one? >> we've considered that proposal and don't think it is in the best interest of the program. as the appropriations have gone down and our capabilities internally have fwroen in terms of program oversight management and monitoring we've gotten a pretty good window into the project level data and the approach grantes are taking. we lost some of that visibility. as you might expect, there was a variety of performance -- varying levels much performance across the fiduciary performance model, and then the other thing is with the management and

administration fee the fiduciary agents had access to 3% to 5% of the fund. we think those are better invested in actual security projects. i know there's a range of opinions in the port security. we decided that the best thing for the most effective and efficient management of the program is to bring that management in house and not use the fiduciary model. >> in this last question, it's for ms. maclean, admiral thomas, and really short answers. if you would. the first question is what affect has increased security on land borders had on -- what affect has increased security along our land borders had on maritime border security, and ellen, if you just take 30 seconds. >> yes mr. chairman. two quick points.

i think the trusted trader programs that we developed in the land border context informed how we deal with those programs in the maritime context, and, second, i think it pointed out to us and i real quickly go back to south florida in the 1908s how you need a risk-based approach to secure any single pathway. thank you. >> thank you. admiral. >> somewhat outside the realm of port security, but certainly we have seen the balloon effects on particularly the southern part of the west coast and also in the care bean as we secure our land borders for trugz and contraband and other illegal activities they've taken to the water. we've adjusted our forces. that's really the impact that we've seen there. >> great. thank you. >> agree with the admiral. we have not seen a significant impact in terms of changes in the threat within commercial flows. we have seen the effective security between ports of entry

push activity out into the -- on the west coast as well as up through puerto rico. >> there was a second half to that question, but i don't have time to ask it. you may not have time to answer it. i'm just going to wrap it up here. i'm really glad that dr. coburn has these hearings. it's timely. there's a fair amount of progress, and there's still plenty of work to do. i'm encouraged -- sense of team is at play and that certainly helps. we are part of that team. thank you all for your preparation today for helping to make this a very, very good hearing. it's clear to me that one of the most important take-aways from today's hearing is that it's critically important that we strike the right balance. it's not an easy thing to do. it's hard to strike the right balance between security and make sure we do not unduliy impede the flow of transportation and trade.

as you all know, 95% of our trade moves on the water but the port is vital to our nation's well accident, and they're a conduit for a lot. we will have sent some of my colleagues will have -- let's see here. some questions to ask, and we may have some ourselves. the hearing record will remain open medical may the 19th. it says until may 19th. probably should sar june the 19th at 5:00 p.m. for submission of statements and questions for the record and with that i would say to our republican staffer and our democratic staff and all my colleagues thank you very much for helping us and to each of you for joining us today. i think one or two matters. maybe admiral said oversight is a good thing, and we hear that a lot. we won't disappoint you.

thank you. [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2014] >> next, a debate with the republican primary candidates in the south carolina senate race. and live at 7:00 a.m., your calls and comments on "washington journal." >> for over 35 years, c-span brings public affairs events from washington directly to you, putting you in the room at congressional hearings, white house events briefings and conferences, and offering complete gavel-to-gavel coverage of the u.s. house all as a public service of private industry. we're c-span created by the cable tv industry 35 years ago and brought to you as a public service by your local cable or satellite provider.

watch us in h.d., like us on facebook, and follow us on twitter. >> next, a primary debate with the republican candidates for u.s. senate in south carolina. incumbent lindsay graham is seeking a third term. he faces six challengers in tuesday's primary. this is the first time senator graham has debated his opponents in this campaign. the debate was hosted by south carolina educational television. it's one hour. >> the state, the news the island the gazette, the sun news of myrtle beach, the herald of rock hill, and the item of sumter present etv debatesful tonight candidates for u.s. senate. and now your moderator, dean of u.s.c.'s college of mass communications and information studies, charles. >> good evening and welcome to tonight's primary debate.

among the republican candidates for the u.s. senate. joining me tonight to ask questions of the candidates are the greenville news and the state newspaper. candidates joining us tonight are bill connor, lindsay graham, nancy, richard, lee benjamin. before we begin tonight, some brief ground rules. each candidate will have one minute to respond to the question. if necessary i will allow a 30-second rebuttal. we drew names when the candidates arrived for the order in which we will start, and that first question will go to mr. connor, and then to all of the rest of you in turn. this has been a contentious race by most assessments. we have a two-term incumbent, and we have six as plants to replace him. some of you have made some fairly harsh accusations in the

course of the campaign so far. senator graham can defend himself. that's not my role here tonight. what i'd like to know, and i think the voters would like to know, is if this is a referendum on lindsay graham, why then, senator do you have a target on your back and why specifically candidates, is this such a visceral campaign against senator graham? would you start please, mr. connor? >> sure. first of all thank you, senator graham, for being here, and thank the rest of the candidates. 20 years is too long, and senator graham, i think when you first came in with newt gingrich lot of great ideas. but after things like voting for justice sotomayor, voting for justice kagan, the tarp bailout, a number of these things, it's come time senator, quite frankly, for somebody else to come n. it's not personal. i think you're a good man. but issue is that we need new blood. i've already said i'm staying for only two terms. 12 years is long enough. george washington took eight

years and set the country on its course. that comes down to the issue. we'll go through various points, specific points, but i think all of us have gotten tired over time of the various things we've seen where near election period, lot of conservative rhetoric, but in the six years, five years leading up we're electing a senator to serve in the next six years. ladies and gentlemen, i think i'm the best qualified to represent our state. and i say that humbly. i know how to deepen the port of charleston. if we don't get that right we're in trouble. when my state needed me to fight the unions, i was there in an effective way against the nlrb's effort to shut down boeing. i'm proud of my record. i've been endorsed by many groups. i have a fiscally responsible record. it is about the future. our country is at risk.

barack obama's foreign policies' failing. radical islam country will tell you is on the rise. those who have fought so bravely since 9/11 there is nobody in the senate that will have their back better than i will. i understand the threats we face, the needs we have here at home. and if i go back to the senate it's with a purpose. to rebuild this party and to take care of those who have had our back and make sure that we in south carolina have a voice that people will listen to and respect. >> thank you. ms. mason. >> first i thank you all for having us here this evening in our first debate with senator graham. i first want to say that i am not a politician. i'm a wife and a mother and a successful small business owner. six years ago i started my own company doing technology and marketing consulting and i've worked with small businesses, startup companies, entrepreneurs, and also some larger companies as