Of policy each of you play a Critical Role and youve got to work to the. So do we. Were always happy to have you with us. Youve done a whole lot of work in this area, were grateful for that and be looking to you for further help. Again thanks to everyone for coming. As dr. Coburn knows were going to start voting in a little bit. And were going to do one of those deals that we perfected where voting starts, maybe hell go vote the first time, and when hes voted hell come back and ill go vote and then well just swap back and forth. Hopefully well be able to keep going and make it all work and be done in a punctual way. But its important were happy that you here. Let me just now turn to dr. Coburn just to thank him for insisting that we have this hearing and make this a priority. Thank you, mr. Chairman. First of all welcome to all of you. This is an interesting area for us to be talking about. Sitting on the intelligence committee, our threats are greater, not less, in terms of risk. And getting it right is important. One of the commitments i made to congresswoman janice hahn from l. A. , she has the l. A. Port, which is our busiest and biggest and probably greatest vulnerability in terms of port that we would have this hearing and do the oversight thats necessary to try to improve what were doing. So, mr. Chairman id like unanimous consent to put her testimony in the record she the house is out this week, and we wouldnt have scheduled that this hearing at this time had we known that. But we did. And im happy that were having the hearing so id ask unanimous consent to have her testimony included in the record. Id also note that the house has passed the legislation that the senate hadnt even taken up or considered the gaps act, and what we need to do is address today to find out where our weaknesses are. What we need to improve and as senator carper mentioned the 100 scanning obviously isnt viable, or may not be viable, but we need to have a better approach than 2 to 4 scanning that were seeing today. We know that a successful attack on one of our ports would be devastating. Rand corporation gave an example it could have a trillion dollar effect on our economy. That is a high possibility. We cannot stop every attack thats going to come to this country. But we can certainly make it much more difficult and markedly decrease the likelihood. Everybody knows the history. Of how we came together after 9 11. We created Port SecurityGrant Program. We mandated 100 cargo screening. And 9 11 Commission Recommended that, as well. We also created the card which has had some significant difficulties, and is still not implemented. So my goal for this hearing is to review all the initiatives that were initially set out assess how well theyre working. And whether or not theyre working. And determine if our ports are as secure from the potential terrorist attack as we can make them feesbly and economically. I would say we spent 4. 9 million on the Port Security program with no measures whether or not we improved our security. Theres no records so we dont know. Weve spent 2. 1 billion on cpp Cargo Programs on a scanning mandate that we are told will never be met. Theres 5 billion we spent we have no assessment of what weve gotten for that money. The program was intended to create an i. D. Card for transportation workers to enter secure areas including ports well talk about and some of my questions will relate to some of the problems associated with that. In general i think its unclear and hopefully this hearing will help us, to know how much improvement weve actually made in securing our ports. So i number one want to thank each of you for being here, preparing the testimony which ive read, and being available and i apologize that were going to have votes but we will be well keep this moving as fast as we can. We have four votes starting at 11 00 and with that mr. Chairman, thank you, as well. Mr. Top banana. Ive been called worse things. Well make this work. We appreciate. Let me briefly introduce our witnesses. Colleen mclean deputy transportation secretary. Also served as dhs assistant General Council for enforcement she began here career with u. S. Customs service where she served i believe as deputy associate chief council is that right . Rear admiral paul thomas joins us from the coast guard where hes assistant commandant for policies specialist in marine Safety Security and environmental protection. Graduate of the coast guard academy, and of the Massachusetts Institute of technology. Where im proud to say that one of our boys attended. When i went to ohio state i could barely spell m. I. T. The idea of ever having a kid that goes there i could not imagine. Congratulations on that. Thanks for your service. I want to ask kevin to pronounce your last name for me, kevin. Mcaleenan. With the emphasis on the leen . You put an a in front of the c it works better. There you go. And acting Deputy Commissioner at the u. S. Customs and Border Protection. Served as acting assistant commissioner of the cdp office of fuel operations leading the agencys Port Security and trade facilitation operations. Brian kamoi appointed as the assistant administrator for Grant Programs at fema in april of 2013. Before that he served as senior director for preparedness policy on the White House National security staff, from 2009 to 2013. Stephen sadler has been the assistant administrator for intelligence and analysis at the Transportation Security Administration since october 2011. Hes joined tsa in 2003 and held several leadership positions. Breyer to that he spent 25 years in the commercial maritime industry. And finally last but not least, Steven Caldwell nice to see you. Joins us from gao where he is the direct director of issues issues on the homeland and security justice team. Mr. Caldwell has over 30 years of experience at gao and has worked on numerous reports on security and supply chain security. Thank you all your entire statements will be made a part of the record and feel free to summarize as you go. Try to stay within about what did we say five minutes . Five minutes if you could, go way over that well have to rein you in. Thank you for joining us. Ellen why dont you go ahead. Good morning, chairman carper, Ranking Member coburn. I am a career Civil Servant and testifying before congress for the first time. As this has long been on my career bucket list i appreciate this opportunity along with my colleagues to testify on a matter of singular importance to the department. Port security. Since 2007 and the passage of the safe port act we now have several key strategic documents that shape and guide our efforts on Port Security. The National Strategy on Global Supply chain security. The Global Nuclear detection architecture. And the soon to be released 2014 dhs quadrennial Homeland Security review. Dhs is focused on enhancing Port Security through prevention, protection, and resilience. Pursuant to a risk based approach. While strengthening the Global Supply chain system, including the Maritime Transportation network, we are ever mindful that it is critical to do so by promoting the efficient and secure movement of legitimate goods. Guided by the principles in these overarching documents, dhss approach embraces five elements for a layered system of maritime port and cargo security. One, understanding the risk to better defend and protect against radiological and nuclear risks. Two, obtaining advanced information and using advanced targeting techniques. Three, increased collaboration with other federal agencies foreign governments, and private stakeholders. Four implementing strong, domestic security regimes. And five promoting proposedness by sustaining Grant Programs. Within this strategic context dhs can point to several Key Developments in the past seven years. Risk assessments to aid us in understanding the threat environment and prioritization of resources. Significant progress with international and private partners to incorporate Risk Management principles, and leverage trusted trader programs. The assessment of more than 1500 foreign ports 200 alone in 2013 under the international Port Security program. Establishment of 360 comprehensive Port Security plans by port operators. And grant awards to achieve Interoperable Communications installation of surveillance cameras, at port facilities and funding for other similar fiscal security equipment and projects. Looking forward we face challenges of increased trade from the expansion of the panama canal, and increased activity in the arctic. With increasing trade, and shifting trade patterns we must also confront aging infrastructure for a broad range of dhs assets. From coast guard cutters to xray and radiation and Nuclear Detection inspection systems. In forging the path for progress, dhs will concentrate on improving Information Collection targeting and des semination expanding global capacity to secure the supply chain, and addressing risk across all modes of transportation. With a continued focus on enhancing the capabilities of our components, and our partners to address current and future challenges to securing our ports, dhs will continue to dedicate substantial attention and resources to implementing a layered Risk Management approach to security across all transportation pathways in an efficient and Cost Effective way. And building essential partnerships at home and abroad. Thank you again for the opportunity to testify about dhss progress on enhancements to Port Security. I will be happy to entertain any questions. Good. Thanks and were going to have some. So thank you. Thanks for your testimony. Admiral thomas, please proceed. Thank you chairman carper, dr. Coburn, and thank you both for your continued support of our coast guard and the opportunity to discuss this really important topic with you this morning. The coast guard in coordination with the other department of Homeland Security components interagency and the industry implements a layered Maritime Security system. Our goal is simple we want to deteblgt interdict and mitigate threats as far from our shores as possible. We accomplish this through the layered system thats depicted on the slide before you and displayed to the left to my left. As you can see on the slide, Maritime Security of u. S. Ports does not start and finish in the u. S. Rather, the opposite is true. The security of our ports begins in foreign ports at foreign facilities and terminals. This is the first layer of our integrated system. The coast guards international Port Security program conducts assessments of foreign ports, to ensure ensure they meet International Security standards and to build the capacity of our trading partners. So just as you cannot enter u. S. Airspace unless the flight originated from an airport that meets minimum Security Standards, you cannot enter u. S. Sea ports unless that voyage originated from a foreign port that meets the Security Standards as certified by the coast guard. Additionally coast guard led foreign port threat assessments bring together information from Law Enforcement and intelligence communities to assess the level of governance, crime terrorist activities and other factors which may help us determine which threats emanate from those ports. Finally, overseas activities by our colleagues from the customs, Border Protection and other dhs components help ensure the safety and security of cargo an people before they depart foreign ports. If you look at the next several laser on the slide, the international waters, the u. S. Exclusive Economic Zone and u. S. Territorial seas our regulations require that each ship en route to a u. S. Port provide the coast guard at least 96 hours advance notice of arrival. This notice includes information about the vessel the cargo, the crew and passengers. Customs and Border Protection also requires advance notice with information about the cargo, the shipper, the consolidator, the receiving agent among other information. Other federal agencies like centers for Disease Control may also require advance notice of arrival under certain circumstances. All of this information is collected and shared at both a national and port level. Its screened and assessed so that prior to arrival of any vessel the coast guard captain at port has a consolidated comprehensive assessment of all risks associated with that ship. When i say all risks, i mean all risks, everything related to safety, security and the environment. As diverse as Invasive Species and water or cargo, crew members on a watch list, passengers exhibiting signs of illness or damage to the ship that might compromise safety or the environment. The captain of port is able to coordinate a single interagency local, state and federal Risk Mitigation plan for each ship that arrives. For the vast majority of these ships, local coordination is required to plan necessary control, inspection or enforcement actions. In some cases the threat rises to the level that interagency coordination seat the National Level is required and we activate the maritime threat protocols. In some cases the risk will be mitigated by interdicting the ship in the offshore zone n other cases the ship enters the port but is subjected to oversight prior to passenger operations. These boardings are most often led by the coast guard but may include personnel from other Homeland Security components or the agency who can bring special capabilities to bear on a given threat. In all cases the vessel arrives at a port facility that complies with the requirements of Maritime Transportation safety act and the safe port act. These facilities by law have security staff trained to specific standards. They have an Access Control system that includes credentials for each employee. They have approved plans in place to prevent and respond to security incidents and they execute a declaration of security with the foreign ships when appropriate to ensure the security and Communications Protocol at that ship port interface are clear. Beyond the individual port facilities, the Port Community as a whole is prepared and resilient. Capable of port wide prevention preparedness, response activities. Due in large part to the combined impact through investment in our Grant Program, establishment of the area Maritime Security plans. In summary, mr. Chairman, we have used the authorities in the Maritime Transportation security act and the safe port act to implement a Security System that begins in foreign ports, continues in the offshore area as a vessel trits to our waters and remains ever vigilant in our ports that have robust, interagency, local, state and federal coordination to mitigate threats, facilitate commerce and respond to all incidents. Thank you. I look forward to your questions. You took one second too long. Youre off your game today, huh . Yes, sir. Actually thats pretty good. Thats very good. Thanks for that testimony. Kevin, youre up. Please proceed. Good morning chairman carper, Ranking Member coburn. Its a privilege to appear before you again today. Thanks to your continued support along with effective collaboration with federal, international and private sector partners, dhs and u. S. Customs and Border Protection have made significant advancements in maritime cargo security. Cup has secured security partnerships enhanced targeting and Risk Assessment programs and invested in advance technology all essential elements of the multilaird approach to protecting the nation from the entry of dangerous or vie lafb shipments while expediting legitimate and economically viable commerce. Id like to highlight the progress of a few of these efforts for you today. In the first few years after 9 11, cup created several key programs to enhance our ability to assess maritime cargo for risk, examine shipments at the earliest possible point and increase the security of the supply chain. The Customs Trade Partnership against terrorism or ctpat was established in 2001 in the wake of the 9 11 attacks. It provides facilitation benefits to members who adopt tighter security measures throughout their entire supply chain. It has grown from seven initial members to over 10,000 members today. The National Targeting Center also started in 2001 has developed worldleading capabilities to assess cargo shipments, crew and travelers for risk before they are laden or board vessels destined for the United States. At the ntc, they utilize the targeting system intelligence commercial information and traveler data to identify and mitigate potential threats. Dhs and cvp have strengthened Detection Capabilities at domestic sea ports. Since 2001, cup has acquired 1387 radiation portal monitors and increased its inspection systems from 64 to 314. These valuable systems help officers detect radiological materials, weapons and a list of substances. The support of congress specifically through the safe port act, has been a key catalyst in advancing trade security and facilitation capabilities beyond these signature efforts. The act codified and made filings mandatory, building on the 24hour rule. This Program Provides additional advanced insight into the supply chain allowing us to identify potential risks earlier and more accurately. The act also cod nied the security nifb afternoon. Cup works with foreign authorities to identify and examine highrisk u. S. Bound maritime containers before they are laden on vessels. They prescreen 80 of all cargo imported into the United States. Cvp will continue to build on our progress by exploring and expanding new rules, such as trusted trade or mutual agreements. We will confine our targeting to better identify highrisk cargo and work to increase the percentage of containers scanned abroad. Well continue to help lead the effort in developing increasingly effective and sophisticated Global Standards for cargo security. By utilizing riskbased strategies and applying a multilayered approach, we can focus our resources on the very small percentage of goods or seshsz that are high risk. Our use of advance Information Technology and partnerships improves goal supply chain integrity and reduces transaction costs for u. S. Businesses. Thank you for the opportunity to testify today. Im happy to answer your questions. Thank you for that testimony. Brian. Welcome. Thank you, chairman carper, Ranking Member coburn. I appreciate the opportunity to be with you and to join my colleagues from the department to talk about the Port SecurityGrant Program which we believe is a critical part of the departments efforts to enhance the security and resilience of our nations ports. Senator coburn as you mentioned, we invested 2. 9 billion since 2002. While i agree with you that we certainly can continue to improve our measurement of both the effectiveness of those investments and our administrative management of the programs we have clear evidence of the value of these investments across the programs priorities, which include maritime domain awareness. Weve invested in over 600 portwide projects that include portwide coordination and collaboration, Interoperable Communications, Surveillance Systems that assist in domain awareness. Weve invested 161 million just in Interoperable Communications. Weve also invested in improvised explosive device capabilities and chemical, biological radiological and nuclear capabilities. Cyber security capabilities, as that threat continues to evolve. Planning at the port level training and exercises and of course the implementation of the transportation worker identification card program. And so in addition to these programatic achievements and, for example, just in vessels that patrol our waterways, weve invested in over 500 vessels. In new york city, for example the port of new york used over 30 vessels the day Hurricane Sandy made landfall and rescued over 1,000 people. So we know these dollars are making a difference. And these investments also facilitate increased partnerships, not just at the federal level with my colleagues here, but at the state and local level and with port owners and operators. Weve seen in a variety of instances, you can assure congresswoman hahn that we continue to make investments in the port of los angeles for information sharing and collaboration and, chairman carper, in the port of wilmington, the investments there not just in Interoperable Communications but in information sharing between the port and the Fusion Center in delaware that has allowed the building of relationships with state and local Law Enforcement and the port. I thought id also tell you where we are in the fiscal year 14 grant cycle. 100 million was appropriated for the program this year. Applications came in on may 23rd. The field reviews as the admiral mentioned, we work very closely with the coast guard. We have a twotiered review process. Captains of the port work with the port area and the local and State Government through area Maritime Security committees to prioritize projects. Those applications are under that field review right now and will be referred for a National Panel review here at the Headquarters Level later this month and then we expect to announce awards by the end of july. And so ill close by saying that we look forward to the continuing dialogue about how we can continue to make these investments in the most effective and efficient way possible. We think they have made a real difference and i look forward to answering any questions you may have. Good, thanks. Nice job. Steve, please proceed. Thank you, welcome. Good morning, chairman carper Ranking Member coburn, distinguished members of the committee. Thank you for the opportunity to testify about the twic program. It provides a industry wide biometric credential to eligible workers requiring unescorted access to port facilities and vessels under the Maritime Security act of 2002. Tsa administers the program jointly with the United States coast guard, tsa is responsible for enrollment, Security Threat assessments and technical systems. The coast guard is responsible for enforcement of card use. Since the program was launched in 2007 in wilmington, delaware, weve conducted Security Threat assessments and issued cards to 2. 9 million workers, including longshoremen truckers and rail and vessel crews. The twic program is the first and largest federal program to issue a biometric credential. Working closely with industry and our dhs partners, the program has evolved over the years to address concerns over the applicability of federal smart card best practices to a working maritime environment such as the requirement for two trips to an Enrollment Center for card enrollment and activation. Tsa reformed the program by launching one visit in june of 2003 in alaska and michigan. This provides workers the option to receive their twic through the mail rather than requiring inperson pickup and activation. Last month tsa moved from the pilot phase of the program to a phased implementation for all applicants. We have added Call Center Capacity for applicants checking on their enrollment status. Weve enabled webbased ordering for replacement cards. Weve increased Quality Assurance at our Enrollment Centers. Weve opened multiprogram Enrollment Centers across the country to allow individuals to apply for the twic, that has this material endorsement and tsa precheck. We will expand a number of Enrollment Centers to over 300 this year adding to the convenience of workers. Tsa continues to evolve and modernize their credentialing programs through these initiatives, strong collaboration at the department, partnership with industry and the support of this committee. Thank you for the opportunity to testify today and i look forward to answering your questions. Thank you, mr. Sadler. And now Steven Caldwell please proceed. Thank you for asking us to testify on Port Security. Weve issued almost 100 reports on Port Security since 9 11. Our most recent comprehensive report on Port Security was issued in the fall of 2012 to note the tenyear anniversary of the Maritime Transportation security act. Lets start with planning. There is a National Strategy for Maritime Security issued in 2005. We reviewed that strategy and its eight supporting plans and found much of the criteria that jao has laid out for a Good National strat jeechlt we also looked at some of the more detailed functional strategies and in some cases we have found those to be wanting but at the port level we found that some of the plans specific to the ports have included the safe port acts requirement that they also cover recovery issues. Again, going back to some of the functional plans we found some deficiencies in those. For example, dhs after putting out the small vessel Security Strategy and laying out an Implementation Plan for that has not been tracking the progress of the components and actually meeting that, which leaves some opportunities, lack of disseminating any potential Lessons Learned or even being able to track their overall progress on that strategy. In terms of maritime domain awareness, there have been a number of improvements. The coast guard through its Common Operating Picture program has allowed Additional Data sources into the use of the users, allowed blue force tracking, which is the ability to track our own vessels and also increased access across the coast guard to other users. However, many of the original systems used to increase maritime domain awareness have fallen short of the capabilities that were originally planned for those and mainly these are due to some of the acquisition problems that our reports have noted, such as not developing complete requirements at the beginning, not updating costs or Schedule Base lines and not monitoring their initial performance. Regarding the security of our domestic ports dhs components, especially the coast guard, have gone quite a ways in terms of implementing the Maritime Transportation security act. Key provisions of that act call for security planning at the port facility and vessel level and it also calls for the coast guard to then inspect those facilities to make sure that those security activities are indeed in place. Jao has audited those programs. We found progress and most of our recommendations in those areas have been implemented, but some areas remain problematic. As noted, we have concerns about the Port SecurityGrant Program and the extent that they are monitoring the effectiveness of the actual projects. Going back to 2005, gao found that the program lacked an adequate Risk Assessment process and lacked a mean to measure the effectiveness of the projects in the grants. More recent work did find that the grants are based on risk and it goes back to the process that was started to be described at both the port and National Level. After more than a decade after the programs start theres really no Performance Measures in place to determine whether the program at the port or facility level has improved Port Security. And it even lacks project level visibility to know whether the projects were indeed implemented as described. Regarding the Global Supply chain security, theres also been a lot of progress, especially by cvp. Weve reviewed these programs and noted their management and operations have matured over time. We con cure with cbp that implementing 100 scanning as defined in the safe port act and 9 11 act is extremely challenging. However, we are less convinced that existing riskbased program does not have room for improvement. A recent report has found cbp has not been timely in terms of measuring the effectiveness of its targeting system or evaluating supply chain risks in foreign ports. We did see the may 5th letter from the secretary to you, mr. Chairman, and note that both of those issues are discussed as potential improvements. In closing, gao will continue to review Port Security programs for congress, this committee and others. For example, we have ongoing work on port Cyber Security as well as the disposition of highrisk containers. That concludes my remarks and im happy to answer any questions. Thank you. Thanks so much for that testimony. Senator, nice to see you. Why dont you lead us off. Thank you mr. Chairman appreciate it. I just wanted to get a followup, administrator sadler and certainly mr. Caldwell about the twic program. So you testified about the one visit pilot and now its going to a nationwide mailing system. So how do you assess its going and are you able to do this without concerns about fraud . So just can you give us a quick update. You know obviously i appreciate the steps youve taken on this but just in terms of substance. Then i would like to hear from mr. Caldwell about how effective you think overall the twic program is in helping protect Port Security and what other gao has been quite critical in past reports about what we need to do to improve this program and its effectiveness. So thats really the issue i was hoping to get a little more insight on. We started the pilot for twic 1 visit last year in 20122013 in alaska and michigan. As we transitioned to our new technical system we started the implementation nationwide so we started implementing the one visit in may of this year, may 12th. So we planned to have a phased schedule to implement it across the nation and we should have it done by this summer. So we think its going fairly well. We do mail the cards out. I believe weve got about 3,000 cards for twic 1 visit that have been mailed out of about 5,000 enrollments. What we do is send the card out separately and then we send the pin in a different letter. So we try to send them out in two different letters. So you havent seen fraud yet on that program . On the mailing itself . Yeah. Not yet senator but were still in the early stages. Implementation. Thank you. And mr. Caldwell i know were sort of in the middle of a vote so i just wanted to get a quick thought on one of the things i think weve worried on overall about the twic program, is it making us more secure. Are we improving this system so that we can have some reliability with it . Well, two things. Ill talk about twic 1 and thats trade opportunity security and convenience. Definitely its more convenient but youre losing one of your steps of internal controls of identifying the persons identity by having them come in. I think Congress Pretty much directed and took to going that direction. They did. So it is what it is. But its also good to follow up and make sure that we didnt that the choice we made there, that i was obviously a supporter of that we made sure were following up on it as well. Yes. I do think its a good idea to follow up on that to see if there is fraud and whether that happens. What im worried about overall is are we really doing anything with twic . I get the goal of it it makes sense, but we obviously the concern has been how are we enhancing Port Security overall . We have those concerns as well. Weve had concerns with the program pretty much from day one in a lot of ways it was implemented. For example, the reader pilot that was done recently, we thought the valuation of that was done quite poorly and left out a lot of things that would be tiebl evaluate really what were the problems coming up. Was it the card itself was it the reader, was it the person that was manning the security gate when they did their test at the reader pilot. They did not include the kind of detailed data youd need to know to get that. Obviously you know theres some concerns in terms of the shooting down in norfolk. Yes that was raised in the commerce committee. And the navy now is not accepting twic at least by itself, as a card accepting to get on that base so obviously they have some concerns with it. Theres been an assertion that twic has improved security and weve seen that in the latest report to congress but we havent seen strong evidence supporting it. So you want better metrics. Gao always wants better metrics, but yes. I suspect well be asked to look at it again. Are we doing better . Thats a good question, are we doing better . Well, compared to nothing, having a pass that is used in multiple places with the background check is useful. You can have felons and things have things waived so they still have those cards but you dont have people getting the cards that have either espionage against the u. S. Or terrorism crimes. Thats a pretty high bar, but in one other way to look at it yes, that would be important. Twic was put in as part of mitsa, which really the bar for mitsa is will they prevent a major transportation security incident and thats where this kind of a judgment call about whether someone getting and committing a crime, committing murder, would that rise to the level of a transportation security incident. Not likely. If theres anything else you want to add, i know weve got to run to vote. Just quickly. The first thing i want to say for twic 1 visit you have to confirm your identity the first time, absolutely. Youve got to do that. The other thing id say is that this is the first time that the maritime population has been defined. Prior to twic, there was no definition as far as i know and i spent 20 years going in and out of ports, so im not sure who knew fanlnationally we now know that example. We now have a population of 3 million people. I vetted people before twic with information that was submitted by ports. We vetdted 900,000 people. We did that prior to the implementation of twic as a mitigation strategy. Now were up to 3 million people. The first thing is define the population, we recurrently vet them every single day. We have one common standard, put the biometric aside one common standard, one common credential one common background check n some places you had to buy a multiple credential within the same state so if you went to one port, you had to buy a credential and you went to another port you had to buy another credential. So we think there is improvement in security just by virtue of the fact of those things that i just mentioned. Thank you. Thank you, mr. Chairman. Im going to slip out run and vote and then come back and so dr. Coburn can go back and forth. When i come back, ill be interested in asking so you can be thinking about them are how do we measure success. I want to see if theres consensus on how we measure success. And if theres some consensus around common metrics, then how are we doing. What are we doing especially well what are we not doing so well. And finally i always like to ask what can we do to help, all right . Dr. Coburn, thank you, all. Thank you. Have fun voting. Lets keep talking about twic for a minute. We hit id just like your assessment on somebody with a twic card that gets into a port and shoots people. Hows that happen . No system is perfect and im not laying blame. Im just saying how did we miss that . At the time that individual was vetted senator the standard for manslaughter included all manslaughter, voluntary and involuntary. So when the individual came through, the crime had been committed in 2005. The conviction occurred in 2008. I believe he served about 800 days on his conviction. So he served about two and a half years. He was released from incarceration in 2011. We encountered him in december of 2013. And based on the standards that we were using at the time, that voluntary manslaughter charge was not a disqualifier. So he got his card in january of 2014. As far as him using the card at the base i would defer to d. O. D. But one point i have to make is the twic in and of itself does not give you access to a port. You have to have the twic and you have to have a business need. So weve gone back, were scrubbing all the cases we had for disqualifications that involve Involuntary Manslaughter and voluntary manslaughter and weve changed our policy now that if you come in with a voluntary manslaughter charge, thats an interim disqualifier. Interim meaning that you are still eligible to appeal, youre still eligible to request a waiver, youre still eligible to request an Administrative Law judge review and youre eligible to go to court if you dont agree with the finding that we make. Right. Thats the kind of answer i was wanting. Talk to me about twic readers. Ill defer to my colleague in the coast guard but to senator carpers point about what we can do to increase security and how we can be more successful, thats one way to be more successful is by implementing the twic readers because we have a biometric credential. We believe that it works. Right now its being used as a visual identification card. But it needs to be used as a biometric credential and on a riskbased basis as well. So we believe that its critically important to install readers in ports. Admiral . Thank you, doctor. I really appreciate the opportunity to answer that question because as the Agency Responsible for implementing security at our port facilities and as a previous captain at port myself i think its important to recognize that twic and the twic reader are part of a greater Access Control system for a facility which has its own Security System, which is in itself part of a greater system to secure our ports than the entire chain that i discussed. So when youre going to put an Access Control system in a facility, youre going to include fences, gates guards lights, cameras a credential of some sort and in some cases a biometric reader for that credential so its just a matter of layering the security. As the chairman noted in his opening comments, if this was security at all costs wed have readers everywhere. Because we are trying to balance, as we should the risk with the benefit and facilitate commerce, weve done an exhaustive analysis which im happy to explain to you that has ensured that the readers go at the highestrisk facilities. And i think that the coast guards proposed rule puts those readers where the cost benefit is currently the best. I think as we expand the use of twic and twiclike credentials beyond the maritime domain, because thats the only place we have transportation credentials reader costs will come down, card costs will come down and the cost benefit will change in a way that it just makes sense to put readers at more facilities. Do you have a proposed date where your first round will be completed and then an assessment made of twic readers . We are currently working on we put out a notice of proposed rule making and received about 2600 comments so were currently working through those comments and will make some adjustments to the rules. It will go through the process and hopefully be published next year and a twoyear implementation date before the readers have to be in place. So were two and a half years away from the completion of what the present plans of the coast guard are . Were two and a half years or so away from the date that i anticipate readers will be required at certain port facilities. Okay, thank you. Let me go back for a minute. Ms. Mcclain, one of your statements in your Opening Statement was spending money in a Cost Effective way. If yall dont have metrics on the effectiveness of grant money thats spent, how do you know its Cost Effective . Senator i think that i appreciate the question. I think its a little outside my lane. Id prefer to take that question back and get you an answer working with my colleague from fema on where we are in developing metrics or answering that particular question. Well let me i dont think anybody will dispute that weve done some good with the money weve spent, okay. Im not saying that. Im just saying and anybody can answer this that wants and id love for gao to comment on it as well. We have a port system where we tier risks and the vast majority of money has gone to tier one ports. And under the system youre utilizing today, without any recognition of the money thats already been spent, we continue to spend the same money on the same risks because theres no Risk Reduction recognized in your tiering. So if you dont have metrics associated with the money thats being spent in the Port Security program, Grant Program when do we stop spending money at tier one ports . In other words how much is enough . And how do we know when weve got the best cost benefit analysis, the most Cost Effective program in, based on the risks and mitigation and the other goal that we have, how do we know that if we dont have a metricbased system . In other words heres why were spending this 2. 9 billion. Heres what were hoping to get and heres how were going to measure whether weve got it. Because theres all sorts of i wont in this hearing, i will privately give you all the list of money that you spent on stuff that a common sense person says that doesnt have anything to do with Port Security. I can think of we have two ports in oklahoma the port of muskogee and port of pestuga. In terms of the risks associated with those ports those are low priority things to me. So my question is, if we dont have metrics to measure and when we look at this in total, and i think you all have done a wonderful job in terms of laying this out, but how do we know . How do we know when to quit spending money that gives us a diminishing return on the Port SecurityGrant Program . Senator, im happy to field that question. Improved measurement is absolutely an area where we see a lot of opportunity. Let me interrupt you there. Please. Whats your measurement now . In fy13 we for the first time instituted measures related to sustainment of existing capabilities versus building new ones. We took the gao and mr. Caldwells reports and recommendations quite seriously and are looking very closely on what ports are doing with the funding. We for the first time in the fy14 application cycle are requesting project level data going in. You probably are aware of the history of the program and the flexibility that had been given at the local level against area Maritime Security plans. There remains a lot of flexibility, but we are increasing the oversight to request project level data up front so that we can start to get that information to form even more effective measures of outcomes. On the grants management side, senator, we certainly have measures now and even over fy12, measures of our monitoring. Mr. Caldwell mentioned the level of monitoring. 100 of our Port Security grants now undergo some level of monitoring. We have a tiered Monitoring System where our Program Staff on a routine basis look at every award, look at the history of the grantee, the history of the outcomes achieved, their Financial Measures from drawdown, rate of expenditure, rate of deobligation and that then is reviewed and we do prioritize based on the risks we see and their management of the grants all the way up to desk reviews where we request a lot of Additional Information from grantees and then site visits. So what i would tell you, senator, is i look forward to continuing to work with you, to continue to get the data we need to form more effective measures. I agree with you that everybody can point to the examples and there are really some stunning examples of how useful and effective this funding has been, but i think youd also agree with me the plural of anecdote is not data. We will continue to refine our measures to get that data. As i noted, i think its improved, but i think we still you know my underlying concern, somebody is going to be sitting up here ten years from now and the amount of money to spend on this kind of program isnt going to be there. So how we spend the money today is really important because theres going to come a time. You know ill repeat for you Social Security disability runs out of money at the end of next year. Medicare runs out of money in 26. Social security runs out of money in 32. By 2030 the entire budget will be consumed in medicare, medicaid, Social Security and interest on the federal debt. So my questions are all based on the future. And if we spend money really well now, we wont spend money we wont need to be spending money in the future. So thats the basis of the question. Its not a criticism, its just we need the best cost benefit value for every dollar that you send out in a Port Security grant. We agree with you and we are working with our partners on the vulnerability index, which is one of the things you mentioned how do we understand what risk we have bought down and well continue to look at that to make sure were spending the money as effectively as possible. Thank you. Admiral, one of my concerns and i cant go into detail but let me give you a hypothetical and you give me the answer. Lets say somebody leaves one of our certified ports overseas and arrives here, but in between there and now something was added to that cargo. Do we have the capability to know that . Well, doctor im not exactly sure if they leave a foreign port they leave a foreign port thats one of our certified ports, one of our allies, meeting all the requirements that you all have. And someplace between when they left and when they arrive at the port of los angeles somebody has added a package. So if that occurred at another foreign port no not in the port. Just in transit. In transit. The only way that we would be able to determine a couple of things would have to happen. Probably the entire crew would have to be complacent with this individual thats carrying this out, because its difficult to access particularly a container in transit without a significant amount of effort and that would require probably more than one person. Lets dont worry about the details of that. Lets say it happens. If it happens, the way the only way we would know and really this is a better question for my colleague from customs and Border Protection, would be because the container has been opened and we would be able to determine that. Maybe you can sure. Senator, we have two elements that i think would be germane here. One, the imPort Security filing gives us the stow plan for the vessel so we know where each container is on a vessel. Whether thats going to be accessible during a voyage or not. We do see drug smugglers attempt to use what we call rip loads where they break the customs seal, put a load just inside the doors of the container and lock it back up. Thats really only doable on a vessel in transit around the deck area so we know which containers could be accessed and then we do routine seal checks upon arrival to see whether or not those containers have been tampered with and whether those doors have been opened. So there are different steps in our layered process can somebody counterfeit your seal . They can try to yes. And weve detected you know, dozens of attempts to do that you know pretty effectively. So they have not been able to do that as of yet . I wont say senator that youre aware of. We do train our personnel to detect what our seals are supposed to look like whether they have been tampered with and theres number sequences and other kind of safeguards in this process. This is a long time ago but ill just share an experience with you. I bought a company in puerto rico, put it into four containers, all the equipment, everything that was there. All four containers arrived at one of my plants here. All the seals were there. And when we opened the containers, everything of significant value that could have been marketed was gone but the seals were still there. So the fact is and thats way before 9 11. That was in the 70s. But the fact is, is people will try and do it. So my question is, i guess my question is really this. Do we have the capability to track ships from the time they leave a port till the time they arrive here and know whether or not they have been boarded or accessed between disembarkment and embarkment here . Thats a question i probably cant answer in this venue sir. Got you. Thank you. Senator, did you want me to touch upon the metrics issue . Yes please. So i think weve seen a weak innocence metrics, at kind of a strategic level. Whether its the National Strategy or the more detailed functional plans, we have not seen metrics laid out early as to what were actually what the end state is and how were going to measure that but we have problems particularly at the Program Level most often because those are easier to look for and find. I think we have found an improvement of the metrics of how the programs are run, and so one of the first things we do when we look at a program is do you know how the program is being run and have those metrics. A lot of times well find weaknesses in those internal controls and i think those have improved across the board. So when i say some of these programs have matured a lot of it is better management of the program. Where we have not seen large improvements is in the area of measuring results of the program and what theyre trying to achieve. I would also agree with you the importance of cost benefit analysis a lot of times will get a discussion from the agency, well, that could be expensive and we dont have enough money to do it. In the end if you end up spending 3 billion on grants thats an outstanding record weve had for nine years that they come up with Performance Measures on the Port Security grants so maybe a couple of extra Million Dollars to do those analysis to develop those grants in hindsight looks like money well spent. Maybe one example of cost benefit analysis that was done rigorously involves the advanced spec electroscopic portals drchlts d. O. D. Put in. It was not very rigorous in terms of the testing and we pointed that out. Then we looked at how much those would cost marginally compared to the additional capability they were going to get, they cancelled the whole program. They cancelled it after spending 280 million but they were planning to spend 3 billion so that was the case that whatever the testing or analysis cost, i think in the end led to a good result. Okay. Let me ask, mr. Kamoie, do you all have plans to reinsert fiduciary agents to the spg . We do not, senator. And why is that . When the fiduciary mallsodel was used, it was at a time when the appropriation levels for the program were much higher. I think it was in 07 and after rounds of stimulus funding the agent model was absolutely necessary to assist the agency in distributing and monitoring the funds. Over time however, as the appropriations level has gone down and our internal capability with staffing has increased to manage the program the fiduciary agent model has become less necessary. And in terms of monitoring performance, there was a varying level of performance by fiduciary agents in monitoring and so given our increased staffing, our increased capabilities, we think its more appropriate that we monitor and oversight of the Grant Funding and how its spent. The other thing ill say is that the allowability of management and Administration Costs from the Grant Program to fiduciary agents of 3 to 5 would result for example, just this year in 3 million to 5 million in overhead costs that we think are better invested in actual Port Security projects. Do you have the flexibility under the appropriation rules to use some of that grant money for Grant Management . Senator, ill have to check the language and get back with you on that. But would that help you . In other words rather than spending 3 million to 5 million on a fiduciary, if we spent an extra 1 million to 2 million on managing grants, especially Cost Effectiveness of grants and looking at that im pleased with the progress thats being made i just dont think were there yet, so id love to know what we need to do to help you to get to the point where you know my model for grants at the federal government is the division of library and museum sciences. If you get a grant from them you can guarantee that theyre going to check on you theyre going to do a metric theyre going to know whether you followed your plan in the grant. And if youre not, they pull the grant and you dont ever get another one again. So everybody has a different expectation. And so the fact that some grant money is going to thangzings that arent really for security, if you had that reputation i guarantee you everything would be put down the way you want it put down, even though you have flexibility. I absolutely will take a look at that. Were willing to learn lessons from wherever we can. Theyre the best run Grant Program. Appreciate that. The other thing is the spin out. You know, were still in terms of weve granted but weve still got a long ways to go on spend down. Where are we on that . Sir thats Getting Better as well. Early on the program when ports were doing larger Capital Project infrastructure building with multiphase complicated projects, it took a long time to spend down. A lot of those projects have been completed and weve taken a number of steps to assist grantees in the spenddown. One, we remind them quarterly. We are in touch asking them to draw down. Two, we shortened the performance to two years. But your question is where are we. In august of 12 for and we can follow up in writing with these numbers but for the Program Years 08 to 11 80 of the available funds were not yet drawn down. A year later for fy08 to 12 every year one goes off the books, but we moved the needle down to 44 of funds not being drawn down. And we did a check at the end of april and right now were at 39. 3 not yet drawn down from 08 to 13. Im going to have to recess this and go vote. Senator carper will be back in a moment. Thank you, senator. Im glad you waited. Okay. Lets see lets just see if we can see if theres any consensus on the metrics that were using. How do we measure success. Lets start with you, ms. Mcclain. What are the metrics that we are using or ought to be using and using that metric or metrics, how are we doing . Well or maybe not so well . Mr. Chairman i think there are several indicators that evidence success and progress in securing the ports. I would note that in the last seven years our relationships, our programs internationally, those global partnerships the Capacity Building the agreements everything thats necessary to supply the whole Global Supply chain, i think theres been significant advancements in that area. I also think that our improvements in the advanced data and targeting area make us more secure. The coast guards port assessments, 1500 ports i think there are a lot of indicators that theres a Global Recognition of the need to tackle this issue on a broader basis. Same question, admiral paul . Admiral paul thomas. Thank you, mr. Chairman. You know, i was in port in galveston, texas, in 2001 and for the three years that followed as we scrambled to figure out what it meant to secure our ports, so from my perspective, its clear that weve achieved a lot. But i think one of the first things we did, and mr. Caldwell mentioned the strategies that were out there. We recognized that in order to build a secure port, we first had to build regimes. We had to do it locally, nationally and internationally. Then we had to build awareness so we could figure out what was going on and be able to pick out anomalies. Then we needed the capability to respond to those anomalies. If you look at those three Building Blocks and compare to where we were on september 11th 2001 to where we are today its clear theres been progress and there are clear metrics within each of those. With regard to regime, certainly the thank you to the congress for the Maritime Transportation security act and the safe port act but that was the impetus for the International Regime which is the International Ship and Port Security code as well as regimes that have been implemented as far down as individual port authorities. And im not talking about regimes that are just required by the law, im talking about they understand that security is now part of their business product. So i think in that regard theres clear measures. Really an intangible probably from here but as a captain in port, you can tell you there was no awareness or recognition that security really was part of the product in the port. We had gotten the message across with regard to safety and environment but now they get it, its part of their business as well. So i think theres a metric there. Certainly with regard to awareness and capability weve built the capabilities federally, locally, internationally, all of which i think are clear evidence that weve been effective in terms of enhancement. Im with you i think we need to do more. I think we can never rest on our laurels. Im concerned about emerging threats like cyber. Well come back and finish. First, how are we doing and what are we doing what metrics are we using . But i want to come back and say whats on the to do list for us. Okay. Kevin. Mr. Chairman, im touch on five areas. Broadly our ability to identify and mitigate risk is the metric we seek to measure ourselves on. First on the data front, were getting advance information on all cargo shipments for the u. S. Manifest information Entry Information and imPort Security filing which is another 12 Data Elements that are critical. In terms of targeting and assessing that risk, category two, were analyzing all of it with our automated targeting system which is a very sophisticated capability that is constantly improved and were working on responding to the gaos ideas on identifying the effectiveness of those targets with more granularity. Three, examining at the earliest possible point in the cycle. Currently 85 of shipments that we identify as potentially high risk are examined before they are laden onto vessels destined for the u. S. Our examination requests of our csi partners foreign in our 58 ports are accepted 99 of the time. We think those are very solid metrics. 100 of containers identified as potentially high risk are examined before they are let into the u. S. Stream of commerce, so 85 prior to lading and the rest of the 15 before theyre allowed to enter the u. S. On arrival. Securing the supply chain category four. Over 50 of all Cargo Containers by value are part of our ctpat partnership with our 10,750 partners. Weve increased the security of the supply chain through that partnership. Were also mutually recognizing other countries systems, including the European Union and six other agreements to ensure broader visibility globally, as ellen alluded to, the international partnerships. Five, our efforts to address the highest consequence threats, rad nuc, were scanning 99. 8 of all arriving 68 that again what percent . 99. 8 . So just about everything arriving in a sea port is scanned through a radiation portal monitor, sophisticated Sensitive Technology for identifying radiological and nuclear materials. The other part of this coin, sir, the facilitation piece that you referenced, the vast majority of cargo arriving in the u. S. Is released before it even touches the dock. Our ctpat partners are getting fewer exams. Weve established mobile Technology Options to clear shipments right there on the dock instead of waiting hours and having those bananas sit in wilmington. The u. S. Chamber of commerce and 71 others just wrote to the secretary this week in an open letter saying that this regime is working well and that the facilitation piece in particular, weve achieved through this layered risk approach. So those are the metrics we look at. Im happy to elaborate on any specifics. All right, fine. Mr. Kamoie. Mr. Chairman i think while you were out what we agreed is in the Port SecurityGrant Program that we have measures, weve made progress, but that we agree we can continue to make progress. On the programatic side of the effectiveness measures, we looked very carefully at the six priorities of the Grant Program. Enhancing maritime domain awareness, enhancing improvised device Radiological Nuclear protection response and recovery capabilities, enhassing Cyber Security capabilities Maritime Security risk, mitigation projects, planning training exercises and the transportation worker identification credential implementation. Right now we have a measure that were looking at building new capabilities across those six areas and sustaining existing capabilities. But again, that measure can be better. On the administrative management side weve made progress in measuring our ability to effectively and efficiently release the funding, monitor programatic use of these funds monitor grantee Financial Management of the funds, monitor the closing of awards and grantee drawdown were making progress, mr. Chairman, and have an opportunity to make even more. Mr. Sadler. Yes, sir. For us i think its about getting good quality information and data for us to make the right decisions on when we issue a card. Its about continuing to get that information after we issue the card so we can monitor the individual to ensure that they havent done something to disqualify, whether its on a terrorism watch list or through some type of criminal issue. I think the other thing that is going to make us better is installing readers. We believe that the coast guard, who are very close partners with us, we are with everyone else on the panel, has made the right decision to take a riskbased approach and put readers where they need to be. And we think thats going to be a major improvement for our program, considering its a biometric credential. The last thing we have to do is share information. Which we do on a daily basis. So we need good, quality information to make good decisions with. We need the information to keep on coming so we can continue to make good decisions after we issue the credential. We need to install readers and we need to continue to share information, which we do on a daily basis with our partners. Mr. Caldwell. Thank you very much. I mean the most difficult question is how do you measure security and risk. And i think weve actually looked at that quite a bit across a lot of these programs. I think one of the Better Program is a Coast Guard Program where they can actually at the facility level actually try to measure the risk based on vulnerabilities and threats and various scenarios like that. I think they did that. The coast guard also took a step trying to develop a more sophisticated measure of how much Coast Guard Programs actually it was the percentage Maritime Security risk subject to coast guard influence in the programs. Were a little critical of this because in the end it was subject matter and the experts in the coast guard sitting down and thinking about what those reduction measures are and putting the single point of, you know percentage on that. We had a couple of criticisms in terms of ways maybe we try to make that better and maybe giving particularly when theres so much judgment. You want to give a range instead of ae point estimate like that. Theyre looking at whether they want to keep that measure or not. It was a measure they were using within the coast guard or said they were using, but they werent really using for that much. If you have a performance measure, but theyre not use it to monitor things or prioritize resources, you have to question whether its a useful metric in the end. Thank you. Okay. Some of you fwan to answer the second part of my question but i want to take another shot at it. My staff my colleagues oftentimes hear me say and we can actually measure that weve not made nearly enough and are there any of those think about how who can help make enable us to make progress thats needed. Us . Legislative Branches Committee . President . His budget . Who needs to help out . You want to go first . I think that just to sort of set the scene here we certainly need an approach thats flexible innovative so that we can take on the adaptive adversary, and we need something that an approach thats riskbased so we can make the most costeffective use of our resources. That said, we recognize not that we dont want to have negative impacts on global trade, on we need specific improvements in the area of the targeting algorhythms reducing the alarms, the working with our partners at some of the csi ports to increase the percentage of scanning thats undertaken. Across all pathways, focussing on a single pathway doesnt necessarily reduce overall risk so as we go forward we need to consider improving security across all transportation pathways, and, lastly i would note that we are continuing the dialogue, the stake holders, to see what additional or expanded roles they might take in improving security of our ports. Okay. Thanks. Admiral. I think theres the first is complace ens where i as we get further from 9 11. I think the sense of urgency decreases. From the congress on down, we have to make sure we maintain the sense of urgency with regard to Port Security because the threat is adaptive and as fwood as the physical Security Systems that we have in place are, there are emilitiainging threats like cyber that we have not yet addressed. Weve begun to address. I believe the coast guard has the authority so that we need to do that and were working on what the resources might be, so you may hear about that. The other wrar that would be of concern is the real highend threat that needs to be intercepted off shore as possible. Some identified threat thats on for our shores. It requires shipsz and helicopters and things that are not only capable and thats the time when you need them. Those two things are areas where we need to make sure where we continue to build our capability and to build our plans for action. Identifying risk, about the we want to continue to get better. Thats an area, and we do get congressional support to continue to improve in that area. With the raid wrags portal monitors we need to be able to dial the algorhythms. Theyre very sensitive for the threat materials were worried about, but they reduce the naturally occurring radiological material alarms that we face on normal commoditiesing, like bananas, for instance, and granite and other things that do hit on our portal monitors. We dont want to waste time on those alarms. We want to focus on what could potentially be dangerous material. I think already continued opportunities globally. Were currently working with partners and broadening the scope of csi, security first, but also looking at other threats that a Global Supply chain, contra band, commercial fraud that can support criminal activity and so forth. Enhancing fwloebl supply chains Security Standards. We did that after 9 11 with the World Customs Organization and the framework of standards. Theres always opportunities to take that to the next level. Then, of course, the private seblgtor. Continued opportunities there. Not only on a supply chain side of the ct pat but looking at whether from a terminal operator perspective there might be a return on investment to do greater Security Work prior to leading from a private sector perspective that we could then share and benefit in. Were pursuing all of these angles as the secretary noteed in his letter. Theres a great point. I really appreciate your responses. Ill come back and ask the same question of the last three witnesses. Ill be right back. You want them to answer those . Okay. Thank you. Lets talk about the 100 and the fact that were at 2 to 4 . I think those numbers are right. Please correct me if im wrong. I would love for you to get in on this. Theres no question the 9 11 mission said somewhere between 2 and 4 and 100 what do we need to be . How do we need to decide where we need to be . How do we become more effective in terms of container inspection . Ill start, and im sure im sure the question is not the percentage itself but are we inspecting the right percentage . Are we inspecting and identifying those containers that are high risk and mitigating that threat at the earliest possible point. We talked about some of the metrics that we are following whether were accomplishing that and just like to reiterate one of those elements for you, sir. On those containers that we identify as potentially high risk or automated targeting system. We are examining with our foreign partners under the Container Security initiative 85 of those containers before theyre ever laid on a vessel destined for the u. S. Within that at the first port of arrival in the United States so we are checking them before they enter the stream of commerce to the u. S. And getting 85 of them before theyre even on a ship destined for the u. S. One of them has a nuclear weapon, and its a little late, isnt it . Yes. Thats not the only layer that we have fired away. When you think about this, were saying 85 of those deemed high risk. What is our goal to get to 100 of those being high risk. My goal there, sir, is increasingly target with the right port foreign, how we can encourage them to examine anything we think is high risk. We have 58 csi ports. 80 of cargo destined for the u. S. We think we place those csi locations in the right places or currently, though, assessing how the threats have changed, are there certain strategically important ports that we can add capability and work with additional countries to encourage them to take measures before laying. As you mentioned working with term maloperators. Is there a way we can encourage Terminal Operators to encourage the overall inspection if we think theres a return on the investment, working with customers to sell a security benefit that we can then benefit from and share in the information also . The container inspection world really does belong to customs and Border Protection although i can certainly attest to the impractical kalt of looking at every container as it comes through our yards. I have seen the targeting that we do jointly on cargo, and the ought mated processes are very effective and very adaptable. If theres a new intel stream that comes in cbp can quickly change they are targeting and identify cargo that might be associated with a newly identified threat. All right. Heres the question as a commonsense wrupt. The European Union has done the constituted where i. The private sector has done several studies. The challenge is sir, theres 800 or so leyden for if one sneaks in and you have the tragedy that they spoke about at the port of los angeles estimating 1 trillion affect on our gdp, 16 billion doesnt seem that great, so where do we go . Senator thank you. Ive thought about this a lot. Weve done several studies on it. As far as the one study youre asking for the only place ive seen it is in a recommendation weve made, and i think that cbp and the department would have been better off at that point if they said this is it this is the Feasibility Study this is the cost benefit analysis. Were going to do it and try to put this thing to there have been multiple studies. I feel bad because i think the department in all the study all the little pieces have almost gotten there. I just would like to stop talk about kind of when popular myth the 9 11 commission never called 100 scanning of maritime cargo. What did they call for . They called for 100 scanning of air cargo. They said almost nothing about ports and maritime. Okay. Thats great to know. Yeah. So but moving on, so the we do think that challenges are likely insurmountable. The safe port act was left a lot of things undefined and i think through the pilots cdp wanted to see what the undefined things would be. Whats the cost . Whats the point . Theres a concern that it would create a false sense of security in a couple of ways. You could scan a container if its kind of within a regime that we trust a port that we trust, then we know maybe that container we have some confidence that after its scanned and gets on that ship, its going to be monitored or Something Like that. A lot of times we wont have those cases. A lot of the places because of how ports are laid out where they do that scanning are off site. If that truck has to drive three to five miles, a lot can happen in that period. One thing the coast guard commented on its more likely that a weapon of mass destruction would come in and not do a highly regulated regime like containers, but through small vessels coming in and snuck in some other way. Theyve looked at millions of containers and used the risk based analysis and are still finding things. Its not when they find drugs and these things that theres a one to one match that we had rated that one high risk. There are cases where they find stuff in there that had gotten through the system. Drugs or other contraban. I think our approach is to look at the programs that we have. We would have liked to see the feasibility analyze. Its kind of water under the bridge but we would like to see us doing a little better with what we have recognizing that were not going to have a perfect system. Thats going to be optimizing your targeting system, which means that youre monitoring is it on a regular basis, youre testing it to see how its doing. Its having the best csi footprint you can in terms of some of the ports. High risk ports. Maybe they should pack up and, you know shake hands with those partners. Those partners will keep helping us. Move some of the operations to other ports. Do you have specific recommendations on ports from the gao . Yes, we do. We do have a recommendation that they use the port risk model they had used in 2009 to initially plan the 100 scan or are thinking about that, and use a similar type model to figure out what ports are they in . We actually tried to reproduce that, and found 12 of the ports theyre in were low risk ports. More than half of the csi ports were in high risk ones but we recognize that there is some ports that arent going to let us in. You know . I mean, youve got some nasty players out there that arent going to let a joint u. S. Program into their we do have recommendations, and they are we understand lets go back to grants and the tiered port system for a minute. If were not doing analysis on progress, do we reevaluate the ports in terms of piers. Heres tier one, tier two tier three, tier four. Is that done routinely yearly, biannually . How often do we reanalyze high risk ports one . Number two is without the metrics, but theyre Getting Better, how do we take what we have improved and measure it to show a decreased risk for tier one port so that the dollars that you have can go to where the risks are the greatest . Thanks for the question senator. We reassess the risk of the nations ports every year, and we use the risk formula that incorporates the most recent data we have available on threat vulnerability and consequence, and there have been times where changes in that risk data have resulted in the changes in the grouping of ports. For example, last year in fy13 there are eight tier one ports. San diego had change in its relative risk formula because these are relative to one another, and so this year it is not tier one port. We are making those adjustments. We work very closely with the departments of intelligence and Analysis Unit to populate the risk formula with the most recent data, so, yes, we are looking at that continually. Your second question as to what the measurement and what i would consider to be buying down of that risk and the vulnerability i fwrae weve got some progress to make there in terms of agreement on measurements and metrics to show that progress and show it in a way when the chairman comes back his question was about how can the congress help, and here i think my ask of the chairman and you, senator, is that we have a continue the dialogue about the types of data that would enable you to have more confidence and American People have more confidence that we are making that progress and that we are being effective sturdz of the taxpayer dollars. I would agree with you that we certainly have made progress and we have plenty of good examples, but we would like to continue to work with you to get at the data and the measurement that would show that in a more compelling way . Each port has a Port Security plan right . Right. What a total cost would be to bring it up on a Cost Effective benefit, how much total and all the tier one ports that we need to spend to bring them where they need to be. Do we have that . Do we know that . Im not aware of that analysis. Thats an important we because if you dont know what they need, well never get there. Well, so, i mean, we certainly at the captain of the board i know you know where the weaknesses are, and i know thats where the grant money is going, but im saying in the big picture if were going to spend 100 million this year on Port Security grants and the total bull for bringing our tier one ports is 2. 5 billion, you know were 12 1 2 years from bringing that, and by that time were going to have replacement needs. So the question is dont we think its important to really know by port heres the total cost to get us where we want you. Which one have those top eight ports, which one has the greatest vulnerability and should we not be spending maybe 70 million at one point and 30 million at the other eight on the basis of what the total need is to bring them to that level where we feel confident . Well absolutely, well take a closer look at that. We have moved the entire suite of Grant Programs towards Performance Measurement against the core capabilities that are in the National Preparedness goem following up implementing the president s directive president ial policy directive aid on marshall preparedness. We continue to find the Performance Measures for those. Through the threat hazard identification and Risk Assessment process, we are asking grantees to do a lot of what you are talking about in terms of identifying capabilities and then using the investments to close the capability gaps, so we are moving in that direction. Im not aware of a single analysis where we have put a price tag on what it would take to close the gap. Well certainly take a look at that. I just think that the really important thing to know because youre going to have limited funds from here on out. Send in the tlarz where the greatest risk is. I would just recommend you look that the. I dont know what the gao has any comments on that or not. If i might, well take a close look at that. I think the threat has identification Risk Assessment process, and the area Maritime Security working groups at the local and port level i think theyre getting at a lot of that, but i agree with you we could make it more progress. If i could just until your points, the first had to do with how do you account for a risk down with previous grant p money in determining the risk ranking for the next we wul do that as part of the coast guards Maritime SecurityRisk Assessment model that gao mentioned. If we have invested in a system that reduces the vulnerability or mitigates the consequences that gets reflected. Thats part of the formula that we use for the tier of the next were year. It is in there. The other piece that you ask about is have we defined what a secure port is. I watched the initial focus be on securing individual facilities. Lets make sure we have fences and cameras and guards and rpms and get facilities. Then i saw evolve to we need to really secure this port as a system as well. How do we link these fences together . We invested in things like Communication Systems that would allow everyone and Surveillance Systems that were focused on the common infrastructure, not on the private sector. Have we been able to address when we need to recover . We invested in trade. Its been a naturalel use. I believe were still in that evolution because we have emerging threats supper as cyber. I think the next round of grants is putting money towards cyber vulnerability assessments so we can then understand what its going to take to secure the Cyber Infrastructure of the maritime. I dont know that well ever be able to say were there but i do see a very logical progression on how we focus our planning and our investment. We have a diagnostic system for cyber within Homeland Security. Is the twik system applicable to that system . Let me take that one, sir. Yeah. Right now the way the twik system works is that the contractor provides to the system. It then gets back to the tsa. The system whether its on the enrollment side, the date wra center side, up to the tsa side has built the federal standards. They have to go through a certification and accreditation. They go through auditing. They go through testing. Its not monitored through the dhs system. Its monitored through the tsa operation center. Everything from the contractors date wra center. I would like to have you answer my wrerl question. The next question im going to ask of all of you is what is our to do list on this committee and in the congress . I ask you and the committee is for a continued dialogue, and i share this with Ranking Member before he stepped out. A continued dialogue about the types of data and the types of measures that would give you the confidence, give the American People the confidence that we are investing the grant dollars in a way that is most efficient and most effective and that were all good stewards of these resources. I agree with admiral thomas. This is threat is evolving. So too, have our measurement of where were headed next so we appreciate a continued dialogue with you about how we define the measures of success that will give you the confidence that were all looking for. Okay. Hanks. Something for our trigger list to continue to make progress. I think its just continued support and helping us get you know, from tsas point of view, the readers on the coast guards point of view, understanding that the coast guard is prom you will gating the rule and when i say we need the readers, we need the readers thats not in any way, you know insin waiting that theres some delay on the rule side. Theres a lot of work that went into we could put readers in place and use the full capability of the card. I think to the admirals point before, its critical that we maintain mission focus. Its also critical that we make riskbased decisions so we protect the right wrarz. Thank you. Senator ill do kind of a combo answer to im still busy trying to answer the question you asked before and then the last one. Ill see what i can do here. I have three things. Two, kind of for the agencies to do and one for the committee to do. They make the infrastructure controls not predictable. You keep deter answer out there. I like what i see at cbp when theyre doing they call their key side or dock side scanning where a ship will come in and theyll target a ship, and it wont be based on whether the containers are high risk or not. Theyll be scanning every seventh one or tenth one. Maybe there could be more flexible is csi and the food that they have and think about whether they need to ship that deckation bit to Different Countries if possible. I think cyber is the growing area. Its an area where dhs and coast guard had been monitoring the situation, and theyre talking about taking action, but i think they do a report were issuing tomorrow for Senate Commerce that will have a lot more detail on our thoughts on that. Then something for this committee, and i think its starting to show up on the radar of the agencies as well is for what we have we do have to sustain it, and you have vessels, and you have scanners and you have aircraft that have that are pretty important in this regime, including some of the interdiction and deterence and just the daily things like scanning containers and some of these are reaching the end of their life. I know that cbp is trying to extend the range of their scanners from, say, ten years to 13 years, but at some point youre going to have a lot of youve built all these this regime and all the things that go with it. It takes it will take some sustainability, and it will translate into resources. What is our to do list, and i dont know what i ms. Maclean, you and admiral thomas and mr. Maclean had a chance to do that. Our to do list. Chairman, i think i just echo some of the points that were made earlier and emphasize that in moving forward anything we do needs to take into consideration the dhs confronts a multitude of threats and so you know to be Cost Effective and efficient we need to always bare that in mind. I think the second point we made earlier is that big picture, security across all pathways to buy down risk dont want to encourage sort of a balloon effect where we put all our security assets over here and the adversary just circumstance upvents that. The picture has got to be across all pathways. Then echoing mr. Caldwells point about the aging infrastructure and funding dhs in accordance with the president s budget. Thanks. Admiral thomas. Anything you have that we should be doing on the legislative side . Thank you chairman. I dont have much to add to whats been said. There may be some very specific authorities and capabilities we identify as we continue to analyze the threat with the ports, but i think we have the right access through the staffs to get that information to you. I would say that this type of oversight and continued focus by this committee on this issue is really important to staif off that complace ensy that im concerned about. We do appreciate that. Thank you. Four quick things. Echoing several things that mr. Caldwell mentioned. Continued support for the key programs we discussed today. The automated targeting system. Were actively working on the recommendations that mr. Caldwell mentioned. Well be working with your team on those plans. Three, what you are articulating at the beginning, mr. Chairman understanding the critical economic expeditious and facilitated movement of cargo aspect of our mission. That continues to be critical and needs to be understood. Then, four working with the secretary and the department on an agreed path forward on scanning. Keeping us honest on a good faith effort. We discussed working together with the framework for the best future. I think dr. Coburn when i was asked a question dealing with fiduciary agents, and i just want to come back and i just want to come back and say the second half of a question. Maybe ill take a shot at it. I need to be someplace else, literally, in eight minutes. Whoever would im going to ask you to take a shot at this. Heres my question though. Rather than ending the use of fiduciary interest for all ports, why not let ports decide for themselves if they would like to use one . Weve considered that proposal and dont think it is in the best interest of the program. As the appropriations have gone down and our capabilities internally have fwroen in terms of Program Oversight management and monitoring weve gotten a pretty good window into the project level data and the approach grantes are taking. We lost some of that visibility. As you might expect, there was a variety of performance varying levels much performance across the fiduciary performance model, and then the other thing is with the management and Administration Fee the fiduciary agents had access to 3 to 5 of the fund. We think those are better invested in actual security projects. I know theres a range of opinions in the Port Security. We decided that the best thing for the most effective and efficient management of the program is to bring that management in house and not use the fiduciary model. In this last question, its for ms. Maclean, admiral thomas, and really short answers. If you would. The first question is what affect has increased security on land borders had on what affect has increased security along our land borders had on maritime border security, and ellen, if you just take 30 seconds. Yes mr. Chairman. Two quick points. I think the trusted trader programs that we developed in the land border context informed how we deal with those programs in the maritime context, and, second, i think it pointed out to us and i real quickly go back to south florida in the 1908s how you need a riskbased approach to secure any single pathway. Thank you. Thank you. Admiral. Somewhat outside the realm of Port Security, but certainly we have seen the balloon effects on particularly the southern part of the west coast and also in the care bean as we secure our land borders for trugz and contraband and other illegal activities theyve taken to the water. Weve adjusted our forces. Thats really the impact that weve seen there. Great. Thank you. Agree with the admiral. We have not seen a Significant Impact in terms of changes in the threat within commercial flows. We have seen the Effective Security between ports of entry push activity out into the on the west coast as well as up through puerto rico. There was a second half to that question, but i dont have time to ask it. You may not have time to answer it. Im just going to wrap it up here. Im really glad that dr. Coburn has these hearings. Its timely. Theres a fair amount of progress, and theres still plenty of work to do. Im encouraged sense of team is at play and that certainly helps. We are part of that team. Thank you all for your preparation today for helping to make this a very, very good hearing. Its clear to me that one of the most important takeaways from todays hearing is that its critically important that we strike the right balance. Its not an easy thing to do. Its hard to strike the right balance between security and make sure we do not unduliy impede the flow of transportation and trade. As you all know, 95 of our trade moves on the water but the port is vital to our nations well accident, and theyre a conduit for a lot. We will have sent some of my colleagues will have lets see here. Some questions to ask, and we may have some ourselves. The hearing record will remain open medical may the 19th. It says until may 19th. Probably should sar june the 19th at 5 00 p. M. For submission of statements and questions for the record and with that i would say to our republican staffer and our democratic staff and all my colleagues thank you very much for helping us and to each of you for joining us today. I think one or two matters. Maybe admiral said oversight is a good thing, and we hear that a lot. We wont disappoint you. Thank you. [captioning performed by national captioning institute] [captions Copyright National cable satellite corp. 2014] next, a debate with the republican primary candidates in the South Carolina senate race. And live at 7 00 a. M. , your calls and comments on washington journal. For over 35 years, cspan brings Public Affairs events from washington directly to you, putting you in the room at congressional hearings, White House Events briefings and conferences, and offering complete gaveltogavel coverage of the u. S. House all as a Public Service of private industry. Were cspan created by the cable tv industry 35 years ago and brought to you as a Public Service by your local cable or satellite provider. Watch us in h. D. , like us on facebook, and follow us on twitter. Next, a primary debate with the republican candidates for u. S. Senate in South Carolina. Incumbent Lindsay Graham is seeking a third term. He faces six challengers in tuesdays primary. This is the first time senator graham has debated his opponents in this campaign. The debate was hosted by South Carolina educational television. Its one hour. The state, the news the island the gazette, the sun news of myrtle beach, the herald of rock hill, and the item of sumter present etv debatesful tonight candidates for u. S. Senate. And now your moderator, dean of u. S. C. s college of Mass Communications and information studies, charles. Good evening and welcome to tonights primary debate. Among the republican candidates for the u. S. Senate. Joining me tonight to ask questions of the candidates are the Greenville News and the state newspaper. Candidates joining us tonight are bill connor, Lindsay Graham, nancy, richard, lee benjamin. Before we begin tonight, some brief ground rules. Each candidate will have one minute to respond to the question. If necessary i will allow a 30second rebuttal. We drew names when the candidates arrived for the order in which we will start, and that first question will go to mr. Connor, and then to all of the rest of you in turn. This has been a contentious race by most assessments. We have a twoterm incumbent, and we have six as plants to replace him. Some of you have made some fairly harsh accusations in the course of the campaign so far. Senator graham can defend himself. Thats not my role here tonight. What id like to know, and i think the voters would like to know, is if this is a referendum on Lindsay Graham, why then, senator do you have a target on your back and why specifically candidates, is this such a visceral campaign against senator graham . Would you start please, mr. Connor . Sure. First of all thank you, senator graham, for being here, and thank the rest of the candidates. 20 years is too long, and senator graham, i think when you first came in with Newt Gingrich lot of great ideas. But after things like voting for justice sotomayor, voting for justice kagan, the tarp bailout, a number of these things, its come time senator, quite frankly, for somebody else to come n. Its not personal. I think youre a good man. But issue is that we need new blood. Ive already said im staying for only two terms. 12 years is long enough. George washington took eight years and set the country on its course. That comes down to the issue. Well go through various points, specific points, but i think all of us have gotten tired over time of the various things weve seen where near election period, lot of conservative rhetoric, but in the six years, five years leading up were electing a senator to serve in the next six years. Ladies and gentlemen, i think im the best qualified to represent our state. And i say that humbly. I know how to deepen the port of charleston. If we dont get that right were in trouble. When my state needed me to fight the unions, i was there in an effective way against the nlrbs effort to shut down boeing. Im proud of my record. Ive been endorsed by many groups. I have a fiscally responsible record. It is about the future. Our country is at risk. Barack obamas foreign policies failing. Radical islam country will tell you is on the rise. Those who have fought so bravely since 9 11 there is nobody in the senate that will have their back better than i will. I understand the threats we face, the needs we have here at home. And if i go back to the senate its with a purpose. To rebuild this party and to take care of those who have had our back and make sure that we in South Carolina have a voice that people will listen to and respect. Thank you. Ms. Mason. First i thank you all for having us here this evening in our first debate with senator graham. I first want to say that i am not a politician. Im a wife and a mother and a successful Small Business owner. Six years ago i started my own company doing technology and Marketing Consulting and ive worked with Small Businesses, startup companies, entrepreneurs, and also some Larger Companies as