Areas, and sustaining existing capabilities. But, again, that measure can be better. On the administrative management side, weve made progress in measuring our ability to effectively, efficiently release the funding, monitor programmatic use of the funds, monitor grantee Financial Management of the funds, monitor the closing of the awards and grantee draw down. Were making progress, mr. Chairman, weve got an opportunity to make even more. Thanks. Yes, sir. For us, i think its about getting good, quality information and data for us to make the right decisions on when we issue a card. Its about continuing to get that information after we issue the cards so we can monitor the individual to ensure they havent done something as to disqualify them. Whether its on a terrorism watch list or something through a criminal issue. I think the other thing that is going to make us better is installing readers. We believe that the coast guard, whom were close partners with, made the right decision to take a riskbased approach and put readers where they need to be. And that we think thats going to be a measure in our program for our program considering its a by yo metric credential. I think the last thing is share information. Which we do on a daily basis. So we need good, quality information to make good decisions with. We need the information to keep on coming so we can continue to make good decisions after we issue the credential. We need to install readers. And we need to continue to share information, which we do on a daily basis with our parter ins. Thank you very much. I mean, the most difficult question is how do you measure security and risk . I think we have actually looked at that quite a bit across a lot of these programs. I think one of the better problems we found is Coast Guard Program called maritime Security Risk analysis model where they can, at the facility level, try to measure the riskbased on vulnerabilities and threats and various scenarios. Like that, i think they did that. Coast guard also took a step trying to develop a more sophisticated measure of how much Coast Guard Programs actually reduce risks in the port environment. And so was the percentage reduction of maritime Security Risk subject to coast guard influence in the programs, and were critical of this. In the end, it was subject matter x person. The coast guard sitting down and thinking about what the reductions measures are and then putting the single point of, you know, percentage on that. We had couple of criticisms in terms of way maybe trying to make it better and maybe give particularly so much judgment. You want to give a range instead of a point estimate like that. But i dont want to criticize the coast guard in the sense they certainly were trying to think larger about the suite of programs and what extend they reduce risk. Whether they want to keep the measure or not is something theyre looking at. It was a measure they were using within the coast guard. They werent really using it for that much. If you have a performance measure but youre not really using it to monitor things or prioritize resources, you got to kind of question whether its a useful metric in the end. Thank you. Okay. Some of you began to answer the second part of my question. I want to take another shot at it. My staff, my colleagues, we oftentimes say these words, the road to improvement is always under construction. Thats true here as well. I just want to in terms of thinks of metrics, but thinking were making progress but areas were not making nearly enough. Theres been some allusion to this. We can actually measure weve not made nearly enough. Are any of those. Who can help enable us to make the progress . Us, the legislative branchs committee, the president and his budget . Who needs to help out . Ellen . Yes, i think that just to sort of set the scene here, we certainly need an approach that is flexible, innovative, so question take on the adaptive adversary. We need something that an approach that is riskbased so we can make the most costeffective use of our resources. That said, we recognize not that we dont want to have negative impacts on global trade, so we are looking in the nearterm to specific improvements in the area of the targeting algorithms, the reducing the alarms. Working with our partners at some of the csi ports to increase the percentage of scanning that is undertaken. Were looking at, i think its a key point that i hope doesnt get lost in todays discussion, looking across all pathways. Focussing on a single pathway doesnt necessarily reduce overall risks. So as we go forward, we need to consider improving security across all transportation pathways. And lastly, i would note that we are continuing the dialogue with stakeholders to see what additional or expanded roles they might take in improving security of ports. Thanks. Admiral . I think theres a couple of areas. The first is complacency. From the congress to the Security Guard at the facility. We have to make sure we maintain the sense of urgency with regard to Port Security. The threat is adaptive. As good as physical Security Systems we have in place are, there are emerging threats like cyber that we have not yet addressed. We have begun to address them. I believe the coast guard has the authorities we need to do with that. Were working on what the resources might be. So you may hear about that. The other area that would be of concern is the real highend threat that needs to be intercepted offshore. We need to maintain and get out there and do something about some unidentified threat for our shore. It requires ships, helicopters, and people not only able to get there and present at the time when you need them. So those two things are areas where we need to make sure continue to build our capability and our plans for action. Okay, thank you. Kevin . Mr. Chairman, i would echo a couple of comments that ellen made. On the targeting side, theres always an opportunity to improve or an lettics and capability to assess risk. Were pursuing it aggressively. We have a good system for taking in current intelligence, manipulating the Data Elements against it and identifying risk. We want to get better. Its an area we get congressional support to continue to improve in that area. But the radiation portal monitors. We need to be able to dial the algorithms. Theyre sensitive for the threat materials were worried about. They reduce the National Raid logical alarm we face on normal comedies and bananas that hit on the monitor. We dont want to waste time on the alarms. We want to focus on what potentially could be dangerous terrible. I think there are continue d we are looking another other threats to the Global Supply chain, contraband that can support criminal activity and so forth we did that after 9 11 with the world custom organization. Theres always opportunities to take it to the next level and build kacht with those governments and Custom Services that are willing to step forward but dont have the capacity or funding. And then, of course, the private sector. Continued opportunities there not only supply chain side but looking to whether a terminal operative perspective there light be a return on investment to do Security Work that we can share and benefit in. Were pursuing all of these angles as the secretary noted in his letter. Theres a great points. I appreciate your responses. Ill come back and ask the same question in the last witnesses. You want them to answer it . [ inaudible ] okay. Okay. Thank you. Lets talk about the 100 mandate. And the fact were at 2 to 4 . I think im right. Ngo, i would love for do you get on this. Theres no question the 9 11 Commission Said rePort Security we need 100 screening. We hear its not practical. So the question somewhere between 2 to 4 and 100 , where do we need to be. How do we need to decide where we need to be, how do we become more effective in terms of container inspection . Ill start im sure colleagues will want to chime in. I think the key question for us is not the percentage itself but are we inspecting the right percentage . Is it are we inspecting and identifying the containers high risk and many hitting at the threat at the earliest possible point. While you had to step out to vote, senator, we talked about the metrics were following and whether were establiaccomplish that. I would like to reintegrate one of the elements for you. On the containers that we identify as potentially high risk through automated targeting system, we are currently examining with our foreign partners under the Container Security initiative 85 of those containers before they are on a vessel destined for the u. S. Within that thats 15 that arent getting inspected. They are getting inspected fully at the first port of arrival in the United States. We are checking them before they enter the stream of commerce to the u. S. And getting 85 of them before they are even on a ship destined for the u. S. Okay. If the 15 , one of them has a Nuclear Weapon in it, its a little late, isnt it . Yes, but thats not the only layer we have i understand. But when we think about this, youre saying 85 of those deemed highrisk. So what is our goal to get to 100 of those deemed high risk . Our goal there, sir, is to increasingly target with our the reports forming how we can encourage anything we think is high risk before leaving. We think we have placed those csi locations in the righright locations. Were assessing how the threats have changed. Are there strategically important ports question add. Capabilities can work with additional countries to encourage them to take measures. Mentioning, as you came in, sir, working with terminal operators. Is there a way we can encourage them to increase the overall inspection if they think theres a return on the investment. Working with the customers to sell security benefit that we can benefit from and share the information results of. Any comments on that . The container inspection world really does belong to customs and border protection. I can certainly attest to the impracticality at looking at every container. I have seen the targeting we do jointly on cargo and the automated processes are effective and adoptable. So if theres a new intel stream that comes in, we can quickly change their targeting and identify wcargo that might be associated with a newly identified threat. All right. Here is the question as a common sense. We say its not capable to do 100 screening. Where is the study that says here is what it will cost and slow down commerce. Has that been done . A number of that studies in that regard have been done. I offer that gao might want to comment as well. We have done a study and provided several papers to congress estimating up to 16 billion in costs. The European Union has done a study, the private sector has done several studies. The challenge, sir, theres 800 or so initial ports for containerized cargo destined for the u. S. An average of 3 to 5 million per port. An average of 5 million to implement the system. That scope just makes it very challenging to get to the level. A lot of questions on who pays, who is responsible, how it is monitored and so forth. If you take the rand study, even though its dated now, say if you had one sneaks in, and you have the tragedy they spoke about at the port of los angeles estimated 1 trillion effect on the gdp. 16 billion doesnt seem that great. So where do we go, gao . Senator, thank you. I thought about this a lot. We have done several studies on it. As far as the one study youre asking for. The only place ive seen it in is a recommendation weve made, and i think that cvp and the department would have been better off if at that point they said this is it. This is the feasibility study. This is the costbenefit analysis. And put it to batter and show the tradeoffs. There are multiple studies theyve done. I feel bad, i think the department in all the little pieces theyve done since then theyve almost gotten there. But i dont see that. But i just i would like to stop to talk about kind of one popular called for the 100 scanning of maritime cargo. They called for 100 scanning of air cargo. They said almost nothing about ports an maritime. Okay. Thats great to know. Yeah. So but moving on. So we do think that challenges are insurmountablinsurmountable. The safe port act was left a lot of things undefined. I think through the pilots cvp tried to understand the undefined things would be in terms of cost. Who does it, what is the point . But i think this is a concern it would create a false sense of security in a couple of ways. You can scan the container if its kind of within a regime that we trust. A port we trust. We know maybe the container we have some confidence after its scanned and gets on the ship, its going to be monitored or Something Like that. But a lot of times we wont have that case. A lot of cases because ports laid out where they do the scanning are offsite. If the truck has to drive 3 to 5 miles. A lot can happen in that period. One thing the coast guard commented on. Thad allen said it was more likely that weapons of mass destruction would come in not through a kind of highly regulated regime like containers, but through some small vessel coming in and snuck in some other way. I also agree. I think intelligence, in the end, would be the key if theres weapons of mass destruction that someone is trying to smuggle in. Im not sure ats by itself would catch that. They looked at probably millions and millions of containers and used the riskbased analysis and theyre still finding things, but, you know, its not like when they find drugs in these things that because it went to one match between, oh, we rated that one high risk. They find stuff in there that had gotten through the system. Drugs or other contraband. I think our approach has been to look at the programs that we have. We still would have liked to see the feasibility analysis. I think at this point its not implemented. I think its water under the bridge. We would like to see us doing better with what we have. Recognizing were not going to have a perfect system. Thats optimizing the targeting system, monitoring it on a regular basis. Youre testing it to see how its doing. Its having the best csis footprint you can. Some of the ports are not highrisk ports. Maybe they should pack up and shake hands with the parter ins. The partners will keep helping us but move some of the operations toso s tto other por do you have specific recommendations on ports from the gao in. Yes, we have a recommendation that they use the portrisk model they used in 2009 to initially plan the 100 scan and thinking about that. And used a similar type model to figure out the ports they were in. We tried to reproduce that and found 12 of the ports lowrisk ports. More than half were in highrisk one. We recognize there had is some ports that arent going to let us in. You know, i mean, you have some nasty players throughout. Theyre not going let a joint u. S. Program into there. We have recommendations and we understand im not sure i can disclose details of individual ports, but there is movement in term of additional csis ports both opening and closing. Okay. Lets go back to grants and tiered port system for a minute. If were not doing analysis on progress. Do we revauevaluate the ports i terms of tiers. Is that done retunely, yearly, biannually . How often do we reanalyze ports. Number two, without the metrics. Theyre getting better, how do we take what we have improved and measure it to show a decreased risk for tier 1 port so that the dollars you have can to go to where the risks are the greatest. Thanks for the question, senator. We reassess the risk of the nations ports every year. We use the risk formula that incorporates the most rented data we have available on threat vulnerability and consequence. There have been times where changes in that risk data have resulted in the changes in the grouping of ports. For example, last year, and fy 13, there are eight tier 1 ports. San diego had change in it relative risk formula. These are relative to one another. So this year it is not a tier 1 port. We are making those adjustments. We work very closely with the departments intelligence and Analysis Unit to populate the risk formula with the most recent data. So, yes, we are looking at that continually. Your second question as to what the measurement and really what i would consider to be, you know, buying down of that risk and the vulnerability. I agree weve got some progress to make there in terms of agreement on measurements and metrics to show that progress. And show it in a way. When the chairman comes back, his question was about how can the congress help, and here i think i might ask of the chairman and you, senator, is that we have a continued dialogue about the type of data that would enable you to have more confidence and the American People have more confidence we are making that progress and that we are being effective stewards of the taxpayer dollars. I agree that we have made progress and plenty examples. We would like to continue to work with you to get the data and the measurement that would show that in a more compelling way. Each port has a Port Security plan, right . Yes. All right. Has Homeland Security done an analysis of what the total cost would be to bring it up on a co effective benefit. How much total for all the tier 1 ports would we need to spend to bring them where they need to be . Do we have that . Do we know that . Im not aware of the analysis. Thats an important question. Because if you dont know what they need, well never get there. And so, i mean, we certainly at the i know you i know where the weaknesses are and i know thats where the grant money is going. Im saying in the big picture, if were going to spend 100 million this year on Port Security grants, and the total bill for bringing our tier 1 ports is 2. 5 billion, you know, were 12 1 2 years from bringing it. By that time, youre going have replacement needs. Sure. So the question is dont we think its important to really know by port here is the total cost to get us where we want you. And which one of those top eight ports, which one has the greatest vulnerability basis. Should we not be spending maybe 70 million at one point and 30 million and the other eight what the basis is to bring them to the level where we feel confident. Well take a c