request project level data upfront so we can start to get that information to form even more effective measures of outcomes. on the grants management side, senator, we certainly have measures now, and even over fy 12 measures of our monitoring. mr. caldwell mentioned the level of monitoring. 100% of our port security grants undergo some level of monitoring. we have a tiered monitoring system where our program staff on our routine basis look at every award, look at the history of the grantee, the history of the outcomes achieved, their financial measures from draw down, rate of expenditure, rate of deobligation. that, then, is reviewed. we do prioritize based on the risk we see in their management of the grants all the way up to desk reviews where we request a lot of information from grantees and site visits. what i would tell you, senator, i look forward to continue working with you and continue to get the data we need to form more effective measures. i agree with you that everybody can point to the examples, and they really are some stunning examples of how useful and effective it is. we will continue to refine our measures to get that data. >> yeah. as i noted, i think it's improved. i think we still, you know, my underlying concern somebody is going to be sitting up here ten years from now and the amount of money spent on the type of program isn't going to be there. so how we spend the money today is really important. because there's going to come a time, i mean, you know, i'll repeat for you. social security, disability runs out of money at the end of next year. medicare runs out of money in '26. social security runs out of money in '32. by 2030, the entire budget will be consumed to medicare, medicaid, social security, and the interest on the federal debt. my question, based on the future, and if we spend money really well now, we won't spend -- we won't need to be spending money in the future. that's the basis of the question. it's not a criticism. it's just that we need the best cost-benefit value for every dollar you send out in a port security grant. >> we agree with you, and we are working with our partners on the vulnerable index, which is one of the things you mentioned. how do we understand what risk we have bought down, and we'll continue to look at that to make sure we're spending the money as effectively as possible. >> thank you. admiral, one of my concerns, and i can't go into detail, but let me give you a hypothetical. you give me the answer. let say somebody leaves one of our certified ports overseas, and arrives here. in between there and now, something was added to that cargo. do we have the capability to know that? >> well, doctor, i'm not exactly sure. if they leave a foreign port -- >> one of our certified ports. meeting all the requirements that you all have. and someplace between when they left and when they arrive at the port of los angeles somebody has added a package. if that occurred -- >> in another foreign port. >> not in the port. just in transit. >> in transit. the only way we could be able to determine -- a couple of things would have to happen. probably the entire crew would have to be complacent with the individual carrying this out. it's difficult to access particularly a container in transit without a significant amount of effort, and that would require probably more than one person. >> let's don't worry about the details of that. let's say it happens. >> if it happens the only way we would know, really, it's a better question for my colleague from customs and border protection would be because the container has been opened and we would be able to determine that. maybe you can -- >> sure. senator, we have two elements i think would be germane here. one the import security filing gives us the stow plan for the vessel. we know where each container is on the vessel. whether it's assessable during a voyage or not. we see drug smugglers attempt to break the custom seal, put a load inside the door of the container and lock it up. it's only doable around the deck area. we know which containers could be accessed and we do routine seal checks upon arrival to see whether those doors have been opened. there are different steps in our -- >> somebody counterfeit your seal? can somebody counterfeit your seal? >> they can try to, yes. we have detected dozens of attempts to do that pretty effectively. >> so they not have been able to do that as of yet? >> i won't say, senator -- >> that you're aware of. >> we do train our personnel to detect what our seals are supposed to look like, whether they've been tampered with. there's a number of sequences and other kind of safeguards in this process. >> i'll just -- this is a long time ago, but i'll share an experience with you. i bought a company in puerto rico, put it into four containers, all the equipment. everything that was there. all four container arrived at one of my plants here. all the seals were there. when we opened the containers, everything of significant value that could have been marketed was gone. but the seals were still there. so the fact is, and that was way before 9/11. that was in the '70s. but the fact is, that people will try to do it. so my question is, is -- i guess my question is really this, do we have the capability to track ships from the time they leave a port until the time arrive here and know whether or not they've been boarded or accessed between this embarkment and the embark here? >> that's the question that i probably can't answer. >> got you. all right. thank you. >> senator, did you want me to touch upon the metrics issue? >> yes please. >> i think we've seen a weakness in the strategic level. whether it's the national strategy or more detailed functional plans, we have not seen metrics laid out early as to what the end state is and how we're going to measure that. but we have seen problems particularly at the program level, most often, those are easier to look for and find. i think we have found an improvement of the metrics of how the programs are run. one of the first things we do when we look at the program, do you know how the program is being run and have those metrics. a lot of times we'll find weaknesses in the internal controls. i think those are improved across the board. when i see some of the programs that have matured, a lot is better management of the program. where we have not seen large improvements is in the area of actually measuring results of the program and what they're trying to achieve. i would also agree with you the importance of cost-benefit analysis. a lot of times we'll get a discussion from the agency that could be expensive and we don't have enough money to do it. in the end if you spend $3 billion on grants, it's an outstanding record for nine years they come up with performance measures on the port security grant. so maybe a couple of extra million dollars to do some analysis to develop those grants. in hindsight it might be money well spent. one example of cost-benefit analysis that was done rigorously involves the advanced portals d.o.d. put in. the first ones they put in was very light -- it was not very rigorous in terms of the testing. we pointed that out. when they did the rigorous testing, and then they looked at how much they would cost marginally compared to the additional they get, they cancelled the program after spending $280 million. eventually they were planning to spend, like, $3 billion. it was the case where whatever the testing or analysis cost, i think in the end, lead to a good result. >> okay. let me ask mr. kamoie. you all plans to reinsert the fiduciary agents to -- >> we do not, senator. >> why is that? >> when the fiduciary agent model was used, it was at time when the appropriations levels for the program were much higher. after rounds of stimulus funding, the agent model was absolutely necessary to assist the agency in distributing and monitoring the funds. over time, however, as the appropriations level has gone down, and our internal capability with staffing has increased to manage the program, the fiduciary agent model has become less necessary. and in terms of monitoring performance, there was a varying level of performance by fiduciary agents and monitoring. given our increased staffing, our increased capabilities, we think it's more appropriate that we monitor an oversight and grant funding and how it's spent. the other thing i'll say is that the allow ability of management and administrative costs from the grant program to fiduciary agents of 3 to 5%, would result, for example, just this year in 3 to $5 million in overhead costs that we think are better invested in actual port security projects. >> do you have the flexibility to use some of the grant money for grant management? >> senator, i'll have to check the language and get back with you. >> but would that help you? in other words, rather than spending 3 to $5 million, if we spend it on managing grants, especially cost effectiveness of grants. and looking at that, i'm pleased with the progress that is being made. i don't think we're there yet. i would love know what we need to do to help you to be able to get to the point. my model for grants, at the federal government is a vision of library and museum sciences. if you get a grant from them, you can guarantee they're going to check on you. they're going do a metric, they're going to know whether you followed your plan and the grant. if you're not, they pull it. you don't ever get another one again. so everybody has a different expectation. the fact that some grant money is going to things that aren't really for security, you know, if you had the reputation, i guarantee everybody would be put down the way you put down. even though you have flexibility. >> absolutely i'll take a look at that. we're willing to learn lessons. >> it's the best-run grant program in the federal government. >> i appreciate that. >> the other thing is the spinout. we're still, in terms of, we granted but we still a lot ways to go on spin down. where are we on that? is it because these are long-term programs? >> sir, that's getting better, as well. early on in the program when ports were doing larger capital project infrastructure building with multiphase complicated projects, it took a long time to spend down a lot of projects have been completed. we've taken a number of steps to assist grantees in the spend down. one, we remind them quarterly. we're in touch. we've shortened the period of performance for grants to two years. but your question was where are we? in august of '12, for -- and we follow up in writing with these numbers, but for the program years, '08 to '11, 80% of the available funds were not yet drawn down. a year later, for fy 8-12. of course every year one goes off the books. we move the needle down to 44% of funds not being drawn down, and we did a check at the end of april. right now we're at 39.3%. not yet drawn down from '08 to '13. 39.3% not yet drawn down from '08 to '13. >> i'm going to have to recess this and go vote. senator carper will be back in a moment. >> thank you, senator. >> i'm glad you waited. let's see if we can see if there's any consensus on the metrics that we're using. how do we measure success. let start with you, miss mcclain. what are the metrics we are using and ought to be using. how are we doing? >> mr. chairman -- i think there is several -- there are several indicators that evidence success and progress in securing the ports. i would note in the last seven years, our relationships are programs internationally, those global partnerships, the capacity building, the agreements, everything that is necessary to supply the whole global supply chain. i think there's been significant advancements in that area. i also think that our improvements in the advanced data and targeting area make us more secure. coast guards, port assessments 1500 ports. i think there are a lot of indicators that there's a global recognition of the need to tackle this issue on a broader basis. >> all right. same question to admiral paul thomas. >> thank you, mr. chairman. i was in port in galveston, texas on september 11, 2001, and then the three years following that as we scrambled to figure out what it meant to secure our ports. from my perspective, it's clear we've achieved a lot. i think one the first things we did, mr. caldwell mentioned the strategies. we recognized in order to build a secure port we had to build regi regimes, we had to do it locally, nationally and internationally. we had to build awareness so we could figure out what was going on and pick anomalies. we need the capability to respond to the anomalies. if you look at the three building blocks and compare them to where they were in september 11, 2001 to where we are today, it's clear there are progresses. there are clear metrics with each of those. with regard to the regimes, thank you to the congress for the maritime transportation security act and the safe port act. it was the impetus for the international regime, as well as regimes that have now been implemented as far down as individual port authorities. i'm not just talking about regimes required by the law. i'm talking about they understand a security is part of the business product. i think in that regard there's clear measures. really an intangible probably from here to sea. i can tell you there was no awareness or recognition that security really was part of the product in the port. we got the message across with safety and environment. they get it as part of the business as well. i think there's a metric there. certainly with regard to awareness and capability. we have built the capabilities federally, locally, internationally. all of which, i think, are clear evidence that we've been effective in terms of enhancing it. i'm with you. i think we need to do more. i think we can never rest on our laurels. i'm concerned about emerging threats like cyber. we need to develop some metrics there. >> we'll come back and finish. how are we doing, what are we doing well, what metrics are we using, how do we demonstrate to what we're doing better. i want to come back and say what is on the to-do list, first. kevin? >> mr. chairman, i'll touch on five areas. broadly, our ability to identify and mitigate risk is the metric we seek to measure ourselves on. first, on the data front, as was alluded to. we're getting advanced information on cargo shipments. manifest information, entry information, and import security filing. which is another 12 data elements that are critical. in terms of targeting and assessing that risk, category two, we're analyzing it with the automated targeting system, we think it's a sophisticated capability is constantly approved and currently working on responding to the ideas on identifying the effectiveness of those targets with more granularity. three, examining the earliest possible point in the cycle. currently 85% of the shipments we identify as high risk are examined before they leave for the u.s. our examination in the 58 ports are accepted 99 percent of the time. we think those are very solid metrics. 100% of the containers identified as potentially high risk are examined before they are let into the u.s. stream of commerce. 85% prior of leading and the rest of the 15% before allowed to enter the u.s. on arrival. securing the supply chain, category four. over 50% of all cargo containers are part of the partnership with our 10,750 partners. we've increased the security supply chain through the partnership. we're recognizing other country systems including the european union and six other agreements to ensure broader visibility globally as ellen alluded to, the international partnership. and five, our efforts to address the highest consequence threats. we're scanning 99.8% of all arriving containerized cargo. >> say that again. what percent? >> 99.8%. so just about everything in arriving in sea port is scanned through a radiation port monitor. the other part of this coin, sir, the facilitation piece you have referenced. vast majority of cargo arriving in the u.s. is released before it touches the dock. our ct partners are getting fewer exams because they secure the supply chain. we establish mobile technology for agricultural to clear shipments on the dock instead of waiting hours and having the bananas sit in wilmington. the u.s. chamber of commerce and 71 others wrote to the secretary this week in an open letter saying the regime is working well and that the facilitation piece in particular, we've achieved through the layered risk approach. those are the metrics we look at and will be happy to elaborate on any specifics. >> mr. chairman, i think while you were out we agreed in the port security grant programs we have measures and made progress. we agree we can continue to make progress. on the programatic side of the effectiveness measures, we look very carefully at the six priorities of the grant program. enhancing maritime marine awareness, explosive device detection, chemical explosive prevention, protection, response and recovery capabilities, enhancing cyber security capabilities. maritime security risk, mitigation projects, planning training exercises and the transportation worker identification credential implementation. right now we have a measure we're looking at building new capabilities across those six areas, and sustaining existing capabilities. but, again, that measure can be better. on the administrative management side, we've made progress in measuring our ability to effectively, efficiently release the funding, monitor programmatic use of the funds, monitor grantee financial management of the funds, monitor the closing of the awards and grantee draw down. we're making progress, mr. chairman, we've got an opportunity to make even more. >> thanks. >> yes, sir. for us, i think it's about getting good, quality information and data for us to make the right decisions on when we issue a card. it's about continuing to get that information after we issue the cards so we can monitor the individual to ensure they haven't done something as to disqualify them. whether it's on a terrorism watch list or something through a criminal issue. i think the other thing that is going to make us better is installing readers. we believe that the coast guard, whom we're close partners with, made the right decision to take a risk-based approach and put readers where they need to be. and that -- we think that's going to be a measure in our program for our program considering it's a biometric credential. i think the last thing is share information. which we do on a daily basis. so we need good, quality information to make good decisions with. we need the information to keep on coming so we can continue to make good decisions after we issue the credential. we need to install readers. and we need to continue to share information, which we do on a daily basis with our partners. >> mr. caldwell? >> thank you very much. i mean, the most difficult question is how do you measure security and risk? i think we have actually looked at that quite a bit across a lot of these programs. i think one of the better problems we found is coast guard program called maritime security risk analysis model where they can, at the facility level, try to measure the risk-based on vulnerabilities and threats and various scenarios. like that, i think they did that. coast guard also took a step trying to develop a more sophisticated measure of how much coast guard programs actually reduce risks in the port environment. and so was the percentage reduction of maritime security risk subject to coast guard influence in the programs, and we're critical of this. in the end, it was subject matter x person. the coast guard sitting down and thinking about what the reductions measures are and then putting the single point of, you know, percentage on that. we had couple of criticisms in terms of way maybe trying to make it better and maybe give particularly so much judgment. you want to give a range instead of a point estimate like that. but i don't want to criticize the coast guard in the sense they certainly were trying to think larger about the suite of programs and what extent they reduce risk. they want to see whether they want to keep the measure or not is something they're looking at. it was a measure they were using within the coast guard. they weren't really using it for that much. if you have a performance measure but you're not really using it to monitor things or prioritize resources, you got to kind of question whether it's a useful metric in the end. >> thank you. okay. some of you began to answer the second part of my question. i want to take another shot at it. my staff, my colleagues, we oftentimes say these words, the road to improvement is always under construction. that's true here as well. i just want to -- in terms of thinks of metrics, but thinking we're making progress but areas we're not making nearly enough. there's been some allusion to this. we can actually measure we've not made nearly enough. are any of those. who can help enable us to make the progress? us, the legislative branches committee, the president and his budget? who needs to help out? ellen? >> yes, i think that just to sort of set the scene here, we certainly need an approach that is flexible, innovative, so question take on the adaptive adversary. we need something that an approach that is risk-based so we can make the most cost-effective use of our resources. that said, we recognize not that we don't want to have -- negative impacts on global trade, so we are looking in the near-term to specific improvements in the area of the targeting algorithms, the reducing the alarms. working with our partners at some of the csi ports to increase the percentage of scanning that is undertaken. we're looking at, i think it's a key point that i hope doesn't get lost in today's discussion, looking across all pathways. focussing on a single pathway doesn't necessarily reduce overall risks. so as we go forward, we need to consider improving security across all transportation pathways. and lastly, i would note that we are continuing the dialogue with stakeholders to see what additional or expanded roles they might take in improving security of ports. >> thanks. admiral? >> i think there's a couple of areas. the first is complacency. from the congress to the security guard at the facility. we have to make sure we maintain the sense of urgency with regard to port security. the threat is adaptive. as good as physical security systems we have in place are, there are emerging threats like cyber that we have not yet addressed. we have begun to address them. i believe the coast guard has the authorities we need to do with that. we're working on what the resources might be. so you may hear about that. the other area that would be of concern is the real high-end threat that needs to be intercepted offshore. we need to maintain the ability and get out there and do something about some unidentified threat for our shore. it requires ships, helicopters, and people not only able to get there and present at the time when you need them. so those two things are areas where we need to make sure we continue to build our capability and to build our plans for action. >> okay, thank you. kevin? >> mr. chairman, i would echo a couple of comments that ellen made. on the targeting side, there's always an opportunity to improve or analytics and capability to assess risk. we're pursuing it aggressively. we have a good system for taking in current intelligence, manipulating the data elements against it and identifying risk. we want to get better. it's an area we get congressional support to continue to improve in that area. but the radiation portal monitors. we need to be able to dial the algorithms. they're sensitive for the threat materials we're worried about. they reduce the national raid logical alarm we face on normal commodities, like bananas that hit on the radiation monitors. we don't want to waste time on the alarms. we want to focus on what potentially could be dangerous material. i think there are continued opportunities globally. we are looking at other threats to the global supply chain, contraband that can support criminal activity and so forth. there's always opportunities to take it to the next level and build capacity with those governments and custom services that are willing to step forward but don't have the capacity or funding. and then, of course, the private sector. continued opportunities there not only on the supply chain side, but looking at whether a terminal on raytive perspective, there might be a return on investment to do security work that we can share and benefit in. we're pursuing all of these angles as the secretary noted in his letter. >> those are great points. i appreciate your responses. i'll come back and ask the same question in the last witnesses. i'll be right back. >> you want them to answer it? [ inaudible ] >> okay. thank you. let's talk about the 100% mandate. and the fact we're at 2 to 4%. i think those numbers are right. please correct me if i'm wrong. ngo, i would love for do you get on this. there's no question the 9/11 commission said for port security we need 100% screening. what we hear is that's not practical. so the question somewhere between 2 to 4% and 100%, where do we need to be. how do we need to decide where we need to be, how do we become more effective in terms of container inspection? admiral, kevin? >> senator, i will start and i'm sure colleagues will want to chime in. on the 100% mandate, i think the key question for us is not the percentage itself but are we inspecting the right percentage? is it -- are we inspecting and identifying the containers high risk and mitigating that threat at the earliest possible point. while you had to step out to vote, senator, we talked about the metrics we're following and whether we're accomplishing that. i would like to reintegrate one of the elements for you. on the containers that we identify as potentially high risk through automated targeting system, we are currently examining with our foreign partners under the container security initiative 85% of those containers before they are on a vessel destined for the u.s. within that -- >> that's 15% that aren't getting inspected. >> they are getting inspected fully at the first port of arrival in the united states. we are checking them before they enter the stream of commerce to the u.s. and getting 85% of them before they are even on a ship destined for the u.s. >> okay. if the 15%, one of them has a nuclear weapon in it, it's a little late, isn't it? >> yes, but that's not the only layer we have -- >> i understand. but when we think about this, you're saying 85% of those deemed high-risk. so what is our goal to get to 100% of those deemed high risk? >> our goal there, sir, is to increasingly target with our the -- the right ports and how we can encourage anything we think is high risk before leaving. we think we have placed those csi locations in right locations. we're assessing how the threats have changed. are there strategically important ports we can add. mentioning, as you came in, sir, working with terminal operators. is there a way we can encourage them to increase the overall inspection if they think there's a return on the investment. working with the customers to sell security benefit that we can benefit from and share the information results of. >> admiral, any comments on that? >> the container inspection world really does belong to customs and border protection. i can certainly attest to the impracticality at looking at every container. i have seen the targeting we do jointly on cargo and the automated processes are effective and adoptable. so if there's a new intel stream that comes in, we can quickly change their targeting and identify cargo that might be associated with a newly identified threat. >> all right. here is the question as a common sense. we say it's not capable to do 100% screening. where is the study that says here is what it will cost and here's what this will slow down commerce? has that been done? >> a number of that studies in that regard have been done. i offer that gao might want to comment as well. we have done a study and provided several papers to congress estimating up to $16 billion in costs. the european union has done a study, the private sector has done several studies. the challenge, sir, there's 800 or so initial ports for containerized cargo destined for the u.s. an average of 3 to 5 million per port. an average of 5 million to implement the system. that scope just makes it very challenging to get to the level. a lot of questions on who pays, who is responsible, how it is monitored and so forth. >> if you take the rand study, even though it's dated now, say if you had one sneaks in, and you have the tragedy they spoke about at the port of los angeles estimated $1 trillion effect on the gdp. $16 billion doesn't seem that great. so where do we go, gao? >> senator, thank you. i thought about this a lot. we have done several studies on it. as far as the one study you're asking for. the only place i've seen it in is a recommendation we've made, and i think that cvp and the department would have been better off if at that point they said this is it. this is the feasibility study. this is the cost-benefit analysis. and put it to batter and show the trade-offs. there are multiple studies they've done. i feel bad, i think the department in all the little pieces they've done since then they've almost gotten there. but i don't see that. but i just -- i would like to stop to talk about kind of one popular myth. the 9/11 commission never called for the 100% capping of maritime cargo. >> what did they call for? >> they called for 100% scanning of air cargo. they said almost nothing about ports and maritime. >> okay. that's great to know. >> yeah. >> but moving on. so we do think that challenges are insurmountable. the safe port act was left a lot of things undefined. i think through the pilots cvp tried to understand the undefined things would be in terms of cost. who does it, what is the point? i think there is a concern it would create a false sense of security in a couple of ways. you can scan the container if it's kind of within a regime that we trust. a port we trust. we know maybe the container we have some confidence after it's scanned and gets on the ship, it's going to be monitored or something like that. but a lot of times we won't have that case. a lot of cases because ports laid out where they do the scanning are offsite. if the truck has to drive 3 to 5 miles. a lot can happen in that period. one thing the coast guard commented on. thad allen said it was more likely that weapons of mass destruction would come in not through a kind of highly regulated regime like containers, but through some small vessel coming in and snuck in some other way. i also agree. i think intelligence, in the end, would be the key if there's weapons of mass destruction that someone is trying to smuggle in. i'm not sure ats by itself would catch that. they looked at probably millions and millions of containers and used the risk-based analysis and they're still finding things, but, you know, it's not like when they find drugs in these things that -- because it went to one match between, oh, we rated that one high risk. they find stuff in there that had gotten through the system. drugs or other contraband. i think our approach has been to look at the programs that we have. we still would have liked to see the feasibility analysis. i think at this point it's not implemented. i think it's water under the bridge. we would like to see us doing better with what we have. recognizing we're not going to have a perfect system. that's optimizing the targeting system, monitoring it on a regular basis. you're testing it to see how its doing. it's having the best csi footprint you can. some of the ports are not high-risk ports. maybe they should pack up and shake hands with those partners. the partners will keep helping us but move some of the operations to other ports. >> do you have specific recommendations on ports from the gao? >> yes, we have a recommendation that they use the port-risk model they used in 2009 to initially plan the 100% scan and thinking about that. and used a similar type model to figure out what ports they were in. we tried to reproduce that and found 12 of the ports low-risk ports. more than half were in high-risk ones. we recognize there is some ports that aren't going to let us in. you know, i mean, you have some nasty players out there. they're not going let a joint u.s. program into there. we have recommendations and we understand -- i'm not sure i can disclose details of individual ports, but there is movement in terms of additional csi ports, both opening and closing. >> okay. let's go back to grants and tiered port system for a minute. if we're not doing analysis on progress, do we reevaluate the ports in terms of tiers. is that done routinely, yearly, biannually? how off do we reanalyze high risk ports, one? number two, without the metrics. they're getting better, how do we take what we have improved and measure it to show a decreased risk for tier 1 port so that the dollars you have can to go to where the risks are the greatest. >> thanks for the question, senator. we reassess the risk of the nation's ports every year. we use the risk formula that incorporates the most recent data we have available on threat vulnerability and consequence. there have been times where changes in that risk data have resulted in the changes in the grouping of ports. for example, last year, and fy 13, there are eight tier 1 ports. san diego had change in its relative risk formula. these are relative to one another. so this year it is not a tier 1 port. we are making those adjustments. we work very closely with the department's intelligence and analysis unit to populate the risk formula with the most recent data. so, yes, we are looking at that continually. your second question as to what the measurement and really what i would consider to be, you know, buying down of that risk and the vulnerability. i agree we've got some progress to make there in terms of agreement on measurements and metrics to show that progress. and show it in a way -- when the chairman comes back, his question was about how can the congress help, and here i think i might ask of the chairman and you, senator, is that we have a continued dialogue about the type of data that would enable you to have more confidence and the american people have more confidence we are making that progress and that we are being effective stewards of the taxpayer dollars. i agree that we have made progress and plenty examples. we would like to continue to work with you to get the data and the measurement that would show that in a more compelling way. >> each port has a port security plan, right? >> yes. all right. >> has homeland security done an analysis of what the total cost would be to bring it up on a cost effective benefit. how much total for all the tier 1 ports would we need to spend to bring them where they need to be? do we have that? do we know that? >> i'm not aware of that analysis. >> that's an important question. because if you don't know what they need, we'll never get there. >> so, i mean, we certainly at the -- >> i know you i know where the weaknesses are and i know that's where the grant money is going. i'm saying in the big picture, if we're going to spend $100 million this year on port security grants, and the total bill for bringing our tier 1 ports is $2.5 billion, you know, we're 12 1/2 years from bringing it. by that time, you're going have replacement needs. >> sure. >> so the question is don't we think it's important to really know by port here is the total cost to get us where we want you. and which one of those top eight ports, which one has the greatest vulnerability basis. should we not be spending maybe 70 million at one port and $30 million and the other eight what the basis is to bring them to the level where we feel confident. >> we'll take a close look at that. we have moved the entire suite of grant programs toward performance measurement against the core capabilities in the national preparedness goal, following up implementing the president's aid on national preparedness. we continue to find the performance measures for those. but we're through the threat hazard identification and risk assessment process we are asking grantees to do a lot of what you're talking about in terms of identifying capabilities and using the investments to close the capability gaps response we're moving in that direction. but i'm not aware of a single analysis where we've put a price tag on by port what it would take to close the gap in every port against one level. we'll take a look at that. >> i just think that would be important to know. because you're going to have limited funds from here on out. it's not going to change. spending -- sending the dollars -- this is all risk-based, right? >> yes. >> sending the dollars where the greatest risk is should be our priority. i recommend you look at that. i don't know if the gao has any comments or not. >> if i might, we'll take a close look at that. i think the threat has identification risk assessment process. and the area of maritime security working groups at the local, at the port level, i think, they're getting at a lot of that. but i agree with you. we can make even more progress. >> on two of your points. the first, how do you account for previous grant money in determining the risk ranking for the next -- we actually do that as part of the coast guard's security risk assessment model that gao mentioned. if we've invested in a system that mitigates the consequences of an attack on a facility, it gets reflected in our model. that data is part of the risk formula dhs determines to use the tier for the next year. it is in there. the other piece you ask about, you know, have we defined what a secure port is. when will we know when we get there? it's an interesting question. what i can tell you about the port. i have watched the initial focus being on secure individual facilities. make sure we have fences, cameras, and guards and get facilities. and then i saw it evolve to we need to secure the port as a system as well. how do we link these fences we invested in things like communication systems that allow everyone, and surveillance systems that were focussed on the common infrastructure not on the private sector infrastructure. and we decided that's good. have we been able to address what we're going to do if we get attacked and need it recover. we invested in trade resumption plans. it's been a national evolution. i believe we're still in the evolution. we have emerging threats such as cyber. i think the next round of grants is putting money toward cyber vulnerability assessments so we can understand with a it's going to take to secure the cyber infrastructure and the maritime. i don't know we'll ever be able to say we're there. but i do see a logical progression on how we've focused our planning and our investment. >> we have a diagnostic system for cyber within homeland security. is the twic system similar to the system? >> let me take that one, sir. >> yeah. >> right now the twic system works is that the contractor provides the enrollment equipment. then they connect to a system that eventually gets back to tsa. that system whether it's on the enrollment side, the data center side, up to the tsa side is built to federal standards. they go through accreditation, and certification. they go through auditing, they go through testing. it's not monitored within the dhs system. it's monitored through the tsa operation center. so everything from the contractor's data center -- >> you've answered my question. got it. all right. thank you. >> i would like to ask mr. caldwell to answer my earlier question. >> absolutely. >> the next question i'm going to ask of all of you is what do we need to do? what is the to do list on the committee and the congress? to make sure we're continuing to make progress. >> absolutely, mr. chairman. i ask of you and the committee is for a continued dialogue. i shared this with ranking member coburn before he stepped out. a continued dialogue about the types of data and the types of measures that would give you the confidence, give the american people the confidence we are investing the grant dollars in a way that is most efficient and most effective and that we're all good stewards of these resources. i agree with admiral thomas. the threat is evolving. so, too, have our measurement of, you know, where we're headed next. so i would appreciate a continued dialogue with you about how we define the measures of success that give you the confidence we're looking for. >> thanks. something for our to do list. >> i think it's continued support and helping us, you know, get from tsa's point of view and the coast guard's point of view. understanding that the coast guard is promulgating the rule. there's a lot of things that had to happen before they get to the point they can do it. when i say we need the readers, that's not in any way insinua insinuating there's a delay on the rule side. there's a lot of work in getting to this point. we asked for the continuing support so we can put readers in place, buy down risk, and use the full capability of the card. to the admiral's point before, it's critical we maintain mission focus. it's also critical we make risk-based decisions so we can protect the right areas. and then for our look at it, it's data quality, identify verifications, reduction in fraud. ensuring that the right people get the card and the right people keep the card after it's been issued. >> thank you. mr. caldwell. >> i'm doing a combo answer. i'm still busy trying to answer the question you asked before and the last one. i'll see what i can do. three things. one for the agencies to do and the committee to do. first off, kind of keeping the programs flexible. whether this -- i know the coast guard is trying to make their infrastructure patrols and things like that not predictable. keeping a little bit of deterrence out there. i like what i see at cvp when they're doing -- they call it the key side or dock side scanning or a ship come in and they target a ship. it won't be based on whether the containers are high risk or not. they'll be scanning every seventh one or tenth one and things like that. maybe flexibility in csi and whether they need to shift the deck a little bit to the different countries if possible. i think cyber is the growing area. that's an area where dhs and coast guard have been monitoring the situation, and they're talking about taking action. i think they do. we'll have a report we're issuing tomorrow for senate commerce that have a lot more detail on the thoughts on that. something for the committee, i think it's starting to show up on the radar of the agencies as well is, you know, for what we have, we have to sustain it. and you have vessels and you have scanners and you have aircraft that have are pretty important in the regime. particularly in terms of interdiction and the deterrence and the daily things like scanning containers. some are reaching the end of their life. i know cvp is trying to extend the life of their scanners. at some point, you'll have a lot of -- you've built the regime and the things that go with it. it will take some sustainability and translate into resources. >> okay. last three witnesses have pretty much sort of gotten to my last question, which was what is our to do list. and i don't know, ellen, you and mr. admiral thomas had a chance to do that. our to do list. >> chairman, i think i just echo some of the points that were made earlier, and emphasize in moving forward anything we need to do takes into consideration that dhs confronts a multitude of threats. to be cost effective and efficient we need to bear that in mind. i think the second point we've made earlier is that big picture security across all pathways to buy down risks don't want to encourage a balloon effect where we put all of our security assets over here and the agile adversary circumvents that. so the picture has got to be across all pathways. and then echoing mr. caldwell's point about the aging infrastructure and funding dhs in accordance with the president's budget. >> thanks. >> admiral thomas, anything you have that we should be doing in the legislative side? >> thank you, chairman. i don't have much add to what's been said. there may be some specific authorities and capabilities we identify as we continue to analyze the threat in the ports. i think we have the right access through the staff to get that information to you. i would say that this type of oversight and continued focus by this committee on this issue is really important to stave off that complacency i'm concerned about. >> thank you. four quick things echoinger is things, continued support for the key programs we talked about today. we're working on the recommendations that mr. caldwell mentioned. recapitalization and sustainment of our radiation equipment and we'll be working with your team on those plans. three, what you articulated at the beginning, mr. chairman, understanding the expeditious and facilitated movement of cargo aspect of our mission, that continues to be understood. and four, working with the secretary and department on an agreed path forward, keeping us honest to identify, and we discussed today, but working together on the best frame work for the future. >> thanks. >> i think dr. coburn, when i was out voting, asked a question dealing with fiduciary agents. i just want to come back and say the second half of a question, i need to be someplace else in eight minutes, so whoever would -- i'm going to ask you to take a shot at this. here's my question. rather than ending the use of fiduciary agents for all ports, why not let ports decide for themselves if they would like to use one? >> we've considered that proposal and don't think it is in the best interest of the program. if some are using fiduciaries and others not, the benefit we have derived by moving away from the fiduciary agent model is, as the appropriations have gone down and our capabilities internally have grown in terms of program oversight management and monitoring, we've gotten a pretty good window into the project level data and the approach grantees are taking. we lost some of that visibility, as you might expect. there was a variety of performance -- varying levels of per for mansion across the fiduciary model. captioning performed by vitac captions copyright national cable satellite corp. 2008 land borders had on -- what affect has increased security along our land borders had on maritime border security, and ellen, if you just take 30 seconds. >> yes, mr. chairman. two quick points. i think the trusted trader programs that we developed in the land border context informed how we deal with those programs in the maritime context, and, second, i think it pointed out to us, and i real quickly go back to south florida in the 1908s how you need a risk-based approach to secure any single pathway. thank you. >> thank you. admiral. >> somewhat outside the realm of port security, but certainly we have seen the balloon effects on particularly the southern part of the west coast and also in the care bean as we secure our land borders for trugz and contraband and other illegal activities they've taken to the water. we've adjusted our forces. that's really the impact that we've seen there. >> great. thank you. >> agree with the admiral. we have not seen a significant impact in terms of changes in the threat within commercial flows. we have seen the effective security between ports of entry push activity out into the -- on the west coast as well as up through puerto rico. >> there was a second half to that question, but i don't have time to ask it. you may not have time to answer it. i'm just going to wrap it up here. i'm really glad that dr. coburn has these hearings. it's timely. there's a fair amount of progress, and there's still plenty of work to do. i'm encouraged -- sense of team is at play, and that certainly helps. we are part of that team. thank you all for your preparation today for helping to make this a very, very good hearing. it's clear to me that one of the most important take-aways from today's hearing is that it's critically important that we strike the right balance. it's not an easy thing to do. it's hard to strike the right balance between security and make sure we do not unduliy impede the flow of transportation and trade. as you all know, 95% of our trade moves on the water, but the port is vital to our nation's well accident, and they're a conduit for a lot. we will have sent some of my colleagues will have -- let's see here. some questions to ask, and we may have some ourselves. the hearing record will remain open medical may the 19th. it says until may 19th. probably should sar june the 19th at 5:00 p.m. for submission of statements and questions for the record and with that i would say to our republican staffer and our democratic staff and all my colleagues, thank you very much for helping us and to each of you for joining us today. i think one or two matters. maybe admiral said oversight is a good thing, and we hear that a lot. we won't disappoint you. thank you. screeria -- nigeria.-