Transit Security: FEMA Should Improve Transparency of Grant Decisions
Fast Facts
The Federal Emergency Management Agency's Transit Security Grant Program is designed to help public transit agencies protect people and critical infrastructure from terrorism.
Public transit agencies apply to FEMA for security improvement grants. In its "Notice of Funding Opportunity," FEMA disclosed its process for reviewing and scoring applications.
But we found that FEMA didn't always follow that process, favoring some lower-scoring applications in 2015-2021. This might raise questions about the integrity of the award decisions.
Our recommendations address this and other issues.
Higher-Scoring Applications Not Selected for a Transit Security Grant Program Award
Highlights
What GAO Found
The Federal Emergency Management Agency (FEMA) manages the Transit Security Grant Program, a discretionary grant program that provides grants to public transit agencies to protect critical transportation infrastructure and the traveling public from terrorism. FEMA awarded nearly three-quarters of grants ($614 million) to public transit agencies for law enforcement activities ($245.2 million) and equipment ($211.5 million) from fiscal years 2015 through 2021. FEMA awarded remaining grants for infrastructure projects, training and exercises, public awareness campaigns, and planning.
Security Camera Funded by the Transit Security Grant Program
While FEMA's award process was consistent with some relevant federal grant requirements, it did not meet other requirements for transparency of award decisions. Specifically, FEMA did not accurately describe its grant scoring criteria in the program's fiscal year 2021 Notice of Funding Opportunity, as required. By accurately describing the criteria it uses to score grant applications, FEMA would improve transparency and help ensure applicants make informed decisions when applying. Further, FEMA described the merit review process to competitively score applications in its Notice of Funding Opportunity, but did not use the results of its process as the sole basis for award decisions. For example, FEMA awarded grants to lower-scoring applications between fiscal years 2015 and 2021. By not selecting applications to recommend for award in accordance with its publicly disclosed merit review process, FEMA risked affecting the objectivity, fairness, and transparency of the process and could face questions about the integrity of the decisions.
In fiscal year 2021, FEMA assessed physical terrorist threats to transit agencies, as well as their vulnerabilities to, and the estimated consequences of, an attack, but did not consider cyber threats in its risk model. FEMA could better reflect the nature of current threats to transit agencies if it included cyber threats in the assessment. In addition, FEMA did not document the assessment's underlying assumptions and justifications. Improved documentation would allow officials to assess whether the assumptions remain true in a changing risk environment.
Why GAO Did This Study
Public transit systems' open design expedites the movement of large numbers of people but also makes them attractive targets for attack and difficult to secure for public transit agencies. The National Defense Authorization Act for Fiscal Year 2022 includes a provision for GAO to review FEMA's management of the Transit Security Grant Program and assess how grant-funded projects improve public transit security.
This report: (1) describes the types of transit security projects for which FEMA awarded grants from fiscal years 2015 through 2021, (2) evaluates the extent to which FEMA's process for awarding grants is consistent with relevant federal grant requirements, and (3) evaluates how FEMA assesses risk to transit agencies' security when awarding grants. GAO analyzed FEMA's grant and scoring data from fiscal years 2015 through 2021, reviewed program documents, and interviewed all fiscal year 2021 grantees, which was the most recently completed award cycle when GAO began its review.
Recommendations
GAO is making four recommendations to the Secretary of Homeland Security to ensure that FEMA (1) accurately describe all the criteria it uses to score applications in the Notice of Funding Opportunity, (2) select applications for award in accordance with its publically disclosed merit review process, (3) incorporate cyber threats into its risk assessment, and (4) document the underlying assumptions and justifications for its risk assessment. DHS concurred with GAO's recommendations.
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Department of Homeland Security | The Secretary of Homeland Security should ensure that the Administrator of FEMA accurately describes all the criteria FEMA uses to score applications in the Transit Security Grant Program's Notice of Funding Opportunity, to include how associated weights are applied. (Recommendation 1) |
As of January 2024, FEMA officials stated they plan to insert language with more application evaluation process information in the annual Notice of Funding Opportunity, following enactment of the FY 2024 DHS Appropriations Act. FEMA officials estimated completing this change by September 2024. We will continue to monitor FEMA's efforts to address this recommendation.
|
| Department of Homeland Security | The Secretary of Homeland Security should ensure that the Administrator of FEMA selects Transit Security Grant Program project applications to recommend for award in accordance with FEMA's publicly disclosed merit review process, to include scoring criteria published in the Notice of Funding Opportunity. (Recommendation 2) |
As of January 2024, FEMA officials stated they plan to provide greater detail about the evaluation process in the "Application Review Information" section of the annual Notice of Funding Opportunity, following enactment of the FY 2024 DHS Appropriations Act. FEMA officials estimated completing this change by September 2024. We will continue to monitor FEMA's efforts to address this recommendation.
|
| Department of Homeland Security | The Secretary of Homeland Security should ensure that the Administrator of FEMA incorporates cyber threats into the Transit Security Grant Program risk model. (Recommendation 3) |
As of January 2024, FEMA officials stated they are working with subject matter experts to finalize research on whether there is a suitable cyber threat dataset to include in the risk model. FEMA officials estimated completing this effort by September 2024. We will continue to monitor FEMA's efforts to address this recommendation.
|
| Department of Homeland Security | The Secretary of Homeland Security should ensure that the Administrator of FEMA documents the underlying assumptions and justifications for the Transit Security Grant Program risk model, to include the rationale used to assign weights to components. (Recommendation 4) |
As of January 2024, FEMA officials stated they evaluated alternatives to the risk model and made changes to its methodology in May 2023. FEMA officials stated they plan to document the risk model review and associated changes, including the underlying assumptions and justifications, in an internal report, and estimate finalizing the report in December 2024. We will continue to monitor FEMA's efforts to address this recommendation.
|