[House Hearing, 114 Congress]
[From the U.S. Government Publishing Office]
REFORM AND IMPROVEMENT: ASSESSING THE PATH FORWARD FOR THE
TRANSPORTATION SECURITY ADMINISTRATION
=======================================================================
HEARING
before the
SUBCOMMITTEE ON
TRANSPORTATION SECURITY
of the
COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES
ONE HUNDRED FOURTEENTH CONGRESS
FIRST SESSION
__________
OCTOBER 8, 2015
__________
Serial No. 114-36
__________
Printed for the use of the Committee on Homeland Security
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.gpo.gov/fdsys/
__________
U.S. GOVERNMENT PUBLISHING OFFICE
99-578 PDF WASHINGTON : 2016
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800;
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC,
Washington, DC 20402-0001
COMMITTEE ON HOMELAND SECURITY
Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas Bennie G. Thompson, Mississippi
Peter T. King, New York Loretta Sanchez, California
Mike Rogers, Alabama Sheila Jackson Lee, Texas
Candice S. Miller, Michigan, Vice James R. Langevin, Rhode Island
Chair Brian Higgins, New York
Jeff Duncan, South Carolina Cedric L. Richmond, Louisiana
Tom Marino, Pennsylvania William R. Keating, Massachusetts
Lou Barletta, Pennsylvania Donald M. Payne, Jr., New Jersey
Scott Perry, Pennsylvania Filemon Vela, Texas
Curt Clawson, Florida Bonnie Watson Coleman, New Jersey
John Katko, New York Kathleen M. Rice, New York
Will Hurd, Texas Norma J. Torres, California
Earl L. ``Buddy'' Carter, Georgia
Mark Walker, North Carolina
Barry Loudermilk, Georgia
Martha McSally, Arizona
John Ratcliffe, Texas
Daniel M. Donovan, Jr., New York
Brendan P. Shields, Staff Director
Joan V. O'Hara, General Counsel
Michael S. Twinchek, Chief Clerk
I. Lanier Avant, Minority Staff Director
------
SUBCOMMITTEE ON TRANSPORTATION SECURITY
John Katko, New York, Chairman
Mike Rogers, Alabama Kathleen M. Rice, New York
Earl L. ``Buddy'' Carter, Georgia William R. Keating, Massachusetts
Mark Walker, North Carolina Donald M. Payne, Jr., New Jersey
John Ratcliffe, Texas Bennie G. Thompson, Mississippi
Michael T. McCaul, Texas (ex (ex officio)
officio)
Krista P. Harvey, Subcommittee Staff Director
Dennis Terry, Subcommittee Clerk
Vacancy, Minority Subcommittee Staff Director
C O N T E N T S
----------
Page
Statements
The Honorable John Katko, a Representative in Congress From the
State of New York, and Chairman, Subcommittee on Transportation
Security....................................................... 1
The Honorable Kathleen M. Rice, a Representative in Congress From
the State of New York, and Ranking Member, Subcommittee on
Transportation Security:
Oral Statement................................................. 3
Prepared Statement............................................. 4
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Ranking Member, Committee on
Homeland Security:
Oral Statement................................................. 4
Prepared Statement............................................. 5
Witnesses
Honorable John Roth, Inspector General, Office of Inspector
General, U.S. Department of Homeland Security:
Oral Statement................................................. 6
Prepared Statement............................................. 8
Honorable Peter Neffenger, Administrator, Transportation Security
Administration, U.S. Department of Homeland Security:
Oral Statement................................................. 24
Prepared Statement............................................. 26
For the Record
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Ranking Member, Committee on
Homeland Security:
List........................................................... 39
Appendix
Questions From Chairman John Katko for Peter Neffenger........... 45
Questions From Ranking Member Bennie G. Thompson for Peter
Neffenger...................................................... 50
Questions From Honorable William R. Keating for Peter Neffenger.. 52
Questions From Chairman John Katko for John Roth................. 53
REFORM AND IMPROVEMENT: ASSESSING THE PATH FORWARD FOR THE
TRANSPORTATION SECURITY ADMINISTRATION
----------
Thursday, October 8, 2015
U.S. House of Representatives,
Subcommittee on Transportation Security,
Committee on Homeland Security,
Washington, DC.
The subcommittee met, pursuant to call, at 3:13 p.m., in
Room 311, Cannon House Office Building, Hon. John Katko
[Chairman of the subcommittee] presiding.
Present: Representatives Katko, Carter, Rice, Keating, and
Thompson.
Mr. Katko. The Committee on Homeland Security Subcommittee
on Transportation Security will come to order. The subcommittee
is meeting today to hear testimony on assessing the future of
the Transportation Security Administration. I now recognize
myself for an opening statement.
I would like to welcome everyone to today's hearing and I
am pleased to have Inspector General Roth back once again and
Administrator Neffenger again back here as well. The purpose of
today's hearing is to examine TSA's challenges and identify
what changes TSA needs to make in order to move forward in an
effective manner.
TSA was created out of a tragedy and was quickly stood up
to address major security vulnerabilities that terrorists
exploited. However, 14 years after 9/11, we now have an agency
that has had many missteps in its efforts to keep the traveling
public safe.
Inspector General Roth, your office has conducted over 100
audits identifying major security vulnerabilities and
organizational challenges throughout TSA, including the most
recent reports that found that TSA passenger screening was
allegedly wrong 96 percent of the time. And that 73 aviation
workers had potential ties to terrorism. Of course, there is
also the recent cases involving drug trafficking incidents in
airports at Dallas/Fort Worth, Los Angeles International, and
Oakland, to name a few involving employees. These figures are
startling and shatter the public confidence.
I look forward to hearing from you today about what
systemic problems you have identified and what needs to be done
to help TSA address these challenges.
What is most unfortunate is that these startling findings
by both your office, and the Government Accountability Office,
as well as the FBI and other agencies, are not isolated
instances. Many of these vulnerabilities have been identified
and known for years, and unfortunately, prior to this year the
previous leadership in both TSA and DHS did not take the
appropriate steps to address these known security
vulnerabilities. The purpose of today's hearing is not to look
backwards, however.
With new leadership, Administrator Neffenger, you have an
opportunity to address these challenges head on, and lead TSA
in a different path, and I am confident that you will do so. In
our discussions you have been frank, straightforward, and
sincere and I appreciate that. I have full confidence that you
are tackling TSA's challenges with an open mind. I look forward
to hearing from you today about how we can work together to
ensure TSA fulfills its critical mission.
This subcommittee has worked tirelessly and in an
overwhelmingly bipartisan manner to address the challenges that
TSA faces. Since the start of this Congress we have had 7
pieces of legislation pass the House, which is remarkable out
of this committee, and 2 of those bills are now public laws.
However, there is no silver bullet to address all of the
challenges that TSA faces, and unfortunately, we have to be
right 100 percent of the time and the terrorists have to be
right just once.
With nearly 2 million passengers being screened every day
we need to do more to better focus our efforts on those
passengers that are unknown while still taking precautions to
protect against the insider threat.
Currently, less than 5 percent of travellers participate in
PreCheck. TSA needs to increase this population so that it can
target its efforts and resources in a more risk-based manner.
That is why I introduced H.R. 2843, the PreCheck Expansion Act.
This bill will help TSA to take steps to effectively and
robustly market the program and dramatically increase the
enrollment. However, in addition to expanding PreCheck, TSA
must look at what additional efforts are necessary to increase
the security effectiveness of PreCheck and what measures are
necessary to mitigate the insider threat.
This week the House passed H.R. 3102, the Airport Access
Control Security Improvement Act of 2015. This legislation
which I introduced earlier this year requires TSA to consult
with Federal and private-sector partners to review existing
employee screening protocols and work in a comprehensive manner
to improve the effectiveness of access controls at airports
across the United States. It is a major undertaking.
We must do a better job at knowing more about the people
who work and travel through our Nation's airports. Securing our
Nation's transportation systems is of vital importance to both
our National security, and our economic strength, and
stability.
In the 9/11 Commission report, the then head of the CIA,
George Tenet was quoted as saying, ``The system was blinking
red,'' in the months leading up to 9/11. We cannot stand idly
by and grant tacit approval to lax security measures when we
have the authority, responsibility, and indeed the duty to spur
action and keep the traveling public safe from harm.
Inspector General Roth, Administrator Neffenger, this
committee wants to support both of you in your efforts to
reform TSA. We look forward to hearing from you today. You are
not on opposite sides of the fence. I view you both on the same
side of the fence: One exposing the problems, the other one
making sure they get fixed. That is why you are both here
today.
With that, I recognize the Ranking Member of the
subcommittee, the gentlelady from New York, Miss Rice for an
opening statement.
Miss Rice. Thank you, Mr. Chairman, and thank you for
convening this hearing. I would also like to thank the
witnesses for being here today to discuss the need for and
status of reforms and improvements within the TSA.
Administrator Neffenger, I understand you had to adjust
your schedule in order to testify before this subcommittee
today and I want to tell you how much we appreciate that. While
you have only been in this position since June, you have
demonstrate a true commitment to work constructively with us as
you take on the challenges facing TSA and I thank you for that.
Finally, I want to thank Inspector General Roth for being
here today and for the work you have done and continue to do,
to identify vulnerabilities within TSA and advise us on what we
can do to enhance the security of our commercial aviation
sector. Your most recent report which is Classified, concerns
covert tests conducted by undercover DHS investigators who
attempted to smuggle prohibited items, including weapons and
mock explosives past TSA security checkpoints. As we all know
the results of these covert tests were leaked to the media in
June before the report was complete, and it was reported that
in 67 out of 70 tests, TSA failed to detect these items and
allowed the investigators to proceed past the checkpoint.
Sixty-seven out of 70, that is 96 percent of the time. I
think we can all agree that 96 percent is an alarming figure,
and one that we cannot overlook. We have to assess all of the
findings and recommendations in your report. We have to shine a
light on the vulnerabilities that these covert tests have
exposed, and we have to take action to eliminate those
vulnerabilities.
We know that the threats to this country, particularly to
our aviation sector, are constant. They are real. We know those
threats are evolving and becoming more sophisticated, but the
people who want to do us harm are always on the watch for a new
way in, a new way to beat the system. That is why we have to be
even more vigilant. That is why we conduct these tests. Because
we know that no matter how good our security might be, it can
be better. It can always be better and the findings in this
report make it clear that it can and must be much better in
order to match the threats that we face today.
So I am eager to hear how our witnesses are working
together to act on these findings, to implement reforms, and to
close the gaps that these covert tests uncovered.
Obviously, as we all know, Administrator Neffenger, you
have only been in your position for a few months. Many of the
topics and reports that Inspector General Roth has compiled
pre-date your time at TSA, but I certainly look forward to
hearing what TSA is doing in response to this most recent
report, and if Inspector General Roth has previously identified
other security gaps or vulnerabilities that TSA must still
address, I would like to learn about those efforts as well.
Mr. Chairman, thank you again for convening this hearing. I
look forward to productive dialogue today. I yield back the
balance of my time.
[The statement of Miss Rice follows:]
Statement of Ranking Member Kathleen Rice
October 8, 2015
Administrator Neffenger, while you've only been in this position
since June, you've demonstrated a real commitment to work
constructively with us as you take on the challenges facing TSA, and I
thank you for that.
Finally, I want to thank Inspector General Roth for being here
today and for the work you have done and continue to do to identify
vulnerabilities within TSA and advise us on what we can do to enhance
the security of our commercial aviation sector.
Your most recent report, which is Classified, concerns covert tests
conducted by undercover DHS investigators who attempted to smuggle
prohibited items--including weapons and mock explosives--past TSA
airport security checkpoints.
As we all know, the results of these covert tests were leaked to
the media in June, before the report was complete, and it was reported
that in 67 out of 70 tests, TSA failed to detect these items and
allowed the investigators to proceed past the checkpoint. Sixty-seven
out of 70--that's 96 percent.
I think we can all agree that 96 percent is an alarming figure, and
one that we cannot overlook.
We have to assess all of the findings and recommendations in your
report, we have to shine a light on the vulnerabilities that these
covert tests have exposed, and we have to take action to eliminate
those vulnerabilities.
We know that the threats to this country, particularly to our
aviation sector, are constant. We know those threats are evolving and
becoming more sophisticated, that the people who want to do us harm are
always on the watch for a new way in, a new way to beat the system.
That's why we have to be even more vigilant, that's why we conduct
these tests--because we know that no matter how good our security might
be, it can be better. It can always be better--and the findings in this
report make it clear that it can and must be much better in order to
match the threats we face today.
So I'm eager to hear how our witnesses are working together to act
on these findings, implement reforms, and close the gaps that these
covert tests uncovered.
I know that Administrator Neffenger has been in his position for
only a few months, and that many of the topics and reports that
Inspector General Roth has compiled pre-date the administrator's time
at TSA.
But I certainly look forward to hearing what TSA is doing in
response to this most recent report. And if Inspector General Roth has
previously identified other security gaps or vulnerabilities that TSA
must still address, I would like to learn about those efforts as well.
Mr. Katko. Thank you, Miss Rice.
The Chair now recognizes the Ranking Minority Member of the
full committee, the gentleman from Mississippi, Mr. Thompson,
for any statement he may have.
Mr. Thompson. Thank you very much, Chairman Katko and
Ranking Member Rice, for holding today's hearing. Also, I
welcome the administrator and the Inspector General for their
appearance also.
Throughout this Congress, this committee has voiced its
concern with the state of security within the commercial
aviation sector. Over the span of recent years, both Inspector
General and the Government Accountability Office, have compiled
numerous reports that detail mismanagement, inefficiencies, and
vulnerabilities within TSA. These reports range from
vulnerabilities associated with granting expedited screening
via the use of Secure Flight and Managed Inclusion, to
vulnerabilities associated with access to secure areas of
airports, and the tracking of maintenance for security-related
technologies within airports.
Most recently, the Inspector General released a report
Covert Testing of TSA's Passenger Screening Technologies and
Processes at Airport Security Checkpoints. Details of this
Classified report were leaked this summer and the Inspector
General has given a briefing on the final report to this
subcommittee. While I look forward to hearing the status of
solutions that TSA and DHS are implementing to ensure that any
security gaps associated with checkpoint screening and
technologies are secure, our main concern is that TSA will
continue to purchase more technologies that address the threats
of yesterday instead of the threats of tomorrow.
Consequently, the Transportation Security Administration
Reform and Improvement Act of 2015, a bill that recently passed
the committee, includes language that aims to aid in the
development and innovative security technologies through a
program that would create public and private-sector
partnerships to help businesses, particularly small businesses,
to commercialize these innovative technologies. While that
amendment is designed to improve the technologies TSA uses, I
still have concerns about some of TSA's other screening
programs the Inspector General has found ineffective.
For example, the Inspector General has found that TSA's
behavioral detection program commonly referred to as SPOT is a
magnet for racial profiling, and TSA has little evidence that
the program is an effective tool for screening passengers. We
know that terrorists span all races, in all ethnicities, and
have a profiling mechanism as a means of security is skeptical.
Once again, I ask the administrator to review its efficiency of
the behavioral detection program.
While the administrator appeared before the committee on
July 1, I, along with many of my colleagues across the aisle,
stated that we would give him appropriate time to address some
of these glaring concerns at TSA. So Mr. Administrator, we are
glad to have you. I would assume the honeymoon is about over,
and we can move forward. So I look forward to your testimony
and I yield back.
[The statement of Ranking Member Thompson follows:]
Statement of Ranking Member Bennie G. Thompson
October 8, 2015
Throughout this Congress, this committee has voiced its concerns
with the state of security within the commercial aviation sector. Over
the span of recent years, both the Inspector General and the Government
Accountability Office have compiled numerous reports that detail
mismanagement, inefficiencies, and vulnerabilities within TSA.
These reports range from vulnerabilities associated with granting
expedited screening via the use of Secure Flight and Managed Inclusion,
to vulnerabilities associated with access to the secure areas of
airports and the tracking of maintenance for security-related
technologies within airports.
Most recently, the Inspector General released a report, ``Covert
Testing of TSA's Passenger Screening Technologies and Processes at
Airport Security Checkpoints.'' Details of this Classified report were
leaked this summer, and the Inspector General has given a briefing on
the final report to the subcommittee.
While I look forward to hearing the status of solutions that TSA
and DHS are implementing to ensure that any security gaps associated
with checkpoint screening and technologies are secure, I remain
concerned that TSA will continue to purchase more technologies that
address the threats of yesterday instead of the threats of tomorrow.
Consequently, the ``Transportation Security Administration Reform
and Improvement Act of 2015'' a bill that recently passed the committee
includes language that aims to aid in the development of innovative
security technologies through a program that would create public and
private-sector partnerships to help businesses, particularly small
businesses, to commercialize these innovative technologies.
And while that amendment is designed to improve the technologies
TSA uses, I still have concerns about some of TSAs other screening
programs the Inspector General has found ineffective. For example, the
Inspector General has found that TSA's behavioral detection program,
commonly known as SPOT, is a magnet for racial profiling and TSA has
little evidence that the program is an effective tool for screening
passengers.
We know that terrorists span all races and ethnicities and having a
profiling mechanism as a means of security is skeptical. Once again, I
ask the administrator to review its efficacy of behavioral detection
programs.
When the administrator appeared before the committee in July, I,
along with my colleagues across the aisle, stated that we would give
him appropriate time to address some of the glaring concerns at TSA. It
is unrealistic to expect sweeping reforms to have been made in such a
short amount of time, and I want to express my appreciation for the
administrator's agreeing with Congress that the Managed Inclusion
program was flawed and needed to be phased out.
Even though the Inspector General's reports have been scathing, I
am optimistic that the culture of TSA and the willingness to take the
recommendations from these reports and implement reforms is improving.
I am interested in hearing how these entities work together to take
the issues found within these investigations and audits and use them to
create solutions that will keep the traveling public safe.
Mr. Katko. Thank you, Mr. Chairman. Other Members of the
committee are reminded that opening statements may be submitted
for the record.
We are pleased to have a group of distinguished witnesses
before us today, as I mentioned, to speak on this important
topic, and are no strangers to this subcommittee. Let me remind
the witnesses that their entire written statements will appear
in the record.
Our first witness is The Honorable John Roth, who currently
serves as Inspector General of the Department of Homeland
Security. Prior to his appointment as Inspector General, Mr.
Roth served as the director of the Office of Criminal
Investigations at the Food and Drug Administration, was chief
of staff to the Deputy Attorney General and worked at the
Narcotic and Dangerous Drugs Section, which is the best section
in all of the Department of Justice. Am I right?
Mr. Roth. You are close, yes.
Mr. Katko. Because we both worked there. The Chair now
recognizes Mr. Roth to testify.
STATEMENT OF THE HONORABLE JOHN ROTH, INSPECTOR GENERAL, OFFICE
OF INSPECTOR GENERAL, U.S. DEPARTMENT OF HOMELAND SECURITY
Mr. Roth. Good afternoon, Chairman Katko, Ranking Member
Rice, and Members of the subcommittee. Thank you for inviting
me here to testify today.
Throughout this year I have testified before this
subcommittee and others regarding TSA's ability to execute its
important mission. I highlighted the challenges that TSA faced.
I testified that these challenges were in almost every area of
TSA's operations. Its problematic implementation of risk
assessment rules, including its management of TSA PreCheck,
failures in passenger and baggage screen operations, TSA's
control over access to secure areas including management of its
access badge program, its management of the Workforce Integrity
program, its oversight over acquisition and maintenance of
screening equipment, and other issues that we have discovered
in the course of over 115 audits and inspection reports.
These issues were exacerbated, in my judgment, by a culture
that developed over time which resisted oversight and was
unwilling to accept the need for change in the face of an
evolving and serious threat. We have been writing reports
highlighting some of these problems for years without an
acknowledgment by TSA of the need to correct its deficiencies.
However, we may be in a very different place now than we were
then. I am hopeful that Administrator Neffenger brings with him
a new attitude about oversight. Ensuring transportation safety
is a massive and complex problem and there is no single silver
bullet to solve it. It will take a sustained and disciplined
effort.
The first step, however, in fixing this problem is having
the courage to critically assess the deficiencies in an honest
and objective light, creating a culture of change within TSA,
and giving the TSA workforce the ability to identify and
address risks will be the administrator's most critical and
challenging task. I believe that the Department and TSA
leadership has begun that process of critical self-evaluation
and aided by the workforce at TSA are in a position to address
some of these issues. As you noted, we have just completed and
distributed a report on our most recent round of covert testing
of TSA's checkpoint operations. The results, while Classified,
were disappointing.
Our testing was designed to check test point operations in
real-world conditions. The failures included failures in
technology, failures in TSA procedures, and human error. We
found layers of security simply missing. But these results were
not unexpected. We had conducted other covert testing in the
past with similar results.
TSA has put forward a plan consistent with our
recommendation to improve checkpoint quality in three areas:
Technology, personnel, and procedures. This plan is appropriate
because the checkpoint must be considered as a single system.
The most effective technology is useless without the right
personnel, and the personnel need to be guided by the
appropriate procedures. Unless all three elements are operating
efficiently, the checkpoint will not be effective.
We will be monitoring TSA's efforts to increase the
effectiveness of checkpoint operations and will continue to
conduct covert testing. Consistent with our obligations under
the Inspector General Act, we will report our results to this
committee, as well as other committees of jurisdiction.
While this audit focused on the checkpoint, effective
checkpoint operations in and of themselves are not enough. We
must also look at other areas to determine vulnerabilities. We
have done considerable work on TSA's assessment of passenger
risk, and have registered our concern about TSA's use of
Managed Inclusion and risk rules that were not based on an
individual assessment of passenger risk. I am pleased to report
that TSA has phased out its use of Managed Inclusion. However,
we still have outstanding recommendations regarding the risk
assessment rules that TSA continues to use. I urge the
administrator to consider whether or not those risk rules are
effective and ensure the safety of the transportation public.
TSA also has the responsibility to oversee and regulate
airport security provided by airport authorities. For example,
in the case of airport worker vetting, TSA relies on airports
to submit a complete and accurate aviation worker application
data for vetting. In a recent audit we found that TSA does not
ensure that airports have a robust verification process for
criminal history, and authorization to work in the United
States, or sufficiently track the results of their review. TSA
also did not have an adequate monitoring process in place to
ensure that airport operators properly adjudicated applicants'
criminal histories.
Mr. Chairman, this concludes my prepared statement. I
welcome any questions that you or other Members of the
committee may have.
[The prepared statement of Mr. Roth follows:]
Prepared Statement of John Roth
October 8, 2015
Good afternoon Chairman Katko, Ranking Member Rice, and Members of
the subcommittee.
Thank you for inviting me here today to discuss our work on the
Transportation Security Administration (TSA). Our reviews have given us
a perspective on the obstacles facing TSA in carrying out an
important--but incredibly difficult--mission to protect the Nation's
transportation systems and ensure freedom of movement for people and
commerce.
Throughout this year, I have testified--before this subcommittee
and others--regarding my concerns about TSA's ability to execute its
important mission. I highlighted the challenges TSA faced. I testified
that these challenges were in almost every area of TSA's operations:
Its problematic implementation of risk assessment rules, including its
management of TSA PreCheck; failures in passenger and baggage screening
operations, discovered in part through our covert testing program;
TSA's controls over access to secure areas, including management of its
access badge program; its management of the workforce integrity
program; TSA's oversight over its acquisition and maintenance of
screening equipment; and other issues we have discovered in the course
of over 115 audit and inspection reports.
My remarks were described as ``unusually blunt testimony from a
Government witness,'' and I will confess that it was. However, those
remarks were born of frustration that TSA was assessing risk
inappropriately and did not have the ability to perform basic
management functions in order to meet the mission the American people
expect of it. These issues were exacerbated, in my judgment, by a
culture, developed over time, which resisted oversight and was
unwilling to accept the need for change in the face of an evolving and
serious threat. We have been writing reports highlighting some of these
problems for years without an acknowledgment by TSA of the need to
correct its deficiencies.
We may be in a very different place than we were in May. I am
hopeful that Administrator Neffenger brings with him a new attitude
about oversight. Ensuring transportation safety is a massive and
complex problem, and there is no silver bullet to solve it. It will
take a sustained and disciplined effort. However, the first step in
fixing a problem is having the courage to critically assess the
deficiencies in an honest and objective light. Creating a culture of
change within TSA, and giving the TSA workforce the ability to identify
and address risks without fear of retribution, will be the new
administrator's most critical and challenging task.
I believe that the Department and TSA leadership have begun the
process of critical self-evaluation and, aided by the dedicated
workforce of TSA, are in a position to begin addressing some of these
issues. I am hopeful that the days of TSA sweeping its problems under
the rug and simply ignoring the findings and recommendations of the OIG
and GAO are coming to an end.
I have been gratified by the Department's response and believe that
this episode serves as an illustration of the value of the Office of
Inspector General, particularly when coupled with a Department
leadership that understands and appreciates objective and independent
oversight.
our most recent covert testing
We have just completed and distributed our report on our most
recent round of covert testing. The results are classified at the
Secret level, and the Department and this committee have been provided
a copy of our Classified report. TSA justifiably classifies at the
Secret level the validated test results; any analysis, trends, or
comparison of the results of our testing; and specific vulnerabilities
uncovered during testing. Additionally, TSA considers other information
protected from disclosure as Sensitive Security Information.
While I cannot talk about the specifics in this setting, I am able
to say that we conducted the audit with sufficient rigor to satisfy the
standards contained within the Generally Accepted Government Auditing
Standards, that the tests were conducted by auditors within our Office
of Audits without any special knowledge or training, and that the test
results were disappointing and troubling. We ran multiple tests at 8
different airports of different sizes, including large Category X
airports across the country, and tested airports using private
screeners as part of the Screening Partnership Program. The results
were consistent across every airport.
Our testing was designed to test checkpoint operations in real-
world conditions. It was not designed to test specific, discrete
segments of checkpoint operations, but rather the system as a whole.
The failures included failures in the technology, failures in TSA
procedures, and human error. We found layers of security simply
missing. It would be misleading to minimize the rigor of our testing,
or to imply that our testing was not an accurate reflection of the
effectiveness of the totality of aviation security.
The results were not, however, unexpected. We had conducted other
covert testing in the past:
In September 2014, we conducted covert testing of the
checked baggage screening system and identified significant
vulnerabilities in this area caused by human and technology
based failures. We also determined that TSA did not have a
process in place to assess or identify the cause for equipment-
based test failures or the capability to independently assess
whether deployed explosive detection systems are operating at
the correct detection standards. We found that, notwithstanding
an intervening investment of over $550 million, TSA had not
improved checked baggage screening since our 2009 report on the
same issue. (Vulnerabilities Exist in TSA's Checked Baggage
Screening Operations, OIG-14-142, Sept. 2014)
In January 2012, we conducted covert testing of access
controls to secure airport areas and identified significant
access control vulnerabilities, meaning uncleared individuals
could have unrestricted and unaccompanied access to the most
vulnerable parts of the airport--the aircraft and checked
baggage. (Covert Testing of Access Controls to Secured Airport
Areas, OIG-12-26, Jan. 2012)
In 2011, we conducted covert penetration testing on the
previous generation of AIT machines in use at the time; the
testing was far broader than the most recent testing, and
likewise discovered significant vulnerabilities. (Penetration
Testing of Advanced Imaging Technology, OIG-12-06, Nov. 2011)
the dhs response
The Department's response to our most recent findings has been
swift and definite. For example, within 24 hours of receiving
preliminary results of OIG covert penetration testing, the Secretary
summoned senior TSA leadership and directed that an immediate plan of
action be created to correct deficiencies uncovered by our testing.
Moreover, DHS has initiated a program--led by members of Secretary
Johnson's leadership team--to conduct a focused analysis on issues that
the OIG has uncovered, as well as other matters. These efforts have
already resulted in significant changes to TSA leadership, operations,
training, and policy, although the specifics of most of those changes
cannot be discussed in an open setting, and should, in any event, come
from TSA itself.
TSA has put forward a plan, consistent with our recommendations, to
improve checkpoint quality in three areas: Technology, personnel, and
procedures. This plan is appropriate because the checkpoint must be
considered as a single system: The most effective technology is useless
without the right personnel, and the personnel need to be guided by the
appropriate procedures. Unless all three elements are operating
effectively, the checkpoint will not be effective.
We will be monitoring TSA's efforts to increase the effectiveness
of checkpoint operations and will continue to conduct covert testing.
Consistent with our obligations under the Inspector General Act, we
will report our results to this subcommittee as well as other
committees of jurisdiction.
We have also been making significant progress on many outstanding
recommendations from prior reports.
tsa and the asymmetric threat
Nowhere is the asymmetric threat of terrorism more evident than in
the area of aviation security. TSA cannot afford to miss a single,
genuine threat without potentially catastrophic consequences, and yet a
terrorist only needs to get it right once. Securing the civil aviation
transportation system remains a formidable task--TSA is responsible for
screening travelers and baggage for over 1.8 million passengers a day
at 450 of our Nation's airports. Complicating this responsibility is
the constantly-evolving threat by adversaries willing to use any means
at their disposal to incite terror.
The dangers TSA must contend with are complex and not within its
control. Recent media reports have indicated that some in the U.S.
intelligence community warn terrorist groups like the Islamic State
(ISIS) may be working to build the capability to carry out mass
casualty attacks, a significant departure from--and posing a different
type of threat--than simply encouraging lone-wolf attacks. According to
these media reports, a mass casualty attack has become more likely in
part because of a fierce competition with other terrorist networks:
Being able to kill opponents on a large scale would allow terrorist
groups such as ISIS to make a powerful showing. We believe such an act
of terrorism would likely be designed to impact areas where people are
concentrated and vulnerable, such as the Nation's commercial aviation
system.
mere intelligence is not enough
In the past, officials from TSA, in testimony to Congress, in
speeches to think tanks, and elsewhere, have described TSA as an
intelligence-driven organization. According to TSA, it continually
assesses intelligence to develop countermeasures in order to enhance
these multiple layers of security at airports and on-board aircraft.
This is a necessary thing, but it is not sufficient.
In the vast majority of the instances, the identities of those who
commit terrorist acts were simply unknown to or misjudged by the
intelligence community. Terrorism, especially suicide terrorism,
depends on a cadre of newly-converted individuals who are often unknown
to the intelligence community. Moreover, the threat of ISIS or al-
Qaeda-inspired actors--those who have no formal ties to the larger
organizations but who simply take inspiration from them--increases the
possibilities of a terrorist actor being unknown to the intelligence
community.
Recent history bears this out:
17 of the 19 September 11 hijackers were unknown to the
intelligence community. In fact, many were recruited
specifically because they were unknown to the intelligence
community.
Richard Reid, the 2002 ``shoe bomber,'' was briefly
questioned by the French police, but allowed to board an
airplane to Miami. He had the high explosive PETN in his shoes,
and but for the intervention of passengers and flight crew,
risked bringing down the aircraft.
The Christmas day 2009 bomber, who was equipped with a
sophisticated non-metallic explosive device provided by al-
Qaeda, was known to certain elements of the intelligence
community but was not placed in the Terrorist Screening
Database, on the Selectee List, or on the No-Fly List. A
bipartisan Senate report found there were systemic failures
across the intelligence community, which contributed to the
failure to identify the threat posed by this individual.
The single most high-profile domestic terrorist attack since
9/11, the Boston Marathon bombing, was masterminded and carried
out by Tamerlan Tsarnaev, an individual who approximately 2
years earlier was judged by the FBI not to pose a terrorist
threat, and who was not within any active U.S. Government
databases.
Of course, there are instances in which intelligence can foil plots
that screening cannot detect--such as the 2006 transatlantic aircraft
plot, utilizing liquid explosives; the October 2010 discovery of U.S.-
bound bombs concealed in printer cartridges on cargo planes in England
and Dubai; and the 2012 discovery that a second generation nonmetallic
device, designed for use on-board aircraft, had been produced.
What this means is that there is no easy substitute for the
checkpoint. The checkpoint must necessarily be intelligence-driven, but
the nature of terrorism today means that each and every passenger must
be screened in some way.
beyond the checkpoint
Much of the attention has been focused on the checkpoint, since
that is the primary and most visible means of entry onto aircraft. But
effective checkpoint operations simply are not of themselves
sufficient. Aviation security must also look at other areas to
determine vulnerabilities.
Assessment of passenger risk
We applaud TSA's efforts to use risk-based passenger screening
because it allows TSA to focus on high-risk or unknown passengers
instead of known, vetted passengers who pose less risk to aviation
security.
However, we have had deep concerns about some of TSA's previous
decisions about this risk. For example, we recently assessed the
PreCheck initiative, which is used at about 125 airports to identify
low-risk passengers for expedited airport checkpoint screening.
Starting in 2012, TSA massively increased the use of PreCheck. Some of
the expansion, for example allowing PreCheck to other Federal
Government-vetted or known flying populations, such as those in the CBP
Trusted Traveler Program, made sense. In addition, TSA continues to
promote participation in PreCheck by passengers who apply, pay a fee,
and undergo individualized security threat assessment vetting. I am
encouraged by legislation, originating in this subcommittee, H.R. 2843,
the TSA PreCheck Expansion Act, which I believe would further improve
the use of PreCheck operations.
However, we believe that TSA's use of risk assessment rules, which
granted expedited screening to broad categories of individuals
unrelated to an individual assessment of risk, but rather on some
questionable assumptions about relative risk based on other factors,
created an unacceptable risk to aviation security.\1\ Additionally, TSA
used ``managed inclusion'' for the general public, allowing random
passengers access to PreCheck lanes with no assessment of risk.
Additional layers of security TSA intended to provide, which were meant
to compensate for the lack of risk assessment, were often simply not
present.
---------------------------------------------------------------------------
\1\ As an example of PreCheck's vulnerabilities, we reported that,
through risk assessment rules, a felon who had been imprisoned for
multiple convictions for violent felonies while participating in a
domestic terrorist group was granted expedited screening through
PreCheck.
---------------------------------------------------------------------------
We made a number of recommendations as a result of several audits
and inspections. Disappointingly, when the report was issued, TSA did
not concur with the majority of our 17 recommendations. At the time, I
testified that I believed this represented TSA's failure to understand
the gravity of the risk that they were assuming. I am pleased to
report, however, that we have recently made significant progress in
getting concurrence and compliance with these recommendations.
For example, I am pleased to report that TSA's practice of using
Managed Inclusion has been eliminated. As you know, this subcommittee
held a hearing on the issue of expedited screening in March, at which I
expressed my significant concerns. TSA disagreed with that finding
notwithstanding our recommendation and continued to use Managed
Inclusion. Now, however, I am pleased to report that TSA has reversed
its decision.
However, that report still has an outstanding recommendation
regarding the risk assessment rules to grant expedited screening
through PreCheck lanes. Unfortunately, TSA continues to use these risk
rules.
There is pending legislation originating in this subcommittee, H.R.
3584--the Transportation Security Administration Reform and Improvement
Act of 2015, which has been introduced--that would eliminate the
practice. I urge the administrator to reconsider, in advance of the
passage of this legislation, TSA's non-concurrence with our
recommendation and stop the practice.
Access to secure areas
TSA is responsible, in conjunction with the 450 airports across the
country, to ensure that the secure areas of airports, including the
ability to access aircraft and checked baggage, are truly secure. In
our audit work, we have had reason to question whether that has been
the case. We conducted covert testing in 2012 to see if auditors could
get access to secure areas by a variety of means. While the results of
those tests are Classified, they were similar to the other covert
testing we have done, which was disappointing.
Additionally, as we discuss below, TSA's oversight of airports when
it comes to employee screening needs to be improved. (TSA Can Improve
Aviation Worker Vetting (Redacted), OIG-15-98, June 2015)
I have reviewed the work of this subcommittee as well, and am aware
of the significant vulnerabilities that have been uncovered in the
course of criminal investigations and this subcommittee's hearings. We
are encouraged by the introduction of H.R. 3102, the Airport Access
Control Security Improvement Act of 2015, which requires TSA to
establish a risk-based screening model for airport employees, to look
at the current list of disqualifying offenses, to improve the auditing
procedures TSA uses to check on airport badging operations, and to make
other improvements.
We are doing additional audit and inspection work in this area,
determining whether controls over access media badges issued by airport
operators is adequate. We are also engaging in an audit of the
screening process for the Transportation Worker Identification
Credential program (TWIC) to see whether it is operating effectively
and whether the program's continued eligibility processes ensures that
only eligible TWIC card holders remain eligible.
Other questionable investments in aviation security
TSA uses behavior detection officers to identify passenger
behaviors that may indicate stress, fear, or deception. This program,
Screening Passengers by Observation Techniques (SPOT), includes more
than 2,800 employees and has cost taxpayers about $878 million from
fiscal years 2007 through 2012.
We understand the desire to have such a program. Israel is foremost
in their use of non-physical screening, although the differences in
size, culture, and attitudes about civil liberties make such a program
difficult to adopt in this country. In the United States, sharp-eyed
Government officials were able to assess behavior to prevent entry to
terrorists on two separate occasions:
Ahmed Ressam's plot to blow up the Los Angeles International
Airport on New Year's Eve 1999 was foiled when a U.S. Customs
officer in Port Angeles, Washington, thought Ressam was acting
``hinky'' and directed a search of his car, finding numerous
explosives and timers.
In 2001, a U.S. immigration officer denied entry to the
United States to Mohammed al Qahtani, based on Qahtani's
evasive answers to his questions. Later investigation by the 9/
11 Commission revealed that Qahtani was to be the 20th
hijacker, assigned to the aircraft that ultimately crashed in
Shanksville, Pennsylvania.
However, we have deep concerns that the current program is both
expensive and ineffective. In 2013, we audited the SPOT program and
found that TSA could not ensure that passengers were screened
objectively, nor could it show that the program was cost-effective or
merited expansion. We noted deficiencies in selection and training of
the behavior detection officers. Further, in a November 2013 report on
the program, the Government Accountability Office (GAO) reported that
TSA risked funding activities that had not been determined to be
effective. Specifically, according to its analysis of more than 400
studies, GAO concluded that SPOT program behavioral indicators might
not be effective in identifying people who might pose a risk to
aviation security. TSA has taken steps to implement our recommendations
and improve the program. However, we continue to have questions with
regard to the program and this fiscal year will conduct a Verification
Review, with regard to--among other things--performance management,
training, and financial accountability, and selection, allocation, and
performance of the Behavior Detection Officers.
Likewise, the Federal Air Marshal Program costs the American
taxpayer over $800 million per year. The program was greatly expanded
after 9/11 to guard against a specific type of terrorist incident. In
the intervening years, terrorist operations and intentions have
evolved. We will be auditing the Federal Air Marshal Program this year
to determine whether the significant investment of resources in the
program is justified by the risk.
TSA's role as regulator
TSA has dual responsibilities, one to provide checkpoint security
for passengers and baggage and another to oversee and regulate airport
security provided by airport authorities. The separation of
responsibility for airport security between TSA and the airport
authorities creates a potential vulnerability in safeguarding the
system. The concern about which entity is accountable for protecting
areas other than checkpoints has come up in relation to airport worker
vetting, perimeter security, and cargo transport. We have also assessed
whether TSA is appropriately regulating airports, such as whether it
ensures airports' compliance with security regulations. We have found
shortfalls.
In the case of airport worker vetting, for example, TSA relies on
airports to submit complete and accurate aviation worker application
data for vetting. In a recent audit, we found TSA does not ensure that
airports have a robust verification process for criminal history and
authorization to work in the United States, or sufficiently track the
results of their reviews. TSA also did not have an adequate monitoring
process in place to ensure that airport operators properly adjudicated
credential applicants' criminal histories. TSA officials informed us
that airport officials rarely or almost never documented the results of
their criminal history reviews electronically. Without sufficient
documentation, TSA cannot systematically determine whether individuals
with access to secured areas of the airports are free of disqualifying
criminal events.
As a result, TSA is required to conduct manual reviews of aviation
worker records. Due to the workload at larger airports, this inspection
process may look at as few as 1 percent of all aviation workers'
applications. In addition, inspectors were generally reviewing files
maintained by the airport badging office, which contained photocopies
of aviation worker documents rather than the physical documents
themselves. An official told us that a duplicate of a document could
hinder an inspector's ability to determine whether a document is real
or fake because a photocopy may not be matched to a face and may not
show the security elements contained in the identification document.
Additionally, we identified thousands of aviation worker records
that appeared to have incomplete or inaccurate biographic information.
Without sufficient documentation of criminal histories or reliable
biographical data, TSA cannot systematically determine whether
individuals with access to secured areas of the airports are free of
disqualifying criminal events, and TSA has thus far not addressed the
poor data quality of these records. (TSA Can Improve Aviation Worker
Vetting (Redacted), OIG-15-98, June 2015)
Further, the responsibility for executing perimeter and airport
facility security is in the purview of the 450 local airport
authorities rather than TSA. There is no clear structure for
responsibility, accountability, and authority at most airports, and the
potential lack of local Government resources makes it difficult for TSA
to issue and enforce higher standards to counter new threats.
Unfortunately, intrusion prevention into restricted areas and other
ground security vulnerabilities is a lower priority than checkpoint
operations.
conclusion
Making critical changes to TSA's culture, technology, and processes
is not an easy undertaking. However, a commitment to and persistent
movement towards effecting such changes--including continued progress
towards complying with our recommendations--is paramount to ensuring
transportation security. We recognize and are encouraged by TSA's steps
towards compliance with our recent recommendations. Without a sustained
commitment to addressing known vulnerabilities, the agency risks
compromising the safety of the Nation's transportation systems.
Mr. Chairman, this concludes my prepared statement. I welcome any
questions you or other Members of the subcommittee may have.
Appendix A.--Recent OIG Reports on the Transportation Security
Administration
Covert Testing of the TSA's Passenger Screening Technologies and
Processes at Airport Security Checkpoints (Unclassified Summary), OIG-
15-150, September 2015
Use of Risk Assessment within Secure Flight (Redacted), OIG-14-153,
June 2015
TSA Can Improve Aviation Worker Vetting (Redacted), OIG-15-98, June
2015
The Transportation Security Administration Does Not Properly Manage Its
Airport Screening Equipment Maintenance Program, OIG-15-86, May 2015
Allegation of Granting Expedited Screening through TSA PreCheck
Improperly (Redacted), OIG-15-45, March 2015
Security Enhancements Needed to the TSA PreCheck Initiative
(Unclassified Summary), OIG-15-29, January 2015
Vulnerabilities Exist in TSA's Checked Baggage Screening Operations
(Unclassified Spotlight), OIG-14-142, September 2014
Appendix B.--Status of Recommendations for Selected OIG Reports on TSA
(As of 9.22.15)
--------------------------------------------------------------------------------------------------------------------------------------------------------
Report No. Report Title Date Issued Recommendation Current Status Mgmt. Response
--------------------------------------------------------------------------------------------------------------------------------------------------------
OIG-11-47........................ DHS Department-wide 3/2/2011 We recommend that the Deputy Closed.............. Agreed.
Management of Detection Under Secretary for Management
Equipment. reestablish the Joint
Requirements Council.
OIG-11-47........................ DHS Department-wide 3/2/2011 We recommend that the Deputy Closed.............. Agreed.
Management of Detection Under Secretary for
Equipment. Management: Establish a
commodity council for
detection equipment,
responsible for: Coordinating,
communicating, and, where
appropriate, strategically
sourcing items at the
Department level or
identifying a single-source
commodity manager;
Standardizing purchases for
similar detection equipment;
and Developing a data
dictionary that standardizes
data elements in inventory
accounts for detection
equipment.
OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed.............. Agreed.
Administration Sensitive Security Information.
Penetration Testing of
Advanced Imaging
Technology.
OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed.............. No Response.
Administration Sensitive Security Information.
Penetration Testing of
Advanced Imaging
Technology.
OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed*............. Agreed.
Administration Sensitive Security Information.
Penetration Testing of
Advanced Imaging
Technology.
OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed*............. Agreed.
Administration Sensitive Security Information.
Penetration Testing of
Advanced Imaging
Technology.
OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed.............. Agreed.
Administration Sensitive Security Information.
Penetration Testing of
Advanced Imaging
Technology.
OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed.............. Agreed.
Administration Sensitive Security Information.
Penetration Testing of
Advanced Imaging
Technology.
OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed.............. Agreed.
Administration Sensitive Security Information.
Penetration Testing of
Advanced Imaging
Technology.
OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed.............. Agreed.
Administration Sensitive Security Information.
Penetration Testing of
Advanced Imaging
Technology.
OIG-13-91........................ Transportation Security 5/29/2013 We recommend that the Assistant Closed.............. Agreed.
Administration's Administrator, Office of
Screening of Passengers Security Capabilities develop
by Observation and implement a comprehensive
Techniques. strategic plan for the
Screening of Passengers by
Observation Techniques (SPOT)
program that includes--
Mission, goals, objectives,
and a system to measure
performance; A training
strategy that addresses the
goals and objectives of the
SPOT program; A plan to
identify external partners
integral to program success,
such as law enforcement
agencies, and take steps to
ensure that effective
relationships are established;
and, A financial plan that
includes identification of
priorities, goals, objectives,
and measures; needs analysis;
budget formulation and
execution; and expenditure
tracking.
OIG-13-91........................ Transportation Security 5/29/2013 We recommend that the Assistant Closed.............. Agreed.
Administration's Administrator, Office of
Screening of Passengers Security Capabilities develop
by Observation and implement controls to
Techniques. ensure completeness, accuracy,
authorization, and validity of
referral data entered into the
Performance Measurement
Information System.
OIG-13-91........................ Transportation Security 5/29/2013 We recommend that the Assistant Closed.............. Agreed.
Administration's Administrator, Office of
Screening of Passengers Security Capabilities develop
by Observation and implement a plan that
Techniques. provides recurrent training to
Behavior Detection Officer
(BDO) instructors and BDOs.
OIG-13-91........................ Transportation Security 5/29/2013 We recommend that the Assistant Closed.............. Agreed.
Administration's Administrator, Office of
Screening of Passengers Security Capabilities develop
by Observation and implement a plan to assess
Techniques. BDO instructor performance in
required core competencies on
a regular basis.
OIG-13-91........................ Transportation Security 5/29/2013 We recommend that the Assistant Closed.............. Agreed.
Administration's Administrator, Office of
Screening of Passengers Security Capabilities monitor
by Observation and track the use of BDOs for
Techniques. non-SPOT related duties to
ensure BDOs are used in a cost-
effective manner and in
accordance with the mission of
the SPOT program.
OIG-13-91........................ Transportation Security 5/29/2013 We recommend that the Assistant Closed.............. Agreed.
Administration's Administrator, Office of
Screening of Passengers Security Capabilities develop
by Observation and implement a process for
Techniques. identifying and addressing
issues that may directly
affect the success of the SPOT
program such as the selection,
allocation, and performance of
BDOs.
OIG-13-99........................ Transportation Security 6/20/2013 We recommend that the Closed.............. Agreed.
Administration's Transportation Security
Screening Partnership Administration Deputy
Program. Administrator expedite
developing and implementing
procedures to ensure that
decisions on Screening
Partnership Program
applications and procurements
are fully documented according
to applicable Department and
Federal guidance.
OIG-13-99........................ Transportation Security 6/20/2013 We recommend that the Closed.............. Agreed.
Administration's Transportation Security
Screening Partnership Administration Deputy
Program. Administrator establish and
implement quality assurance
procedures to ensure that the
most relevant and accurate
information is used when
determining eligibility and
approving airports'
participation in the Screening
Partnership Program.
OIG-13-120....................... Transportation Security 9/16/2013 We recommend that the Deputy Closed.............. Agreed.
Administration's Administrator, Transportation
Deployment and Use of Security Administration:
Advanced Imaging Develop and approve a single,
Technology. comprehensive deployment
strategy that addresses short-
and long-term goals for
screening equipment.
OIG-13-120....................... Transportation Security 9/16/2013 We recommend that the Deputy Closed*............. Agreed.
Administration's Administrator, Transportation
Deployment and Use of Security Administration:
Advanced Imaging Develop and implement a
Technology. disciplined system of internal
controls from data entry to
reporting to ensure PMIS data
integrity.
OIG-14-142....................... (U) Vulnerabilities Exist 9/9/2014 This recommendation is Closed.............. Agreed.
in TSA's Checked Baggage Classified.
Screening Operations.
OIG-14-142....................... (U) Vulnerabilities Exist 9/9/2014 This recommendation is Open--Resolved...... Agreed.
in TSA's Checked Baggage Classified.
Screening Operations.
OIG-14-142....................... (U) Vulnerabilities Exist 9/9/2014 This recommendation is Closed*............. Agreed.
in TSA's Checked Baggage Classified.
Screening Operations.
OIG-14-142....................... (U) Vulnerabilities Exist 12/16/2014 This recommendation is Open--Resolved...... Agreed.
in TSA's Checked Baggage Classified.
Screening Operations.
OIG-14-142....................... (U) Vulnerabilities Exist 12/16/2014 This recommendation is Open--Unresolved.... Agreed.
in TSA's Checked Baggage Classified.
Screening Operations.
OIG-14-153....................... Use of Risk Assessment 9/9/2014 Recommendation includes Open--Resolved...... Agreed.**
within Secure Flight. Sensitive Security Information.
OIG-14-153....................... Use of Risk Assessment 9/9/2014 Recommendation includes Closed.............. Agreed.
within Secure Flight. Sensitive Security Information.
OIG-14-153....................... Use of Risk Assessment 9/9/2014 Recommendation includes Closed*............. Agreed.**
within Secure Flight. Sensitive Security Information.
OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Unresolved.... Disagreed.
Needed to the TSA Sensitive Security Information.
PreCheckTM Initiative.
OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved...... Agreed.
Needed to the TSA Sensitive Security Information.
PreCheckTM Initiative.
OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved...... Agreed.
Needed to the TSA Sensitive Security Information.
PreCheckTM Initiative.
OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved...... Agreed.
Needed to the TSA Sensitive Security Information.
PreCheckTM Initiative.
OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved...... Agreed.**
Needed to the TSA Sensitive Security Information.
PreCheckTM Initiative.
OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved...... Agreed.
Needed to the TSA Sensitive Security Information.
PreCheckTM Initiative.
OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved*..... Agreed.
Needed to the TSA Sensitive Security Information.
PreCheckTM Initiative.
OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Closed*............. Agreed.**
Needed to the TSA Sensitive Security Information.
PreCheckTM Initiative.
OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved...... Agreed.**
Needed to the TSA Sensitive Security Information.
PreCheckTM Initiative.
OIG-15-29........................ Security Enhancements 1/28/2015 We recommend that the TSA Open--Resolved*..... Agreed.**
Needed to the TSA Assistant Administrator for
PreCheckTM Initiative. the Office of Intelligence and
Analysis: Employ exclusion
factors to refer TSA
PreCheckTM passengers to
standard security lane
screening at random intervals.
OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Closed*............. Agreed.
Needed to the TSA Sensitive Security Information.
PreCheckTM Initiative.
OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Closed*............. Agreed.
Needed to the TSA Sensitive Security Information.
PreCheckTM Initiative.
OIG-15-29........................ Security Enhancements 1/28/2015 We recommend that the TSA Open--Resolved...... Agreed.**
Needed to the TSA Assistant Administrator for
PreCheckTM Initiative. the Office of Security
Operations: Develop and
implement a strategy to
address the TSA PreCheckTM
lane covert testing results.
OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved...... Agreed.**
Needed to the TSA Sensitive Security Information.
PreCheckTM Initiative.
OIG-15-29........................ Security Enhancements 1/28/2015 We recommend that the TSA Open--Resolved...... Agreed.
Needed to the TSA Assistant Administrator for
PreCheckTM Initiative. the Office of Intelligence and
Analysis: Provide an
explanation of TSA PreCheckTM
rules and responsibilities to
all enrollment center
applicants and include this
information in eligibility
letters.
OIG-15-29........................ Security Enhancements 1/28/2015 We recommend that the TSA Open--Resolved...... Agreed.**
Needed to the TSA Assistant Administrator for
PreCheckTM Initiative. the Office of Intelligence and
Analysis: Coordinate with
Federal Government and private
partners to ensure all TSA
PreCheckTM eligible
populations receive the rules
and responsibilities when
notifying participants of
eligibility.
OIG-15-29........................ Security Enhancements 1/28/2015 We recommend that the TSA Chief Open--Resolved...... Agreed.
Needed to the TSA Risk Officer: Develop
PreCheckTM Initiative. consolidated guidance
outlining processes and
procedures for all offices
involved in the TSA PreCheckTM
initiative.
OIG-15-45........................ Allegations of Granting 3/16/2015 Recommendation includes Open--Unresolved.... Disagreed.
Expedited Screening Sensitive Security Information.
through TSA PreCheck
Improperly (OSC File No.
DI-14-3679).
OIG-15-45........................ Allegations of Granting 3/16/2015 We recommend that the TSA Closed*............. Agreed.
Expedited Screening Assistant Administrator for
through TSA PreCheck Security Operations: Modify
Improperly (OSC File No. standard operating procedures
DI-14-3679). to clarify Transportation
Security Officer (TSO) and
supervisory TSO authority to
refer passengers with TSA
PreCheck boarding passes to
standard screening lanes when
they believe that the
passenger should not be
eligible for TSA PreCheck
screening.
OIG-15-86........................ The Transportation 5/6/2015 We recommend that TSA's Office Open--Resolved*..... Agreed.
Security Administration of Security Capabilities and
Does Not Properly Manage Office of Security Operations
Its Airport Screening develop and implement a
Equipment Maintenance preventive maintenance
Program. validation process to verify
that required routine
maintenance activities are
completed according to
contractual requirements and
manufacturers' specifications.
These procedures should also
include instruction for
appropriate TSA airport
personnel on documenting the
performance of Level 1
preventive maintenance actions.
OIG-15-86........................ The Transportation 5/6/2015 We recommend that TSA's Office Open--Resolved*..... Agreed.
Security Administration of Security Capabilities and
Does Not Properly Manage Office of Security Operations:
Its Airport Screening Develop and implement policies
Equipment Maintenance and procedures to ensure that
Program. local TSA airport personnel
verify and document
contractors' completion of
corrective maintenance
actions. These procedures
should also include quality
assurance steps that would
ensure the integrity of the
information collected.
OIG-15-86........................ The Transportation 5/6/2015 We recommend TSA's Office of Open--Resolved*..... Agreed.
Security Administration Acquisition enhance future
Does Not Properly Manage screening equipment
Its Airport Screening maintenance contracts by
Equipment Maintenance including penalties for
Program. noncompliance when it is
determined that either
preventive or corrective
maintenance has not been
completed according to
contractual requirements and
manufacturers' specifications.
--------------------------------------------------------------------------------------------------------------------------------------------------------
* These recommendations were either resolved or closed within the last 6 months.
** TSA management changed their response from disagreed to agreed.
Appendix C.--Current and Planned OIG Work on TSA
PROJECTS IN-PROGRESS
------------------------------------------------------------------------
Project Topic Objective
------------------------------------------------------------------------
TSA Security Vetting of Passenger Rail Determine the extent to which
Reservation Systems. TSA has policies, processes,
and oversight measures to
improve security at the
National Railroad Passenger
Corporation (AMTRAK).
Reliability of TWIC Background Check Determine whether the screening
Process. process for the Transportation
Worker Identification
Credential program (TWIC) is
operating effectively and
whether the program's
continued eligibility
processes ensure that only
eligible TWIC card holders
remain eligible.
TSA's Security Technology Integrated Determine whether TSA has
Program (STIP). incorporated adequate IT
security controls for
passenger and baggage
screening STIP equipment to
ensure it is performing as
required.
TSA's Controls Over Access Media Badges Identify and test selected
controls over access media
badges issued by airport
operators.
TSA's Risk-Based Strategy.............. Determine the extent to which
TSA's intelligence-driven,
risk-based strategy informs
security and resource
decisions to protect the
traveling public and the
Nation's transportation
systems.
TSA's Office of Human Capital Contracts Determine whether TSA's human
capital contracts are managed
effectively, comply with DHS's
acquisition guidelines, and
are achieving expected goals.
------------------------------------------------------------------------
UPCOMING PROJECTS
------------------------------------------------------------------------
Project Topic Objective
------------------------------------------------------------------------
Federal Air Marshal Service's Oversight Determine whether the Federal
of Civil Aviation Security. Air Marshal Service adequately
manages its resources to
detect, deter, and defeat
threats to the civil aviation
system.
TSA Carry-On Baggage Penetration Determine the effectiveness of
Testing. TSA's carry-on baggage
screening technologies and
checkpoint screener
performance in identifying and
resolving potential security
threats at airport security
checkpoints.
Airport Security Capping Report........ Synthesize the results of our
airport security evaluations
into a capping report that
groups and summarizes
identified weaknesses and root
causes and recommends how TSA
can systematically and
proactively address these
issues at airports Nation-
wide.
TSA's Classification Program........... Determine whether TSA is
effectively managing its
classification program and its
use of the Sensitive Security
Information designation.
TSA's Office of Intelligence and Determine whether TSA's Office
Analysis. of Intelligence and Analysis
is effectively meeting its
mission mandates.
------------------------------------------------------------------------
Mr. Katko. Those questions are indeed forthcoming, but
before that Mr. Roth, I want to thank you for your testimony. I
appreciate you being here.
I want to hear from our second witness, Administrator
Neffenger, who I am sure the honeymoon is indeed over. You were
confirmed in June 2015 as the sixth administrator of the TSA.
You lead the security operations at more than 450 airports
within the United States, and a workforce of almost 60,000
employees. Prior to joining TSA, Administrator Neffenger served
admirably as the 29th vice commandant of the U.S. Coast Guard,
and the Coast Guard's deputy commandant for operations. The
Chair now recognizes Admiral Neffenger for his testimony.
STATEMENT OF THE HONORABLE PETER NEFFENGER, ADMINISTRATOR,
TRANSPORTATION SECURITY ADMINISTRATION, U.S. DEPARTMENT OF
HOMELAND SECURITY
Admiral Neffenger. Thank you, and good afternoon Chairman
Katko, Ranking Member Rice, distinguished Members of the
subcommittee, and thank you for the opportunity to testify on
my vision for answering these concerns and evolving the
Transportation Security Administration.
As you noted, Mr. Chairman, TSA was founded from crisis,
and has continued to evolve throughout its existence. Careful
and sustained oversight by Congress, and audits by the
Inspector General and GAO are critical elements of this
process, and I am a strong supporter of such. I thank you for
the support each of you has provided in exercising that
oversight. I also want to thank Inspector General Roth for
identifying areas for improvement in TSA. I met with him prior
to my confirmation and met with him again during my first month
as administrator to relay the seriousness with which I take his
work. His team has been invaluable in helping us to identify
the root causes of the recent covert testing results, and I
thank him for his encouraging assessment of our new direction.
That direction is a reflection of my vision on how we
approach the continuing evolution of TSA. As you noted, I am
now 3 months into the job, and during that time, I have
traveled to about 15 airports and numerous Federal Air Marshal
offices across the country. I have also visited our partners in
the United Kingdom, France, and the Netherlands, and I met with
our stakeholders from the airlines, travel industry, and
airport operators from major airports, including Los Angeles,
Atlanta, Dallas, and Chicago. I have also been engaging with
surface stakeholders and passenger rail and light rail both
here and in Europe.
Throughout all of these visits, I have been thoroughly
impressed with the professionals who occupy our ranks. I am
speaking specifically of our front-line transportation security
officers. In addition to our air marshals, our inspectors, and
other employees, each of whom swore an oath to serve their
Nation in a mission that encounters nearly 2 million travelers
a day in the aviation sector alone. I have been impressed with
the collaboration I have seen across the transportation
enterprise and I am pleased that the range of capabilities our
Federal, State, and local partners bring to bear across every
sector.
These complex systems require that we systematically
examine them and consider them as a whole; that we integrate
this wide range of public and private capabilities, that we
benchmark and apply best practices across the enterprise, and
that we seek global consistency.
I can assure you that as we move forward, we remain an
intelligence-driven, risk-based counterterrorism agency with a
well-defined statement of mission, clear and unequivocal
standards of performance, training, and resourcing that enabled
the workforce to achieve success, and a relentless pursuit of
excellence and accountability.
We will conduct counterterrorism operations with discipline
and competence. We will invest in deliberately developing our
workforce, and we will field advance capabilities responsive to
a pervasive and dynamic threat. We have a no-fail mission, one
for which the consequences of a successful attack overwhelm the
risk equation and for which we must ensure we deliver mission
success.
My immediate priority is to pursue solutions to the recent
covert testing failures and I believe we are making significant
progress in doing so. In response to the IG's findings, we have
implemented an action plan to ensure leadership accountability,
improve alarm resolution, increase effectiveness and
deterrence, increase threat testing, and strengthen our
procedures.
We have also responded vigorously to Secretary Johnson's
10-point plan to review and assess screening operations,
including training for the entire screening workforce, testing
and improving the technology, and implementing these new
procedures. We will continue to implement this plan of action
and provide regular updates to you and to the Secretary.
Of utmost concern is determining root causes for the
failures noted. Our conclusion is that the screening
effectiveness challenges were not merely a performance problem,
nor were they a failure of the advanced imaging technology.
Indeed, this technology has greatly enhanced our ability to
detect threats and it continues to perform to expected
standards when deployed and used properly.
Strong drivers of the problem, however, include leadership
focus, environmental influences, and gaps in system design and
processes along with a disproportionate focus on efficiency and
speed in screening operations rather than security and
effectiveness. These powerfully influenced organizational
culture and officer performance. As a result, there was
significant pressure to clear passengers quickly at the risk of
not diligently resolving alarms.
Our analysis also revealed our officers did not fully
understand the capabilities and limitations of the equipment
and several procedures were inadequate to resolve alarms. We
have trained our officers to understand and use the equipment
properly and we have corrected our procedures. Solutions
require a renewed focus on security, streamlined effective
procedures, investments in technology, and realistic,
consistent, standardized training along with a new balance
between effectiveness and efficiency. We must support our
officers as they perform their duties.
We will continue to partner with our airlines and other
members of the travel and airport industry to ensure that we
can reduce stress on the checkpoint and we will right-size and
re-source TSA appropriately. Our near-term solutions will halt
further reductions in officer staffing to support our revised
screening efforts, provide consistent high-quality training at
a centralized location, and enhance our technology.
Our Mission Essentials Training conducted over the past 2
months with every front-line officer and leader across TSA has
helped to reset our focus on security effectiveness, and most
critically, has enhanced our officers' knowledge of the
screening systems that they operate.
I refer repeatedly how valuable this information is to our
officers. I need to now extend that into our new-hire training
across the country. We need greater consistency and efficiency
in its delivery, and we must do more to establish a
professional foundation that is required of a high-performing
counterterrorism organization.
As such, I am committed to expanding our existing TSA
Academy at the Federal Law Enforcement Training Center and plan
to send all new-hire TSOs to basic training beginning in
January 2016. Centralized training in a formal, professional
academy ensures consistency and professionalism, produces
greater enthusiasm, increased confidence and skills, and
connectedness to a common agency culture and focus on mission.
We must ensure the appropriate measures of effectiveness
are in place to drive an institutional focus on our primary
mission. We must employ a culture of operational evolution, one
that constantly reassesses assumptions, plans, and processes,
so we are able to rapidly field new concepts of operation and
we must deliver an effective system and earn the confidence of
the traveling public through competence, discipline,
performance, and professionalism.
We face a critical turning point in evolving TSA, both to
address these recent findings and begin our investment in a
strategic approach to securing the transportation sector. As
such, I am committed to ensuring that we do so, that we employ
multiple elements in intelligence-driven operations, while
discarding a one-size-fits-all approach that we recruit and
retain a highly-trained workforce, with accountability and high
standards of performance.
Chairman Katko, Ranking Member Rice, we have an incredible
challenge ahead of us, but I know that TSA is up to the task. I
thank you for the opportunity to appear before you today, and I
look forward to your questions.
[The prepared statement of Admiral Neffenger follows:]
Prepared Statement of Peter Neffenger
October 8, 2015
Good afternoon Chairman Katko, Ranking Member Rice, and
distinguished Members of the subcommittee. Thank you for the
opportunity to testify on my vision for evolving the Transportation
Security Administration (TSA).
Since its creation following the terrorist attacks of September 11,
2001, TSA has played an invaluable role in protecting the traveling
public. Fourteen years after the 9/11 attacks, we face threats more
dangerous than at any time in the recent past. Terrorist groups and
aspiring violent extremists, inspired by messages of hatred and
violence, remain intent on striking our Nation's aviation system as
well as other transportation modes. The threat is decentralized,
diffuse, and quite complex.
These persistent and evolving threats are TSA's most pressing
challenge and require an intense and sustained focus on our security
missions. We remain deeply committed to ensuring that TSA remains a
high-performing, risk-based intelligence-driven counterterrorism
organization. We are working diligently to ensure we recruit, train,
develop, and lead a mission ready and highly-capable workforce, placing
a premium on professional values and personal accountability. Further,
we will pursue advanced and innovative capabilities that our mission
requires to deter, detect, and disrupt threats to our Nation's
transportations systems, with a clear understanding that we must
continue to optimize today's capabilities while envisioning future
methods of achieving success.
I am intently focused on leading TSA strategically, developing and
supporting our workforce, and investing appropriately, to deliver on
our vital security mission.
improving aviation screening operations
My highest priority for TSA is determining root causes and
implementing solutions to address the recent covert testing of TSA's
checkpoint operations and technology conducted by the Department of
Homeland Security (DHS) Office of Inspector General (OIG). I was
greatly disturbed by TSA's failure rate on these tests, and have met
with the Inspector General on several occasions to better understand
the nature of the failures and the scope of the corrective actions
needed.
Screening operations are a core mission of TSA. In fiscal year
2014, our officers screened approximately 660 million passengers and
nearly 2 billion carry-on and checked bags. Through their diligent
daily efforts, our officers prevented over 180,000 dangerous and/or
prohibited items, including over 2,200 firearms, from being carried
onto planes. In addition, our workforce vetted a daily average of 6
million air passengers against the United States. Government's
Terrorist Screening Database, preventing those who may wish to do us
harm from boarding aircraft, and conducting enhanced screening of
passengers and their baggage prior to allowing them to board an
aircraft. In conjunction with these screening efforts, and using
intelligence-driven analysis, TSA's Federal Air Marshals also protected
thousands of flights. To ensure compliance with aviation security
requirements, in fiscal year 2014 TSA Inspectors completed over 1,054
airport inspections, nearly 18,000 aircraft operator inspections, and
almost 3,000 foreign air carrier inspections to ensure compliance with
aviation security requirements. Still, as recent and prior testing
shows, we must continue to formulate solutions that will enhance our
effectiveness at checkpoint screening operations.
It is important to acknowledge that the OIG covert tests, as a part
of their design, focused on a discrete segment of TSA's myriad
capabilities of detecting and disrupting threats to aviation security.
TSA conducts similar, more extensive testing that is part of a
deliberate process designed to defeat and subsequently improve our
performance, processes, and screening technologies. TSA's covert
testing program, along with the OIG's covert testing, provides
invaluable lessons learned, highlighting areas in which the agency
needs improvement in detecting threats. Such testing is an important
element in the continual evolution of aviation security.
As we pursue solutions to the challenges presented by recent and
on-going covert testing, there are several critical concepts that must
be in place. TSA must ensure that its value proposition is well-
defined, clearly-communicated, understood and applied across the entire
workforce and mission enterprise. From my first day on the job, I have
made it clear that we are first and foremost a security organization.
Our mission is to deter, detect, and disrupt threats, and we must
ensure every officer, inspector, air marshal, and member of our agency
remains laser-focused on this mission. In addition, we must ensure the
appropriate measures of effectiveness are in place to drive an
institutional focus on the primary security objectives for all modes of
transportation, and renewed emphasis on aviation measures.
We have demonstrated our ability to efficiently screen passengers:
However, it is clear that we now must improve our effectiveness. By
focusing on the basic fundamentals of security screening, and by
readjusting the measurements of success to focus on security rather
than speed, and by measuring what we value most, we can adjust the
institutional focus and adapt the culture to deliver success. TSA must
adopt a culture of operational evolution, one that constantly questions
assumptions, plans, and processes, and is able to rapidly field new
concepts of operation, performance standards and capabilities,
particularly given the persistent and adaptive enemy we face.
To drive these important changes, it is essential to understand and
assess appropriately the effectiveness of our aviation security
enterprise, to rigorously pursue initiatives to quickly close
capability and security gaps, and employ our own covert testing and
vulnerability assessments. Delivering an effective security system and
earning the confidence of the traveling public will come only through
competence, disciplined performance, successful results, and
professionalism. These imperatives are essential to address the
immediate challenges, and more broadly, to accomplish the important
mission entrusted to TSA.
In late May, in response to the OIG initial findings, TSA developed
and implemented an immediate action plan built on its understanding of
the known vulnerabilities in checkpoint operations. Consisting of
dozens of individual actions, it was designed to:
(1) ensure leadership accountability;
(2) improve alarm resolution;
(3) increase effectiveness and deterrence;
(4) increase threat testing to sharpen officer performance;
(5) strengthen standard operating procedures;
(6) improve the Advanced Imaging Technology (AIT) system;
(7) deploy additional resolution tools; and
(8) improve human factors, including enhanced training and
operational responses.
Scheduled for completion in March 2016, TSA is actively engaged in
implementing this plan of action and provides regular updates to the
Secretary of Homeland Security as well as frequent updates to the
Congress.
There are a number of immediate actions that have been completed,
including the following: (1) Requiring screening leadership at each
airport to oversee AIT operations to ensure compliance with standard
procedures; (2) requiring each officer to complete initial video-based
training to reinforce proper alarm resolution conversations; (3)
conducting leadership and officer same-day debriefs for threat inject
testing and lessons learned; and (4) performing daily operational
exercises and reinforcement of proper pat-down procedures at least once
per shift to ensure optimal TSO performance.
secretary johnson's ten-point plan
In addition to the TSA action plan, Department of Homeland Security
Secretary Jeh Johnson directed a series of actions, which in
cooperation with TSA, constituted a 10-point plan to address these
findings. TSA is now working aggressively to accomplish these actions.
The plan includes the following:
Briefing all Federal Security Directors at airports Nation-
wide on the OIG's preliminary test results to ensure leadership
awareness and accountability. This was completed in May and
continues regularly. In September, I convened the leadership of
TSA--from across the agency and in every mission area--to
discuss our progress, to clearly convey my expectations, and to
outline my vision for the evolution of our counterterrorism
agency.
Training every Transportation Security Officer (TSO) and
supervisor to address the specific vulnerabilities identified
by the OIG tests. This training also is intended to reemphasize
the value and underscore the importance we place on the
security mission. The training will reemphasize the threat we
face, the design of our security system, integrating technology
with human expertise, the range of tools we employ to detect
threats, and the essential role our officers perform in
resolving alarms. Fundamentally, this training is intended to
explain the ``why'' behind our renewed and intense focus on
security effectiveness. We are also training supervisors and
leaders to ensure they appreciate and support the shift in
emphasis. Most important, we are asking our supervisors to
recognize their critical role in supporting our officers'
renewed focus on alarm resolution. This training began May 29,
2015 and was recently completed at the end of September 2015.
Increasing manual screening measures, including
reintroducing hand-held metal detectors to resolve alarms at
the checkpoint. This has been underway since mid-June and
reinforces our ability to detect the full range of threats.
Increasing the use of random explosives trace detection,
which also started in mid-June, enhancing detection
capabilities to a range of threat vectors.
Re-testing and re-evaluating screening equipment to measure
current performance standards. We are retesting the systems in
the airports tested by the Inspector General and assessing
performance of the field systems against those in the labs to
ensure optimal performance. This testing, which began in June
and is on-going, will help us to more fully understand and
strengthen equipment performance across the enterprise.
Assessing areas where screening technology equipment can be
enhanced. This includes new software, new operating concepts,
and technology upgrades in collaboration with our private-
sector partners.
Evaluating the current practice of including non-vetted
populations in expedited screening. We continue to take steps
to ensure that we have a more fully-vetted population of
travelers exposed to screening in our expedited lanes. For
example, as of September 12, the practice of Managed Inclusion-
2 is no longer used in daily operations.
Revising TSA's standard operating procedures to include
using TSA supervisors to help resolve situations at security
checkpoints. On June 26, 2015, TSA began field testing new
standard operating procedures at six airports. Lessons learned
will be incorporated and deployed Nation-wide. This procedure
is intended to ensure appropriate resolution techniques are
employed in every situation.
Continuing covert testing to assess the effectiveness of
these actions. For each test, there must be a same-day debrief
with the workforce of outcomes and performance along with
immediate remediation actions. Expansion of our testing also
enhances officer vigilance.
Finally, we have responded vigorously by establishing a team
of TSA and other DHS officials to monitor implementation of
these measures and report to the Secretary and me every 2
weeks. These updates have been on-going since June.
root cause assessment
DHS and TSA are also committed to resolving the root causes of
these test failures. A diverse team of DHS leaders, subject-matter
experts, as well as officers and leaders from the front-line workforce
are examining the underlying problems resulting in our performance
failures and will make recommendations on system-wide solutions for
implementations across the agency.
The team's initial conclusion is that the screening effectiveness
challenges noted by the Inspector General were not merely a performance
problem to be solved solely by retraining our officers. Officer
performance is but one among many of the challenges. TSA front-line
officers have repeatedly demonstrated during their annual proficiency
evaluations that they have the knowledge and the skill to perform the
screening mission well. Nor was this principally a failure of the AIT
technology. These systems have greatly enhanced TSA's ability to detect
and disrupt new and evolving threats to aviation. AIT technology
continues to perform to specification standards when maintained and
employed properly, and we continue to improve its detection
capabilities.
The challenge can be succinctly described as a set of multi-
dimensional factors that have influenced the conduct of screening
operations, creating a disproportionate focus on screening operations
efficiency rather than security effectiveness. These challenges range
across six dimensions: Leadership, technology, workforce performance,
environmental influences, operating procedures, and system design.
Pressures driven by increasing passenger volume, an increase in
checkpoint screening of baggage due to fees charged for checked bags as
well as inconsistent or limited enforcement of size requirements for
hand-carried bags and the one bag plus one personal item (1+1) standard
\1\ create a stressed screening environment at airport checkpoints. The
challenges also include the range of complex rocedures that we ask our
officers to employ, resulting in cognitive overload and personnel not
properly employing the technology or a specific procedure. The
limitations of the technology, the systems detection standards, TSA
officers' lack of training on equipment limitations, and procedures
that failed to resolve the alarms appropriately all undermined our
ability to effectively screen, as noted by the Inspector General's
report.
---------------------------------------------------------------------------
\1\ The Aircraft Operator Standard Security Program, Dated October
21, 2013, requires, with some exceptions for crewmembers, medical
assistance items, musical instruments, duty-free items, and
photographic equipment, that the accessible property for individuals
accessing the sterile area be limited to one bag plus one personal item
per passenger (e.g., purse, briefcase, or laptop computer).
---------------------------------------------------------------------------
A critical component of the problem was confusing messages on the
values of the institution, as expressed in the metrics used to assess
effectiveness and leadership performance. As noted, a prior focus on
measures that emphasized reduced wait times and organizational
efficiency powerfully influenced screening performance as well as
organizational culture. As a result, across TSA, leaders' and officers'
organizational behavior emphasized efficiency outcomes and a pressure
to clear passengers quickly, at the risk of not diligently resolving
alarms. The combined effect of these many variables produced the
performance reported by the Office of the Inspector General.
implementing solutions
Solutions to the challenges facing TSA will require a renewed focus
on the agency's security mission, a commitment to right-sizing and re-
sourcing TSA to effectively secure the aviation enterprise, and an
industry commitment to incentivizing vetting of passengers as well as
creating conditions that can decrease the volume and contents of bags
presented for screening in airports.
For TSA, we must renew our focus on the fundamentals of security,
thereby asking our officers and leaders to strike a new balance between
security effectiveness and line efficiency, to field and diligently
perform appropriate resolution procedures and to close technology and
performance gaps. We need our managers and supervisors to support our
officers when they perform their difficult daily mission. As we move
forward, we are guided by a principled, strategic approach, with
specific projects already underway to advance our goal of ensuring we
deliver on our mission to deter, detect, and disrupt threats to
aviation.
This principled approach extends beyond the immediate findings
identified in the OIG's covert test of checkpoint operations. This
approach also informs our strategy and ability as an agency to
systematically evolve operations, workforce development, and capability
investment, now and in the future. We will systematically review the
prior findings of OIG and GAO reports as well as other sources of
analysis that can inform security effectiveness.
Redefine Value Proposition
First, TSA is in the process of ensuring our focus on security
effectiveness is well-defined and applied across the entire workforce
and mission space. Our ``Mission Essentials--Threat Mitigation''
course, being provided to every officer by the end of September, is our
initial step. We will follow this initial effort with a range of
initiatives to convey these priorities to leaders and officers using
additional tools, such as a statement of the Administrator's Intent,
the National Training Plan, and in our workforce messaging. Redefining
our values as an agency by focusing on threat mitigation and improving
TSO awareness and knowledge of the threat will provide a new and acute
mission focus. Resolving every alarm, with discipline, competence, and
professionalism are the values we are emphasizing to the workforce.
From my initial field visits, I can report that our officers are
hearing, understanding, and applying this new approach.
Communicate New Standards and Expectations
To communicate these new standards, TSA's Office of Intelligence
and Analysis is pursuing an information-sharing project to expand and
ensure standardized information and intelligence sharing to front-line
officers. Expanding the reach of the threat information provided to the
field, enhancing our officers' awareness and understanding of the
threat and the critical role they play in interdicting these threats
creates ownership and a greater commitment to ensuring security
procedures are followed.
Align Measures of Effectiveness to Standards and Expectations
TSA's Office of Security Operations is examining and revising the
current Management Objectives Report to rebalance the field leaders'
scorecard with security effectiveness measures in addition to some
preserved efficiency data. We are operating on the premise that what we
measure are the organizational objectives to which our field leaders
will pay close attention. We expect the first iteration of our new
measures to be in the field by early October 2015.
Design System to Achieve Desired Outcome
The aviation security system must interdict the full range of
threats on the Prohibited Items List and evolving threats that require
our immediate action. Our concept of operations review project, run by
the Operations Performance and Mission Analysis Divisions, is further
identifying system-wide gaps and vulnerabilities and how to ensure the
traveling public is exposed to our mission-essential detection
capabilities when transiting the screening checkpoint. The results of
this analysis may lead to a range of recommended improvements, from
clarification of pat-down procedures to fielding decisions for new
technologies.
Eliminate Gaps and Vulnerabilities in Achieving Desired End-State
Our work in analyzing the root causes has identified a range of
vulnerabilities in TSA; however, there is no single office or
accountable official charged with systemically tracking our
vulnerability mitigation efforts. Centralizing these activities under a
single official should drive systemic research, development, and
fielding of new capabilities. Our TSA Office of the Chief Risk Officer
is managing this project.
Evaluate Performance by Using the New Values, Standards, and
Expectations
To motivate behavior, supervisors must clearly communicate the
performance objectives they expect from their subordinate officers and
leaders. Our Chief of Human Capital is working an initiative we are
calling the ``Performance Evaluation Project,'' which is designed to
ensure the appropriate focus on desired mission outcomes is imbedded
within Annual Performance Plans. These new standards will be used for
the performance period that started on October 1, 2015.
Incentivize Performance to Enact Values, Standard, and Expectations
Several of our field leaders and officers have also recommended a
Model Transportation Security Officer Project to determine model
performance criteria. The project is intended to incentivize
performance and emphasize the values and standards front-line employees
are expected to uphold across the enterprise. I am a strong proponent
of incentivizing performance, as this can be a powerful instrument to
drive employee behaviors. Through these efforts, we intend to convey
our values, measure them, and evaluate performance against these new
expectations, uniting the TSA workforce behind critical agency reforms
that will deliver organizational alignment and strengthen our security
posture.
Finally, we will continue to partner with the trade and travel
industry, the airlines, and airport operators to identify solutions
that can fundamentally alter the reality on the ground for our
screening workforce.
A key element of our solution set will be reassessing the screening
workforce staffing baseline. Budgeted staffing levels for fiscal year
2016, planned more than a year in advance of the covert testing
failures, presumed a significant increase in the vetted traveling
population which, combined with Managed Inclusion, allowed for a
smaller workforce. We are reassessing screener workforce staffing needs
and planning additional adjustments to support training and operational
enhancements, all to ensure future staffing reductions remain rational
choices that balance effectiveness with efficiency. Additionally, we
look forward to working with the Congress to identify means of adding
additional field intelligence officers to ensure every field operation
is supported with a dedicated intelligence officer to facilitate
information sharing, and to expand our efforts at the TSA Academy to
train the workforce. Finally, we expect to invest in Advanced Imaging
Technology detection upgrades based on the OIG findings.
mission essentials training
Given the importance of training to our mission, I would like to
elaborate on TSA's approach to training following the OIG covert
testing results. It is critical that we train out these failures so we
do not repeat the mistakes, including those which could have
catastrophic consequences. As of October 1, we have trained the
specifics of the failures to virtually every front-line member and
leader of TSA.
This training, referred to as ``Mission Essentials--Threat
Mitigation,'' builds our workforce understanding of the link among
intelligence, technology, and the procedures they perform. The training
advances our new value proposition by: (1) Providing a detailed
intelligence briefing on the current threat; (2) discussing passenger
tactics and techniques that may be used to dissuade the TSOs from
thoroughly performing their screening duties and what counter-measures
they can employ; (3) reviewing recent procedural changes for screening
individuals who present themselves as having a disability; (4)
practicing pat-down procedures with the goal of finding components of
improvised explosive devices; and (5) exploring the capabilities and
limitations of the checkpoint equipment and how the TSO can by
following proper procedures. I have been encouraged to see our TSOs
embracing the principles of Mission Essentials training.
Through this training, our employees are being taught how to
respond to social engineering--techniques used by passengers seeking to
manipulate our screening workforce and avoid regular processes. As I
meet with these employees in my travels to airports throughout the
country, I have heard repeatedly that they wished they had this
valuable information. As such, I have charged TSA's senior leaders to
plan to send all new-hire TSOs to the TSA Academy at the Federal Law
Enforcement Training Center in Glynco, GA, for TSO-basic training
beginning in January 2016. Most of our major counterterrorism partners
in security and law enforcement send their employees through similar-
type academies to ensure a laser-focus on mission, and we should as
well. We recognize this initiative may require additional resources,
and look forward to working with the committee accordingly.
future of screening
As we envision the future of screening, even in the context of the
current challenges, I remain a strong proponent of a risk-based
approach to security. The vast majority of people, goods, and services
moving through our transportation systems are legitimate and pose
minimal risk. To support our risk-based approach, it is critical to
continue growing the population of fully-vetted travelers, such as
those participating in TSA PreCheckTM or in other DHS
trusted traveler programs. In parallel, I am also reviewing expedited
screening concepts with the intent of moving away from unvetted
travelers. This multi-pronged, risk-based approach will result in
separating known and unknown travelers, with known travelers receiving
expedited screening and other travelers, some high-threat, receiving
more extensive screening.
I envision a future where some known travelers will be as vetted
and trusted as flight crews. Technology on the horizon may support
passengers becoming their own ``boarding passes'' by using biometrics,
such as fingerprint scans, to verify identities linked to Secure
Flight. The Credential Authentication Technology (CAT) is the first
step in this process and will provide TSOs with real-time
authentication of a passenger's identity credentials and travel
itinerary.
A second objective is to screen at the ``speed of life'' with an
integrated screening system that combines metal detection, non-metallic
anomaly detection, shoe X-ray, and explosive vapor detection.
Prototypes of these machines exist, which hold great promise for the
traveling public.
Purposeful checkpoint and airport designs that facilitate screening
advances are also a future approach. At Los Angeles International
Airport (LAX) Tom Bradley International Terminal, recent innovative
renovations have been completed so that screening operations are
seamlessly integrated into the movement and flow of the traveling
public. This effort will continue, with 6 out of 8 terminals at LAX
scheduled for design and renovation. Other locations, such as Dulles
International Airport (IAD), have dedicated checkpoints that separate
expedited screening from other operations, allowing TSOs to follow the
appropriate concepts of operations with greater focus and clarity.
While some airports may not be able to take the same approach, the
future of screening is based on fulfilling the promise of risk-based
security. By increasing the number of fully-vetted passengers and
enhancing the effectiveness and efficiency of physical screening, I am
committed to refining and advancing our risk-based security strategy. I
look forward to working with this committee and the Congress to chart a
way forward in this regard.
conclusion
Chairman Katko, Ranking Member Rice, we have an incredible
challenge ahead of us. Still, I know TSA is up to the task, and will
adjust its focus from one based on speed and efficiency to one based on
security effectiveness. We are on the front lines of a critical
counterterrorism fight and our workforce is willing and able to do the
job. I thank you for the opportunity to appear before you today and
sincerely appreciate your time and attention. I look forward to your
questions.
Mr. Katko. Thank you, Administrator Neffenger.
I called you Admiral or Administrator, either one. It is
interchangeable, I guess. But thank you again for your
testimony. I appreciate the fact that you are responding
rapidly, and recognizing, and embracing the problems, and
trying to find solutions. I am encouraged by that. We all are.
We look forward during the course of the questioning here today
to talk about moving forward, what is the plan, and we hope you
weave that into your testimony as we go through it today.
I also thank you for rearranging your schedule to be here
with us today. I now recognize myself for 5 minutes to ask
questions.
I will start by observing the nature and tenor of this
hearing and how it is different from the other ones that we
have had. The other hearings we have had so far, and we have
had 7 subcommittee hearings. This is the seventh one, I
believe, which is more than any in all of Homeland Security,
and perhaps more than most in Congress. The reason is because
there is a lot to do. There is a lot of issues to examine.
At the forefront of examining of those issues has been the
Inspector General, and we appreciate that. Like we said
earlier, by Miss Rice, I believe, or someone, more than 100
such reports have been done by the Inspector General since the
inception of TSA. Those reports are revealing and also at times
troubling. Since we got into the hearings this year, we did one
on the Atlanta gun trafficking case which exposed 170 guns
being trafficked by employees through supposedly secure access
points. It exposed a major weakness in the airline aviation
system and that is employee access controls, which are sorely
lacking. That was exacerbated by a number of cases recently in
Dallas/Fort Worth, and LAX, and Oakland, and elsewhere where
major drug trafficking rings had been disrupted.
One of those rings, at the preliminary hearing, one of the
employees was bragging about the fact that he could bring
anything through there, including a bomb, which is incredibly
troubling. Instead of having an oh-my-God-moment by the
airports, we hear a lot of pushback about costs, and that is
something we are going to have to examine going forward. We
have had a lot of hearings about screenings and the problems
with screenings, a 97 percent fail rate in recent tests. That
is unbelievably troubling.
We have had hearings about PreCheck and Managed Inclusion
and how people are getting pulled out of regular lines into the
PreCheck line without any additional background checks, which
defeats the purpose of PreCheck.
We have heard about the Federal Air Marshal Service and we
had a good productive hearing with them and then we found out
that after that, Federal Air Marshals are filling sessions with
prostitutes in hotels paid for with Government credit cards,
and Lord knows what else is going on. That is troubling too.
We have also heard some things about private screenings
from the Inspector General. This all points up that, I think,
and underscores the belief by the Inspector General himself
that sometimes--and it is not on your watch, Mr. Neffenger, but
sometimes, many times, TSA has not responded. That leads me to
the conclusion that TSA, while a young agency, has become a
very bureaucratized agency already, too slow to respond and not
nimble enough to respond.
So the genesis of all that was why I had this hearing today
to allow us to discuss at a more general level what are some of
its systemic problems that we see at TSA, and we are doing this
to benefit Mr. Neffenger's presence so that he can hopefully
address them going forward.
So with that teeing the ball up, Mr. Roth, I would like to
hear from you as to what you think some of the, you know,
global problems are at TSA, and I encourage you to be as frank
as possible.
Mr. Roth. Thank you, Mr. Chairman, and let me preface my
remarks by, this is a look back over a number of different
audit reports that span the course of years. One of the
conclusions or themes that I can draw from this is that there
is a mismatch between the risk and meeting the risk. That sort
of working theory that we have is either TSA doesn't understand
the nature of the risk, or they do understand the nature of the
risk, and then worse from that is that they don't address the
risk in any appropriate way.
Again, I am going to be speaking in the past tense about
this because I do think, or at least I am hopeful, consistent
with my auditor's vow of critical thinking and skepticism, but
I am hopeful that we are in a new era. But I will talk about
three episodes that to me sort-of illustrate one of the big
issues we have in sort-of either not understanding the risk, or
simply dismissing the risk.
The first is, of course, our covert testing. The recent
round of covert testing was not a surprise to us and it was not
a surprise to TSA. We had been doing covert testing over the
years with consistently disappointing results. You know, as we
like to say, the best test of a football team is how they do on
Sunday. To us, a covert testing is the Sunday game. Real-world
conditions, figure out exactly how well the system works, and
it did not work very well.
What we found after the covert testing was even a little
bit more upsetting, which was, TSA does their own covert
testing and those results were very similar to our results. So
none of this came as a surprise to TSA. One of the things that
we discovered after this round of testing and the, I would say,
the very vigorous response that the Department gave with regard
to our briefing on the covert testing, was that no one in DHS
had known sort-of this issue; that the issue had remained
within TSA. TSA had not sort-of elevated the issue. It came as
a surprise to the Secretary, to the Deputy Secretary, to the
leadership within the Department.
When you look at TSA's fiscal 2016 budget, 2016 budget what
it shows is that they are actually going to reduce the number
of screeners. Their proposal was to reduce the number of
screeners by about 1,700 people. Now, this is a budget that was
developed over time and certainly not under this current
administrator's watch, and I understand that it is going to be
reversed, but I think it shows sort of a cultural attitude that
they knew that they had a risk.
Their response to that risk was reducing the number of
screeners. Their justification for it, and I am just reading
from their budget document that was submitted to the Hill, was
that TSA employs a multi-layered, risk-based, intelligence-
driven approach to its security and counterterrorism mission,
and as a result of these, they are focusing efforts on
efficiency and can save money as a result of this. Which is in
direct contradiction to the evidence that they had at the time
as to the efficiency of checkpoint operations.
So they either dismissed the risk, or understood the risk,
but, yet, didn't meet the risk. So that would be the first
episode, and if I could have, there is a couple of others,
which I am happy to continue, or----
Mr. Katko. Yeah, for a few moments, please.
Mr. Roth. Okay. The second one is our audit on PreCheck.
You know, we had real concerns about Managed Inclusion and
PreCheck. As you know, you had a hearing on this. I had a
conversation with the previous administrator about our audit
report where we had deep concerns that people that didn't have
an individualized assessment of risk were getting expedited
screening. His answer was, well, look, it is my job to accept
the risk, and I am accepting this risk, which is fine, except
my family flies. So, you know, I am not sure that is an
adequate answer. That all of these people went through Secure
Flight.
So the idea is, of course, that they have been vetted
against certain intelligence databases to determine whether
they are a risk. I mean the problem with that is any student of
modern terrorism history understands that 17 of the 19 9/11
hijackers were unknown to the intelligence community, and they
wouldn't be on any sort of special list.
Richard Reid, the shoe bomber was not on any special list.
The Christmas day bomber in 2009 was not on any list. The most
significant terrorist attack we had in recent memory, the
Marathon bomber, Tamerlan Tsarnaev, wasn't on any list. In
fact, he was looked at by the FBI and adjudged not to be a
threat and then not on any sort of active list.
So this idea that, oh, well, it is an intelligence-based,
and that is the silver bullet, and that is what is going to
help us here, is just a wrong-headed assessment of risk. As I
said, again, this was not on this administrator's watch, but it
was very deeply upsetting to me during the course of our audits
to see this kind of a reaction.
Mr. Katko. Thank you, Mr. Roth. I will have some questions
for you, Admiral Neffenger, on the second go-around if we are
able to get to that. If not, I will ask you to submit the
questions in writing depending on our schedule here.
The Chair now recognizes the Ranking Minority Member of the
subcommittee, the gentlelady from New York, Miss Rice, for any
questions she may have.
Miss Rice. Thank you, Mr. Chairman. Inspector General Roth,
what I would like to ask you, you mentioned in your statement
the No. 1 thing is that TSA can do to change the culture, which
is what you cite as significantly problematic. So what are your
thoughts on how you change the culture?
Mr. Roth. Okay, it is a difficult problem, because it is a
problem that has grown up over time. One of the ways that you
change the culture is, I think, what the administrator is
currently doing, which is an honest look at what it is that is
going on and sort of honestly confront your problems and put a
plan of action in place.
Historically, it has not been that. It has been both for us
and GAO sort-of a reaction, and a very disturbing reaction, for
example, in our covert testing I think for 2012, we had our
results and TSA pushed back considerably on our methodology,
and on a number of other things. But lo and behold, they had
their own internal testing that was almost the same. So what
kind of an agency is sort of pushing back in public, and yet,
understands that the audit is correct?
As I said, I think this is changing, and there is an honest
assessment of what is going on. My understanding is that the
administrator is going to put forth a realistic strategic plan
that isn't, you know, everything is wonderful and we are doing
fine, and pay no attention to the man behind the curtain, but
rather this is a problem. The risks of catastrophic terrorism
are real, and we absolutely need to get it right.
So it is a long process. There isn't a single magic bullet,
but certainly, good leadership helps and that is what we are
hopeful for.
Miss Rice. So being 1 of 10 kids, I have to be optimistic,
right, and I am choosing to be optimistic about the ability to
change the culture at TSA because it has only been around for a
short period of time, right? I am on the Veterans Affairs'
Committee and I can tell you that that agency does the same
exact thing. Every time there is an IG report that says here is
a problem, here is a problem, they push back and say no, no,
no, there is no problem. Nothing needs to be changed. The
stakes are equally high for both our veterans, right, and
National security, domestic, and international that TSA is
dealing with.
So I am glad to hear you, Mr. Roth, speak so bluntly
because that is what we need. That is what your job is, but I
am also happy to hear that you are optimistic about Admiral
Neffenger, because I am very optimistic about the new
administrator for a whole host of reasons.
So one issue that I do want to address because you
mentioned this, because I do believe, Mr. Roth, that in order
to do an adequate assessment of your risk, right, intelligence
has to be part of that. One of the things that I was so
distressed to hear about, is how the TSA is responsible for
doing the checks on airport employees, and yet, they are given
incredibly poor information to do these background checks,
which affects the ability to really adequately assess the risk
of this employee, which as the Chairman pointed out, when you
have gunrunners and drug runners, some of whom are employed by
the agency, that is problematic.
So my question is to you, Admiral Neffenger, regarding
that--it seemed to me that that was a fix that didn't have to
be a legislative fix. You, as the administrator, could say,
from now on, if you want a background check to be done, which
you have to have done, these are the things--these are the
pieces of information that we need to get, or you don't get the
background check and you can't hire the person.
So just that one area, if you could just address that one
issue?
Admiral Neffenger. Yes, thank you. With respect to that, so
I have got some good news to report. We actually get access to
a whole host of information in databases now that allow us to
do--and actually, we always had access to terrorist screening
database, and databases with known or suspected terrorist
information in it.
Some of which you are referring to are some categories
within what is called the terrorist information datamart
environment. It is just a big database where this was
information that may or may not be sufficient to directly tie
somebody to a known or suspected terrorist, or identify them as
such, or there might be partial information. Those are the
categories that we had, you know, one-by-one, or case-by-case
access to, but not automated access. So we have asked for that
automated access and we are working through the interagency to
achieve that.
We have also dramatically improved our oversight of the
airport vetting environment. So as you know, we still vet the
folks who are applying for secure access badges. But to the
Inspector General's point, we had not been overseeing the
collection of information and the maintenance of the data in
doing regular audits of that. We are doing that now directly as
a result of the Inspector General's findings.
So I think that we are moving forward in a good way on
getting information. I share your concern that we have access
to as much information as we need to have access to in order to
fully vet people who we put into trusted environments, given
what we have already known about what has happened in some of
the airport environments across the country. I think that we
made good progress.
I have met with my counterparts in the intelligence
community, and I have been sitting--I met with the National
security staff and the senior directors for trans-border and
others to make clear my priorities, and so far I have been
getting good results from that.
Miss Rice. Great, thank you both very much.
Mr. Katko. Thank you, Miss Rice. The Chair now recognizes
the Ranking Minority Member of the Homeland Security Committee,
the gentleman from Mississippi, Mr. Thompson.
Mr. Thompson. Thank you very much, Mr. Chairman.
Administrator Neffenger, one of the real challenges I alluded
to in my opening statement went toward the fact that we buy
technology in the form of equipment for vulnerabilities that
they can't detect. How are you going to close that gap between
known vulnerabilities and acquiring equipment and technologies
that won't detect it?
Admiral Neffenger. Well, you know, Mr. Thompson, you really
hit on a key concern, and that is how do you get beyond today's
security systems and look towards the future and evolve fast
enough to meet what we know to be an evolving threat
environment? I think there are a couple of things we need to
do.
First of all, I would like to see more robust competition
in the marketplace. Right now we are tied to a couple of key
vendors. They have done good work and they produced some good
equipment for us, but I would like to see even more
competition. I would like to incentivize more. I think there is
a lot of creativity in the private sector and I think there is
a lot of innovation in the private sector.
I have got some thoughts on ways in which we can
incentivize that competition to include small business
competition because I think that some of the small businesses
out there are doing some of the most innovative work that we
have.
The second piece is to have a clear understanding of what
the threat is so that when we develop the requirements that we
need for the equipment that we are looking for, that those
requirements are expansive and robust; that we don't just look
to buy the next thing on the shelf that looks like it might do
the job, but that you have got to really start--I will back up
a moment because it speaks to some of the points that each of
you have made with respect to focus on mission.
You really have to start with the mission. It is not just
enough to say my mission is secure. You have to say, well, what
does that mean? What are the components of my mission? So you
have to do a true analysis of the mission. I say this
sincerely, I start every day by thinking about the mission and
I work backwards from there and I think, what does it take to
accomplish this mission? What are the requirements we need to--
if you are sitting at a checkpoint, what does that checkpoint
have to actually do? What is the nature of the threats that
might present themselves at the checkpoint? How might you
determine those threats? How might they be presented? In what
manner can they be presented? All of the different variations
of that. That is a very complex process to do that, but you
have to do it, and you have got to dissect that mission down to
the--down to the details.
Then you can begin to put out requirements that I think we
can--we will see much more robust response to that. In the mean
time, I want to make sure that the equipment that we currently
operate is operating to its peak. So we are working to get the
most out of the current equipment as we look to move the next
technology in.
Mr. Thompson. Well, and not for a response, if we keep
buying current equipment that can't identify those known
vulnerabilities, we are not where we need to be, and I think
this robust competition is healthy because when you only have
three major players in the area, you know, that is a lot. So I
look forward to your leadership to incentivize other
competition. I think that is important. We put it in the
legislation, and I hope that authority gets us where we need to
be.
A couple of other things. You talked about the checkpoints.
You know, TSOs are special to a lot of the traveling public.
Most of the time, that is all people see are those men and
women at the checkpoints. I would like to make sure that those
men and women are being encouraged to be the best that they can
be, and not penalized. Now, I heard something yesterday and I
just need a yes or no answer. Are the medical guidelines for
TSOs and all other employees for TSA the same?
Admiral Neffenger. You know, I don't know the answer to
that question exactly, because I am looking at the very medical
guidelines right now. I know that they have over the past year,
before I became confirmed, I know that we had been working on
updating the standards for medical guidelines. Here is what I
believe to be the case. That I think that there are different
categories of medical guidelines depending upon the type of
work that you have to do in the organization.
For example, I believe that there are certain physical
standards you have to be able to meet in order to perform the
duties as a baggage check person that may or may not be the
same standards that you have to hold if you are an employee at
TSA headquarters.
Mr. Thompson. I want you to check that out.
Admiral Neffenger. But I will verify it for you.
Mr. Thompson. Because I am told that, like, people who are
TSOs who might have asthma get discharged by having asthma, or
high blood pressure, diabetes, whatever; but that people in
management somehow don't. Actually, I have the information, but
that is a problem from my vantage point because if you have a
different--just look at that.
Admiral Neffenger. I will do that.
Mr. Thompson. In health. I have got some other questions
that I will submit, Mr. Chairman, for the record to get it. But
I would also like unanimous consent to provide for the record
that there have been 165 TSOs who have been terminated for
disqualifying medical conditions--and cancer. I mean, you know,
how can you terminate somebody because they have cancer? I
mean, that is, you know, what I am saying? So I don't want us
to be a scrooge. I want us to treat people humanely, and I
would like to include that into the record.
Mr. Katko. Without objection, so ordered.
[The information follows:]
List Submitted For the Record by Ranking Member Bennie G. Thompson
tso's removed/terminated for disqualifying medical conditions for
calendar year 2014--the number of tso removals/terminations is 165
Breakdown By Gender:
Female--85
Male--80
Total--165
Breakdown by Disqualifying Medical Guideline
Anxiety Related Dysfunction--15
Arrhythmias--1
Arthritis--2
Asthma--3
Behavior Dyscontrol--1
Bipolar Disorder--2
Body Mass Index--1
Cancer--3
Cardiomyopathy, Myocarditis, Constrictive Pericarditis--2
Cataracts, Corneal Disorder, Eye Disorders--1
Cervical, Thoracic and Lumbosacral Disc Disease Syndrome--23
Chronic Bronchitis, Cystic Lung Disease & COPD--1
Chronic Pain--4
Coronary Artery Disease--1
Delusional/Paranoid Dysfunction--1
Depression Related Disorder--13
Diabetes Mellitus--3
Equilibrium Disorder--3
Gout--1
Hernia--1
Hip, Knee, Ankle and Foot Related Dysfunction--4
Hypertension--1
Inability to Lift and Carry Items Weighing up to 70 Pounds--
19
Inability to Walk, Stand for Periods Greater Than 10
Minutes--1
Inflammatory Bowel Disease--1
Irritable Bowel Syndrome--5
Lumbar Spine Disorder--5
Lumbosacral Surgery--1
Migraines and Other Episodic Headaches--18
Mobility and Dexterity--3
Motor Neuron Disease--1
Osteoarthritis--4
Pain & Neuropathies--1
Parkinson's Disease--1
Peak Experiratory Flor (PEE)--1
PTSD--2
Renal Function--1
Seizure Disorder--6
Sleep Disorder--2
Spinal Abnormalities--1
Transient Neurological Events--1
Traumatic Brain Injury--1
Vertigo--2
Visual Acuity Far And Near--1
Total=165
tsos removed/terminated for disqualifying medical conditions for
calendar year 2013--the number of tso removals/terminations is 185
Breakdown By Gender
Female--106
Male--79
Total--185
Breakdown by Disqualifying Medical Guideline
(1) Migraines and Other Episodic Headaches--27
(2) Anxiety--14
(3) Depression and Related Disorder--10
(4) Cervical Lumbar--1
(5) Diabetes--9
(6) Inflammatory Bowel Disease--3
(7) Anemia--1
(8) Anticoagulation Therapy--1
(9) Psychotic Functioning--1
(10) Cervical Thoracic--12
(11) Gout--3
(12) Urticaria--1
(13) Joint Condition--3
(14) Heart Disease--2
(15) Cancer--2
(16) Ventricular Arrhythmia--2
(17) Inability to Lift and Carry Items Weighing up to 70 Pounds--44
(18) Inability to Squat and Bend--6
(19) Inability to Walk, Stand for Periods Greater Than 10 Minutes--
8
(20) Mobility and Dexterity--9
(21) Vertigo--1
(22) Inguinal, Umbilical or Ventral Hernia--1
(23) Endocrine Disorder--1
(24) Chronic Pain--4
(25) Myotonic Dystrophy--1
(26) Renal Dysfunction--1
(27) Peripheral Neuropathy--1
(28) Spinal Abnormalities--2
(29) Sleep Disorder--2
(30) Meniere's Disease--1
(31) Asthma--1
(32) Seizures--2
(33) Chronic Bronchitis--2
(34) Diplopia and Visual Field Loss--1
(35) Delusional/Paranoid Dysfunction--1
(36) Behavioral Dyscontrol--2
(37) Syncope--1
(38) Thoracic Outlet Synedrome--1
Total--185
Mr. Katko. Thank you, Mr. Thompson. The Chair now will
recognize other Members of the committee for questions they may
wish to ask the witnesses.
In accordance with the committee rules and practice, I plan
to recognize Members who were present at the start of the
hearing by the seniority on the subcommittee. Those coming in
later will be recognized in the order of arrival.
The Chair now recognizes Mr. Keating from Massachusetts for
5 minutes of questioning.
Mr. Keating. Thank you, Mr. Chairman. It was only me,
anyway.
Mr. Katko. Well, you are very important to all of us.
Mr. Keating. Thank you, sir. Thank you for being here Mr.
Roth, Inspector General Roth, and thank you for your work. You
are talking about a culture. Let me just do this again. You
know, it is not just TSA administrator that we are talking
about in terms of the culture. It is higher up, Secretary Ridge
when he was a witness, I brought this up with him, and he
agreed it was a major issue.
Secretary Napolitano, when she was the Secretary several
times said this is a priority. It is an issue. I brought it up
with Secretary Johnson, and last summer I brought it up with
you. You agreed that this was a top priority. That is the issue
of perimeter security around the airports. I have been saying
this for so long and the response has been to cut down the
number of vulnerability studies and to tell this committee that
things are more secure.
In the mean time, teenagers, intoxicated people, are
breaching perimeter security, go right up to the aircraft,
which is, I hate to say this publicly, but which is an amazing
target. They can put a bomb on there the same way that these
teenagers had access and not even risk their own lives the way
people would ordinarily have to do it if they are going to
breach the gate.
So I wanted to follow up, No. 1, with that question to see
what steps have been taken since we last discussed this, and
what you expect to implement.
The second issue, part of the problem with perimeter is the
jurisdictional issue. You have got some airports that are
municipal airports, very small airports, but still networked
into the big commercial flights. You have got authorities, all
kinds of brands and shapes, all types of resources to deal with
it. The continuing problem of what to do with the exit lanes,
which TSA maintains is still a priority, it is still important.
It is still an access point, but you want to shift that
authority to these airports that aren't even doing the job with
perimeter security.
So the two questions I have are: What is the update on
perimeter security in terms of implementing what you said was
high priority? No. 2, how can we resolve the exit lane issue
which I think if it is so important for TSA, it should remain
their responsibility and make sure we have the kind of security
we need there, because that is a vulnerability standpoint as
far as I have seen? If you could, those two questions,
Administrator Neffenger, and thank you again for making
yourself so available.
Admiral Neffenger. Yes, sir, thank you, Mr. Keating.
Perimeter security, as you know, one of the things that was
requested right in the aftermath of the Atlanta issue was a
look by the Aviation Security Advisory Committee at
vulnerabilities across the airport system. I think that
provided a very good series of issues to address as well as
some strong recommendations and we have been working to, first
of all, to think about how to implement those, and then to take
a good solid look at the system.
So it actually is a significant priority of ours to ensure
perimeter security. I share your same concerns with it. So what
have we done? I have ordered a look at all of the airports
across the country.
I want to know from top to bottom, you know, what have we
done with respect to perimeter security, including access
control points, how those access control points are maintained,
and then what do we do to actually ensure the safety and
security of the perimeter itself? What is the nature of the
perimeter, and how consistently is it enforced around? So that
is a fairly large undertaking, and I haven't seen the results
of that request yet.
The other thing I am doing is putting more effort into that
oversight piece. We have legislative authority to do that
oversight whether you are dealing with a local airport
authority, a local municipality, or a large aviation concern.
All of it falls under the purview, and I think that there are--
you can set clear performance standards for how that is done.
So the first is to assess what the current state really is
as opposed to----
Mr. Keating. I don't want to interrupt you, but my time is
going away on me. Do you have a time frame in which that study
could be taking place? I am a few weeks away from asking this
question for 6 years now. Do you have a time frame?
Admiral Neffenger. Well, I understand your frustration so
we are doing that right now. Let me get you an actual time
frame so that I--because I don't want to promise something I
can't deliver on a certain time, but I can commit to you is
that it is happening right now and I have asked the same
question.
I am very concerned about the same issue, I want you to
understand. Because that system is important. Let's say you get
the checkpoint 100 percent right. There are more
vulnerabilities in the aviation system than the checkpoint.
Mr. Keating. The exit lane, briefly if you could.
Admiral Neffenger. I will get back to you on the exit lane
question as well, sir.
Mr. Keating. Thank you. I yield back.
Mr. Katko. Thank you, Mr. Keating. We are getting ready for
votes, but I think what I would like to do, if any of the other
Members have questions, just ask questions and have you respond
to the rest in writing. I have a few that I would like to have
responded to in writing before we wrap up here.
With respect to Mr. Roth, simply, Mr. Roth, if there are
other kind of 30,000-foot observations you would like to make
about TSA that you weren't able to cover today in the short
period that we were here, I encourage you to submit them in
writing to the committee and I encourage you to be as blunt and
open as possible. I think it is important to expose that, and
make sure to copy the administrator on it as well.
With respect to Administrator Neffenger, there are a couple
of things I would like to have you talk about. Ranking Member
Thompson hit it right on the head with the technology issues.
One of the things he said that is very important is he said he
has only seen three major players, if you will, within the
technology providing for the administration, and that sometimes
it seems like there is a sense of comfort with dealing with
just those three.
I think competition is a good thing. I have been to many
technology presentations recently and the updated technology
out there is stunningly advanced. It seems to me that I would
like to hear from you, actually, as to what you are doing to
vet that technology, and how you are encouraging these
newcomers on the scene to give them a fair shake. Not only from
a competition aspect, but taking a real good hard look at
everything from the prescreening aspects with the biometric
data, to the actual physical screening procedures and machines
because we know there are problems with them now, and going
forward, how are you going to address that?
The other component I want to ask you about is the age of
the screening equipment itself. Because from my understanding,
much of this equipment is at or near a 10-year lifespan. That I
would like to know what the plans are going forward to replace
it because many of these are at the end of their lifespan and--
projected lifespan at least, and it doesn't seem like there is
a plan going forward on the horizon.
So I would like to see what the blueprint is going forward
to deal with this new technology. I think Mr. Thompson is 100
percent right that technology is critically important and
hearing from all parties, not just the ones that TSA is
comfortable with. That is very important.
Let me make sure there is nothing else here. Oh, yeah, last
thing is, with respect to the access controls. I would like to
hear what has been done since we have to tighten up access
controls, and I will note to just warn you that with respect to
the Viper team that was celebrated as a risk-based security for
the access controls, but it was completely exploited by the
individuals in the Dallas/Fort Worth case.
As a matter of fact, employees went into areas and if the
Viper team was there, they just simply called out to their
comrades to bring the drugs and contrabands to another exit,
another entry point. That is a major concern. So I don't want
to hear too much about the Viper teams because it is not
getting the job done. It's pretty obvious. They are a good
idea, but they are easily circumvented. So I would like to hear
what your ideas are about that going forward, and what has
actually been done going forward.
I really look forward to getting that bill passed that we
just recently passed out of the House and getting it signed--
passed out of the Senate and signed by the President so that we
can get to work on doing an in-depth study that is really
needed with this.
So with that, I will ask my colleagues if they have any
further questions they want to have submitted for the record.
Anything?
All right, if there is anything further, we will submit
them to you in writing within 10 days.
I thank you very much. It was an abbreviated session, but
we have had a few things going on today as you might imagine,
and it is now time for some votes. So thank you very much.
[Whereupon, at 4:08 p.m., the subcommittee was adjourned.]
A P P E N D I X
----------
Questions From Chairman John Katko for Peter Neffenger
Question 1. The Transportation Security Administration (TSA) has
long been plagued with accusations of mismanagement and waste. Since
taking the helm at the agency, have you had the opportunity to assess
the various programs and activities in TSA's area of responsibility and
identify any areas that are in need of reform, restructuring, or
elimination?
Answer. On an annual basis, the Transportation Security
Administration (TSA) examines all programs and activities to review
current requirements and execution of resources along with program
performance to ensure optimal use of limited resources. This process
identifies realignments, restructurings, and/or elimination of programs
or activities to propose in the annual Congressional budget submission.
Over the past several fiscal years, TSA has identified efficiencies
and savings in the budget. For example, in fiscal year 2014, TSA
identified approximately $100 million in various enterprise-wide and
administrative/professional support contract efficiencies; in fiscal
year 2015 and 2016, TSA's budget submissions reflected over $200
million in savings as a result of implementing risk-based security
initiatives. Realignments have also been made through the formal budget
process to better apportion resources to TSA's organization and
management structure, while enhancing mission effectiveness. In the
fiscal year 2015 budget, TSA permanently consolidated the Federal Air
Marshal Service Appropriation into a single Program, Project, and
Activity (PPA) within TSA's Aviation Security Appropriation and
realigned the Intelligence PPA from Transportation Security Support
Appropriation to the Intelligence and Vetting Appropriation.
TSA recently established a new level of review in the budget
process for the fiscal year 2018-2022 cycle which will include in-
depth, transparent, agency-wide program reviews and prioritization of
requirements. In the current fiscal climate, TSA will ensure that the
available resources are effectively and efficiently aligned and managed
to minimize waste. Additionally, TSA will ensure that programs and
activities support the TSA and Department of Homeland Security's (DHS)
missions, while aligning resources to the TSA Administrator's and DHS
Secretary's priorities.
Programs and activities are also assessed when high-priority
emergent needs arise outside of the development of an annual budget.
For example, TSA initiated a programmatic review of security procedures
addressing issues raised by the DHS Office of Inspector General (OIG)
covert testing results issued in May 2015. The report revealed the need
for improvements in the screening process, to be addressed in the near
and long terms. Based on the review, resource realignments have been
proposed to improve security performance and monitoring. TSA is
committed to optimizing resources, and remaining a high-performing,
risk-based intelligence-driven agency.
Question 2. How do you plan to measure and evaluate TSA's success
in achieving programmatic goals and outcomes?
Answer. The Transportation Security Administration (TSA) will
report strategic and management measures externally through the Future
Years Homeland Security Program system. These select measures align to
the Department of Homeland Security Mission 1.1 Goal: Prevent Terrorism
and Enhance Security. TSA will also use other metrics to measure the
effectiveness and efficiency of individual security programs, such as
the use of scorecards to assess performance management in the Measures
of Effectiveness (MOE) report. This report identifies security
programs, procedures, and technology deemed strategically important by
TSA leadership, and measures performance at the airport, regional, and
National levels. The MOE replaces the previous Management Objectives
Report and reflects the increased emphasis on security effectiveness
and a decreased emphasis on throughput. The specific performance
metrics used in the MOE reporting are organized into the following four
broad categories:
Workforce Readiness.--Measures emphasize the continued
development of an adaptive and flexible counterterrorism
workforce that is highly-trained, competent, and ready to meet
the threat.
System Readiness.--Measures improve mission effectiveness by
measuring the implementation and continuation of risk-based,
intelligence-driven security initiatives aimed at deterring and
disrupting adversary activity.
Workforce Performance.--Measures reflect the ability of
TSA's human assets to detect threats to aviation security
presented through the screening checkpoint and checked baggage.
System Performance.--Measures reflect the operational and
management conditions that optimize TSA's ability to detect
threats to aviation security.
Individual programs will also have management-level reports which
measure all facets of those programs, procedures, and/or technologies.
Question 3. Do you believe that TSA is adequately adapting its
tactics and resources to mitigate the evolving threats to
transportation? Similarly, do you believe TSA's foreign partners are
keeping up with threats emanating from overseas? How has TSA improved
its overseas footprint and coordination with other governments?
Answer. The Transportation Security Administration (TSA) identifies
key risk information related to global aviation, conducts systematic
analysis to determine key risk drivers, and develops effective and
efficient strategies that mitigate the in-bound aviation risk to the
United States. TSA assesses the security posture at international
airports that serve U.S. aircraft operators and from which foreign air
carriers serve the United States. TSA has made great strides in
strengthening its international network by developing and instituting
an innovative risk management methodology that drives the allocation of
resources and operations to target the most important vulnerabilities.
TSA identifies these vulnerabilities and determines how frequently an
airport should be assessed based on existing data collection and
analysis. In fiscal year 2015, TSA conducted 146 foreign airport
assessments and 289 air carrier inspections.
TSA relies on a wide range of activities, resources, and personnel
to effect change in the vulnerability posture at a foreign airport. TSA
determines a way forward, choosing from a number of direct or indirect
mitigation actions. When a specific threat is identified or significant
vulnerabilities warrant additional mitigation actions, TSA may issue
Security Directives and Emergency Amendments to be implemented by air
carriers at selected locations. Following issuance of these Security
Directives or Emergency Amendments, TSA relies on a number of methods,
such as ad hoc visits or inspections, to verify compliance with the
additional measures. Follow-up assessments and inspections reveal
whether any reduction in vulnerability occurred. The results of these
visits enable TSA to determine if the mitigation actions were
successful.
TSA also aligns its strategic engagements with international
partners using this risk-based approach. Through its TSA
Representatives and International Industry Representatives, as well as
through TSA Senior Leadership engagement, TSA is able to influence and
inform key decision makers in both foreign governments and industry on
on-going threat streams and associated vulnerabilities in the aviation
security system, and encourage a subsequent mitigation strategy to
address these vulnerabilities. TSA, through its internationally-
deployed workforce, builds and maintains relationships with foreign
government officials, foreign and domestic air carriers, civil aviation
authorities, airport authorities, international aviation organizations,
and other U.S. Government stakeholders to enhance global aviation
security. In addition, TSA plays an active role in the International
Civil Aviation Organization, and engages with a number of regional
international aviation security working groups, such as the
Quadrilateral Working Group, where TSA coordinates with other Member
States on a range of pressing aviation security issues, and mitigation
measures.
TSA continues to examine its international footprint to ensure that
it has the appropriate resources forward-deployed to mitigate the
inbound threat. Since 2013, TSA has opened two new offices in Africa--
Senegal and Morocco--bringing the total to four offices on that
continent.
Question 4. Subsequent to the OIG's report release, Secretary
Johnson announced that a ``Tiger Team'' of DHS and TSA officials would
monitor the implementation of measures put in place to improve security
at airport checkpoints. The committee requests that a copy of the
``Tiger Team'' report is transmitted to Congress upon completion. By
what date do you expect this report to be completed?
Answer. We expect the report to be complete and available to the
committee not later than November 25, 2015.
Question 5. Technology plays an important role in mitigating
evolving threats to transportation security. Traditionally, TSA has
engaged the same vendors in the procurement process which has hampered
competition and innovation. What is being done by TSA to engage with
new vendors and encourage increased competition in the procurement
process?
Answer. Almost all of the Transportation Security Administration's
(TSA) contracts are awarded competitively through open-source
procurements. However, there are only a limited number of vendors with
capabilities sufficient enough to satisfy TSA's very specific mission-
related requirements. TSA actively participates--both in a leading and
supporting role--in recurring industry engagement events to promote
transparency, and provide input on topics such as key operational
issues, process improvement, and procurement forecasting. TSA
encourages robust competition as it ultimately reduces risk to the
Government and increases vendor performance.
In addition, TSA frequently works with small businesses interested
in accessing the market and was pleased to make a significant award to
a small business. In March 2015, TSA awarded a contract for 1,170
Explosives Trace Detection (ETD) units to a new Small Business entrant,
a prime example of a small business introducing new ETD technology into
aviation security and achieving approval through the TSA Qualified
Products List process.
In addition, TSA employs market research by submitting requests for
information, publishing broad agency announcements, and hosting
industry days that help facilitate engagement with a variety of
industry stakeholders, including those that are not currently TSA
vendors.
Most recently, TSA issued the Transportation Security Innovative
Concepts Broad Agency Announcement through FedBizOpps.gov, seeking to
accelerate the design, realization, and delivery of new capabilities by
focusing on advancing state-of-the-art technology and increasing
knowledge or understanding related to transportation security.
Question 6. Last week, the committee released its report from the
Task Force on Combating Terrorist and Foreign Fighter Travel. As I am
sure you are aware, a record number of individuals are traveling to
active conflict zones, and a number of these individuals return to the
United States undetected. This poses a serious threat to our Nation's
security.
What steps is TSA taking to address this issue? Are you actively
collaborating with other relevant departments and agencies to develop
strategies to combat terrorist and foreign fighter travel? How is TSA
collaborating with partners abroad to identify and prevent bad actors
from boarding planes bound to the United States?
Answer. The Transportation Security Administration (TSA) has a
number of programs in place to identify passengers who have booked
travel from abroad to the United States, and who may pose a security
risk. These programs rely upon near-real-time information sharing with
our stakeholders, industry partners, and the intelligence community.
TSA's Secure Flight program conducts passenger watch list matching for
more than 270 U.S. and foreign air carriers with flights into, out of,
within, and over the United States, as well as covered U.S. flights
between two international points, to identify individuals who may pose
a threat to aviation or National security, and designate them for
enhanced screening or prohibition from boarding an aircraft, as
appropriate. TSA also provides risk-based, intelligence-driven,
scenario rules to Customs and Border Protection (CBP) for use in the
Automated Targeting System--Passenger to identify international
travelers requiring enhanced screening based upon our knowledge of
patterns identified as needing additional scrutiny.
In 2015, TSA identified a number of known or suspected terrorists
who attempted to travel on commercial aircraft, and who represented the
highest threat to transportation, some of whom were identified as
potential foreign fighters. For these cases, TSA took action to address
the threat, which included, as appropriate, denial of boarding to
prevent overseas travel to participate in foreign fighting or to
conduct other nefarious activities.
TSA also assigns intelligence officers to key components with
responsibilities for analytical partnerships and watchlisting duties.
TSA intelligence personnel are embedded at 8 different agencies and
centers; these include the Department of Homeland Security Office of
Intelligence and Analysis, the CBP National Targeting Center, the
Terrorist Screening Center, the National Counterterrorism Center, the
Central Intelligence Agency, and the National Security Agency. In these
positions, TSA intelligence analysts work closely across organizational
lines to optimize information-sharing efforts, and facilitate a
coordinated U.S. Government response to known and suspected terrorist
travel. Improved monitoring and vetting processes of travelers with
robust data analytics provide a clearer understanding of travelers'
movements, and permit the sharing of a superior common operating
picture between agencies to mitigate potential threats.
TSA personnel are also assigned to law enforcement-related agencies
and task forces to facilitate information sharing. These assignments
include the Syria-Iraq Task Force, and the Federal Bureau of
Investigation-led National Joint Terrorism Task Force. These officers
collaborate daily with the Federal Bureau of Investigation, CBP, and
other organizations to disseminate intelligence relating to foreign
fighters.
Additionally, TSA Field Intelligence Officers assigned to our
Nation's airports work closely with CBP, and the local Joint Terrorism
Task Forces locally develop a coordinated approach to engagement with
local stakeholders and coordinate intelligence messaging and threat
awareness to the field, developing and maintaining a common aviation
threat picture for Federal, State, and local task force officers
assigned to U.S. airports, as well as TSA field components specific to
foreign fighter Tactics, Techniques, and Procedures.
Question 7. The President recently signed into law H.R. 719, which
I introduced earlier this year; this bill requires the TSA to conduct a
reclassification of employees within the Office of Inspection to ensure
that those employees classified as criminal investigators spend at
least 50% of their time conducting criminal investigations. Those
investigators spending less than 50% of their time on criminal
investigations will be reclassified and receive pay that is
commensurate with their actual job responsibilities. The OIG estimated
that this will result in savings of approximately $17.5 million in
taxpayer dollars over 5 years. We exchanged letters on this matter this
summer in which you stated that TSA and OIG are working closely
together to ensure all employees are properly classified.
Can you give the committee an estimate of how long it will take to
evaluate and implement this reclassification?
Answer. The Transportation Security Administration (TSA) is
committed to conducting an independent full position classification
review and workforce analysis to determine the appropriate
classification of each position currently classified as a criminal
investigator in the Office of Inspection. TSA will reclassify any
criminal investigator position that does not meet the minimum legally-
required 50 percent criminal investigation workload.
TSA and the Office of Personnel Management (OPM)--the recognized
expert in the field of position classification and workforce analysis--
have agreed to a statement of work for the classification review and
workforce analysis as requested by the Office of the Inspector General
(OIG). TSA currently awaits OIG final approval of the OPM methodology
outlined in the statement of work to initiate the independent OPM
review and analysis of the TSA Office of Inspection criminal
investigations workforce.
Question 8a. Two weeks ago, the President signed into law H.R. 720,
the Gerardo Hernandez Airport Security Act of 2015, which requires the
TSA to increase communication and coordination with all pertinent
agencies that would respond to an airport during a crisis situation,
which was the result of a tragic event. The committee has voiced
concern over the amount of training TSOs receive, as it pertains to
operating technology being used at checkpoints, but I want to make sure
the TSA is adequately training the TSOs to defend themselves as well.
This is an officer safety issue and we simply must give the people on
the front lines the tools to succeed and survive.
How much training do TSOs receive in defensive tactics?
Question 8b. How are the TSOs taught to deal with physically
combative people at the checkpoints, who may or may not have a weapon?
Answer. While the Transportation Security Administration (TSA)
currently does not offer defensive tactics training to the Officer
workforce, it has taken significant steps to address employee safety
concerns. Immediately following the tragic November 1, 2013, incident
at Los Angeles International Airport (LAX), TSA required all its
employees to complete training on how to recognize and respond to an
active-threat incident in the workplace, be it an office or airport
environment. TSA developed a series of interactive training courses
with the support and participation of local airport officials, law
enforcement officers, and TSA personnel to help Officers:
recognize how to respond when an active shooter is in their
vicinity;
identify how to interact with Law Enforcement Officers who
are responding to an incident; and
execute the widely-accepted active-shooter response
reactions of Run-Hide-Fight.
Most recently, TSA created a new training course entitled ``Active
Shooter Incident Response Training.'' Filmed entirely at the
Indianapolis (IND) airport, the interactive training video reinforces
the widely-accepted active-shooter response reactions of Run-Hide-
Fight. TSA released the training video in January 2015, with a required
completion date of March 31, 2015. TSA mandates Active-Shooter training
as an annual training requirement for its employees, and the entire TSA
screening workforce has completed the training.
In addition to the active-shooter video, Operational Directive (OD)
400-19-2, Emergency Evacuation Drills, addresses the requirement for
employees to be familiar with the two types of emergency evacuation
drills: Controlled and uncontrolled. The evacuation drills are
scenario-based and include active shooter as an uncontrolled drill. The
minimum requirement is two drills per year. The reporting requirement
is to document airport completion of emergency evacuation drills in the
Performance Measurement Information System (PMIS) and individual
employee completion in the Online Learning Center (OLC).
Question 9. Airport employee access controls continue to be a
concerning security vulnerability. I introduced H.R. 3102, the Airport
Access Control Security Improvement Act of 2015 earlier this year, and
it passed the House earlier this week.
Can you please provide an update to the committee on what changes
to employee access controls TSA has implemented this year? What
additional changes do you have planned?
Answer. The Transportation Security Administration (TSA) performed
a comprehensive review of Aviation Security Advisory Committee (ASAC)
proposed recommendations regarding access controls. As a result, TSA
issued Information Circular (IC) 15-01 on April 29, 2015. This IC made
recommendations to airports to reduce the number of access points to
the operational minimum, to increase the number of continuous random
inspections for individuals entering the sterile/secured area other
than through the checkpoint, and to promote a culture of situational
awareness by leveraging the Department of Homeland Security's ``If You
See Something, Say Something'' campaign, or a similar program.
On August 26, 2015, TSA issued IC 15-01A to provide further details
regarding recommended inspections and measures previously identified in
IC 15-01, and those measures that are mandated by TSA in the Security
Directive (SD) 1542-06-01 series. This version supplied additional
specific recommendations regarding the inspection of individuals, such
as inspecting for a minimum number of hours per week, restricting other
access points when inspections are being conducted, as well as
recommendation of the methodology of the actual search.
Finally, TSA is developing a capability for continuous monitoring
of airport employees' criminal history records. Once implemented, TSA
will be notified of any change in an employee's status so that
appropriate action can be taken. At this time, TSA is piloting this
process at a limited number of airports, and intends to expand it
system-wide, once completed. TSA already performs recurrent vetting
against the Terrorist Screening Database.
TSA continues to work with the airports through the Federal
Security Directors to ensure access points are kept to an operational
minimum, and that random and unpredictable inspection of individuals
and property entering the sterile/secured areas is conducted.
Question 10. The OIG recently issued a report that uncovered 73
aviation workers that had links to terrorism which were not detected in
the initial screening process. Furthermore, the report found that
different airports employed different screening techniques and there
lacked consistency across the board. What is the current status of
TSA's efforts to improve and streamline the employee screening process?
What additional measures do you feel are necessary in order to
improve the daily screening of employees at our Nation's airports?
Answer. The Transportation Security Administration (TSA) is
committed to further strengthening our ability to identify insider
threats at our Nation's airports, as well as to streamline the
employee-vetting process. As indicated in the Office of the Inspector
General report, 69 individuals (represented by 73 records) had records
in certain Governmental databases to which TSA did not have automated
access when they were first vetted. These individuals have never been
on the terrorist watch list. TSA recognizes the value of having as much
relevant data as possible to make informed decisions in its vetting,
and is pursuing access to additional types of intelligence records to
maximize its vetting capabilities. TSA now requires airports to conduct
a criminal history records check (CHRC) every 2 years, and will
continue to do so until an alternative recurrent CHRC process is
developed. TSA is working collaboratively with the Federal Bureau of
Investigation (FBI) to develop and establish next generation
identification databases, which would automatically update an
employee's criminal history as incidents occur. TSA and FBI are moving
to pilot the initiative with two airports and one airline. This
initiative aligns with the Department of Homeland Security's Office of
Inspector General and Aviation Security Advisory Committee (ASAC)
recommendations for improving Aviation Workers security.
TSA has been working to implement many ASAC recommendations for
improving the employee screening process at our Nation's airports.
These measures include:
Working to implement the FBI/Next Generation Identification
RAP Back Service, which would automatically update an
employee's criminal history as events occur in order to augment
the current 2-year background check process;
Training enhancements on verification of identification
documents, recognition of identity fraud, and behavioral
analysis for use by Government and industry partners at the
airports;
Increasing intelligence-sharing opportunities with industry
partners at the airports; and
Examining the ASAC recommendation to develop enhanced
employee access security model based on elements such as
intelligence, game theory, and risk-based security principals
that would cause employees to have a reasonable expectation of
being inspected.
Question 11. Secretary Johnson stated that random screening of
airport employees was increased after authorities uncovered that
aviation workers in Atlanta and New York City were smuggling weapons
and ammunitions. By how much was screening increased? Do you believe
that this has been an effective deterrent?
Answer. In the aftermath of the Atlanta and New York City
incidents, in January 2015, the Transportation Security Administration
(TSA) increased the amount of random screening of employees through its
Playbook Program. With Playbook, TSA personnel conduct screening on an
unpredictable basis at locations throughout the airport. These
activities, which include but are not limited to, identity
verification, physical screening of accessible property, and explosives
detection, are coordinated at the local airport level and conducted by
Transportation Security Officers. Playbook operations provide a level
of risk-based and unpredictable screening for Security Identification
Display Area badge-holding personnel and others who are entering the
airport at locations other than the screening checkpoint.
From January 1-September 30, 2015, TSA screened over 11 million
employees using Playbook operations. This is a 340 percent increase
compared to the 2.5 million employees screened using Playbook in the
prior year.
Playbook is not the only deterrence method used to address the
insider threat. TSA has worked with airports to reduce the number of
access points at airports regulated by TSA to an operational minimum.
TSA has also recommended and worked with airports to limit access
privileges for aviation workers.
TSA believes that providing a visible presence, and additional
random screening at employee access points, coupled with our other
layers of security, creates an effective deterrent. TSA will continue
to focus on mitigating the insider threat.
Question 12. In a recent response to a letter sent by the
committee, TSA indicated that it was aware of allegations of sexual
misconduct by Air Marshals in mid-June. Why was the committee not
informed of this issue earlier, particularly in light of the oversight
hearing that was held on the FAMS on July 16?
Answer. The Transportation Security Administration (TSA) is
committed to working with committee staff to ensure they are kept aware
of relevant investigations; however, details will not be available
until investigations are complete and the circumstances surrounding the
allegation(s) are known. TSA will continue to keep the committee staff
up-to-date and informed.
Questions From Ranking Member Bennie G. Thompson for Peter Neffenger
Question 1. Has TSA moved forward with the implementation of
changes to the dispute resolution process and the NRC without adopting
any of the union's recommendations?
Answer. No, the Transportation Security Administration (TSA) has
not moved forward with the implementation of changes to the dispute
resolution process and the National Resolution Center (NRC) without
adopting any of the Union's recommendations. The NRC, the TSA office
that administers and implements the resolution process, has not made
any changes to the existing resolution process. The NRC provided the
American Federation of Government Employees (AFGE) a copy of the draft
dispute resolution process policy for AFGE's input. AFGE provided its
input and the NRC continues to consider this input and revise the draft
policy. Once the NRC completes additional revisions to the draft
dispute resolution process policy, another draft copy will be provided
to AFGE for input before the revised policy is issued. AFGE was
informed of this via email on September 29, 2015.
Question 2. The 2012 Determination requires that the union's
suggestions be adopted ``to the extent possible.'' Is it TSA's position
that the union's suggestions were impossible to adopt?
Answer. As an initial matter, the 2011 Decision issued by former
Administrator Pistole is no longer in effect. It was replaced by the
2014 Determination issued by former Administrator Pistole on December
29, 2014. In regard to the Unitary Dispute Resolution System (UDRS),
the 2014 Determination does not require that TSA take the Union's
suggestions to the extent possible. Instead, the 2014 Determination
stipulates that the Union is encouraged to provide input, including any
suggestions, comments, and/or concerns to the National Resolution
Center (NRC) regarding the policy governing the UDRS as applied to
covered employees. The NRC gave the Union an opportunity to provide its
input on changes to the Transportation Security Administration (TSA)
policy governing the UDRS and is considering its input. The NRC will
give the Union another opportunity to provide further input before the
policy is issued. If the NRC does not incorporate the Union's input
into the TSA policy, the NRC will provide a written response to the
Union explaining the basis for its decision.
Question 3. TSA and the union are in mediated talks for a new
contract, and the union has initiated a request for informal interest-
based discussions with TSA. Given the union's strenuous objections to
TSA's unilateral changes to the NRC and the dispute resolution process,
will TSA agree to limit the role of the NRC in accordance with the
Memorandum of Agreement signed by TSA and AFGE throughout the duration
of those discussions?
Answer. The current collective bargaining is for a new collective
bargaining agreement on the negotiable issues listed in former
Administrator Pistole's December 29, 2014, Determination on
Transportation Security Officers and Collective Bargaining (2014
Determination). The NRC is the Transportation Security Administration's
(TSA) office that administers and implements the dispute resolution
processes for all TSA employees, not just bargaining unit employees.
Only one aspect of the dispute resolution process is reflected in a
Memorandum of Agreement (MOA) signed by TSA and AFGE in 2012. The MOA
addresses third-party review of certain disciplinary actions and other
covered disputes for bargaining unit employees. The MOA was not a part
of collective bargaining in 2012 and is not a part of any collective
bargaining agreement. Significantly, the MOA also does not govern or
limit the NRC.
Question 4. Do the Medical Guidelines apply to TSA managers?
Answer. The Medical and Psychological Guidelines for Transportation
Security Administration Transportation Security Officer Job Series (TSO
Medical Guidelines) apply to the Supervisory Transportation Security
Officers (STSOs). Management officials, other than STSOs, who manage
security screeners do not fall under the TSO Medical Guidelines as
physical/medical requirements have not been established for these
positions.
Question 5. Once the exam confirms a TSO has a certain diagnosis of
migraines, Type 1 or 2 diabetes or heart disease, for instance, is TSA
required to establish that the medical condition impairs the ability of
the TSO to perform their duties?
Is it assumed that a diagnosis or confirmation of a medical
condition is in itself proof that the TSO is not fit for duty?
Answer. The Transportation Security Officer (TSO) has to meet the
medical and psychological requirements of the position. Generally, it
is not assumed that a diagnosis is in itself proof that the TSO is not
fit for duty. The Transportation Security Administration's physician
will obtain information on the TSO's medical conditions, medications,
and job limitations, and will compare that information with the TSO
Medical Guidelines, and may seek other sources of medical information
to determine fitness for duty.
Question 6. TSOs report that TSA uses a document entitled ``Medical
Guidelines for Transportation Security Screeners'' to determine whether
a TSO is fit for duty. Has TSA provided the most current version of
this document to the American Federation of Government Employees, the
union elected as exclusive representative of the TSO workforce?
If not, will you provide the most current version of the Medical
Guidelines to the union immediately?
Answer. The current Medical and Psychological Guidelines for
Transportation Security Administration (TSA) Transportation Security
Officer (TSO) Job Series (TSO Medical Guidelines) have not been
provided in their entirety to the American Federation of Government
Employees (AFGE), due to the sensitive content contained therein. The
TSO Medical Guidelines are intended for use by medical practitioners.
Consistent with the 2011 Determination on Transportation Security
Officers and Collective Bargaining (2011 Determination) and subsequent
2014 Determination, AFGE did not have the right to the current TSO
Medical Guidelines as they do not relate to the issues for collective
bargaining. Union representatives who represent individual bargaining
unit employees in cases involving the TSO Medical Guidelines have
received, and continue to receive, copies of the relevant section(s) of
the TSO Medical Guidelines. TSA is in the process of revising the
medical guidelines.
Questions From Honorable William R. Keating for Peter Neffenger
Question 1a. Administrator Neffenger: Thank you for your testimony
and thoughtful responses at the Transportation Security Subcommittee
hearing on October 8, 2015. During our discussion, you said you are
conducting a ``top-to-bottom'' review of all airports, including access
control points and what, exactly, constitutes an airport's perimeter.
What, specifically, has this review entailed and when will it be
completed?
Question 1b. Once completed, will you provide its findings to
interested Members?
Answer. The Transportation Security Administration (TSA) has worked
with Federalized airports to closely review all aspects of physical
security, including access control points and perimeter security. In
doing so, the total number of access points has been reduced by almost
10 percent Nation-wide, while airport security personnel and TSA have
increased random screening of airport employees at those access points.
The perimeter security of an airport involves perimeter access and
transition areas at the airport, and includes protection of the fence
line, active and inactive vehicle & pedestrian gates, maintenance &
construction gates, vehicle roadways, and general aviation areas.
Access control security generally refers to security features that
control who can access certain restricted areas or systems at the
airport. At an airport, restricted areas may include the baggage claim
area, baggage makeup area, sterile area, secured area, air operations
area, catering facilities, cargo facilities, fuel farms, and other
public spaces and areas. In the context of access control security at
the airport perimeter (for example, direct entry into the secured area
through a vehicle access gate), this definition does not include access
at a passenger checkpoint.
TSA is working with the Aviation Security Advisory Committee (ASAC)
on a comprehensive review of airport perimeter security. ASAC has
provided a list of recommendations to improve perimeter security. These
recommendations are under review.
TSA will be pleased to share its findings with the committee and
interested Members.
Question 2. Second, you are aware of my long-standing concern for
transitioning the responsibility of staffing airport exit lanes from
TSA to airport operators. I have spoken with numerous operators,
include the Massachusetts Port Authority (Massport), which owns and
operates three airports in Massachusetts, including Boston Logan
International Airport, in addition to the Port of Boston. They remain
troubled that TSA interpreted the staffing of exit lanes as an issue of
access control rather than screening function, and that the expectation
for airport operators to staff these exit ways will continue. This is a
matter of both safety and resources.
What is TSA's current policy for staffing exit lanes? Will TSA
continue to staff airport exit lanes into the future? If not, how will
TSA work with airports to mitigate costs?
Answer. Currently, approximately two-thirds of the airport
operators control access at exit lanes by using airport technology or
personnel. The remaining exit lanes are staffed by the Transportation
Security Administration (TSA). Under � 603 of the Bipartisan Budget Act
of 2013 (Budget Act), Pub. L. No. 113-67, Div. A, � 603, 127 Stat. 1188
(2013), TSA is responsible for monitoring passenger exit lanes from the
sterile area of airports at which TSA provided such monitoring as of
December 1, 2013. TSA interprets � 603 of the Budget Act to mean that
TSA must staff a sterile area exit lane only if the exit lane was in
existence on December 1, 2013, at one of the 155 airports at which TSA
was providing monitoring services on that date. Therefore, if an
airport is remodeling an exit lane and the location of this exit
remains essentially the same, TSA will continue to staff this lane. If
the remodeling significantly changes the location of the exit lane, to
where it is no longer co-located with the screening checkpoint, and/or
requires additional staffing and resources, TSA is no longer obligated
to monitor this exit lane.
TSA provides an evaluation tool, which allows the airport operator
to input exit lane configurations and parameters, and receive
recommendations for technological solutions. Consideration of
technology options to exit lane staffing should also include evaluation
of related advantages, disadvantages, and trade-offs in breach response
requirements.
Questions From Chairman John Katko for John Roth
Question 1. Inspector General Roth, your office has conducted
numerous investigations highlighting various challenges that the
Transportation Security Administration (TSA) faces. What systemic
problems have you identified?
Answer. In the past year, I have testified before your committee
and others on my concerns about TSA's enormous and complex challenges.
These challenges are systemic; they impact virtually every area of TSA
operations. Our audits and reviews have shown that TSA's challenges
include:
assessing risk appropriately;
contracting for goods and services;
deploying and maintaining equipment;
hiring and training an effective workforce;
performing basic management functions to meet its mission;
and
operating in a culture resistant to oversight and unwilling
to accept the need for change in the face of an evolving and
serious threat.
Question 2. From your perspective what steps do you feel
Administrator Neffenger should take to reform and improve TSA?
Answer. Addressing the aforementioned challenges will require time,
resources, and committed, courageous leadership at every level of
management and throughout the organization, from the TSA Administrator
to Transportation Security Officers (TSO) who screen passengers and
baggage. Examples of steps TSA should take to reform and improve its
performance include:
Ensure proper staffing, training, and supervision of TSOs to
mitigate the effects of human error-related vulnerabilities in
passenger and baggage screening.
Ensure everyone in the chain-of-command understands and is
committed to addressing passenger and baggage screening
vulnerabilities identified in our reports.
Encourage all TSA personnel to identify and report security
deficiencies and vulnerabilities and participate in developing
and implementing solutions.
Improve the transparency and accountability of efforts
undertaken or planned to address the technological, personnel,
and procedural deficiencies and vulnerabilities identified by
OIG, the Government Accountability Office (GAO), and internal
offices, such as TSA's Office of Inspections.
Implement timely, efficient, and effective strategies to
ensure all screening equipment is well-maintained and fully
operational.
OIG will continue its oversight of TSA. For example, we plan to:
determine whether the Federal Air Marshal Service (FAMS)
adequately manages its resources to detect, deter, and defeat
threats to the civil aviation system (Federal Air Marshal
Service Oversight of Civil Aviation Security); and
determine the effectiveness of TSA's carry-on baggage
screening technologies and checkpoint screener performance in
identifying and resolving potential threats at airport security
checkpoints (TSA Carry-On Baggage Penetration Testing).
Our on-going audits and reviews of TSA include:
Office of Human Capital Contracts.--Determine whether TSA's
human capital contracts are managed effectively, comply with
DHS's acquisition guidelines, and are achieving expected goals.
Security Vetting of Passenger Rail Reservation Systems.--
Determine the extent to which TSA has policies, processes, and
oversight measures to improve security at the National Railroad
Passenger Corporation (AMTRAK).
Controls Over Access Media Badges.--Identify and test
selected controls over access media badges issued by airport
operators.
Question 3. Looking at your office's extensive body of work as it
relates to TSA's technology challenges, stepping back, how can TSA
improve its technology procurement and development processes in order
to prevent itself from investing in technology that does not adequately
meet the current threat environment?
Answer. Our office has also audited and reported on TSA's
acquisition programs. Although TSA has spent billions on aviation
security technology, our testing of certain systems revealed no
resulting improvement. Given the number, type, complexity, and cost of
these passenger screening technologies, TSA must exercise due diligence
in developing, procuring, and deploying these valuable and costly
assets. These systems include:
Explosives Detection System (EDS) machines
Explosives Trace Detection machines
Advanced Imaging Technology (AIT) machines
Bottled Liquid Scanners
X-ray machines
Walkthrough metal detectors.
OIG has conducted a number of audits that identified issues with
TSA's procurement, deployment, and maintenance of its passenger
screening technologies. These audits raise serious questions regarding
TSA's management of its passenger screening technologies. For example,
in fiscal year 2013, we reviewed TSA's deployment of AIT machines
upgraded with automatic target recognition (ATR) software, an upgrade
that addressed privacy concerns raised by travelers and Members of
Congress. These concerns led to the passage of the FAA Modernization
and Reform Act of 2012, which mandated that all AIT screening equipment
at airports include the ATR upgrade no later than June 1, 2013.
We determined that TSA failed to develop a strategic acquisition
and deployment plan for the AIT machines with the required AIT software
that aligned with the overall needs and goals of its passenger
screening program. As a result, TSA did not deploy many of the newly
purchased or upgraded AIT machines and fully utilize them for screening
passengers. This led to continued use of less capable walk-through
metal detectors. We made two recommendations to improve future
deployment and use of AIT machines.
Question 4. A report issued by your office in May found that TSA's
airport screening equipment is not being properly maintained. Lack of
maintenance not only puts into question the effectiveness of the
equipment, but can reduce the life span of technologies, requiring
their replacement at the expense of significant taxpayer dollars. What
has the TSA done to date, to implement the recommendations of this
report?
Answer. In May 2015, we reported that because TSA did not ensure
routine preventive and corrective maintenance was performed according
to contractual requirements, it could not be certain screening
equipment was repaired and ready for operational use. We made three
recommendations to improve TSA's oversight of its maintenance program.
We recommended that TSA assess penalties when contractors do not
perform preventive or corrective maintenance according to contractual
requirements and manufacturers' specifications. We believe TSA's
actions are sufficient to close this recommendation. Specifically, TSA
recently signed contracts with Morpho Detection and L-3 Communications
for preventive and corrective maintenance on EDS equipment. Both
contracts include specific financial penalties for maintenance not
completed according to contractual requirements. For preventive
maintenance, TSA will assess a penalty of 50 percent of the monthly
invoice amount for the particular machine. The contracts also include
penalty clauses for corrective maintenance actions when they affect
operational availability at the equipment and airport level.
TSA has taken steps to implement the other two recommendations, but
we do not believe their actions are sufficient to close them.
Basically, we recommended that TSA airport personnel validate data on
both types of maintenance to ensure that preventive maintenance is
completed according to contract requirements and manufacturers'
specifications and to ensure its screening equipment is repaired and
ready for operational use.
TSA has implemented additional reporting requirements for
maintenance contractors that should provide airports with better
awareness of maintenance actions on their screening equipment. For
example, contractors are now required to give monthly preventive
maintenance schedules to airport coordination centers. However, TSA has
not yet developed and implemented policies and procedures to verify and
document the contractors' completion of all required preventive and
corrective maintenance actions. According to TSA, an independent
contractor compares the preventive maintenance data with contractual
requirements, but this is not the same as validating that the work has
actually been performed, which is the intent of our recommendation.
Further, although contractors are required to provide certain reports
on corrective maintenance, TSA does not have policies or procedures to
verify the information in these reports or test the data for accuracy.
Question 5. In response to the highly disappointing results of the
OIG's covert testing of airport screening procedures, Secretary Johnson
mandated that all airport screeners and managers undergo an 8-hour
training course. Do you believe that this training is sufficient to
address the security gap found in the covert testing? What else, if
anything, should be done to ensure that the workforce has the skills
they need to effectively perform their duties?
Answer. On September 22, 2015, my office provided TSA with our
Classified final report, Covert Testing of TSA's Passenger Screening
Technologies and Processes at Airport Security Checkpoints, OIG-15-150.
TSA has 90 days following receipt of the final report to update us on
the status of its implementation of our recommendation. We cannot
comment on TSA's training because we have not yet received a formal,
detailed update. The detailed information on TSA's training will most
likely contain Classified or Sensitive Security Information and we will
not be able to discuss or comment on the content of the TSA training in
the public record. However, once we receive the formal update, we would
be happy to arrange a meeting with you or your staff to discuss the
specific details in a Classified setting.
With respect to other actions TSA can take to ensure its workforce
has the skills needed to effectively screen passengers at airport
checkpoints, TSA and OIG must continue to conduct covert testing of
technology, human performance, and screening procedures used at
checkpoints. These covert tests must be continuously updated, based on
intelligence about security threats. Rigorous covert testing will help
ensure that the TSA workforce is prepared to deal with the constantly-
changing threat environment.
Question 6. The TSA PreCheck initiative has resulted in more risk-
based and efficient screening of passengers at airports. However, a
January OIG report found that modifications to the screening and
vetting process are necessary. Do you feel TSA has taken the necessary
steps to address these concerns?
Answer. We reported in January 2015 that TSA's implementation of
PreCheck and the expedited screening process increased throughput at
airport checkpoints, but also increased the risk to aviation security
because TSA was not making individualized risk-based decisions. We made
recommendations to address identified deficiencies. Initially, TSA did
not concur with the majority of the 17 recommendations in our report,
but we have made significant progress in getting TSA's concurrence and
compliance. As of November 2015, we have closed 3 report
recommendations; 13 recommendations are open, but resolved, meaning we
agree with TSA's planned actions to address the intent of these
recommendations. Although one recommendation remains open and
unresolved, TSA officials said there has been a significant shift to
address this recommendation and TSA is currently drafting a response
outlining these changes. We would be happy to update you and your staff
on the progress once we have received a formal response from TSA.
Question 7. Currently fewer than 5% of travelers participate in TSA
PreCheck. Do you believe TSA has put ample emphasis on enrolling more
passengers in TSA PreCheck? What additional steps do you feel TSA needs
to take in order to expand and enhance the PreCheck program?
Answer. Our review did not focus on expanding the TSA PreCheck
initiative; GAO conducted a review addressing the expansion.
We are currently reviewing TSA's Risk-Based Strategy to determine
the extent to which this strategy informs security and resource
decisions to protect the traveling public and the Nation's
transportation systems. Our report, which we expect to publish in the
spring of 2016, will include a discussion of the PreCheck initiative.
We look forward to sharing our findings and recommendations with you.
Question 8. Prior to Admiral Neffenger's confirmation as
administrator, TSA failed to concur with recommendations in a number of
your reports. Are there any outstanding recommendations with which TSA
has not concurred and taken some steps to address at this time?
Answer. We believe TSA is working in good faith to concur with
recommendations with which it previously did not concur and to close
open recommendations. For example, although TSA did not initially
concur with the majority of our recommendations to correct identified
TSA PreCheck deficiencies, it continues to seek closure through the
recommendation follow-up and resolution process. TSA recently told us
it is reevaluating its position on its open recommendations and for the
single unresolved recommendation in that report, we are optimistic that
TSA is reconsidering the wisdom of its position.
As we reported in Audit of Security Controls for DHS Information at
John F. Kennedy International Airport (OIG-15-18), TSA did not perform
required security authorizations or privacy reviews on closed-circuit
television and surveillance monitoring room technology (i.e., cameras)
used to record passenger data and photos. We reported that according to
DHS 4300 security policy, the cameras should be considered IT assets
and counted as part of DHS's asset inventory. TSA did not concur with
our recommendation to address this issue, asserting that DHS 4300
security policy did not apply to the cameras. We are currently working
with TSA, the DHS Office of the Chief Information Officer, and the DHS
Office of Privacy to resolve this issue.
Question 9. It is no secret that employee morale is a significant
problem at the TSA, both for screeners and agency employees alike. Your
office has a unique perspective in that you are able to talk
confidentially with TSA employees. Do you have any insights into the
underlying cause of the on-going lack of morale at the agency?
Answer. DHS OIG has not done any recent audit or inspection work in
this area.
Question 10. Airports in Miami and Orlando conduct 100% employee
screening, yet the Aviation Security Advisory Committee report
concluded that 100% employee screening would be too costly to implement
Nation-wide. What changes do you feel need to be implemented in order
to improve the screening of airport employees?
Answer. Our office is familiar with the Department's Aviation
Security Advisory Committee's report and the immediate actions
Secretary Johnson took to increase physical screening of aviation
employees. We have not conducted work in the area of employee physical
screening, but we believe that unscreened airport workers represent a
threat to air transportation security. We recently reviewed aviation
employee vetting (TSA Can Improve Aviation Worker Vetting, OIG-15-98),
and our recommendations from that report were very similar to those in
a recent committee report. The Aviation Security Advisory Committee and
OIG agree that TSA can strengthen airport employee vetting by:
updating the list of disqualifying criminal offenses;
continuously monitoring criminal activity (recurrent
employee vetting); and
maintaining a National database of airport employees whose
credentials have been revoked.
Question 11. The Air Marshal Association, a professional
association for members of the Federal Air Marshal Service (FAMS),
advocates shifting the workforce to focus on investigations and anti-
terrorism operations as opposed to deploying on flights to deter
terrorism and hijacking. Do you think this would be a more effective
use of manpower and resources?
Answer. We have not done a large-scale review of FAMS that would
allow us to draw across-the-board conclusions about whether its legacy
mission and goals are effectively aligned with the current threat
environment. This year we will audit FAMS to determine whether it
adequately manages its resources to detect, deter, and defeat threats
to the civil aviation system.
According to the Department's 2014 Quadrennial Homeland Security
Review, the terrorist threat has changed since the attacks of September
11, 2001. In our Fiscal Year 2016 Annual Performance Plan, we discussed
the threat of organized radical extremist groups repeatedly seeking to
recruit members and export terrorism to the United States. We have also
seen domestic ``lone offenders'' and those inspired by extremist
ideologies commit terrorist acts. These threats are difficult to
detect. In countering terrorism, DHS focuses on preventing attacks;
preventing unauthorized acquisition, importation, movement, or use of
chemical, biological, radiological, and nuclear materials and
capabilities in the United States; and reducing the vulnerability of
critical infrastructure and key resources, essential leadership, and
major events to terrorist attacks and other hazards. In the upcoming
FAMS audit and other audits focused on preventing terrorism and
enhancing security, OIG will seek to determine how efficiently and
effectively the Department is working to counter these emerging
threats.
[all]