[House Hearing, 114 Congress] [From the U.S. Government Publishing Office] REFORM AND IMPROVEMENT: ASSESSING THE PATH FORWARD FOR THE TRANSPORTATION SECURITY ADMINISTRATION ======================================================================= HEARING before the SUBCOMMITTEE ON TRANSPORTATION SECURITY of the COMMITTEE ON HOMELAND SECURITY HOUSE OF REPRESENTATIVES ONE HUNDRED FOURTEENTH CONGRESS FIRST SESSION __________ OCTOBER 8, 2015 __________ Serial No. 114-36 __________ Printed for the use of the Committee on Homeland Security [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT] Available via the World Wide Web: http://www.gpo.gov/fdsys/ __________ U.S. GOVERNMENT PUBLISHING OFFICE 99-578 PDF WASHINGTON : 2016 ----------------------------------------------------------------------- For sale by the Superintendent of Documents, U.S. Government Publishing Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, Washington, DC 20402-0001 COMMITTEE ON HOMELAND SECURITY Michael T. McCaul, Texas, Chairman Lamar Smith, Texas Bennie G. Thompson, Mississippi Peter T. King, New York Loretta Sanchez, California Mike Rogers, Alabama Sheila Jackson Lee, Texas Candice S. Miller, Michigan, Vice James R. Langevin, Rhode Island Chair Brian Higgins, New York Jeff Duncan, South Carolina Cedric L. Richmond, Louisiana Tom Marino, Pennsylvania William R. Keating, Massachusetts Lou Barletta, Pennsylvania Donald M. Payne, Jr., New Jersey Scott Perry, Pennsylvania Filemon Vela, Texas Curt Clawson, Florida Bonnie Watson Coleman, New Jersey John Katko, New York Kathleen M. Rice, New York Will Hurd, Texas Norma J. Torres, California Earl L. ``Buddy'' Carter, Georgia Mark Walker, North Carolina Barry Loudermilk, Georgia Martha McSally, Arizona John Ratcliffe, Texas Daniel M. Donovan, Jr., New York Brendan P. Shields, Staff Director Joan V. O'Hara, General Counsel Michael S. Twinchek, Chief Clerk I. Lanier Avant, Minority Staff Director ------ SUBCOMMITTEE ON TRANSPORTATION SECURITY John Katko, New York, Chairman Mike Rogers, Alabama Kathleen M. Rice, New York Earl L. ``Buddy'' Carter, Georgia William R. Keating, Massachusetts Mark Walker, North Carolina Donald M. Payne, Jr., New Jersey John Ratcliffe, Texas Bennie G. Thompson, Mississippi Michael T. McCaul, Texas (ex (ex officio) officio) Krista P. Harvey, Subcommittee Staff Director Dennis Terry, Subcommittee Clerk Vacancy, Minority Subcommittee Staff Director C O N T E N T S ---------- Page Statements The Honorable John Katko, a Representative in Congress From the State of New York, and Chairman, Subcommittee on Transportation Security....................................................... 1 The Honorable Kathleen M. Rice, a Representative in Congress From the State of New York, and Ranking Member, Subcommittee on Transportation Security: Oral Statement................................................. 3 Prepared Statement............................................. 4 The Honorable Bennie G. Thompson, a Representative in Congress From the State of Mississippi, and Ranking Member, Committee on Homeland Security: Oral Statement................................................. 4 Prepared Statement............................................. 5 Witnesses Honorable John Roth, Inspector General, Office of Inspector General, U.S. Department of Homeland Security: Oral Statement................................................. 6 Prepared Statement............................................. 8 Honorable Peter Neffenger, Administrator, Transportation Security Administration, U.S. Department of Homeland Security: Oral Statement................................................. 24 Prepared Statement............................................. 26 For the Record The Honorable Bennie G. Thompson, a Representative in Congress From the State of Mississippi, and Ranking Member, Committee on Homeland Security: List........................................................... 39 Appendix Questions From Chairman John Katko for Peter Neffenger........... 45 Questions From Ranking Member Bennie G. Thompson for Peter Neffenger...................................................... 50 Questions From Honorable William R. Keating for Peter Neffenger.. 52 Questions From Chairman John Katko for John Roth................. 53 REFORM AND IMPROVEMENT: ASSESSING THE PATH FORWARD FOR THE TRANSPORTATION SECURITY ADMINISTRATION ---------- Thursday, October 8, 2015 U.S. House of Representatives, Subcommittee on Transportation Security, Committee on Homeland Security, Washington, DC. The subcommittee met, pursuant to call, at 3:13 p.m., in Room 311, Cannon House Office Building, Hon. John Katko [Chairman of the subcommittee] presiding. Present: Representatives Katko, Carter, Rice, Keating, and Thompson. Mr. Katko. The Committee on Homeland Security Subcommittee on Transportation Security will come to order. The subcommittee is meeting today to hear testimony on assessing the future of the Transportation Security Administration. I now recognize myself for an opening statement. I would like to welcome everyone to today's hearing and I am pleased to have Inspector General Roth back once again and Administrator Neffenger again back here as well. The purpose of today's hearing is to examine TSA's challenges and identify what changes TSA needs to make in order to move forward in an effective manner. TSA was created out of a tragedy and was quickly stood up to address major security vulnerabilities that terrorists exploited. However, 14 years after 9/11, we now have an agency that has had many missteps in its efforts to keep the traveling public safe. Inspector General Roth, your office has conducted over 100 audits identifying major security vulnerabilities and organizational challenges throughout TSA, including the most recent reports that found that TSA passenger screening was allegedly wrong 96 percent of the time. And that 73 aviation workers had potential ties to terrorism. Of course, there is also the recent cases involving drug trafficking incidents in airports at Dallas/Fort Worth, Los Angeles International, and Oakland, to name a few involving employees. These figures are startling and shatter the public confidence. I look forward to hearing from you today about what systemic problems you have identified and what needs to be done to help TSA address these challenges. What is most unfortunate is that these startling findings by both your office, and the Government Accountability Office, as well as the FBI and other agencies, are not isolated instances. Many of these vulnerabilities have been identified and known for years, and unfortunately, prior to this year the previous leadership in both TSA and DHS did not take the appropriate steps to address these known security vulnerabilities. The purpose of today's hearing is not to look backwards, however. With new leadership, Administrator Neffenger, you have an opportunity to address these challenges head on, and lead TSA in a different path, and I am confident that you will do so. In our discussions you have been frank, straightforward, and sincere and I appreciate that. I have full confidence that you are tackling TSA's challenges with an open mind. I look forward to hearing from you today about how we can work together to ensure TSA fulfills its critical mission. This subcommittee has worked tirelessly and in an overwhelmingly bipartisan manner to address the challenges that TSA faces. Since the start of this Congress we have had 7 pieces of legislation pass the House, which is remarkable out of this committee, and 2 of those bills are now public laws. However, there is no silver bullet to address all of the challenges that TSA faces, and unfortunately, we have to be right 100 percent of the time and the terrorists have to be right just once. With nearly 2 million passengers being screened every day we need to do more to better focus our efforts on those passengers that are unknown while still taking precautions to protect against the insider threat. Currently, less than 5 percent of travellers participate in PreCheck. TSA needs to increase this population so that it can target its efforts and resources in a more risk-based manner. That is why I introduced H.R. 2843, the PreCheck Expansion Act. This bill will help TSA to take steps to effectively and robustly market the program and dramatically increase the enrollment. However, in addition to expanding PreCheck, TSA must look at what additional efforts are necessary to increase the security effectiveness of PreCheck and what measures are necessary to mitigate the insider threat. This week the House passed H.R. 3102, the Airport Access Control Security Improvement Act of 2015. This legislation which I introduced earlier this year requires TSA to consult with Federal and private-sector partners to review existing employee screening protocols and work in a comprehensive manner to improve the effectiveness of access controls at airports across the United States. It is a major undertaking. We must do a better job at knowing more about the people who work and travel through our Nation's airports. Securing our Nation's transportation systems is of vital importance to both our National security, and our economic strength, and stability. In the 9/11 Commission report, the then head of the CIA, George Tenet was quoted as saying, ``The system was blinking red,'' in the months leading up to 9/11. We cannot stand idly by and grant tacit approval to lax security measures when we have the authority, responsibility, and indeed the duty to spur action and keep the traveling public safe from harm. Inspector General Roth, Administrator Neffenger, this committee wants to support both of you in your efforts to reform TSA. We look forward to hearing from you today. You are not on opposite sides of the fence. I view you both on the same side of the fence: One exposing the problems, the other one making sure they get fixed. That is why you are both here today. With that, I recognize the Ranking Member of the subcommittee, the gentlelady from New York, Miss Rice for an opening statement. Miss Rice. Thank you, Mr. Chairman, and thank you for convening this hearing. I would also like to thank the witnesses for being here today to discuss the need for and status of reforms and improvements within the TSA. Administrator Neffenger, I understand you had to adjust your schedule in order to testify before this subcommittee today and I want to tell you how much we appreciate that. While you have only been in this position since June, you have demonstrate a true commitment to work constructively with us as you take on the challenges facing TSA and I thank you for that. Finally, I want to thank Inspector General Roth for being here today and for the work you have done and continue to do, to identify vulnerabilities within TSA and advise us on what we can do to enhance the security of our commercial aviation sector. Your most recent report which is Classified, concerns covert tests conducted by undercover DHS investigators who attempted to smuggle prohibited items, including weapons and mock explosives past TSA security checkpoints. As we all know the results of these covert tests were leaked to the media in June before the report was complete, and it was reported that in 67 out of 70 tests, TSA failed to detect these items and allowed the investigators to proceed past the checkpoint. Sixty-seven out of 70, that is 96 percent of the time. I think we can all agree that 96 percent is an alarming figure, and one that we cannot overlook. We have to assess all of the findings and recommendations in your report. We have to shine a light on the vulnerabilities that these covert tests have exposed, and we have to take action to eliminate those vulnerabilities. We know that the threats to this country, particularly to our aviation sector, are constant. They are real. We know those threats are evolving and becoming more sophisticated, but the people who want to do us harm are always on the watch for a new way in, a new way to beat the system. That is why we have to be even more vigilant. That is why we conduct these tests. Because we know that no matter how good our security might be, it can be better. It can always be better and the findings in this report make it clear that it can and must be much better in order to match the threats that we face today. So I am eager to hear how our witnesses are working together to act on these findings, to implement reforms, and to close the gaps that these covert tests uncovered. Obviously, as we all know, Administrator Neffenger, you have only been in your position for a few months. Many of the topics and reports that Inspector General Roth has compiled pre-date your time at TSA, but I certainly look forward to hearing what TSA is doing in response to this most recent report, and if Inspector General Roth has previously identified other security gaps or vulnerabilities that TSA must still address, I would like to learn about those efforts as well. Mr. Chairman, thank you again for convening this hearing. I look forward to productive dialogue today. I yield back the balance of my time. [The statement of Miss Rice follows:] Statement of Ranking Member Kathleen Rice October 8, 2015 Administrator Neffenger, while you've only been in this position since June, you've demonstrated a real commitment to work constructively with us as you take on the challenges facing TSA, and I thank you for that. Finally, I want to thank Inspector General Roth for being here today and for the work you have done and continue to do to identify vulnerabilities within TSA and advise us on what we can do to enhance the security of our commercial aviation sector. Your most recent report, which is Classified, concerns covert tests conducted by undercover DHS investigators who attempted to smuggle prohibited items--including weapons and mock explosives--past TSA airport security checkpoints. As we all know, the results of these covert tests were leaked to the media in June, before the report was complete, and it was reported that in 67 out of 70 tests, TSA failed to detect these items and allowed the investigators to proceed past the checkpoint. Sixty-seven out of 70--that's 96 percent. I think we can all agree that 96 percent is an alarming figure, and one that we cannot overlook. We have to assess all of the findings and recommendations in your report, we have to shine a light on the vulnerabilities that these covert tests have exposed, and we have to take action to eliminate those vulnerabilities. We know that the threats to this country, particularly to our aviation sector, are constant. We know those threats are evolving and becoming more sophisticated, that the people who want to do us harm are always on the watch for a new way in, a new way to beat the system. That's why we have to be even more vigilant, that's why we conduct these tests--because we know that no matter how good our security might be, it can be better. It can always be better--and the findings in this report make it clear that it can and must be much better in order to match the threats we face today. So I'm eager to hear how our witnesses are working together to act on these findings, implement reforms, and close the gaps that these covert tests uncovered. I know that Administrator Neffenger has been in his position for only a few months, and that many of the topics and reports that Inspector General Roth has compiled pre-date the administrator's time at TSA. But I certainly look forward to hearing what TSA is doing in response to this most recent report. And if Inspector General Roth has previously identified other security gaps or vulnerabilities that TSA must still address, I would like to learn about those efforts as well. Mr. Katko. Thank you, Miss Rice. The Chair now recognizes the Ranking Minority Member of the full committee, the gentleman from Mississippi, Mr. Thompson, for any statement he may have. Mr. Thompson. Thank you very much, Chairman Katko and Ranking Member Rice, for holding today's hearing. Also, I welcome the administrator and the Inspector General for their appearance also. Throughout this Congress, this committee has voiced its concern with the state of security within the commercial aviation sector. Over the span of recent years, both Inspector General and the Government Accountability Office, have compiled numerous reports that detail mismanagement, inefficiencies, and vulnerabilities within TSA. These reports range from vulnerabilities associated with granting expedited screening via the use of Secure Flight and Managed Inclusion, to vulnerabilities associated with access to secure areas of airports, and the tracking of maintenance for security-related technologies within airports. Most recently, the Inspector General released a report Covert Testing of TSA's Passenger Screening Technologies and Processes at Airport Security Checkpoints. Details of this Classified report were leaked this summer and the Inspector General has given a briefing on the final report to this subcommittee. While I look forward to hearing the status of solutions that TSA and DHS are implementing to ensure that any security gaps associated with checkpoint screening and technologies are secure, our main concern is that TSA will continue to purchase more technologies that address the threats of yesterday instead of the threats of tomorrow. Consequently, the Transportation Security Administration Reform and Improvement Act of 2015, a bill that recently passed the committee, includes language that aims to aid in the development and innovative security technologies through a program that would create public and private-sector partnerships to help businesses, particularly small businesses, to commercialize these innovative technologies. While that amendment is designed to improve the technologies TSA uses, I still have concerns about some of TSA's other screening programs the Inspector General has found ineffective. For example, the Inspector General has found that TSA's behavioral detection program commonly referred to as SPOT is a magnet for racial profiling, and TSA has little evidence that the program is an effective tool for screening passengers. We know that terrorists span all races, in all ethnicities, and have a profiling mechanism as a means of security is skeptical. Once again, I ask the administrator to review its efficiency of the behavioral detection program. While the administrator appeared before the committee on July 1, I, along with many of my colleagues across the aisle, stated that we would give him appropriate time to address some of these glaring concerns at TSA. So Mr. Administrator, we are glad to have you. I would assume the honeymoon is about over, and we can move forward. So I look forward to your testimony and I yield back. [The statement of Ranking Member Thompson follows:] Statement of Ranking Member Bennie G. Thompson October 8, 2015 Throughout this Congress, this committee has voiced its concerns with the state of security within the commercial aviation sector. Over the span of recent years, both the Inspector General and the Government Accountability Office have compiled numerous reports that detail mismanagement, inefficiencies, and vulnerabilities within TSA. These reports range from vulnerabilities associated with granting expedited screening via the use of Secure Flight and Managed Inclusion, to vulnerabilities associated with access to the secure areas of airports and the tracking of maintenance for security-related technologies within airports. Most recently, the Inspector General released a report, ``Covert Testing of TSA's Passenger Screening Technologies and Processes at Airport Security Checkpoints.'' Details of this Classified report were leaked this summer, and the Inspector General has given a briefing on the final report to the subcommittee. While I look forward to hearing the status of solutions that TSA and DHS are implementing to ensure that any security gaps associated with checkpoint screening and technologies are secure, I remain concerned that TSA will continue to purchase more technologies that address the threats of yesterday instead of the threats of tomorrow. Consequently, the ``Transportation Security Administration Reform and Improvement Act of 2015'' a bill that recently passed the committee includes language that aims to aid in the development of innovative security technologies through a program that would create public and private-sector partnerships to help businesses, particularly small businesses, to commercialize these innovative technologies. And while that amendment is designed to improve the technologies TSA uses, I still have concerns about some of TSAs other screening programs the Inspector General has found ineffective. For example, the Inspector General has found that TSA's behavioral detection program, commonly known as SPOT, is a magnet for racial profiling and TSA has little evidence that the program is an effective tool for screening passengers. We know that terrorists span all races and ethnicities and having a profiling mechanism as a means of security is skeptical. Once again, I ask the administrator to review its efficacy of behavioral detection programs. When the administrator appeared before the committee in July, I, along with my colleagues across the aisle, stated that we would give him appropriate time to address some of the glaring concerns at TSA. It is unrealistic to expect sweeping reforms to have been made in such a short amount of time, and I want to express my appreciation for the administrator's agreeing with Congress that the Managed Inclusion program was flawed and needed to be phased out. Even though the Inspector General's reports have been scathing, I am optimistic that the culture of TSA and the willingness to take the recommendations from these reports and implement reforms is improving. I am interested in hearing how these entities work together to take the issues found within these investigations and audits and use them to create solutions that will keep the traveling public safe. Mr. Katko. Thank you, Mr. Chairman. Other Members of the committee are reminded that opening statements may be submitted for the record. We are pleased to have a group of distinguished witnesses before us today, as I mentioned, to speak on this important topic, and are no strangers to this subcommittee. Let me remind the witnesses that their entire written statements will appear in the record. Our first witness is The Honorable John Roth, who currently serves as Inspector General of the Department of Homeland Security. Prior to his appointment as Inspector General, Mr. Roth served as the director of the Office of Criminal Investigations at the Food and Drug Administration, was chief of staff to the Deputy Attorney General and worked at the Narcotic and Dangerous Drugs Section, which is the best section in all of the Department of Justice. Am I right? Mr. Roth. You are close, yes. Mr. Katko. Because we both worked there. The Chair now recognizes Mr. Roth to testify. STATEMENT OF THE HONORABLE JOHN ROTH, INSPECTOR GENERAL, OFFICE OF INSPECTOR GENERAL, U.S. DEPARTMENT OF HOMELAND SECURITY Mr. Roth. Good afternoon, Chairman Katko, Ranking Member Rice, and Members of the subcommittee. Thank you for inviting me here to testify today. Throughout this year I have testified before this subcommittee and others regarding TSA's ability to execute its important mission. I highlighted the challenges that TSA faced. I testified that these challenges were in almost every area of TSA's operations. Its problematic implementation of risk assessment rules, including its management of TSA PreCheck, failures in passenger and baggage screen operations, TSA's control over access to secure areas including management of its access badge program, its management of the Workforce Integrity program, its oversight over acquisition and maintenance of screening equipment, and other issues that we have discovered in the course of over 115 audits and inspection reports. These issues were exacerbated, in my judgment, by a culture that developed over time which resisted oversight and was unwilling to accept the need for change in the face of an evolving and serious threat. We have been writing reports highlighting some of these problems for years without an acknowledgment by TSA of the need to correct its deficiencies. However, we may be in a very different place now than we were then. I am hopeful that Administrator Neffenger brings with him a new attitude about oversight. Ensuring transportation safety is a massive and complex problem and there is no single silver bullet to solve it. It will take a sustained and disciplined effort. The first step, however, in fixing this problem is having the courage to critically assess the deficiencies in an honest and objective light, creating a culture of change within TSA, and giving the TSA workforce the ability to identify and address risks will be the administrator's most critical and challenging task. I believe that the Department and TSA leadership has begun that process of critical self-evaluation and aided by the workforce at TSA are in a position to address some of these issues. As you noted, we have just completed and distributed a report on our most recent round of covert testing of TSA's checkpoint operations. The results, while Classified, were disappointing. Our testing was designed to check test point operations in real-world conditions. The failures included failures in technology, failures in TSA procedures, and human error. We found layers of security simply missing. But these results were not unexpected. We had conducted other covert testing in the past with similar results. TSA has put forward a plan consistent with our recommendation to improve checkpoint quality in three areas: Technology, personnel, and procedures. This plan is appropriate because the checkpoint must be considered as a single system. The most effective technology is useless without the right personnel, and the personnel need to be guided by the appropriate procedures. Unless all three elements are operating efficiently, the checkpoint will not be effective. We will be monitoring TSA's efforts to increase the effectiveness of checkpoint operations and will continue to conduct covert testing. Consistent with our obligations under the Inspector General Act, we will report our results to this committee, as well as other committees of jurisdiction. While this audit focused on the checkpoint, effective checkpoint operations in and of themselves are not enough. We must also look at other areas to determine vulnerabilities. We have done considerable work on TSA's assessment of passenger risk, and have registered our concern about TSA's use of Managed Inclusion and risk rules that were not based on an individual assessment of passenger risk. I am pleased to report that TSA has phased out its use of Managed Inclusion. However, we still have outstanding recommendations regarding the risk assessment rules that TSA continues to use. I urge the administrator to consider whether or not those risk rules are effective and ensure the safety of the transportation public. TSA also has the responsibility to oversee and regulate airport security provided by airport authorities. For example, in the case of airport worker vetting, TSA relies on airports to submit a complete and accurate aviation worker application data for vetting. In a recent audit we found that TSA does not ensure that airports have a robust verification process for criminal history, and authorization to work in the United States, or sufficiently track the results of their review. TSA also did not have an adequate monitoring process in place to ensure that airport operators properly adjudicated applicants' criminal histories. Mr. Chairman, this concludes my prepared statement. I welcome any questions that you or other Members of the committee may have. [The prepared statement of Mr. Roth follows:] Prepared Statement of John Roth October 8, 2015 Good afternoon Chairman Katko, Ranking Member Rice, and Members of the subcommittee. Thank you for inviting me here today to discuss our work on the Transportation Security Administration (TSA). Our reviews have given us a perspective on the obstacles facing TSA in carrying out an important--but incredibly difficult--mission to protect the Nation's transportation systems and ensure freedom of movement for people and commerce. Throughout this year, I have testified--before this subcommittee and others--regarding my concerns about TSA's ability to execute its important mission. I highlighted the challenges TSA faced. I testified that these challenges were in almost every area of TSA's operations: Its problematic implementation of risk assessment rules, including its management of TSA PreCheck; failures in passenger and baggage screening operations, discovered in part through our covert testing program; TSA's controls over access to secure areas, including management of its access badge program; its management of the workforce integrity program; TSA's oversight over its acquisition and maintenance of screening equipment; and other issues we have discovered in the course of over 115 audit and inspection reports. My remarks were described as ``unusually blunt testimony from a Government witness,'' and I will confess that it was. However, those remarks were born of frustration that TSA was assessing risk inappropriately and did not have the ability to perform basic management functions in order to meet the mission the American people expect of it. These issues were exacerbated, in my judgment, by a culture, developed over time, which resisted oversight and was unwilling to accept the need for change in the face of an evolving and serious threat. We have been writing reports highlighting some of these problems for years without an acknowledgment by TSA of the need to correct its deficiencies. We may be in a very different place than we were in May. I am hopeful that Administrator Neffenger brings with him a new attitude about oversight. Ensuring transportation safety is a massive and complex problem, and there is no silver bullet to solve it. It will take a sustained and disciplined effort. However, the first step in fixing a problem is having the courage to critically assess the deficiencies in an honest and objective light. Creating a culture of change within TSA, and giving the TSA workforce the ability to identify and address risks without fear of retribution, will be the new administrator's most critical and challenging task. I believe that the Department and TSA leadership have begun the process of critical self-evaluation and, aided by the dedicated workforce of TSA, are in a position to begin addressing some of these issues. I am hopeful that the days of TSA sweeping its problems under the rug and simply ignoring the findings and recommendations of the OIG and GAO are coming to an end. I have been gratified by the Department's response and believe that this episode serves as an illustration of the value of the Office of Inspector General, particularly when coupled with a Department leadership that understands and appreciates objective and independent oversight. our most recent covert testing We have just completed and distributed our report on our most recent round of covert testing. The results are classified at the Secret level, and the Department and this committee have been provided a copy of our Classified report. TSA justifiably classifies at the Secret level the validated test results; any analysis, trends, or comparison of the results of our testing; and specific vulnerabilities uncovered during testing. Additionally, TSA considers other information protected from disclosure as Sensitive Security Information. While I cannot talk about the specifics in this setting, I am able to say that we conducted the audit with sufficient rigor to satisfy the standards contained within the Generally Accepted Government Auditing Standards, that the tests were conducted by auditors within our Office of Audits without any special knowledge or training, and that the test results were disappointing and troubling. We ran multiple tests at 8 different airports of different sizes, including large Category X airports across the country, and tested airports using private screeners as part of the Screening Partnership Program. The results were consistent across every airport. Our testing was designed to test checkpoint operations in real- world conditions. It was not designed to test specific, discrete segments of checkpoint operations, but rather the system as a whole. The failures included failures in the technology, failures in TSA procedures, and human error. We found layers of security simply missing. It would be misleading to minimize the rigor of our testing, or to imply that our testing was not an accurate reflection of the effectiveness of the totality of aviation security. The results were not, however, unexpected. We had conducted other covert testing in the past:In September 2014, we conducted covert testing of the checked baggage screening system and identified significant vulnerabilities in this area caused by human and technology based failures. We also determined that TSA did not have a process in place to assess or identify the cause for equipment- based test failures or the capability to independently assess whether deployed explosive detection systems are operating at the correct detection standards. We found that, notwithstanding an intervening investment of over $550 million, TSA had not improved checked baggage screening since our 2009 report on the same issue. (Vulnerabilities Exist in TSA's Checked Baggage Screening Operations, OIG-14-142, Sept. 2014) In January 2012, we conducted covert testing of access controls to secure airport areas and identified significant access control vulnerabilities, meaning uncleared individuals could have unrestricted and unaccompanied access to the most vulnerable parts of the airport--the aircraft and checked baggage. (Covert Testing of Access Controls to Secured Airport Areas, OIG-12-26, Jan. 2012) In 2011, we conducted covert penetration testing on the previous generation of AIT machines in use at the time; the testing was far broader than the most recent testing, and likewise discovered significant vulnerabilities. (Penetration Testing of Advanced Imaging Technology, OIG-12-06, Nov. 2011) the dhs response The Department's response to our most recent findings has been swift and definite. For example, within 24 hours of receiving preliminary results of OIG covert penetration testing, the Secretary summoned senior TSA leadership and directed that an immediate plan of action be created to correct deficiencies uncovered by our testing. Moreover, DHS has initiated a program--led by members of Secretary Johnson's leadership team--to conduct a focused analysis on issues that the OIG has uncovered, as well as other matters. These efforts have already resulted in significant changes to TSA leadership, operations, training, and policy, although the specifics of most of those changes cannot be discussed in an open setting, and should, in any event, come from TSA itself. TSA has put forward a plan, consistent with our recommendations, to improve checkpoint quality in three areas: Technology, personnel, and procedures. This plan is appropriate because the checkpoint must be considered as a single system: The most effective technology is useless without the right personnel, and the personnel need to be guided by the appropriate procedures. Unless all three elements are operating effectively, the checkpoint will not be effective. We will be monitoring TSA's efforts to increase the effectiveness of checkpoint operations and will continue to conduct covert testing. Consistent with our obligations under the Inspector General Act, we will report our results to this subcommittee as well as other committees of jurisdiction. We have also been making significant progress on many outstanding recommendations from prior reports. tsa and the asymmetric threat Nowhere is the asymmetric threat of terrorism more evident than in the area of aviation security. TSA cannot afford to miss a single, genuine threat without potentially catastrophic consequences, and yet a terrorist only needs to get it right once. Securing the civil aviation transportation system remains a formidable task--TSA is responsible for screening travelers and baggage for over 1.8 million passengers a day at 450 of our Nation's airports. Complicating this responsibility is the constantly-evolving threat by adversaries willing to use any means at their disposal to incite terror. The dangers TSA must contend with are complex and not within its control. Recent media reports have indicated that some in the U.S. intelligence community warn terrorist groups like the Islamic State (ISIS) may be working to build the capability to carry out mass casualty attacks, a significant departure from--and posing a different type of threat--than simply encouraging lone-wolf attacks. According to these media reports, a mass casualty attack has become more likely in part because of a fierce competition with other terrorist networks: Being able to kill opponents on a large scale would allow terrorist groups such as ISIS to make a powerful showing. We believe such an act of terrorism would likely be designed to impact areas where people are concentrated and vulnerable, such as the Nation's commercial aviation system. mere intelligence is not enough In the past, officials from TSA, in testimony to Congress, in speeches to think tanks, and elsewhere, have described TSA as an intelligence-driven organization. According to TSA, it continually assesses intelligence to develop countermeasures in order to enhance these multiple layers of security at airports and on-board aircraft. This is a necessary thing, but it is not sufficient. In the vast majority of the instances, the identities of those who commit terrorist acts were simply unknown to or misjudged by the intelligence community. Terrorism, especially suicide terrorism, depends on a cadre of newly-converted individuals who are often unknown to the intelligence community. Moreover, the threat of ISIS or al- Qaeda-inspired actors--those who have no formal ties to the larger organizations but who simply take inspiration from them--increases the possibilities of a terrorist actor being unknown to the intelligence community. Recent history bears this out: 17 of the 19 September 11 hijackers were unknown to the intelligence community. In fact, many were recruited specifically because they were unknown to the intelligence community. Richard Reid, the 2002 ``shoe bomber,'' was briefly questioned by the French police, but allowed to board an airplane to Miami. He had the high explosive PETN in his shoes, and but for the intervention of passengers and flight crew, risked bringing down the aircraft. The Christmas day 2009 bomber, who was equipped with a sophisticated non-metallic explosive device provided by al- Qaeda, was known to certain elements of the intelligence community but was not placed in the Terrorist Screening Database, on the Selectee List, or on the No-Fly List. A bipartisan Senate report found there were systemic failures across the intelligence community, which contributed to the failure to identify the threat posed by this individual. The single most high-profile domestic terrorist attack since 9/11, the Boston Marathon bombing, was masterminded and carried out by Tamerlan Tsarnaev, an individual who approximately 2 years earlier was judged by the FBI not to pose a terrorist threat, and who was not within any active U.S. Government databases. Of course, there are instances in which intelligence can foil plots that screening cannot detect--such as the 2006 transatlantic aircraft plot, utilizing liquid explosives; the October 2010 discovery of U.S.- bound bombs concealed in printer cartridges on cargo planes in England and Dubai; and the 2012 discovery that a second generation nonmetallic device, designed for use on-board aircraft, had been produced. What this means is that there is no easy substitute for the checkpoint. The checkpoint must necessarily be intelligence-driven, but the nature of terrorism today means that each and every passenger must be screened in some way. beyond the checkpoint Much of the attention has been focused on the checkpoint, since that is the primary and most visible means of entry onto aircraft. But effective checkpoint operations simply are not of themselves sufficient. Aviation security must also look at other areas to determine vulnerabilities. Assessment of passenger risk We applaud TSA's efforts to use risk-based passenger screening because it allows TSA to focus on high-risk or unknown passengers instead of known, vetted passengers who pose less risk to aviation security. However, we have had deep concerns about some of TSA's previous decisions about this risk. For example, we recently assessed the PreCheck initiative, which is used at about 125 airports to identify low-risk passengers for expedited airport checkpoint screening. Starting in 2012, TSA massively increased the use of PreCheck. Some of the expansion, for example allowing PreCheck to other Federal Government-vetted or known flying populations, such as those in the CBP Trusted Traveler Program, made sense. In addition, TSA continues to promote participation in PreCheck by passengers who apply, pay a fee, and undergo individualized security threat assessment vetting. I am encouraged by legislation, originating in this subcommittee, H.R. 2843, the TSA PreCheck Expansion Act, which I believe would further improve the use of PreCheck operations. However, we believe that TSA's use of risk assessment rules, which granted expedited screening to broad categories of individuals unrelated to an individual assessment of risk, but rather on some questionable assumptions about relative risk based on other factors, created an unacceptable risk to aviation security.\1\ Additionally, TSA used ``managed inclusion'' for the general public, allowing random passengers access to PreCheck lanes with no assessment of risk. Additional layers of security TSA intended to provide, which were meant to compensate for the lack of risk assessment, were often simply not present. --------------------------------------------------------------------------- \1\ As an example of PreCheck's vulnerabilities, we reported that, through risk assessment rules, a felon who had been imprisoned for multiple convictions for violent felonies while participating in a domestic terrorist group was granted expedited screening through PreCheck. --------------------------------------------------------------------------- We made a number of recommendations as a result of several audits and inspections. Disappointingly, when the report was issued, TSA did not concur with the majority of our 17 recommendations. At the time, I testified that I believed this represented TSA's failure to understand the gravity of the risk that they were assuming. I am pleased to report, however, that we have recently made significant progress in getting concurrence and compliance with these recommendations. For example, I am pleased to report that TSA's practice of using Managed Inclusion has been eliminated. As you know, this subcommittee held a hearing on the issue of expedited screening in March, at which I expressed my significant concerns. TSA disagreed with that finding notwithstanding our recommendation and continued to use Managed Inclusion. Now, however, I am pleased to report that TSA has reversed its decision. However, that report still has an outstanding recommendation regarding the risk assessment rules to grant expedited screening through PreCheck lanes. Unfortunately, TSA continues to use these risk rules. There is pending legislation originating in this subcommittee, H.R. 3584--the Transportation Security Administration Reform and Improvement Act of 2015, which has been introduced--that would eliminate the practice. I urge the administrator to reconsider, in advance of the passage of this legislation, TSA's non-concurrence with our recommendation and stop the practice. Access to secure areas TSA is responsible, in conjunction with the 450 airports across the country, to ensure that the secure areas of airports, including the ability to access aircraft and checked baggage, are truly secure. In our audit work, we have had reason to question whether that has been the case. We conducted covert testing in 2012 to see if auditors could get access to secure areas by a variety of means. While the results of those tests are Classified, they were similar to the other covert testing we have done, which was disappointing. Additionally, as we discuss below, TSA's oversight of airports when it comes to employee screening needs to be improved. (TSA Can Improve Aviation Worker Vetting (Redacted), OIG-15-98, June 2015) I have reviewed the work of this subcommittee as well, and am aware of the significant vulnerabilities that have been uncovered in the course of criminal investigations and this subcommittee's hearings. We are encouraged by the introduction of H.R. 3102, the Airport Access Control Security Improvement Act of 2015, which requires TSA to establish a risk-based screening model for airport employees, to look at the current list of disqualifying offenses, to improve the auditing procedures TSA uses to check on airport badging operations, and to make other improvements. We are doing additional audit and inspection work in this area, determining whether controls over access media badges issued by airport operators is adequate. We are also engaging in an audit of the screening process for the Transportation Worker Identification Credential program (TWIC) to see whether it is operating effectively and whether the program's continued eligibility processes ensures that only eligible TWIC card holders remain eligible. Other questionable investments in aviation security TSA uses behavior detection officers to identify passenger behaviors that may indicate stress, fear, or deception. This program, Screening Passengers by Observation Techniques (SPOT), includes more than 2,800 employees and has cost taxpayers about $878 million from fiscal years 2007 through 2012. We understand the desire to have such a program. Israel is foremost in their use of non-physical screening, although the differences in size, culture, and attitudes about civil liberties make such a program difficult to adopt in this country. In the United States, sharp-eyed Government officials were able to assess behavior to prevent entry to terrorists on two separate occasions: Ahmed Ressam's plot to blow up the Los Angeles International Airport on New Year's Eve 1999 was foiled when a U.S. Customs officer in Port Angeles, Washington, thought Ressam was acting ``hinky'' and directed a search of his car, finding numerous explosives and timers. In 2001, a U.S. immigration officer denied entry to the United States to Mohammed al Qahtani, based on Qahtani's evasive answers to his questions. Later investigation by the 9/ 11 Commission revealed that Qahtani was to be the 20th hijacker, assigned to the aircraft that ultimately crashed in Shanksville, Pennsylvania. However, we have deep concerns that the current program is both expensive and ineffective. In 2013, we audited the SPOT program and found that TSA could not ensure that passengers were screened objectively, nor could it show that the program was cost-effective or merited expansion. We noted deficiencies in selection and training of the behavior detection officers. Further, in a November 2013 report on the program, the Government Accountability Office (GAO) reported that TSA risked funding activities that had not been determined to be effective. Specifically, according to its analysis of more than 400 studies, GAO concluded that SPOT program behavioral indicators might not be effective in identifying people who might pose a risk to aviation security. TSA has taken steps to implement our recommendations and improve the program. However, we continue to have questions with regard to the program and this fiscal year will conduct a Verification Review, with regard to--among other things--performance management, training, and financial accountability, and selection, allocation, and performance of the Behavior Detection Officers. Likewise, the Federal Air Marshal Program costs the American taxpayer over $800 million per year. The program was greatly expanded after 9/11 to guard against a specific type of terrorist incident. In the intervening years, terrorist operations and intentions have evolved. We will be auditing the Federal Air Marshal Program this year to determine whether the significant investment of resources in the program is justified by the risk. TSA's role as regulator TSA has dual responsibilities, one to provide checkpoint security for passengers and baggage and another to oversee and regulate airport security provided by airport authorities. The separation of responsibility for airport security between TSA and the airport authorities creates a potential vulnerability in safeguarding the system. The concern about which entity is accountable for protecting areas other than checkpoints has come up in relation to airport worker vetting, perimeter security, and cargo transport. We have also assessed whether TSA is appropriately regulating airports, such as whether it ensures airports' compliance with security regulations. We have found shortfalls. In the case of airport worker vetting, for example, TSA relies on airports to submit complete and accurate aviation worker application data for vetting. In a recent audit, we found TSA does not ensure that airports have a robust verification process for criminal history and authorization to work in the United States, or sufficiently track the results of their reviews. TSA also did not have an adequate monitoring process in place to ensure that airport operators properly adjudicated credential applicants' criminal histories. TSA officials informed us that airport officials rarely or almost never documented the results of their criminal history reviews electronically. Without sufficient documentation, TSA cannot systematically determine whether individuals with access to secured areas of the airports are free of disqualifying criminal events. As a result, TSA is required to conduct manual reviews of aviation worker records. Due to the workload at larger airports, this inspection process may look at as few as 1 percent of all aviation workers' applications. In addition, inspectors were generally reviewing files maintained by the airport badging office, which contained photocopies of aviation worker documents rather than the physical documents themselves. An official told us that a duplicate of a document could hinder an inspector's ability to determine whether a document is real or fake because a photocopy may not be matched to a face and may not show the security elements contained in the identification document. Additionally, we identified thousands of aviation worker records that appeared to have incomplete or inaccurate biographic information. Without sufficient documentation of criminal histories or reliable biographical data, TSA cannot systematically determine whether individuals with access to secured areas of the airports are free of disqualifying criminal events, and TSA has thus far not addressed the poor data quality of these records. (TSA Can Improve Aviation Worker Vetting (Redacted), OIG-15-98, June 2015) Further, the responsibility for executing perimeter and airport facility security is in the purview of the 450 local airport authorities rather than TSA. There is no clear structure for responsibility, accountability, and authority at most airports, and the potential lack of local Government resources makes it difficult for TSA to issue and enforce higher standards to counter new threats. Unfortunately, intrusion prevention into restricted areas and other ground security vulnerabilities is a lower priority than checkpoint operations. conclusion Making critical changes to TSA's culture, technology, and processes is not an easy undertaking. However, a commitment to and persistent movement towards effecting such changes--including continued progress towards complying with our recommendations--is paramount to ensuring transportation security. We recognize and are encouraged by TSA's steps towards compliance with our recent recommendations. Without a sustained commitment to addressing known vulnerabilities, the agency risks compromising the safety of the Nation's transportation systems. Mr. Chairman, this concludes my prepared statement. I welcome any questions you or other Members of the subcommittee may have. Appendix A.--Recent OIG Reports on the Transportation Security Administration Covert Testing of the TSA's Passenger Screening Technologies and Processes at Airport Security Checkpoints (Unclassified Summary), OIG- 15-150, September 2015 Use of Risk Assessment within Secure Flight (Redacted), OIG-14-153, June 2015 TSA Can Improve Aviation Worker Vetting (Redacted), OIG-15-98, June 2015 The Transportation Security Administration Does Not Properly Manage Its Airport Screening Equipment Maintenance Program, OIG-15-86, May 2015 Allegation of Granting Expedited Screening through TSA PreCheck Improperly (Redacted), OIG-15-45, March 2015 Security Enhancements Needed to the TSA PreCheck Initiative (Unclassified Summary), OIG-15-29, January 2015 Vulnerabilities Exist in TSA's Checked Baggage Screening Operations (Unclassified Spotlight), OIG-14-142, September 2014 Appendix B.--Status of Recommendations for Selected OIG Reports on TSA (As of 9.22.15) -------------------------------------------------------------------------------------------------------------------------------------------------------- Report No. Report Title Date Issued Recommendation Current Status Mgmt. Response -------------------------------------------------------------------------------------------------------------------------------------------------------- OIG-11-47........................ DHS Department-wide 3/2/2011 We recommend that the Deputy Closed.............. Agreed. Management of Detection Under Secretary for Management Equipment. reestablish the Joint Requirements Council. OIG-11-47........................ DHS Department-wide 3/2/2011 We recommend that the Deputy Closed.............. Agreed. Management of Detection Under Secretary for Equipment. Management: Establish a commodity council for detection equipment, responsible for: Coordinating, communicating, and, where appropriate, strategically sourcing items at the Department level or identifying a single-source commodity manager; Standardizing purchases for similar detection equipment; and Developing a data dictionary that standardizes data elements in inventory accounts for detection equipment. OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed.............. Agreed. Administration Sensitive Security Information. Penetration Testing of Advanced Imaging Technology. OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed.............. No Response. Administration Sensitive Security Information. Penetration Testing of Advanced Imaging Technology. OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed*............. Agreed. Administration Sensitive Security Information. Penetration Testing of Advanced Imaging Technology. OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed*............. Agreed. Administration Sensitive Security Information. Penetration Testing of Advanced Imaging Technology. OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed.............. Agreed. Administration Sensitive Security Information. Penetration Testing of Advanced Imaging Technology. OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed.............. Agreed. Administration Sensitive Security Information. Penetration Testing of Advanced Imaging Technology. OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed.............. Agreed. Administration Sensitive Security Information. Penetration Testing of Advanced Imaging Technology. OIG-12-06........................ Transportation Security 11/21/2011 Recommendation includes Closed.............. Agreed. Administration Sensitive Security Information. Penetration Testing of Advanced Imaging Technology. OIG-13-91........................ Transportation Security 5/29/2013 We recommend that the Assistant Closed.............. Agreed. Administration's Administrator, Office of Screening of Passengers Security Capabilities develop by Observation and implement a comprehensive Techniques. strategic plan for the Screening of Passengers by Observation Techniques (SPOT) program that includes-- Mission, goals, objectives, and a system to measure performance; A training strategy that addresses the goals and objectives of the SPOT program; A plan to identify external partners integral to program success, such as law enforcement agencies, and take steps to ensure that effective relationships are established; and, A financial plan that includes identification of priorities, goals, objectives, and measures; needs analysis; budget formulation and execution; and expenditure tracking. OIG-13-91........................ Transportation Security 5/29/2013 We recommend that the Assistant Closed.............. Agreed. Administration's Administrator, Office of Screening of Passengers Security Capabilities develop by Observation and implement controls to Techniques. ensure completeness, accuracy, authorization, and validity of referral data entered into the Performance Measurement Information System. OIG-13-91........................ Transportation Security 5/29/2013 We recommend that the Assistant Closed.............. Agreed. Administration's Administrator, Office of Screening of Passengers Security Capabilities develop by Observation and implement a plan that Techniques. provides recurrent training to Behavior Detection Officer (BDO) instructors and BDOs. OIG-13-91........................ Transportation Security 5/29/2013 We recommend that the Assistant Closed.............. Agreed. Administration's Administrator, Office of Screening of Passengers Security Capabilities develop by Observation and implement a plan to assess Techniques. BDO instructor performance in required core competencies on a regular basis. OIG-13-91........................ Transportation Security 5/29/2013 We recommend that the Assistant Closed.............. Agreed. Administration's Administrator, Office of Screening of Passengers Security Capabilities monitor by Observation and track the use of BDOs for Techniques. non-SPOT related duties to ensure BDOs are used in a cost- effective manner and in accordance with the mission of the SPOT program. OIG-13-91........................ Transportation Security 5/29/2013 We recommend that the Assistant Closed.............. Agreed. Administration's Administrator, Office of Screening of Passengers Security Capabilities develop by Observation and implement a process for Techniques. identifying and addressing issues that may directly affect the success of the SPOT program such as the selection, allocation, and performance of BDOs. OIG-13-99........................ Transportation Security 6/20/2013 We recommend that the Closed.............. Agreed. Administration's Transportation Security Screening Partnership Administration Deputy Program. Administrator expedite developing and implementing procedures to ensure that decisions on Screening Partnership Program applications and procurements are fully documented according to applicable Department and Federal guidance. OIG-13-99........................ Transportation Security 6/20/2013 We recommend that the Closed.............. Agreed. Administration's Transportation Security Screening Partnership Administration Deputy Program. Administrator establish and implement quality assurance procedures to ensure that the most relevant and accurate information is used when determining eligibility and approving airports' participation in the Screening Partnership Program. OIG-13-120....................... Transportation Security 9/16/2013 We recommend that the Deputy Closed.............. Agreed. Administration's Administrator, Transportation Deployment and Use of Security Administration: Advanced Imaging Develop and approve a single, Technology. comprehensive deployment strategy that addresses short- and long-term goals for screening equipment. OIG-13-120....................... Transportation Security 9/16/2013 We recommend that the Deputy Closed*............. Agreed. Administration's Administrator, Transportation Deployment and Use of Security Administration: Advanced Imaging Develop and implement a Technology. disciplined system of internal controls from data entry to reporting to ensure PMIS data integrity. OIG-14-142....................... (U) Vulnerabilities Exist 9/9/2014 This recommendation is Closed.............. Agreed. in TSA's Checked Baggage Classified. Screening Operations. OIG-14-142....................... (U) Vulnerabilities Exist 9/9/2014 This recommendation is Open--Resolved...... Agreed. in TSA's Checked Baggage Classified. Screening Operations. OIG-14-142....................... (U) Vulnerabilities Exist 9/9/2014 This recommendation is Closed*............. Agreed. in TSA's Checked Baggage Classified. Screening Operations. OIG-14-142....................... (U) Vulnerabilities Exist 12/16/2014 This recommendation is Open--Resolved...... Agreed. in TSA's Checked Baggage Classified. Screening Operations. OIG-14-142....................... (U) Vulnerabilities Exist 12/16/2014 This recommendation is Open--Unresolved.... Agreed. in TSA's Checked Baggage Classified. Screening Operations. OIG-14-153....................... Use of Risk Assessment 9/9/2014 Recommendation includes Open--Resolved...... Agreed.** within Secure Flight. Sensitive Security Information. OIG-14-153....................... Use of Risk Assessment 9/9/2014 Recommendation includes Closed.............. Agreed. within Secure Flight. Sensitive Security Information. OIG-14-153....................... Use of Risk Assessment 9/9/2014 Recommendation includes Closed*............. Agreed.** within Secure Flight. Sensitive Security Information. OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Unresolved.... Disagreed. Needed to the TSA Sensitive Security Information. PreCheckTM Initiative. OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved...... Agreed. Needed to the TSA Sensitive Security Information. PreCheckTM Initiative. OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved...... Agreed. Needed to the TSA Sensitive Security Information. PreCheckTM Initiative. OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved...... Agreed. Needed to the TSA Sensitive Security Information. PreCheckTM Initiative. OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved...... Agreed.** Needed to the TSA Sensitive Security Information. PreCheckTM Initiative. OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved...... Agreed. Needed to the TSA Sensitive Security Information. PreCheckTM Initiative. OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved*..... Agreed. Needed to the TSA Sensitive Security Information. PreCheckTM Initiative. OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Closed*............. Agreed.** Needed to the TSA Sensitive Security Information. PreCheckTM Initiative. OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved...... Agreed.** Needed to the TSA Sensitive Security Information. PreCheckTM Initiative. OIG-15-29........................ Security Enhancements 1/28/2015 We recommend that the TSA Open--Resolved*..... Agreed.** Needed to the TSA Assistant Administrator for PreCheckTM Initiative. the Office of Intelligence and Analysis: Employ exclusion factors to refer TSA PreCheckTM passengers to standard security lane screening at random intervals. OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Closed*............. Agreed. Needed to the TSA Sensitive Security Information. PreCheckTM Initiative. OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Closed*............. Agreed. Needed to the TSA Sensitive Security Information. PreCheckTM Initiative. OIG-15-29........................ Security Enhancements 1/28/2015 We recommend that the TSA Open--Resolved...... Agreed.** Needed to the TSA Assistant Administrator for PreCheckTM Initiative. the Office of Security Operations: Develop and implement a strategy to address the TSA PreCheckTM lane covert testing results. OIG-15-29........................ Security Enhancements 1/28/2015 Recommendation includes Open--Resolved...... Agreed.** Needed to the TSA Sensitive Security Information. PreCheckTM Initiative. OIG-15-29........................ Security Enhancements 1/28/2015 We recommend that the TSA Open--Resolved...... Agreed. Needed to the TSA Assistant Administrator for PreCheckTM Initiative. the Office of Intelligence and Analysis: Provide an explanation of TSA PreCheckTM rules and responsibilities to all enrollment center applicants and include this information in eligibility letters. OIG-15-29........................ Security Enhancements 1/28/2015 We recommend that the TSA Open--Resolved...... Agreed.** Needed to the TSA Assistant Administrator for PreCheckTM Initiative. the Office of Intelligence and Analysis: Coordinate with Federal Government and private partners to ensure all TSA PreCheckTM eligible populations receive the rules and responsibilities when notifying participants of eligibility. OIG-15-29........................ Security Enhancements 1/28/2015 We recommend that the TSA Chief Open--Resolved...... Agreed. Needed to the TSA Risk Officer: Develop PreCheckTM Initiative. consolidated guidance outlining processes and procedures for all offices involved in the TSA PreCheckTM initiative. OIG-15-45........................ Allegations of Granting 3/16/2015 Recommendation includes Open--Unresolved.... Disagreed. Expedited Screening Sensitive Security Information. through TSA PreCheck Improperly (OSC File No. DI-14-3679). OIG-15-45........................ Allegations of Granting 3/16/2015 We recommend that the TSA Closed*............. Agreed. Expedited Screening Assistant Administrator for through TSA PreCheck Security Operations: Modify Improperly (OSC File No. standard operating procedures DI-14-3679). to clarify Transportation Security Officer (TSO) and supervisory TSO authority to refer passengers with TSA PreCheck boarding passes to standard screening lanes when they believe that the passenger should not be eligible for TSA PreCheck screening. OIG-15-86........................ The Transportation 5/6/2015 We recommend that TSA's Office Open--Resolved*..... Agreed. Security Administration of Security Capabilities and Does Not Properly Manage Office of Security Operations Its Airport Screening develop and implement a Equipment Maintenance preventive maintenance Program. validation process to verify that required routine maintenance activities are completed according to contractual requirements and manufacturers' specifications. These procedures should also include instruction for appropriate TSA airport personnel on documenting the performance of Level 1 preventive maintenance actions. OIG-15-86........................ The Transportation 5/6/2015 We recommend that TSA's Office Open--Resolved*..... Agreed. Security Administration of Security Capabilities and Does Not Properly Manage Office of Security Operations: Its Airport Screening Develop and implement policies Equipment Maintenance and procedures to ensure that Program. local TSA airport personnel verify and document contractors' completion of corrective maintenance actions. These procedures should also include quality assurance steps that would ensure the integrity of the information collected. OIG-15-86........................ The Transportation 5/6/2015 We recommend TSA's Office of Open--Resolved*..... Agreed. Security Administration Acquisition enhance future Does Not Properly Manage screening equipment Its Airport Screening maintenance contracts by Equipment Maintenance including penalties for Program. noncompliance when it is determined that either preventive or corrective maintenance has not been completed according to contractual requirements and manufacturers' specifications. -------------------------------------------------------------------------------------------------------------------------------------------------------- * These recommendations were either resolved or closed within the last 6 months. ** TSA management changed their response from disagreed to agreed. Appendix C.--Current and Planned OIG Work on TSA PROJECTS IN-PROGRESS ------------------------------------------------------------------------ Project Topic Objective ------------------------------------------------------------------------ TSA Security Vetting of Passenger Rail Determine the extent to which Reservation Systems. TSA has policies, processes, and oversight measures to improve security at the National Railroad Passenger Corporation (AMTRAK). Reliability of TWIC Background Check Determine whether the screening Process. process for the Transportation Worker Identification Credential program (TWIC) is operating effectively and whether the program's continued eligibility processes ensure that only eligible TWIC card holders remain eligible. TSA's Security Technology Integrated Determine whether TSA has Program (STIP). incorporated adequate IT security controls for passenger and baggage screening STIP equipment to ensure it is performing as required. TSA's Controls Over Access Media Badges Identify and test selected controls over access media badges issued by airport operators. TSA's Risk-Based Strategy.............. Determine the extent to which TSA's intelligence-driven, risk-based strategy informs security and resource decisions to protect the traveling public and the Nation's transportation systems. TSA's Office of Human Capital Contracts Determine whether TSA's human capital contracts are managed effectively, comply with DHS's acquisition guidelines, and are achieving expected goals. ------------------------------------------------------------------------ UPCOMING PROJECTS ------------------------------------------------------------------------ Project Topic Objective ------------------------------------------------------------------------ Federal Air Marshal Service's Oversight Determine whether the Federal of Civil Aviation Security. Air Marshal Service adequately manages its resources to detect, deter, and defeat threats to the civil aviation system. TSA Carry-On Baggage Penetration Determine the effectiveness of Testing. TSA's carry-on baggage screening technologies and checkpoint screener performance in identifying and resolving potential security threats at airport security checkpoints. Airport Security Capping Report........ Synthesize the results of our airport security evaluations into a capping report that groups and summarizes identified weaknesses and root causes and recommends how TSA can systematically and proactively address these issues at airports Nation- wide. TSA's Classification Program........... Determine whether TSA is effectively managing its classification program and its use of the Sensitive Security Information designation. TSA's Office of Intelligence and Determine whether TSA's Office Analysis. of Intelligence and Analysis is effectively meeting its mission mandates. ------------------------------------------------------------------------ Mr. Katko. Those questions are indeed forthcoming, but before that Mr. Roth, I want to thank you for your testimony. I appreciate you being here. I want to hear from our second witness, Administrator Neffenger, who I am sure the honeymoon is indeed over. You were confirmed in June 2015 as the sixth administrator of the TSA. You lead the security operations at more than 450 airports within the United States, and a workforce of almost 60,000 employees. Prior to joining TSA, Administrator Neffenger served admirably as the 29th vice commandant of the U.S. Coast Guard, and the Coast Guard's deputy commandant for operations. The Chair now recognizes Admiral Neffenger for his testimony. STATEMENT OF THE HONORABLE PETER NEFFENGER, ADMINISTRATOR, TRANSPORTATION SECURITY ADMINISTRATION, U.S. DEPARTMENT OF HOMELAND SECURITY Admiral Neffenger. Thank you, and good afternoon Chairman Katko, Ranking Member Rice, distinguished Members of the subcommittee, and thank you for the opportunity to testify on my vision for answering these concerns and evolving the Transportation Security Administration. As you noted, Mr. Chairman, TSA was founded from crisis, and has continued to evolve throughout its existence. Careful and sustained oversight by Congress, and audits by the Inspector General and GAO are critical elements of this process, and I am a strong supporter of such. I thank you for the support each of you has provided in exercising that oversight. I also want to thank Inspector General Roth for identifying areas for improvement in TSA. I met with him prior to my confirmation and met with him again during my first month as administrator to relay the seriousness with which I take his work. His team has been invaluable in helping us to identify the root causes of the recent covert testing results, and I thank him for his encouraging assessment of our new direction. That direction is a reflection of my vision on how we approach the continuing evolution of TSA. As you noted, I am now 3 months into the job, and during that time, I have traveled to about 15 airports and numerous Federal Air Marshal offices across the country. I have also visited our partners in the United Kingdom, France, and the Netherlands, and I met with our stakeholders from the airlines, travel industry, and airport operators from major airports, including Los Angeles, Atlanta, Dallas, and Chicago. I have also been engaging with surface stakeholders and passenger rail and light rail both here and in Europe. Throughout all of these visits, I have been thoroughly impressed with the professionals who occupy our ranks. I am speaking specifically of our front-line transportation security officers. In addition to our air marshals, our inspectors, and other employees, each of whom swore an oath to serve their Nation in a mission that encounters nearly 2 million travelers a day in the aviation sector alone. I have been impressed with the collaboration I have seen across the transportation enterprise and I am pleased that the range of capabilities our Federal, State, and local partners bring to bear across every sector. These complex systems require that we systematically examine them and consider them as a whole; that we integrate this wide range of public and private capabilities, that we benchmark and apply best practices across the enterprise, and that we seek global consistency. I can assure you that as we move forward, we remain an intelligence-driven, risk-based counterterrorism agency with a well-defined statement of mission, clear and unequivocal standards of performance, training, and resourcing that enabled the workforce to achieve success, and a relentless pursuit of excellence and accountability. We will conduct counterterrorism operations with discipline and competence. We will invest in deliberately developing our workforce, and we will field advance capabilities responsive to a pervasive and dynamic threat. We have a no-fail mission, one for which the consequences of a successful attack overwhelm the risk equation and for which we must ensure we deliver mission success. My immediate priority is to pursue solutions to the recent covert testing failures and I believe we are making significant progress in doing so. In response to the IG's findings, we have implemented an action plan to ensure leadership accountability, improve alarm resolution, increase effectiveness and deterrence, increase threat testing, and strengthen our procedures. We have also responded vigorously to Secretary Johnson's 10-point plan to review and assess screening operations, including training for the entire screening workforce, testing and improving the technology, and implementing these new procedures. We will continue to implement this plan of action and provide regular updates to you and to the Secretary. Of utmost concern is determining root causes for the failures noted. Our conclusion is that the screening effectiveness challenges were not merely a performance problem, nor were they a failure of the advanced imaging technology. Indeed, this technology has greatly enhanced our ability to detect threats and it continues to perform to expected standards when deployed and used properly. Strong drivers of the problem, however, include leadership focus, environmental influences, and gaps in system design and processes along with a disproportionate focus on efficiency and speed in screening operations rather than security and effectiveness. These powerfully influenced organizational culture and officer performance. As a result, there was significant pressure to clear passengers quickly at the risk of not diligently resolving alarms. Our analysis also revealed our officers did not fully understand the capabilities and limitations of the equipment and several procedures were inadequate to resolve alarms. We have trained our officers to understand and use the equipment properly and we have corrected our procedures. Solutions require a renewed focus on security, streamlined effective procedures, investments in technology, and realistic, consistent, standardized training along with a new balance between effectiveness and efficiency. We must support our officers as they perform their duties. We will continue to partner with our airlines and other members of the travel and airport industry to ensure that we can reduce stress on the checkpoint and we will right-size and re-source TSA appropriately. Our near-term solutions will halt further reductions in officer staffing to support our revised screening efforts, provide consistent high-quality training at a centralized location, and enhance our technology. Our Mission Essentials Training conducted over the past 2 months with every front-line officer and leader across TSA has helped to reset our focus on security effectiveness, and most critically, has enhanced our officers' knowledge of the screening systems that they operate. I refer repeatedly how valuable this information is to our officers. I need to now extend that into our new-hire training across the country. We need greater consistency and efficiency in its delivery, and we must do more to establish a professional foundation that is required of a high-performing counterterrorism organization. As such, I am committed to expanding our existing TSA Academy at the Federal Law Enforcement Training Center and plan to send all new-hire TSOs to basic training beginning in January 2016. Centralized training in a formal, professional academy ensures consistency and professionalism, produces greater enthusiasm, increased confidence and skills, and connectedness to a common agency culture and focus on mission. We must ensure the appropriate measures of effectiveness are in place to drive an institutional focus on our primary mission. We must employ a culture of operational evolution, one that constantly reassesses assumptions, plans, and processes, so we are able to rapidly field new concepts of operation and we must deliver an effective system and earn the confidence of the traveling public through competence, discipline, performance, and professionalism. We face a critical turning point in evolving TSA, both to address these recent findings and begin our investment in a strategic approach to securing the transportation sector. As such, I am committed to ensuring that we do so, that we employ multiple elements in intelligence-driven operations, while discarding a one-size-fits-all approach that we recruit and retain a highly-trained workforce, with accountability and high standards of performance. Chairman Katko, Ranking Member Rice, we have an incredible challenge ahead of us, but I know that TSA is up to the task. I thank you for the opportunity to appear before you today, and I look forward to your questions. [The prepared statement of Admiral Neffenger follows:] Prepared Statement of Peter Neffenger October 8, 2015 Good afternoon Chairman Katko, Ranking Member Rice, and distinguished Members of the subcommittee. Thank you for the opportunity to testify on my vision for evolving the Transportation Security Administration (TSA). Since its creation following the terrorist attacks of September 11, 2001, TSA has played an invaluable role in protecting the traveling public. Fourteen years after the 9/11 attacks, we face threats more dangerous than at any time in the recent past. Terrorist groups and aspiring violent extremists, inspired by messages of hatred and violence, remain intent on striking our Nation's aviation system as well as other transportation modes. The threat is decentralized, diffuse, and quite complex. These persistent and evolving threats are TSA's most pressing challenge and require an intense and sustained focus on our security missions. We remain deeply committed to ensuring that TSA remains a high-performing, risk-based intelligence-driven counterterrorism organization. We are working diligently to ensure we recruit, train, develop, and lead a mission ready and highly-capable workforce, placing a premium on professional values and personal accountability. Further, we will pursue advanced and innovative capabilities that our mission requires to deter, detect, and disrupt threats to our Nation's transportations systems, with a clear understanding that we must continue to optimize today's capabilities while envisioning future methods of achieving success. I am intently focused on leading TSA strategically, developing and supporting our workforce, and investing appropriately, to deliver on our vital security mission. improving aviation screening operations My highest priority for TSA is determining root causes and implementing solutions to address the recent covert testing of TSA's checkpoint operations and technology conducted by the Department of Homeland Security (DHS) Office of Inspector General (OIG). I was greatly disturbed by TSA's failure rate on these tests, and have met with the Inspector General on several occasions to better understand the nature of the failures and the scope of the corrective actions needed. Screening operations are a core mission of TSA. In fiscal year 2014, our officers screened approximately 660 million passengers and nearly 2 billion carry-on and checked bags. Through their diligent daily efforts, our officers prevented over 180,000 dangerous and/or prohibited items, including over 2,200 firearms, from being carried onto planes. In addition, our workforce vetted a daily average of 6 million air passengers against the United States. Government's Terrorist Screening Database, preventing those who may wish to do us harm from boarding aircraft, and conducting enhanced screening of passengers and their baggage prior to allowing them to board an aircraft. In conjunction with these screening efforts, and using intelligence-driven analysis, TSA's Federal Air Marshals also protected thousands of flights. To ensure compliance with aviation security requirements, in fiscal year 2014 TSA Inspectors completed over 1,054 airport inspections, nearly 18,000 aircraft operator inspections, and almost 3,000 foreign air carrier inspections to ensure compliance with aviation security requirements. Still, as recent and prior testing shows, we must continue to formulate solutions that will enhance our effectiveness at checkpoint screening operations. It is important to acknowledge that the OIG covert tests, as a part of their design, focused on a discrete segment of TSA's myriad capabilities of detecting and disrupting threats to aviation security. TSA conducts similar, more extensive testing that is part of a deliberate process designed to defeat and subsequently improve our performance, processes, and screening technologies. TSA's covert testing program, along with the OIG's covert testing, provides invaluable lessons learned, highlighting areas in which the agency needs improvement in detecting threats. Such testing is an important element in the continual evolution of aviation security. As we pursue solutions to the challenges presented by recent and on-going covert testing, there are several critical concepts that must be in place. TSA must ensure that its value proposition is well- defined, clearly-communicated, understood and applied across the entire workforce and mission enterprise. From my first day on the job, I have made it clear that we are first and foremost a security organization. Our mission is to deter, detect, and disrupt threats, and we must ensure every officer, inspector, air marshal, and member of our agency remains laser-focused on this mission. In addition, we must ensure the appropriate measures of effectiveness are in place to drive an institutional focus on the primary security objectives for all modes of transportation, and renewed emphasis on aviation measures. We have demonstrated our ability to efficiently screen passengers: However, it is clear that we now must improve our effectiveness. By focusing on the basic fundamentals of security screening, and by readjusting the measurements of success to focus on security rather than speed, and by measuring what we value most, we can adjust the institutional focus and adapt the culture to deliver success. TSA must adopt a culture of operational evolution, one that constantly questions assumptions, plans, and processes, and is able to rapidly field new concepts of operation, performance standards and capabilities, particularly given the persistent and adaptive enemy we face. To drive these important changes, it is essential to understand and assess appropriately the effectiveness of our aviation security enterprise, to rigorously pursue initiatives to quickly close capability and security gaps, and employ our own covert testing and vulnerability assessments. Delivering an effective security system and earning the confidence of the traveling public will come only through competence, disciplined performance, successful results, and professionalism. These imperatives are essential to address the immediate challenges, and more broadly, to accomplish the important mission entrusted to TSA. In late May, in response to the OIG initial findings, TSA developed and implemented an immediate action plan built on its understanding of the known vulnerabilities in checkpoint operations. Consisting of dozens of individual actions, it was designed to: (1) ensure leadership accountability; (2) improve alarm resolution; (3) increase effectiveness and deterrence; (4) increase threat testing to sharpen officer performance; (5) strengthen standard operating procedures; (6) improve the Advanced Imaging Technology (AIT) system; (7) deploy additional resolution tools; and (8) improve human factors, including enhanced training and operational responses. Scheduled for completion in March 2016, TSA is actively engaged in implementing this plan of action and provides regular updates to the Secretary of Homeland Security as well as frequent updates to the Congress. There are a number of immediate actions that have been completed, including the following: (1) Requiring screening leadership at each airport to oversee AIT operations to ensure compliance with standard procedures; (2) requiring each officer to complete initial video-based training to reinforce proper alarm resolution conversations; (3) conducting leadership and officer same-day debriefs for threat inject testing and lessons learned; and (4) performing daily operational exercises and reinforcement of proper pat-down procedures at least once per shift to ensure optimal TSO performance. secretary johnson's ten-point plan In addition to the TSA action plan, Department of Homeland Security Secretary Jeh Johnson directed a series of actions, which in cooperation with TSA, constituted a 10-point plan to address these findings. TSA is now working aggressively to accomplish these actions. The plan includes the following: Briefing all Federal Security Directors at airports Nation- wide on the OIG's preliminary test results to ensure leadership awareness and accountability. This was completed in May and continues regularly. In September, I convened the leadership of TSA--from across the agency and in every mission area--to discuss our progress, to clearly convey my expectations, and to outline my vision for the evolution of our counterterrorism agency. Training every Transportation Security Officer (TSO) and supervisor to address the specific vulnerabilities identified by the OIG tests. This training also is intended to reemphasize the value and underscore the importance we place on the security mission. The training will reemphasize the threat we face, the design of our security system, integrating technology with human expertise, the range of tools we employ to detect threats, and the essential role our officers perform in resolving alarms. Fundamentally, this training is intended to explain the ``why'' behind our renewed and intense focus on security effectiveness. We are also training supervisors and leaders to ensure they appreciate and support the shift in emphasis. Most important, we are asking our supervisors to recognize their critical role in supporting our officers' renewed focus on alarm resolution. This training began May 29, 2015 and was recently completed at the end of September 2015. Increasing manual screening measures, including reintroducing hand-held metal detectors to resolve alarms at the checkpoint. This has been underway since mid-June and reinforces our ability to detect the full range of threats. Increasing the use of random explosives trace detection, which also started in mid-June, enhancing detection capabilities to a range of threat vectors. Re-testing and re-evaluating screening equipment to measure current performance standards. We are retesting the systems in the airports tested by the Inspector General and assessing performance of the field systems against those in the labs to ensure optimal performance. This testing, which began in June and is on-going, will help us to more fully understand and strengthen equipment performance across the enterprise. Assessing areas where screening technology equipment can be enhanced. This includes new software, new operating concepts, and technology upgrades in collaboration with our private- sector partners. Evaluating the current practice of including non-vetted populations in expedited screening. We continue to take steps to ensure that we have a more fully-vetted population of travelers exposed to screening in our expedited lanes. For example, as of September 12, the practice of Managed Inclusion- 2 is no longer used in daily operations. Revising TSA's standard operating procedures to include using TSA supervisors to help resolve situations at security checkpoints. On June 26, 2015, TSA began field testing new standard operating procedures at six airports. Lessons learned will be incorporated and deployed Nation-wide. This procedure is intended to ensure appropriate resolution techniques are employed in every situation. Continuing covert testing to assess the effectiveness of these actions. For each test, there must be a same-day debrief with the workforce of outcomes and performance along with immediate remediation actions. Expansion of our testing also enhances officer vigilance. Finally, we have responded vigorously by establishing a team of TSA and other DHS officials to monitor implementation of these measures and report to the Secretary and me every 2 weeks. These updates have been on-going since June. root cause assessment DHS and TSA are also committed to resolving the root causes of these test failures. A diverse team of DHS leaders, subject-matter experts, as well as officers and leaders from the front-line workforce are examining the underlying problems resulting in our performance failures and will make recommendations on system-wide solutions for implementations across the agency. The team's initial conclusion is that the screening effectiveness challenges noted by the Inspector General were not merely a performance problem to be solved solely by retraining our officers. Officer performance is but one among many of the challenges. TSA front-line officers have repeatedly demonstrated during their annual proficiency evaluations that they have the knowledge and the skill to perform the screening mission well. Nor was this principally a failure of the AIT technology. These systems have greatly enhanced TSA's ability to detect and disrupt new and evolving threats to aviation. AIT technology continues to perform to specification standards when maintained and employed properly, and we continue to improve its detection capabilities. The challenge can be succinctly described as a set of multi- dimensional factors that have influenced the conduct of screening operations, creating a disproportionate focus on screening operations efficiency rather than security effectiveness. These challenges range across six dimensions: Leadership, technology, workforce performance, environmental influences, operating procedures, and system design. Pressures driven by increasing passenger volume, an increase in checkpoint screening of baggage due to fees charged for checked bags as well as inconsistent or limited enforcement of size requirements for hand-carried bags and the one bag plus one personal item (1+1) standard \1\ create a stressed screening environment at airport checkpoints. The challenges also include the range of complex rocedures that we ask our officers to employ, resulting in cognitive overload and personnel not properly employing the technology or a specific procedure. The limitations of the technology, the systems detection standards, TSA officers' lack of training on equipment limitations, and procedures that failed to resolve the alarms appropriately all undermined our ability to effectively screen, as noted by the Inspector General's report. --------------------------------------------------------------------------- \1\ The Aircraft Operator Standard Security Program, Dated October 21, 2013, requires, with some exceptions for crewmembers, medical assistance items, musical instruments, duty-free items, and photographic equipment, that the accessible property for individuals accessing the sterile area be limited to one bag plus one personal item per passenger (e.g., purse, briefcase, or laptop computer). --------------------------------------------------------------------------- A critical component of the problem was confusing messages on the values of the institution, as expressed in the metrics used to assess effectiveness and leadership performance. As noted, a prior focus on measures that emphasized reduced wait times and organizational efficiency powerfully influenced screening performance as well as organizational culture. As a result, across TSA, leaders' and officers' organizational behavior emphasized efficiency outcomes and a pressure to clear passengers quickly, at the risk of not diligently resolving alarms. The combined effect of these many variables produced the performance reported by the Office of the Inspector General. implementing solutions Solutions to the challenges facing TSA will require a renewed focus on the agency's security mission, a commitment to right-sizing and re- sourcing TSA to effectively secure the aviation enterprise, and an industry commitment to incentivizing vetting of passengers as well as creating conditions that can decrease the volume and contents of bags presented for screening in airports. For TSA, we must renew our focus on the fundamentals of security, thereby asking our officers and leaders to strike a new balance between security effectiveness and line efficiency, to field and diligently perform appropriate resolution procedures and to close technology and performance gaps. We need our managers and supervisors to support our officers when they perform their difficult daily mission. As we move forward, we are guided by a principled, strategic approach, with specific projects already underway to advance our goal of ensuring we deliver on our mission to deter, detect, and disrupt threats to aviation. This principled approach extends beyond the immediate findings identified in the OIG's covert test of checkpoint operations. This approach also informs our strategy and ability as an agency to systematically evolve operations, workforce development, and capability investment, now and in the future. We will systematically review the prior findings of OIG and GAO reports as well as other sources of analysis that can inform security effectiveness. Redefine Value Proposition First, TSA is in the process of ensuring our focus on security effectiveness is well-defined and applied across the entire workforce and mission space. Our ``Mission Essentials--Threat Mitigation'' course, being provided to every officer by the end of September, is our initial step. We will follow this initial effort with a range of initiatives to convey these priorities to leaders and officers using additional tools, such as a statement of the Administrator's Intent, the National Training Plan, and in our workforce messaging. Redefining our values as an agency by focusing on threat mitigation and improving TSO awareness and knowledge of the threat will provide a new and acute mission focus. Resolving every alarm, with discipline, competence, and professionalism are the values we are emphasizing to the workforce. From my initial field visits, I can report that our officers are hearing, understanding, and applying this new approach. Communicate New Standards and Expectations To communicate these new standards, TSA's Office of Intelligence and Analysis is pursuing an information-sharing project to expand and ensure standardized information and intelligence sharing to front-line officers. Expanding the reach of the threat information provided to the field, enhancing our officers' awareness and understanding of the threat and the critical role they play in interdicting these threats creates ownership and a greater commitment to ensuring security procedures are followed. Align Measures of Effectiveness to Standards and Expectations TSA's Office of Security Operations is examining and revising the current Management Objectives Report to rebalance the field leaders' scorecard with security effectiveness measures in addition to some preserved efficiency data. We are operating on the premise that what we measure are the organizational objectives to which our field leaders will pay close attention. We expect the first iteration of our new measures to be in the field by early October 2015. Design System to Achieve Desired Outcome The aviation security system must interdict the full range of threats on the Prohibited Items List and evolving threats that require our immediate action. Our concept of operations review project, run by the Operations Performance and Mission Analysis Divisions, is further identifying system-wide gaps and vulnerabilities and how to ensure the traveling public is exposed to our mission-essential detection capabilities when transiting the screening checkpoint. The results of this analysis may lead to a range of recommended improvements, from clarification of pat-down procedures to fielding decisions for new technologies. Eliminate Gaps and Vulnerabilities in Achieving Desired End-State Our work in analyzing the root causes has identified a range of vulnerabilities in TSA; however, there is no single office or accountable official charged with systemically tracking our vulnerability mitigation efforts. Centralizing these activities under a single official should drive systemic research, development, and fielding of new capabilities. Our TSA Office of the Chief Risk Officer is managing this project. Evaluate Performance by Using the New Values, Standards, and Expectations To motivate behavior, supervisors must clearly communicate the performance objectives they expect from their subordinate officers and leaders. Our Chief of Human Capital is working an initiative we are calling the ``Performance Evaluation Project,'' which is designed to ensure the appropriate focus on desired mission outcomes is imbedded within Annual Performance Plans. These new standards will be used for the performance period that started on October 1, 2015. Incentivize Performance to Enact Values, Standard, and Expectations Several of our field leaders and officers have also recommended a Model Transportation Security Officer Project to determine model performance criteria. The project is intended to incentivize performance and emphasize the values and standards front-line employees are expected to uphold across the enterprise. I am a strong proponent of incentivizing performance, as this can be a powerful instrument to drive employee behaviors. Through these efforts, we intend to convey our values, measure them, and evaluate performance against these new expectations, uniting the TSA workforce behind critical agency reforms that will deliver organizational alignment and strengthen our security posture. Finally, we will continue to partner with the trade and travel industry, the airlines, and airport operators to identify solutions that can fundamentally alter the reality on the ground for our screening workforce. A key element of our solution set will be reassessing the screening workforce staffing baseline. Budgeted staffing levels for fiscal year 2016, planned more than a year in advance of the covert testing failures, presumed a significant increase in the vetted traveling population which, combined with Managed Inclusion, allowed for a smaller workforce. We are reassessing screener workforce staffing needs and planning additional adjustments to support training and operational enhancements, all to ensure future staffing reductions remain rational choices that balance effectiveness with efficiency. Additionally, we look forward to working with the Congress to identify means of adding additional field intelligence officers to ensure every field operation is supported with a dedicated intelligence officer to facilitate information sharing, and to expand our efforts at the TSA Academy to train the workforce. Finally, we expect to invest in Advanced Imaging Technology detection upgrades based on the OIG findings. mission essentials training Given the importance of training to our mission, I would like to elaborate on TSA's approach to training following the OIG covert testing results. It is critical that we train out these failures so we do not repeat the mistakes, including those which could have catastrophic consequences. As of October 1, we have trained the specifics of the failures to virtually every front-line member and leader of TSA. This training, referred to as ``Mission Essentials--Threat Mitigation,'' builds our workforce understanding of the link among intelligence, technology, and the procedures they perform. The training advances our new value proposition by: (1) Providing a detailed intelligence briefing on the current threat; (2) discussing passenger tactics and techniques that may be used to dissuade the TSOs from thoroughly performing their screening duties and what counter-measures they can employ; (3) reviewing recent procedural changes for screening individuals who present themselves as having a disability; (4) practicing pat-down procedures with the goal of finding components of improvised explosive devices; and (5) exploring the capabilities and limitations of the checkpoint equipment and how the TSO can by following proper procedures. I have been encouraged to see our TSOs embracing the principles of Mission Essentials training. Through this training, our employees are being taught how to respond to social engineering--techniques used by passengers seeking to manipulate our screening workforce and avoid regular processes. As I meet with these employees in my travels to airports throughout the country, I have heard repeatedly that they wished they had this valuable information. As such, I have charged TSA's senior leaders to plan to send all new-hire TSOs to the TSA Academy at the Federal Law Enforcement Training Center in Glynco, GA, for TSO-basic training beginning in January 2016. Most of our major counterterrorism partners in security and law enforcement send their employees through similar- type academies to ensure a laser-focus on mission, and we should as well. We recognize this initiative may require additional resources, and look forward to working with the committee accordingly. future of screening As we envision the future of screening, even in the context of the current challenges, I remain a strong proponent of a risk-based approach to security. The vast majority of people, goods, and services moving through our transportation systems are legitimate and pose minimal risk. To support our risk-based approach, it is critical to continue growing the population of fully-vetted travelers, such as those participating in TSA PreCheckTM or in other DHS trusted traveler programs. In parallel, I am also reviewing expedited screening concepts with the intent of moving away from unvetted travelers. This multi-pronged, risk-based approach will result in separating known and unknown travelers, with known travelers receiving expedited screening and other travelers, some high-threat, receiving more extensive screening. I envision a future where some known travelers will be as vetted and trusted as flight crews. Technology on the horizon may support passengers becoming their own ``boarding passes'' by using biometrics, such as fingerprint scans, to verify identities linked to Secure Flight. The Credential Authentication Technology (CAT) is the first step in this process and will provide TSOs with real-time authentication of a passenger's identity credentials and travel itinerary. A second objective is to screen at the ``speed of life'' with an integrated screening system that combines metal detection, non-metallic anomaly detection, shoe X-ray, and explosive vapor detection. Prototypes of these machines exist, which hold great promise for the traveling public. Purposeful checkpoint and airport designs that facilitate screening advances are also a future approach. At Los Angeles International Airport (LAX) Tom Bradley International Terminal, recent innovative renovations have been completed so that screening operations are seamlessly integrated into the movement and flow of the traveling public. This effort will continue, with 6 out of 8 terminals at LAX scheduled for design and renovation. Other locations, such as Dulles International Airport (IAD), have dedicated checkpoints that separate expedited screening from other operations, allowing TSOs to follow the appropriate concepts of operations with greater focus and clarity. While some airports may not be able to take the same approach, the future of screening is based on fulfilling the promise of risk-based security. By increasing the number of fully-vetted passengers and enhancing the effectiveness and efficiency of physical screening, I am committed to refining and advancing our risk-based security strategy. I look forward to working with this committee and the Congress to chart a way forward in this regard. conclusion Chairman Katko, Ranking Member Rice, we have an incredible challenge ahead of us. Still, I know TSA is up to the task, and will adjust its focus from one based on speed and efficiency to one based on security effectiveness. We are on the front lines of a critical counterterrorism fight and our workforce is willing and able to do the job. I thank you for the opportunity to appear before you today and sincerely appreciate your time and attention. I look forward to your questions. Mr. Katko. Thank you, Administrator Neffenger. I called you Admiral or Administrator, either one. It is interchangeable, I guess. But thank you again for your testimony. I appreciate the fact that you are responding rapidly, and recognizing, and embracing the problems, and trying to find solutions. I am encouraged by that. We all are. We look forward during the course of the questioning here today to talk about moving forward, what is the plan, and we hope you weave that into your testimony as we go through it today. I also thank you for rearranging your schedule to be here with us today. I now recognize myself for 5 minutes to ask questions. I will start by observing the nature and tenor of this hearing and how it is different from the other ones that we have had. The other hearings we have had so far, and we have had 7 subcommittee hearings. This is the seventh one, I believe, which is more than any in all of Homeland Security, and perhaps more than most in Congress. The reason is because there is a lot to do. There is a lot of issues to examine. At the forefront of examining of those issues has been the Inspector General, and we appreciate that. Like we said earlier, by Miss Rice, I believe, or someone, more than 100 such reports have been done by the Inspector General since the inception of TSA. Those reports are revealing and also at times troubling. Since we got into the hearings this year, we did one on the Atlanta gun trafficking case which exposed 170 guns being trafficked by employees through supposedly secure access points. It exposed a major weakness in the airline aviation system and that is employee access controls, which are sorely lacking. That was exacerbated by a number of cases recently in Dallas/Fort Worth, and LAX, and Oakland, and elsewhere where major drug trafficking rings had been disrupted. One of those rings, at the preliminary hearing, one of the employees was bragging about the fact that he could bring anything through there, including a bomb, which is incredibly troubling. Instead of having an oh-my-God-moment by the airports, we hear a lot of pushback about costs, and that is something we are going to have to examine going forward. We have had a lot of hearings about screenings and the problems with screenings, a 97 percent fail rate in recent tests. That is unbelievably troubling. We have had hearings about PreCheck and Managed Inclusion and how people are getting pulled out of regular lines into the PreCheck line without any additional background checks, which defeats the purpose of PreCheck. We have heard about the Federal Air Marshal Service and we had a good productive hearing with them and then we found out that after that, Federal Air Marshals are filling sessions with prostitutes in hotels paid for with Government credit cards, and Lord knows what else is going on. That is troubling too. We have also heard some things about private screenings from the Inspector General. This all points up that, I think, and underscores the belief by the Inspector General himself that sometimes--and it is not on your watch, Mr. Neffenger, but sometimes, many times, TSA has not responded. That leads me to the conclusion that TSA, while a young agency, has become a very bureaucratized agency already, too slow to respond and not nimble enough to respond. So the genesis of all that was why I had this hearing today to allow us to discuss at a more general level what are some of its systemic problems that we see at TSA, and we are doing this to benefit Mr. Neffenger's presence so that he can hopefully address them going forward. So with that teeing the ball up, Mr. Roth, I would like to hear from you as to what you think some of the, you know, global problems are at TSA, and I encourage you to be as frank as possible. Mr. Roth. Thank you, Mr. Chairman, and let me preface my remarks by, this is a look back over a number of different audit reports that span the course of years. One of the conclusions or themes that I can draw from this is that there is a mismatch between the risk and meeting the risk. That sort of working theory that we have is either TSA doesn't understand the nature of the risk, or they do understand the nature of the risk, and then worse from that is that they don't address the risk in any appropriate way. Again, I am going to be speaking in the past tense about this because I do think, or at least I am hopeful, consistent with my auditor's vow of critical thinking and skepticism, but I am hopeful that we are in a new era. But I will talk about three episodes that to me sort-of illustrate one of the big issues we have in sort-of either not understanding the risk, or simply dismissing the risk. The first is, of course, our covert testing. The recent round of covert testing was not a surprise to us and it was not a surprise to TSA. We had been doing covert testing over the years with consistently disappointing results. You know, as we like to say, the best test of a football team is how they do on Sunday. To us, a covert testing is the Sunday game. Real-world conditions, figure out exactly how well the system works, and it did not work very well. What we found after the covert testing was even a little bit more upsetting, which was, TSA does their own covert testing and those results were very similar to our results. So none of this came as a surprise to TSA. One of the things that we discovered after this round of testing and the, I would say, the very vigorous response that the Department gave with regard to our briefing on the covert testing, was that no one in DHS had known sort-of this issue; that the issue had remained within TSA. TSA had not sort-of elevated the issue. It came as a surprise to the Secretary, to the Deputy Secretary, to the leadership within the Department. When you look at TSA's fiscal 2016 budget, 2016 budget what it shows is that they are actually going to reduce the number of screeners. Their proposal was to reduce the number of screeners by about 1,700 people. Now, this is a budget that was developed over time and certainly not under this current administrator's watch, and I understand that it is going to be reversed, but I think it shows sort of a cultural attitude that they knew that they had a risk. Their response to that risk was reducing the number of screeners. Their justification for it, and I am just reading from their budget document that was submitted to the Hill, was that TSA employs a multi-layered, risk-based, intelligence- driven approach to its security and counterterrorism mission, and as a result of these, they are focusing efforts on efficiency and can save money as a result of this. Which is in direct contradiction to the evidence that they had at the time as to the efficiency of checkpoint operations. So they either dismissed the risk, or understood the risk, but, yet, didn't meet the risk. So that would be the first episode, and if I could have, there is a couple of others, which I am happy to continue, or---- Mr. Katko. Yeah, for a few moments, please. Mr. Roth. Okay. The second one is our audit on PreCheck. You know, we had real concerns about Managed Inclusion and PreCheck. As you know, you had a hearing on this. I had a conversation with the previous administrator about our audit report where we had deep concerns that people that didn't have an individualized assessment of risk were getting expedited screening. His answer was, well, look, it is my job to accept the risk, and I am accepting this risk, which is fine, except my family flies. So, you know, I am not sure that is an adequate answer. That all of these people went through Secure Flight. So the idea is, of course, that they have been vetted against certain intelligence databases to determine whether they are a risk. I mean the problem with that is any student of modern terrorism history understands that 17 of the 19 9/11 hijackers were unknown to the intelligence community, and they wouldn't be on any sort of special list. Richard Reid, the shoe bomber was not on any special list. The Christmas day bomber in 2009 was not on any list. The most significant terrorist attack we had in recent memory, the Marathon bomber, Tamerlan Tsarnaev, wasn't on any list. In fact, he was looked at by the FBI and adjudged not to be a threat and then not on any sort of active list. So this idea that, oh, well, it is an intelligence-based, and that is the silver bullet, and that is what is going to help us here, is just a wrong-headed assessment of risk. As I said, again, this was not on this administrator's watch, but it was very deeply upsetting to me during the course of our audits to see this kind of a reaction. Mr. Katko. Thank you, Mr. Roth. I will have some questions for you, Admiral Neffenger, on the second go-around if we are able to get to that. If not, I will ask you to submit the questions in writing depending on our schedule here. The Chair now recognizes the Ranking Minority Member of the subcommittee, the gentlelady from New York, Miss Rice, for any questions she may have. Miss Rice. Thank you, Mr. Chairman. Inspector General Roth, what I would like to ask you, you mentioned in your statement the No. 1 thing is that TSA can do to change the culture, which is what you cite as significantly problematic. So what are your thoughts on how you change the culture? Mr. Roth. Okay, it is a difficult problem, because it is a problem that has grown up over time. One of the ways that you change the culture is, I think, what the administrator is currently doing, which is an honest look at what it is that is going on and sort of honestly confront your problems and put a plan of action in place. Historically, it has not been that. It has been both for us and GAO sort-of a reaction, and a very disturbing reaction, for example, in our covert testing I think for 2012, we had our results and TSA pushed back considerably on our methodology, and on a number of other things. But lo and behold, they had their own internal testing that was almost the same. So what kind of an agency is sort of pushing back in public, and yet, understands that the audit is correct? As I said, I think this is changing, and there is an honest assessment of what is going on. My understanding is that the administrator is going to put forth a realistic strategic plan that isn't, you know, everything is wonderful and we are doing fine, and pay no attention to the man behind the curtain, but rather this is a problem. The risks of catastrophic terrorism are real, and we absolutely need to get it right. So it is a long process. There isn't a single magic bullet, but certainly, good leadership helps and that is what we are hopeful for. Miss Rice. So being 1 of 10 kids, I have to be optimistic, right, and I am choosing to be optimistic about the ability to change the culture at TSA because it has only been around for a short period of time, right? I am on the Veterans Affairs' Committee and I can tell you that that agency does the same exact thing. Every time there is an IG report that says here is a problem, here is a problem, they push back and say no, no, no, there is no problem. Nothing needs to be changed. The stakes are equally high for both our veterans, right, and National security, domestic, and international that TSA is dealing with. So I am glad to hear you, Mr. Roth, speak so bluntly because that is what we need. That is what your job is, but I am also happy to hear that you are optimistic about Admiral Neffenger, because I am very optimistic about the new administrator for a whole host of reasons. So one issue that I do want to address because you mentioned this, because I do believe, Mr. Roth, that in order to do an adequate assessment of your risk, right, intelligence has to be part of that. One of the things that I was so distressed to hear about, is how the TSA is responsible for doing the checks on airport employees, and yet, they are given incredibly poor information to do these background checks, which affects the ability to really adequately assess the risk of this employee, which as the Chairman pointed out, when you have gunrunners and drug runners, some of whom are employed by the agency, that is problematic. So my question is to you, Admiral Neffenger, regarding that--it seemed to me that that was a fix that didn't have to be a legislative fix. You, as the administrator, could say, from now on, if you want a background check to be done, which you have to have done, these are the things--these are the pieces of information that we need to get, or you don't get the background check and you can't hire the person. So just that one area, if you could just address that one issue? Admiral Neffenger. Yes, thank you. With respect to that, so I have got some good news to report. We actually get access to a whole host of information in databases now that allow us to do--and actually, we always had access to terrorist screening database, and databases with known or suspected terrorist information in it. Some of which you are referring to are some categories within what is called the terrorist information datamart environment. It is just a big database where this was information that may or may not be sufficient to directly tie somebody to a known or suspected terrorist, or identify them as such, or there might be partial information. Those are the categories that we had, you know, one-by-one, or case-by-case access to, but not automated access. So we have asked for that automated access and we are working through the interagency to achieve that. We have also dramatically improved our oversight of the airport vetting environment. So as you know, we still vet the folks who are applying for secure access badges. But to the Inspector General's point, we had not been overseeing the collection of information and the maintenance of the data in doing regular audits of that. We are doing that now directly as a result of the Inspector General's findings. So I think that we are moving forward in a good way on getting information. I share your concern that we have access to as much information as we need to have access to in order to fully vet people who we put into trusted environments, given what we have already known about what has happened in some of the airport environments across the country. I think that we made good progress. I have met with my counterparts in the intelligence community, and I have been sitting--I met with the National security staff and the senior directors for trans-border and others to make clear my priorities, and so far I have been getting good results from that. Miss Rice. Great, thank you both very much. Mr. Katko. Thank you, Miss Rice. The Chair now recognizes the Ranking Minority Member of the Homeland Security Committee, the gentleman from Mississippi, Mr. Thompson. Mr. Thompson. Thank you very much, Mr. Chairman. Administrator Neffenger, one of the real challenges I alluded to in my opening statement went toward the fact that we buy technology in the form of equipment for vulnerabilities that they can't detect. How are you going to close that gap between known vulnerabilities and acquiring equipment and technologies that won't detect it? Admiral Neffenger. Well, you know, Mr. Thompson, you really hit on a key concern, and that is how do you get beyond today's security systems and look towards the future and evolve fast enough to meet what we know to be an evolving threat environment? I think there are a couple of things we need to do. First of all, I would like to see more robust competition in the marketplace. Right now we are tied to a couple of key vendors. They have done good work and they produced some good equipment for us, but I would like to see even more competition. I would like to incentivize more. I think there is a lot of creativity in the private sector and I think there is a lot of innovation in the private sector. I have got some thoughts on ways in which we can incentivize that competition to include small business competition because I think that some of the small businesses out there are doing some of the most innovative work that we have. The second piece is to have a clear understanding of what the threat is so that when we develop the requirements that we need for the equipment that we are looking for, that those requirements are expansive and robust; that we don't just look to buy the next thing on the shelf that looks like it might do the job, but that you have got to really start--I will back up a moment because it speaks to some of the points that each of you have made with respect to focus on mission. You really have to start with the mission. It is not just enough to say my mission is secure. You have to say, well, what does that mean? What are the components of my mission? So you have to do a true analysis of the mission. I say this sincerely, I start every day by thinking about the mission and I work backwards from there and I think, what does it take to accomplish this mission? What are the requirements we need to-- if you are sitting at a checkpoint, what does that checkpoint have to actually do? What is the nature of the threats that might present themselves at the checkpoint? How might you determine those threats? How might they be presented? In what manner can they be presented? All of the different variations of that. That is a very complex process to do that, but you have to do it, and you have got to dissect that mission down to the--down to the details. Then you can begin to put out requirements that I think we can--we will see much more robust response to that. In the mean time, I want to make sure that the equipment that we currently operate is operating to its peak. So we are working to get the most out of the current equipment as we look to move the next technology in. Mr. Thompson. Well, and not for a response, if we keep buying current equipment that can't identify those known vulnerabilities, we are not where we need to be, and I think this robust competition is healthy because when you only have three major players in the area, you know, that is a lot. So I look forward to your leadership to incentivize other competition. I think that is important. We put it in the legislation, and I hope that authority gets us where we need to be. A couple of other things. You talked about the checkpoints. You know, TSOs are special to a lot of the traveling public. Most of the time, that is all people see are those men and women at the checkpoints. I would like to make sure that those men and women are being encouraged to be the best that they can be, and not penalized. Now, I heard something yesterday and I just need a yes or no answer. Are the medical guidelines for TSOs and all other employees for TSA the same? Admiral Neffenger. You know, I don't know the answer to that question exactly, because I am looking at the very medical guidelines right now. I know that they have over the past year, before I became confirmed, I know that we had been working on updating the standards for medical guidelines. Here is what I believe to be the case. That I think that there are different categories of medical guidelines depending upon the type of work that you have to do in the organization. For example, I believe that there are certain physical standards you have to be able to meet in order to perform the duties as a baggage check person that may or may not be the same standards that you have to hold if you are an employee at TSA headquarters. Mr. Thompson. I want you to check that out. Admiral Neffenger. But I will verify it for you. Mr. Thompson. Because I am told that, like, people who are TSOs who might have asthma get discharged by having asthma, or high blood pressure, diabetes, whatever; but that people in management somehow don't. Actually, I have the information, but that is a problem from my vantage point because if you have a different--just look at that. Admiral Neffenger. I will do that. Mr. Thompson. In health. I have got some other questions that I will submit, Mr. Chairman, for the record to get it. But I would also like unanimous consent to provide for the record that there have been 165 TSOs who have been terminated for disqualifying medical conditions--and cancer. I mean, you know, how can you terminate somebody because they have cancer? I mean, that is, you know, what I am saying? So I don't want us to be a scrooge. I want us to treat people humanely, and I would like to include that into the record. Mr. Katko. Without objection, so ordered. [The information follows:] List Submitted For the Record by Ranking Member Bennie G. Thompson tso's removed/terminated for disqualifying medical conditions for calendar year 2014--the number of tso removals/terminations is 165 Breakdown By Gender: Female--85 Male--80 Total--165 Breakdown by Disqualifying Medical Guideline Anxiety Related Dysfunction--15 Arrhythmias--1 Arthritis--2 Asthma--3 Behavior Dyscontrol--1 Bipolar Disorder--2 Body Mass Index--1 Cancer--3 Cardiomyopathy, Myocarditis, Constrictive Pericarditis--2 Cataracts, Corneal Disorder, Eye Disorders--1 Cervical, Thoracic and Lumbosacral Disc Disease Syndrome--23 Chronic Bronchitis, Cystic Lung Disease & COPD--1 Chronic Pain--4 Coronary Artery Disease--1 Delusional/Paranoid Dysfunction--1 Depression Related Disorder--13 Diabetes Mellitus--3 Equilibrium Disorder--3 Gout--1 Hernia--1 Hip, Knee, Ankle and Foot Related Dysfunction--4 Hypertension--1 Inability to Lift and Carry Items Weighing up to 70 Pounds-- 19 Inability to Walk, Stand for Periods Greater Than 10 Minutes--1 Inflammatory Bowel Disease--1 Irritable Bowel Syndrome--5 Lumbar Spine Disorder--5 Lumbosacral Surgery--1 Migraines and Other Episodic Headaches--18 Mobility and Dexterity--3 Motor Neuron Disease--1 Osteoarthritis--4 Pain & Neuropathies--1 Parkinson's Disease--1 Peak Experiratory Flor (PEE)--1 PTSD--2 Renal Function--1 Seizure Disorder--6 Sleep Disorder--2 Spinal Abnormalities--1 Transient Neurological Events--1 Traumatic Brain Injury--1 Vertigo--2 Visual Acuity Far And Near--1 Total=165 tsos removed/terminated for disqualifying medical conditions for calendar year 2013--the number of tso removals/terminations is 185 Breakdown By Gender Female--106 Male--79 Total--185 Breakdown by Disqualifying Medical Guideline (1) Migraines and Other Episodic Headaches--27 (2) Anxiety--14 (3) Depression and Related Disorder--10 (4) Cervical Lumbar--1 (5) Diabetes--9 (6) Inflammatory Bowel Disease--3 (7) Anemia--1 (8) Anticoagulation Therapy--1 (9) Psychotic Functioning--1 (10) Cervical Thoracic--12 (11) Gout--3 (12) Urticaria--1 (13) Joint Condition--3 (14) Heart Disease--2 (15) Cancer--2 (16) Ventricular Arrhythmia--2 (17) Inability to Lift and Carry Items Weighing up to 70 Pounds--44 (18) Inability to Squat and Bend--6 (19) Inability to Walk, Stand for Periods Greater Than 10 Minutes-- 8 (20) Mobility and Dexterity--9 (21) Vertigo--1 (22) Inguinal, Umbilical or Ventral Hernia--1 (23) Endocrine Disorder--1 (24) Chronic Pain--4 (25) Myotonic Dystrophy--1 (26) Renal Dysfunction--1 (27) Peripheral Neuropathy--1 (28) Spinal Abnormalities--2 (29) Sleep Disorder--2 (30) Meniere's Disease--1 (31) Asthma--1 (32) Seizures--2 (33) Chronic Bronchitis--2 (34) Diplopia and Visual Field Loss--1 (35) Delusional/Paranoid Dysfunction--1 (36) Behavioral Dyscontrol--2 (37) Syncope--1 (38) Thoracic Outlet Synedrome--1 Total--185 Mr. Katko. Thank you, Mr. Thompson. The Chair now will recognize other Members of the committee for questions they may wish to ask the witnesses. In accordance with the committee rules and practice, I plan to recognize Members who were present at the start of the hearing by the seniority on the subcommittee. Those coming in later will be recognized in the order of arrival. The Chair now recognizes Mr. Keating from Massachusetts for 5 minutes of questioning. Mr. Keating. Thank you, Mr. Chairman. It was only me, anyway. Mr. Katko. Well, you are very important to all of us. Mr. Keating. Thank you, sir. Thank you for being here Mr. Roth, Inspector General Roth, and thank you for your work. You are talking about a culture. Let me just do this again. You know, it is not just TSA administrator that we are talking about in terms of the culture. It is higher up, Secretary Ridge when he was a witness, I brought this up with him, and he agreed it was a major issue. Secretary Napolitano, when she was the Secretary several times said this is a priority. It is an issue. I brought it up with Secretary Johnson, and last summer I brought it up with you. You agreed that this was a top priority. That is the issue of perimeter security around the airports. I have been saying this for so long and the response has been to cut down the number of vulnerability studies and to tell this committee that things are more secure. In the mean time, teenagers, intoxicated people, are breaching perimeter security, go right up to the aircraft, which is, I hate to say this publicly, but which is an amazing target. They can put a bomb on there the same way that these teenagers had access and not even risk their own lives the way people would ordinarily have to do it if they are going to breach the gate. So I wanted to follow up, No. 1, with that question to see what steps have been taken since we last discussed this, and what you expect to implement. The second issue, part of the problem with perimeter is the jurisdictional issue. You have got some airports that are municipal airports, very small airports, but still networked into the big commercial flights. You have got authorities, all kinds of brands and shapes, all types of resources to deal with it. The continuing problem of what to do with the exit lanes, which TSA maintains is still a priority, it is still important. It is still an access point, but you want to shift that authority to these airports that aren't even doing the job with perimeter security. So the two questions I have are: What is the update on perimeter security in terms of implementing what you said was high priority? No. 2, how can we resolve the exit lane issue which I think if it is so important for TSA, it should remain their responsibility and make sure we have the kind of security we need there, because that is a vulnerability standpoint as far as I have seen? If you could, those two questions, Administrator Neffenger, and thank you again for making yourself so available. Admiral Neffenger. Yes, sir, thank you, Mr. Keating. Perimeter security, as you know, one of the things that was requested right in the aftermath of the Atlanta issue was a look by the Aviation Security Advisory Committee at vulnerabilities across the airport system. I think that provided a very good series of issues to address as well as some strong recommendations and we have been working to, first of all, to think about how to implement those, and then to take a good solid look at the system. So it actually is a significant priority of ours to ensure perimeter security. I share your same concerns with it. So what have we done? I have ordered a look at all of the airports across the country. I want to know from top to bottom, you know, what have we done with respect to perimeter security, including access control points, how those access control points are maintained, and then what do we do to actually ensure the safety and security of the perimeter itself? What is the nature of the perimeter, and how consistently is it enforced around? So that is a fairly large undertaking, and I haven't seen the results of that request yet. The other thing I am doing is putting more effort into that oversight piece. We have legislative authority to do that oversight whether you are dealing with a local airport authority, a local municipality, or a large aviation concern. All of it falls under the purview, and I think that there are-- you can set clear performance standards for how that is done. So the first is to assess what the current state really is as opposed to---- Mr. Keating. I don't want to interrupt you, but my time is going away on me. Do you have a time frame in which that study could be taking place? I am a few weeks away from asking this question for 6 years now. Do you have a time frame? Admiral Neffenger. Well, I understand your frustration so we are doing that right now. Let me get you an actual time frame so that I--because I don't want to promise something I can't deliver on a certain time, but I can commit to you is that it is happening right now and I have asked the same question. I am very concerned about the same issue, I want you to understand. Because that system is important. Let's say you get the checkpoint 100 percent right. There are more vulnerabilities in the aviation system than the checkpoint. Mr. Keating. The exit lane, briefly if you could. Admiral Neffenger. I will get back to you on the exit lane question as well, sir. Mr. Keating. Thank you. I yield back. Mr. Katko. Thank you, Mr. Keating. We are getting ready for votes, but I think what I would like to do, if any of the other Members have questions, just ask questions and have you respond to the rest in writing. I have a few that I would like to have responded to in writing before we wrap up here. With respect to Mr. Roth, simply, Mr. Roth, if there are other kind of 30,000-foot observations you would like to make about TSA that you weren't able to cover today in the short period that we were here, I encourage you to submit them in writing to the committee and I encourage you to be as blunt and open as possible. I think it is important to expose that, and make sure to copy the administrator on it as well. With respect to Administrator Neffenger, there are a couple of things I would like to have you talk about. Ranking Member Thompson hit it right on the head with the technology issues. One of the things he said that is very important is he said he has only seen three major players, if you will, within the technology providing for the administration, and that sometimes it seems like there is a sense of comfort with dealing with just those three. I think competition is a good thing. I have been to many technology presentations recently and the updated technology out there is stunningly advanced. It seems to me that I would like to hear from you, actually, as to what you are doing to vet that technology, and how you are encouraging these newcomers on the scene to give them a fair shake. Not only from a competition aspect, but taking a real good hard look at everything from the prescreening aspects with the biometric data, to the actual physical screening procedures and machines because we know there are problems with them now, and going forward, how are you going to address that? The other component I want to ask you about is the age of the screening equipment itself. Because from my understanding, much of this equipment is at or near a 10-year lifespan. That I would like to know what the plans are going forward to replace it because many of these are at the end of their lifespan and-- projected lifespan at least, and it doesn't seem like there is a plan going forward on the horizon. So I would like to see what the blueprint is going forward to deal with this new technology. I think Mr. Thompson is 100 percent right that technology is critically important and hearing from all parties, not just the ones that TSA is comfortable with. That is very important. Let me make sure there is nothing else here. Oh, yeah, last thing is, with respect to the access controls. I would like to hear what has been done since we have to tighten up access controls, and I will note to just warn you that with respect to the Viper team that was celebrated as a risk-based security for the access controls, but it was completely exploited by the individuals in the Dallas/Fort Worth case. As a matter of fact, employees went into areas and if the Viper team was there, they just simply called out to their comrades to bring the drugs and contrabands to another exit, another entry point. That is a major concern. So I don't want to hear too much about the Viper teams because it is not getting the job done. It's pretty obvious. They are a good idea, but they are easily circumvented. So I would like to hear what your ideas are about that going forward, and what has actually been done going forward. I really look forward to getting that bill passed that we just recently passed out of the House and getting it signed-- passed out of the Senate and signed by the President so that we can get to work on doing an in-depth study that is really needed with this. So with that, I will ask my colleagues if they have any further questions they want to have submitted for the record. Anything? All right, if there is anything further, we will submit them to you in writing within 10 days. I thank you very much. It was an abbreviated session, but we have had a few things going on today as you might imagine, and it is now time for some votes. So thank you very much. [Whereupon, at 4:08 p.m., the subcommittee was adjourned.] A P P E N D I X ---------- Questions From Chairman John Katko for Peter Neffenger Question 1. The Transportation Security Administration (TSA) has long been plagued with accusations of mismanagement and waste. Since taking the helm at the agency, have you had the opportunity to assess the various programs and activities in TSA's area of responsibility and identify any areas that are in need of reform, restructuring, or elimination? Answer. On an annual basis, the Transportation Security Administration (TSA) examines all programs and activities to review current requirements and execution of resources along with program performance to ensure optimal use of limited resources. This process identifies realignments, restructurings, and/or elimination of programs or activities to propose in the annual Congressional budget submission. Over the past several fiscal years, TSA has identified efficiencies and savings in the budget. For example, in fiscal year 2014, TSA identified approximately $100 million in various enterprise-wide and administrative/professional support contract efficiencies; in fiscal year 2015 and 2016, TSA's budget submissions reflected over $200 million in savings as a result of implementing risk-based security initiatives. Realignments have also been made through the formal budget process to better apportion resources to TSA's organization and management structure, while enhancing mission effectiveness. In the fiscal year 2015 budget, TSA permanently consolidated the Federal Air Marshal Service Appropriation into a single Program, Project, and Activity (PPA) within TSA's Aviation Security Appropriation and realigned the Intelligence PPA from Transportation Security Support Appropriation to the Intelligence and Vetting Appropriation. TSA recently established a new level of review in the budget process for the fiscal year 2018-2022 cycle which will include in- depth, transparent, agency-wide program reviews and prioritization of requirements. In the current fiscal climate, TSA will ensure that the available resources are effectively and efficiently aligned and managed to minimize waste. Additionally, TSA will ensure that programs and activities support the TSA and Department of Homeland Security's (DHS) missions, while aligning resources to the TSA Administrator's and DHS Secretary's priorities. Programs and activities are also assessed when high-priority emergent needs arise outside of the development of an annual budget. For example, TSA initiated a programmatic review of security procedures addressing issues raised by the DHS Office of Inspector General (OIG) covert testing results issued in May 2015. The report revealed the need for improvements in the screening process, to be addressed in the near and long terms. Based on the review, resource realignments have been proposed to improve security performance and monitoring. TSA is committed to optimizing resources, and remaining a high-performing, risk-based intelligence-driven agency. Question 2. How do you plan to measure and evaluate TSA's success in achieving programmatic goals and outcomes? Answer. The Transportation Security Administration (TSA) will report strategic and management measures externally through the Future Years Homeland Security Program system. These select measures align to the Department of Homeland Security Mission 1.1 Goal: Prevent Terrorism and Enhance Security. TSA will also use other metrics to measure the effectiveness and efficiency of individual security programs, such as the use of scorecards to assess performance management in the Measures of Effectiveness (MOE) report. This report identifies security programs, procedures, and technology deemed strategically important by TSA leadership, and measures performance at the airport, regional, and National levels. The MOE replaces the previous Management Objectives Report and reflects the increased emphasis on security effectiveness and a decreased emphasis on throughput. The specific performance metrics used in the MOE reporting are organized into the following four broad categories: Workforce Readiness.--Measures emphasize the continued development of an adaptive and flexible counterterrorism workforce that is highly-trained, competent, and ready to meet the threat. System Readiness.--Measures improve mission effectiveness by measuring the implementation and continuation of risk-based, intelligence-driven security initiatives aimed at deterring and disrupting adversary activity. Workforce Performance.--Measures reflect the ability of TSA's human assets to detect threats to aviation security presented through the screening checkpoint and checked baggage. System Performance.--Measures reflect the operational and management conditions that optimize TSA's ability to detect threats to aviation security. Individual programs will also have management-level reports which measure all facets of those programs, procedures, and/or technologies. Question 3. Do you believe that TSA is adequately adapting its tactics and resources to mitigate the evolving threats to transportation? Similarly, do you believe TSA's foreign partners are keeping up with threats emanating from overseas? How has TSA improved its overseas footprint and coordination with other governments? Answer. The Transportation Security Administration (TSA) identifies key risk information related to global aviation, conducts systematic analysis to determine key risk drivers, and develops effective and efficient strategies that mitigate the in-bound aviation risk to the United States. TSA assesses the security posture at international airports that serve U.S. aircraft operators and from which foreign air carriers serve the United States. TSA has made great strides in strengthening its international network by developing and instituting an innovative risk management methodology that drives the allocation of resources and operations to target the most important vulnerabilities. TSA identifies these vulnerabilities and determines how frequently an airport should be assessed based on existing data collection and analysis. In fiscal year 2015, TSA conducted 146 foreign airport assessments and 289 air carrier inspections. TSA relies on a wide range of activities, resources, and personnel to effect change in the vulnerability posture at a foreign airport. TSA determines a way forward, choosing from a number of direct or indirect mitigation actions. When a specific threat is identified or significant vulnerabilities warrant additional mitigation actions, TSA may issue Security Directives and Emergency Amendments to be implemented by air carriers at selected locations. Following issuance of these Security Directives or Emergency Amendments, TSA relies on a number of methods, such as ad hoc visits or inspections, to verify compliance with the additional measures. Follow-up assessments and inspections reveal whether any reduction in vulnerability occurred. The results of these visits enable TSA to determine if the mitigation actions were successful. TSA also aligns its strategic engagements with international partners using this risk-based approach. Through its TSA Representatives and International Industry Representatives, as well as through TSA Senior Leadership engagement, TSA is able to influence and inform key decision makers in both foreign governments and industry on on-going threat streams and associated vulnerabilities in the aviation security system, and encourage a subsequent mitigation strategy to address these vulnerabilities. TSA, through its internationally- deployed workforce, builds and maintains relationships with foreign government officials, foreign and domestic air carriers, civil aviation authorities, airport authorities, international aviation organizations, and other U.S. Government stakeholders to enhance global aviation security. In addition, TSA plays an active role in the International Civil Aviation Organization, and engages with a number of regional international aviation security working groups, such as the Quadrilateral Working Group, where TSA coordinates with other Member States on a range of pressing aviation security issues, and mitigation measures. TSA continues to examine its international footprint to ensure that it has the appropriate resources forward-deployed to mitigate the inbound threat. Since 2013, TSA has opened two new offices in Africa-- Senegal and Morocco--bringing the total to four offices on that continent. Question 4. Subsequent to the OIG's report release, Secretary Johnson announced that a ``Tiger Team'' of DHS and TSA officials would monitor the implementation of measures put in place to improve security at airport checkpoints. The committee requests that a copy of the ``Tiger Team'' report is transmitted to Congress upon completion. By what date do you expect this report to be completed? Answer. We expect the report to be complete and available to the committee not later than November 25, 2015. Question 5. Technology plays an important role in mitigating evolving threats to transportation security. Traditionally, TSA has engaged the same vendors in the procurement process which has hampered competition and innovation. What is being done by TSA to engage with new vendors and encourage increased competition in the procurement process? Answer. Almost all of the Transportation Security Administration's (TSA) contracts are awarded competitively through open-source procurements. However, there are only a limited number of vendors with capabilities sufficient enough to satisfy TSA's very specific mission- related requirements. TSA actively participates--both in a leading and supporting role--in recurring industry engagement events to promote transparency, and provide input on topics such as key operational issues, process improvement, and procurement forecasting. TSA encourages robust competition as it ultimately reduces risk to the Government and increases vendor performance. In addition, TSA frequently works with small businesses interested in accessing the market and was pleased to make a significant award to a small business. In March 2015, TSA awarded a contract for 1,170 Explosives Trace Detection (ETD) units to a new Small Business entrant, a prime example of a small business introducing new ETD technology into aviation security and achieving approval through the TSA Qualified Products List process. In addition, TSA employs market research by submitting requests for information, publishing broad agency announcements, and hosting industry days that help facilitate engagement with a variety of industry stakeholders, including those that are not currently TSA vendors. Most recently, TSA issued the Transportation Security Innovative Concepts Broad Agency Announcement through FedBizOpps.gov, seeking to accelerate the design, realization, and delivery of new capabilities by focusing on advancing state-of-the-art technology and increasing knowledge or understanding related to transportation security. Question 6. Last week, the committee released its report from the Task Force on Combating Terrorist and Foreign Fighter Travel. As I am sure you are aware, a record number of individuals are traveling to active conflict zones, and a number of these individuals return to the United States undetected. This poses a serious threat to our Nation's security. What steps is TSA taking to address this issue? Are you actively collaborating with other relevant departments and agencies to develop strategies to combat terrorist and foreign fighter travel? How is TSA collaborating with partners abroad to identify and prevent bad actors from boarding planes bound to the United States? Answer. The Transportation Security Administration (TSA) has a number of programs in place to identify passengers who have booked travel from abroad to the United States, and who may pose a security risk. These programs rely upon near-real-time information sharing with our stakeholders, industry partners, and the intelligence community. TSA's Secure Flight program conducts passenger watch list matching for more than 270 U.S. and foreign air carriers with flights into, out of, within, and over the United States, as well as covered U.S. flights between two international points, to identify individuals who may pose a threat to aviation or National security, and designate them for enhanced screening or prohibition from boarding an aircraft, as appropriate. TSA also provides risk-based, intelligence-driven, scenario rules to Customs and Border Protection (CBP) for use in the Automated Targeting System--Passenger to identify international travelers requiring enhanced screening based upon our knowledge of patterns identified as needing additional scrutiny. In 2015, TSA identified a number of known or suspected terrorists who attempted to travel on commercial aircraft, and who represented the highest threat to transportation, some of whom were identified as potential foreign fighters. For these cases, TSA took action to address the threat, which included, as appropriate, denial of boarding to prevent overseas travel to participate in foreign fighting or to conduct other nefarious activities. TSA also assigns intelligence officers to key components with responsibilities for analytical partnerships and watchlisting duties. TSA intelligence personnel are embedded at 8 different agencies and centers; these include the Department of Homeland Security Office of Intelligence and Analysis, the CBP National Targeting Center, the Terrorist Screening Center, the National Counterterrorism Center, the Central Intelligence Agency, and the National Security Agency. In these positions, TSA intelligence analysts work closely across organizational lines to optimize information-sharing efforts, and facilitate a coordinated U.S. Government response to known and suspected terrorist travel. Improved monitoring and vetting processes of travelers with robust data analytics provide a clearer understanding of travelers' movements, and permit the sharing of a superior common operating picture between agencies to mitigate potential threats. TSA personnel are also assigned to law enforcement-related agencies and task forces to facilitate information sharing. These assignments include the Syria-Iraq Task Force, and the Federal Bureau of Investigation-led National Joint Terrorism Task Force. These officers collaborate daily with the Federal Bureau of Investigation, CBP, and other organizations to disseminate intelligence relating to foreign fighters. Additionally, TSA Field Intelligence Officers assigned to our Nation's airports work closely with CBP, and the local Joint Terrorism Task Forces locally develop a coordinated approach to engagement with local stakeholders and coordinate intelligence messaging and threat awareness to the field, developing and maintaining a common aviation threat picture for Federal, State, and local task force officers assigned to U.S. airports, as well as TSA field components specific to foreign fighter Tactics, Techniques, and Procedures. Question 7. The President recently signed into law H.R. 719, which I introduced earlier this year; this bill requires the TSA to conduct a reclassification of employees within the Office of Inspection to ensure that those employees classified as criminal investigators spend at least 50% of their time conducting criminal investigations. Those investigators spending less than 50% of their time on criminal investigations will be reclassified and receive pay that is commensurate with their actual job responsibilities. The OIG estimated that this will result in savings of approximately $17.5 million in taxpayer dollars over 5 years. We exchanged letters on this matter this summer in which you stated that TSA and OIG are working closely together to ensure all employees are properly classified. Can you give the committee an estimate of how long it will take to evaluate and implement this reclassification? Answer. The Transportation Security Administration (TSA) is committed to conducting an independent full position classification review and workforce analysis to determine the appropriate classification of each position currently classified as a criminal investigator in the Office of Inspection. TSA will reclassify any criminal investigator position that does not meet the minimum legally- required 50 percent criminal investigation workload. TSA and the Office of Personnel Management (OPM)--the recognized expert in the field of position classification and workforce analysis-- have agreed to a statement of work for the classification review and workforce analysis as requested by the Office of the Inspector General (OIG). TSA currently awaits OIG final approval of the OPM methodology outlined in the statement of work to initiate the independent OPM review and analysis of the TSA Office of Inspection criminal investigations workforce. Question 8a. Two weeks ago, the President signed into law H.R. 720, the Gerardo Hernandez Airport Security Act of 2015, which requires the TSA to increase communication and coordination with all pertinent agencies that would respond to an airport during a crisis situation, which was the result of a tragic event. The committee has voiced concern over the amount of training TSOs receive, as it pertains to operating technology being used at checkpoints, but I want to make sure the TSA is adequately training the TSOs to defend themselves as well. This is an officer safety issue and we simply must give the people on the front lines the tools to succeed and survive. How much training do TSOs receive in defensive tactics? Question 8b. How are the TSOs taught to deal with physically combative people at the checkpoints, who may or may not have a weapon? Answer. While the Transportation Security Administration (TSA) currently does not offer defensive tactics training to the Officer workforce, it has taken significant steps to address employee safety concerns. Immediately following the tragic November 1, 2013, incident at Los Angeles International Airport (LAX), TSA required all its employees to complete training on how to recognize and respond to an active-threat incident in the workplace, be it an office or airport environment. TSA developed a series of interactive training courses with the support and participation of local airport officials, law enforcement officers, and TSA personnel to help Officers: recognize how to respond when an active shooter is in their vicinity; identify how to interact with Law Enforcement Officers who are responding to an incident; and execute the widely-accepted active-shooter response reactions of Run-Hide-Fight. Most recently, TSA created a new training course entitled ``Active Shooter Incident Response Training.'' Filmed entirely at the Indianapolis (IND) airport, the interactive training video reinforces the widely-accepted active-shooter response reactions of Run-Hide- Fight. TSA released the training video in January 2015, with a required completion date of March 31, 2015. TSA mandates Active-Shooter training as an annual training requirement for its employees, and the entire TSA screening workforce has completed the training. In addition to the active-shooter video, Operational Directive (OD) 400-19-2, Emergency Evacuation Drills, addresses the requirement for employees to be familiar with the two types of emergency evacuation drills: Controlled and uncontrolled. The evacuation drills are scenario-based and include active shooter as an uncontrolled drill. The minimum requirement is two drills per year. The reporting requirement is to document airport completion of emergency evacuation drills in the Performance Measurement Information System (PMIS) and individual employee completion in the Online Learning Center (OLC). Question 9. Airport employee access controls continue to be a concerning security vulnerability. I introduced H.R. 3102, the Airport Access Control Security Improvement Act of 2015 earlier this year, and it passed the House earlier this week. Can you please provide an update to the committee on what changes to employee access controls TSA has implemented this year? What additional changes do you have planned? Answer. The Transportation Security Administration (TSA) performed a comprehensive review of Aviation Security Advisory Committee (ASAC) proposed recommendations regarding access controls. As a result, TSA issued Information Circular (IC) 15-01 on April 29, 2015. This IC made recommendations to airports to reduce the number of access points to the operational minimum, to increase the number of continuous random inspections for individuals entering the sterile/secured area other than through the checkpoint, and to promote a culture of situational awareness by leveraging the Department of Homeland Security's ``If You See Something, Say Something'' campaign, or a similar program. On August 26, 2015, TSA issued IC 15-01A to provide further details regarding recommended inspections and measures previously identified in IC 15-01, and those measures that are mandated by TSA in the Security Directive (SD) 1542-06-01 series. This version supplied additional specific recommendations regarding the inspection of individuals, such as inspecting for a minimum number of hours per week, restricting other access points when inspections are being conducted, as well as recommendation of the methodology of the actual search. Finally, TSA is developing a capability for continuous monitoring of airport employees' criminal history records. Once implemented, TSA will be notified of any change in an employee's status so that appropriate action can be taken. At this time, TSA is piloting this process at a limited number of airports, and intends to expand it system-wide, once completed. TSA already performs recurrent vetting against the Terrorist Screening Database. TSA continues to work with the airports through the Federal Security Directors to ensure access points are kept to an operational minimum, and that random and unpredictable inspection of individuals and property entering the sterile/secured areas is conducted. Question 10. The OIG recently issued a report that uncovered 73 aviation workers that had links to terrorism which were not detected in the initial screening process. Furthermore, the report found that different airports employed different screening techniques and there lacked consistency across the board. What is the current status of TSA's efforts to improve and streamline the employee screening process? What additional measures do you feel are necessary in order to improve the daily screening of employees at our Nation's airports? Answer. The Transportation Security Administration (TSA) is committed to further strengthening our ability to identify insider threats at our Nation's airports, as well as to streamline the employee-vetting process. As indicated in the Office of the Inspector General report, 69 individuals (represented by 73 records) had records in certain Governmental databases to which TSA did not have automated access when they were first vetted. These individuals have never been on the terrorist watch list. TSA recognizes the value of having as much relevant data as possible to make informed decisions in its vetting, and is pursuing access to additional types of intelligence records to maximize its vetting capabilities. TSA now requires airports to conduct a criminal history records check (CHRC) every 2 years, and will continue to do so until an alternative recurrent CHRC process is developed. TSA is working collaboratively with the Federal Bureau of Investigation (FBI) to develop and establish next generation identification databases, which would automatically update an employee's criminal history as incidents occur. TSA and FBI are moving to pilot the initiative with two airports and one airline. This initiative aligns with the Department of Homeland Security's Office of Inspector General and Aviation Security Advisory Committee (ASAC) recommendations for improving Aviation Workers security. TSA has been working to implement many ASAC recommendations for improving the employee screening process at our Nation's airports. These measures include: Working to implement the FBI/Next Generation Identification RAP Back Service, which would automatically update an employee's criminal history as events occur in order to augment the current 2-year background check process; Training enhancements on verification of identification documents, recognition of identity fraud, and behavioral analysis for use by Government and industry partners at the airports; Increasing intelligence-sharing opportunities with industry partners at the airports; and Examining the ASAC recommendation to develop enhanced employee access security model based on elements such as intelligence, game theory, and risk-based security principals that would cause employees to have a reasonable expectation of being inspected. Question 11. Secretary Johnson stated that random screening of airport employees was increased after authorities uncovered that aviation workers in Atlanta and New York City were smuggling weapons and ammunitions. By how much was screening increased? Do you believe that this has been an effective deterrent? Answer. In the aftermath of the Atlanta and New York City incidents, in January 2015, the Transportation Security Administration (TSA) increased the amount of random screening of employees through its Playbook Program. With Playbook, TSA personnel conduct screening on an unpredictable basis at locations throughout the airport. These activities, which include but are not limited to, identity verification, physical screening of accessible property, and explosives detection, are coordinated at the local airport level and conducted by Transportation Security Officers. Playbook operations provide a level of risk-based and unpredictable screening for Security Identification Display Area badge-holding personnel and others who are entering the airport at locations other than the screening checkpoint. From January 1-September 30, 2015, TSA screened over 11 million employees using Playbook operations. This is a 340 percent increase compared to the 2.5 million employees screened using Playbook in the prior year. Playbook is not the only deterrence method used to address the insider threat. TSA has worked with airports to reduce the number of access points at airports regulated by TSA to an operational minimum. TSA has also recommended and worked with airports to limit access privileges for aviation workers. TSA believes that providing a visible presence, and additional random screening at employee access points, coupled with our other layers of security, creates an effective deterrent. TSA will continue to focus on mitigating the insider threat. Question 12. In a recent response to a letter sent by the committee, TSA indicated that it was aware of allegations of sexual misconduct by Air Marshals in mid-June. Why was the committee not informed of this issue earlier, particularly in light of the oversight hearing that was held on the FAMS on July 16? Answer. The Transportation Security Administration (TSA) is committed to working with committee staff to ensure they are kept aware of relevant investigations; however, details will not be available until investigations are complete and the circumstances surrounding the allegation(s) are known. TSA will continue to keep the committee staff up-to-date and informed. Questions From Ranking Member Bennie G. Thompson for Peter Neffenger Question 1. Has TSA moved forward with the implementation of changes to the dispute resolution process and the NRC without adopting any of the union's recommendations? Answer. No, the Transportation Security Administration (TSA) has not moved forward with the implementation of changes to the dispute resolution process and the National Resolution Center (NRC) without adopting any of the Union's recommendations. The NRC, the TSA office that administers and implements the resolution process, has not made any changes to the existing resolution process. The NRC provided the American Federation of Government Employees (AFGE) a copy of the draft dispute resolution process policy for AFGE's input. AFGE provided its input and the NRC continues to consider this input and revise the draft policy. Once the NRC completes additional revisions to the draft dispute resolution process policy, another draft copy will be provided to AFGE for input before the revised policy is issued. AFGE was informed of this via email on September 29, 2015. Question 2. The 2012 Determination requires that the union's suggestions be adopted ``to the extent possible.'' Is it TSA's position that the union's suggestions were impossible to adopt? Answer. As an initial matter, the 2011 Decision issued by former Administrator Pistole is no longer in effect. It was replaced by the 2014 Determination issued by former Administrator Pistole on December 29, 2014. In regard to the Unitary Dispute Resolution System (UDRS), the 2014 Determination does not require that TSA take the Union's suggestions to the extent possible. Instead, the 2014 Determination stipulates that the Union is encouraged to provide input, including any suggestions, comments, and/or concerns to the National Resolution Center (NRC) regarding the policy governing the UDRS as applied to covered employees. The NRC gave the Union an opportunity to provide its input on changes to the Transportation Security Administration (TSA) policy governing the UDRS and is considering its input. The NRC will give the Union another opportunity to provide further input before the policy is issued. If the NRC does not incorporate the Union's input into the TSA policy, the NRC will provide a written response to the Union explaining the basis for its decision. Question 3. TSA and the union are in mediated talks for a new contract, and the union has initiated a request for informal interest- based discussions with TSA. Given the union's strenuous objections to TSA's unilateral changes to the NRC and the dispute resolution process, will TSA agree to limit the role of the NRC in accordance with the Memorandum of Agreement signed by TSA and AFGE throughout the duration of those discussions? Answer. The current collective bargaining is for a new collective bargaining agreement on the negotiable issues listed in former Administrator Pistole's December 29, 2014, Determination on Transportation Security Officers and Collective Bargaining (2014 Determination). The NRC is the Transportation Security Administration's (TSA) office that administers and implements the dispute resolution processes for all TSA employees, not just bargaining unit employees. Only one aspect of the dispute resolution process is reflected in a Memorandum of Agreement (MOA) signed by TSA and AFGE in 2012. The MOA addresses third-party review of certain disciplinary actions and other covered disputes for bargaining unit employees. The MOA was not a part of collective bargaining in 2012 and is not a part of any collective bargaining agreement. Significantly, the MOA also does not govern or limit the NRC. Question 4. Do the Medical Guidelines apply to TSA managers? Answer. The Medical and Psychological Guidelines for Transportation Security Administration Transportation Security Officer Job Series (TSO Medical Guidelines) apply to the Supervisory Transportation Security Officers (STSOs). Management officials, other than STSOs, who manage security screeners do not fall under the TSO Medical Guidelines as physical/medical requirements have not been established for these positions. Question 5. Once the exam confirms a TSO has a certain diagnosis of migraines, Type 1 or 2 diabetes or heart disease, for instance, is TSA required to establish that the medical condition impairs the ability of the TSO to perform their duties? Is it assumed that a diagnosis or confirmation of a medical condition is in itself proof that the TSO is not fit for duty? Answer. The Transportation Security Officer (TSO) has to meet the medical and psychological requirements of the position. Generally, it is not assumed that a diagnosis is in itself proof that the TSO is not fit for duty. The Transportation Security Administration's physician will obtain information on the TSO's medical conditions, medications, and job limitations, and will compare that information with the TSO Medical Guidelines, and may seek other sources of medical information to determine fitness for duty. Question 6. TSOs report that TSA uses a document entitled ``Medical Guidelines for Transportation Security Screeners'' to determine whether a TSO is fit for duty. Has TSA provided the most current version of this document to the American Federation of Government Employees, the union elected as exclusive representative of the TSO workforce? If not, will you provide the most current version of the Medical Guidelines to the union immediately? Answer. The current Medical and Psychological Guidelines for Transportation Security Administration (TSA) Transportation Security Officer (TSO) Job Series (TSO Medical Guidelines) have not been provided in their entirety to the American Federation of Government Employees (AFGE), due to the sensitive content contained therein. The TSO Medical Guidelines are intended for use by medical practitioners. Consistent with the 2011 Determination on Transportation Security Officers and Collective Bargaining (2011 Determination) and subsequent 2014 Determination, AFGE did not have the right to the current TSO Medical Guidelines as they do not relate to the issues for collective bargaining. Union representatives who represent individual bargaining unit employees in cases involving the TSO Medical Guidelines have received, and continue to receive, copies of the relevant section(s) of the TSO Medical Guidelines. TSA is in the process of revising the medical guidelines. Questions From Honorable William R. Keating for Peter Neffenger Question 1a. Administrator Neffenger: Thank you for your testimony and thoughtful responses at the Transportation Security Subcommittee hearing on October 8, 2015. During our discussion, you said you are conducting a ``top-to-bottom'' review of all airports, including access control points and what, exactly, constitutes an airport's perimeter. What, specifically, has this review entailed and when will it be completed? Question 1b. Once completed, will you provide its findings to interested Members? Answer. The Transportation Security Administration (TSA) has worked with Federalized airports to closely review all aspects of physical security, including access control points and perimeter security. In doing so, the total number of access points has been reduced by almost 10 percent Nation-wide, while airport security personnel and TSA have increased random screening of airport employees at those access points. The perimeter security of an airport involves perimeter access and transition areas at the airport, and includes protection of the fence line, active and inactive vehicle & pedestrian gates, maintenance & construction gates, vehicle roadways, and general aviation areas. Access control security generally refers to security features that control who can access certain restricted areas or systems at the airport. At an airport, restricted areas may include the baggage claim area, baggage makeup area, sterile area, secured area, air operations area, catering facilities, cargo facilities, fuel farms, and other public spaces and areas. In the context of access control security at the airport perimeter (for example, direct entry into the secured area through a vehicle access gate), this definition does not include access at a passenger checkpoint. TSA is working with the Aviation Security Advisory Committee (ASAC) on a comprehensive review of airport perimeter security. ASAC has provided a list of recommendations to improve perimeter security. These recommendations are under review. TSA will be pleased to share its findings with the committee and interested Members. Question 2. Second, you are aware of my long-standing concern for transitioning the responsibility of staffing airport exit lanes from TSA to airport operators. I have spoken with numerous operators, include the Massachusetts Port Authority (Massport), which owns and operates three airports in Massachusetts, including Boston Logan International Airport, in addition to the Port of Boston. They remain troubled that TSA interpreted the staffing of exit lanes as an issue of access control rather than screening function, and that the expectation for airport operators to staff these exit ways will continue. This is a matter of both safety and resources. What is TSA's current policy for staffing exit lanes? Will TSA continue to staff airport exit lanes into the future? If not, how will TSA work with airports to mitigate costs? Answer. Currently, approximately two-thirds of the airport operators control access at exit lanes by using airport technology or personnel. The remaining exit lanes are staffed by the Transportation Security Administration (TSA). Under 603 of the Bipartisan Budget Act of 2013 (Budget Act), Pub. L. No. 113-67, Div. A, 603, 127 Stat. 1188 (2013), TSA is responsible for monitoring passenger exit lanes from the sterile area of airports at which TSA provided such monitoring as of December 1, 2013. TSA interprets 603 of the Budget Act to mean that TSA must staff a sterile area exit lane only if the exit lane was in existence on December 1, 2013, at one of the 155 airports at which TSA was providing monitoring services on that date. Therefore, if an airport is remodeling an exit lane and the location of this exit remains essentially the same, TSA will continue to staff this lane. If the remodeling significantly changes the location of the exit lane, to where it is no longer co-located with the screening checkpoint, and/or requires additional staffing and resources, TSA is no longer obligated to monitor this exit lane. TSA provides an evaluation tool, which allows the airport operator to input exit lane configurations and parameters, and receive recommendations for technological solutions. Consideration of technology options to exit lane staffing should also include evaluation of related advantages, disadvantages, and trade-offs in breach response requirements. Questions From Chairman John Katko for John Roth Question 1. Inspector General Roth, your office has conducted numerous investigations highlighting various challenges that the Transportation Security Administration (TSA) faces. What systemic problems have you identified? Answer. In the past year, I have testified before your committee and others on my concerns about TSA's enormous and complex challenges. These challenges are systemic; they impact virtually every area of TSA operations. Our audits and reviews have shown that TSA's challenges include: assessing risk appropriately; contracting for goods and services; deploying and maintaining equipment; hiring and training an effective workforce; performing basic management functions to meet its mission; and operating in a culture resistant to oversight and unwilling to accept the need for change in the face of an evolving and serious threat. Question 2. From your perspective what steps do you feel Administrator Neffenger should take to reform and improve TSA? Answer. Addressing the aforementioned challenges will require time, resources, and committed, courageous leadership at every level of management and throughout the organization, from the TSA Administrator to Transportation Security Officers (TSO) who screen passengers and baggage. Examples of steps TSA should take to reform and improve its performance include: Ensure proper staffing, training, and supervision of TSOs to mitigate the effects of human error-related vulnerabilities in passenger and baggage screening. Ensure everyone in the chain-of-command understands and is committed to addressing passenger and baggage screening vulnerabilities identified in our reports. Encourage all TSA personnel to identify and report security deficiencies and vulnerabilities and participate in developing and implementing solutions. Improve the transparency and accountability of efforts undertaken or planned to address the technological, personnel, and procedural deficiencies and vulnerabilities identified by OIG, the Government Accountability Office (GAO), and internal offices, such as TSA's Office of Inspections. Implement timely, efficient, and effective strategies to ensure all screening equipment is well-maintained and fully operational. OIG will continue its oversight of TSA. For example, we plan to: determine whether the Federal Air Marshal Service (FAMS) adequately manages its resources to detect, deter, and defeat threats to the civil aviation system (Federal Air Marshal Service Oversight of Civil Aviation Security); and determine the effectiveness of TSA's carry-on baggage screening technologies and checkpoint screener performance in identifying and resolving potential threats at airport security checkpoints (TSA Carry-On Baggage Penetration Testing). Our on-going audits and reviews of TSA include: Office of Human Capital Contracts.--Determine whether TSA's human capital contracts are managed effectively, comply with DHS's acquisition guidelines, and are achieving expected goals. Security Vetting of Passenger Rail Reservation Systems.-- Determine the extent to which TSA has policies, processes, and oversight measures to improve security at the National Railroad Passenger Corporation (AMTRAK). Controls Over Access Media Badges.--Identify and test selected controls over access media badges issued by airport operators. Question 3. Looking at your office's extensive body of work as it relates to TSA's technology challenges, stepping back, how can TSA improve its technology procurement and development processes in order to prevent itself from investing in technology that does not adequately meet the current threat environment? Answer. Our office has also audited and reported on TSA's acquisition programs. Although TSA has spent billions on aviation security technology, our testing of certain systems revealed no resulting improvement. Given the number, type, complexity, and cost of these passenger screening technologies, TSA must exercise due diligence in developing, procuring, and deploying these valuable and costly assets. These systems include: Explosives Detection System (EDS) machines Explosives Trace Detection machines Advanced Imaging Technology (AIT) machines Bottled Liquid Scanners X-ray machines Walkthrough metal detectors. OIG has conducted a number of audits that identified issues with TSA's procurement, deployment, and maintenance of its passenger screening technologies. These audits raise serious questions regarding TSA's management of its passenger screening technologies. For example, in fiscal year 2013, we reviewed TSA's deployment of AIT machines upgraded with automatic target recognition (ATR) software, an upgrade that addressed privacy concerns raised by travelers and Members of Congress. These concerns led to the passage of the FAA Modernization and Reform Act of 2012, which mandated that all AIT screening equipment at airports include the ATR upgrade no later than June 1, 2013. We determined that TSA failed to develop a strategic acquisition and deployment plan for the AIT machines with the required AIT software that aligned with the overall needs and goals of its passenger screening program. As a result, TSA did not deploy many of the newly purchased or upgraded AIT machines and fully utilize them for screening passengers. This led to continued use of less capable walk-through metal detectors. We made two recommendations to improve future deployment and use of AIT machines. Question 4. A report issued by your office in May found that TSA's airport screening equipment is not being properly maintained. Lack of maintenance not only puts into question the effectiveness of the equipment, but can reduce the life span of technologies, requiring their replacement at the expense of significant taxpayer dollars. What has the TSA done to date, to implement the recommendations of this report? Answer. In May 2015, we reported that because TSA did not ensure routine preventive and corrective maintenance was performed according to contractual requirements, it could not be certain screening equipment was repaired and ready for operational use. We made three recommendations to improve TSA's oversight of its maintenance program. We recommended that TSA assess penalties when contractors do not perform preventive or corrective maintenance according to contractual requirements and manufacturers' specifications. We believe TSA's actions are sufficient to close this recommendation. Specifically, TSA recently signed contracts with Morpho Detection and L-3 Communications for preventive and corrective maintenance on EDS equipment. Both contracts include specific financial penalties for maintenance not completed according to contractual requirements. For preventive maintenance, TSA will assess a penalty of 50 percent of the monthly invoice amount for the particular machine. The contracts also include penalty clauses for corrective maintenance actions when they affect operational availability at the equipment and airport level. TSA has taken steps to implement the other two recommendations, but we do not believe their actions are sufficient to close them. Basically, we recommended that TSA airport personnel validate data on both types of maintenance to ensure that preventive maintenance is completed according to contract requirements and manufacturers' specifications and to ensure its screening equipment is repaired and ready for operational use. TSA has implemented additional reporting requirements for maintenance contractors that should provide airports with better awareness of maintenance actions on their screening equipment. For example, contractors are now required to give monthly preventive maintenance schedules to airport coordination centers. However, TSA has not yet developed and implemented policies and procedures to verify and document the contractors' completion of all required preventive and corrective maintenance actions. According to TSA, an independent contractor compares the preventive maintenance data with contractual requirements, but this is not the same as validating that the work has actually been performed, which is the intent of our recommendation. Further, although contractors are required to provide certain reports on corrective maintenance, TSA does not have policies or procedures to verify the information in these reports or test the data for accuracy. Question 5. In response to the highly disappointing results of the OIG's covert testing of airport screening procedures, Secretary Johnson mandated that all airport screeners and managers undergo an 8-hour training course. Do you believe that this training is sufficient to address the security gap found in the covert testing? What else, if anything, should be done to ensure that the workforce has the skills they need to effectively perform their duties? Answer. On September 22, 2015, my office provided TSA with our Classified final report, Covert Testing of TSA's Passenger Screening Technologies and Processes at Airport Security Checkpoints, OIG-15-150. TSA has 90 days following receipt of the final report to update us on the status of its implementation of our recommendation. We cannot comment on TSA's training because we have not yet received a formal, detailed update. The detailed information on TSA's training will most likely contain Classified or Sensitive Security Information and we will not be able to discuss or comment on the content of the TSA training in the public record. However, once we receive the formal update, we would be happy to arrange a meeting with you or your staff to discuss the specific details in a Classified setting. With respect to other actions TSA can take to ensure its workforce has the skills needed to effectively screen passengers at airport checkpoints, TSA and OIG must continue to conduct covert testing of technology, human performance, and screening procedures used at checkpoints. These covert tests must be continuously updated, based on intelligence about security threats. Rigorous covert testing will help ensure that the TSA workforce is prepared to deal with the constantly- changing threat environment. Question 6. The TSA PreCheck initiative has resulted in more risk- based and efficient screening of passengers at airports. However, a January OIG report found that modifications to the screening and vetting process are necessary. Do you feel TSA has taken the necessary steps to address these concerns? Answer. We reported in January 2015 that TSA's implementation of PreCheck and the expedited screening process increased throughput at airport checkpoints, but also increased the risk to aviation security because TSA was not making individualized risk-based decisions. We made recommendations to address identified deficiencies. Initially, TSA did not concur with the majority of the 17 recommendations in our report, but we have made significant progress in getting TSA's concurrence and compliance. As of November 2015, we have closed 3 report recommendations; 13 recommendations are open, but resolved, meaning we agree with TSA's planned actions to address the intent of these recommendations. Although one recommendation remains open and unresolved, TSA officials said there has been a significant shift to address this recommendation and TSA is currently drafting a response outlining these changes. We would be happy to update you and your staff on the progress once we have received a formal response from TSA. Question 7. Currently fewer than 5% of travelers participate in TSA PreCheck. Do you believe TSA has put ample emphasis on enrolling more passengers in TSA PreCheck? What additional steps do you feel TSA needs to take in order to expand and enhance the PreCheck program? Answer. Our review did not focus on expanding the TSA PreCheck initiative; GAO conducted a review addressing the expansion. We are currently reviewing TSA's Risk-Based Strategy to determine the extent to which this strategy informs security and resource decisions to protect the traveling public and the Nation's transportation systems. Our report, which we expect to publish in the spring of 2016, will include a discussion of the PreCheck initiative. We look forward to sharing our findings and recommendations with you. Question 8. Prior to Admiral Neffenger's confirmation as administrator, TSA failed to concur with recommendations in a number of your reports. Are there any outstanding recommendations with which TSA has not concurred and taken some steps to address at this time? Answer. We believe TSA is working in good faith to concur with recommendations with which it previously did not concur and to close open recommendations. For example, although TSA did not initially concur with the majority of our recommendations to correct identified TSA PreCheck deficiencies, it continues to seek closure through the recommendation follow-up and resolution process. TSA recently told us it is reevaluating its position on its open recommendations and for the single unresolved recommendation in that report, we are optimistic that TSA is reconsidering the wisdom of its position. As we reported in Audit of Security Controls for DHS Information at John F. Kennedy International Airport (OIG-15-18), TSA did not perform required security authorizations or privacy reviews on closed-circuit television and surveillance monitoring room technology (i.e., cameras) used to record passenger data and photos. We reported that according to DHS 4300 security policy, the cameras should be considered IT assets and counted as part of DHS's asset inventory. TSA did not concur with our recommendation to address this issue, asserting that DHS 4300 security policy did not apply to the cameras. We are currently working with TSA, the DHS Office of the Chief Information Officer, and the DHS Office of Privacy to resolve this issue. Question 9. It is no secret that employee morale is a significant problem at the TSA, both for screeners and agency employees alike. Your office has a unique perspective in that you are able to talk confidentially with TSA employees. Do you have any insights into the underlying cause of the on-going lack of morale at the agency? Answer. DHS OIG has not done any recent audit or inspection work in this area. Question 10. Airports in Miami and Orlando conduct 100% employee screening, yet the Aviation Security Advisory Committee report concluded that 100% employee screening would be too costly to implement Nation-wide. What changes do you feel need to be implemented in order to improve the screening of airport employees? Answer. Our office is familiar with the Department's Aviation Security Advisory Committee's report and the immediate actions Secretary Johnson took to increase physical screening of aviation employees. We have not conducted work in the area of employee physical screening, but we believe that unscreened airport workers represent a threat to air transportation security. We recently reviewed aviation employee vetting (TSA Can Improve Aviation Worker Vetting, OIG-15-98), and our recommendations from that report were very similar to those in a recent committee report. The Aviation Security Advisory Committee and OIG agree that TSA can strengthen airport employee vetting by: updating the list of disqualifying criminal offenses; continuously monitoring criminal activity (recurrent employee vetting); and maintaining a National database of airport employees whose credentials have been revoked. Question 11. The Air Marshal Association, a professional association for members of the Federal Air Marshal Service (FAMS), advocates shifting the workforce to focus on investigations and anti- terrorism operations as opposed to deploying on flights to deter terrorism and hijacking. Do you think this would be a more effective use of manpower and resources? Answer. We have not done a large-scale review of FAMS that would allow us to draw across-the-board conclusions about whether its legacy mission and goals are effectively aligned with the current threat environment. This year we will audit FAMS to determine whether it adequately manages its resources to detect, deter, and defeat threats to the civil aviation system. According to the Department's 2014 Quadrennial Homeland Security Review, the terrorist threat has changed since the attacks of September 11, 2001. In our Fiscal Year 2016 Annual Performance Plan, we discussed the threat of organized radical extremist groups repeatedly seeking to recruit members and export terrorism to the United States. We have also seen domestic ``lone offenders'' and those inspired by extremist ideologies commit terrorist acts. These threats are difficult to detect. In countering terrorism, DHS focuses on preventing attacks; preventing unauthorized acquisition, importation, movement, or use of chemical, biological, radiological, and nuclear materials and capabilities in the United States; and reducing the vulnerability of critical infrastructure and key resources, essential leadership, and major events to terrorist attacks and other hazards. In the upcoming FAMS audit and other audits focused on preventing terrorism and enhancing security, OIG will seek to determine how efficiently and effectively the Department is working to counter these emerging threats. [all]